Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Dec 2018 00:26:20 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r342562 - stable/11/sys/fs/nfsserver
Message-ID:  <201812280026.wBS0QKW8045049@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rmacklem
Date: Fri Dec 28 00:26:19 2018
New Revision: 342562
URL: https://svnweb.freebsd.org/changeset/base/342562

Log:
  MFC: r342286
  Fix the NFSv4 server to obey vfs.nfsd.nfs_privport.
  
  When the NFSv4 server was coded, I believed that the specification authors
  did not want NFSv4 servers to require a client to use a reserved port#.
  However, recently it has been noted that the Linux NFSv4 server does support
  a check for a reserved port#.
  Since both the FreeBSD and Linux NFSv4 clients use a reserved port# by
  default, enabling vfs.nfsd.nfs_privport to require a reserved port# for
  NFSv4 the same as it does for NFSv2, 3 seems reasonable.
  The only case where this could cause a POLA violation is a FreeBSD NFSv4
  server with vfs.nfsd.nfs_privport set, but with NFSv4 clients doing mounts
  without using a reserved port# (< 1024).

Modified:
  stable/11/sys/fs/nfsserver/nfs_nfsdkrpc.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/fs/nfsserver/nfs_nfsdkrpc.c
==============================================================================
--- stable/11/sys/fs/nfsserver/nfs_nfsdkrpc.c	Fri Dec 28 00:10:31 2018	(r342561)
+++ stable/11/sys/fs/nfsserver/nfs_nfsdkrpc.c	Fri Dec 28 00:26:19 2018	(r342562)
@@ -87,7 +87,7 @@ SVCPOOL		*nfsrvd_pool;
 static int	nfs_privport = 0;
 SYSCTL_INT(_vfs_nfsd, OID_AUTO, nfs_privport, CTLFLAG_RWTUN,
     &nfs_privport, 0,
-    "Only allow clients using a privileged port for NFSv2 and 3");
+    "Only allow clients using a privileged port for NFSv2, 3 and 4");
 
 static int	nfs_minvers = NFS_VER2;
 SYSCTL_INT(_vfs_nfsd, OID_AUTO, server_min_nfsvers, CTLFLAG_RWTUN,
@@ -159,7 +159,7 @@ nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt)
 	nd.nd_mreq = NULL;
 	nd.nd_cred = NULL;
 
-	if (nfs_privport && (nd.nd_flag & ND_NFSV4) == 0) {
+	if (nfs_privport != 0) {
 		/* Check if source port is privileged */
 		u_short port;
 		struct sockaddr *nam = nd.nd_nam;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812280026.wBS0QKW8045049>