summaryrefslogtreecommitdiffstats
path: root/xlators/nfs/server
diff options
context:
space:
mode:
authorSantosh Kumar Pradhan <spradhan@redhat.com>2014-01-07 14:22:03 +0530
committerVijay Bellur <vbellur@redhat.com>2014-01-08 03:54:06 -0800
commita1e26be05c7b344dc8e7f980d0a6ab00695f2f42 (patch)
tree26049e21f54a8675e65d6b4910450992899a864f /xlators/nfs/server
parent1e4f2d08f102e9fc1e27ffb5608d4b45c11e0b55 (diff)
gNFS: mnt3_find_export() by pass AUTH check
NFS subdir mount does not respect nfs.rpc-auth-reject option in the volume. If the volume is being mounted, then it would validate the AUTH by mnt3_check_client_net() but if the client is mounting a subdir, the control takes a different code path i.e. mnt3_find_export() which does not bother about the AUTH. FIX: Enforce the AUTH check in mnt3_parse_dir_exports() which is invoked by mnt3_find_export() for subdir mount. Change-Id: I6fdd3e6bd6cbd32b0d9ca620cc4c30fdaff9ca30 BUG: 1049225 Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-on: http://review.gluster.org/6655 Reviewed-by: Niels de Vos <ndevos@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/nfs/server')
-rw-r--r--xlators/nfs/server/src/mount3.c50
1 files changed, 36 insertions, 14 deletions
diff --git a/xlators/nfs/server/src/mount3.c b/xlators/nfs/server/src/mount3.c
index b0824bf1029..e8623552227 100644
--- a/xlators/nfs/server/src/mount3.c
+++ b/xlators/nfs/server/src/mount3.c
@@ -1318,7 +1318,8 @@ mnt3_parse_dir_exports (rpcsvc_request_t *req, struct mount3_state *ms,
char volname[1024];
struct mnt3_export *exp = NULL;
char *volname_ptr = NULL;
- int ret = -1;
+ int ret = -ENOENT;
+ struct nfs_state *nfs = NULL;
if ((!ms) || (!subdir))
return -1;
@@ -1332,10 +1333,26 @@ mnt3_parse_dir_exports (rpcsvc_request_t *req, struct mount3_state *ms,
if (!exp)
goto err;
+ nfs = (struct nfs_state *)ms->nfsx->private;
+ if (!nfs)
+ goto err;
+
+ if (!nfs_subvolume_started (nfs, exp->vol)) {
+ gf_log (GF_MNT, GF_LOG_DEBUG,
+ "Volume %s not started", exp->vol->name);
+ goto err;
+ }
+
+ if (mnt3_check_client_net (ms, req, exp->vol) == RPCSVC_AUTH_REJECT) {
+ gf_log (GF_MNT, GF_LOG_DEBUG, "Client mount not allowed");
+ ret = -EACCES;
+ goto err;
+ }
+
ret = mnt3_resolve_subdir (req, ms, exp, subdir);
if (ret < 0) {
- gf_log (GF_MNT, GF_LOG_ERROR, "Failed to resolve export dir: %s"
- , subdir);
+ gf_log (GF_MNT, GF_LOG_ERROR,
+ "Failed to resolve export dir: %s", subdir);
goto err;
}
@@ -1375,10 +1392,6 @@ mnt3_find_export (rpcsvc_request_t *req, char *path, struct mnt3_export **e)
}
ret = mnt3_parse_dir_exports (req, ms, path);
- if (ret == 0) {
- ret = -2;
- goto err;
- }
err:
return ret;
@@ -1416,17 +1429,26 @@ mnt3svc_mnt (rpcsvc_request_t *req)
goto rpcerr;
}
- ret = 0;
nfs = (struct nfs_state *)ms->nfsx->private;
gf_log (GF_MNT, GF_LOG_DEBUG, "dirpath: %s", path);
ret = mnt3_find_export (req, path, &exp);
- if (ret == -2) {
- ret = 0;
- goto rpcerr;
- } else if (ret < 0) {
- ret = -1;
- mntstat = MNT3ERR_NOENT;
+ if (ret < 0) {
+ mntstat = mnt3svc_errno_to_mnterr (-ret);
goto mnterr;
+ } else if (!exp) {
+ /*
+ * SPECIAL CASE: exp is NULL if "path" is subdir in
+ * call to mnt3_find_export().
+ *
+ * This is subdir mount, we are already DONE!
+ * nfs_subvolume_started() and mnt3_check_client_net()
+ * validation are done in mnt3_parse_dir_exports()
+ * which is invoked through mnt3_find_export().
+ *
+ * TODO: All mount should happen thorugh mnt3svc_mount()
+ * It needs more clean up.
+ */
+ return (0);
}
if (!nfs_subvolume_started (nfs, exp->vol)) {