linux-hardened/include/linux/nfsd
J. Bruce Fields 04716e6621 nfsd: permit unauthenticated stat of export root
RFC 2623 section 2.3.2 permits the server to bypass gss authentication
checks for certain operations that a client may perform when mounting.
In the case of a client that doesn't have some form of credentials
available to it on boot, this allows it to perform the mount unattended.
(Presumably real file access won't be needed until a user with
credentials logs in.)

Being slightly more lenient allows lots of old clients to access
krb5-only exports, with the only loss being a small amount of
information leaked about the root directory of the export.

This affects only v2 and v3; v4 still requires authentication for all
access.

Thanks to Peter Staubach testing against a Solaris client, which
suggesting addition of v3 getattr, to the list, and to Trond for noting
that doing so exposes no additional information.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: Peter Staubach <staubach@redhat.com>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
2008-09-29 17:56:56 -04:00
..
cache.h NFSD: Strip __KERNEL__ testing from unexported header files. 2008-04-23 16:13:41 -04:00
const.h
debug.h
export.h Use struct path in struct svc_expkey 2008-02-14 21:17:08 -08:00
Kbuild NFSD: Strip __KERNEL__ testing from unexported header files. 2008-04-23 16:13:41 -04:00
nfsd.h nfsd: permit unauthenticated stat of export root 2008-09-29 17:56:56 -04:00
nfsfh.h knfsd: 64 bit ino support for NFS server 2007-10-09 18:31:57 -04:00
state.h nfsd: eliminate unused nfs4_callback.cb_stat 2008-06-23 13:02:48 -04:00
stats.h
syscall.h nfsd: move nfsd/auth.h into fs/nfsd 2008-02-01 16:42:05 -05:00
xdr.h NFSD: Path name length signage in nfsd request argument structures 2008-02-01 16:42:03 -05:00
xdr3.h NFSD: Path name length signage in nfsd request argument structures 2008-02-01 16:42:03 -05:00
xdr4.h nfsd: Allow AIX client to read dir containing mountpoints 2008-02-01 16:42:06 -05:00