From owner-svn-src-head@freebsd.org Sun Aug 30 21:21:59 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 097E53CB061; Sun, 30 Aug 2020 21:21:59 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BfmVt6Xnhz4b1c; Sun, 30 Aug 2020 21:21:58 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C3E841D31F; Sun, 30 Aug 2020 21:21:58 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 07ULLwdv043263; Sun, 30 Aug 2020 21:21:58 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 07ULLw2V043254; Sun, 30 Aug 2020 21:21:58 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202008302121.07ULLw2V043254@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 30 Aug 2020 21:21:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r364979 - head/usr.sbin/mountd X-SVN-Group: head X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: head/usr.sbin/mountd X-SVN-Commit-Revision: 364979 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Aug 2020 21:21:59 -0000 Author: rmacklem Date: Sun Aug 30 21:21:58 2020 New Revision: 364979 URL: https://svnweb.freebsd.org/changeset/base/364979 Log: Add support for the NFS over TLS exports to mountd. Three new export flags are added to mountd that will restrict exported file system mounts to use TLS. Without these flags, TLS is allowed, but not required. The exports(5) man page will be updated in a future commit. Modified: head/usr.sbin/mountd/mountd.c Modified: head/usr.sbin/mountd/mountd.c ============================================================================== --- head/usr.sbin/mountd/mountd.c Sun Aug 30 18:21:54 2020 (r364978) +++ head/usr.sbin/mountd/mountd.c Sun Aug 30 21:21:58 2020 (r364979) @@ -2795,6 +2795,13 @@ do_opt(char **cpp, char **endcpp, struct exportlist *e return (1); opt_flags |= OP_SEC; usedarg++; + } else if (!strcmp(cpopt, "tls")) { + *exflagsp |= MNT_EXTLS; + } else if (!strcmp(cpopt, "tlscert")) { + *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT); + } else if (!strcmp(cpopt, "tlscertuser")) { + *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT | + MNT_EXTLSCERTUSER); } else { syslog(LOG_ERR, "bad opt %s", cpopt); return (1);