libnfs stuck in getservbyport for various reasons

[lijunsong]

I am wondering can we remove the getservbyport call from socket.c in rpc_connect_sockaddr_async.

We've seen many times that libnfs is stuck at getservbyport. One example is in_nss_ldap_getservbyport_r, and thus prevent the nfs client from launching (it's even worse, it's usually hanging). In this case, the ldap server is having problems, either by firewall or by human error in configuration.

My understanding of that code is simply to select a local port for socket connection. Can we pick a port randomly with retry and simply skip the first 1024 ports?

[sahlberg]

Oh, sorry for the late reply.

The reason we try really hard to get a port <1024 is because most nfs servers will default to refuse incoming connections from unprivileged client ports. (security worked that way anno 1980s)

We should make an effort to try to avoid binding to well known ports because there might be a running service on that port which has dropped its privileges to become non-root once it initialized and bound to its service port. If libnfs/application runs as root, then without this check it would allow libnfs/application to step on that application and steal the port from it :-(

What we can do is keep the current behavior as default but allow to disable the getservport() call at runtime. We can do this either by adding a new url argument to disable this check or we can add new function to the API to disable this check from the application.

If you send a patch that does this I am happy to review and morge.