svn commit: r192707 - head/sys/fs/nfsserver
Rick Macklem
rmacklem at FreeBSD.org
Mon May 25 01:00:10 UTC 2009
Author: rmacklem
Date: Mon May 25 01:00:09 2009
New Revision: 192707
URL: http://svn.freebsd.org/changeset/base/192707
Log:
Add NFSv4 root export checks to the DelegPurge, Renew and
ReleaseLockOwner operations analagous to what is already
in place for SetClientID and SetClientIDConfirm. These are
the five NFSv4 operations that do not use file handle(s),
so the checks are done using the NFSv4 root export entries
in /etc/exports.
Approved by: kib (mentor)
Modified:
head/sys/fs/nfsserver/nfs_nfsdserv.c
Modified: head/sys/fs/nfsserver/nfs_nfsdserv.c
==============================================================================
--- head/sys/fs/nfsserver/nfs_nfsdserv.c Mon May 25 00:56:01 2009 (r192706)
+++ head/sys/fs/nfsserver/nfs_nfsdserv.c Mon May 25 01:00:09 2009 (r192707)
@@ -2830,6 +2830,11 @@ nfsrvd_delegpurge(struct nfsrv_descript
int error = 0;
nfsquad_t clientid;
+ if ((!nfs_rootfhset && !nfsv4root_set) ||
+ nfsd_checkrootexp(nd)) {
+ nd->nd_repstat = NFSERR_WRONGSEC;
+ return (0);
+ }
NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
clientid.lval[0] = *tl++;
clientid.lval[1] = *tl;
@@ -3024,6 +3029,11 @@ nfsrvd_renew(struct nfsrv_descript *nd,
int error = 0;
nfsquad_t clientid;
+ if ((!nfs_rootfhset && !nfsv4root_set) ||
+ nfsd_checkrootexp(nd)) {
+ nd->nd_repstat = NFSERR_WRONGSEC;
+ return (0);
+ }
NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
clientid.lval[0] = *tl++;
clientid.lval[1] = *tl;
@@ -3355,6 +3365,11 @@ nfsrvd_releaselckown(struct nfsrv_descri
int error = 0, len;
nfsquad_t clientid;
+ if ((!nfs_rootfhset && !nfsv4root_set) ||
+ nfsd_checkrootexp(nd)) {
+ nd->nd_repstat = NFSERR_WRONGSEC;
+ return (0);
+ }
NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
len = fxdr_unsigned(int, *(tl + 2));
MALLOC(stp, struct nfsstate *, sizeof (struct nfsstate) + len,
More information about the svn-src-head
mailing list