On Thu, 2009-01-29 at 17:20 +0200, Jaakko Heinonen wrote: > On 2009-01-29, Jaakko Heinonen wrote: > > > > It appears to me that TCP connections to remote nfsd use a > > > > privileged source port initially, > > > > but if the connection is severed and reestablished later the source > > > > port is no longer < 1024. Client is -CURRENT, server is solaris with > > > > nfssrv:nfs_portmon=1. > > > > Indeed it looks like the new RPC code (I didn't verify that the old > > works though) doesn't honour the resvport mount option on reconnects. > > I think I found the bug. The new RPC code doesn't properly elevate > privileges before bindresvport() call in clnt_reconnect_connect(). For > initial connection bindresvport() succeeds because the process has > elevated privileges at that time. > > Does this patch fix the problem for you? > > %%% > Index: sys/rpc/clnt_rc.c > =================================================================== > --- sys/rpc/clnt_rc.c (revision 187877) > +++ sys/rpc/clnt_rc.c (working copy) > _at__at_ -181,11 +181,12 _at__at_ again: > rpc_createerr.cf_error.re_errno = 0; > goto out; > } > - if (rc->rc_privport) > - bindresvport(so, NULL); > > oldcred = td->td_ucred; > td->td_ucred = rc->rc_ucred; > + if (rc->rc_privport) > + bindresvport(so, NULL); > + > if (rc->rc_nconf->nc_semantics == NC_TPI_CLTS) > rc->rc_client = clnt_dg_create(so, > (struct sockaddr *) &rc->rc_addr, rc->rc_prog, rc->rc_vers, > %%% > Yes. This patch resolves my issues. Thanks for the quick fix! Commit! Sean BrunoReceived on Thu Jan 29 2009 - 20:53:44 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:41 UTC