HomeFreeBSD

mountd(8): parsecred(): Fallback to "nogroup" or GID_NOGROUP

Description

mountd(8): parsecred(): Fallback to "nogroup" or GID_NOGROUP

In the 'uid:gid:gid:...' case (for '-maproot' or '-mapall'), if no GID
is specified at all (i.e., input is of the form 'uid:', with the colon
at the end), mountd(8) would pass credentials with an empty array of
groups to the kernel.

For security reasons, we have put in place a kernel fallback a while
ago, which is to use the single group GID_NOGROUP (see commits
cfbe7a62dc62 ("nfs, rpc: Ensure kernel credentials have at least one
group") and 5169d4307eb9 ("nfs: Fallback to GID_NOGROUP on no groups")).
Here, as we are in userland, we first try to find the GID number
corresponding to "nogroup", and only then fall back to GID_NOGROUP, as
nfsuserd(8) does.

Approved by: markj (mentor)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47011

(cherry picked from commit bdc259ef382f76b1821d4356049d5b856c42901a)

Details

Provenance
olceAuthored on Oct 8 2024, 9:21 AM
Differential Revision
D47011: mountd(8): parsecred(): Fallback to "nogroup" or GID_NOGROUP
Parents
rGa633b10e3d85: mountd(8): parsecred(): Remove "duplicate compression"
Branches
Unknown
Tags
Unknown