Project

General

Profile

Bug #1012

cifs-shares are also exported via nfs without being configured therefor

Added by Florian Manschwetus over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
cifs - CIFS server and client
Start date:
2011-05-10
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

1. create a dataset as cifs-share
2. set sharesmb=name=test (cifs should work now)
3. svcadm enable -r nfs/server
=> dfshares will show your cifs shares, because they are now also exported via nfs without any restrictions
=> every nfs capable client in your network is now able to bypass any restrictions on your shares

History

#1

Updated by Rich Lowe over 8 years ago

The problem is sharemgr (or libshare, perhaps). When the nfs/server start method does 'sharemgr start -P nfs -a', it really does start sharing all shares on NFS. sharemgr seems convinced that something else is doing the "is this share appropriate to this protocol" check, but nothing that I can find is. libshare probably shouldn't, as from its point of view it's being asked to share 'foo' on NFS, and is just doing so. It seems that sharemgr should be where this is actually checked.

The most conservative place to check would be sa_enable_group before adding to worklist, less conservative places in descending order are enable_all_groups and enable_group, the latter may not actually catch every case.

#2

Updated by Rich Lowe over 8 years ago

It seems like enable_group should get a has_protocol() check similar to disable_group's.
I'm not sure if that's sufficient (can protocols be set at the share level, rather than the group?)

#3

Updated by Rich Lowe over 8 years ago

  • Assignee set to Rich Lowe
  • Tags deleted (needs-triage)
#4

Updated by Rich Lowe over 8 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Resolved in r13371 commit:ac51c74a855d

Also available in: Atom PDF