On 2009-01-29, Jaakko Heinonen wrote: > > > It appears to me that TCP connections to remote nfsd use a > > > privileged source port initially, > > > but if the connection is severed and reestablished later the source > > > port is no longer < 1024. Client is -CURRENT, server is solaris with > > > nfssrv:nfs_portmon=1. > > Indeed it looks like the new RPC code (I didn't verify that the old > works though) doesn't honour the resvport mount option on reconnects. I think I found the bug. The new RPC code doesn't properly elevate privileges before bindresvport() call in clnt_reconnect_connect(). For initial connection bindresvport() succeeds because the process has elevated privileges at that time. Does this patch fix the problem for you? %%% Index: sys/rpc/clnt_rc.c =================================================================== --- sys/rpc/clnt_rc.c (revision 187877) +++ sys/rpc/clnt_rc.c (working copy) _at__at_ -181,11 +181,12 _at__at_ again: rpc_createerr.cf_error.re_errno = 0; goto out; } - if (rc->rc_privport) - bindresvport(so, NULL); oldcred = td->td_ucred; td->td_ucred = rc->rc_ucred; + if (rc->rc_privport) + bindresvport(so, NULL); + if (rc->rc_nconf->nc_semantics == NC_TPI_CLTS) rc->rc_client = clnt_dg_create(so, (struct sockaddr *) &rc->rc_addr, rc->rc_prog, rc->rc_vers, %%% -- JaakkoReceived on Thu Jan 29 2009 - 14:20:13 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:41 UTC