mountd incorrectly assumes that the first character of the username or groupname passed via the -maproot or -mapall is the uid or gid. This means, for example, a user named "1test" will be mapped to the uid of 1. The nfs clients will see that user owner of the export path is mapped to the user "daemon" (in this example).
Details
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
I've made a few inline comments.
The only substantial one is the numeric group
case. The rest are stylistic and you can choose
to ignore them, if you prefer what you already have
written.
mountd.c | ||
---|---|---|
3538 | I don't think the "end == NULL" check is needed and might? confuse Also, the "{}" aren't needed for the if/else, which is just a minor | |
3551โ3552 | Since you've moved this check up. A good change, I think. | |
3605 | There could be cases where the gid doesn't actually The old code just assigned the value, so I think the |
Here's a couple more suggestions.
mountd.c | ||
---|---|---|
3588 | I'd do this one as cr->cr_uid = name_ul; as well, | |
3592 | If you do the above change, this needs to be moved | |
3599 | You need to invert the conditional or interchange | |
3607 | I'd write this as: groups[cr->cr_ngroups++] = name_ul; since you've already done the conversion. |
mountd.c | ||
---|---|---|
3588 | To be honest, I've tried to understand why this section is even here because it seems like the cr->cr_uid = pw->pw_uid; on lines 3552 and 3582 can be moved underneath the calls after we do the getpwnam or getpwuid calls on lines 3539 or 3541 respectively? |
mountd.c | ||
---|---|---|
3588 | Or is there a situation where a user doesn't exist in the local password database similar to the scenario you said exists for the groups? |
Replied to question.
mountd.c | ||
---|---|---|
3588 | Yes, I think one use of numeric uid/gids is that Also, this code is very old. The first rendition of have been wired into it over the decades and it appears creating usernames that start with a digit is something only you have done in all those years. |
mountd.c | ||
---|---|---|
3588 | Ha, thanks for the insight. I will admit, personally, I do not create users starting with digits. However, given the opportunity (as you're probably well-aware) end users will do whatever the system allows them to do ๐ |
Okay, I've tried to fix the style to be consistent with what freeBSD expects. I've removed the call to cr->cr_uid = atoi(name) because it's a no-op and could never be reached with or without my logic changes. Lastly, I've ensured that if strsep_quote returns NULL that we account for that so we don't crash by passing a NULL value to the various getpw* or getgr calls.
Ok, here's some more fixes. Basically, some of your changes need to
be reverted because they change the semantics.
Basically, the "if (names == NULL)" at line#3573 (patched code)
handles the single name/number case and the stuff that uses
the initial acquisition of "pw" all needs to be in there, including
the check for "pw" being NULL.
--> For the ':' list of numbers, it can be NULL because it is
allowed to not be in the password database for the list of numbers case.
usr.sbin/mountd/mountd.c | ||
---|---|---|
3563 โ | (On Diff #98570) | The code from here (line#3564) to line#3566 needs to Sorry, I didn't spot this on the first review cycle. |
3569 โ | (On Diff #98570) | Above line#3569 should not be here. In case the above is confusing... |
3602 โ | (On Diff #98570) | The code that needs to be here is what is on the left cr->cr_uid = name_ul; since you've done the conversion, above. In other words, put it back to the unpatched version, |
3604 โ | (On Diff #98570) | I don't think the "if (name == NULL)" check is a non-NULL pointer. This refers to line#3605->3608. |
usr.sbin/mountd/mountd.c | ||
---|---|---|
3602 โ | (On Diff #98570) | What was on the left doesn't make sense anymore because pw can't be NULL here now. |
usr.sbin/mountd/mountd.c | ||
---|---|---|
3602 โ | (On Diff #98570) | And that makes sense because you can't specify only groups, right? So there must be a user we've found by now. |
usr.sbin/mountd/mountd.c | ||
---|---|---|
3602 โ | (On Diff #98570) | Ah but then you can't specify a uid that doesn't exist on the server. |
@rmacklem is it ok if we make parsecred return an int so we can fail to start when the creds are invalid? It feels wrong to merely log an error message and keep going when this is misconfigured.
With the one additional change I just commented inline,
I think that will do it.
(Isn't it fun to work with decades old code and still maintain
all the semantics it carries around. Personally, I live in fear
of mountd bugs because the code can be such a beast to
work with.;-)
mountd.c | ||
---|---|---|
3582โ3592 | Getting close. You still need a check here for else if (*end != '\0' || end == name) { syslog(LOG_ERR, "unknown user: %s", name); return; } else |
I've made the change as requested. Thanks for being patient with me. I was naive at first, but now I realize why you live in fear of mountd breaking :)
It now looks good to me.
Do you have a src commit bit?
If not, I can commit it with "Submitted by: yocalebo_gmail.com".
Thanks for the patch, rick