From owner-freebsd-bugs@FreeBSD.ORG  Fri Jul  6 09:50:08 2012
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4D3941065670
	for <freebsd-bugs@hub.freebsd.org>;
	Fri,  6 Jul 2012 09:50:08 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 0C4278FC12
	for <freebsd-bugs@hub.freebsd.org>;
	Fri,  6 Jul 2012 09:50:08 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q669o7kg069928
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 6 Jul 2012 09:50:07 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q669o7w3069927;
	Fri, 6 Jul 2012 09:50:07 GMT (envelope-from gnats)
Resent-Date: Fri, 6 Jul 2012 09:50:07 GMT
Resent-Message-Id: <201207060950.q669o7w3069927@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BB9E5106566C
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri,  6 Jul 2012 09:45:04 +0000 (UTC)
	(envelope-from simon@comsys.ntu-kpi.kiev.ua)
Received: from comsys.kpi.ua (comsys.kpi.ua [77.47.192.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 68D0C8FC0A
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri,  6 Jul 2012 09:45:04 +0000 (UTC)
Received: from pm513-1.comsys.kpi.ua ([10.18.52.101]
	helo=pm513-1.comsys.ntu-kpi.kiev.ua)
	by comsys.kpi.ua with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63)
	(envelope-from <simon@comsys.ntu-kpi.kiev.ua>) id 1Sn55z-0007NP-6Z
	for FreeBSD-gnats-submit@freebsd.org; Fri, 06 Jul 2012 12:45:03 +0300
Received: by pm513-1.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1001)
	id 42D4B1CC1E; Fri,  6 Jul 2012 12:44:58 +0300 (EEST)
Message-Id: <20120706094458.GA1466@pm513-1.comsys.ntu-kpi.kiev.ua>
Date: Fri, 6 Jul 2012 12:44:58 +0300
From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc: 
Subject: kern/169680: NLM and security flavors
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2012 09:50:08 -0000


>Number:         169680
>Category:       kern
>Synopsis:       NLM and security flavors
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 06 09:50:07 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Andrey Simonenko
>Release:        FreeBSD 10.0-CURRENT amd64
>Organization:
>Environment:
>Description:

NLM on a client system always uses AUTH_SYS even if a client
specified another security flavor in the mount_nfs's "sec" option.

NLM on a server system does not verify that NLM client's security flavor
is allowed by NFS exported file system, security flavors array from
VFS_CHECKEXP() is ignored in nlm/nlm_prot_impl.c:nlm_get_vfs_state().

I added log messages to the kernel to see security flavors used by NFSv3
and NLM requests to verify such behaviour.  Both NFS client and server
are on the same system, NFSv3 mounts are from unprivileged users.

Current implementation of NLM will work only in cases when user credentials
on a client system correspond to user credentials on a server system.

When a user kinit'ed, then corresponding user's credentials are setup
by the server for all NFS RPC requests.  When a user opened a file,
then is trying to lock it, user's credentials are passed in RPC request
(because of AUTH_SYS in NLM) and a server will use them to verify whether
a user is allowed to access a file that is being locked.  Simple check
when local user credentials do not correspond to remote user credentials
mapping shows that fcntl(F_SETLK) returns EACCES.

According to [1] NLMv4 allows to use different security flavors.

[1] http://pubs.opengroup.org/onlinepubs/9629799/chap14.htm

>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: