Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 Jul 2011 01:27:41 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r223751 - stable/8/sys/fs/nfsserver
Message-ID:  <201107040127.p641RfJ0048263@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rmacklem
Date: Mon Jul  4 01:27:41 2011
New Revision: 223751
URL: http://svn.freebsd.org/changeset/base/223751

Log:
  MFC: r223349
  Fix the new NFSv4 server so that it only allows Lookup of
  directories and symbolic links when traversing non-exported
  file systems. Found during the recent NFSv4 interoperability
  Bakeathon.

Modified:
  stable/8/sys/fs/nfsserver/nfs_nfsdserv.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)

Modified: stable/8/sys/fs/nfsserver/nfs_nfsdserv.c
==============================================================================
--- stable/8/sys/fs/nfsserver/nfs_nfsdserv.c	Mon Jul  4 01:06:19 2011	(r223750)
+++ stable/8/sys/fs/nfsserver/nfs_nfsdserv.c	Mon Jul  4 01:27:41 2011	(r223751)
@@ -454,7 +454,7 @@ nfsmout:
 APPLESTATIC int
 nfsrvd_lookup(struct nfsrv_descript *nd, __unused int isdgram,
     vnode_t dp, vnode_t *vpp, fhandle_t *fhp, NFSPROC_T *p,
-    __unused struct nfsexstuff *exp)
+    struct nfsexstuff *exp)
 {
 	struct nameidata named;
 	vnode_t vp, dirp = NULL;
@@ -508,7 +508,15 @@ nfsrvd_lookup(struct nfsrv_descript *nd,
 		vrele(named.ni_startdir);
 	nfsvno_relpathbuf(&named);
 	vp = named.ni_vp;
-	nd->nd_repstat = nfsvno_getfh(vp, fhp, p);
+	if ((nd->nd_flag & ND_NFSV4) != 0 && !NFSVNO_EXPORTED(exp) &&
+	    vp->v_type != VDIR && vp->v_type != VLNK)
+		/*
+		 * Only allow lookup of VDIR and VLNK for traversal of
+		 * non-exported volumes during NFSv4 mounting.
+		 */
+		nd->nd_repstat = ENOENT;
+	if (nd->nd_repstat == 0)
+		nd->nd_repstat = nfsvno_getfh(vp, fhp, p);
 	if (!(nd->nd_flag & ND_NFSV4) && !nd->nd_repstat)
 		nd->nd_repstat = nfsvno_getattr(vp, &nva, nd->nd_cred, p, 1);
 	if (vpp != NULL && nd->nd_repstat == 0)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107040127.p641RfJ0048263>