From a2416f06ac46dabf19752b024b229348c8d22815 Mon Sep 17 00:00:00 2001 From: Anil Madhavapeddy Date: Sun, 28 May 2006 23:29:33 +0000 Subject: Add support for NFS mounts to be from non-reserved ports: - new sysctl vfs.nfs.privport to require NFS mount requests to be on reserved ports when set to 1 (the default). - mountd now automatically sets the sysctl depending on the -n flag. - add mountd_flags to rc.conf to enable the -n flag at boot. deraadt@ ok --- sys/nfs/nfs_subs.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'sys/nfs/nfs_subs.c') diff --git a/sys/nfs/nfs_subs.c b/sys/nfs/nfs_subs.c index 2ba66f0a364..3008f177713 100644 --- a/sys/nfs/nfs_subs.c +++ b/sys/nfs/nfs_subs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_subs.c,v 1.55 2005/10/19 16:50:46 pedro Exp $ */ +/* $OpenBSD: nfs_subs.c,v 1.56 2006/05/28 23:29:32 avsm Exp $ */ /* $NetBSD: nfs_subs.c,v 1.27.4.3 1996/07/08 20:34:24 jtc Exp $ */ /* @@ -102,6 +102,7 @@ nfstype nfsv3_type[9] = { NFNON, NFREG, NFDIR, NFBLK, NFCHR, NFLNK, NFSOCK, enum vtype nv2tov_type[8] = { VNON, VREG, VDIR, VBLK, VCHR, VLNK, VNON, VNON }; enum vtype nv3tov_type[8]={ VNON, VREG, VDIR, VBLK, VCHR, VLNK, VSOCK, VFIFO }; int nfs_ticks; +int nfs_privport = 1; /* * Mapping of old NFS Version 2 RPC numbers to generic numbers. @@ -1654,12 +1655,15 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag) if (error) return (error); - saddr = mtod(nam, struct sockaddr_in *); - if (saddr->sin_family == AF_INET && - (ntohs(saddr->sin_port) >= IPPORT_RESERVED || - (slp->ns_so->so_type == SOCK_STREAM && ntohs(saddr->sin_port) == 20))) { - vput(*vpp); - return (NFSERR_AUTHERR | AUTH_TOOWEAK); + if (nfs_privport) { + saddr = mtod(nam, struct sockaddr_in *); + if (saddr->sin_family == AF_INET && + (ntohs(saddr->sin_port) >= IPPORT_RESERVED || + (slp->ns_so->so_type == SOCK_STREAM && + ntohs(saddr->sin_port) == 20))) { + vput(*vpp); + return (NFSERR_AUTHERR | AUTH_TOOWEAK); + } } /* -- cgit v1.2.3