> On Jun 14, 2018, at 9:52 AM, bfields@xxxxxxxxxxxx wrote:
>
> From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
>
> Kinglong Mee noted that the loop in seicnfo_addflavor (which sets the
> security flavors allowed on the v4 pseudoroot) was adding flavors 1 and
> 0 twice; this is because flav_map ends with these entries:
>
> { "unix", AUTH_UNIX },
> { "sys", AUTH_SYS },
> { "null", AUTH_NULL },
> { "none", AUTH_NONE },
>
> where AUTH_UNIX == AUTH_SYS == 1 and AUTH_NULL == AUTH_NONE == 1.
Hi Bruce, patch description may be incorrect: NULL and NONE should be 0.
> We
> need to allow two names for each of those two security flavors for
> historical reasons.
>
> The patch correctly fixed this by fixing the check for a duplicate
> flavor number in secinfo_addflavor(). However it also went one step
> further and rejected the flavor number 0. This is unnecessary and
> causes the kernel to fail any NFSv4 mounts using AUTH_NULL.
>
> The fact that we've apparently gone a few years without anyone noticing
> this suggests AUTH_NULL isn't used very much! Still, this should be
> fixed....
>
> Fixes: e69eaaf93626
> Cc: Kinglong Mee <kinglongmee@xxxxxxxxx>
> Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
> ---
> utils/mountd/v4root.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index d735dbfe192d..c93bd4db51c8 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -69,9 +69,6 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
> for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
> struct sec_entry *new;
>
> - if (!flav->fnum)
> - continue;
> -
> i = secinfo_addflavor(flav, pseudo);
> new = &pseudo->e_secinfo[i];
>
> --
> 2.17.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Chuck Lever
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
