From: "J. Bruce Fields" <[email protected]>
Kinglong Mee noted that the loop in seicnfo_addflavor (which sets the
security flavors allowed on the v4 pseudoroot) was adding flavors 1 and
0 twice; this is because flav_map ends with these entries:
{ "unix", AUTH_UNIX },
{ "sys", AUTH_SYS },
{ "null", AUTH_NULL },
{ "none", AUTH_NONE },
where AUTH_UNIX == AUTH_SYS == 1 and AUTH_NULL == AUTH_NONE == 1. We
need to allow two names for each of those two security flavors for
historical reasons.
The patch correctly fixed this by fixing the check for a duplicate
flavor number in secinfo_addflavor(). However it also went one step
further and rejected the flavor number 0. This is unnecessary and
causes the kernel to fail any NFSv4 mounts using AUTH_NULL.
The fact that we've apparently gone a few years without anyone noticing
this suggests AUTH_NULL isn't used very much! Still, this should be
fixed....
Fixes: e69eaaf93626
Cc: Kinglong Mee <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
---
utils/mountd/v4root.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index d735dbfe192d..c93bd4db51c8 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -69,9 +69,6 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
struct sec_entry *new;
- if (!flav->fnum)
- continue;
-
i = secinfo_addflavor(flav, pseudo);
new = &pseudo->e_secinfo[i];
--
2.17.1
> On Jun 14, 2018, at 9:52 AM, [email protected] wrote:
>=20
> From: "J. Bruce Fields" <[email protected]>
>=20
> Kinglong Mee noted that the loop in seicnfo_addflavor (which sets the
> security flavors allowed on the v4 pseudoroot) was adding flavors 1 =
and
> 0 twice; this is because flav_map ends with these entries:
>=20
> { "unix", AUTH_UNIX },
> { "sys", AUTH_SYS },
> { "null", AUTH_NULL },
> { "none", AUTH_NONE },
>=20
> where AUTH_UNIX =3D=3D AUTH_SYS =3D=3D 1 and AUTH_NULL =3D=3D =
AUTH_NONE =3D=3D 1.
Hi Bruce, patch description may be incorrect: NULL and NONE should be 0.
> We
> need to allow two names for each of those two security flavors for
> historical reasons.
>=20
> The patch correctly fixed this by fixing the check for a duplicate
> flavor number in secinfo_addflavor(). However it also went one step
> further and rejected the flavor number 0. This is unnecessary and
> causes the kernel to fail any NFSv4 mounts using AUTH_NULL.
>=20
> The fact that we've apparently gone a few years without anyone =
noticing
> this suggests AUTH_NULL isn't used very much! Still, this should be
> fixed....
>=20
> Fixes: e69eaaf93626
> Cc: Kinglong Mee <[email protected]>
> Signed-off-by: J. Bruce Fields <[email protected]>
> ---
> utils/mountd/v4root.c | 3 ---
> 1 file changed, 3 deletions(-)
>=20
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index d735dbfe192d..c93bd4db51c8 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -69,9 +69,6 @@ set_pseudofs_security(struct exportent *pseudo, int =
flags)
> for (flav =3D flav_map; flav < flav_map + flav_map_size; flav++) =
{
> struct sec_entry *new;
>=20
> - if (!flav->fnum)
> - continue;
> -
> i =3D secinfo_addflavor(flav, pseudo);
> new =3D &pseudo->e_secinfo[i];
>=20
> --=20
> 2.17.1
>=20
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" =
in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Chuck Lever
On Thu, Jun 14, 2018 at 10:21:39AM -0400, Chuck Lever wrote:
>
>
> > On Jun 14, 2018, at 9:52 AM, [email protected] wrote:
> >
> > From: "J. Bruce Fields" <[email protected]>
> >
> > Kinglong Mee noted that the loop in seicnfo_addflavor (which sets the
> > security flavors allowed on the v4 pseudoroot) was adding flavors 1 and
> > 0 twice; this is because flav_map ends with these entries:
> >
> > { "unix", AUTH_UNIX },
> > { "sys", AUTH_SYS },
> > { "null", AUTH_NULL },
> > { "none", AUTH_NONE },
> >
> > where AUTH_UNIX == AUTH_SYS == 1 and AUTH_NULL == AUTH_NONE == 1.
>
> Hi Bruce, patch description may be incorrect: NULL and NONE should be 0.
Yes, thanks! Steve, let me know if you want me to resend or correct the
typo yourself.--b.
>
> > We
> > need to allow two names for each of those two security flavors for
> > historical reasons.
> >
> > The patch correctly fixed this by fixing the check for a duplicate
> > flavor number in secinfo_addflavor(). However it also went one step
> > further and rejected the flavor number 0. This is unnecessary and
> > causes the kernel to fail any NFSv4 mounts using AUTH_NULL.
> >
> > The fact that we've apparently gone a few years without anyone noticing
> > this suggests AUTH_NULL isn't used very much! Still, this should be
> > fixed....
> >
> > Fixes: e69eaaf93626
> > Cc: Kinglong Mee <[email protected]>
> > Signed-off-by: J. Bruce Fields <[email protected]>
> > ---
> > utils/mountd/v4root.c | 3 ---
> > 1 file changed, 3 deletions(-)
> >
> > diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> > index d735dbfe192d..c93bd4db51c8 100644
> > --- a/utils/mountd/v4root.c
> > +++ b/utils/mountd/v4root.c
> > @@ -69,9 +69,6 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
> > for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
> > struct sec_entry *new;
> >
> > - if (!flav->fnum)
> > - continue;
> > -
> > i = secinfo_addflavor(flav, pseudo);
> > new = &pseudo->e_secinfo[i];
> >
> > --
> > 2.17.1
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> > the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> --
> Chuck Lever
>
>