SCCS-vsn: sbin/mountd/mountd.c 8.10
SCCS-vsn: sbin/mountd/mountd.8 8.2
.\"
.\" %sccs.include.redist.man%
.\"
.\"
.\" %sccs.include.redist.man%
.\"
-.\" @(#)mountd.8 8.1 (Berkeley) %G%
+.\" @(#)mountd.8 8.2 (Berkeley) %G%
.Nm mountd :
.Bl -tag -width Ds
.It Fl n
.Nm mountd :
.Bl -tag -width Ds
.It Fl n
-The
-.Fl n
-option allows non-root mount requests to be served.
-This should only be specified if there are clients such as PC's,
-that require it.
+Do not require that clients make mount requests from reserved ports.
+(Normally, only mount requsts from reserved ports are accepted.)
+This option should only be specified if there are clients, such as PC's,
+that need it.
.It Ar exportsfile
The
.Ar exportsfile
.It Ar exportsfile
The
.Ar exportsfile
#endif not lint
#ifndef lint
#endif not lint
#ifndef lint
-static char sccsid[] = "@(#)mountd.c 8.9 (Berkeley) %G%";
+static char sccsid[] = "@(#)mountd.c 8.10 (Berkeley) %G%";
#endif not lint
#include <sys/param.h>
#endif not lint
#include <sys/param.h>
int opt_flags;
/* Bits for above */
#define OP_MAPROOT 0x01
int opt_flags;
/* Bits for above */
#define OP_MAPROOT 0x01
while ((c = getopt(argc, argv, "n")) != EOF)
switch (c) {
case 'n':
while ((c = getopt(argc, argv, "n")) != EOF)
switch (c) {
case 'n':
break;
default:
fprintf(stderr, "Usage: mountd [-n] [export_file]\n");
break;
default:
fprintf(stderr, "Usage: mountd [-n] [export_file]\n");
struct exportlist *ep;
struct dirlist *dp;
nfsv2fh_t nfh;
struct exportlist *ep;
struct dirlist *dp;
nfsv2fh_t nfh;
- struct authunix_parms *ucr;
struct stat stb;
struct statfs fsb;
struct hostent *hp;
u_long saddr;
struct stat stb;
struct statfs fsb;
struct hostent *hp;
u_long saddr;
char rpcpath[RPCMNT_PATHLEN+1], dirpath[MAXPATHLEN];
int bad = ENOENT, omask, defset;
char rpcpath[RPCMNT_PATHLEN+1], dirpath[MAXPATHLEN];
int bad = ENOENT, omask, defset;
- uid_t uid = -2;
-
- /* Get authorization */
- switch (rqstp->rq_cred.oa_flavor) {
- case AUTH_UNIX:
- ucr = (struct authunix_parms *)rqstp->rq_clntcred;
- uid = ucr->aup_uid;
- break;
- case AUTH_NULL:
- default:
- break;
- }
saddr = transp->xp_raddr.sin_addr.s_addr;
saddr = transp->xp_raddr.sin_addr.s_addr;
+ sport = ntohs(transp->xp_raddr.sin_port);
hp = (struct hostent *)NULL;
switch (rqstp->rq_proc) {
case NULLPROC:
hp = (struct hostent *)NULL;
switch (rqstp->rq_proc) {
case NULLPROC:
syslog(LOG_ERR, "Can't send reply");
return;
case RPCMNT_MOUNT:
syslog(LOG_ERR, "Can't send reply");
return;
case RPCMNT_MOUNT:
- if ((uid != 0 && root_only) || uid == -2) {
+ if (sport >= IPPORT_RESERVED && resvport_only) {
svcerr_weakauth(transp);
return;
}
svcerr_weakauth(transp);
return;
}
- * Get the real pathname and make sure it is a directory
- * that exists.
+ * Get the real pathname and make sure it is a file or
+ * directory that exists.
*/
if (realpath(rpcpath, dirpath) == 0 ||
stat(dirpath, &stb) < 0 ||
*/
if (realpath(rpcpath, dirpath) == 0 ||
stat(dirpath, &stb) < 0 ||
syslog(LOG_ERR, "Can't send reply");
return;
case RPCMNT_UMOUNT:
syslog(LOG_ERR, "Can't send reply");
return;
case RPCMNT_UMOUNT:
- if ((uid != 0 && root_only) || uid == -2) {
+ if (sport >= IPPORT_RESERVED && resvport_only) {
svcerr_weakauth(transp);
return;
}
svcerr_weakauth(transp);
return;
}
del_mlist(inet_ntoa(transp->xp_raddr.sin_addr), dirpath);
return;
case RPCMNT_UMNTALL:
del_mlist(inet_ntoa(transp->xp_raddr.sin_addr), dirpath);
return;
case RPCMNT_UMNTALL:
- if ((uid != 0 && root_only) || uid == -2) {
+ if (sport >= IPPORT_RESERVED && resvport_only) {
svcerr_weakauth(transp);
return;
}
svcerr_weakauth(transp);
return;
}