diff options
| author | Marcel Telka <marcel.telka@nexenta.com> | 2014-11-21 08:37:17 +0100 |
|---|---|---|
| committer | Richard Lowe <richlowe@richlowe.net> | 2014-11-25 15:31:18 -0500 |
| commit | 89621fe174cf95ae903df6ceab605bf24d696ac3 (patch) | |
| tree | 6a63a29d9679ab1d2be2dcb81c9851ae13e10c69 /usr/src/uts/common/fs/nfs/nfs_server.c | |
| parent | 750b79c78c780208c50864106db6ec3fc19a664b (diff) | |
| download | illumos-gate-89621fe174cf95ae903df6ceab605bf24d696ac3.tar.gz | |
5296 Support for more than 16 groups with AUTH_SYS
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Josef 'Jeff' Sipek <josef.sipek@nexenta.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
Diffstat (limited to 'usr/src/uts/common/fs/nfs/nfs_server.c')
| -rw-r--r-- | usr/src/uts/common/fs/nfs/nfs_server.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/usr/src/uts/common/fs/nfs/nfs_server.c b/usr/src/uts/common/fs/nfs/nfs_server.c index ca3d7d8bb9..7e94c62734 100644 --- a/usr/src/uts/common/fs/nfs/nfs_server.c +++ b/usr/src/uts/common/fs/nfs/nfs_server.c @@ -2019,6 +2019,8 @@ checkauth(struct exportinfo *exi, struct svc_req *req, cred_t *cr, int anon_ok, uid_t uid; gid_t gid; + uint_t ngids; + gid_t *gids; /* * Check for privileged port number @@ -2077,7 +2079,7 @@ checkauth(struct exportinfo *exi, struct svc_req *req, cred_t *cr, int anon_ok, /* * Check if the auth flavor is valid for this export */ - access = nfsauth_access(exi, req, cr, &uid, &gid); + access = nfsauth_access(exi, req, cr, &uid, &gid, &ngids, &gids); if (access & NFSAUTH_DROP) return (-1); /* drop the request */ @@ -2113,6 +2115,9 @@ checkauth(struct exportinfo *exi, struct svc_req *req, cred_t *cr, int anon_ok, return (0); } + if (rpcflavor != AUTH_SYS) + kmem_free(gids, ngids * sizeof (gid_t)); + switch (rpcflavor) { case AUTH_NONE: anon_res = crsetugid(cr, exi->exi_export.ex_anon, @@ -2152,8 +2157,12 @@ checkauth(struct exportinfo *exi, struct svc_req *req, cred_t *cr, int anon_ok, exi->exi_export.ex_anon, exi->exi_export.ex_anon); (void) crsetgroups(cr, 0, NULL); + } else if (access & NFSAUTH_GROUPS) { + (void) crsetgroups(cr, ngids, gids); } + kmem_free(gids, ngids * sizeof (gid_t)); + break; case AUTH_DES: @@ -2271,6 +2280,8 @@ checkauth4(struct compound_state *cs, struct svc_req *req) uid_t uid; gid_t gid; + uint_t ngids; + gid_t *gids; exi = cs->exi; cr = cs->cr; @@ -2311,7 +2322,8 @@ checkauth4(struct compound_state *cs, struct svc_req *req) * Check the access right per auth flavor on the vnode of * this export for the given request. */ - access = nfsauth4_access(cs->exi, cs->vp, req, cr, &uid, &gid); + access = nfsauth4_access(cs->exi, cs->vp, req, cr, &uid, &gid, &ngids, + &gids); if (access & NFSAUTH_WRONGSEC) return (-2); /* no access for this security flavor */ @@ -2341,6 +2353,9 @@ checkauth4(struct compound_state *cs, struct svc_req *req) * return 1 on success or 0 on failure */ + if (rpcflavor != AUTH_SYS) + kmem_free(gids, ngids * sizeof (gid_t)); + switch (rpcflavor) { case AUTH_NONE: anon_res = crsetugid(cr, exi->exi_export.ex_anon, @@ -2380,8 +2395,12 @@ checkauth4(struct compound_state *cs, struct svc_req *req) exi->exi_export.ex_anon, exi->exi_export.ex_anon); (void) crsetgroups(cr, 0, NULL); + } if (access & NFSAUTH_GROUPS) { + (void) crsetgroups(cr, ngids, gids); } + kmem_free(gids, ngids * sizeof (gid_t)); + break; default: |