Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 May 2012 14:47:02 +0300
From:      Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To:        freebsd-fs@freebsd.org
Subject:   NLM uses AUTH_SYS ignoring sec option in mount_nfs
Message-ID:  <20120524114702.GA38087@pm513-1.comsys.ntu-kpi.kiev.ua>

next in thread | raw e-mail | index | archive | help
Hello,

Looks like that NLM always uses AUTH_SYS even if a client specified
another security flavor in the mount_nfs's "sec" option.  Also NLM
on the server does not verify that NLM client's security flavor
is allowed by NFS exported file system, security flavors array from
VFS_CHECKEXP() is ignored in nlm/nlm_prot_impl.c:nlm_get_vfs_state().

Such behaviour of NLM I see on 10-CURRENT, I added log messages to
the kernel to see security flavors used by NFSv3 and NLM requests.
Both NFS client and server are on the same system, NFSv3 mounts are
from unprivileged users.

According to [1] NLMv4 allows to use different security flavors.

Can somebody comment such behaviour of NLM?

[1] http://pubs.opengroup.org/onlinepubs/9629799/chap14.htm



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120524114702.GA38087>