Date: Mon, 25 May 2009 01:00:09 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r192707 - head/sys/fs/nfsserver Message-ID: <200905250100.n4P109lv005988@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Mon May 25 01:00:09 2009 New Revision: 192707 URL: http://svn.freebsd.org/changeset/base/192707 Log: Add NFSv4 root export checks to the DelegPurge, Renew and ReleaseLockOwner operations analagous to what is already in place for SetClientID and SetClientIDConfirm. These are the five NFSv4 operations that do not use file handle(s), so the checks are done using the NFSv4 root export entries in /etc/exports. Approved by: kib (mentor) Modified: head/sys/fs/nfsserver/nfs_nfsdserv.c Modified: head/sys/fs/nfsserver/nfs_nfsdserv.c ============================================================================== --- head/sys/fs/nfsserver/nfs_nfsdserv.c Mon May 25 00:56:01 2009 (r192706) +++ head/sys/fs/nfsserver/nfs_nfsdserv.c Mon May 25 01:00:09 2009 (r192707) @@ -2830,6 +2830,11 @@ nfsrvd_delegpurge(struct nfsrv_descript int error = 0; nfsquad_t clientid; + if ((!nfs_rootfhset && !nfsv4root_set) || + nfsd_checkrootexp(nd)) { + nd->nd_repstat = NFSERR_WRONGSEC; + return (0); + } NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED); clientid.lval[0] = *tl++; clientid.lval[1] = *tl; @@ -3024,6 +3029,11 @@ nfsrvd_renew(struct nfsrv_descript *nd, int error = 0; nfsquad_t clientid; + if ((!nfs_rootfhset && !nfsv4root_set) || + nfsd_checkrootexp(nd)) { + nd->nd_repstat = NFSERR_WRONGSEC; + return (0); + } NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER); clientid.lval[0] = *tl++; clientid.lval[1] = *tl; @@ -3355,6 +3365,11 @@ nfsrvd_releaselckown(struct nfsrv_descri int error = 0, len; nfsquad_t clientid; + if ((!nfs_rootfhset && !nfsv4root_set) || + nfsd_checkrootexp(nd)) { + nd->nd_repstat = NFSERR_WRONGSEC; + return (0); + } NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED); len = fxdr_unsigned(int, *(tl + 2)); MALLOC(stp, struct nfsstate *, sizeof (struct nfsstate) + len,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905250100.n4P109lv005988>