svn commit: r184923 - in user/dfr/gssapi/6/sys: . conf nfsclient
nfsserver xdr
Doug Rabson
dfr at FreeBSD.org
Thu Nov 13 07:00:34 PST 2008
Author: dfr
Date: Thu Nov 13 15:00:34 2008
New Revision: 184923
URL: http://svn.freebsd.org/changeset/base/184923
Log:
MFC: 184920,184921
Modified:
user/dfr/gssapi/6/sys/ (props changed)
user/dfr/gssapi/6/sys/conf/files
user/dfr/gssapi/6/sys/conf/options
user/dfr/gssapi/6/sys/nfsclient/nfs.h
user/dfr/gssapi/6/sys/nfsserver/nfs.h
user/dfr/gssapi/6/sys/nfsserver/nfs_srvkrpc.c
user/dfr/gssapi/6/sys/xdr/xdr_mbuf.c
Modified: user/dfr/gssapi/6/sys/conf/files
==============================================================================
--- user/dfr/gssapi/6/sys/conf/files Thu Nov 13 14:58:55 2008 (r184922)
+++ user/dfr/gssapi/6/sys/conf/files Thu Nov 13 15:00:34 2008 (r184923)
@@ -1936,7 +1936,7 @@ nfsclient/krpc_subr.c optional bootp nf
nfsclient/nfs_bio.c optional nfsclient
nfsclient/nfs_diskless.c optional nfsclient nfs_root
nfsclient/nfs_node.c optional nfsclient
-nfsclient/nfs_socket.c optional nfsclient nfs_legacyrpc
+nfsclient/nfs_socket.c optional nfsclient
nfsclient/nfs_krpc.c optional nfsclient
nfsclient/nfs_subs.c optional nfsclient
nfsclient/nfs_nfsiod.c optional nfsclient
@@ -1946,10 +1946,10 @@ nfsclient/nfs_lock.c optional nfsclient
nfsserver/nfs_fha.c optional nfsserver
nfsserver/nfs_serv.c optional nfsserver
nfsserver/nfs_srvkrpc.c optional nfsserver
-nfsserver/nfs_srvsock.c optional nfsserver nfs_legacyrpc
-nfsserver/nfs_srvcache.c optional nfsserver nfs_legacyrpc
+nfsserver/nfs_srvsock.c optional nfsserver
+nfsserver/nfs_srvcache.c optional nfsserver
nfsserver/nfs_srvsubs.c optional nfsserver
-nfsserver/nfs_syscalls.c optional nfsserver nfs_legacyrpc
+nfsserver/nfs_syscalls.c optional nfsserver
nlm/nlm_advlock.c optional nfslockd nfsclient
nlm/nlm_prot_clnt.c optional nfslockd
nlm/nlm_prot_impl.c optional nfslockd
Modified: user/dfr/gssapi/6/sys/conf/options
==============================================================================
--- user/dfr/gssapi/6/sys/conf/options Thu Nov 13 14:58:55 2008 (r184922)
+++ user/dfr/gssapi/6/sys/conf/options Thu Nov 13 15:00:34 2008 (r184923)
@@ -215,6 +215,7 @@ NFSSERVER opt_nfs.h
# legacy RPC implementation instead of the newer KRPC system (which
# supports modern features such as RPCSEC_GSS
NFS_LEGACYRPC opt_nfs.h
+NFS_NEWRPC opt_nfs.h
# filesystems and libiconv bridge
CD9660_ICONV opt_dontuse.h
Modified: user/dfr/gssapi/6/sys/nfsclient/nfs.h
==============================================================================
--- user/dfr/gssapi/6/sys/nfsclient/nfs.h Thu Nov 13 14:58:55 2008 (r184922)
+++ user/dfr/gssapi/6/sys/nfsclient/nfs.h Thu Nov 13 15:00:34 2008 (r184923)
@@ -40,6 +40,10 @@
#include "opt_nfs.h"
#endif
+#if !defined(NFS_NEWRPC) && !defined(NFS_LEGACYRPC)
+#define NFS_LEGACYRPC
+#endif
+
#include <nfsclient/nfsargs.h>
/*
Modified: user/dfr/gssapi/6/sys/nfsserver/nfs.h
==============================================================================
--- user/dfr/gssapi/6/sys/nfsserver/nfs.h Thu Nov 13 14:58:55 2008 (r184922)
+++ user/dfr/gssapi/6/sys/nfsserver/nfs.h Thu Nov 13 15:00:34 2008 (r184923)
@@ -40,6 +40,10 @@
#include "opt_nfs.h"
#endif
+#if !defined(NFS_NEWRPC) && !defined(NFS_LEGACYRPC)
+#define NFS_LEGACYRPC
+#endif
+
/*
* Tunable constants for nfs
*/
Modified: user/dfr/gssapi/6/sys/nfsserver/nfs_srvkrpc.c
==============================================================================
--- user/dfr/gssapi/6/sys/nfsserver/nfs_srvkrpc.c Thu Nov 13 14:58:55 2008 (r184922)
+++ user/dfr/gssapi/6/sys/nfsserver/nfs_srvkrpc.c Thu Nov 13 15:00:34 2008 (r184923)
@@ -351,19 +351,61 @@ nfssvc_program(struct svc_req *rqst, SVC
nfs_realign(&mreq);
/*
- * Note: we want rq_addr, not svc_getrpccaller -
+ * Note: we want rq_addr, not svc_getrpccaller for nd_nam2 -
* NFS_SRVMAXDATA uses a NULL value for nd_nam2 to detect TCP
* mounts.
*/
memset(&nd, 0, sizeof(nd));
nd.nd_md = nd.nd_mrep = mreq;
nd.nd_dpos = mtod(mreq, caddr_t);
- nd.nd_nam = (struct sockaddr *) &xprt->xp_ltaddr;
+ nd.nd_nam = svc_getrpccaller(rqst);
nd.nd_nam2 = rqst->rq_addr;
nd.nd_procnum = procnum;
nd.nd_cr = NULL;
nd.nd_flag = flag;
+ if (nfs_privport) {
+ /* Check if source port is privileged */
+ u_short port;
+ struct sockaddr *nam = nd.nd_nam;
+ struct sockaddr_in *sin;
+
+ sin = (struct sockaddr_in *)nam;
+ /*
+ * INET/INET6 - same code:
+ * sin_port and sin6_port are at same offset
+ */
+ port = ntohs(sin->sin_port);
+ if (port >= IPPORT_RESERVED &&
+ nd.nd_procnum != NFSPROC_NULL) {
+#ifdef INET6
+ char b6[INET6_ADDRSTRLEN];
+#if defined(KLD_MODULE)
+ /* Do not use ip6_sprintf: the nfs module should work without INET6. */
+#define ip6_sprintf(buf, a) \
+ (sprintf((buf), "%x:%x:%x:%x:%x:%x:%x:%x", \
+ (a)->s6_addr16[0], (a)->s6_addr16[1], \
+ (a)->s6_addr16[2], (a)->s6_addr16[3], \
+ (a)->s6_addr16[4], (a)->s6_addr16[5], \
+ (a)->s6_addr16[6], (a)->s6_addr16[7]), \
+ (buf))
+#endif
+#endif
+ printf("NFS request from unprivileged port (%s:%d)\n",
+#ifdef INET6
+ sin->sin_family == AF_INET6 ?
+ ip6_sprintf(b6, &satosin6(sin)->sin6_addr) :
+#if defined(KLD_MODULE)
+#undef ip6_sprintf
+#endif
+#endif
+ inet_ntoa(sin->sin_addr), port);
+ svcerr_weakauth(rqst);
+ svc_freereq(rqst);
+ return;
+ }
+ }
+
if (proc != nfsrv_null) {
if (!svc_getcred(rqst, &nd.nd_cr, &nd.nd_credflavor)) {
svcerr_weakauth(rqst);
Modified: user/dfr/gssapi/6/sys/xdr/xdr_mbuf.c
==============================================================================
--- user/dfr/gssapi/6/sys/xdr/xdr_mbuf.c Thu Nov 13 14:58:55 2008 (r184922)
+++ user/dfr/gssapi/6/sys/xdr/xdr_mbuf.c Thu Nov 13 15:00:34 2008 (r184923)
@@ -65,6 +65,7 @@ void
xdrmbuf_create(XDR *xdrs, struct mbuf *m, enum xdr_op op)
{
+ KASSERT(m != NULL, ("xdrmbuf_create with NULL mbuf chain"));
xdrs->x_op = op;
xdrs->x_ops = &xdrmbuf_ops;
xdrs->x_base = (char *) m;
More information about the svn-src-user
mailing list