upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-12 10:10:24 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

nfs: Fallback to GID_NOGROUP on no groups

Browse source 
We cannot unconditionally access nfsd's VNET variables in
'sys/kern/vfs_export.c' nor 'sys/fs/nfsserver/nfs_nfsdsubs.c', as they
may not have been compiled in depending on build options.

So, forget about the extra mile of using the configured default group
and use the hardcoded GID_NOGROUP (which differs only on systems running
nfsuserd(8) and with a non-default GID for their "nogroup" group).

Reported by:    rpokala, bapt (MINIMAL compile breakup)
Reported by:    cy, David Wolfskill (panics caused by mountd(8))
Approved by:    markj (mentor)
Fixes:          cfbe7a62dc ("nfs, rpc: Ensure kernel credentials have at least one group")
This commit is contained in:
Olivier Certner 2024-11-03 11:26:37 +01:00
parent 518a1163d0
commit 5169d4307e
No known key found for this signature in database
GPG key ID: 8CA13040971E2627
3 changed files with 5 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
sys/fs/nfs/nfs_commonport.c
View file

@ -75,7 +75,6 @@ NFSD_VNET_DEFINE(struct nfsstatsv1 *, nfsstatsv1_p);
NFSD_VNET_DECLARE(struct nfssockreq, nfsrv_nfsuserdsock);
NFSD_VNET_DECLARE(nfsuserd_state, nfsrv_nfsuserd);
NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid);
int nfs_pnfsio(task_fn_t *, void *);
@ -260,7 +259,7 @@ newnfs_copycred(struct nfscred *nfscr, struct ucred *cr)
("newnfs_copycred: negative nfsc_ngroups"));
cr->cr_uid = nfscr->nfsc_uid;
crsetgroups_fallback(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups,
NFSD_VNET(nfsrv_defaultgid));
GID_NOGROUP);
}
/*

2
sys/fs/nfs/nfs_commonsubs.c
View file

@ -4052,7 +4052,7 @@ nfssvc_idname(struct nfsd_idargs *nidp)
cr = crget();
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid;
crsetgroups_fallback(cr, nidp->nid_ngroup, grps,
NFSD_VNET(nfsrv_defaultgid));
GID_NOGROUP);
cr->cr_rgid = cr->cr_svgid = cr->cr_gid;
cr->cr_prison = curthread->td_ucred->cr_prison;
prison_hold(cr->cr_prison);

9
sys/kern/vfs_export.c
View file

@ -40,6 +40,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/dirent.h>
#include <sys/jail.h>
#include <sys/kernel.h>
@ -61,10 +62,6 @@
#include <rpc/types.h>
#include <rpc/auth.h>
#include <fs/nfs/nfsport.h>
NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid);
static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure");
#if defined(INET) || defined(INET6)
@ -138,7 +135,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
np->netc_anon = crget();
np->netc_anon->cr_uid = argp->ex_uid;
crsetgroups_fallback(np->netc_anon, argp->ex_ngroups,
argp->ex_groups, NFSD_VNET(nfsrv_defaultgid));
argp->ex_groups, GID_NOGROUP);
np->netc_anon->cr_prison = &prison0;
prison_hold(np->netc_anon->cr_prison);
np->netc_numsecflavors = argp->ex_numsecflavors;
@ -217,7 +214,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
np->netc_anon = crget();
np->netc_anon->cr_uid = argp->ex_uid;
crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, argp->ex_groups,
NFSD_VNET(nfsrv_defaultgid));
GID_NOGROUP);
np->netc_anon->cr_prison = &prison0;
prison_hold(np->netc_anon->cr_prison);
np->netc_numsecflavors = argp->ex_numsecflavors;