/**
* @brief Validate export permissions
*
* @param[in] req Incoming request.
*
* @return NFS4_OK if successful, NFS4ERR_ACCESS or NFS4ERR_WRONGSEC otherwise.
*
*/
nfsstat4 nfs4_export_check_access(struct svc_req *req)
{
xprt_type_t xprt_type = svc_get_xprt_type(req->rq_xprt);
int port = get_port(op_ctx->caller_addr);
LogMidDebugAlt(COMPONENT_NFS_V4, COMPONENT_EXPORT,
"nfs4_export_check_access about to call export_check_access");
export_check_access();
/* Check if any access at all */
if ((op_ctx->export_perms->options &
EXPORT_OPTION_ACCESS_TYPE) == 0) {
LogInfoAlt(COMPONENT_NFS_V4, COMPONENT_EXPORT,
"Access not allowed on Export_Id %d %s for client %s",
op_ctx->export->export_id,
op_ctx->export->fullpath,
op_ctx->client
? op_ctx->client->hostaddr_str
: "unknown client");
return NFS4ERR_ACCESS;
}
/**
* @brief Validate export permissions
*
* @param[in] req Incoming request.
*
* @return NFS4_OK if successful, NFS4ERR_ACCESS or NFS4ERR_WRONGSEC otherwise.
*
*/
nfsstat4 nfs4_export_check_access(struct svc_req *req)
{
xprt_type_t xprt_type = svc_get_xprt_type(req->rq_xprt);
int port = get_port(op_ctx->caller_addr);
LogMidDebugAlt(COMPONENT_NFS_V4, COMPONENT_EXPORT,
"nfs4_export_check_access about to call export_check_access");
export_check_access();
/* Check if any access at all */
if ((op_ctx->export_perms->options &
EXPORT_OPTION_ACCESS_MASK) == 0) {
LogInfoAlt(COMPONENT_NFS_V4, COMPONENT_EXPORT,
"Access not allowed on Export_Id %d %s for client %s",
op_ctx->ctx_export->export_id,
op_ctx->ctx_export->fullpath,
op_ctx->client
? op_ctx->client->hostaddr_str
: "unknown client");
return NFS4ERR_ACCESS;
}
/* Check protocol version */
if ((op_ctx->export_perms->options & EXPORT_OPTION_NFSV4) == 0) {
LogInfoAlt(COMPONENT_NFS_V4, COMPONENT_EXPORT,
"NFS4 not allowed on Export_Id %d %s for client %s",
op_ctx->ctx_export->export_id,
op_ctx->ctx_export->fullpath,
op_ctx->client
? op_ctx->client->hostaddr_str
: "unknown client");
return NFS4ERR_ACCESS;
}
/* Check transport type */
if (((xprt_type == XPRT_UDP) &&
((op_ctx->export_perms->options &
EXPORT_OPTION_UDP) == 0))
||
((xprt_type == XPRT_TCP) &&
((op_ctx->export_perms->options &
EXPORT_OPTION_TCP) == 0))) {
LogInfoAlt(COMPONENT_NFS_V4, COMPONENT_EXPORT,
"NFS4 over %s not allowed on Export_Id %d %s for client %s",
xprt_type_to_str(xprt_type),
op_ctx->ctx_export->export_id,
op_ctx->ctx_export->fullpath,
op_ctx->client
? op_ctx->client->hostaddr_str
: "unknown client");
return NFS4ERR_ACCESS;
}
/* Check if client is using a privileged port. */
if (((op_ctx->export_perms->options &
EXPORT_OPTION_PRIVILEGED_PORT) != 0)
&& (port >= IPPORT_RESERVED)) {
LogInfoAlt(COMPONENT_NFS_V4, COMPONENT_EXPORT,
"Non-reserved Port %d is not allowed on Export_Id %d %s for client %s",
port, op_ctx->ctx_export->export_id,
op_ctx->ctx_export->fullpath,
op_ctx->client
? op_ctx->client->hostaddr_str
: "unknown client");
return NFS4ERR_ACCESS;
}
/* Test if export allows the authentication provided */
if (export_check_security(req) == false) {
LogInfoAlt(COMPONENT_NFS_V4, COMPONENT_EXPORT,
"NFS4 auth not allowed on Export_Id %d %s for client %s",
op_ctx->ctx_export->export_id,
op_ctx->ctx_export->fullpath,
op_ctx->client
? op_ctx->client->hostaddr_str
: "unknown client");
return NFS4ERR_WRONGSEC;
}
/* Get creds */
return nfs_req_creds(req);
}