diff options
author | Andy Adamson <andros@citi.umich.edu> | 2007-07-17 07:04:48 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-17 13:23:08 -0400 |
commit | 32c1eb0cd7ee00b5eb7b6f7059c635fbc1052966 (patch) | |
tree | c1a15e47d2dd93417b38d374346332809d461bda /fs/nfsd/export.c | |
parent | 6c0a654dceaa4342270306de77eadb0173dfb58a (diff) |
knfsd: nfsd4: return nfserr_wrongsec
Make the first actual use of the secinfo information by using it to return
nfserr_wrongsec when an export is found that doesn't allow the flavor used on
this request.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/nfsd/export.c')
-rw-r--r-- | fs/nfsd/export.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 4537a8f5cb9a..323cbdcc9bfd 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c | |||
@@ -1228,6 +1228,28 @@ exp_find(struct auth_domain *clp, int fsid_type, u32 *fsidv, | |||
1228 | return exp; | 1228 | return exp; |
1229 | } | 1229 | } |
1230 | 1230 | ||
1231 | __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp) | ||
1232 | { | ||
1233 | struct exp_flavor_info *f; | ||
1234 | struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors; | ||
1235 | |||
1236 | /* legacy gss-only clients are always OK: */ | ||
1237 | if (exp->ex_client == rqstp->rq_gssclient) | ||
1238 | return 0; | ||
1239 | /* ip-address based client; check sec= export option: */ | ||
1240 | for (f = exp->ex_flavors; f < end; f++) { | ||
1241 | if (f->pseudoflavor == rqstp->rq_flavor) | ||
1242 | return 0; | ||
1243 | } | ||
1244 | /* defaults in absence of sec= options: */ | ||
1245 | if (exp->ex_nflavors == 0) { | ||
1246 | if (rqstp->rq_flavor == RPC_AUTH_NULL || | ||
1247 | rqstp->rq_flavor == RPC_AUTH_UNIX) | ||
1248 | return 0; | ||
1249 | } | ||
1250 | return nfserr_wrongsec; | ||
1251 | } | ||
1252 | |||
1231 | /* | 1253 | /* |
1232 | * Uses rq_client and rq_gssclient to find an export; uses rq_client (an | 1254 | * Uses rq_client and rq_gssclient to find an export; uses rq_client (an |
1233 | * auth_unix client) if it's available and has secinfo information; | 1255 | * auth_unix client) if it's available and has secinfo information; |
@@ -1340,6 +1362,10 @@ exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp) | |||
1340 | if (IS_ERR(exp)) | 1362 | if (IS_ERR(exp)) |
1341 | return nfserrno(PTR_ERR(exp)); | 1363 | return nfserrno(PTR_ERR(exp)); |
1342 | rv = fh_compose(fhp, exp, exp->ex_dentry, NULL); | 1364 | rv = fh_compose(fhp, exp, exp->ex_dentry, NULL); |
1365 | if (rv) | ||
1366 | goto out; | ||
1367 | rv = check_nfsd_access(exp, rqstp); | ||
1368 | out: | ||
1343 | exp_put(exp); | 1369 | exp_put(exp); |
1344 | return rv; | 1370 | return rv; |
1345 | } | 1371 | } |