Split handling reserved port handling for NFS rpcs and mount rpcs up;

-noresport -> -noresvport, and new option: -noresvmnt

Include a warning in the exports manual page on how -alldirs does
not guarantee that all accesses from a client stay below the mounted
subdirectory.

sbin/mountd/exports.5

@@ -1,4 +1,4 @@
-.\"	$NetBSD: exports.5,v 1.10 1997/03/23 20:58:14 fvdl Exp $
+.\"	$NetBSD: exports.5,v 1.11 1997/03/30 20:53:31 fvdl Exp $
 .\"
 .\" Copyright (c) 1989, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -78,7 +78,12 @@ flag;
 this form allows the host(s) to mount at any point within the filesystem,
 including regular files if the
 .Fl r
-option is used on mountd.
+option is used on mountd. Note that the
+.Fl alldirs
+option should not be used as a security measure to make clients mount
+only those subdirectories that they should have access to. A client
+can still access the whole filesystem via individual RPCs if it
+wanted to, even if just one subdirectory has been mounted.
 The pathnames must not have any symbolic links in them and should not have
 any "." or ".." components.
 Mount points for a filesystem may appear on multiple lines each with
@@ -160,11 +165,18 @@ is a synonym for
 in an effort to be backward compatible with older export file formats.
 .Pp
 The
-.Fl noresport
-option specifies that requests for the filesystem do not have to come
-from reserved ports. Normally clients are required to use reserved
-ports for operations. This includes mount/unmount as well as individual
-NFS requests.
+.Fl noresvport
+option specifies that NFS RPC calls for the filesystem do not have to come
+from reserved ports. Normally, clients are required to use reserved
+ports for operations. Using this option decreases the security of your
+system.
+.Pp
+The
+.Fl noresvmnt
+option specifies that mount RPC requests for the filesystem do not have
+to come from reserved ports. Normally, clients are required to use reserved
+ports for mount requests. Using this option decreases the security of
+your system.
 .Pp
 The third component of a line specifies the host set to which the line applies.
 The set may be specified in three ways.

sbin/mountd/mountd.8

@@ -1,4 +1,4 @@
-.\"	$NetBSD: mountd.8,v 1.13 1997/03/23 20:58:16 fvdl Exp $
+.\"	$NetBSD: mountd.8,v 1.14 1997/03/30 20:53:32 fvdl Exp $
 .\"
 .\" Copyright (c) 1989, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.

sbin/mountd/mountd.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: mountd.c,v 1.36 1997/03/23 20:58:18 fvdl Exp $	*/
+/*	$NetBSD: mountd.c,v 1.37 1997/03/30 20:53:33 fvdl Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993
@@ -52,7 +52,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)mountd.c  8.15 (Berkeley) 5/1/95";
 #else
-static char rcsid[] = "$NetBSD: mountd.c,v 1.36 1997/03/23 20:58:18 fvdl Exp $";
+static char rcsid[] = "$NetBSD: mountd.c,v 1.37 1997/03/30 20:53:33 fvdl Exp $";
 #endif
 #endif /* not lint */
 
@@ -111,7 +111,7 @@ struct dirlist {
 #define	DP_DEFSET	0x1
 #define DP_HOSTSET	0x2
 #define DP_KERB		0x4
-#define DP_NORESPORT	0x8
+#define DP_NORESMNT	0x8
 
 struct exportlist {
 	struct exportlist *ex_next;
@@ -227,14 +227,15 @@ struct ucred def_anon = {
 };
 int opt_flags;
 /* Bits for above */
-#define	OP_MAPROOT	0x01
-#define	OP_MAPALL	0x02
-#define	OP_KERB		0x04
-#define	OP_MASK		0x08
-#define	OP_NET		0x10
-#define	OP_ISO		0x20
-#define	OP_ALLDIRS	0x40
-#define OP_NORESPORT	0x80
+#define	OP_MAPROOT	0x001
+#define	OP_MAPALL	0x002
+#define	OP_KERB		0x004
+#define	OP_MASK		0x008
+#define	OP_NET		0x010
+#define	OP_ISO		0x020
+#define	OP_ALLDIRS	0x040
+#define OP_NORESPORT	0x080
+#define OP_NORESMNT	0x100
 
 int debug = 0;
 void	SYSLOG __P((int, const char *, ...));
@@ -387,7 +388,7 @@ mntsrv(rqstp, transp)
 		     (defset && scan_tree(ep->ex_defdir, saddr.s_addr) == 0 &&
 		      scan_tree(ep->ex_dirl, saddr.s_addr) == 0))) {
 			if (sport >= IPPORT_RESERVED &&
-			    !(hostset & DP_NORESPORT)) {
+			    !(hostset & DP_NORESMNT)) {
 				syslog(LOG_NOTICE,
 				       "Refused mount RPC from host %s port %d",
 				       inet_ntoa(saddr), sport);
@@ -1057,14 +1058,14 @@ hang_dirp(dp, grp, ep, flags)
 			ep->ex_defdir->dp_flag |= DP_DEFSET;
 			if (flags & OP_KERB)
 				ep->ex_defdir->dp_flag |= DP_KERB;
-			if (flags & OP_NORESPORT)
-				ep->ex_defdir->dp_flag |= DP_NORESPORT;
+			if (flags & OP_NORESMNT)
+				ep->ex_defdir->dp_flag |= DP_NORESMNT;
 		} else while (grp) {
 			hp = get_ht();
 			if (flags & OP_KERB)
 				hp->ht_flag |= DP_KERB;
-			if (flags & OP_NORESPORT)
-				hp->ht_flag |= DP_NORESPORT;
+			if (flags & OP_NORESMNT)
+				hp->ht_flag |= DP_NORESMNT;
 			hp->ht_grp = grp;
 			hp->ht_next = ep->ex_defdir->dp_hosts;
 			ep->ex_defdir->dp_hosts = hp;
@@ -1123,8 +1124,8 @@ add_dlist(dpp, newdp, grp, flags)
 			hp = get_ht();
 			if (flags & OP_KERB)
 				hp->ht_flag |= DP_KERB;
-			if (flags & OP_NORESPORT)
-				hp->ht_flag |= DP_NORESPORT;
+			if (flags & OP_NORESMNT)
+				hp->ht_flag |= DP_NORESMNT;
 			hp->ht_grp = grp;
 			hp->ht_next = dp->dp_hosts;
 			dp->dp_hosts = hp;
@@ -1134,8 +1135,8 @@ add_dlist(dpp, newdp, grp, flags)
 		dp->dp_flag |= DP_DEFSET;
 		if (flags & OP_KERB)
 			dp->dp_flag |= DP_KERB;
-		if (flags & OP_NORESPORT)
-			dp->dp_flag |= DP_NORESPORT;
+		if (flags & OP_NORESMNT)
+			dp->dp_flag |= DP_NORESMNT;
 	}
 }
 
@@ -1327,7 +1328,9 @@ do_opt(cpp, endcpp, ep, grp, has_hostp, exflagsp, cr)
 			opt_flags |= OP_NET;
 		} else if (!strcmp(cpopt, "alldirs")) {
 			opt_flags |= OP_ALLDIRS;
-		} else if (!strcmp(cpopt, "noresport")) {
+		} else if (!strcmp(cpopt, "noresvmnt")) {
+			opt_flags |= OP_NORESMNT;
+		} else if (!strcmp(cpopt, "noresvport")) {
 			opt_flags |= OP_NORESPORT;
 			*exflagsp |= MNT_EXNORESPORT;
 #ifdef ISO
@@ -1920,7 +1923,7 @@ del_mlist(hostp, dirp, saddr)
 	while (mlp) {
 		if (!strcmp(mlp->ml_host, hostp) &&
 		    (!dirp || !strcmp(mlp->ml_dirp, dirp))) {
-			if (!(mlp->ml_flag & DP_NORESPORT) &&
+			if (!(mlp->ml_flag & DP_NORESMNT) &&
 			    ntohs(sin->sin_port) >= IPPORT_RESERVED) {
 				syslog(LOG_NOTICE,
 				   "Umount request for %s:%s from %s refused\n",

usr.sbin/mountd/exports.5

@@ -1,4 +1,4 @@
-.\"	$NetBSD: exports.5,v 1.10 1997/03/23 20:58:14 fvdl Exp $
+.\"	$NetBSD: exports.5,v 1.11 1997/03/30 20:53:31 fvdl Exp $
 .\"
 .\" Copyright (c) 1989, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -78,7 +78,12 @@ flag;
 this form allows the host(s) to mount at any point within the filesystem,
 including regular files if the
 .Fl r
-option is used on mountd.
+option is used on mountd. Note that the
+.Fl alldirs
+option should not be used as a security measure to make clients mount
+only those subdirectories that they should have access to. A client
+can still access the whole filesystem via individual RPCs if it
+wanted to, even if just one subdirectory has been mounted.
 The pathnames must not have any symbolic links in them and should not have
 any "." or ".." components.
 Mount points for a filesystem may appear on multiple lines each with
@@ -160,11 +165,18 @@ is a synonym for
 in an effort to be backward compatible with older export file formats.
 .Pp
 The
-.Fl noresport
-option specifies that requests for the filesystem do not have to come
-from reserved ports. Normally clients are required to use reserved
-ports for operations. This includes mount/unmount as well as individual
-NFS requests.
+.Fl noresvport
+option specifies that NFS RPC calls for the filesystem do not have to come
+from reserved ports. Normally, clients are required to use reserved
+ports for operations. Using this option decreases the security of your
+system.
+.Pp
+The
+.Fl noresvmnt
+option specifies that mount RPC requests for the filesystem do not have
+to come from reserved ports. Normally, clients are required to use reserved
+ports for mount requests. Using this option decreases the security of
+your system.
 .Pp
 The third component of a line specifies the host set to which the line applies.
 The set may be specified in three ways.

usr.sbin/mountd/mountd.8

@@ -1,4 +1,4 @@
-.\"	$NetBSD: mountd.8,v 1.13 1997/03/23 20:58:16 fvdl Exp $
+.\"	$NetBSD: mountd.8,v 1.14 1997/03/30 20:53:32 fvdl Exp $
 .\"
 .\" Copyright (c) 1989, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.

usr.sbin/mountd/mountd.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: mountd.c,v 1.36 1997/03/23 20:58:18 fvdl Exp $	*/
+/*	$NetBSD: mountd.c,v 1.37 1997/03/30 20:53:33 fvdl Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993
@@ -52,7 +52,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)mountd.c  8.15 (Berkeley) 5/1/95";
 #else
-static char rcsid[] = "$NetBSD: mountd.c,v 1.36 1997/03/23 20:58:18 fvdl Exp $";
+static char rcsid[] = "$NetBSD: mountd.c,v 1.37 1997/03/30 20:53:33 fvdl Exp $";
 #endif
 #endif /* not lint */
 
@@ -111,7 +111,7 @@ struct dirlist {
 #define	DP_DEFSET	0x1
 #define DP_HOSTSET	0x2
 #define DP_KERB		0x4
-#define DP_NORESPORT	0x8
+#define DP_NORESMNT	0x8
 
 struct exportlist {
 	struct exportlist *ex_next;
@@ -227,14 +227,15 @@ struct ucred def_anon = {
 };
 int opt_flags;
 /* Bits for above */
-#define	OP_MAPROOT	0x01
-#define	OP_MAPALL	0x02
-#define	OP_KERB		0x04
-#define	OP_MASK		0x08
-#define	OP_NET		0x10
-#define	OP_ISO		0x20
-#define	OP_ALLDIRS	0x40
-#define OP_NORESPORT	0x80
+#define	OP_MAPROOT	0x001
+#define	OP_MAPALL	0x002
+#define	OP_KERB		0x004
+#define	OP_MASK		0x008
+#define	OP_NET		0x010
+#define	OP_ISO		0x020
+#define	OP_ALLDIRS	0x040
+#define OP_NORESPORT	0x080
+#define OP_NORESMNT	0x100
 
 int debug = 0;
 void	SYSLOG __P((int, const char *, ...));
@@ -387,7 +388,7 @@ mntsrv(rqstp, transp)
 		     (defset && scan_tree(ep->ex_defdir, saddr.s_addr) == 0 &&
 		      scan_tree(ep->ex_dirl, saddr.s_addr) == 0))) {
 			if (sport >= IPPORT_RESERVED &&
-			    !(hostset & DP_NORESPORT)) {
+			    !(hostset & DP_NORESMNT)) {
 				syslog(LOG_NOTICE,
 				       "Refused mount RPC from host %s port %d",
 				       inet_ntoa(saddr), sport);
@@ -1057,14 +1058,14 @@ hang_dirp(dp, grp, ep, flags)
 			ep->ex_defdir->dp_flag |= DP_DEFSET;
 			if (flags & OP_KERB)
 				ep->ex_defdir->dp_flag |= DP_KERB;
-			if (flags & OP_NORESPORT)
-				ep->ex_defdir->dp_flag |= DP_NORESPORT;
+			if (flags & OP_NORESMNT)
+				ep->ex_defdir->dp_flag |= DP_NORESMNT;
 		} else while (grp) {
 			hp = get_ht();
 			if (flags & OP_KERB)
 				hp->ht_flag |= DP_KERB;
-			if (flags & OP_NORESPORT)
-				hp->ht_flag |= DP_NORESPORT;
+			if (flags & OP_NORESMNT)
+				hp->ht_flag |= DP_NORESMNT;
 			hp->ht_grp = grp;
 			hp->ht_next = ep->ex_defdir->dp_hosts;
 			ep->ex_defdir->dp_hosts = hp;
@@ -1123,8 +1124,8 @@ add_dlist(dpp, newdp, grp, flags)
 			hp = get_ht();
 			if (flags & OP_KERB)
 				hp->ht_flag |= DP_KERB;
-			if (flags & OP_NORESPORT)
-				hp->ht_flag |= DP_NORESPORT;
+			if (flags & OP_NORESMNT)
+				hp->ht_flag |= DP_NORESMNT;
 			hp->ht_grp = grp;
 			hp->ht_next = dp->dp_hosts;
 			dp->dp_hosts = hp;
@@ -1134,8 +1135,8 @@ add_dlist(dpp, newdp, grp, flags)
 		dp->dp_flag |= DP_DEFSET;
 		if (flags & OP_KERB)
 			dp->dp_flag |= DP_KERB;
-		if (flags & OP_NORESPORT)
-			dp->dp_flag |= DP_NORESPORT;
+		if (flags & OP_NORESMNT)
+			dp->dp_flag |= DP_NORESMNT;
 	}
 }
 
@@ -1327,7 +1328,9 @@ do_opt(cpp, endcpp, ep, grp, has_hostp, exflagsp, cr)
 			opt_flags |= OP_NET;
 		} else if (!strcmp(cpopt, "alldirs")) {
 			opt_flags |= OP_ALLDIRS;
-		} else if (!strcmp(cpopt, "noresport")) {
+		} else if (!strcmp(cpopt, "noresvmnt")) {
+			opt_flags |= OP_NORESMNT;
+		} else if (!strcmp(cpopt, "noresvport")) {
 			opt_flags |= OP_NORESPORT;
 			*exflagsp |= MNT_EXNORESPORT;
 #ifdef ISO
@@ -1920,7 +1923,7 @@ del_mlist(hostp, dirp, saddr)
 	while (mlp) {
 		if (!strcmp(mlp->ml_host, hostp) &&
 		    (!dirp || !strcmp(mlp->ml_dirp, dirp))) {
-			if (!(mlp->ml_flag & DP_NORESPORT) &&
+			if (!(mlp->ml_flag & DP_NORESMNT) &&
 			    ntohs(sin->sin_port) >= IPPORT_RESERVED) {
 				syslog(LOG_NOTICE,
 				   "Umount request for %s:%s from %s refused\n",