summaryrefslogtreecommitdiff
path: root/sys/nfs
diff options
context:
space:
mode:
authorAnil Madhavapeddy <avsm@cvs.openbsd.org>2006-05-28 23:29:33 +0000
committerAnil Madhavapeddy <avsm@cvs.openbsd.org>2006-05-28 23:29:33 +0000
commita2416f06ac46dabf19752b024b229348c8d22815 (patch)
tree34c623f891ee5935a85839439d7688760340e50d /sys/nfs
parente62e7f8d148fab5e5c120113bcf1d33e110f63e7 (diff)
Add support for NFS mounts to be from non-reserved ports:
- new sysctl vfs.nfs.privport to require NFS mount requests to be on reserved ports when set to 1 (the default). - mountd now automatically sets the sysctl depending on the -n flag. - add mountd_flags to rc.conf to enable the -n flag at boot. deraadt@ ok
Diffstat (limited to 'sys/nfs')
-rw-r--r--sys/nfs/nfs.h8
-rw-r--r--sys/nfs/nfs_subs.c18
-rw-r--r--sys/nfs/nfs_vfsops.c5
3 files changed, 20 insertions, 11 deletions
diff --git a/sys/nfs/nfs.h b/sys/nfs/nfs.h
index 03292652ac1..8d2960e893d 100644
--- a/sys/nfs/nfs.h
+++ b/sys/nfs/nfs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: nfs.h,v 1.24 2005/06/08 04:17:14 marius Exp $ */
+/* $OpenBSD: nfs.h,v 1.25 2006/05/28 23:29:32 avsm Exp $ */
/* $NetBSD: nfs.h,v 1.10.4.1 1996/05/27 11:23:56 fvdl Exp $ */
/*
@@ -221,12 +221,14 @@ struct nfsstats {
*/
#define NFS_NFSSTATS 1 /* struct: struct nfsstats */
#define NFS_NIOTHREADS 2 /* number of i/o threads */
-#define NFS_MAXID 3
+#define NFS_PRIVPORT 3 /* whether priv ports are needed */
+#define NFS_MAXID 4
#define FS_NFS_NAMES { \
{ 0, 0 }, \
{ "nfsstats", CTLTYPE_STRUCT }, \
- { "iothreads", CTLTYPE_INT } \
+ { "iothreads", CTLTYPE_INT }, \
+ { "privport", CTLTYPE_INT } \
}
/*
diff --git a/sys/nfs/nfs_subs.c b/sys/nfs/nfs_subs.c
index 2ba66f0a364..3008f177713 100644
--- a/sys/nfs/nfs_subs.c
+++ b/sys/nfs/nfs_subs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nfs_subs.c,v 1.55 2005/10/19 16:50:46 pedro Exp $ */
+/* $OpenBSD: nfs_subs.c,v 1.56 2006/05/28 23:29:32 avsm Exp $ */
/* $NetBSD: nfs_subs.c,v 1.27.4.3 1996/07/08 20:34:24 jtc Exp $ */
/*
@@ -102,6 +102,7 @@ nfstype nfsv3_type[9] = { NFNON, NFREG, NFDIR, NFBLK, NFCHR, NFLNK, NFSOCK,
enum vtype nv2tov_type[8] = { VNON, VREG, VDIR, VBLK, VCHR, VLNK, VNON, VNON };
enum vtype nv3tov_type[8]={ VNON, VREG, VDIR, VBLK, VCHR, VLNK, VSOCK, VFIFO };
int nfs_ticks;
+int nfs_privport = 1;
/*
* Mapping of old NFS Version 2 RPC numbers to generic numbers.
@@ -1654,12 +1655,15 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag)
if (error)
return (error);
- saddr = mtod(nam, struct sockaddr_in *);
- if (saddr->sin_family == AF_INET &&
- (ntohs(saddr->sin_port) >= IPPORT_RESERVED ||
- (slp->ns_so->so_type == SOCK_STREAM && ntohs(saddr->sin_port) == 20))) {
- vput(*vpp);
- return (NFSERR_AUTHERR | AUTH_TOOWEAK);
+ if (nfs_privport) {
+ saddr = mtod(nam, struct sockaddr_in *);
+ if (saddr->sin_family == AF_INET &&
+ (ntohs(saddr->sin_port) >= IPPORT_RESERVED ||
+ (slp->ns_so->so_type == SOCK_STREAM &&
+ ntohs(saddr->sin_port) == 20))) {
+ vput(*vpp);
+ return (NFSERR_AUTHERR | AUTH_TOOWEAK);
+ }
}
/*
diff --git a/sys/nfs/nfs_vfsops.c b/sys/nfs/nfs_vfsops.c
index f7fdb88b9e9..3de3c138504 100644
--- a/sys/nfs/nfs_vfsops.c
+++ b/sys/nfs/nfs_vfsops.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nfs_vfsops.c,v 1.60 2006/04/19 11:55:55 pedro Exp $ */
+/* $OpenBSD: nfs_vfsops.c,v 1.61 2006/05/28 23:29:32 avsm Exp $ */
/* $NetBSD: nfs_vfsops.c,v 1.46.4.1 1996/05/25 22:40:35 fvdl Exp $ */
/*
@@ -70,6 +70,7 @@
extern struct nfsstats nfsstats;
extern int nfs_ticks;
+extern int nfs_privport;
int nfs_sysctl(int *, u_int, void *, size_t *, void *, size_t, struct proc *);
int nfs_checkexp(struct mount *mp, struct mbuf *nam,
@@ -911,6 +912,8 @@ nfs_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
return rv;
+ case NFS_PRIVPORT:
+ return(sysctl_int(oldp, oldlenp, newp, newlen, &nfs_privport));
default:
return EOPNOTSUPP;
}