Re: Please try knfsd-981014

H.J. Lu (hjl@lucon.org)
Fri, 16 Oct 1998 21:47:07 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Keith Owens: "Re: Bad Header? (2.1.125)"
Previous message: Linus Torvalds: "Re: eepro100 1.0.3 patch"

> HJ,
>
> Is it possible to treat NFSPROC_NULL disjointly from the other services
> for authentication? I'll take a look at the code this weekend, but you
> have spent much more time in there than I.
>

Could you please try this patch?

Thanks.

-- 
H.J. Lu (hjl@gnu.org)
----
Index: fs/nfsd/nfssvc.c
===================================================================
RCS file: /home/work/cvs/linux/linux/fs/nfsd/nfssvc.c,v
retrieving revision 1.4
diff -u -p -r1.4 nfssvc.c
--- fs/nfsd/nfssvc.c	1998/09/10 15:45:15	1.4
+++ fs/nfsd/nfssvc.c	1998/10/17 04:42:58
@@ -93,6 +93,8 @@ nfsd(struct svc_rqst *rqstp)
 	exit_mm(current);
 	current->session = 1;
 	current->pgrp = 1;
+	/* Let svc_process check client's authentication. */
+	rqstp->rq_auth = 1;
 	sprintf(current->comm, "nfsd");
 
 	oldumask = current->fs->umask;		/* Set umask to 0.  */
@@ -127,22 +129,13 @@ nfsd(struct svc_rqst *rqstp)
 		 * port probes on port 2049 by unauthorized clients.
 		 */
 		rqstp->rq_client = exp_getclient(&rqstp->rq_addr);
-		if (!rqstp->rq_client) {
-			printk(KERN_WARNING "nfsd: unauthenticated request "
-				"from (%08lx:%d)\n",
-				ntohl(rqstp->rq_addr.sin_addr.s_addr),
-				ntohs(rqstp->rq_addr.sin_port));
-			svc_drop(rqstp);
-			serv->sv_stats->rpcbadclnt++;
-		} else {
-			/* Process request with signals blocked.  */
-			spin_lock_irq(&current->sigmask_lock);
-			siginitsetinv(&current->blocked, ALLOWED_SIGS);
-			recalc_sigpending(current);
-			spin_unlock_irq(&current->sigmask_lock);
-			
-			svc_process(serv, rqstp);
-		}
+		/* Process request with signals blocked.  */
+		spin_lock_irq(&current->sigmask_lock);
+		siginitsetinv(&current->blocked, ALLOWED_SIGS);
+		recalc_sigpending(current);
+		spin_unlock_irq(&current->sigmask_lock);
+
+		svc_process(serv, rqstp);
 
 		/* Unlock export hash tables */
 		exp_unlock();
Index: net/sunrpc/svc.c
===================================================================
RCS file: /home/work/cvs/linux/linux/net/sunrpc/svc.c,v
retrieving revision 1.1.1.4
diff -u -p -r1.1.1.4 svc.c
--- net/sunrpc/svc.c	1998/01/09 17:59:27	1.1.1.4
+++ net/sunrpc/svc.c	1998/10/17 04:42:58
@@ -244,6 +244,12 @@ svc_process(struct svc_serv *serv, struc
 	argp->buf += 5;
 	argp->len -= 5;
 
+	/* Used by nfsd to only allow the NULL procedure for amd. */
+	if (rqstp->rq_auth && !rqstp->rq_client && proc) {
+		auth_stat = rpc_autherr_badcred;
+		goto err_bad_auth;
+	}
+
 	/*
 	 * Decode auth data, and add verifier to reply buffer.
 	 * We do this before anything else in order to get a decent
Index: include/linux/sunrpc/svc.h
===================================================================
RCS file: /home/work/cvs/linux/linux/include/linux/sunrpc/svc.h,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 svc.h
--- include/linux/sunrpc/svc.h	1997/04/20 00:24:23	1.1.1.1
+++ include/linux/sunrpc/svc.h	1998/10/17 04:42:58
@@ -106,7 +106,8 @@ struct svc_rqst {
 	u32			rq_prot;	/* IP protocol */
 	unsigned short		rq_verfed  : 1,	/* reply has verifier */
 				rq_userset : 1,	/* auth->setuser OK */
-				rq_secure  : 1;	/* secure port */
+				rq_secure  : 1,	/* secure port */
+				rq_auth    : 1;	/* check client */
 
 	void *			rq_argp;	/* decoded arguments */
 	void *			rq_resp;	/* xdr'd results */

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Keith Owens: "Re: Bad Header? (2.1.125)"
Previous message: Linus Torvalds: "Re: eepro100 1.0.3 patch"