hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-27 03:11:52 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

nfscommon: Return NFSERR_ATTRNOTSUPP for AUDIT/ALARM ACEs

Browse Source 
FreeBSD only supports Allow/Deny ACEs in NFSv4 ACLs.
As such, it does not make sense to parse Audit/Alarm
ACEs.  Modify nfsrv_dissectace() so that it returns
NFSERR_ATTRNOTSUPP if an Audit/Alarm ACE is found in
the ACL being parsed.  The code has been #ifdef notnow'd,
since Audit/Alarm ACEs might be supported someday.

This should not have significant impact, since FreeBSD
reports to clients that only Allow/Deny ACEs are
supported and an attempt to set one would have failed
anyhow.

MFC after:	2 weeks
This commit is contained in:
Rick Macklem 2021-12-27 08:03:41 -08:00
parent c3d9c63329
commit f10dc28ec2
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/fs/nfs/nfs_commonacl.c
View File

@ -158,10 +158,13 @@ nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep,
acep->ae_entry_type = ACL_ENTRY_TYPE_ALLOW;
else if (acetype == NFSV4ACE_DENIEDTYPE)
acep->ae_entry_type = ACL_ENTRY_TYPE_DENY;
#ifdef notnow
/* FreeBSD does not support Audit/Alarm ACEs at this time. */
else if (acetype == NFSV4ACE_AUDITTYPE)
acep->ae_entry_type = ACL_ENTRY_TYPE_AUDIT;
else if (acetype == NFSV4ACE_ALARMTYPE)
acep->ae_entry_type = ACL_ENTRY_TYPE_ALARM;
#endif
else
aceerr = NFSERR_ATTRNOTSUPP;
}