diff options
| -rw-r--r-- | etc/rc | 4 | ||||
| -rw-r--r-- | etc/rc.conf | 3 | ||||
| -rw-r--r-- | lib/libc/gen/sysctl.3 | 3 | ||||
| -rw-r--r-- | sbin/mountd/mountd.c | 42 | ||||
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 3 | ||||
| -rw-r--r-- | sys/nfs/nfs.h | 8 | ||||
| -rw-r--r-- | sys/nfs/nfs_subs.c | 18 | ||||
| -rw-r--r-- | sys/nfs/nfs_vfsops.c | 5 |
8 files changed, 68 insertions, 18 deletions
@@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.281 2006/03/27 16:53:10 reyk Exp $ +# $OpenBSD: rc,v 1.282 2006/05/28 23:29:32 avsm Exp $ # System startup script run by init on autoboot # or after single-user. @@ -383,7 +383,7 @@ if [ X"${nfs_server}" = X"YES" -a -s /etc/exports -a \ `sed -e '/^#/d' < /etc/exports | wc -l` -ne 0 ]; then rm -f /var/db/mountdtab echo -n > /var/db/mountdtab - echo -n ' mountd'; mountd + echo -n ' mountd'; mountd ${mountd_flags} echo -n ' nfsd'; nfsd ${nfsd_flags} if [ X"${lockd}" = X"YES" ]; then echo -n ' rpc.lockd'; rpc.lockd diff --git a/etc/rc.conf b/etc/rc.conf index e919bf13950..7b71c6a1449 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: rc.conf,v 1.111 2006/03/27 16:53:10 reyk Exp $ +# $OpenBSD: rc.conf,v 1.112 2006/05/28 23:29:32 avsm Exp $ # set these to "NO" to turn them off. otherwise, they're used as flags routed_flags=NO # for normal use: "-q" @@ -82,6 +82,7 @@ savecore_flags= # "-z" to compress ypserv_flags= # E.g. -1 for YP v1, -d for DNS etc yppasswdd_flags=NO # "-d /etc/yp" if passwd files are in /etc/yp nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver +mountd_flags= # "-n" to permit non-reserved port NFS mounts amd_dir=/tmp_mnt # AMD's mount directory amd_master=/etc/amd/master # AMD 'master' map syslogd_flags= # add more flags, ie. "-u -a /chroot/dev/log" diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3 index 6d968ba5f88..7e7e28da7e7 100644 --- a/lib/libc/gen/sysctl.3 +++ b/lib/libc/gen/sysctl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.3,v 1.155 2006/05/28 01:27:44 pedro Exp $ +.\" $OpenBSD: sysctl.3,v 1.156 2006/05/28 23:29:32 avsm Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -1941,6 +1941,7 @@ are contiguous on disk, reducing fragmentation. .It Sy Third level name Type Changeable .It Dv NFS_NFSSTATS No " struct nfsstats yes" .It Dv NFS_NIOTHREADS No " int yes" +.It Dv NFS_PRIVPORT No " int yes" .El .El .El diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c index ccafd46e7ac..93afb9826cb 100644 --- a/sbin/mountd/mountd.c +++ b/sbin/mountd/mountd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mountd.c,v 1.65 2005/09/20 22:40:35 deraadt Exp $ */ +/* $OpenBSD: mountd.c,v 1.66 2006/05/28 23:29:32 avsm Exp $ */ /* $NetBSD: mountd.c,v 1.31 1996/02/18 11:57:53 fvdl Exp $ */ /* @@ -48,6 +48,7 @@ static char rcsid[] = "$NetBSD: mountd.c,v 1.31 1996/02/18 11:57:53 fvdl Exp $"; #endif /* not lint */ #include <sys/param.h> +#include <sys/sysctl.h> #include <sys/file.h> #include <sys/ioctl.h> #include <sys/mount.h> @@ -61,6 +62,7 @@ static char rcsid[] = "$NetBSD: mountd.c,v 1.31 1996/02/18 11:57:53 fvdl Exp $"; #include <rpc/pmap_prot.h> #include <nfs/rpcv2.h> #include <nfs/nfsproto.h> +#include <nfs/nfs.h> #include <arpa/inet.h> @@ -227,7 +229,8 @@ main(int argc, char *argv[]) { SVCXPRT *udptransp, *tcptransp; FILE *pidfile; - int c; + int c, nfs_id, mib[4]; + size_t s_len; while ((c = getopt(argc, argv, "dnr")) != -1) switch (c) { @@ -284,6 +287,41 @@ main(int argc, char *argv[]) fclose(pidfile); } + /* Set vfs.nfs.privport to correct value */ + mib[0] = CTL_VFS; + mib[1] = VFS_GENERIC; + mib[2] = VFS_MAXTYPENUM; + s_len = sizeof nfs_id; + if (sysctl(mib, 3, &nfs_id, &s_len, NULL, 0)) { + syslog(LOG_ERR, "sysctl VFS_MAXTYPENUM: %m"); + exit(1); + } + for (; nfs_id; nfs_id--) { + struct vfsconf vfsc; + mib[0] = CTL_VFS; + mib[1] = VFS_GENERIC; + mib[2] = VFS_CONF; + mib[3] = nfs_id; + s_len = sizeof(vfsc); + if (sysctl(mib, 4, &vfsc, &s_len, NULL, 0)) + continue; + if (!strcmp(vfsc.vfc_name, MOUNT_NFS)) + break; + } + if (nfs_id == 0) { + syslog(LOG_ERR, "null nfs filesystem id"); + exit(1); + } + + mib[0] = CTL_VFS; + mib[1] = nfs_id; + mib[2] = NFS_PRIVPORT; + if (sysctl(mib, 3, NULL, 0, &resvport_only, + sizeof resvport_only) != 0 && errno != ENOENT) { + syslog(LOG_ERR, "sysctl NFS_PRIVPORT: %m"); + exit(1); + } + signal(SIGHUP, (void (*)(int)) new_exportlist); signal(SIGTERM, (void (*)(int)) send_umntall); signal(SIGSYS, SIG_IGN); diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 182d0689dd8..bb814f3b652 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.130 2006/05/27 23:43:03 claudio Exp $ +.\" $OpenBSD: sysctl.8,v 1.131 2006/05/28 23:29:32 avsm Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -410,6 +410,7 @@ not all of the variables are relevant to all architectures. .It vfs.ffs.dirhash_maxmem integer yes .It vfs.ffs.dirhash_mem integer no .It vfs.nfs.iothreads integer yes +.It vfs.nfs.privport integer yes .El .Pp The diff --git a/sys/nfs/nfs.h b/sys/nfs/nfs.h index 03292652ac1..8d2960e893d 100644 --- a/sys/nfs/nfs.h +++ b/sys/nfs/nfs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs.h,v 1.24 2005/06/08 04:17:14 marius Exp $ */ +/* $OpenBSD: nfs.h,v 1.25 2006/05/28 23:29:32 avsm Exp $ */ /* $NetBSD: nfs.h,v 1.10.4.1 1996/05/27 11:23:56 fvdl Exp $ */ /* @@ -221,12 +221,14 @@ struct nfsstats { */ #define NFS_NFSSTATS 1 /* struct: struct nfsstats */ #define NFS_NIOTHREADS 2 /* number of i/o threads */ -#define NFS_MAXID 3 +#define NFS_PRIVPORT 3 /* whether priv ports are needed */ +#define NFS_MAXID 4 #define FS_NFS_NAMES { \ { 0, 0 }, \ { "nfsstats", CTLTYPE_STRUCT }, \ - { "iothreads", CTLTYPE_INT } \ + { "iothreads", CTLTYPE_INT }, \ + { "privport", CTLTYPE_INT } \ } /* diff --git a/sys/nfs/nfs_subs.c b/sys/nfs/nfs_subs.c index 2ba66f0a364..3008f177713 100644 --- a/sys/nfs/nfs_subs.c +++ b/sys/nfs/nfs_subs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_subs.c,v 1.55 2005/10/19 16:50:46 pedro Exp $ */ +/* $OpenBSD: nfs_subs.c,v 1.56 2006/05/28 23:29:32 avsm Exp $ */ /* $NetBSD: nfs_subs.c,v 1.27.4.3 1996/07/08 20:34:24 jtc Exp $ */ /* @@ -102,6 +102,7 @@ nfstype nfsv3_type[9] = { NFNON, NFREG, NFDIR, NFBLK, NFCHR, NFLNK, NFSOCK, enum vtype nv2tov_type[8] = { VNON, VREG, VDIR, VBLK, VCHR, VLNK, VNON, VNON }; enum vtype nv3tov_type[8]={ VNON, VREG, VDIR, VBLK, VCHR, VLNK, VSOCK, VFIFO }; int nfs_ticks; +int nfs_privport = 1; /* * Mapping of old NFS Version 2 RPC numbers to generic numbers. @@ -1654,12 +1655,15 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag) if (error) return (error); - saddr = mtod(nam, struct sockaddr_in *); - if (saddr->sin_family == AF_INET && - (ntohs(saddr->sin_port) >= IPPORT_RESERVED || - (slp->ns_so->so_type == SOCK_STREAM && ntohs(saddr->sin_port) == 20))) { - vput(*vpp); - return (NFSERR_AUTHERR | AUTH_TOOWEAK); + if (nfs_privport) { + saddr = mtod(nam, struct sockaddr_in *); + if (saddr->sin_family == AF_INET && + (ntohs(saddr->sin_port) >= IPPORT_RESERVED || + (slp->ns_so->so_type == SOCK_STREAM && + ntohs(saddr->sin_port) == 20))) { + vput(*vpp); + return (NFSERR_AUTHERR | AUTH_TOOWEAK); + } } /* diff --git a/sys/nfs/nfs_vfsops.c b/sys/nfs/nfs_vfsops.c index f7fdb88b9e9..3de3c138504 100644 --- a/sys/nfs/nfs_vfsops.c +++ b/sys/nfs/nfs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_vfsops.c,v 1.60 2006/04/19 11:55:55 pedro Exp $ */ +/* $OpenBSD: nfs_vfsops.c,v 1.61 2006/05/28 23:29:32 avsm Exp $ */ /* $NetBSD: nfs_vfsops.c,v 1.46.4.1 1996/05/25 22:40:35 fvdl Exp $ */ /* @@ -70,6 +70,7 @@ extern struct nfsstats nfsstats; extern int nfs_ticks; +extern int nfs_privport; int nfs_sysctl(int *, u_int, void *, size_t *, void *, size_t, struct proc *); int nfs_checkexp(struct mount *mp, struct mbuf *nam, @@ -911,6 +912,8 @@ nfs_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, return rv; + case NFS_PRIVPORT: + return(sysctl_int(oldp, oldlenp, newp, newlen, &nfs_privport)); default: return EOPNOTSUPP; } |