aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@citi.umich.edu>2009-12-08 18:15:52 -0500
committerJ. Bruce Fields <bfields@citi.umich.edu>2009-12-14 19:08:58 -0500
commit12045a6ee9908b38b6d286530c7d816e39071346 (patch)
tree649491cd62d895c32cde4ab488df7e32557eedff
parente8e8753f7a32ce4f636771126fc8eba0dc4ad817 (diff)
nfsd: let "insecure" flag vary by pseudoflavor
This was an oversight; it should be among the export flags that can be allowed to vary by pseudoflavor. This allows an administrator to (for example) allow auth_sys mounts only from low ports, but allow auth_krb5 mounts to use any port. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
-rw-r--r--fs/nfsd/nfsfh.c4
-rw-r--r--include/linux/nfsd/export.h4
2 files changed, 5 insertions, 3 deletions
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index 0eb1c59f5ab8..951938d6c495 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -88,8 +88,10 @@ nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, int type)
88static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, 88static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
89 struct svc_export *exp) 89 struct svc_export *exp)
90{ 90{
91 int flags = nfsexp_flags(rqstp, exp);
92
91 /* Check if the request originated from a secure port. */ 93 /* Check if the request originated from a secure port. */
92 if (!rqstp->rq_secure && EX_SECURE(exp)) { 94 if (!rqstp->rq_secure && (flags & NFSEXP_INSECURE_PORT)) {
93 RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]); 95 RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
94 dprintk(KERN_WARNING 96 dprintk(KERN_WARNING
95 "nfsd: request from insecure port %s!\n", 97 "nfsd: request from insecure port %s!\n",
diff --git a/include/linux/nfsd/export.h b/include/linux/nfsd/export.h
index 4f1df1d7312c..4cafbe1255f0 100644
--- a/include/linux/nfsd/export.h
+++ b/include/linux/nfsd/export.h
@@ -44,7 +44,8 @@
44 44
45/* The flags that may vary depending on security flavor: */ 45/* The flags that may vary depending on security flavor: */
46#define NFSEXP_SECINFO_FLAGS (NFSEXP_READONLY | NFSEXP_ROOTSQUASH \ 46#define NFSEXP_SECINFO_FLAGS (NFSEXP_READONLY | NFSEXP_ROOTSQUASH \
47 | NFSEXP_ALLSQUASH) 47 | NFSEXP_ALLSQUASH \
48 | NFSEXP_INSECURE_PORT)
48 49
49#ifdef __KERNEL__ 50#ifdef __KERNEL__
50 51
@@ -109,7 +110,6 @@ struct svc_expkey {
109 struct path ek_path; 110 struct path ek_path;
110}; 111};
111 112
112#define EX_SECURE(exp) (!((exp)->ex_flags & NFSEXP_INSECURE_PORT))
113#define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC)) 113#define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC))
114#define EX_NOHIDE(exp) ((exp)->ex_flags & NFSEXP_NOHIDE) 114#define EX_NOHIDE(exp) ((exp)->ex_flags & NFSEXP_NOHIDE)
115#define EX_WGATHER(exp) ((exp)->ex_flags & NFSEXP_GATHERED_WRITES) 115#define EX_WGATHER(exp) ((exp)->ex_flags & NFSEXP_GATHERED_WRITES)