system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-07 09:00:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

nfsd: Fix NFSv4.1/4.2 Secinfo_no_name when security flavors empty

Browse source 
Commit 947bd2479b added support for the Secinfo_no_name operation.
When a non-exported file system is being traversed, the list of
security flavors is empty.  It turns out that the Linux client
mount attempt fails when the security flavors list in the
Secinfo_no_name reply is empty.

This patch modifies Secinfo/Secinfo_no_name so that it replies
with all four security flavors when the list is empty.
This fixes Linux NFSv4.1/4.2 mounts when the file system at
the NFSv4 root (as specified on a V4: exports(5) line) is
not exported.

MFC after:	2 weeks
This commit is contained in:
Rick Macklem 2021-06-04 20:31:20 -07:00
parent 1b5bc3a54b
commit 56e9d8e38e
1 changed files with 50 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
sys/fs/nfsserver/nfs_nfsdserv.c
View file

@ -3709,6 +3709,31 @@ nfsrvd_secinfo(struct nfsrv_descript *nd, int isdgram,
*/
len = 0;
NFSM_BUILD(sizp, u_int32_t *, NFSX_UNSIGNED);
/* If nes_numsecflavor == 0, all are allowed. */
if (retnes.nes_numsecflavor == 0) {
NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
*tl++ = txdr_unsigned(RPCAUTH_UNIX);
*tl = txdr_unsigned(RPCAUTH_GSS);
nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
nfsgss_mechlist[KERBV_MECH].len);
NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
*tl++ = txdr_unsigned(GSS_KERBV_QOP);
*tl++ = txdr_unsigned(RPCAUTHGSS_SVCNONE);
*tl = txdr_unsigned(RPCAUTH_GSS);
nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
nfsgss_mechlist[KERBV_MECH].len);
NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
*tl++ = txdr_unsigned(GSS_KERBV_QOP);
*tl++ = txdr_unsigned(RPCAUTHGSS_SVCINTEGRITY);
*tl = txdr_unsigned(RPCAUTH_GSS);
nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
nfsgss_mechlist[KERBV_MECH].len);
NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
*tl++ = txdr_unsigned(GSS_KERBV_QOP);
*tl = txdr_unsigned(RPCAUTHGSS_SVCPRIVACY);
len = 4;
}
for (i = 0; i < retnes.nes_numsecflavor; i++) {
if (retnes.nes_secflavors[i] == AUTH_SYS) {
NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
@ -3819,6 +3844,31 @@ nfsrvd_secinfononame(struct nfsrv_descript *nd, int isdgram,
*/
len = 0;
NFSM_BUILD(sizp, uint32_t *, NFSX_UNSIGNED);
/* If nes_numsecflavor == 0, all are allowed. */
if (retnes.nes_numsecflavor == 0) {
NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
*tl++ = txdr_unsigned(RPCAUTH_UNIX);
*tl = txdr_unsigned(RPCAUTH_GSS);
nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
nfsgss_mechlist[KERBV_MECH].len);
NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
*tl++ = txdr_unsigned(GSS_KERBV_QOP);
*tl++ = txdr_unsigned(RPCAUTHGSS_SVCNONE);
*tl = txdr_unsigned(RPCAUTH_GSS);
nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
nfsgss_mechlist[KERBV_MECH].len);
NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
*tl++ = txdr_unsigned(GSS_KERBV_QOP);
*tl++ = txdr_unsigned(RPCAUTHGSS_SVCINTEGRITY);
*tl = txdr_unsigned(RPCAUTH_GSS);
nfsm_strtom(nd, nfsgss_mechlist[KERBV_MECH].str,
nfsgss_mechlist[KERBV_MECH].len);
NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
*tl++ = txdr_unsigned(GSS_KERBV_QOP);
*tl = txdr_unsigned(RPCAUTHGSS_SVCPRIVACY);
len = 4;
}
for (i = 0; i < retnes.nes_numsecflavor; i++) {
if (retnes.nes_secflavors[i] == AUTH_SYS) {
NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);