diff options
author | J. Bruce Fields <bfields@citi.umich.edu> | 2009-12-08 18:15:52 -0500 |
---|---|---|
committer | J. Bruce Fields <bfields@citi.umich.edu> | 2009-12-14 19:08:58 -0500 |
commit | 12045a6ee9908b38b6d286530c7d816e39071346 (patch) | |
tree | 649491cd62d895c32cde4ab488df7e32557eedff | |
parent | e8e8753f7a32ce4f636771126fc8eba0dc4ad817 (diff) |
nfsd: let "insecure" flag vary by pseudoflavor
This was an oversight; it should be among the export flags that can be
allowed to vary by pseudoflavor. This allows an administrator to (for
example) allow auth_sys mounts only from low ports, but allow auth_krb5
mounts to use any port.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
-rw-r--r-- | fs/nfsd/nfsfh.c | 4 | ||||
-rw-r--r-- | include/linux/nfsd/export.h | 4 |
2 files changed, 5 insertions, 3 deletions
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 0eb1c59f5ab8..951938d6c495 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c | |||
@@ -88,8 +88,10 @@ nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, int type) | |||
88 | static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, | 88 | static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, |
89 | struct svc_export *exp) | 89 | struct svc_export *exp) |
90 | { | 90 | { |
91 | int flags = nfsexp_flags(rqstp, exp); | ||
92 | |||
91 | /* Check if the request originated from a secure port. */ | 93 | /* Check if the request originated from a secure port. */ |
92 | if (!rqstp->rq_secure && EX_SECURE(exp)) { | 94 | if (!rqstp->rq_secure && (flags & NFSEXP_INSECURE_PORT)) { |
93 | RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]); | 95 | RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]); |
94 | dprintk(KERN_WARNING | 96 | dprintk(KERN_WARNING |
95 | "nfsd: request from insecure port %s!\n", | 97 | "nfsd: request from insecure port %s!\n", |
diff --git a/include/linux/nfsd/export.h b/include/linux/nfsd/export.h index 4f1df1d7312c..4cafbe1255f0 100644 --- a/include/linux/nfsd/export.h +++ b/include/linux/nfsd/export.h | |||
@@ -44,7 +44,8 @@ | |||
44 | 44 | ||
45 | /* The flags that may vary depending on security flavor: */ | 45 | /* The flags that may vary depending on security flavor: */ |
46 | #define NFSEXP_SECINFO_FLAGS (NFSEXP_READONLY | NFSEXP_ROOTSQUASH \ | 46 | #define NFSEXP_SECINFO_FLAGS (NFSEXP_READONLY | NFSEXP_ROOTSQUASH \ |
47 | | NFSEXP_ALLSQUASH) | 47 | | NFSEXP_ALLSQUASH \ |
48 | | NFSEXP_INSECURE_PORT) | ||
48 | 49 | ||
49 | #ifdef __KERNEL__ | 50 | #ifdef __KERNEL__ |
50 | 51 | ||
@@ -109,7 +110,6 @@ struct svc_expkey { | |||
109 | struct path ek_path; | 110 | struct path ek_path; |
110 | }; | 111 | }; |
111 | 112 | ||
112 | #define EX_SECURE(exp) (!((exp)->ex_flags & NFSEXP_INSECURE_PORT)) | ||
113 | #define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC)) | 113 | #define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC)) |
114 | #define EX_NOHIDE(exp) ((exp)->ex_flags & NFSEXP_NOHIDE) | 114 | #define EX_NOHIDE(exp) ((exp)->ex_flags & NFSEXP_NOHIDE) |
115 | #define EX_WGATHER(exp) ((exp)->ex_flags & NFSEXP_GATHERED_WRITES) | 115 | #define EX_WGATHER(exp) ((exp)->ex_flags & NFSEXP_GATHERED_WRITES) |