mountd: prefer non-V4ROOT exports.

If paths A and A/B are both exported, then we have a choice of exports
to return for A (or under A but still above A/B): we could return A
itself, or we could return a V4ROOT export leading to B.

For now, we will always prefer the non-V4ROOT export, whenever that is
an option.  This will allow clients to reach A/B as long as
adminstrators keep to the rule that the security on a parent permits the
union of the access permitted on any descendant.

In the future we may support more complicated arrangements.

(Note: this can't be avoided by simply not creating v4root exports with
the same domain and path, because different domains may have some
overlap.)

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
index 2468bc5916084e06323341ed6aeab006378beef9..d63e10ae1faf431d190e1c1ba5ca2c742eb038a2 100644 (file)
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -657,6 +657,11 @@ static nfs_export *lookup_export(char *dom, char *path, struct hostent *he)
                                found_type = i;
                                continue;
                        }
+
+                       /* Always prefer non-V4ROOT mounts */
+                       if (found->m_export.e_flags & NFSEXP_V4ROOT)
+                               continue;
+
                        /* If one is a CROSSMOUNT, then prefer the longest path */
                        if (((found->m_export.e_flags & NFSEXP_CROSSMOUNT) ||
                             (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)) &&