From: NeilBrown <neilb@suse.de>
To: Jeff Layton <jlayton@redhat.com>
Cc: linux-nfs@vger.kernel.org, steved@redhat.com, bfields@fieldses.org
Subject: Re: rpc.mountd and character class matches
Date: Wed, 22 Jun 2011 08:33:44 +1000 [thread overview]
Message-ID: <20110622083344.3575a424@notabene.brown> (raw)
In-Reply-To: <20110621112645.5e9e3d09@tlielax.poochiereds.net>
On Tue, 21 Jun 2011 11:26:45 -0400 Jeff Layton <jlayton@redhat.com> wrote:
> I was writing up the manpage update for exports to include info about
> IPv6 addressing, and made a mistake on my first pass. I put the IPv6
> address in brackets. It turned out that this worked because mountd
> treats stuff in brackets as a character class wildcard match.
>
> This behavior is undocumented in the manpage and it doesn't seem to
> work correctly, but it's hard to be sure as I'm not sure what correct
> behavior is for this.
>
> For instance, I have a host with a valid hostname (tlielax) in DNS on
> my subnet, and when I put this in /etc/exports:
>
> /export [whiskeytangofoxtrot](rw)
>
> ...mountd allowed me to mount that. Normally a character class like
> that should only match if you had a single-character hostname that
> matches one of the characters in the brackets.
>
> My question is -- do we want to continue to allow this sort of wildcard
> match in mountd? Given that it's not documented, it's hard to imagine
> anyone relying on it.
No, it isn't documented. But the documentation does talk about
'wildcards' (though it only mentions '*' and '?') and [foo] is often a valid
wildcard, so people could try to use it and if they find that it works...
I tried your example and it didn't work for me. I could not (from 'notabene')
mount
/home [whiskeytangofoxtrot](rw,no_root_squash,async,no_subtree_check)
or
/home [notabene](rw,no_root_squash,async,no_subtree_check)
but I could mount
/home [notabene]*(rw,no_root_squash,async,no_subtree_check)
and looking at the code (in support/nfs/wildmat.c) I cannot see how your
pattern would match anything other than a single character hostname...
You did of course run "exportfs -r" after changing /etc/exports....
>
> If we do want to keep it, what's the behavior we should be shooting for
> here?
>
> Thoughts?
I think we should leave the current functionality in place (once we confirm
that it works correctly as I think it does), possibly document it, but if the
hostname looked like an IPv6 address in [], then special case that in much
the same way that we special-case IP address.
ie. 192.168.1.2 is a /32 subnetmask
one.nine.one.two is a host name
NeilBrown
next prev parent reply other threads:[~2011-06-21 22:33 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-21 15:26 rpc.mountd and character class matches Jeff Layton
2011-06-21 15:57 ` J. Bruce Fields
2011-06-21 22:33 ` NeilBrown [this message]
2011-06-22 0:55 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110622083344.3575a424@notabene.brown \
--to=neilb@suse.de \
--cc=bfields@fieldses.org \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).