From nobody Tue Jan 25 23:24:51 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 15B1E196F625; Tue, 25 Jan 2022 23:24:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Jk2xw01NCz4kg4; Tue, 25 Jan 2022 23:24:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643153092; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SUVRrAmHzI1OfEIFkQ9OYG6x0GYaGgxPqYieXmf4ErY=; b=sBHJB00UJBMcagflTKs6720h0Xi+fWinDdVbc+3Prl30AdUReOhLHnU4Eyi++i27dBADsX 825kLE5DNSbiIOpwqH5J48cigw3MruSG4WUaetYVUeF619yyApKP8ASJ3bDdowBXBk7gRh 5HmlkFK8cjkcZIegtGAqELG1jUFLGb+oY1uPq6hsKk4lt2Y1ya/QbPOKchRZEL/2Hgb3yA zQN+pCOJ9IWH0CQMZ7cJEw8cQzXlnL8Ai0wjrqeOhRNNsmBaASalepyfRqiE0KOOuk6wAj FSR59ztldZUvgpus9c4fjLPNSm6nCQ00sAsiXl145mPgQimeVbWxkg0cKGcKcA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D067012F15; Tue, 25 Jan 2022 23:24:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20PNOpAs006945; Tue, 25 Jan 2022 23:24:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20PNOpM1006944; Tue, 25 Jan 2022 23:24:51 GMT (envelope-from git) Date: Tue, 25 Jan 2022 23:24:51 GMT Message-Id: <202201252324.20PNOpM1006944@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 3953a0d780ac - stable/13 - nfsd: Do not accept audit/alarm ACEs for the NFSv4 server List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 3953a0d780ac5b4fff3d80625c74d012a4744b68 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643153092; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SUVRrAmHzI1OfEIFkQ9OYG6x0GYaGgxPqYieXmf4ErY=; b=gpjXdN9VwXarTBsVwGOiwxkmXJ6iQO4FNC6eBshiou1ElhH5DUigdJdlUlcVKcydr47UrO JMOkVuRexqaI1bX1Bt6FI73mNgoVhyZ4w5xU2AjS4MSLse4Fa/yA3Pf2tFQ3kFSn32gzQE ZIokJtCsXTSFSSkWXnsjD7uNmMqnxInb+aOz5y+IZR95Wr/ewBKRlHYQkbmAl+zhhCRwEN en35qx9qeP0K6E9L3TJtm/HD4T3bTnbpTKq9+bI4ExNbXiqGzhCZPyNI331xA/vdjlr1wd cRb794nK4Vd+ikD7z96KkJjh9TOLnfqNmFsBZIwXRugDCUqbLp39mGx69/XQWw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643153092; a=rsa-sha256; cv=none; b=fLq1dOsuejBm6kJd7mOiZ6/X3Gyeg1/7Wl/shP6k1XLG7le0rnNzplaB9nLO6oqGzNc+Tk LnFP1DiiCREYD6dwTWqRoUApLGUw8kOmoCgXB1/DhnPievIycM5TvfGHA+E+7+ZogdBfRu +cbnC00eKsvR5ycrvSpmi0uDnBZ2sgxikZOMSSBnA8e1/uj6XjEWj09Ya7TDrSMTE6PsB7 5WMqLgMs2AVvY2vwagGoc8kELE5UpbvLyVCTvebt+G5JRQ2l4R5lmzJiGDbiFkhPFdLDUk buiialyz0xYDZRCzkilXpyHEqkkuYQMnxsPFFy+nYDLwmVEk1sjqODG8D5mPPg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=3953a0d780ac5b4fff3d80625c74d012a4744b68 commit 3953a0d780ac5b4fff3d80625c74d012a4744b68 Author: Rick Macklem AuthorDate: 2022-01-11 17:40:07 +0000 Commit: Rick Macklem CommitDate: 2022-01-25 23:22:37 +0000 nfsd: Do not accept audit/alarm ACEs for the NFSv4 server The UFS and ZFS file systems only support Allow/Deny ACEs in the NFSv4 ACLs. This patch does not allow the server to parse Audit/Alarm ACEs. The NFSv4 client is still allowed to pase Audit/Alarm ACEs, since non-FreeBSD NFSv4 servers may use them. This patch should not have a significant effect, since the UFS and ZFS file systems will not handle these ACEs anyhow. It simply serves as an additional "safety belt" for the NFSv4 server. (cherry picked from commit a91a57846b5863b7ac4687cf202bb9496e028ab5) --- sys/fs/nfs/nfs_commonacl.c | 6 +++--- sys/fs/nfs/nfs_commonsubs.c | 22 +++++++++++----------- sys/fs/nfs/nfs_var.h | 4 ++-- sys/fs/nfsclient/nfs_clrpcops.c | 16 ++++++++-------- sys/fs/nfsserver/nfs_nfsdport.c | 4 ++-- 5 files changed, 26 insertions(+), 26 deletions(-) diff --git a/sys/fs/nfs/nfs_commonacl.c b/sys/fs/nfs/nfs_commonacl.c index 19492675e731..b733dc52803f 100644 --- a/sys/fs/nfs/nfs_commonacl.c +++ b/sys/fs/nfs/nfs_commonacl.c @@ -42,7 +42,7 @@ static int nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner, */ int nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep, - int *aceerrp, int *acesizep, NFSPROC_T *p) + bool server, int *aceerrp, int *acesizep, NFSPROC_T *p) { u_int32_t *tl; int len, gotid = 0, owner = 0, error = 0, aceerr = 0; @@ -154,9 +154,9 @@ nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep, acep->ae_entry_type = ACL_ENTRY_TYPE_ALLOW; else if (acetype == NFSV4ACE_DENIEDTYPE) acep->ae_entry_type = ACL_ENTRY_TYPE_DENY; - else if (acetype == NFSV4ACE_AUDITTYPE) + else if (!server && acetype == NFSV4ACE_AUDITTYPE) acep->ae_entry_type = ACL_ENTRY_TYPE_AUDIT; - else if (acetype == NFSV4ACE_ALARMTYPE) + else if (!server && acetype == NFSV4ACE_ALARMTYPE) acep->ae_entry_type = ACL_ENTRY_TYPE_ALARM; else aceerr = NFSERR_ATTRNOTSUPP; diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c index ff92095b6182..51071a6f03ca 100644 --- a/sys/fs/nfs/nfs_commonsubs.c +++ b/sys/fs/nfs/nfs_commonsubs.c @@ -1090,8 +1090,8 @@ nfsmout: * If the aclp == NULL or won't fit in an acl, just discard the acl info. */ int -nfsrv_dissectacl(struct nfsrv_descript *nd, NFSACL_T *aclp, int *aclerrp, - int *aclsizep, __unused NFSPROC_T *p) +nfsrv_dissectacl(struct nfsrv_descript *nd, NFSACL_T *aclp, bool server, + int *aclerrp, int *aclsizep, __unused NFSPROC_T *p) { u_int32_t *tl; int i, aclsize; @@ -1122,7 +1122,7 @@ nfsrv_dissectacl(struct nfsrv_descript *nd, NFSACL_T *aclp, int *aclerrp, for (i = 0; i < acecnt; i++) { if (aclp && !aceerr) error = nfsrv_dissectace(nd, &aclp->acl_entry[i], - &aceerr, &acesize, p); + server, &aceerr, &acesize, p); else error = nfsrv_skipace(nd, &acesize); if (error) @@ -1487,8 +1487,8 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp, NFSACL_T *naclp; naclp = acl_alloc(M_WAITOK); - error = nfsrv_dissectacl(nd, naclp, &aceerr, - &cnt, p); + error = nfsrv_dissectacl(nd, naclp, true, + &aceerr, &cnt, p); if (error) { acl_free(naclp); goto nfsmout; @@ -1498,8 +1498,8 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp, *retcmpp = NFSERR_NOTSAME; acl_free(naclp); } else { - error = nfsrv_dissectacl(nd, NULL, &aceerr, - &cnt, p); + error = nfsrv_dissectacl(nd, NULL, true, + &aceerr, &cnt, p); if (error) goto nfsmout; *retcmpp = NFSERR_ATTRNOTSUPP; @@ -1507,11 +1507,11 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp, } } else { if (vp != NULL && aclp != NULL) - error = nfsrv_dissectacl(nd, aclp, &aceerr, - &cnt, p); + error = nfsrv_dissectacl(nd, aclp, false, + &aceerr, &cnt, p); else - error = nfsrv_dissectacl(nd, NULL, &aceerr, - &cnt, p); + error = nfsrv_dissectacl(nd, NULL, false, + &aceerr, &cnt, p); if (error) goto nfsmout; } diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h index 8f7ae9df78e9..b5bc5178187e 100644 --- a/sys/fs/nfs/nfs_var.h +++ b/sys/fs/nfs/nfs_var.h @@ -329,7 +329,7 @@ int nfsm_advance(struct nfsrv_descript *, int, int); void *nfsm_dissct(struct nfsrv_descript *, int, int); void newnfs_copycred(struct nfscred *, struct ucred *); void newnfs_copyincred(struct ucred *, struct nfscred *); -int nfsrv_dissectacl(struct nfsrv_descript *, NFSACL_T *, int *, +int nfsrv_dissectacl(struct nfsrv_descript *, NFSACL_T *, bool, int *, int *, NFSPROC_T *); int nfsrv_getattrbits(struct nfsrv_descript *, nfsattrbit_t *, int *, int *); @@ -433,7 +433,7 @@ int nfs_supportsnfsv4acls(vnode_t); /* nfs_commonacl.c */ int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *, - int *, int *, NFSPROC_T *); + bool, int *, int *, NFSPROC_T *); int nfsrv_buildacl(struct nfsrv_descript *, NFSACL_T *, enum vtype, NFSPROC_T *); int nfsrv_compareacl(NFSACL_T *, NFSACL_T *); diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index 72e3b74aa31e..9922cf00d464 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -619,8 +619,8 @@ nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp, int fhlen, } if (ret) ndp->nfsdl_flags |= NFSCLDL_RECALL; - error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, &ret, - &acesize, p); + error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false, + &ret, &acesize, p); if (error) goto nfsmout; } else if (deleg != NFSV4OPEN_DELEGATENONE) { @@ -2321,8 +2321,8 @@ nfsrpc_createv4(vnode_t dvp, char *name, int namelen, struct vattr *vap, } if (ret) dp->nfsdl_flags |= NFSCLDL_RECALL; - error = nfsrv_dissectace(nd, &dp->nfsdl_ace, &ret, - &acesize, p); + error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false, + &ret, &acesize, p); if (error) goto nfsmout; } else if (deleg != NFSV4OPEN_DELEGATENONE) { @@ -7759,8 +7759,8 @@ nfsrpc_openlayoutrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp, ndp->nfsdl_flags = NFSCLDL_READ; if (ret != 0) ndp->nfsdl_flags |= NFSCLDL_RECALL; - error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, &ret, - &acesize, p); + error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false, + &ret, &acesize, p); if (error != 0) goto nfsmout; } else if (deleg != NFSV4OPEN_DELEGATENONE) { @@ -7970,8 +7970,8 @@ nfsrpc_createlayout(vnode_t dvp, char *name, int namelen, struct vattr *vap, } if (ret != 0) dp->nfsdl_flags |= NFSCLDL_RECALL; - error = nfsrv_dissectace(nd, &dp->nfsdl_ace, &ret, - &acesize, p); + error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false, + &ret, &acesize, p); if (error != 0) goto nfsmout; } else if (deleg != NFSV4OPEN_DELEGATENONE) { diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index 9d1fbfe5801a..d63a788177b0 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -2993,8 +2993,8 @@ nfsv4_sattr(struct nfsrv_descript *nd, vnode_t vp, struct nfsvattr *nvap, attrsum += NFSX_HYPER; break; case NFSATTRBIT_ACL: - error = nfsrv_dissectacl(nd, aclp, &aceerr, &aclsize, - p); + error = nfsrv_dissectacl(nd, aclp, true, &aceerr, + &aclsize, p); if (error) goto nfsmout; if (aceerr && !nd->nd_repstat)