svn commit: r273159 - head/sys/fs/nfsserver
Marcelo Araujo
araujo at FreeBSD.org
Thu Oct 16 02:24:20 UTC 2014
Author: araujo (ports committer)
Date: Thu Oct 16 02:24:19 2014
New Revision: 273159
URL: https://svnweb.freebsd.org/changeset/base/273159
Log:
Add two sysctl(8) to enable/disable NFSv4 server to check when setting
user nobody and/or setting group nogroup as owner of a file or directory.
Usually at the client side, if there is an username that is not in the
client's passwd database, some clients will send 'nobody@<your.dns.domain>'
in the wire and the NFSv4 server will treat it as an ERROR.
However, if you have a valid user nobody in your passwd database,
the NFSv4 server will treat it as a NFSERR_BADOWNER as its believes the
client doesn't has the username mapped.
Submitted by: Loic Blot <loic.blot at unix-experience.fr>
Reviewed by: rmacklem
Approved by: rmacklem
MFC after: 2 weeks
Modified:
head/sys/fs/nfsserver/nfs_nfsdsubs.c
Modified: head/sys/fs/nfsserver/nfs_nfsdsubs.c
==============================================================================
--- head/sys/fs/nfsserver/nfs_nfsdsubs.c Thu Oct 16 02:23:27 2014 (r273158)
+++ head/sys/fs/nfsserver/nfs_nfsdsubs.c Thu Oct 16 02:24:19 2014 (r273159)
@@ -66,6 +66,16 @@ SYSCTL_INT(_vfs_nfsd, OID_AUTO, disable_
&disable_checkutf8, 0,
"Disable the NFSv4 check for a UTF8 compliant name");
+static int enable_nobodycheck = 1;
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nobodycheck, CTLFLAG_RW,
+ &enable_nobodycheck, 0,
+ "Enable the NFSv4 check when setting user nobody as owner");
+
+static int enable_nogroupcheck = 1;
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nogroupcheck, CTLFLAG_RW,
+ &enable_nogroupcheck, 0,
+ "Enable the NFSv4 check when setting group nogroup as owner");
+
static char nfsrv_hexdigit(char, int *);
/*
@@ -1543,8 +1553,10 @@ nfsrv_checkuidgid(struct nfsrv_descript
*/
if (NFSVNO_NOTSETUID(nvap) && NFSVNO_NOTSETGID(nvap))
goto out;
- if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid)
- || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid)) {
+ if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid &&
+ enable_nobodycheck == 1)
+ || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid &&
+ enable_nogroupcheck == 1)) {
error = NFSERR_BADOWNER;
goto out;
}
More information about the svn-src-all
mailing list