linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] Reallow AUTH_NULL on v4 mounts.
@ 2018-06-14 13:52 J. Bruce Fields
  2018-06-14 14:21 ` Chuck Lever
  0 siblings, 1 reply; 3+ messages in thread
From: J. Bruce Fields @ 2018-06-14 13:52 UTC (permalink / raw)
  To: steved; +Cc: linux-nfs, kinglongmee

From: "J. Bruce Fields" <bfields@redhat.com>

Kinglong Mee noted that the loop in seicnfo_addflavor (which sets the
security flavors allowed on the v4 pseudoroot) was adding flavors 1 and
0 twice; this is because flav_map ends with these entries:

	{ "unix",       AUTH_UNIX               },
        { "sys",        AUTH_SYS                },
        { "null",       AUTH_NULL               },
        { "none",       AUTH_NONE               },

where AUTH_UNIX == AUTH_SYS == 1 and AUTH_NULL == AUTH_NONE == 1.  We
need to allow two names for each of those two security flavors for
historical reasons.

The patch correctly fixed this by fixing the check for a duplicate
flavor number in secinfo_addflavor().  However it also went one step
further and rejected the flavor number 0.  This is unnecessary and
causes the kernel to fail any NFSv4 mounts using AUTH_NULL.

The fact that we've apparently gone a few years without anyone noticing
this suggests AUTH_NULL isn't used very much!  Still, this should be
fixed....

Fixes: e69eaaf93626
Cc: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
 utils/mountd/v4root.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index d735dbfe192d..c93bd4db51c8 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -69,9 +69,6 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
 	for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
 		struct sec_entry *new;
 
-		if (!flav->fnum)
-			continue;
-
 		i = secinfo_addflavor(flav, pseudo);
 		new = &pseudo->e_secinfo[i];
 
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] Reallow AUTH_NULL on v4 mounts.
  2018-06-14 13:52 [PATCH] Reallow AUTH_NULL on v4 mounts J. Bruce Fields
@ 2018-06-14 14:21 ` Chuck Lever
  2018-06-14 14:33   ` Bruce Fields
  0 siblings, 1 reply; 3+ messages in thread
From: Chuck Lever @ 2018-06-14 14:21 UTC (permalink / raw)
  To: Bruce Fields; +Cc: Steve Dickson, Linux NFS Mailing List, kinglongmee



> On Jun 14, 2018, at 9:52 AM, bfields@fieldses.org wrote:
>=20
> From: "J. Bruce Fields" <bfields@redhat.com>
>=20
> Kinglong Mee noted that the loop in seicnfo_addflavor (which sets the
> security flavors allowed on the v4 pseudoroot) was adding flavors 1 =
and
> 0 twice; this is because flav_map ends with these entries:
>=20
> 	{ "unix",       AUTH_UNIX               },
>        { "sys",        AUTH_SYS                },
>        { "null",       AUTH_NULL               },
>        { "none",       AUTH_NONE               },
>=20
> where AUTH_UNIX =3D=3D AUTH_SYS =3D=3D 1 and AUTH_NULL =3D=3D =
AUTH_NONE =3D=3D 1.

Hi Bruce, patch description may be incorrect: NULL and NONE should be 0.

> We
> need to allow two names for each of those two security flavors for
> historical reasons.
>=20
> The patch correctly fixed this by fixing the check for a duplicate
> flavor number in secinfo_addflavor().  However it also went one step
> further and rejected the flavor number 0.  This is unnecessary and
> causes the kernel to fail any NFSv4 mounts using AUTH_NULL.
>=20
> The fact that we've apparently gone a few years without anyone =
noticing
> this suggests AUTH_NULL isn't used very much!  Still, this should be
> fixed....
>=20
> Fixes: e69eaaf93626
> Cc: Kinglong Mee <kinglongmee@gmail.com>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> ---
> utils/mountd/v4root.c | 3 ---
> 1 file changed, 3 deletions(-)
>=20
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index d735dbfe192d..c93bd4db51c8 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -69,9 +69,6 @@ set_pseudofs_security(struct exportent *pseudo, int =
flags)
> 	for (flav =3D flav_map; flav < flav_map + flav_map_size; flav++) =
{
> 		struct sec_entry *new;
>=20
> -		if (!flav->fnum)
> -			continue;
> -
> 		i =3D secinfo_addflavor(flav, pseudo);
> 		new =3D &pseudo->e_secinfo[i];
>=20
> --=20
> 2.17.1
>=20
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" =
in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
Chuck Lever




^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] Reallow AUTH_NULL on v4 mounts.
  2018-06-14 14:21 ` Chuck Lever
@ 2018-06-14 14:33   ` Bruce Fields
  0 siblings, 0 replies; 3+ messages in thread
From: Bruce Fields @ 2018-06-14 14:33 UTC (permalink / raw)
  To: Chuck Lever; +Cc: Steve Dickson, Linux NFS Mailing List, kinglongmee

On Thu, Jun 14, 2018 at 10:21:39AM -0400, Chuck Lever wrote:
> 
> 
> > On Jun 14, 2018, at 9:52 AM, bfields@fieldses.org wrote:
> > 
> > From: "J. Bruce Fields" <bfields@redhat.com>
> > 
> > Kinglong Mee noted that the loop in seicnfo_addflavor (which sets the
> > security flavors allowed on the v4 pseudoroot) was adding flavors 1 and
> > 0 twice; this is because flav_map ends with these entries:
> > 
> > 	{ "unix",       AUTH_UNIX               },
> >        { "sys",        AUTH_SYS                },
> >        { "null",       AUTH_NULL               },
> >        { "none",       AUTH_NONE               },
> > 
> > where AUTH_UNIX == AUTH_SYS == 1 and AUTH_NULL == AUTH_NONE == 1.
> 
> Hi Bruce, patch description may be incorrect: NULL and NONE should be 0.

Yes, thanks!  Steve, let me know if you want me to resend or correct the
typo yourself.--b.

> 
> > We
> > need to allow two names for each of those two security flavors for
> > historical reasons.
> > 
> > The patch correctly fixed this by fixing the check for a duplicate
> > flavor number in secinfo_addflavor().  However it also went one step
> > further and rejected the flavor number 0.  This is unnecessary and
> > causes the kernel to fail any NFSv4 mounts using AUTH_NULL.
> > 
> > The fact that we've apparently gone a few years without anyone noticing
> > this suggests AUTH_NULL isn't used very much!  Still, this should be
> > fixed....
> > 
> > Fixes: e69eaaf93626
> > Cc: Kinglong Mee <kinglongmee@gmail.com>
> > Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> > ---
> > utils/mountd/v4root.c | 3 ---
> > 1 file changed, 3 deletions(-)
> > 
> > diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> > index d735dbfe192d..c93bd4db51c8 100644
> > --- a/utils/mountd/v4root.c
> > +++ b/utils/mountd/v4root.c
> > @@ -69,9 +69,6 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
> > 	for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
> > 		struct sec_entry *new;
> > 
> > -		if (!flav->fnum)
> > -			continue;
> > -
> > 		i = secinfo_addflavor(flav, pseudo);
> > 		new = &pseudo->e_secinfo[i];
> > 
> > -- 
> > 2.17.1
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> --
> Chuck Lever
> 
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-06-14 14:33 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-14 13:52 [PATCH] Reallow AUTH_NULL on v4 mounts J. Bruce Fields
2018-06-14 14:21 ` Chuck Lever
2018-06-14 14:33   ` Bruce Fields

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).