diff options
| author | J. Bruce Fields <bfields@citi.umich.edu> | 2008-08-07 13:00:20 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@citi.umich.edu> | 2008-09-29 17:56:56 -0400 |
| commit | 04716e6621ff4abb422d64ba7b48718f52716a3e (patch) | |
| tree | 742e2e7b6d4c7cf3a39f504000a49e57fe0b538b /fs/nfsd/nfsfh.c | |
| parent | 5dd248f6f1ffe1f691fd66749e2a3dc8f8eb7b5e (diff) | |
nfsd: permit unauthenticated stat of export root
RFC 2623 section 2.3.2 permits the server to bypass gss authentication
checks for certain operations that a client may perform when mounting.
In the case of a client that doesn't have some form of credentials
available to it on boot, this allows it to perform the mount unattended.
(Presumably real file access won't be needed until a user with
credentials logs in.)
Being slightly more lenient allows lots of old clients to access
krb5-only exports, with the only loss being a small amount of
information leaked about the root directory of the export.
This affects only v2 and v3; v4 still requires authentication for all
access.
Thanks to Peter Staubach testing against a Solaris client, which
suggesting addition of v3 getattr, to the list, and to Trond for noting
that doing so exposes no additional information.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: Peter Staubach <staubach@redhat.com>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Diffstat (limited to 'fs/nfsd/nfsfh.c')
| -rw-r--r-- | fs/nfsd/nfsfh.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index ea37c96f0445..cd25d91895a1 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c | |||
| @@ -302,17 +302,27 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access) | |||
| 302 | if (error) | 302 | if (error) |
| 303 | goto out; | 303 | goto out; |
| 304 | 304 | ||
| 305 | if (!(access & NFSD_MAY_LOCK)) { | 305 | /* |
| 306 | /* | 306 | * pseudoflavor restrictions are not enforced on NLM, |
| 307 | * pseudoflavor restrictions are not enforced on NLM, | 307 | * which clients virtually always use auth_sys for, |
| 308 | * which clients virtually always use auth_sys for, | 308 | * even while using RPCSEC_GSS for NFS. |
| 309 | * even while using RPCSEC_GSS for NFS. | 309 | */ |
| 310 | */ | 310 | if (access & NFSD_MAY_LOCK) |
| 311 | error = check_nfsd_access(exp, rqstp); | 311 | goto skip_pseudoflavor_check; |
| 312 | if (error) | 312 | /* |
| 313 | goto out; | 313 | * Clients may expect to be able to use auth_sys during mount, |
| 314 | } | 314 | * even if they use gss for everything else; see section 2.3.2 |
| 315 | * of rfc 2623. | ||
| 316 | */ | ||
| 317 | if (access & NFSD_MAY_BYPASS_GSS_ON_ROOT | ||
| 318 | && exp->ex_path.dentry == dentry) | ||
| 319 | goto skip_pseudoflavor_check; | ||
| 320 | |||
| 321 | error = check_nfsd_access(exp, rqstp); | ||
| 322 | if (error) | ||
| 323 | goto out; | ||
| 315 | 324 | ||
| 325 | skip_pseudoflavor_check: | ||
| 316 | /* Finally, check access permissions. */ | 326 | /* Finally, check access permissions. */ |
| 317 | error = nfsd_permission(rqstp, exp, dentry, access); | 327 | error = nfsd_permission(rqstp, exp, dentry, access); |
| 318 | 328 | ||