aboutsummaryrefslogtreecommitdiffstats
path: root/fs/nfsd/export.c
diff options
context:
space:
mode:
authorAndy Adamson <andros@citi.umich.edu>2007-07-17 07:04:48 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-17 13:23:08 -0400
commit32c1eb0cd7ee00b5eb7b6f7059c635fbc1052966 (patch)
treec1a15e47d2dd93417b38d374346332809d461bda /fs/nfsd/export.c
parent6c0a654dceaa4342270306de77eadb0173dfb58a (diff)
knfsd: nfsd4: return nfserr_wrongsec
Make the first actual use of the secinfo information by using it to return nfserr_wrongsec when an export is found that doesn't allow the flavor used on this request. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/nfsd/export.c')
-rw-r--r--fs/nfsd/export.c26
1 files changed, 26 insertions, 0 deletions
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index 4537a8f5cb9a..323cbdcc9bfd 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -1228,6 +1228,28 @@ exp_find(struct auth_domain *clp, int fsid_type, u32 *fsidv,
1228 return exp; 1228 return exp;
1229} 1229}
1230 1230
1231__be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
1232{
1233 struct exp_flavor_info *f;
1234 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1235
1236 /* legacy gss-only clients are always OK: */
1237 if (exp->ex_client == rqstp->rq_gssclient)
1238 return 0;
1239 /* ip-address based client; check sec= export option: */
1240 for (f = exp->ex_flavors; f < end; f++) {
1241 if (f->pseudoflavor == rqstp->rq_flavor)
1242 return 0;
1243 }
1244 /* defaults in absence of sec= options: */
1245 if (exp->ex_nflavors == 0) {
1246 if (rqstp->rq_flavor == RPC_AUTH_NULL ||
1247 rqstp->rq_flavor == RPC_AUTH_UNIX)
1248 return 0;
1249 }
1250 return nfserr_wrongsec;
1251}
1252
1231/* 1253/*
1232 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an 1254 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an
1233 * auth_unix client) if it's available and has secinfo information; 1255 * auth_unix client) if it's available and has secinfo information;
@@ -1340,6 +1362,10 @@ exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp)
1340 if (IS_ERR(exp)) 1362 if (IS_ERR(exp))
1341 return nfserrno(PTR_ERR(exp)); 1363 return nfserrno(PTR_ERR(exp));
1342 rv = fh_compose(fhp, exp, exp->ex_dentry, NULL); 1364 rv = fh_compose(fhp, exp, exp->ex_dentry, NULL);
1365 if (rv)
1366 goto out;
1367 rv = check_nfsd_access(exp, rqstp);
1368out:
1343 exp_put(exp); 1369 exp_put(exp);
1344 return rv; 1370 return rv;
1345} 1371}