Mercurial > illumos > illumos-gate
changeset 8395:62c9dba0f531
6763320 NFS Security mode access list entries must not override each other
author | Thomas Haynes <Thomas.Haynes@Sun.COM> |
---|---|
date | Wed, 17 Dec 2008 12:18:33 -0600 |
parents | cfddc4c3786c |
children | b161720f4b65 |
files | usr/src/uts/common/fs/nfs/nfs_server.c |
diffstat | 1 files changed, 4 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/uts/common/fs/nfs/nfs_server.c Wed Dec 17 10:52:43 2008 -0700 +++ b/usr/src/uts/common/fs/nfs/nfs_server.c Wed Dec 17 12:18:33 2008 -0600 @@ -2049,15 +2049,11 @@ } else if (access & NFSAUTH_WRONGSEC) { /* - * NFSAUTH_WRONGSEC is used for NFSv4. Since V2/V3 already - * negotiates the security flavor thru MOUNT protocol, the - * only way it can get NFSAUTH_WRONGSEC here is from - * NFS_ACL for V4. This could be for a limited view, so - * map it to RO access. V4 lookup/readdir will take care - * of the limited view portion. + * NFSAUTH_WRONGSEC is used for NFSv4. If we get here, + * it means a client ignored the list of allowed flavors + * returned via the MOUNT protocol. So we just disallow it! */ - access |= NFSAUTH_RO; - access &= ~NFSAUTH_WRONGSEC; + return (0); } switch (rpcflavor) {