commit d83be6a170844d7bef37f0bf48ebfb2ef384b57a
Author: Steve Dickson <steved@xxxxxxxxxx>
Date: Fri Jan 23 10:04:14 2009 -0500
Added a --insecure (-i) command line argument, to both mountd and statd,
that will disable the host access check provide by the tcp wrapper library.
Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
diff --git a/utils/mountd/mount_dispatch.c b/utils/mountd/mount_dispatch.c
index f00c0c5..c59410a 100644
--- a/utils/mountd/mount_dispatch.c
+++ b/utils/mountd/mount_dispatch.c
@@ -70,10 +70,11 @@ mount_dispatch(struct svc_req *rqstp, SVCXPRT *transp)
{
union mountd_arguments argument;
union mountd_results result;
-
#ifdef HAVE_TCP_WRAPPER
+ extern int insecure;
+
/* remote host authorization check */
- if (!check_default("mountd", svc_getcaller(transp),
+ if (!insecure && !check_default("mountd", svc_getcaller(transp),
rqstp->rq_proc, MOUNTPROG)) {
svcerr_auth (transp, AUTH_FAILED);
return;
diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
index 6adb68f..12cca81 100644
--- a/utils/mountd/mountd.c
+++ b/utils/mountd/mountd.c
@@ -72,8 +72,14 @@ static struct option longopts[] =
{ "num-threads", 1, 0, 't' },
{ "reverse-lookup", 0, 0, 'r' },
{ "manage-gids", 0, 0, 'g' },
+#ifdef HAVE_TCP_WRAPPER
+ { "insecure", 0, 0, 'i' },
+#endif
{ NULL, 0, 0, 0 }
};
+#ifdef HAVE_TCP_WRAPPER
+int insecure=0;
+#endif
static int nfs_version = -1;
@@ -599,7 +605,7 @@ main(int argc, char **argv)
/* Parse the command line options and arguments. */
opterr = 0;
- while ((c = getopt_long(argc, argv, "o:nFd:f:p:P:hH:N:V:vrs:t:g", longopts, NULL)) != EOF)
+ while ((c = getopt_long(argc, argv, "o:nFd:f:p:P:hiH:N:V:vrs:t:g", longopts, NULL)) != EOF)
switch (c) {
case 'g':
manage_gids = 1;
@@ -627,6 +633,11 @@ main(int argc, char **argv)
case 'h':
usage(argv [0], 0);
break;
+#ifdef HAVE_TCP_WRAPPER
+ case 'i':
+ insecure=1;
+ break;
+#endif
case 'P': /* XXX for nfs-server compatibility */
case 'p':
port = atoi(optarg);
@@ -778,7 +789,12 @@ usage(const char *prog, int n)
fprintf(stderr,
"Usage: %s [-F|--foreground] [-h|--help] [-v|--version] [-d kind|--debug kind]\n"
" [-o num|--descriptors num] [-f exports-file|--exports-file=file]\n"
-" [-p|--port port] [-V version|--nfs-version version]\n"
+#ifdef HAVE_TCP_WRAPPER
+" [-i|--insecure] [-p|--port port]"
+#else
+" [-p|--port port]"
+#endif
+" [-V version|--nfs-version version]\n"
" [-N version|--no-nfs-version version] [-n|--no-tcp]\n"
" [-H ha-callout-prog] [-s|--state-directory-path path]\n"
" [-g|--manage-gids] [-t num|--num-threads=num]\n", prog);
diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man
index 2f42d00..1a78bda 100644
--- a/utils/mountd/mountd.man
+++ b/utils/mountd/mountd.man
@@ -72,6 +72,7 @@ By default, export information is read from
.B \-h " or " \-\-help
Display usage message.
.TP
+.TP
.B \-o num " or " \-\-descriptors num
Set the limit of the number of open file descriptors to num. The
default is to leave the limit unchanged.
@@ -165,6 +166,11 @@ the server. Note that the 'primary' group id is not affected so a
.I newgroup
command on the client will still be effective. This function requires
a Linux Kernel with version at least 2.6.21.
+.TP
+.B \-i " or " \-\-insecure
+Disables the hosts access protection provided by the
+.B tcp_wrapper
+library
.SH TCP_WRAPPERS SUPPORT
This
diff --git a/utils/statd/statd.c b/utils/statd/statd.c
index 321f7a9..72919db 100644
--- a/utils/statd/statd.c
+++ b/utils/statd/statd.c
@@ -71,6 +71,9 @@ static struct option longopts[] =
{ "notify-mode", 0, 0, 'N' },
{ "ha-callout", 1, 0, 'H' },
{ "no-notify", 0, 0, 'L' },
+#ifdef HAVE_TCP_WRAPPER
+ { "insecure", 0, 0, 'i' },
+#endif
{ NULL, 0, 0, 0 }
};
@@ -84,12 +87,13 @@ extern void simulator (int, char **);
#ifdef HAVE_TCP_WRAPPER
#include "tcpwrapper.h"
+int insecure=0;
static void
sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp)
{
/* remote host authorization check */
- if (!check_default("statd", svc_getcaller(transp),
+ if (!insecure && !check_default("statd", svc_getcaller(transp),
rqstp->rq_proc, SM_PROG)) {
svcerr_auth (transp, AUTH_FAILED);
return;
@@ -153,6 +157,9 @@ usage(void)
fprintf(stderr," -h, -?, --help Print this help screen.\n");
fprintf(stderr," -F, --foreground Foreground (no-daemon mode)\n");
fprintf(stderr," -d, --no-syslog Verbose logging to stderr. Foreground mode only.\n");
+#ifdef HAVE_TCP_WRAPPER
+ fprintf(stderr," -i, --insecure Don't do host access checks\n");
+#endif
fprintf(stderr," -p, --port Port to listen on\n");
fprintf(stderr," -o, --outgoing-port Port for outgoing connections\n");
fprintf(stderr," -V, -v, --version Display version information and exit.\n");
@@ -274,7 +281,7 @@ int main (int argc, char **argv)
MY_NAME = NULL;
/* Process command line switches */
- while ((arg = getopt_long(argc, argv, "h?vVFNH:dn:p:o:P:L", longopts, NULL)) != EOF) {
+ while ((arg = getopt_long(argc, argv, "h?vVFNH:din:p:o:P:L", longopts, NULL)) != EOF) {
switch (arg) {
case 'V': /* Version */
case 'v':
@@ -292,6 +299,11 @@ int main (int argc, char **argv)
case 'd': /* No daemon only - log to stderr */
run_mode |= MODE_LOG_STDERR;
break;
+#ifdef HAVE_TCP_WRAPPER
+ case 'i':
+ insecure = 1;
+ break;
+#endif
case 'o':
out_port = atoi(optarg);
if (out_port < 1 || out_port > 65535) {
diff --git a/utils/statd/statd.man b/utils/statd/statd.man
index e8be9f3..11842ad 100644
--- a/utils/statd/statd.man
+++ b/utils/statd/statd.man
@@ -141,6 +141,11 @@ to print out command-line help and exit.
Causes
.B rpc.statd
to print out version information and exit.
+.TP
+.B \-i, " " \-\-insecure
+Disables the hosts access protection provided by the
+.B tcp_wrapper
+library
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
