From owner-freebsd-bugs@FreeBSD.ORG  Sat Jun 19 15:30:03 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 35C0F106566C
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 19 Jun 2010 15:30:03 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id ECAA88FC16
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 19 Jun 2010 15:30:02 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5JFU2YQ075465
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 19 Jun 2010 15:30:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5JFU2gU075460;
	Sat, 19 Jun 2010 15:30:02 GMT (envelope-from gnats)
Resent-Date: Sat, 19 Jun 2010 15:30:02 GMT
Resent-Message-Id: <201006191530.o5JFU2gU075460@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Christopher Key <cjk32@cam.ac.uk>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DFCDE106566C
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat, 19 Jun 2010 15:23:50 +0000 (UTC) (envelope-from cjk32@cam.ac.uk)
Received: from chacal.cjkey.org.uk (chacal.cjkey.org.uk [88.97.163.217])
	by mx1.freebsd.org (Postfix) with ESMTP id F41BF8FC0A
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat, 19 Jun 2010 15:23:49 +0000 (UTC)
Received: from chacal.wzl33 (localhost [127.0.0.1])
	by chacal.cjkey.org.uk (8.14.3/8.14.3) with ESMTP id o5JFNl70001599
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat, 19 Jun 2010 16:23:47 +0100 (BST)
	(envelope-from chris@chacal.wzl33)
Received: (from chris@localhost)
	by chacal.wzl33 (8.14.3/8.14.3/Submit) id o5JFNlxr001598;
	Sat, 19 Jun 2010 16:23:47 +0100 (BST) (envelope-from chris)
Message-Id: <201006191523.o5JFNlxr001598@chacal.wzl33>
Date: Sat, 19 Jun 2010 16:23:47 +0100 (BST)
From: Christopher Key <cjk32@cam.ac.uk>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: kern/147998: NFS -mapall group permissions ignored when -network is
	specified
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Christopher Key <cjk32@cam.ac.uk>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jun 2010 15:30:03 -0000


>Number:         147998
>Category:       kern
>Synopsis:       NFS -mapall group permissions ignored when -network is specified
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 19 15:30:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Christopher Key
>Release:        FreeBSD 8.0-RELEASE-p2 amd64
>Organization:
>Environment:
System: FreeBSD chacal.wzl33 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #2: Sat Jun 19 15:45:05 BST 2010 root@chacal.wzl33:/usr/obj/usr/src/sys/CHACAL amd64


	
>Description:
When -network (or any host restriction probably) is added to an nfs exports line, any group privileges for -mapall (and -maproot probably) get ignored.

     
>How-To-Repeat:
Outline steps, not actually tested.

mkdir /exports/dir
touch /exports/dir/file

chown u1:g1 /exports/dir /exports/dir/file
chmod 750 /exports/dir
chmod 640 /exports/dir/file

echo "/exports/dir -ro -mapall nobody:g1" > /etc/exports
kill -s HUP $(cat /var/run/mountd.pid)
# Can access /exports/dir/file via NFS

echo "/exports/dir -ro -mapall nobody:g1 --network 192.168.2.0/24" > /etc/exports
kill -s HUP $(cat /var/run/mountd.pid)
# Can't access /exports/dir/file via NFS


Further details in,
http://forums.freebsd.org/showthread.php?t=14493

	
>Fix:

	

--- vfs_export.c.patch begins here ---
Index: sys/kern/vfs_export.c
===================================================================
--- sys/kern/vfs_export.c	(revision 209341)
+++ sys/kern/vfs_export.c	(working copy)
@@ -208,7 +208,7 @@
 	np->netc_anon = crget();
 	np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
 	crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
-	    np->netc_anon->cr_groups);
+	    argp->ex_anon.cr_groups);
 	np->netc_anon->cr_prison = &prison0;
 	prison_hold(np->netc_anon->cr_prison);
 	np->netc_numsecflavors = argp->ex_numsecflavors;
--- vfs_export.c.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: