diff options
| author | bms <bms@FreeBSD.org> | 2004-03-04 04:42:52 +0000 |
|---|---|---|
| committer | bms <bms@FreeBSD.org> | 2004-03-04 04:42:52 +0000 |
| commit | 9edf7709555b649f2b72add5b6d4eaa4e3c546e0 (patch) | |
| tree | 2dfec51e9f6bb492bdd395f394f689eaf32a331a /usr.sbin/mountd | |
| parent | 9204c0aad9b11b6c59e6b6c4a5f491c287fc06de (diff) | |
| download | FreeBSD-src-9edf7709555b649f2b72add5b6d4eaa4e3c546e0.zip FreeBSD-src-9edf7709555b649f2b72add5b6d4eaa4e3c546e0.tar.gz | |
Add a new option to mountd(8), -p <port>. This allows the user to specify
a known port for use in firewall rulesets; otherwise the port is chosen
at run-time by bindresvport().
MFC after: 1 week
Diffstat (limited to 'usr.sbin/mountd')
| -rw-r--r-- | usr.sbin/mountd/mountd.8 | 16 | ||||
| -rw-r--r-- | usr.sbin/mountd/mountd.c | 67 |
2 files changed, 76 insertions, 7 deletions
diff --git a/usr.sbin/mountd/mountd.8 b/usr.sbin/mountd/mountd.8 index 3a959b3..c18f809 100644 --- a/usr.sbin/mountd/mountd.8 +++ b/usr.sbin/mountd/mountd.8 @@ -43,6 +43,7 @@ mount requests .Sh SYNOPSIS .Nm .Op Fl 2dlnr +.Op Fl p Ar port .Op Ar exportsfile .Sh DESCRIPTION The @@ -77,6 +78,21 @@ This should only be specified if there are clients such as PC's, that require it. It will automatically clear the vfs.nfsrv.nfs_privport sysctl flag, which controls if the kernel will accept NFS requests from reserved ports only. +.It Fl p Ar port +Force +.Nm +to bind to the specified port, for both +.Vt AF_INET +and +.Vt AF_INET6 +address families. +This is typically done to ensure that the port which +.Nm +binds to is a known quantity which can be used in firewall rulesets. +If +.Nm +cannot bind to this port, an appropriate error will be recorded in +the system log, and the daemon will then exit. .It Fl r Allow mount RPCs requests for regular files to be served. Although this seems to violate the mount protocol specification, diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index fc521bf..6091dab 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -270,13 +270,17 @@ main(argc, argv) char **argv; { fd_set readfds; + struct sockaddr_in sin; + struct sockaddr_in6 sin6; + char *endptr; SVCXPRT *udptransp, *tcptransp, *udp6transp, *tcp6transp; struct netconfig *udpconf, *tcpconf, *udp6conf, *tcp6conf; int udpsock, tcpsock, udp6sock, tcp6sock; int xcreated = 0, s; int maxrec = RPC_MAXDATASIZE; int one = 1; - int c; + int c, r; + in_port_t svcport = 0; udp6conf = tcp6conf = NULL; udp6sock = tcp6sock = NULL; @@ -298,7 +302,7 @@ main(argc, argv) errx(1, "NFS server is not available or loadable"); } - while ((c = getopt(argc, argv, "2dlnr")) != -1) + while ((c = getopt(argc, argv, "2dlnp:r")) != -1) switch (c) { case '2': force_v2 = 1; @@ -315,6 +319,13 @@ main(argc, argv) case 'l': dolog = 1; break; + case 'p': + endptr = NULL; + svcport = (in_port_t)strtoul(optarg, &endptr, 10); + if (endptr == NULL || *endptr != '\0' || + svcport == 0 || svcport >= IPPORT_MAX) + usage(); + break; default: usage(); }; @@ -390,8 +401,26 @@ skip_v6: exit(1); } } + if (svcport != 0) { + bzero(&sin, sizeof(struct sockaddr_in)); + sin.sin_len = sizeof(struct sockaddr_in); + sin.sin_family = AF_INET; + sin.sin_port = htons(svcport); + + bzero(&sin6, sizeof(struct sockaddr_in6)); + sin6.sin6_len = sizeof(struct sockaddr_in6); + sin6.sin6_family = AF_INET6; + sin6.sin6_port = htons(svcport); + } if (udpsock != -1 && udpconf != NULL) { - bindresvport(udpsock, NULL); + if (svcport != 0) { + r = bindresvport(udpsock, &sin); + if (r != 0) { + syslog(LOG_ERR, "bindresvport: %m"); + exit(1); + } + } else + (void)bindresvport(udpsock, NULL); udptransp = svc_dg_create(udpsock, 0, 0); if (udptransp != NULL) { if (!svc_reg(udptransp, RPCPROG_MNT, RPCMNT_VER1, @@ -411,7 +440,14 @@ skip_v6: } if (tcpsock != -1 && tcpconf != NULL) { - bindresvport(tcpsock, NULL); + if (svcport != 0) { + r = bindresvport(tcpsock, &sin); + if (r != 0) { + syslog(LOG_ERR, "bindresvport: %m"); + exit(1); + } + } else + (void)bindresvport(tcpsock, NULL); listen(tcpsock, SOMAXCONN); tcptransp = svc_vc_create(tcpsock, RPC_MAXDATASIZE, RPC_MAXDATASIZE); if (tcptransp != NULL) { @@ -432,7 +468,15 @@ skip_v6: } if (have_v6 && udp6sock != -1 && udp6conf != NULL) { - bindresvport(udp6sock, NULL); + if (svcport != 0) { + r = bindresvport_sa(udp6sock, + (struct sockaddr *)&sin6); + if (r != 0) { + syslog(LOG_ERR, "bindresvport_sa: %m"); + exit(1); + } + } else + (void)bindresvport_sa(udp6sock, NULL); udp6transp = svc_dg_create(udp6sock, 0, 0); if (udp6transp != NULL) { if (!svc_reg(udp6transp, RPCPROG_MNT, RPCMNT_VER1, @@ -452,7 +496,15 @@ skip_v6: } if (have_v6 && tcp6sock != -1 && tcp6conf != NULL) { - bindresvport(tcp6sock, NULL); + if (svcport != 0) { + r = bindresvport_sa(tcp6sock, + (struct sockaddr *)&sin6); + if (r != 0) { + syslog(LOG_ERR, "bindresvport_sa: %m"); + exit(1); + } + } else + (void)bindresvport_sa(tcp6sock, NULL); listen(tcp6sock, SOMAXCONN); tcp6transp = svc_vc_create(tcp6sock, RPC_MAXDATASIZE, RPC_MAXDATASIZE); if (tcp6transp != NULL) { @@ -502,7 +554,8 @@ static void usage() { fprintf(stderr, - "usage: mountd [-2] [-d] [-l] [-n] [-r] [export_file]\n"); + "usage: mountd [-2] [-d] [-l] [-n] [-p <port>] [-r] " + "[export_file]\n"); exit(1); } |
