diff options
author | araujo <araujo@FreeBSD.org> | 2014-10-31 04:01:10 +0000 |
---|---|---|
committer | araujo <araujo@FreeBSD.org> | 2014-10-31 04:01:10 +0000 |
commit | 7081823e484590bd0cfb622171f9c4b8e7a270d6 (patch) | |
tree | 93acd47b6fd0aea217ab7d55a7da952bb2e95bd0 /sys/fs | |
parent | 33d2961d9afe58f2ae3f480ed0e9b9860aec5f36 (diff) | |
download | FreeBSD-src-7081823e484590bd0cfb622171f9c4b8e7a270d6.zip FreeBSD-src-7081823e484590bd0cfb622171f9c4b8e7a270d6.tar.gz |
MFC r273159:
Add two sysctl(8) to enable/disable NFSv4 server to check when setting
user nobody and/or setting group nogroup as owner of a file or directory.
Usually at the client side, if there is an username that is not in the
client's passwd database, some clients will send 'nobody@<your.dns.domain>'
in the wire and the NFSv4 server will treat it as an ERROR.
However, if you have a valid user nobody in your passwd database,
the NFSv4 server will treat it as a NFSERR_BADOWNER as its believes the
client doesn't has the username mapped.
Submitted by: Loic Blot <loic.blot@unix-experience.fr>
Reviewed by: rmacklem
Approved by: rmacklem
Sponsored by: QNAP Systems Inc.
Diffstat (limited to 'sys/fs')
-rw-r--r-- | sys/fs/nfsserver/nfs_nfsdsubs.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c b/sys/fs/nfsserver/nfs_nfsdsubs.c index de496db..72408b4 100644 --- a/sys/fs/nfsserver/nfs_nfsdsubs.c +++ b/sys/fs/nfsserver/nfs_nfsdsubs.c @@ -66,6 +66,16 @@ SYSCTL_INT(_vfs_nfsd, OID_AUTO, disable_checkutf8, CTLFLAG_RW, &disable_checkutf8, 0, "Disable the NFSv4 check for a UTF8 compliant name"); +static int enable_nobodycheck = 1; +SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nobodycheck, CTLFLAG_RW, + &enable_nobodycheck, 0, + "Enable the NFSv4 check when setting user nobody as owner"); + +static int enable_nogroupcheck = 1; +SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nogroupcheck, CTLFLAG_RW, + &enable_nogroupcheck, 0, + "Enable the NFSv4 check when setting group nogroup as owner"); + static char nfsrv_hexdigit(char, int *); /* @@ -1543,8 +1553,10 @@ nfsrv_checkuidgid(struct nfsrv_descript *nd, struct nfsvattr *nvap) */ if (NFSVNO_NOTSETUID(nvap) && NFSVNO_NOTSETGID(nvap)) goto out; - if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid) - || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid)) { + if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid && + enable_nobodycheck == 1) + || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid && + enable_nogroupcheck == 1)) { error = NFSERR_BADOWNER; goto out; } |