6603480 sharemgr doesn't allow shares to have more restricted access than its group

6623508 zfs set sharenfs=ro=machine1:machine2,rw broken post-CIFS 6626488 smb_load_proto_properties() leaks memory
author: dougm <none@none> 2007-11-11 13:33:21 -0800
committer: dougm <none@none> 2007-11-11 13:33:21 -0800
commit: 97df5ac96dbf15a7624a8e07b7dd686404d988c0 (patch)
tree: a26bfdabf23966662f3a554bb325e1a22a9d08c0 /usr/src/lib
parent: bb5141e1c6407f6c507d7d05e75a1631f851389c (diff)
download: illumos-gate-97df5ac96dbf15a7624a8e07b7dd686404d988c0.tar.gz
4 files changed, 28 insertions, 25 deletions
diff --git a/usr/src/lib/libshare/common/libshare_zfs.c b/usr/src/lib/libshare/common/libshare_zfs.c
index e0ee84ef8a..3c0de2abfe 100644
--- a/usr/src/lib/libshare/common/libshare_zfs.c
+++ b/usr/src/lib/libshare/common/libshare_zfs.c
@@ -592,14 +592,17 @@ zfs_inherited(sa_handle_t handle, sa_share_t share, char *sourcestr,
 }
 
 /*
- * zfs_notinherited()
+ * zfs_notinherited(group, share, mountpoint, shareopts, proto, dataset,
+ *     grouperr)
  *
  * handle case where this is the top of a sub-group in ZFS. Pulled out
- * of sa_get_zfs_shares for readability.
+ * of sa_get_zfs_shares for readability. We need the grouperr from the
+ * creation of the subgroup to know whether to add the public
+ * property, etc. to the specific share.
  */
 static int
 zfs_notinherited(sa_group_t group, sa_share_t share, char *mountpoint,
-    char *shareopts, char *proto, char *dataset)
+    char *shareopts, char *proto, char *dataset, int grouperr)
 {
 	int err = SA_OK;
 	sa_resource_t resource;
@@ -614,17 +617,11 @@ zfs_notinherited(sa_group_t group, sa_share_t share, char *mountpoint,
 			shareopts = "";
 		if (shareopts != NULL) {
 			char *options;
-			options = strdup(shareopts);
-			if (options != NULL) {
-				err = sa_parse_legacy_options(group, options,
-				    proto);
-				free(options);
-			}
-			if (err == SA_PROP_SHARE_ONLY) {
+			if (grouperr == SA_PROP_SHARE_ONLY) {
 				/*
-				 * Same as above, some properties may
-				 * only be on shares, but due to the
-				 * ZFS sub-groups being artificial, we
+				 * Some properties may only be on
+				 * shares, but due to the ZFS
+				 * sub-groups being artificial, we
 				 * sometimes get this and have to deal
 				 * with it. We do it by attempting to
 				 * put it on the share.
@@ -695,21 +692,21 @@ zfs_process_share(sa_handle_t handle, sa_group_t group, sa_share_t share,
 		group = find_or_create_zfs_subgroup(handle, dataset, proto,
 		    shareopts, &err);
 		if (group == NULL) {
-			static int err = 0;
+			static boolean_t reported_error = B_FALSE;
 			/*
-			 * there is a problem, but we can't do
+			 * There is a problem, but we can't do
 			 * anything about it at this point so we issue
-			 * a warning an move on.
+			 * a warning and move on.
 			 */
-			zfs_grp_error(err);
-			err = 1;
+			zfs_grp_error(reported_error);
+			reported_error = B_TRUE;
 		}
 		set_node_attr(group, "zfs", "true");
 		/*
 		 * Add share with local opts via zfs_notinherited.
 		 */
 		err = zfs_notinherited(group, share, mountpoint, shareopts,
-		    proto, dataset);
+		    proto, dataset, err);
 	}
 	return (err);
 }
diff --git a/usr/src/lib/libshare/common/libsharecore.c b/usr/src/lib/libshare/common/libsharecore.c
index 2e39594fc3..3b4b493af8 100644
--- a/usr/src/lib/libshare/common/libsharecore.c
+++ b/usr/src/lib/libshare/common/libsharecore.c
@@ -1887,11 +1887,13 @@ sa_get_derived_security(void *object, char *sectype, char *proto, int hier)
 			/* Replace the value with the new value */
 			if (newprop != NULL) {
 				/*
-				 * Only set if value is non NULL, old value ok
-				 * if it is NULL.
+				 * Only set if value is non NULL, old
+				 * value ok if it is NULL. The value
+				 * must be associated with the "value"
+				 * tag within XML.
 				 */
 				if (value != NULL)
-					set_node_attr(newprop, name, value);
+					set_node_attr(newprop, "value", value);
 			} else {
 				/* An entirely new property */
 				if (value != NULL) {
diff --git a/usr/src/lib/libshare/nfs/libshare_nfs.c b/usr/src/lib/libshare/nfs/libshare_nfs.c
index 0a3175de70..2be9c9c569 100644
--- a/usr/src/lib/libshare/nfs/libshare_nfs.c
+++ b/usr/src/lib/libshare/nfs/libshare_nfs.c
@@ -427,7 +427,8 @@ add_security_prop(struct securities *sec, char *name, char *value,
 				if (strcmp(oldvalue, "*") == 0) {
 					/* Replace old value with new value. */
 					newvalue = strdup(value);
-				} else if (strcmp(value, "*") == 0) {
+				} else if (strcmp(value, "*") == 0 ||
+				    strcmp(oldvalue, value) == 0) {
 					/*
 					 * Keep old value and ignore
 					 * the new value.
diff --git a/usr/src/lib/libshare/smb/libshare_smb.c b/usr/src/lib/libshare/smb/libshare_smb.c
index 7d705e0369..aa30b46352 100644
--- a/usr/src/lib/libshare/smb/libshare_smb.c
+++ b/usr/src/lib/libshare/smb/libshare_smb.c
@@ -965,8 +965,11 @@ smb_load_proto_properties()
 	for (index = 0; smb_proto_options[index].name != NULL; index++) {
 		value = smb_config_getenv(smb_proto_options[index].smb_index);
 		prop = sa_create_property(
-		    smb_proto_options[index].name, value);
-		(void) sa_add_protocol_property(protoset, prop);
+		    smb_proto_options[index].name, value != NULL ? value : "");
+		if (value != NULL)
+			free(value);
+		if (prop != NULL)
+			(void) sa_add_protocol_property(protoset, prop);
 	}
 	return (SA_OK);
 }
author	dougm <none@none>	2007-11-11 13:33:21 -0800
committer	dougm <none@none>	2007-11-11 13:33:21 -0800
commit	97df5ac96dbf15a7624a8e07b7dd686404d988c0 (patch)
tree	a26bfdabf23966662f3a554bb325e1a22a9d08c0 /usr/src/lib
parent	bb5141e1c6407f6c507d7d05e75a1631f851389c (diff)
download	illumos-gate-97df5ac96dbf15a7624a8e07b7dd686404d988c0.tar.gz