git: 5a0050e68a54 - main - nfsserver: Fix handling of SP4_NONE
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 15 Jan 2023 22:08:38 UTC
The branch main has been updated by rmacklem:
URL: https://cgit.FreeBSD.org/src/commit/?id=5a0050e68a54353af53ac28df90854797ebbef16
commit 5a0050e68a54353af53ac28df90854797ebbef16
Author: Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-01-15 22:07:40 +0000
Commit: Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-01-15 22:07:40 +0000
nfsserver: Fix handling of SP4_NONE
For NFSv4.1/4.2, when the client specifies SP4_NONE for
state protection in the ExchangeID operation arguments,
the server MUST allow the state management operations for
any user credentials. (I misread the RFC and thought that
SP4_NONE meant "at the server's discression" and not MUST
be allowed.)
This means that the "sec=XXX" field of the "V4:" exports(5)
line only applies to NFSv4.0.
This patch fixes the server to always allow state management
operations for SP4_NONE, which is the only state management
option currently supported. (I have patches that add support
for SP4_MACH_CRED to the server. These will be in a future commit.)
In practice, this bug does not seem to have caused
interoperability problems.
MFC after: 2 weeks
---
sys/fs/nfsserver/nfs_nfsdstate.c | 7 ++++++-
sys/fs/nfsserver/nfs_nfsdsubs.c | 8 ++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c
index 84da1d9561cd..7430f1f200b3 100644
--- a/sys/fs/nfsserver/nfs_nfsdstate.c
+++ b/sys/fs/nfsserver/nfs_nfsdstate.c
@@ -5867,12 +5867,17 @@ nfsrv_throwawayopens(NFSPROC_T *p)
/*
* This function checks to see if the credentials are the same.
- * Returns 1 for not same, 0 otherwise.
+ * The check for same credentials is needed for state management operations
+ * for NFSv4.0 where 1 is returned if not same, 0 is returned otherwise.
*/
static int
nfsrv_notsamecredname(struct nfsrv_descript *nd, struct nfsclient *clp)
{
+ /* For NFSv4.1/4.2, SP4_NONE always allows this. */
+ if ((nd->nd_flag & ND_NFSV41) != 0)
+ return (0);
+
if (nd->nd_flag & ND_GSS) {
if (!(clp->lc_flags & LCL_GSS))
return (1);
diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c b/sys/fs/nfsserver/nfs_nfsdsubs.c
index ca691941ed0d..20f62211f53e 100644
--- a/sys/fs/nfsserver/nfs_nfsdsubs.c
+++ b/sys/fs/nfsserver/nfs_nfsdsubs.c
@@ -2121,6 +2121,14 @@ nfsd_checkrootexp(struct nfsrv_descript *nd)
if (nfs_rootfhset == 0)
return (NFSERR_AUTHERR | AUTH_FAILED);
+ /*
+ * For NFSv4.1/4.2, if the client specifies SP4_NONE, then these
+ * operations are allowed regardless of the value of the "sec=XXX"
+ * field in the V4: exports line.
+ * As such, these Kerberos checks only apply to NFSv4.0 mounts.
+ */
+ if ((nd->nd_flag & ND_NFSV41) != 0)
+ goto checktls;
if ((nd->nd_flag & (ND_GSS | ND_EXAUTHSYS)) == ND_EXAUTHSYS)
goto checktls;
if ((nd->nd_flag & (ND_GSSINTEGRITY | ND_EXGSSINTEGRITY)) ==