Add a new option to mountd(8), -p <port>. This allows the user to specify
a known port for use in firewall rulesets; otherwise the port is chosen at run-time by bindresvport(). MFC after: 1 week
This commit is contained in:
Bruce M Simpson
parent
45ad3d59ed
commit
c203da27d5
@ -43,6 +43,7 @@ mount requests
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl 2dlnr
|
||||
.Op Fl p Ar port
|
||||
.Op Ar exportsfile
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
@ -77,6 +78,21 @@ This should only be specified if there are clients such as PC's,
|
||||
that require it.
|
||||
It will automatically clear the vfs.nfsrv.nfs_privport sysctl flag, which
|
||||
controls if the kernel will accept NFS requests from reserved ports only.
|
||||
.It Fl p Ar port
|
||||
Force
|
||||
.Nm
|
||||
to bind to the specified port, for both
|
||||
.Vt AF_INET
|
||||
and
|
||||
.Vt AF_INET6
|
||||
address families.
|
||||
This is typically done to ensure that the port which
|
||||
.Nm
|
||||
binds to is a known quantity which can be used in firewall rulesets.
|
||||
If
|
||||
.Nm
|
||||
cannot bind to this port, an appropriate error will be recorded in
|
||||
the system log, and the daemon will then exit.
|
||||
.It Fl r
|
||||
Allow mount RPCs requests for regular files to be served.
|
||||
Although this seems to violate the mount protocol specification,
|
||||
|
||||
@ -270,13 +270,17 @@ main(argc, argv)
|
||||
char **argv;
|
||||
{
|
||||
fd_set readfds;
|
||||
struct sockaddr_in sin;
|
||||
struct sockaddr_in6 sin6;
|
||||
char *endptr;
|
||||
SVCXPRT *udptransp, *tcptransp, *udp6transp, *tcp6transp;
|
||||
struct netconfig *udpconf, *tcpconf, *udp6conf, *tcp6conf;
|
||||
int udpsock, tcpsock, udp6sock, tcp6sock;
|
||||
int xcreated = 0, s;
|
||||
int maxrec = RPC_MAXDATASIZE;
|
||||
int one = 1;
|
||||
int c;
|
||||
int c, r;
|
||||
in_port_t svcport = 0;
|
||||
|
||||
udp6conf = tcp6conf = NULL;
|
||||
udp6sock = tcp6sock = NULL;
|
||||
@ -298,7 +302,7 @@ main(argc, argv)
|
||||
errx(1, "NFS server is not available or loadable");
|
||||
}
|
||||
|
||||
while ((c = getopt(argc, argv, "2dlnr")) != -1)
|
||||
while ((c = getopt(argc, argv, "2dlnp:r")) != -1)
|
||||
switch (c) {
|
||||
case '2':
|
||||
force_v2 = 1;
|
||||
@ -315,6 +319,13 @@ main(argc, argv)
|
||||
case 'l':
|
||||
dolog = 1;
|
||||
break;
|
||||
case 'p':
|
||||
endptr = NULL;
|
||||
svcport = (in_port_t)strtoul(optarg, &endptr, 10);
|
||||
if (endptr == NULL || *endptr != '\0' ||
|
||||
svcport == 0 || svcport >= IPPORT_MAX)
|
||||
usage();
|
||||
break;
|
||||
default:
|
||||
usage();
|
||||
};
|
||||
@ -390,8 +401,26 @@ skip_v6:
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
if (svcport != 0) {
|
||||
bzero(&sin, sizeof(struct sockaddr_in));
|
||||
sin.sin_len = sizeof(struct sockaddr_in);
|
||||
sin.sin_family = AF_INET;
|
||||
sin.sin_port = htons(svcport);
|
||||
|
||||
bzero(&sin6, sizeof(struct sockaddr_in6));
|
||||
sin6.sin6_len = sizeof(struct sockaddr_in6);
|
||||
sin6.sin6_family = AF_INET6;
|
||||
sin6.sin6_port = htons(svcport);
|
||||
}
|
||||
if (udpsock != -1 && udpconf != NULL) {
|
||||
bindresvport(udpsock, NULL);
|
||||
if (svcport != 0) {
|
||||
r = bindresvport(udpsock, &sin);
|
||||
if (r != 0) {
|
||||
syslog(LOG_ERR, "bindresvport: %m");
|
||||
exit(1);
|
||||
}
|
||||
} else
|
||||
(void)bindresvport(udpsock, NULL);
|
||||
udptransp = svc_dg_create(udpsock, 0, 0);
|
||||
if (udptransp != NULL) {
|
||||
if (!svc_reg(udptransp, RPCPROG_MNT, RPCMNT_VER1,
|
||||
@ -411,7 +440,14 @@ skip_v6:
|
||||
|
||||
}
|
||||
if (tcpsock != -1 && tcpconf != NULL) {
|
||||
bindresvport(tcpsock, NULL);
|
||||
if (svcport != 0) {
|
||||
r = bindresvport(tcpsock, &sin);
|
||||
if (r != 0) {
|
||||
syslog(LOG_ERR, "bindresvport: %m");
|
||||
exit(1);
|
||||
}
|
||||
} else
|
||||
(void)bindresvport(tcpsock, NULL);
|
||||
listen(tcpsock, SOMAXCONN);
|
||||
tcptransp = svc_vc_create(tcpsock, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
|
||||
if (tcptransp != NULL) {
|
||||
@ -432,7 +468,15 @@ skip_v6:
|
||||
|
||||
}
|
||||
if (have_v6 && udp6sock != -1 && udp6conf != NULL) {
|
||||
bindresvport(udp6sock, NULL);
|
||||
if (svcport != 0) {
|
||||
r = bindresvport_sa(udp6sock,
|
||||
(struct sockaddr *)&sin6);
|
||||
if (r != 0) {
|
||||
syslog(LOG_ERR, "bindresvport_sa: %m");
|
||||
exit(1);
|
||||
}
|
||||
} else
|
||||
(void)bindresvport_sa(udp6sock, NULL);
|
||||
udp6transp = svc_dg_create(udp6sock, 0, 0);
|
||||
if (udp6transp != NULL) {
|
||||
if (!svc_reg(udp6transp, RPCPROG_MNT, RPCMNT_VER1,
|
||||
@ -452,7 +496,15 @@ skip_v6:
|
||||
|
||||
}
|
||||
if (have_v6 && tcp6sock != -1 && tcp6conf != NULL) {
|
||||
bindresvport(tcp6sock, NULL);
|
||||
if (svcport != 0) {
|
||||
r = bindresvport_sa(tcp6sock,
|
||||
(struct sockaddr *)&sin6);
|
||||
if (r != 0) {
|
||||
syslog(LOG_ERR, "bindresvport_sa: %m");
|
||||
exit(1);
|
||||
}
|
||||
} else
|
||||
(void)bindresvport_sa(tcp6sock, NULL);
|
||||
listen(tcp6sock, SOMAXCONN);
|
||||
tcp6transp = svc_vc_create(tcp6sock, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
|
||||
if (tcp6transp != NULL) {
|
||||
@ -502,7 +554,8 @@ static void
|
||||
usage()
|
||||
{
|
||||
fprintf(stderr,
|
||||
"usage: mountd [-2] [-d] [-l] [-n] [-r] [export_file]\n");
|
||||
"usage: mountd [-2] [-d] [-l] [-n] [-p <port>] [-r] "
|
||||
"[export_file]\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user