From owner-freebsd-fs@FreeBSD.ORG  Tue Oct 14 10:34:41 2014
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 00021E79
 for <freebsd-fs@freebsd.org>; Tue, 14 Oct 2014 10:34:40 +0000 (UTC)
Received: from smtp.unix-experience.fr (62-210-206-43.rev.poneytelecom.eu
 [62.210.206.43])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B02A0890
 for <freebsd-fs@freebsd.org>; Tue, 14 Oct 2014 10:34:39 +0000 (UTC)
Received: from smtp.unix-experience.fr (unknown [192.168.200.21])
 by smtp.unix-experience.fr (Postfix) with ESMTP id E03D91161E
 for <freebsd-fs@freebsd.org>; Tue, 14 Oct 2014 10:34:36 +0000 (UTC)
X-Virus-Scanned: scanned by unix-experience.fr
Received: from smtp.unix-experience.fr ([192.168.200.21])
 by smtp.unix-experience.fr (smtp.unix-experience.fr [192.168.200.21])
 (amavisd-new, port 10024)
 with ESMTP id oonoMJpRiDFF for <freebsd-fs@freebsd.org>;
 Tue, 14 Oct 2014 10:34:35 +0000 (UTC)
Received: from mail.unix-experience.fr (unknown [192.168.200.1])
 by smtp.unix-experience.fr (Postfix) with ESMTPSA id BF57E1160A
 for <freebsd-fs@freebsd.org>; Tue, 14 Oct 2014 10:34:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=unix-experience.fr;
 s=uxselect; t=1413282874;
 bh=MWu5laHJU3Kd0lzGdSm1ExFKPEwQtU2Zpn/62uCC38k=;
 h=Date:From:Subject:To;
 b=MprcwFg4aEqjdDHks+J9FeTXkslwvyj4VmIbhvjy6rVm7lZqj3JAEtqAB0tSaMmcM
 /pq0+61gXELhcX5B49NnzYpYDzYAthZlOPFcT9+yq7Q2nY+NcBVT1Rs7kQ+rCz5K9+
 CT9gY01Upq6yzQ9Fc3JudQkpcCBVMSRiznCZSP94=
Mime-Version: 1.0
Date: Tue, 14 Oct 2014 10:34:34 +0000
Message-ID: <ccad8b9abb67b704e435accfc88513ea@mail.unix-experience.fr>
X-Mailer: RainLoop/1.6.9.161
From: "=?utf-8?B?TG/Dr2MgQmxvdA==?=" <loic.blot@unix-experience.fr>
Subject: [PATCH] disable nfsd (NFSv4) nobody/nogroup check
To: freebsd-fs@freebsd.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: Quoted-Printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs/>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 10:34:41 -0000

Hi,=0A since a recent problem (see thread NFSv4 nobody issue), i think we=
 need a sysctl variable to disable nobody and nogroup check into the kern=
el (default enabled)=0A This variable is useful in some situations, like =
TFTP over NFS, jails over NFS (some files like /var/db/locate.database ne=
ed nobody user).=0A=0A I added vfs.nfsd.disable_nobodycheck and vfs.nfsd.=
disable_nogroupcheck to modify NFSv4 nobody/nogroup check.=0A=0A Thanks t=
o Rick to tell me where the problem was.=0A=0A Can you review the patch, =
and add it to kernel to avoid previous mentionned issue.=0A=0A Here is my=
 patch:=0A=0A --- sys/fs/nfsserver/nfs_nfsdsubs.c.orig=C2=A0=C2=A0 =C2=A0=
2014-10-14 12:03:50.163311506 +0200=0A +++ sys/fs/nfsserver/nfs_nfsdsubs.=
c=C2=A0=C2=A0 =C2=A02014-10-14 12:06:29.793304755 +0200=0A @@ -62,9 +62,1=
8 @@=0A =C2=A0SYSCTL_DECL(_vfs_nfsd);=0A =C2=A0=0A =C2=A0static int=C2=A0=
=C2=A0 =C2=A0disable_checkutf8 =3D 0;=0A +static int=C2=A0=C2=A0 =C2=A0di=
sable_nobodycheck =3D 0;=0A +static int=C2=A0=C2=A0 =C2=A0disable_nogroup=
check =3D 0;=0A =C2=A0SYSCTL_INT(_vfs_nfsd, OID_AUTO, disable_checkutf8, =
CTLFLAG_RW,=0A =C2=A0=C2=A0=C2=A0=C2=A0 &disable_checkutf8, 0,=0A =C2=A0=
=C2=A0=C2=A0=C2=A0 "Disable the NFSv4 check for a UTF8 compliant name");=
=0A +SYSCTL_INT(_vfs_nfsd, OID_AUTO, disable_nobodycheck, CTLFLAG_RW,=0A =
+=C2=A0=C2=A0=C2=A0 &disable_nobodycheck, 0,=0A +=C2=A0=C2=A0=C2=A0 "Disa=
ble the NFSv4 check when setting user nobody as owner");=0A +SYSCTL_INT(_=
vfs_nfsd, OID_AUTO, disable_nogroupcheck, CTLFLAG_RW,=0A +=C2=A0=C2=A0=C2=
=A0 &disable_nogroupcheck, 0,=0A +=C2=A0=C2=A0=C2=A0 "Disable the NFSv4 c=
heck when setting group nogroup as owner");=0A +=0A =C2=A0=0A =C2=A0stati=
c char nfsrv_hexdigit(char, int *);=0A =C2=A0=0A @@ -1543,8 +1552,8 @@=0A=
 =C2=A0=C2=A0=C2=A0 =C2=A0 */=0A =C2=A0=C2=A0=C2=A0 =C2=A0if (NFSVNO_NOTS=
ETUID(nvap) && NFSVNO_NOTSETGID(nvap))=0A =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0goto out;=0A -=C2=A0=C2=A0 =C2=A0if ((NFSVNO_ISSETUID(nvap) =
&& nvap->na_uid =3D=3D nfsrv_defaultuid)=0A -=C2=A0=C2=A0 =C2=A0=C2=A0=C2=
=A0=C2=A0 || (NFSVNO_ISSETGID(nvap) && nvap->na_gid =3D=3D nfsrv_defaultg=
id)) {=0A +=C2=A0=C2=A0 =C2=A0if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid =
=3D=3D nfsrv_defaultuid && disable_nobodycheck =3D=3D 0)=0A +=C2=A0=C2=A0=
 =C2=A0=C2=A0=C2=A0=C2=A0 || (NFSVNO_ISSETGID(nvap) && nvap->na_gid =3D=
=3D nfsrv_defaultgid && disable_nogroupcheck =3D=3D 0)) {=0A =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0error =3D NFSERR_BADOWNER;=0A =C2=A0=C2=
=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0goto out;=0A =C2=A0=C2=A0=C2=A0 =C2=A0=
}=0A Regards,=0A=0A Lo=C3=AFc Blot,=0A UNIX Systems, Network and Security=
 Engineer=0A http://www.unix-experience.fr