diff options
-rw-r--r-- | fs/nfsd/nfsfh.c | 43 |
1 files changed, 26 insertions, 17 deletions
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 4f712e970584..468f17a78441 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c | |||
@@ -95,6 +95,22 @@ nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, int type) | |||
95 | return 0; | 95 | return 0; |
96 | } | 96 | } |
97 | 97 | ||
98 | static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, | ||
99 | struct svc_export *exp) | ||
100 | { | ||
101 | /* Check if the request originated from a secure port. */ | ||
102 | if (!rqstp->rq_secure && EX_SECURE(exp)) { | ||
103 | char buf[RPC_MAX_ADDRBUFLEN]; | ||
104 | dprintk(KERN_WARNING | ||
105 | "nfsd: request from insecure port %s!\n", | ||
106 | svc_print_addr(rqstp, buf, sizeof(buf))); | ||
107 | return nfserr_perm; | ||
108 | } | ||
109 | |||
110 | /* Set user creds for this exportpoint */ | ||
111 | return nfserrno(nfsd_setuser(rqstp, exp)); | ||
112 | } | ||
113 | |||
98 | /* | 114 | /* |
99 | * Perform sanity checks on the dentry in a client's file handle. | 115 | * Perform sanity checks on the dentry in a client's file handle. |
100 | * | 116 | * |
@@ -167,18 +183,7 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access) | |||
167 | goto out; | 183 | goto out; |
168 | } | 184 | } |
169 | 185 | ||
170 | /* Check if the request originated from a secure port. */ | 186 | error = nfsd_setuser_and_check_port(rqstp, exp); |
171 | error = nfserr_perm; | ||
172 | if (!rqstp->rq_secure && EX_SECURE(exp)) { | ||
173 | char buf[RPC_MAX_ADDRBUFLEN]; | ||
174 | printk(KERN_WARNING | ||
175 | "nfsd: request from insecure port %s!\n", | ||
176 | svc_print_addr(rqstp, buf, sizeof(buf))); | ||
177 | goto out; | ||
178 | } | ||
179 | |||
180 | /* Set user creds for this exportpoint */ | ||
181 | error = nfserrno(nfsd_setuser(rqstp, exp)); | ||
182 | if (error) | 187 | if (error) |
183 | goto out; | 188 | goto out; |
184 | 189 | ||
@@ -227,18 +232,22 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access) | |||
227 | fhp->fh_export = exp; | 232 | fhp->fh_export = exp; |
228 | nfsd_nr_verified++; | 233 | nfsd_nr_verified++; |
229 | } else { | 234 | } else { |
230 | /* just rechecking permissions | 235 | /* |
231 | * (e.g. nfsproc_create calls fh_verify, then nfsd_create does as well) | 236 | * just rechecking permissions |
237 | * (e.g. nfsproc_create calls fh_verify, then nfsd_create | ||
238 | * does as well) | ||
232 | */ | 239 | */ |
233 | dprintk("nfsd: fh_verify - just checking\n"); | 240 | dprintk("nfsd: fh_verify - just checking\n"); |
234 | dentry = fhp->fh_dentry; | 241 | dentry = fhp->fh_dentry; |
235 | exp = fhp->fh_export; | 242 | exp = fhp->fh_export; |
236 | /* Set user creds for this exportpoint; necessary even | 243 | /* |
244 | * Set user creds for this exportpoint; necessary even | ||
237 | * in the "just checking" case because this may be a | 245 | * in the "just checking" case because this may be a |
238 | * filehandle that was created by fh_compose, and that | 246 | * filehandle that was created by fh_compose, and that |
239 | * is about to be used in another nfsv4 compound | 247 | * is about to be used in another nfsv4 compound |
240 | * operation */ | 248 | * operation. |
241 | error = nfserrno(nfsd_setuser(rqstp, exp)); | 249 | */ |
250 | error = nfsd_setuser_and_check_port(rqstp, exp); | ||
242 | if (error) | 251 | if (error) |
243 | goto out; | 252 | goto out; |
244 | } | 253 | } |