summaryrefslogtreecommitdiff
path: root/usr/src/uts/common/fs/nfs/nfs_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/uts/common/fs/nfs/nfs_server.c')
-rw-r--r--usr/src/uts/common/fs/nfs/nfs_server.c23
1 files changed, 21 insertions, 2 deletions
diff --git a/usr/src/uts/common/fs/nfs/nfs_server.c b/usr/src/uts/common/fs/nfs/nfs_server.c
index ca3d7d8bb9..7e94c62734 100644
--- a/usr/src/uts/common/fs/nfs/nfs_server.c
+++ b/usr/src/uts/common/fs/nfs/nfs_server.c
@@ -2019,6 +2019,8 @@ checkauth(struct exportinfo *exi, struct svc_req *req, cred_t *cr, int anon_ok,
uid_t uid;
gid_t gid;
+ uint_t ngids;
+ gid_t *gids;
/*
* Check for privileged port number
@@ -2077,7 +2079,7 @@ checkauth(struct exportinfo *exi, struct svc_req *req, cred_t *cr, int anon_ok,
/*
* Check if the auth flavor is valid for this export
*/
- access = nfsauth_access(exi, req, cr, &uid, &gid);
+ access = nfsauth_access(exi, req, cr, &uid, &gid, &ngids, &gids);
if (access & NFSAUTH_DROP)
return (-1); /* drop the request */
@@ -2113,6 +2115,9 @@ checkauth(struct exportinfo *exi, struct svc_req *req, cred_t *cr, int anon_ok,
return (0);
}
+ if (rpcflavor != AUTH_SYS)
+ kmem_free(gids, ngids * sizeof (gid_t));
+
switch (rpcflavor) {
case AUTH_NONE:
anon_res = crsetugid(cr, exi->exi_export.ex_anon,
@@ -2152,8 +2157,12 @@ checkauth(struct exportinfo *exi, struct svc_req *req, cred_t *cr, int anon_ok,
exi->exi_export.ex_anon,
exi->exi_export.ex_anon);
(void) crsetgroups(cr, 0, NULL);
+ } else if (access & NFSAUTH_GROUPS) {
+ (void) crsetgroups(cr, ngids, gids);
}
+ kmem_free(gids, ngids * sizeof (gid_t));
+
break;
case AUTH_DES:
@@ -2271,6 +2280,8 @@ checkauth4(struct compound_state *cs, struct svc_req *req)
uid_t uid;
gid_t gid;
+ uint_t ngids;
+ gid_t *gids;
exi = cs->exi;
cr = cs->cr;
@@ -2311,7 +2322,8 @@ checkauth4(struct compound_state *cs, struct svc_req *req)
* Check the access right per auth flavor on the vnode of
* this export for the given request.
*/
- access = nfsauth4_access(cs->exi, cs->vp, req, cr, &uid, &gid);
+ access = nfsauth4_access(cs->exi, cs->vp, req, cr, &uid, &gid, &ngids,
+ &gids);
if (access & NFSAUTH_WRONGSEC)
return (-2); /* no access for this security flavor */
@@ -2341,6 +2353,9 @@ checkauth4(struct compound_state *cs, struct svc_req *req)
* return 1 on success or 0 on failure
*/
+ if (rpcflavor != AUTH_SYS)
+ kmem_free(gids, ngids * sizeof (gid_t));
+
switch (rpcflavor) {
case AUTH_NONE:
anon_res = crsetugid(cr, exi->exi_export.ex_anon,
@@ -2380,8 +2395,12 @@ checkauth4(struct compound_state *cs, struct svc_req *req)
exi->exi_export.ex_anon,
exi->exi_export.ex_anon);
(void) crsetgroups(cr, 0, NULL);
+ } if (access & NFSAUTH_GROUPS) {
+ (void) crsetgroups(cr, ngids, gids);
}
+ kmem_free(gids, ngids * sizeof (gid_t));
+
break;
default:
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-04 22:00:22 +0000