diff options
author | guido <guido@FreeBSD.org> | 1997-03-27 20:01:07 +0000 |
---|---|---|
committer | guido <guido@FreeBSD.org> | 1997-03-27 20:01:07 +0000 |
commit | 8db0f5f4fd48850ac02e218a0086a7032f3ea1fe (patch) | |
tree | c5f893968b5aaa8ee18c14efb13319d13bcf80cc /sbin | |
parent | 223d4ca2d3051129756e410d44cbae4df53bd602 (diff) | |
download | FreeBSD-src-8db0f5f4fd48850ac02e218a0086a7032f3ea1fe.zip FreeBSD-src-8db0f5f4fd48850ac02e218a0086a7032f3ea1fe.tar.gz |
Add code that will reject nfs requests in teh kernel from nonprivileged
ports. This option will be automatically set/cleraed when mount is run
without/with the -n option.
Reviewed by: Doug Rabson
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/mountd/mountd.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c index f094863..8039be8 100644 --- a/sbin/mountd/mountd.c +++ b/sbin/mountd/mountd.c @@ -43,7 +43,7 @@ static char copyright[] = #ifndef lint /*static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95"; */ static const char rcsid[] = - "$Id: mountd.c,v 1.13 1997/02/22 14:33:02 peter Exp $"; + "$Id: mountd.c,v 1.14 1997/03/11 12:43:45 peter Exp $"; #endif /*not lint*/ #include <sys/param.h> @@ -54,6 +54,7 @@ static const char rcsid[] = #include <sys/stat.h> #include <sys/syslog.h> #include <sys/ucred.h> +#include <sys/sysctl.h> #include <rpc/rpc.h> #include <rpc/pmap_clnt.h> @@ -63,6 +64,7 @@ static const char rcsid[] = #endif #include <nfs/rpcv2.h> #include <nfs/nfsproto.h> +#include <nfs/nfs.h> #include <ufs/ufs/ufsmount.h> #include <msdosfs/msdosfsmount.h> #include <isofs/cd9660/cd9660_mount.h> /* XXX need isofs in include */ @@ -255,6 +257,7 @@ main(argc, argv) #ifdef __FreeBSD__ struct vfsconf vfc; int error; + int mib[3]; error = getvfsbyname("nfs", &vfc); if (error && vfsisloadable("nfs")) { @@ -314,6 +317,16 @@ main(argc, argv) fclose(pidfile); } } + + mib[0] = CTL_VFS; + mib[1] = MOUNT_NFS; + mib[2] = NFS_NFSPRIVPORT; + if (sysctl(mib, 3, NULL, NULL, + &resvport_only, sizeof(resvport_only)) != 0) { + syslog(LOG_ERR, "sysctl: %m"); + exit(1); + } + if ((udptransp = svcudp_create(RPC_ANYSOCK)) == NULL || (tcptransp = svctcp_create(RPC_ANYSOCK, 0, 0)) == NULL) { syslog(LOG_ERR, "Can't create socket"); |