svn commit: r223751 - stable/8/sys/fs/nfsserver
Rick Macklem
rmacklem at FreeBSD.org
Mon Jul 4 01:27:42 UTC 2011
Author: rmacklem
Date: Mon Jul 4 01:27:41 2011
New Revision: 223751
URL: http://svn.freebsd.org/changeset/base/223751
Log:
MFC: r223349
Fix the new NFSv4 server so that it only allows Lookup of
directories and symbolic links when traversing non-exported
file systems. Found during the recent NFSv4 interoperability
Bakeathon.
Modified:
stable/8/sys/fs/nfsserver/nfs_nfsdserv.c
Directory Properties:
stable/8/sys/ (props changed)
stable/8/sys/amd64/include/xen/ (props changed)
stable/8/sys/cddl/contrib/opensolaris/ (props changed)
stable/8/sys/contrib/dev/acpica/ (props changed)
stable/8/sys/contrib/pf/ (props changed)
Modified: stable/8/sys/fs/nfsserver/nfs_nfsdserv.c
==============================================================================
--- stable/8/sys/fs/nfsserver/nfs_nfsdserv.c Mon Jul 4 01:06:19 2011 (r223750)
+++ stable/8/sys/fs/nfsserver/nfs_nfsdserv.c Mon Jul 4 01:27:41 2011 (r223751)
@@ -454,7 +454,7 @@ nfsmout:
APPLESTATIC int
nfsrvd_lookup(struct nfsrv_descript *nd, __unused int isdgram,
vnode_t dp, vnode_t *vpp, fhandle_t *fhp, NFSPROC_T *p,
- __unused struct nfsexstuff *exp)
+ struct nfsexstuff *exp)
{
struct nameidata named;
vnode_t vp, dirp = NULL;
@@ -508,7 +508,15 @@ nfsrvd_lookup(struct nfsrv_descript *nd,
vrele(named.ni_startdir);
nfsvno_relpathbuf(&named);
vp = named.ni_vp;
- nd->nd_repstat = nfsvno_getfh(vp, fhp, p);
+ if ((nd->nd_flag & ND_NFSV4) != 0 && !NFSVNO_EXPORTED(exp) &&
+ vp->v_type != VDIR && vp->v_type != VLNK)
+ /*
+ * Only allow lookup of VDIR and VLNK for traversal of
+ * non-exported volumes during NFSv4 mounting.
+ */
+ nd->nd_repstat = ENOENT;
+ if (nd->nd_repstat == 0)
+ nd->nd_repstat = nfsvno_getfh(vp, fhp, p);
if (!(nd->nd_flag & ND_NFSV4) && !nd->nd_repstat)
nd->nd_repstat = nfsvno_getattr(vp, &nva, nd->nd_cred, p, 1);
if (vpp != NULL && nd->nd_repstat == 0)
More information about the svn-src-stable
mailing list