Apply default security flavor in vfs_export

There may be some version of mountd out there that does not supply a default
security flavor when none is given for an export.

Set the default security flavor in vfs_export if none is given, and remove the
workaround for oexport compat.

Reported by:	npn
Reviewed by:	rmacklem
Approved by:	mav (mentor)
MFC after:	3 days
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D25300
This commit is contained in:
freqlabs 2020-06-16 21:30:30 +00:00
parent 964866bc61
commit 589bc61c67
2 changed files with 8 additions and 6 deletions

View File

@ -61,6 +61,9 @@ __FBSDID("$FreeBSD$");
#include <netinet/in.h> #include <netinet/in.h>
#include <net/radix.h> #include <net/radix.h>
#include <rpc/types.h>
#include <rpc/auth.h>
static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure"); static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure");
#if defined(INET) || defined(INET6) #if defined(INET) || defined(INET6)
@ -303,7 +306,7 @@ vfs_export(struct mount *mp, struct export_args *argp)
return (EINVAL); return (EINVAL);
if ((argp->ex_flags & MNT_EXPORTED) != 0 && if ((argp->ex_flags & MNT_EXPORTED) != 0 &&
(argp->ex_numsecflavors <= 0 (argp->ex_numsecflavors < 0
|| argp->ex_numsecflavors >= MAXSECFLAVORS)) || argp->ex_numsecflavors >= MAXSECFLAVORS))
return (EINVAL); return (EINVAL);
@ -341,6 +344,10 @@ vfs_export(struct mount *mp, struct export_args *argp)
mp->mnt_flag |= MNT_EXPUBLIC; mp->mnt_flag |= MNT_EXPUBLIC;
MNT_IUNLOCK(mp); MNT_IUNLOCK(mp);
} }
if (argp->ex_numsecflavors == 0) {
argp->ex_numsecflavors = 1;
argp->ex_secflavors[0] = AUTH_SYS;
}
if ((error = vfs_hang_addrlist(mp, nep, argp))) if ((error = vfs_hang_addrlist(mp, nep, argp)))
goto out; goto out;
MNT_ILOCK(mp); MNT_ILOCK(mp);

View File

@ -70,9 +70,6 @@ __FBSDID("$FreeBSD$");
#include <machine/stdarg.h> #include <machine/stdarg.h>
#include <rpc/types.h>
#include <rpc/auth.h>
#include <security/audit/audit.h> #include <security/audit/audit.h>
#include <security/mac/mac_framework.h> #include <security/mac/mac_framework.h>
@ -1131,8 +1128,6 @@ vfs_domount_update(
switch (len) { switch (len) {
case (sizeof(struct oexport_args)): case (sizeof(struct oexport_args)):
bzero(&o2export, sizeof(o2export)); bzero(&o2export, sizeof(o2export));
o2export.ex_numsecflavors = 1;
o2export.ex_secflavors[0] = AUTH_SYS;
/* FALLTHROUGH */ /* FALLTHROUGH */
case (sizeof(o2export)): case (sizeof(o2export)):
bcopy(bufp, &o2export, len); bcopy(bufp, &o2export, len);