Print this page
NEX-6673 possible NULL pointer dereference in mountd`mount
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Alex Deiter <alex.deiter@nexenta.com>
NEX-4116 mountd: The IP to name translation is usually not needed in nfsauth_access()
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
NEX-1974 Support for more than 16 groups with AUTH_SYS
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Josef 'Jeff' Sipek <josef.sipek@nexenta.com>
NEX-1128 NFS server: Generic uid and gid remapping for AUTH_SYS
Reviewed by: Jan Kryl <jan.kryl@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/fs.d/nfs/mountd/nfsauth.c
+++ new/usr/src/cmd/fs.d/nfs/mountd/nfsauth.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 - * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
24 - */
25 -
26 -/*
27 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
28 24 * Use is subject to license terms.
25 + * Copyright 2016 Nexenta Systems, Inc.
29 26 */
30 27
31 28 #include <stdio.h>
32 29 #include <stdlib.h>
33 30 #include <sys/types.h>
34 31 #include <string.h>
35 32 #include <sys/param.h>
36 33 #include <sys/stat.h>
37 34 #include <sys/file.h>
38 35 #include <sys/time.h>
39 36 #include <sys/errno.h>
40 37 #include <rpcsvc/mount.h>
41 38 #include <sys/pathconf.h>
42 39 #include <sys/systeminfo.h>
43 40 #include <sys/utsname.h>
44 41 #include <arpa/inet.h>
45 42 #include <signal.h>
46 43 #include <syslog.h>
47 44 #include <locale.h>
48 45 #include <unistd.h>
49 46 #include <thread.h>
50 47 #include <netdir.h>
51 48 #include <nfs/auth.h>
52 49 #include <sharefs/share.h>
53 50 #include <alloca.h>
54 51 #include "../lib/sharetab.h"
55 52 #include "mountd.h"
56 53
57 54 static void
58 55 nfsauth_access(auth_req *argp, auth_res *result)
59 56 {
60 57 struct netbuf nbuf;
61 58 struct share *sh;
62 59
63 60 struct cln cln;
64 61
65 62 result->auth_perm = NFSAUTH_DENIED;
66 63
67 64 nbuf.len = argp->req_client.n_len;
68 65 nbuf.buf = argp->req_client.n_bytes;
69 66
70 67 if (nbuf.len == 0 || nbuf.buf == NULL)
71 68 return;
72 69
73 70 /*
74 71 * Find the export
75 72 */
76 73 sh = findentry(argp->req_path);
77 74 if (sh == NULL) {
78 75 syslog(LOG_ERR, "%s not exported", argp->req_path);
79 76 return;
80 77 }
81 78
82 79 cln_init_lazy(&cln, argp->req_netid, &nbuf);
|
↓ open down ↓ |
44 lines elided |
↑ open up ↑ |
83 80
84 81 result->auth_perm = check_client(sh, &cln, argp->req_flavor,
85 82 argp->req_clnt_uid, argp->req_clnt_gid, argp->req_clnt_gids.len,
86 83 argp->req_clnt_gids.val, &result->auth_srv_uid,
87 84 &result->auth_srv_gid, &result->auth_srv_gids.len,
88 85 &result->auth_srv_gids.val);
89 86
90 87 sharefree(sh);
91 88
92 89 if (result->auth_perm == NFSAUTH_DENIED) {
93 - char *host = cln_gethost(&cln);
94 - if (host != NULL)
95 - syslog(LOG_ERR, "%s denied access to %s", host,
96 - argp->req_path);
90 + syslog(LOG_ERR, "%s denied access to %s", cln_gethost(&cln),
91 + argp->req_path);
97 92 }
98 93
99 94 cln_fini(&cln);
100 95 }
101 96
102 97 void
103 -nfsauth_func(void *cookie, char *dataptr, size_t arg_size,
104 - door_desc_t *dp, uint_t n_desc)
105 -
98 +nfsauth_func(void *cookie, char *dataptr, size_t arg_size, door_desc_t *dp,
99 + uint_t n_desc)
106 100 {
107 101 nfsauth_arg_t *ap;
108 102 nfsauth_res_t res = {0};
109 103 XDR xdrs_a;
110 104 XDR xdrs_r;
111 105 size_t rbsz;
112 106 caddr_t rbuf;
113 107 varg_t varg = {0};
114 108
115 109 /*
116 110 * Decode the inbound door data, so we can look at the cmd.
117 111 */
118 112 xdrmem_create(&xdrs_a, dataptr, arg_size, XDR_DECODE);
119 113 if (!xdr_varg(&xdrs_a, &varg)) {
120 114 /*
121 115 * If the arguments can't be decoded, bail.
122 116 */
123 117 if (varg.vers == V_ERROR)
124 118 syslog(LOG_ERR, gettext("Arg version mismatch"));
125 119 res.stat = NFSAUTH_DR_DECERR;
126 120 goto encres;
127 121 }
128 122
129 123 /*
130 124 * Now set the args pointer to the proper version of the args
131 125 */
132 126 switch (varg.vers) {
133 127 case V_PROTO:
134 128 ap = &varg.arg_u.arg;
135 129 break;
136 130
137 131 /* Additional arguments versions go here */
138 132
139 133 default:
140 134 syslog(LOG_ERR, gettext("Invalid args version"));
141 135 res.stat = NFSAUTH_DR_DECERR;
142 136 goto encres;
143 137 }
144 138
145 139 /*
146 140 * Call the specified cmd
147 141 */
148 142 switch (ap->cmd) {
149 143 case NFSAUTH_ACCESS:
150 144 nfsauth_access(&ap->areq, &res.ares);
151 145 res.stat = NFSAUTH_DR_OKAY;
152 146 break;
153 147 default:
154 148 res.stat = NFSAUTH_DR_BADCMD;
155 149 break;
156 150 }
157 151
158 152 encres:
159 153 /*
160 154 * Free space used to decode the args
161 155 */
162 156 xdr_free(xdr_varg, (char *)&varg);
163 157 xdr_destroy(&xdrs_a);
164 158
165 159 /*
166 160 * Encode the results before passing thru door.
167 161 */
168 162 rbsz = xdr_sizeof(xdr_nfsauth_res, &res);
169 163 if (rbsz == 0)
170 164 goto failed;
171 165 rbuf = alloca(rbsz);
172 166
173 167 xdrmem_create(&xdrs_r, rbuf, rbsz, XDR_ENCODE);
174 168 if (!xdr_nfsauth_res(&xdrs_r, &res)) {
175 169 xdr_destroy(&xdrs_r);
176 170 failed:
177 171 xdr_free(xdr_nfsauth_res, (char *)&res);
178 172 /*
179 173 * return only the status code
180 174 */
181 175 res.stat = NFSAUTH_DR_EFAIL;
182 176 rbsz = sizeof (uint_t);
183 177 rbuf = (caddr_t)&res.stat;
184 178
185 179 goto out;
186 180 }
187 181 xdr_destroy(&xdrs_r);
188 182 xdr_free(xdr_nfsauth_res, (char *)&res);
189 183
190 184 out:
191 185 (void) door_return((char *)rbuf, rbsz, NULL, 0);
192 186 (void) door_return(NULL, 0, NULL, 0);
193 187 /* NOTREACHED */
194 188 }
|
↓ open down ↓ |
79 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX