From owner-svn-src-head@FreeBSD.ORG  Mon May 25 01:00:09 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AB0151065672;
	Mon, 25 May 2009 01:00:09 +0000 (UTC)
	(envelope-from rmacklem@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 987F98FC0C;
	Mon, 25 May 2009 01:00:09 +0000 (UTC)
	(envelope-from rmacklem@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n4P109wN005989;
	Mon, 25 May 2009 01:00:09 GMT
	(envelope-from rmacklem@svn.freebsd.org)
Received: (from rmacklem@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n4P109lv005988;
	Mon, 25 May 2009 01:00:09 GMT
	(envelope-from rmacklem@svn.freebsd.org)
Message-Id: <200905250100.n4P109lv005988@svn.freebsd.org>
From: Rick Macklem <rmacklem@FreeBSD.org>
Date: Mon, 25 May 2009 01:00:09 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r192707 - head/sys/fs/nfsserver
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2009 01:00:10 -0000

Author: rmacklem
Date: Mon May 25 01:00:09 2009
New Revision: 192707
URL: http://svn.freebsd.org/changeset/base/192707

Log:
  Add NFSv4 root export checks to the DelegPurge, Renew and
  ReleaseLockOwner operations analagous to what is already
  in place for SetClientID and SetClientIDConfirm. These are
  the five NFSv4 operations that do not use file handle(s),
  so the checks are done using the NFSv4 root export entries
  in /etc/exports.
  
  Approved by:	kib (mentor)

Modified:
  head/sys/fs/nfsserver/nfs_nfsdserv.c

Modified: head/sys/fs/nfsserver/nfs_nfsdserv.c
==============================================================================
--- head/sys/fs/nfsserver/nfs_nfsdserv.c	Mon May 25 00:56:01 2009	(r192706)
+++ head/sys/fs/nfsserver/nfs_nfsdserv.c	Mon May 25 01:00:09 2009	(r192707)
@@ -2830,6 +2830,11 @@ nfsrvd_delegpurge(struct nfsrv_descript 
 	int error = 0;
 	nfsquad_t clientid;
 
+	if ((!nfs_rootfhset && !nfsv4root_set) ||
+	    nfsd_checkrootexp(nd)) {
+		nd->nd_repstat = NFSERR_WRONGSEC;
+		return (0);
+	}
 	NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 	clientid.lval[0] = *tl++;
 	clientid.lval[1] = *tl;
@@ -3024,6 +3029,11 @@ nfsrvd_renew(struct nfsrv_descript *nd, 
 	int error = 0;
 	nfsquad_t clientid;
 
+	if ((!nfs_rootfhset && !nfsv4root_set) ||
+	    nfsd_checkrootexp(nd)) {
+		nd->nd_repstat = NFSERR_WRONGSEC;
+		return (0);
+	}
 	NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
 	clientid.lval[0] = *tl++;
 	clientid.lval[1] = *tl;
@@ -3355,6 +3365,11 @@ nfsrvd_releaselckown(struct nfsrv_descri
 	int error = 0, len;
 	nfsquad_t clientid;
 
+	if ((!nfs_rootfhset && !nfsv4root_set) ||
+	    nfsd_checkrootexp(nd)) {
+		nd->nd_repstat = NFSERR_WRONGSEC;
+		return (0);
+	}
 	NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 	len = fxdr_unsigned(int, *(tl + 2));
 	MALLOC(stp, struct nfsstate *, sizeof (struct nfsstate) + len,