If root squashing is turned off on a export that
has multiple directories, the parent directories
of the pseudo exports that's built, also needs to
have root squashing turned off.
Signed-off-by: Steve Dickson <[email protected]>
---
utils/mountd/v4root.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 708eb61..ad8a3e7 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
exp = export_create(&eep, 0);
if (exp == NULL)
return NULL;
- xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
+ /*
+ * Honor the no_root_squash flag
+ */
+ if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
+ exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
+ xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
+ exp->m_export.e_path, exp->m_export.e_flags);
+
return &exp->m_export;
}
--
1.7.7.6
On Tue, 2012-05-29 at 09:07 -0400, Steve Dickson wrote:
> If root squashing is turned off on a export that
> has multiple directories, the parent directories
> of the pseudo exports that's built, also needs to
> have root squashing turned off.
>
> Signed-off-by: Steve Dickson <[email protected]>
> ---
> utils/mountd/v4root.c | 9 ++++++++-
> 1 files changed, 8 insertions(+), 1 deletions(-)
>
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index 708eb61..ad8a3e7 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
> exp = export_create(&eep, 0);
> if (exp == NULL)
> return NULL;
> - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
> + /*
> + * Honor the no_root_squash flag
> + */
> + if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
> + exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
> + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
> + exp->m_export.e_path, exp->m_export.e_flags);
> +
> return &exp->m_export;
> }
As long as the user is authenticated, why do we care whether or not they
are squashed to user 'nobody' for authorisation purposes? There
shouldn't be any permission checks enforced on the pseudo-root, should
there?
Cheers
Trond
T24gVHVlLCAyMDEyLTA1LTI5IGF0IDExOjU1IC0wNDAwLCBTdGV2ZSBEaWNrc29uIHdyb3RlOg0K
PiANCj4gT24gMDUvMjkvMjAxMiAxMTowMCBBTSwgVHJvbmQgTXlrbGVidXN0IHdyb3RlOg0KPiA+
IE9uIFR1ZSwgMjAxMi0wNS0yOSBhdCAwOTowNyAtMDQwMCwgU3RldmUgRGlja3NvbiB3cm90ZToN
Cj4gPj4gSWYgcm9vdCBzcXVhc2hpbmcgaXMgdHVybmVkIG9mZiBvbiBhIGV4cG9ydCB0aGF0DQo+
ID4+IGhhcyBtdWx0aXBsZSBkaXJlY3RvcmllcywgdGhlIHBhcmVudCBkaXJlY3Rvcmllcw0KPiA+
PiBvZiB0aGUgcHNldWRvIGV4cG9ydHMgdGhhdCdzIGJ1aWx0LCBhbHNvIG5lZWRzIHRvDQo+ID4+
IGhhdmUgcm9vdCBzcXVhc2hpbmcgdHVybmVkIG9mZi4NCj4gPj4NCj4gPj4gU2lnbmVkLW9mZi1i
eTogU3RldmUgRGlja3NvbiA8c3RldmVkQHJlZGhhdC5jb20+DQo+ID4+IC0tLQ0KPiA+PiAgdXRp
bHMvbW91bnRkL3Y0cm9vdC5jIHwgICAgOSArKysrKysrKy0NCj4gPj4gIDEgZmlsZXMgY2hhbmdl
ZCwgOCBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9ucygtKQ0KPiA+Pg0KPiA+PiBkaWZmIC0tZ2l0
IGEvdXRpbHMvbW91bnRkL3Y0cm9vdC5jIGIvdXRpbHMvbW91bnRkL3Y0cm9vdC5jDQo+ID4+IGlu
ZGV4IDcwOGViNjEuLmFkOGEzZTcgMTAwNjQ0DQo+ID4+IC0tLSBhL3V0aWxzL21vdW50ZC92NHJv
b3QuYw0KPiA+PiArKysgYi91dGlscy9tb3VudGQvdjRyb290LmMNCj4gPj4gQEAgLTkyLDcgKzky
LDE0IEBAIHY0cm9vdF9jcmVhdGUoY2hhciAqcGF0aCwgbmZzX2V4cG9ydCAqZXhwb3J0KQ0KPiA+
PiAgCWV4cCA9IGV4cG9ydF9jcmVhdGUoJmVlcCwgMCk7DQo+ID4+ICAJaWYgKGV4cCA9PSBOVUxM
KQ0KPiA+PiAgCQlyZXR1cm4gTlVMTDsNCj4gPj4gLQl4bG9nKERfQ0FMTCwgInY0cm9vdF9jcmVh
dGU6IHBhdGggJyVzJyIsIGV4cC0+bV9leHBvcnQuZV9wYXRoKTsNCj4gPj4gKwkvKg0KPiA+PiAr
CSAqIEhvbm9yIHRoZSBub19yb290X3NxdWFzaCBmbGFnIA0KPiA+PiArCSAqLw0KPiA+PiArCWlm
ICgoY3VyZXhwLT5lX2ZsYWdzICYgTkZTRVhQX1JPT1RTUVVBU0gpID09IDApDQo+ID4+ICsJCWV4
cC0+bV9leHBvcnQuZV9mbGFncyAmPSB+TkZTRVhQX1JPT1RTUVVBU0g7DQo+ID4+ICsJeGxvZyhE
X0NBTEwsICJ2NHJvb3RfY3JlYXRlOiBwYXRoICclcycgZmxhZ3MgMHgleCIsIA0KPiA+PiArCQll
eHAtPm1fZXhwb3J0LmVfcGF0aCwgZXhwLT5tX2V4cG9ydC5lX2ZsYWdzKTsNCj4gPj4gKw0KPiA+
PiAgCXJldHVybiAmZXhwLT5tX2V4cG9ydDsNCj4gPj4gIH0NCj4gPiANCj4gPiANCj4gPiBBcyBs
b25nIGFzIHRoZSB1c2VyIGlzIGF1dGhlbnRpY2F0ZWQsIHdoeSBkbyB3ZSBjYXJlIHdoZXRoZXIg
b3Igbm90IHRoZXkNCj4gPiBhcmUgc3F1YXNoZWQgdG8gdXNlciAnbm9ib2R5JyBmb3IgYXV0aG9y
aXNhdGlvbiBwdXJwb3Nlcz8gVGhlcmUNCj4gPiBzaG91bGRuJ3QgYmUgYW55IHBlcm1pc3Npb24g
Y2hlY2tzIGVuZm9yY2VkIG9uIHRoZSBwc2V1ZG8tcm9vdCwgc2hvdWxkDQo+ID4gdGhlcmU/DQo+
ID4NCj4gVGhlIGFjY2VzcyBjaGVja3MgY29tZSBkdXJpbmcgdGhlIGxvb2t1cCBvZiB0aGUgcHNl
dWRvLXJvb3QuIA0KPiANCj4gRm9yIGV4YW1wbGUNCj4gICAgICAvaG9tZS9zdGV2ZWQvd29yayAq
KHJ3LG5vX3Jvb3Rfc3F1YXNoKQ0KPiANCj4gVGhpcyBpcyB0aGUgIGV4cG9ydCB3aGljaCBjYXVz
ZXMgbW91bnRkIGJ1aWxkcyB0aGUgcHNldWRvLXJvb3RzIG9mIA0KPiAgICAgICcvJywgJy9ob21l
JywgYW5kICcvaG9tZS9zdGV2ZWQnDQo+IA0KPiBOb3cgaWYgdGhlIG5vX3Jvb3Rfc3F1YXNoIGlz
IG5vdCBzZXQgb24gdGhvc2UgcHNldWRvLXJvb3RzIHRoZQ0KPiBhY2Nlc3MgYml0cyByZXR1cm5l
ZCBieSBzZXJ2ZXIgd2lsbCBjYXVzZSB0aGUgbG9va3VwIG9mDQo+IC9ob21lL3N0ZXZlZC93b3Jr
IHRvIGZhaWwuIA0KDQpJZiAnLycsICcvaG9tZScgYW5kICcvaG9tZS9zdGV2ZWQnIGFyZW4ndCBl
eHBvcnRlZCBkaXJlY3RvcmllcywgdGhlbiBob3cNCmNhbiB0aGV5IGhhdmUgcHJvcGVydGllcyBz
dWNoIGFzIGFjbHM/IEkgdGhvdWdodCB0aGUgd2hvbGUgcG9pbnQgb2YgdGhlDQpwc2V1ZG8tZmls
ZXN5c3RlbSB3YXMgdG8ganVzdCBwcm92aWRlIGEgbmFtZXNwYWNlIHRoYXQgYnJpZGdlcyBiZXR3
ZWVuDQphY3R1YWwgZXhwb3J0ZWQgZmlsZXN5c3RlbXMuDQpBcyBsb25nIGFzIEknbSBhdXRoZW50
aWNhdGVkIChpLmUuIG15IFJQQyBjcmVkZW50aWFsIG1hdGNoZXMgdGhlICdzZWM9Jw0KbGluZSBp
biAvZXRjL2V4cG9ydHMpLCB0aGVuIHdoeSBzaG91bGRuJ3QgSSBiZSBhYmxlIHRvICdjZCcNCmlu
dG8gL2hvbWUvc3RldmVkIGFuZCBydW4gYW4gJ2xzJz8NCg0KQ2hlZXJzDQogIFRyb25kDQotLSAN
ClRyb25kIE15a2xlYnVzdA0KTGludXggTkZTIGNsaWVudCBtYWludGFpbmVyDQoNCk5ldEFwcA0K
VHJvbmQuTXlrbGVidXN0QG5ldGFwcC5jb20NCnd3dy5uZXRhcHAuY29tDQoNCg==
On 05/29/2012 11:00 AM, Trond Myklebust wrote:
> On Tue, 2012-05-29 at 09:07 -0400, Steve Dickson wrote:
>> If root squashing is turned off on a export that
>> has multiple directories, the parent directories
>> of the pseudo exports that's built, also needs to
>> have root squashing turned off.
>>
>> Signed-off-by: Steve Dickson <[email protected]>
>> ---
>> utils/mountd/v4root.c | 9 ++++++++-
>> 1 files changed, 8 insertions(+), 1 deletions(-)
>>
>> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
>> index 708eb61..ad8a3e7 100644
>> --- a/utils/mountd/v4root.c
>> +++ b/utils/mountd/v4root.c
>> @@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
>> exp = export_create(&eep, 0);
>> if (exp == NULL)
>> return NULL;
>> - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
>> + /*
>> + * Honor the no_root_squash flag
>> + */
>> + if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
>> + exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
>> + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
>> + exp->m_export.e_path, exp->m_export.e_flags);
>> +
>> return &exp->m_export;
>> }
>
>
> As long as the user is authenticated, why do we care whether or not they
> are squashed to user 'nobody' for authorisation purposes? There
> shouldn't be any permission checks enforced on the pseudo-root, should
> there?
>
The access checks come during the lookup of the pseudo-root.
For example
/home/steved/work *(rw,no_root_squash)
This is the export which causes mountd builds the pseudo-roots of
'/', '/home', and '/home/steved'
Now if the no_root_squash is not set on those pseudo-roots the
access bits returned by server will cause the lookup of
/home/steved/work to fail.
steved.
On 05/29/2012 09:07 AM, Steve Dickson wrote:
> If root squashing is turned off on a export that
> has multiple directories, the parent directories
> of the pseudo exports that's built, also needs to
> have root squashing turned off.
>
> Signed-off-by: Steve Dickson <[email protected]>
Committed...
steved.
> ---
> utils/mountd/v4root.c | 9 ++++++++-
> 1 files changed, 8 insertions(+), 1 deletions(-)
>
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index 708eb61..ad8a3e7 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
> exp = export_create(&eep, 0);
> if (exp == NULL)
> return NULL;
> - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
> + /*
> + * Honor the no_root_squash flag
> + */
> + if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
> + exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
> + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
> + exp->m_export.e_path, exp->m_export.e_flags);
> +
> return &exp->m_export;
> }
>
On 05/29/2012 12:29 PM, Myklebust, Trond wrote:
> On Tue, 2012-05-29 at 11:55 -0400, Steve Dickson wrote:
>>
>> On 05/29/2012 11:00 AM, Trond Myklebust wrote:
>>> On Tue, 2012-05-29 at 09:07 -0400, Steve Dickson wrote:
>>>> If root squashing is turned off on a export that
>>>> has multiple directories, the parent directories
>>>> of the pseudo exports that's built, also needs to
>>>> have root squashing turned off.
>>>>
>>>> Signed-off-by: Steve Dickson <[email protected]>
>>>> ---
>>>> utils/mountd/v4root.c | 9 ++++++++-
>>>> 1 files changed, 8 insertions(+), 1 deletions(-)
>>>>
>>>> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
>>>> index 708eb61..ad8a3e7 100644
>>>> --- a/utils/mountd/v4root.c
>>>> +++ b/utils/mountd/v4root.c
>>>> @@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
>>>> exp = export_create(&eep, 0);
>>>> if (exp == NULL)
>>>> return NULL;
>>>> - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
>>>> + /*
>>>> + * Honor the no_root_squash flag
>>>> + */
>>>> + if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
>>>> + exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
>>>> + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
>>>> + exp->m_export.e_path, exp->m_export.e_flags);
>>>> +
>>>> return &exp->m_export;
>>>> }
>>>
>>>
>>> As long as the user is authenticated, why do we care whether or not they
>>> are squashed to user 'nobody' for authorisation purposes? There
>>> shouldn't be any permission checks enforced on the pseudo-root, should
>>> there?
>>>
>> The access checks come during the lookup of the pseudo-root.
>>
>> For example
>> /home/steved/work *(rw,no_root_squash)
>>
>> This is the export which causes mountd builds the pseudo-roots of
>> '/', '/home', and '/home/steved'
>>
>> Now if the no_root_squash is not set on those pseudo-roots the
>> access bits returned by server will cause the lookup of
>> /home/steved/work to fail.
>
> If '/', '/home' and '/home/steved' aren't exported directories, then how
> can they have properties such as acls?
They don't. '/', '/home' and '/home/steved' are not being exported. Only
/home/steved/work is being exported in the namespace. So /home/steved/work
can have properties such as acls, but the components in the path can't.
If you wanted those to those type of properties on the path components,
you would have to explicitly export them.
> I thought the whole point of the
> pseudo-filesystem was to just provide a namespace that bridges between
> actual exported filesystems.
That's exactly what happens....
> As long as I'm authenticated (i.e. my RPC credential matches the 'sec='
> line in /etc/exports), then why shouldn't I be able to 'cd'
> into /home/steved and run an 'ls'?
And you can. But all you are going to see is the exported directory, in
this case 'work'. For example: say you mount '/' on /mnt and do an ls.
This would be the tree:
# ls /mnt
./ ../ home/
# ls /mnt/work/home
./ ../ steved/
# ls /mnt/work/home/steved
./ ../ work/
steved.
On Tue, May 29, 2012 at 09:07:16AM -0400, Steve Dickson wrote:
> If root squashing is turned off on a export that
> has multiple directories, the parent directories
> of the pseudo exports that's built, also needs to
> have root squashing turned off.
>
> Signed-off-by: Steve Dickson <[email protected]>
> ---
> utils/mountd/v4root.c | 9 ++++++++-
> 1 files changed, 8 insertions(+), 1 deletions(-)
>
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index 708eb61..ad8a3e7 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
> exp = export_create(&eep, 0);
> if (exp == NULL)
> return NULL;
> - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
> + /*
> + * Honor the no_root_squash flag
> + */
> + if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
> + exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
> + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
> + exp->m_export.e_path, exp->m_export.e_flags);
> +
Whoops, good catch.
But the right place to put this is in set_pseudofs_security(), as
follows (untested).
Otherwise you'll run into the same problem in cases where subdirectories
have a mixture of root_squash and no_root_squash set.
--b.
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 81f813b..76bda37 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -61,6 +61,8 @@ void set_pseudofs_security(struct exportent *pseudo, struct exportent *source)
if (source->e_flags & NFSEXP_INSECURE_PORT)
pseudo->e_flags |= NFSEXP_INSECURE_PORT;
+ if (source->e_flags & NFSEXP_ROOTSQUASH == 0)
+ pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
for (se = source->e_secinfo; se->flav; se++) {
struct sec_entry *new;