From owner-svn-src-all@freebsd.org  Thu Dec  8 23:29:58 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17906C6E803;
 Thu,  8 Dec 2016 23:29:58 +0000 (UTC)
 (envelope-from rmacklem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E63281444;
 Thu,  8 Dec 2016 23:29:57 +0000 (UTC)
 (envelope-from rmacklem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uB8NTvrj033407;
 Thu, 8 Dec 2016 23:29:57 GMT (envelope-from rmacklem@FreeBSD.org)
Received: (from rmacklem@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id uB8NTvMd033406;
 Thu, 8 Dec 2016 23:29:57 GMT (envelope-from rmacklem@FreeBSD.org)
Message-Id: <201612082329.uB8NTvMd033406@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to
 rmacklem@FreeBSD.org using -f
From: Rick Macklem <rmacklem@FreeBSD.org>
Date: Thu, 8 Dec 2016 23:29:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r309723 - head/usr.sbin/nfsd
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2016 23:29:58 -0000

Author: rmacklem
Date: Thu Dec  8 23:29:56 2016
New Revision: 309723
URL: https://svnweb.freebsd.org/changeset/base/309723

Log:
  Patch the nfsd so that it doesn't register with rpcbind for an NFSv4 only
  server.
  
  This patch uses the sysctl vfs.nfsd.server_min_nfsvers to determine
  if/what versions of NFS service should be registered with rpcbind.
  For NFSv4 only, it does not register at all, since NFSv4 always uses 2049
  and does not require rpcbind.
  For NFSv3 minimum, it registers NFSv3 but not NFSv2.
  
  Tested by:	jmader2@gmu.edu
  Submitted by:	jmader2@gmu.edu (earlier version)
  MFC after:	2 weeks
  Differential Revision:	https://reviews.freebsd.org/D8696

Modified:
  head/usr.sbin/nfsd/nfsd.c

Modified: head/usr.sbin/nfsd/nfsd.c
==============================================================================
--- head/usr.sbin/nfsd/nfsd.c	Thu Dec  8 21:02:34 2016	(r309722)
+++ head/usr.sbin/nfsd/nfsd.c	Thu Dec  8 23:29:56 2016	(r309723)
@@ -82,6 +82,9 @@ static int	debug = 0;
 #define	NFSD_STABLEBACKUP	"/var/db/nfs-stablerestart.bak"
 #define	MAXNFSDCNT	256
 #define	DEFNFSDCNT	 4
+#define	NFS_VER2	 2
+#define NFS_VER3	 3
+#define NFS_VER4	 4
 static pid_t children[MAXNFSDCNT]; /* PIDs of children */
 static int nfsdcnt;		/* number of children */
 static int nfsdcnt_set;
@@ -158,6 +161,8 @@ main(int argc, char **argv)
 	int bindhostc, bindanyflag, rpcbreg, rpcbregcnt;
 	int nfssvc_addsock;
 	int longindex = 0;
+	int nfs_minvers = NFS_VER2;
+	size_t nfs_minvers_size;
 	const char *lopt;
 	char **bindhost = NULL;
 	pid_t pid;
@@ -266,6 +271,15 @@ main(int argc, char **argv)
 			errx(1, "Out of memory");
 	}
 
+	nfs_minvers_size = sizeof(nfs_minvers);
+	error = sysctlbyname("vfs.nfsd.server_min_nfsvers", &nfs_minvers,
+	    &nfs_minvers_size, NULL, 0);
+	if (error != 0 || nfs_minvers < NFS_VER2 || nfs_minvers > NFS_VER4) {
+		warnx("sysctlbyname(vfs.nfsd.server_min_nfsvers) failed,"
+		    " defaulting to NFSv2");
+		nfs_minvers = NFS_VER2;
+	}
+
 	if (unregister) {
 		unregistration();
 		exit (0);
@@ -285,9 +299,14 @@ main(int argc, char **argv)
 				err(1, "getnetconfigent udp failed");
 			nb_udp.buf = ai_udp->ai_addr;
 			nb_udp.len = nb_udp.maxlen = ai_udp->ai_addrlen;
-			if ((!rpcb_set(NFS_PROGRAM, 2, nconf_udp, &nb_udp)) ||
-			    (!rpcb_set(NFS_PROGRAM, 3, nconf_udp, &nb_udp)))
-				err(1, "rpcb_set udp failed");
+			if (nfs_minvers == NFS_VER2)
+				if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp,
+				    &nb_udp))
+					err(1, "rpcb_set udp failed");
+			if (nfs_minvers <= NFS_VER3)
+				if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp,
+				    &nb_udp))
+					err(1, "rpcb_set udp failed");
 			freeaddrinfo(ai_udp);
 		}
 		if (udpflag && ip6flag) {
@@ -304,9 +323,14 @@ main(int argc, char **argv)
 				err(1, "getnetconfigent udp6 failed");
 			nb_udp6.buf = ai_udp6->ai_addr;
 			nb_udp6.len = nb_udp6.maxlen = ai_udp6->ai_addrlen;
-			if ((!rpcb_set(NFS_PROGRAM, 2, nconf_udp6, &nb_udp6)) ||
-			    (!rpcb_set(NFS_PROGRAM, 3, nconf_udp6, &nb_udp6)))
-				err(1, "rpcb_set udp6 failed");
+			if (nfs_minvers == NFS_VER2)
+				if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp6,
+				    &nb_udp6))
+					err(1, "rpcb_set udp6 failed");
+			if (nfs_minvers <= NFS_VER3)
+				if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp6,
+				    &nb_udp6))
+					err(1, "rpcb_set udp6 failed");
 			freeaddrinfo(ai_udp6);
 		}
 		if (tcpflag) {
@@ -323,9 +347,14 @@ main(int argc, char **argv)
 				err(1, "getnetconfigent tcp failed");
 			nb_tcp.buf = ai_tcp->ai_addr;
 			nb_tcp.len = nb_tcp.maxlen = ai_tcp->ai_addrlen;
-			if ((!rpcb_set(NFS_PROGRAM, 2, nconf_tcp, &nb_tcp)) ||
-			    (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp, &nb_tcp)))
-				err(1, "rpcb_set tcp failed");
+			if (nfs_minvers == NFS_VER2)
+				if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp,
+				    &nb_tcp))
+					err(1, "rpcb_set tcp failed");
+			if (nfs_minvers <= NFS_VER3)
+				if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp,
+				    &nb_tcp))
+					err(1, "rpcb_set tcp failed");
 			freeaddrinfo(ai_tcp);
 		}
 		if (tcpflag && ip6flag) {
@@ -342,9 +371,14 @@ main(int argc, char **argv)
 				err(1, "getnetconfigent tcp6 failed");
 			nb_tcp6.buf = ai_tcp6->ai_addr;
 			nb_tcp6.len = nb_tcp6.maxlen = ai_tcp6->ai_addrlen;
-			if ((!rpcb_set(NFS_PROGRAM, 2, nconf_tcp6, &nb_tcp6)) ||
-			    (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp6, &nb_tcp6)))
-				err(1, "rpcb_set tcp6 failed");
+			if (nfs_minvers == NFS_VER2)
+				if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp6,
+				    &nb_tcp6))
+					err(1, "rpcb_set tcp6 failed");
+			if (nfs_minvers <= NFS_VER3)
+				if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp6, 
+				   &nb_tcp6))
+					err(1, "rpcb_set tcp6 failed");
 			freeaddrinfo(ai_tcp6);
 		}
 		exit (0);
@@ -475,9 +509,14 @@ main(int argc, char **argv)
 				err(1, "getnetconfigent udp failed");
 			nb_udp.buf = ai_udp->ai_addr;
 			nb_udp.len = nb_udp.maxlen = ai_udp->ai_addrlen;
-			if ((!rpcb_set(NFS_PROGRAM, 2, nconf_udp, &nb_udp)) ||
-			    (!rpcb_set(NFS_PROGRAM, 3, nconf_udp, &nb_udp)))
-				err(1, "rpcb_set udp failed");
+			if (nfs_minvers == NFS_VER2)
+				if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp,
+				    &nb_udp))
+					err(1, "rpcb_set udp failed");
+			if (nfs_minvers <= NFS_VER3)
+				if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp,
+				    &nb_udp))
+					err(1, "rpcb_set udp failed");
 			freeaddrinfo(ai_udp);
 		}
 	}
@@ -544,9 +583,16 @@ main(int argc, char **argv)
 				err(1, "getnetconfigent udp6 failed");
 			nb_udp6.buf = ai_udp6->ai_addr;
 			nb_udp6.len = nb_udp6.maxlen = ai_udp6->ai_addrlen;
-			if ((!rpcb_set(NFS_PROGRAM, 2, nconf_udp6, &nb_udp6)) ||
-			    (!rpcb_set(NFS_PROGRAM, 3, nconf_udp6, &nb_udp6)))
-				err(1, "rpcb_set udp6 failed");
+			if (nfs_minvers == NFS_VER2)
+				if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp6,
+				    &nb_udp6))
+					err(1,
+					    "rpcb_set udp6 failed");
+			if (nfs_minvers <= NFS_VER3)
+				if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp6,
+				    &nb_udp6))
+					err(1,
+					    "rpcb_set udp6 failed");
 			freeaddrinfo(ai_udp6);
 		}
 	}
@@ -610,10 +656,14 @@ main(int argc, char **argv)
 				err(1, "getnetconfigent tcp failed");
 			nb_tcp.buf = ai_tcp->ai_addr;
 			nb_tcp.len = nb_tcp.maxlen = ai_tcp->ai_addrlen;
-			if ((!rpcb_set(NFS_PROGRAM, 2, nconf_tcp,
-			    &nb_tcp)) || (!rpcb_set(NFS_PROGRAM, 3,
-			    nconf_tcp, &nb_tcp)))
-				err(1, "rpcb_set tcp failed");
+			if (nfs_minvers == NFS_VER2)
+				if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp,
+				    &nb_tcp))
+					err(1, "rpcb_set tcp failed");
+			if (nfs_minvers <= NFS_VER3)
+				if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp,
+				    &nb_tcp))
+					err(1, "rpcb_set tcp failed");
 			freeaddrinfo(ai_tcp);
 		}
 	}
@@ -685,9 +735,14 @@ main(int argc, char **argv)
 				err(1, "getnetconfigent tcp6 failed");
 			nb_tcp6.buf = ai_tcp6->ai_addr;
 			nb_tcp6.len = nb_tcp6.maxlen = ai_tcp6->ai_addrlen;
-			if ((!rpcb_set(NFS_PROGRAM, 2, nconf_tcp6, &nb_tcp6)) ||
-			    (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp6, &nb_tcp6)))
-				err(1, "rpcb_set tcp6 failed");
+			if (nfs_minvers == NFS_VER2)
+				if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp6,
+				    &nb_tcp6))
+					err(1, "rpcb_set tcp6 failed");
+			if (nfs_minvers <= NFS_VER3)
+				if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp6,
+				    &nb_tcp6))
+					err(1, "rpcb_set tcp6 failed");
 			freeaddrinfo(ai_tcp6);
 		}
 	}