Author: freqlabs Date: Fri Jun 19 11:45:12 2020 New Revision: 362375 URL: https://svnweb.freebsd.org/changeset/base/362375
Log: MFC r362252: Apply default security flavor in vfs_export Reported by: npn Reviewed by: rmacklem Approved by: mav (mentor) Sponsored by: iXsystems, Inc. Differential Revision: https://reviews.freebsd.org/D25300 Modified: stable/12/sys/kern/vfs_export.c stable/12/sys/kern/vfs_mount.c Directory Properties: stable/12/ (props changed) Changes in other areas also in this revision: Modified: stable/11/sys/kern/vfs_export.c stable/11/sys/kern/vfs_mount.c Directory Properties: stable/11/ (props changed) Modified: stable/12/sys/kern/vfs_export.c ============================================================================== --- stable/12/sys/kern/vfs_export.c Fri Jun 19 11:32:42 2020 (r362374) +++ stable/12/sys/kern/vfs_export.c Fri Jun 19 11:45:12 2020 (r362375) @@ -61,6 +61,9 @@ __FBSDID("$FreeBSD$"); #include <netinet/in.h> #include <net/radix.h> +#include <rpc/types.h> +#include <rpc/auth.h> + static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure"); #if defined(INET) || defined(INET6) @@ -309,7 +312,7 @@ vfs_export(struct mount *mp, struct export_args *argp) return (EINVAL); if ((argp->ex_flags & MNT_EXPORTED) != 0 && - (argp->ex_numsecflavors <= 0 + (argp->ex_numsecflavors < 0 || argp->ex_numsecflavors >= MAXSECFLAVORS)) return (EINVAL); @@ -346,6 +349,10 @@ vfs_export(struct mount *mp, struct export_args *argp) MNT_ILOCK(mp); mp->mnt_flag |= MNT_EXPUBLIC; MNT_IUNLOCK(mp); + } + if (argp->ex_numsecflavors == 0) { + argp->ex_numsecflavors = 1; + argp->ex_secflavors[0] = AUTH_SYS; } if ((error = vfs_hang_addrlist(mp, nep, argp))) goto out; Modified: stable/12/sys/kern/vfs_mount.c ============================================================================== --- stable/12/sys/kern/vfs_mount.c Fri Jun 19 11:32:42 2020 (r362374) +++ stable/12/sys/kern/vfs_mount.c Fri Jun 19 11:45:12 2020 (r362375) @@ -68,9 +68,6 @@ __FBSDID("$FreeBSD$"); #include <machine/stdarg.h> -#include <rpc/types.h> -#include <rpc/auth.h> - #include <security/audit/audit.h> #include <security/mac/mac_framework.h> @@ -2050,18 +2047,13 @@ kernel_vmount(int flags, ...) * Convert the old export args format into new export args. * * The old export args struct does not have security flavors. Otherwise, the - * structs are identical. The default security flavor 'sys' is applied when - * the given args export the filesystem. + * structs are identical. The default security flavor 'sys' is applied by + * vfs_export when .ex_numsecflavors is 0. */ void vfs_oexport_conv(const struct oexport_args *oexp, struct export_args *exp) { bcopy(oexp, exp, sizeof(*oexp)); - if (exp->ex_flags & MNT_EXPORTED) { - exp->ex_numsecflavors = 1; - exp->ex_secflavors[0] = AUTH_SYS; - } else { - exp->ex_numsecflavors = 0; - } + exp->ex_numsecflavors = 0; } _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
