Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 12045a6e authored Dec 08, 2009 by J. Bruce Fields

nfsd: let "insecure" flag vary by pseudoflavor



This was an oversight; it should be among the export flags that can be
allowed to vary by pseudoflavor.  This allows an administrator to (for
example) allow auth_sys mounts only from low ports, but allow auth_krb5
mounts to use any port.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

parent e8e8753f

fs/nfsd/nfsfh.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -88,8 +88,10 @@ nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, int type)
		static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
		struct svc_export *exp)
		{
		int flags = nfsexp_flags(rqstp, exp);

		/* Check if the request originated from a secure port. */
		if (!rqstp->rq_secure && EX_SECURE(exp)) {
		if (!rqstp->rq_secure && (flags & NFSEXP_INSECURE_PORT)) {
		RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
		dprintk(KERN_WARNING
		"nfsd: request from insecure port %s!\n",

include/linux/nfsd/export.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -44,7 +44,8 @@

		/* The flags that may vary depending on security flavor: */
		#define NFSEXP_SECINFO_FLAGS (NFSEXP_READONLY \| NFSEXP_ROOTSQUASH \
		\| NFSEXP_ALLSQUASH)
		\| NFSEXP_ALLSQUASH \
		\| NFSEXP_INSECURE_PORT)

		#ifdef __KERNEL__

		@@ -109,7 +110,6 @@ struct svc_expkey {
		struct path ek_path;
		};

		#define EX_SECURE(exp) (!((exp)->ex_flags & NFSEXP_INSECURE_PORT))
		#define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC))
		#define EX_NOHIDE(exp) ((exp)->ex_flags & NFSEXP_NOHIDE)
		#define EX_WGATHER(exp) ((exp)->ex_flags & NFSEXP_GATHERED_WRITES)