From e304f48fa262e5cdbe181fb3fee5dfb9c893108c Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Thu, 6 Jul 2017 17:04:17 +0200 Subject: nfs: add permission checking for mounting over WebNFS Solaris 10 uses WebNFS and not the MOUNT protocol. All permission checks for allowing/denying clients to mount are done through the MNT handlers. These handlers will not give out a filehandle to the NFS-client when mounting is denied. This prevents clients from successful mounting. However, over WebNFS a well known 'root-filehandle' is used directly with the NFSv3 protocol. When WebNFS was used, no permission checks (the "nfs.export-dir" option) were applied. Now the WebNFS mount-handler in Gluster/NFS calls the mnt3_parse_dir_exports() function that takes care of the permission checking. BUG: 1468291 Change-Id: Ic9dfd092473ba9c1c7b5fa38401cf9c0aa8395bb Signed-off-by: Niels de Vos Reviewed-on: https://review.gluster.org/17718 Smoke: Gluster Build System Reviewed-by: soumya k CentOS-regression: Gluster Build System Reviewed-by: Kaleb KEITHLEY --- xlators/nfs/server/src/mount3.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'xlators/nfs/server/src/mount3.h') diff --git a/xlators/nfs/server/src/mount3.h b/xlators/nfs/server/src/mount3.h index ce01a6c543d..8868aec787a 100644 --- a/xlators/nfs/server/src/mount3.h +++ b/xlators/nfs/server/src/mount3.h @@ -178,4 +178,11 @@ struct mount3_resolve_state { typedef struct mount3_resolve_state mnt3_resolve_t; +int +mnt3_parse_dir_exports (rpcsvc_request_t *req, struct mount3_state *ms, + char *subdir, gf_boolean_t send_reply); + +char* +mnt3_get_volume_subdir (char *path, char **volname); + #endif -- cgit