[PATCH 1/6] mount: Fix a bug in the legacy version of nfs_name_to_address()

[PATCH 1/6] mount: Fix a bug in the legacy version of nfs_name_to_address()

[Chuck Lever]

The legacy version of nfs_name_to_address() returned an incorrect
value for the size of the returned address.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 utils/mount/network.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/utils/mount/network.c b/utils/mount/network.c
index 92f75b4..b41388e 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -291,7 +291,7 @@ int nfs_name_to_address(const char *hostname,
 	}
 
 	memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
-	*salen = hp->h_length;
+	*salen = sizeof(struct sockaddr_in);
 	return 1;
 }
 #endif	/* HAVE_DECL_AI_ADDRCONFIG */

[PATCH 2/6] nfs(5): document new [no]resvport option

[Chuck Lever]

Kernel 2.6.28 adds a new mount option: [no]resvport.  Document the new
option in the nfs(5) man page.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 utils/mount/nfs.man |   66 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 66 insertions(+), 0 deletions(-)

diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index 0c86559..ad2a14d 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -405,6 +405,23 @@ is legacy caching behavior. This
 is considered a data risk since multiple cached copies
 of the same file on the same client can become out of sync
 following a local update of one of the copies.
+.TP 1.5i
+.BR resvport " / " noresvport
+Specifies whether the NFS client should use a privileged source port
+when communicating with an NFS server for this mount point.
+If this option is not specified, or the
+.B resvport
+option is specified, the NFS client uses a privileged source port.
+If the
+.B noresvport
+option is specified, the NFS client uses a non-privileged source port.
+This option is supported in kernels 2.6.28 and later.
+.IP
+Using non-privileged source ports helps increase the maximum number of
+NFS mount points allowed on a client, but NFS servers must be configured
+to allow clients to connect via non-privileged source ports.
+.IP
+Refer to the SECURITY CONSIDERATIONS section for important details.
 .SS "Valid options for the nfs file system type"
 Use these options, along with the options in the above subsection,
 for mounting the
@@ -1212,6 +1229,55 @@ The Linux client specifies a single security flavor at mount time
 which remains in effect for the lifetime of the mount.
 If the server does not support this flavor,
 the initial mount request is rejected by the server.
+.SS "Using non-privileged source ports"
+NFS clients usually communicate with NFS servers via network sockets.
+Each end of a socket is assigned a port value, which is simply a number
+between 1 and 65535 that distinguishes socket endpoints at the same
+IP address.
+A socket is uniquely defined by a tuple that includes the transport
+protocol (TCP or UDP) and the port values and IP addresses of both
+endpoints.
+.P
+The NFS client can choose any source port value for its sockets,
+but usually chooses a
+.I privileged
+port.
+A privileged port is a port value less than 1024.
+Only a process with root privileges may create a socket
+with a privileged source port.
+.P
+The exact range of privileged source ports that can be chosen is
+set by a pair of sysctls to avoid choosing a well-known port, such as
+the port used by ssh.
+This means the number of source ports available for the NFS client,
+and therefore the number of socket connections that can be used
+at the same time,
+is practically limited to only a few hundred.
+.P
+As described above, the traditional default NFS authentication scheme,
+known as AUTH_SYS, relies on sending local UID and GID numbers to identify
+users making NFS requests.
+An NFS server assumes that if a connection comes from a privileged port,
+the UID and GID numbers in the NFS requests on this connection have been
+verified by the client's kernel or some other local authority.
+This is an easy system to spoof, but on a trusted physical network between
+trusted hosts, it is entirely adequate.
+.P
+Roughly speaking, one socket is used for each NFS mount point.
+If a client could use non-privileged source ports as well,
+the number of sockets allowed,
+and thus the maximum number of concurrent mount points,
+would be much larger.
+.P
+Using non-privileged source ports may compromise server security somewhat,
+since any user on AUTH_SYS mount points can now pretend to be any other
+when making NFS requests.
+Thus NFS servers do not support this by default.
+They explicitly allow it usually via an export option.
+.P
+To retain good security while allowing as many mount points as possible,
+it is best to allow non-privileged client connections only if the server
+and client both require strong authentication, such as Kerberos.
 .SS "Mounting through a firewall"
 A firewall may reside between an NFS client and server,
 or the client or server may block some of its own ports via IP

[PATCH 3/6] nfs(5): document new [no]resvport option

[Chuck Lever]

Kernel 2.6.25 deprecates intr/nointr.  Reflect this change in nfs(5).

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 utils/mount/nfs.man |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index ad2a14d..13de524 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -612,6 +612,13 @@ Using the
 option is preferred to using the
 .B soft
 option because it is significantly less likely to result in data corruption.
+.IP
+The
+.BR intr " / " nointr
+mount option is deprecated after kernel 2.6.25.
+Only SIGKILL can interrupt a pending NFS operation on these kernels,
+and if specified, this mount option is ignored to provide backwards
+compatibility with older kernels.
 .TP 1.5i
 .BR cto " / " nocto
 Selects whether to use close-to-open cache coherence semantics.
@@ -706,6 +713,13 @@ Using the
 option is preferred to using the
 .B soft
 option because it is significantly less likely to result in data corruption.
+.IP
+The
+.BR intr " / " nointr
+mount option is deprecated after kernel 2.6.25.
+Only SIGKILL can interrupt a pending NFS operation on these kernels,
+and if specified, this mount option is ignored to provide backwards
+compatibility with older kernels.
 .TP 1.5i
 .BR cto " / " nocto
 Selects whether to use close-to-open cache coherence semantics

[PATCH 4/6] showmount command: remove legacy RPC logic

[Chuck Lever]

Turns out both legacy RPC and TI-RPC have a clnt_create(3) API.  So there's
really no need to keep the old open-coded transport logic around.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 utils/showmount/showmount.c |  141 -------------------------------------------
 1 files changed, 0 insertions(+), 141 deletions(-)

diff --git a/utils/showmount/showmount.c b/utils/showmount/showmount.c
index 2695c51..418e8b9 100644
--- a/utils/showmount/showmount.c
+++ b/utils/showmount/showmount.c
@@ -78,8 +78,6 @@ static void usage(FILE *fp, int n)
 	exit(n);
 }
 
-#ifdef HAVE_CLNT_CREATE
-
 static const char *nfs_sm_pgmtbl[] = {
 	"showmount",
 	"mount",
@@ -110,145 +108,6 @@ static CLIENT *nfs_get_mount_client(const char *hostname)
 	exit(1);
 }
 
-#else	/* HAVE_CLNT_CREATE */
-
-/*
- *  Perform a non-blocking connect on the socket fd.
- *
- *  tout contains the timeout.  It will be modified to contain the time
- *  remaining (i.e. time provided - time elasped).
- *
- *  Returns zero on success; otherwise, -1 is returned and errno is set
- *  to reflect the nature of the error.
- */
-static int connect_nb(int fd, struct sockaddr_in *addr, struct timeval *tout)
-{
-	int flags, ret;
-	socklen_t len;
-	fd_set rset;
-
-	flags = fcntl(fd, F_GETFL, 0);
-	if (flags < 0)
-		return -1;
-
-	ret = fcntl(fd, F_SETFL, flags | O_NONBLOCK);
-	if (ret < 0)
-		return -1;
-
-	/*
-	 * From here on subsequent sys calls could change errno so
-	 * we set ret = -errno to capture it in case we decide to
-	 * use it later.
-	 */
-	len = sizeof(struct sockaddr);
-	ret = connect(fd, (struct sockaddr *)addr, len);
-	if (ret < 0 && errno != EINPROGRESS) {
-		ret = -1;
-		goto done;
-	}
-
-	if (ret == 0)
-		goto done;
-
-	/* now wait */
-	FD_ZERO(&rset);
-	FD_SET(fd, &rset);
-
-	ret = select(fd + 1, NULL, &rset, NULL, tout);
-	if (ret <= 0) {
-		if (ret == 0)
-			errno = ETIMEDOUT;
-		ret = -1;
-		goto done;
-	}
-
-	if (FD_ISSET(fd, &rset)) {
-		int status;
-
-		len = sizeof(ret);
-		status = getsockopt(fd, SOL_SOCKET, SO_ERROR, &ret, &len);
-		if (status < 0) {
-			ret = -1;
-			goto done;
-		}
-
-		/* Oops - something wrong with connect */
-		if (ret != 0) {
-			errno = ret;
-			ret = -1;
-		}
-	}
-
-done:
-	fcntl(fd, F_SETFL, flags);
-	return ret;
-}
-
-/*
- * Generate an RPC client handle connected to the mountd service
- * at @hostname, or die trying.
- *
- * Supports only AF_INET server addresses.
- */
-static CLIENT *nfs_get_mount_client(const char *hostname)
-{
-	struct hostent *hp;
-	struct sockaddr_in server_addr;
-	struct timeval pertry_timeout;
-	CLIENT *mclient = NULL;
-	int ret, msock;
-
-	if (inet_aton(hostname, &server_addr.sin_addr)) {
-		server_addr.sin_family = AF_INET;
-	}
-	else {
-		if ((hp = gethostbyname(hostname)) == NULL) {
-			fprintf(stderr, "%s: can't get address for %s\n",
-				program_name, hostname);
-			exit(1);
-		}
-		server_addr.sin_family = AF_INET;
-		memcpy(&server_addr.sin_addr, hp->h_addr, hp->h_length);
-	}
-
-	msock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
-	if (msock != -1) {
-		if (nfs_getport_ping((struct sockaddr *)&server_addr,
-					sizeof(server_addr), MOUNTPROG,
-					MOUNTVERS, IPPROTO_TCP)) {
-			ret = connect_nb(msock, &server_addr, 0);
-			if (ret == 0)
-				mclient = clnttcp_create(&server_addr,
-						MOUNTPROG, MOUNTVERS, &msock,
-						0, 0);
-			else
-				close(msock);
-		} else
-			close(msock);
-	}
-
-	if (!mclient) {
-		if (nfs_getport_ping((struct sockaddr *)&server_addr,
-					sizeof(server_addr), MOUNTPROG,
-					MOUNTVERS, IPPROTO_UDP)) {
-			clnt_pcreateerror("showmount");
-			exit(1);
-		}
-		msock = RPC_ANYSOCK;
-		pertry_timeout.tv_sec = TIMEOUT_UDP;
-		pertry_timeout.tv_usec = 0;
-		if ((mclient = clntudp_create(&server_addr,
-		    MOUNTPROG, MOUNTVERS, pertry_timeout, &msock)) == NULL) {
-			clnt_pcreateerror("mount clntudp_create");
-			exit(1);
-		}
-	}
-
-	return mclient;
-}
-
-#endif	/* HAVE_CLNT_CREATE */
-
 int main(int argc, char **argv)
 {
 	char hostname_buf[MAXHOSTLEN];

[PATCH 5/6] nfs-utils: Remove fprintf() call from support/nfs/getport.c

[Chuck Lever]

getport.c is effectively a library, so it should not be emitting messages
via printf.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 support/nfs/getport.c |    3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)

diff --git a/support/nfs/getport.c b/support/nfs/getport.c
index 47824a2..bea3c98 100644
--- a/support/nfs/getport.c
+++ b/support/nfs/getport.c
@@ -175,9 +175,6 @@ static void nfs_gp_set_port(struct sockaddr *sap, const in_port_t port)
 	case AF_INET6:
 		sin6->sin6_port = port;
 		break;
-	default:
-		fprintf(stderr, "%s: unrecognized address family\n",
-			__func__);
 	}
 }
 

[PATCH 6/6] configure: fix AC_CACHE_VAL warnings on Fedora 10

[Chuck Lever]

Autoconf 2.63 (and maybe earlier releases) complains about the cache
variable name used in aclocal/libblkid.m4:

configure.ac:217: warning: AC_CACHE_VAL(libblkid_is_recent, ...):
suspicious cache-id, must contain _cv_ to be cached
../../lib/autoconf/general.m4:1974: AC_CACHE_VAL is expanded from...
aclocal/libblkid.m4:2: AC_BLKID_VERS is expanded from...
configure.ac:217: the top level

This addresses
  https://bugzilla.redhat.com/attachment.cgi?bugid=481386 .

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 aclocal/libblkid.m4 |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/aclocal/libblkid.m4 b/aclocal/libblkid.m4
index d751a8c..214ef50 100644
--- a/aclocal/libblkid.m4
+++ b/aclocal/libblkid.m4
@@ -1,7 +1,7 @@
 dnl *************************** libblkid needs version 1.40 or later ***********************
 AC_DEFUN([AC_BLKID_VERS], [
   AC_MSG_CHECKING(for suitable libblkid version)
-  AC_CACHE_VAL(libblkid_is_recent,
+  AC_CACHE_VAL(libblkid_cv_is_recent,
    [
     saved_LIBS="$LIBS"
     LIBS=-lblkid
@@ -12,9 +12,9 @@ AC_DEFUN([AC_BLKID_VERS], [
 		int vers = blkid_get_library_version(0, 0);
 		return vers >= 140 ? 0 : 1;
 	}
-       ], libblkid_is_recent=yes, libblkid_is_recent=no,
-       libblkid_is_recent=unknown)
+       ], libblkid_cv_is_recent=yes, libblkid_cv_is_recent=no,
+       libblkid_cv_is_recent=unknown)
     LIBS="$saved_LIBS"
     ])dnl
-  AC_MSG_RESULT($libblkid_is_recent)
+  AC_MSG_RESULT($libblkid_cv_is_recent)
 ])dnl

Re: [PATCH 1/6] mount: Fix a bug in the legacy version of nfs_name_to_address()

[Steve Dickson]

All 6 patches have been committed...

steved.

Chuck Lever wrote:
> The legacy version of nfs_name_to_address() returned an incorrect
> value for the size of the returned address.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
> 
>  utils/mount/network.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/utils/mount/network.c b/utils/mount/network.c
> index 92f75b4..b41388e 100644
> --- a/utils/mount/network.c
> +++ b/utils/mount/network.c
> @@ -291,7 +291,7 @@ int nfs_name_to_address(const char *hostname,
>  	}
>  
>  	memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
> -	*salen = hp->h_length;
> +	*salen = sizeof(struct sockaddr_in);
>  	return 1;
>  }
>  #endif	/* HAVE_DECL_AI_ADDRCONFIG */
>