svn commit: r273159 - head/sys/fs/nfsserver

Marcelo Araujo araujo at FreeBSD.org
Thu Oct 16 02:24:20 UTC 2014 

Author: araujo (ports committer)
Date: Thu Oct 16 02:24:19 2014
New Revision: 273159
URL: https://svnweb.freebsd.org/changeset/base/273159

Log:
  Add two sysctl(8) to enable/disable NFSv4 server to check when setting
  user nobody and/or setting group nogroup as owner of a file or directory.
  Usually at the client side, if there is an username that is not in the
  client's passwd database, some clients will send 'nobody@<your.dns.domain>'
  in the wire and the NFSv4 server will treat it as an ERROR.
  However, if you have a valid user nobody in your passwd database,
  the NFSv4 server will treat it as a NFSERR_BADOWNER as its believes the
  client doesn't has the username mapped.
  
  Submitted by:	Loic Blot <loic.blot at unix-experience.fr>
  Reviewed by:	rmacklem
  Approved by:	rmacklem
  MFC after:	2 weeks

Modified:
  head/sys/fs/nfsserver/nfs_nfsdsubs.c

Modified: head/sys/fs/nfsserver/nfs_nfsdsubs.c
==============================================================================
--- head/sys/fs/nfsserver/nfs_nfsdsubs.c	Thu Oct 16 02:23:27 2014	(r273158)
+++ head/sys/fs/nfsserver/nfs_nfsdsubs.c	Thu Oct 16 02:24:19 2014	(r273159)
@@ -66,6 +66,16 @@ SYSCTL_INT(_vfs_nfsd, OID_AUTO, disable_
     &disable_checkutf8, 0,
     "Disable the NFSv4 check for a UTF8 compliant name");
 
+static int    enable_nobodycheck = 1;
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nobodycheck, CTLFLAG_RW,
+    &enable_nobodycheck, 0,
+    "Enable the NFSv4 check when setting user nobody as owner");
+
+static int    enable_nogroupcheck = 1;
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nogroupcheck, CTLFLAG_RW,
+    &enable_nogroupcheck, 0,
+    "Enable the NFSv4 check when setting group nogroup as owner");
+
 static char nfsrv_hexdigit(char, int *);
 
 /*
@@ -1543,8 +1553,10 @@ nfsrv_checkuidgid(struct nfsrv_descript 
 	 */
 	if (NFSVNO_NOTSETUID(nvap) && NFSVNO_NOTSETGID(nvap))
 		goto out;
-	if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid)
-	    || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid)) {
+	if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid &&
+           enable_nobodycheck == 1)
+	    || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid &&
+           enable_nogroupcheck == 1)) {
 		error = NFSERR_BADOWNER;
 		goto out;
 	}

More information about the svn-src-all mailing list