nfsserver

Marcelo Araujo Thu, 30 Oct 2014 21:02:17 -0700

Author: araujo (ports committer)
Date: Fri Oct 31 04:01:10 2014
New Revision: 273877
URL: https://svnweb.freebsd.org/changeset/base/273877


Log:
  MFC r273159:
  Add two sysctl(8) to enable/disable NFSv4 server to check when setting
  user nobody and/or setting group nogroup as owner of a file or directory.
  Usually at the client side, if there is an username that is not in the
  client's passwd database, some clients will send 'nobody@<your.dns.domain>'
  in the wire and the NFSv4 server will treat it as an ERROR.
  However, if you have a valid user nobody in your passwd database,
  the NFSv4 server will treat it as a NFSERR_BADOWNER as its believes the
  client doesn't has the username mapped.
  
  Submitted by: Loic Blot <loic.b...@unix-experience.fr>
  Reviewed by:  rmacklem
  Approved by:  rmacklem
  Sponsored by: QNAP Systems Inc.

Modified:
  stable/10/sys/fs/nfsserver/nfs_nfsdsubs.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/fs/nfsserver/nfs_nfsdsubs.c
==============================================================================
--- stable/10/sys/fs/nfsserver/nfs_nfsdsubs.c   Thu Oct 30 23:47:28 2014        
(r273876)
+++ stable/10/sys/fs/nfsserver/nfs_nfsdsubs.c   Fri Oct 31 04:01:10 2014        
(r273877)
@@ -66,6 +66,16 @@ SYSCTL_INT(_vfs_nfsd, OID_AUTO, disable_
     &disable_checkutf8, 0,
     "Disable the NFSv4 check for a UTF8 compliant name");
 
+static int    enable_nobodycheck = 1;
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nobodycheck, CTLFLAG_RW,
+    &enable_nobodycheck, 0,
+    "Enable the NFSv4 check when setting user nobody as owner");
+
+static int    enable_nogroupcheck = 1;
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nogroupcheck, CTLFLAG_RW,
+    &enable_nogroupcheck, 0,
+    "Enable the NFSv4 check when setting group nogroup as owner");
+
 static char nfsrv_hexdigit(char, int *);
 
 /*
@@ -1543,8 +1553,10 @@ nfsrv_checkuidgid(struct nfsrv_descript 
         */
        if (NFSVNO_NOTSETUID(nvap) && NFSVNO_NOTSETGID(nvap))
                goto out;
-       if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid)
-           || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid)) {
+       if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid &&
+           enable_nobodycheck == 1)
+           || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid &&
+           enable_nogroupcheck == 1)) {
                error = NFSERR_BADOWNER;
                goto out;
        }
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r273877 - stable/10/sys/fs/nfsserver

Reply via email to