From e304f48fa262e5cdbe181fb3fee5dfb9c893108c Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Thu, 6 Jul 2017 17:04:17 +0200
Subject: nfs: add permission checking for mounting over WebNFS

Solaris 10 uses WebNFS and not the MOUNT protocol. All permission checks
for allowing/denying clients to mount are done through the MNT handlers.
These handlers will not give out a filehandle to the NFS-client when
mounting is denied. This prevents clients from successful mounting.
However, over WebNFS a well known 'root-filehandle' is used directly
with the NFSv3 protocol.

When WebNFS was used, no permission checks (the "nfs.export-dir" option)
were applied. Now the WebNFS mount-handler in Gluster/NFS calls the
mnt3_parse_dir_exports() function that takes care of the permission
checking.

BUG: 1468291
Change-Id: Ic9dfd092473ba9c1c7b5fa38401cf9c0aa8395bb
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: https://review.gluster.org/17718
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: soumya k <skoduri@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
---
 xlators/nfs/server/src/nfs-common.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

(limited to 'xlators/nfs/server/src/nfs-common.c')

diff --git a/xlators/nfs/server/src/nfs-common.c b/xlators/nfs/server/src/nfs-common.c
index 526918872d7..2f742d44366 100644
--- a/xlators/nfs/server/src/nfs-common.c
+++ b/xlators/nfs/server/src/nfs-common.c
@@ -73,8 +73,8 @@ nfs_xlator_to_xlid (xlator_list_t *cl, xlator_t *xl)
 xlator_t *
 nfs_mntpath_to_xlator (xlator_list_t *cl, char *path)
 {
-        char            *volname  = NULL;
-        char            *volptr   = NULL;
+        char            *volname  = NULL; /* volume name only */
+        char            *volptr   = NULL; /* ptr to original volname */
         size_t           pathlen  = -1;
         xlator_t        *targetxl = NULL;
         int              i        = 0;
@@ -82,14 +82,16 @@ nfs_mntpath_to_xlator (xlator_list_t *cl, char *path)
         if ((!cl) || (!path))
                 return NULL;
 
-        volname = strdupa (path);
-        pathlen = strlen (volname);
         gf_msg_trace (GF_NFS, 0, "Subvolume search: %s", path);
+
+        volname = volptr = gf_strdup (path);
+        if (!volname)
+                return NULL;
+
         if (volname[0] == '/')
-                volptr = &volname[1];
-        else
-                volptr = &volname[0];
+                volname++;
 
+        pathlen = strlen (volname);
         for (i = 0; i < pathlen; i++) {
                 if (volname[i] == '/') {
                         volname[i] = '\0';
@@ -98,10 +100,10 @@ nfs_mntpath_to_xlator (xlator_list_t *cl, char *path)
         }
 
         while (cl) {
-                gf_msg_trace (GF_NFS, 0, "Volptr: %s and cl->xlator->name: %s",
-                              volptr, cl->xlator->name);
+                gf_msg_trace (GF_NFS, 0, "Volname: %s and cl->xlator->name: %s",
+                              volname, cl->xlator->name);
 
-                if (strcmp (volptr, cl->xlator->name) == 0) {
+                if (strcmp (volname, cl->xlator->name) == 0) {
                         targetxl = cl->xlator;
                         break;
                 }
@@ -109,8 +111,9 @@ nfs_mntpath_to_xlator (xlator_list_t *cl, char *path)
                 cl = cl->next;
         }
 
-        return targetxl;
+        GF_FREE (volptr);
 
+        return targetxl;
 }
 
 
-- 
cgit