summaryrefslogtreecommitdiffstats
path: root/sbin
diff options
context:
space:
mode:
authorguido <guido@FreeBSD.org>1997-03-27 20:01:07 +0000
committerguido <guido@FreeBSD.org>1997-03-27 20:01:07 +0000
commit8db0f5f4fd48850ac02e218a0086a7032f3ea1fe (patch)
treec5f893968b5aaa8ee18c14efb13319d13bcf80cc /sbin
parent223d4ca2d3051129756e410d44cbae4df53bd602 (diff)
downloadFreeBSD-src-8db0f5f4fd48850ac02e218a0086a7032f3ea1fe.zip
FreeBSD-src-8db0f5f4fd48850ac02e218a0086a7032f3ea1fe.tar.gz
Add code that will reject nfs requests in teh kernel from nonprivileged
ports. This option will be automatically set/cleraed when mount is run without/with the -n option. Reviewed by: Doug Rabson
Diffstat (limited to 'sbin')
-rw-r--r--sbin/mountd/mountd.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c
index f094863..8039be8 100644
--- a/sbin/mountd/mountd.c
+++ b/sbin/mountd/mountd.c
@@ -43,7 +43,7 @@ static char copyright[] =
#ifndef lint
/*static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95"; */
static const char rcsid[] =
- "$Id: mountd.c,v 1.13 1997/02/22 14:33:02 peter Exp $";
+ "$Id: mountd.c,v 1.14 1997/03/11 12:43:45 peter Exp $";
#endif /*not lint*/
#include <sys/param.h>
@@ -54,6 +54,7 @@ static const char rcsid[] =
#include <sys/stat.h>
#include <sys/syslog.h>
#include <sys/ucred.h>
+#include <sys/sysctl.h>
#include <rpc/rpc.h>
#include <rpc/pmap_clnt.h>
@@ -63,6 +64,7 @@ static const char rcsid[] =
#endif
#include <nfs/rpcv2.h>
#include <nfs/nfsproto.h>
+#include <nfs/nfs.h>
#include <ufs/ufs/ufsmount.h>
#include <msdosfs/msdosfsmount.h>
#include <isofs/cd9660/cd9660_mount.h> /* XXX need isofs in include */
@@ -255,6 +257,7 @@ main(argc, argv)
#ifdef __FreeBSD__
struct vfsconf vfc;
int error;
+ int mib[3];
error = getvfsbyname("nfs", &vfc);
if (error && vfsisloadable("nfs")) {
@@ -314,6 +317,16 @@ main(argc, argv)
fclose(pidfile);
}
}
+
+ mib[0] = CTL_VFS;
+ mib[1] = MOUNT_NFS;
+ mib[2] = NFS_NFSPRIVPORT;
+ if (sysctl(mib, 3, NULL, NULL,
+ &resvport_only, sizeof(resvport_only)) != 0) {
+ syslog(LOG_ERR, "sysctl: %m");
+ exit(1);
+ }
+
if ((udptransp = svcudp_create(RPC_ANYSOCK)) == NULL ||
(tcptransp = svctcp_create(RPC_ANYSOCK, 0, 0)) == NULL) {
syslog(LOG_ERR, "Can't create socket");
OpenPOWER on IntegriCloud