From 97df5ac96dbf15a7624a8e07b7dd686404d988c0 Mon Sep 17 00:00:00 2001 From: dougm Date: Sun, 11 Nov 2007 13:33:21 -0800 Subject: 6603480 sharemgr doesn't allow shares to have more restricted access than its group 6623508 zfs set sharenfs=ro=machine1:machine2,rw broken post-CIFS 6626488 smb_load_proto_properties() leaks memory --- usr/src/lib/libshare/common/libshare_zfs.c | 35 ++++++++++++++---------------- usr/src/lib/libshare/common/libsharecore.c | 8 ++++--- usr/src/lib/libshare/nfs/libshare_nfs.c | 3 ++- usr/src/lib/libshare/smb/libshare_smb.c | 7 ++++-- 4 files changed, 28 insertions(+), 25 deletions(-) (limited to 'usr/src/lib') diff --git a/usr/src/lib/libshare/common/libshare_zfs.c b/usr/src/lib/libshare/common/libshare_zfs.c index e0ee84ef8a..3c0de2abfe 100644 --- a/usr/src/lib/libshare/common/libshare_zfs.c +++ b/usr/src/lib/libshare/common/libshare_zfs.c @@ -592,14 +592,17 @@ zfs_inherited(sa_handle_t handle, sa_share_t share, char *sourcestr, } /* - * zfs_notinherited() + * zfs_notinherited(group, share, mountpoint, shareopts, proto, dataset, + * grouperr) * * handle case where this is the top of a sub-group in ZFS. Pulled out - * of sa_get_zfs_shares for readability. + * of sa_get_zfs_shares for readability. We need the grouperr from the + * creation of the subgroup to know whether to add the public + * property, etc. to the specific share. */ static int zfs_notinherited(sa_group_t group, sa_share_t share, char *mountpoint, - char *shareopts, char *proto, char *dataset) + char *shareopts, char *proto, char *dataset, int grouperr) { int err = SA_OK; sa_resource_t resource; @@ -614,17 +617,11 @@ zfs_notinherited(sa_group_t group, sa_share_t share, char *mountpoint, shareopts = ""; if (shareopts != NULL) { char *options; - options = strdup(shareopts); - if (options != NULL) { - err = sa_parse_legacy_options(group, options, - proto); - free(options); - } - if (err == SA_PROP_SHARE_ONLY) { + if (grouperr == SA_PROP_SHARE_ONLY) { /* - * Same as above, some properties may - * only be on shares, but due to the - * ZFS sub-groups being artificial, we + * Some properties may only be on + * shares, but due to the ZFS + * sub-groups being artificial, we * sometimes get this and have to deal * with it. We do it by attempting to * put it on the share. @@ -695,21 +692,21 @@ zfs_process_share(sa_handle_t handle, sa_group_t group, sa_share_t share, group = find_or_create_zfs_subgroup(handle, dataset, proto, shareopts, &err); if (group == NULL) { - static int err = 0; + static boolean_t reported_error = B_FALSE; /* - * there is a problem, but we can't do + * There is a problem, but we can't do * anything about it at this point so we issue - * a warning an move on. + * a warning and move on. */ - zfs_grp_error(err); - err = 1; + zfs_grp_error(reported_error); + reported_error = B_TRUE; } set_node_attr(group, "zfs", "true"); /* * Add share with local opts via zfs_notinherited. */ err = zfs_notinherited(group, share, mountpoint, shareopts, - proto, dataset); + proto, dataset, err); } return (err); } diff --git a/usr/src/lib/libshare/common/libsharecore.c b/usr/src/lib/libshare/common/libsharecore.c index 2e39594fc3..3b4b493af8 100644 --- a/usr/src/lib/libshare/common/libsharecore.c +++ b/usr/src/lib/libshare/common/libsharecore.c @@ -1887,11 +1887,13 @@ sa_get_derived_security(void *object, char *sectype, char *proto, int hier) /* Replace the value with the new value */ if (newprop != NULL) { /* - * Only set if value is non NULL, old value ok - * if it is NULL. + * Only set if value is non NULL, old + * value ok if it is NULL. The value + * must be associated with the "value" + * tag within XML. */ if (value != NULL) - set_node_attr(newprop, name, value); + set_node_attr(newprop, "value", value); } else { /* An entirely new property */ if (value != NULL) { diff --git a/usr/src/lib/libshare/nfs/libshare_nfs.c b/usr/src/lib/libshare/nfs/libshare_nfs.c index 0a3175de70..2be9c9c569 100644 --- a/usr/src/lib/libshare/nfs/libshare_nfs.c +++ b/usr/src/lib/libshare/nfs/libshare_nfs.c @@ -427,7 +427,8 @@ add_security_prop(struct securities *sec, char *name, char *value, if (strcmp(oldvalue, "*") == 0) { /* Replace old value with new value. */ newvalue = strdup(value); - } else if (strcmp(value, "*") == 0) { + } else if (strcmp(value, "*") == 0 || + strcmp(oldvalue, value) == 0) { /* * Keep old value and ignore * the new value. diff --git a/usr/src/lib/libshare/smb/libshare_smb.c b/usr/src/lib/libshare/smb/libshare_smb.c index 7d705e0369..aa30b46352 100644 --- a/usr/src/lib/libshare/smb/libshare_smb.c +++ b/usr/src/lib/libshare/smb/libshare_smb.c @@ -965,8 +965,11 @@ smb_load_proto_properties() for (index = 0; smb_proto_options[index].name != NULL; index++) { value = smb_config_getenv(smb_proto_options[index].smb_index); prop = sa_create_property( - smb_proto_options[index].name, value); - (void) sa_add_protocol_property(protoset, prop); + smb_proto_options[index].name, value != NULL ? value : ""); + if (value != NULL) + free(value); + if (prop != NULL) + (void) sa_add_protocol_property(protoset, prop); } return (SA_OK); } -- cgit v1.2.3