mirror of
				https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
				synced 2025-10-25 13:41:08 +00:00 
			
		
		
		
	 d740351bf0
			
		
	
	
		d740351bf0
		
	
	
	
	
		
			
			The standard default security setting for NFS is AUTH_SYS. An NFS client connects to NFS servers via a privileged source port and a fixed standard destination port (2049). The client sends raw uid and gid numbers to identify users making NFS requests, and the server assumes an appropriate authority on the client has vetted these values because the source port is privileged. On Linux, by default in-kernel RPC services use a privileged port in the range between 650 and 1023 to avoid using source ports of well- known IP services. Using such a small range limits the number of NFS mount points and the number of unique NFS servers to which a client can connect concurrently. An NFS client can use unprivileged source ports to expand the range of source port numbers, allowing more concurrent server connections and more NFS mount points. Servers must explicitly allow NFS connections from unprivileged ports for this to work. In the past, bumping the value of the sunrpc.max_resvport sysctl on the client would permit the NFS client to use unprivileged ports. Bumping this setting also changes the maximum port number used by other in-kernel RPC services, some of which still required a port number less than 1023. This is exacerbated by the way source port numbers are chosen by the Linux RPC client, which starts at the top of the range and works downwards. It means that bumping the maximum means all RPC services requesting a source port will likely get an unprivileged port instead of a privileged one. Changing this setting effects all NFS mount points on a client. A sysadmin could not selectively choose which mount points would use non-privileged ports and which could not. Lastly, this mechanism of expanding the limit on the number of NFS mount points was entirely undocumented. To address the need for the NFS client to use a large range of source ports without interfering with the activity of other in-kernel RPC services, we introduce a new NFS mount option. This option explicitly tells only the NFS client to use a non-privileged source port when communicating with the NFS server for one specific mount point. This new mount option is called "resvport," like the similar NFS mount option on FreeBSD and Mac OS X. A sister patch for nfs-utils will be submitted that documents this new option in nfs(5). The default setting for this new mount option requires the NFS client to use a privileged port, as before. Explicitly specifying the "noresvport" mount option allows the NFS client to use an unprivileged source port for this mount point when connecting to the NFS server port. This mount option is supported only for text-based NFS mounts. [ Sidebar: it is widely known that security mechanisms based on the use of privileged source ports are ineffective. However, the NFS client can combine the use of unprivileged ports with the use of secure authentication mechanisms, such as Kerberos. This allows a large number of connections and mount points while ensuring a useful level of security. Eventually we may change the default setting for this option depending on the security flavor used for the mount. For example, if the mount is using only AUTH_SYS, then the default setting will be "resvport;" if the mount is using a strong security flavor such as krb5, the default setting will be "noresvport." ] Signed-off-by: Chuck Lever <chuck.lever@oracle.com> [Trond.Myklebust@netapp.com: Fixed a bug whereby nfs4_init_client() was being called with incorrect arguments.] Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
		
			
				
	
	
		
			74 lines
		
	
	
		
			2.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			74 lines
		
	
	
		
			2.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| #ifndef _LINUX_NFS_MOUNT_H
 | |
| #define _LINUX_NFS_MOUNT_H
 | |
| 
 | |
| /*
 | |
|  *  linux/include/linux/nfs_mount.h
 | |
|  *
 | |
|  *  Copyright (C) 1992  Rick Sladkey
 | |
|  *
 | |
|  *  structure passed from user-space to kernel-space during an nfs mount
 | |
|  */
 | |
| #include <linux/in.h>
 | |
| #include <linux/nfs.h>
 | |
| #include <linux/nfs2.h>
 | |
| #include <linux/nfs3.h>
 | |
| 
 | |
| /*
 | |
|  * WARNING!  Do not delete or change the order of these fields.  If
 | |
|  * a new field is required then add it to the end.  The version field
 | |
|  * tracks which fields are present.  This will ensure some measure of
 | |
|  * mount-to-kernel version compatibility.  Some of these aren't used yet
 | |
|  * but here they are anyway.
 | |
|  */
 | |
| #define NFS_MOUNT_VERSION	6
 | |
| #define NFS_MAX_CONTEXT_LEN	256
 | |
| 
 | |
| struct nfs_mount_data {
 | |
| 	int		version;		/* 1 */
 | |
| 	int		fd;			/* 1 */
 | |
| 	struct nfs2_fh	old_root;		/* 1 */
 | |
| 	int		flags;			/* 1 */
 | |
| 	int		rsize;			/* 1 */
 | |
| 	int		wsize;			/* 1 */
 | |
| 	int		timeo;			/* 1 */
 | |
| 	int		retrans;		/* 1 */
 | |
| 	int		acregmin;		/* 1 */
 | |
| 	int		acregmax;		/* 1 */
 | |
| 	int		acdirmin;		/* 1 */
 | |
| 	int		acdirmax;		/* 1 */
 | |
| 	struct sockaddr_in addr;		/* 1 */
 | |
| 	char		hostname[NFS_MAXNAMLEN + 1];		/* 1 */
 | |
| 	int		namlen;			/* 2 */
 | |
| 	unsigned int	bsize;			/* 3 */
 | |
| 	struct nfs3_fh	root;			/* 4 */
 | |
| 	int		pseudoflavor;		/* 5 */
 | |
| 	char		context[NFS_MAX_CONTEXT_LEN + 1];	/* 6 */
 | |
| };
 | |
| 
 | |
| /* bits in the flags field visible to user space */
 | |
| 
 | |
| #define NFS_MOUNT_SOFT		0x0001	/* 1 */
 | |
| #define NFS_MOUNT_INTR		0x0002	/* 1 */ /* now unused, but ABI */
 | |
| #define NFS_MOUNT_SECURE	0x0004	/* 1 */
 | |
| #define NFS_MOUNT_POSIX		0x0008	/* 1 */
 | |
| #define NFS_MOUNT_NOCTO		0x0010	/* 1 */
 | |
| #define NFS_MOUNT_NOAC		0x0020	/* 1 */
 | |
| #define NFS_MOUNT_TCP		0x0040	/* 2 */
 | |
| #define NFS_MOUNT_VER3		0x0080	/* 3 */
 | |
| #define NFS_MOUNT_KERBEROS	0x0100	/* 3 */
 | |
| #define NFS_MOUNT_NONLM		0x0200	/* 3 */
 | |
| #define NFS_MOUNT_BROKEN_SUID	0x0400	/* 4 */
 | |
| #define NFS_MOUNT_NOACL		0x0800	/* 4 */
 | |
| #define NFS_MOUNT_STRICTLOCK	0x1000	/* reserved for NFSv4 */
 | |
| #define NFS_MOUNT_SECFLAVOUR	0x2000	/* 5 */
 | |
| #define NFS_MOUNT_NORDIRPLUS	0x4000	/* 5 */
 | |
| #define NFS_MOUNT_UNSHARED	0x8000	/* 5 */
 | |
| #define NFS_MOUNT_FLAGMASK	0xFFFF
 | |
| 
 | |
| /* The following are for internal use only */
 | |
| #define NFS_MOUNT_LOOKUP_CACHE_NONEG	0x10000
 | |
| #define NFS_MOUNT_LOOKUP_CACHE_NONE	0x20000
 | |
| #define NFS_MOUNT_NORESVPORT		0x40000
 | |
| 
 | |
| #endif
 |