vnfs: add -i flag to allow remote root

man/man8/vbackup.8

@@ -52,7 +52,7 @@ back up Unix file systems to Venti
 .PP
 .B vnfs
 [
-.B -ELLRVr
+.B -ELLRVir
 ]
 [
 .B -a
@@ -277,6 +277,12 @@ file system mentioned in the configuration.
 .BI -c " cachesize
 Set the number of blocks stored by the in-memory venti cache.
 .TP
+.B -i
+Run in ``insecure'' mode, allowing remote root users to 
+use uid and gid 0 and read any file.
+(Normally, remote root is mapped to uid and gid \-1
+and has no special permissions.)
+.TP
 .B -r
 Respond to all requests with a Sun RPC rejection.
 This is useful during debugging.

src/cmd/vbackup/nfs3srv.c

@@ -10,6 +10,8 @@
 #include <nfs3.h>
 #include "nfs3srv.h"
 
+int			insecure = 0;
+
 static SunStatus
 authunixunpack(SunRpc *rpc, SunAuthUnix *au)
 {
@@ -23,10 +25,12 @@ authunixunpack(SunRpc *rpc, SunAuthUnix *au)
 	ep = p+ai->ndata;
 	if(sunauthunixunpack(p, ep, &p, au) < 0)
 		return SunGarbageArgs;
-	if(au->uid == 0)
+	if(!insecure){
-		au->uid = -1;
+		if(au->uid == 0)
-	if(au->gid == 0)
+			au->uid = -1;
-		au->gid = -1;
+		if(au->gid == 0)
+			au->gid = -1;
+	}
 
 	return SunSuccess;
 }

src/cmd/vbackup/nfs3srv.h

@@ -9,6 +9,8 @@ Nfs3Status	fsreaddir(SunAuthUnix*, Nfs3Handle*, u32int, u64int, uchar**, u32int*
 extern void nfs3proc(void*);
 extern void mount3proc(void*);
 
+extern int insecure;
+
 enum
 {
 	MaxDataSize = 8192

src/cmd/vbackup/vnfs.c

@@ -74,7 +74,7 @@ u64int	unittoull(char*);
 void
 usage(void)
 {
-	fprint(2, "usage: vnfs [-LLRVr] [-a addr] [-b blocksize] [-c cachesize] configfile\n");
+	fprint(2, "usage: vnfs [-LLRVir] [-a addr] [-b blocksize] [-c cachesize] configfile\n");
 	threadexitsall("usage");
 }
 
@@ -128,6 +128,9 @@ threadmain(int argc, char **argv)
 	case 'c':
 		cachesize = unittoull(EARGF(usage()));
 		break;
+	case 'i':
+		insecure = 1;
+		break;
 	case 'r':
 		srv->alwaysreject++;
 		break;