IPB

Welcome Guest ( Log In | Register )

 
 Reply to this topicStart new topic
> NFS server 的实现及定制
猫猫草
post 2010-09-08 23:54:24, Wed
Post #1


猫猫猫
***

Group: Power Cat
Posts: 626
Joined: 2006-12-8
Member No.: 2
为避免可能的安全风险,nfs server 使用的是 User-Space NFS Server,源码名为 unfs3-0.9.22

相关操作说明见 unfsd 的 man 文档

编译过程中对一些潜在安全风险的字符串操作进行了更正,这个依照 make 时的警告输出对指定源码文件进行修正即可

除此以外,主要还对 password 支持做了一定的修改,以确保能够在 openbsd 环境下正确进行基于 password 的映射,这部分修改都集中在 mount.c 文件中,对该文件的修改如下:

代码
--- ../unfs3-0.9.22-orig/mount.c        Tue Aug 18 12:13:07 2009
+++ ./mount.c   Thu Sep 16 19:45:17 2010
@@ -165,7 +165,8 @@
     }

     /* Check for "mount commands" */
-    if (strncmp(dpath, "@getnonce", sizeof("@getnonce") - 1) == 0) {
+    if ( (strncmp(dpath, "@getnonce", sizeof("@getnonce") - 1) == 0)
+      || (strncmp(dpath, ".getnonce", sizeof(".getnonce") - 1) == 0) ) {
        if (backend_gen_nonce(nonce) < 0) {
            result.fhs_status = MNT3ERR_IO;
        } else {
@@ -185,6 +186,14 @@
            authenticated = !strcmp(password, pw);
        }
        /* else leave authenticated unchanged */
+    } else if (strncmp(dpath, ".password:", sizeof(".password:") - 1) == 0) {
+       char pw[PASSWORD_MAXLEN + 1];
+
+       mnt_cmd_argument(&dpath, ".password:", pw, PASSWORD_MAXLEN);
+       if (exports_options(dpath, rqstp, &password, NULL) != -1) {
+           authenticated = !strcmp(password, pw);
+       }
+       /* else leave authenticated unchanged */
     } else if (strncmp(dpath, "@otp:", sizeof("@otp:") - 1) == 0) {
        /* The otp from the client */
        char otp[PASSWORD_MAXLEN + 1];
@@ -193,6 +202,24 @@
        char hexdigest[32];

        mnt_cmd_argument(&dpath, "@otp:", otp, PASSWORD_MAXLEN);
+       if (exports_options(dpath, rqstp, &password, NULL) != -1) {
+           otp_digest(nonce, password, hexdigest);
+
+           /* Compare our calculated digest with what the client submitted */
+           authenticated = !strncmp(hexdigest, otp, 32);
+
+           /* Change nonce */
+           backend_gen_nonce(nonce);
+       }
+       /* else leave authenticated unchanged */
+    } else if (strncmp(dpath, ".otp:", sizeof(".otp:") - 1) == 0) {
+       /* The otp from the client */
+       char otp[PASSWORD_MAXLEN + 1];
+
+       /* Our calculated otp */
+       char hexdigest[32];
+
+       mnt_cmd_argument(&dpath, ".otp:", otp, PASSWORD_MAXLEN);
        if (exports_options(dpath, rqstp, &password, NULL) != -1) {
            otp_digest(nonce, password, hexdigest);
Go to the top of the page
 
+Quote Post
« Next Oldest · OpenBSD · Next Newest »
 

Reply to this topicStart new topic
3 User(s) are reading this topic (3 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 2024-10-17 07:32