From owner-dev-commits-src-all@freebsd.org  Sat Jun 26 22:59:26 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5DC9A65B60A;
 Sat, 26 Jun 2021 22:59:26 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4GC8St2BjLz3v0v;
 Sat, 26 Jun 2021 22:59:26 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 33AC026E76;
 Sat, 26 Jun 2021 22:59:26 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 15QMxQoT055686;
 Sat, 26 Jun 2021 22:59:26 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 15QMxQdu055685;
 Sat, 26 Jun 2021 22:59:26 GMT (envelope-from git)
Date: Sat, 26 Jun 2021 22:59:26 GMT
Message-Id: <202106262259.15QMxQdu055685@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 6078d52fa12a - stable/13 - nfsd: Fix NFSv4.1/4.2 Secinfo_no_name
 when security flavors empty
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 6078d52fa12adfbf3a7e54a6a228fff13c5ecd4a
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jun 2021 22:59:26 -0000

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=6078d52fa12adfbf3a7e54a6a228fff13c5ecd4a

commit 6078d52fa12adfbf3a7e54a6a228fff13c5ecd4a
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2021-06-05 03:31:20 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2021-06-26 22:56:10 +0000

    nfsd: Fix NFSv4.1/4.2 Secinfo_no_name when security flavors empty
    
    Commit 947bd2479ba9 added support for the Secinfo_no_name operation.
    When a non-exported file system is being traversed, the list of
    security flavors is empty.  It turns out that the Linux client
    mount attempt fails when the security flavors list in the
    Secinfo_no_name reply is empty.
    
    This patch modifies Secinfo/Secinfo_no_name so that it replies
    with all four security flavors when the list is empty.
    This fixes Linux NFSv4.1/4.2 mounts when the file system at
    the NFSv4 root (as specified on a V4: exports(5) line) is
    not exported.
    
    (cherry picked from commit 56e9d8e38e7eed84901acddca24170eb352d2ed6)
---
 sys/fs/nfsserver/nfs_nfsdserv.c | 50 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c
index adb66d3d794d..e564a6a48b79 100644
--- a/sys/fs/nfsserver/nfs_nfsdserv.c
+++ b/sys/fs/nfsserver/nfs_nfsdserv.c
@@ -3715,6 +3715,31 @@ nfsrvd_secinfo(struct nfsrv_descript *nd, int isdgram,
 	 */
 	len = 0;
 	NFSM_BUILD(sizp, u_int32_t *, NFSX_UNSIGNED);
+
+	/* If nes_numsecflavor == 0, all are allowed. */
+	if (retnes.nes_numsecflavor == 0) {
+		NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
+		*tl++ = txdr_unsigned(RPCAUTH_UNIX);
+		*tl = txdr_unsigned(RPCAUTH_GSS);
+		nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
+		    nfsgss_mechlist[KERBV_MECH].len);
+		NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
+		*tl++ = txdr_unsigned(GSS_KERBV_QOP);
+		*tl++ = txdr_unsigned(RPCAUTHGSS_SVCNONE);
+		*tl = txdr_unsigned(RPCAUTH_GSS);
+		nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
+		    nfsgss_mechlist[KERBV_MECH].len);
+		NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
+		*tl++ = txdr_unsigned(GSS_KERBV_QOP);
+		*tl++ = txdr_unsigned(RPCAUTHGSS_SVCINTEGRITY);
+		*tl = txdr_unsigned(RPCAUTH_GSS);
+		nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
+		    nfsgss_mechlist[KERBV_MECH].len);
+		NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
+		*tl++ = txdr_unsigned(GSS_KERBV_QOP);
+		*tl = txdr_unsigned(RPCAUTHGSS_SVCPRIVACY);
+		len = 4;
+	}
 	for (i = 0; i < retnes.nes_numsecflavor; i++) {
 		if (retnes.nes_secflavors[i] == AUTH_SYS) {
 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
@@ -3830,6 +3855,31 @@ nfsrvd_secinfononame(struct nfsrv_descript *nd, int isdgram,
 	 */
 	len = 0;
 	NFSM_BUILD(sizp, uint32_t *, NFSX_UNSIGNED);
+
+	/* If nes_numsecflavor == 0, all are allowed. */
+	if (retnes.nes_numsecflavor == 0) {
+		NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
+		*tl++ = txdr_unsigned(RPCAUTH_UNIX);
+		*tl = txdr_unsigned(RPCAUTH_GSS);
+		nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
+		    nfsgss_mechlist[KERBV_MECH].len);
+		NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
+		*tl++ = txdr_unsigned(GSS_KERBV_QOP);
+		*tl++ = txdr_unsigned(RPCAUTHGSS_SVCNONE);
+		*tl = txdr_unsigned(RPCAUTH_GSS);
+		nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
+		    nfsgss_mechlist[KERBV_MECH].len);
+		NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
+		*tl++ = txdr_unsigned(GSS_KERBV_QOP);
+		*tl++ = txdr_unsigned(RPCAUTHGSS_SVCINTEGRITY);
+		*tl = txdr_unsigned(RPCAUTH_GSS);
+		nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
+		    nfsgss_mechlist[KERBV_MECH].len);
+		NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
+		*tl++ = txdr_unsigned(GSS_KERBV_QOP);
+		*tl = txdr_unsigned(RPCAUTHGSS_SVCPRIVACY);
+		len = 4;
+	}
 	for (i = 0; i < retnes.nes_numsecflavor; i++) {
 		if (retnes.nes_secflavors[i] == AUTH_SYS) {
 			NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);