nfsd: let "insecure" flag vary by pseudoflavor
This was an oversight; it should be among the export flags that can be allowed to vary by pseudoflavor. This allows an administrator to (for example) allow auth_sys mounts only from low ports, but allow auth_krb5 mounts to use any port. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
This commit is contained in:
parent
e8e8753f7a
commit
12045a6ee9
@ -88,8 +88,10 @@ nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, int type)
|
||||
static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
|
||||
struct svc_export *exp)
|
||||
{
|
||||
int flags = nfsexp_flags(rqstp, exp);
|
||||
|
||||
/* Check if the request originated from a secure port. */
|
||||
if (!rqstp->rq_secure && EX_SECURE(exp)) {
|
||||
if (!rqstp->rq_secure && (flags & NFSEXP_INSECURE_PORT)) {
|
||||
RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
|
||||
dprintk(KERN_WARNING
|
||||
"nfsd: request from insecure port %s!\n",
|
||||
|
@ -44,7 +44,8 @@
|
||||
|
||||
/* The flags that may vary depending on security flavor: */
|
||||
#define NFSEXP_SECINFO_FLAGS (NFSEXP_READONLY | NFSEXP_ROOTSQUASH \
|
||||
| NFSEXP_ALLSQUASH)
|
||||
| NFSEXP_ALLSQUASH \
|
||||
| NFSEXP_INSECURE_PORT)
|
||||
|
||||
#ifdef __KERNEL__
|
||||
|
||||
@ -109,7 +110,6 @@ struct svc_expkey {
|
||||
struct path ek_path;
|
||||
};
|
||||
|
||||
#define EX_SECURE(exp) (!((exp)->ex_flags & NFSEXP_INSECURE_PORT))
|
||||
#define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC))
|
||||
#define EX_NOHIDE(exp) ((exp)->ex_flags & NFSEXP_NOHIDE)
|
||||
#define EX_WGATHER(exp) ((exp)->ex_flags & NFSEXP_GATHERED_WRITES)
|
||||
|
Loading…
Reference in New Issue
Block a user