upstream/illumos/illumos-gate: changeset 9987:f2e8d2b3f311

--- a/usr/src/uts/common/fs/nfs/nfs_server.c	Mon Jun 29 06:20:33 2009 -0700
+++ b/usr/src/uts/common/fs/nfs/nfs_server.c	Mon Jun 29 11:32:01 2009 -0500
@@ -2009,8 +2009,8 @@
 	int anon_res = 0;
 
 	/*
-	 *	Check for privileged port number
-	 *	N.B.:  this assumes that we know the format of a netbuf.
+	 * Check for privileged port number
+	 * N.B.:  this assumes that we know the format of a netbuf.
 	 */
 	if (nfs_portmon) {
 		struct sockaddr *ca;
@@ -2259,6 +2259,31 @@
 	cs->access &= ~CS_ACCESS_LIMITED;
 
 	/*
+	 * Check for privileged port number
+	 * N.B.:  this assumes that we know the format of a netbuf.
+	 */
+	if (nfs_portmon) {
+		struct sockaddr *ca;
+		ca = (struct sockaddr *)svc_getrpccaller(req->rq_xprt)->buf;
+
+		if (ca == NULL)
+			return (0);
+
+		if ((ca->sa_family == AF_INET &&
+		    ntohs(((struct sockaddr_in *)ca)->sin_port) >=
+		    IPPORT_RESERVED) ||
+		    (ca->sa_family == AF_INET6 &&
+		    ntohs(((struct sockaddr_in6 *)ca)->sin6_port) >=
+		    IPPORT_RESERVED)) {
+			cmn_err(CE_NOTE,
+			    "nfs_server: client %s%ssent NFSv4 request from "
+			    "unprivileged port",
+			    client_name(req), client_addr(req, buf));
+			return (0);
+		}
+	}
+
+	/*
 	 * Check the access right per auth flavor on the vnode of
 	 * this export for the given request.
 	 */

author	Thomas Haynes <Thomas.Haynes@Sun.COM>
	Mon, 29 Jun 2009 11:32:01 -0500
changeset 9987	f2e8d2b3f311
parent 9986	4d51e0eb2206
child 9988	4066d8f807e9