diff options
Diffstat (limited to 'fs/nfsd/nfsfh.c')
| -rw-r--r-- | fs/nfsd/nfsfh.c | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 4f712e970584..8fbd2dc08a92 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c | |||
| @@ -22,6 +22,7 @@ | |||
| 22 | #include <linux/sunrpc/svc.h> | 22 | #include <linux/sunrpc/svc.h> |
| 23 | #include <linux/sunrpc/svcauth_gss.h> | 23 | #include <linux/sunrpc/svcauth_gss.h> |
| 24 | #include <linux/nfsd/nfsd.h> | 24 | #include <linux/nfsd/nfsd.h> |
| 25 | #include "auth.h" | ||
| 25 | 26 | ||
| 26 | #define NFSDDBG_FACILITY NFSDDBG_FH | 27 | #define NFSDDBG_FACILITY NFSDDBG_FH |
| 27 | 28 | ||
| @@ -95,6 +96,22 @@ nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, int type) | |||
| 95 | return 0; | 96 | return 0; |
| 96 | } | 97 | } |
| 97 | 98 | ||
| 99 | static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, | ||
| 100 | struct svc_export *exp) | ||
| 101 | { | ||
| 102 | /* Check if the request originated from a secure port. */ | ||
| 103 | if (!rqstp->rq_secure && EX_SECURE(exp)) { | ||
| 104 | char buf[RPC_MAX_ADDRBUFLEN]; | ||
| 105 | dprintk(KERN_WARNING | ||
| 106 | "nfsd: request from insecure port %s!\n", | ||
| 107 | svc_print_addr(rqstp, buf, sizeof(buf))); | ||
| 108 | return nfserr_perm; | ||
| 109 | } | ||
| 110 | |||
| 111 | /* Set user creds for this exportpoint */ | ||
| 112 | return nfserrno(nfsd_setuser(rqstp, exp)); | ||
| 113 | } | ||
| 114 | |||
| 98 | /* | 115 | /* |
| 99 | * Perform sanity checks on the dentry in a client's file handle. | 116 | * Perform sanity checks on the dentry in a client's file handle. |
| 100 | * | 117 | * |
| @@ -167,18 +184,7 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access) | |||
| 167 | goto out; | 184 | goto out; |
| 168 | } | 185 | } |
| 169 | 186 | ||
| 170 | /* Check if the request originated from a secure port. */ | 187 | error = nfsd_setuser_and_check_port(rqstp, exp); |
| 171 | error = nfserr_perm; | ||
| 172 | if (!rqstp->rq_secure && EX_SECURE(exp)) { | ||
| 173 | char buf[RPC_MAX_ADDRBUFLEN]; | ||
| 174 | printk(KERN_WARNING | ||
| 175 | "nfsd: request from insecure port %s!\n", | ||
| 176 | svc_print_addr(rqstp, buf, sizeof(buf))); | ||
| 177 | goto out; | ||
| 178 | } | ||
| 179 | |||
| 180 | /* Set user creds for this exportpoint */ | ||
| 181 | error = nfserrno(nfsd_setuser(rqstp, exp)); | ||
| 182 | if (error) | 188 | if (error) |
| 183 | goto out; | 189 | goto out; |
| 184 | 190 | ||
| @@ -227,18 +233,22 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access) | |||
| 227 | fhp->fh_export = exp; | 233 | fhp->fh_export = exp; |
| 228 | nfsd_nr_verified++; | 234 | nfsd_nr_verified++; |
| 229 | } else { | 235 | } else { |
| 230 | /* just rechecking permissions | 236 | /* |
| 231 | * (e.g. nfsproc_create calls fh_verify, then nfsd_create does as well) | 237 | * just rechecking permissions |
| 238 | * (e.g. nfsproc_create calls fh_verify, then nfsd_create | ||
| 239 | * does as well) | ||
| 232 | */ | 240 | */ |
| 233 | dprintk("nfsd: fh_verify - just checking\n"); | 241 | dprintk("nfsd: fh_verify - just checking\n"); |
| 234 | dentry = fhp->fh_dentry; | 242 | dentry = fhp->fh_dentry; |
| 235 | exp = fhp->fh_export; | 243 | exp = fhp->fh_export; |
| 236 | /* Set user creds for this exportpoint; necessary even | 244 | /* |
| 245 | * Set user creds for this exportpoint; necessary even | ||
| 237 | * in the "just checking" case because this may be a | 246 | * in the "just checking" case because this may be a |
| 238 | * filehandle that was created by fh_compose, and that | 247 | * filehandle that was created by fh_compose, and that |
| 239 | * is about to be used in another nfsv4 compound | 248 | * is about to be used in another nfsv4 compound |
| 240 | * operation */ | 249 | * operation. |
| 241 | error = nfserrno(nfsd_setuser(rqstp, exp)); | 250 | */ |
| 251 | error = nfsd_setuser_and_check_port(rqstp, exp); | ||
| 242 | if (error) | 252 | if (error) |
| 243 | goto out; | 253 | goto out; |
| 244 | } | 254 | } |