Mercurial > illumos > illumos-gate

changeset 8395:62c9dba0f531

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6763320 NFS Security mode access list entries must not override each other
author Thomas Haynes <Thomas.Haynes@Sun.COM>
date Wed, 17 Dec 2008 12:18:33 -0600
parents cfddc4c3786c
children b161720f4b65
files usr/src/uts/common/fs/nfs/nfs_server.c
diffstat 1 files changed, 4 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/uts/common/fs/nfs/nfs_server.c	Wed Dec 17 10:52:43 2008 -0700
+++ b/usr/src/uts/common/fs/nfs/nfs_server.c	Wed Dec 17 12:18:33 2008 -0600
@@ -2049,15 +2049,11 @@
 
 	} else if (access & NFSAUTH_WRONGSEC) {
 		/*
-		 * NFSAUTH_WRONGSEC is used for NFSv4. Since V2/V3 already
-		 * negotiates the security flavor thru MOUNT protocol, the
-		 * only way it can get NFSAUTH_WRONGSEC here is from
-		 * NFS_ACL for V4. This could be for a limited view, so
-		 * map it to RO access. V4 lookup/readdir will take care
-		 * of the limited view portion.
+		 * NFSAUTH_WRONGSEC is used for NFSv4. If we get here,
+		 * it means a client ignored the list of allowed flavors
+		 * returned via the MOUNT protocol. So we just disallow it!
 		 */
-		access |= NFSAUTH_RO;
-		access &= ~NFSAUTH_WRONGSEC;
+		return (0);
 	}
 
 	switch (rpcflavor) {