diff options
author | Neil Brown <neilb@suse.de> | 2007-04-16 11:15:40 +1000 |
---|---|---|
committer | Neil Brown <neilb@suse.de> | 2007-04-16 11:15:40 +1000 |
commit | 0210f16cf1bd2f87b7fe4336311c6dfd88030f8b (patch) | |
tree | 575be7b8a1bec8f6690e2f4c38722ec4eb0d857e /utils/statd/rmtcall.c | |
parent | ec79b7a3b06c034a9a71a39a5ac24b66dbd475a6 (diff) | |
download | nfs-utils-0210f16cf1bd2f87b7fe4336311c6dfd88030f8b.tar.gz nfs-utils-0210f16cf1bd2f87b7fe4336311c6dfd88030f8b.tar.xz nfs-utils-0210f16cf1bd2f87b7fe4336311c6dfd88030f8b.zip |
Be more cautious about use for privilege ports (<1024).
Ports < 1024 are a scarce resource and should not be used
carelessly. Technically they should be not used at all without
registration with IANA, but sometimes we need them despite that.
So: for the socket that RPC services listen on, don't use a <1024 port
by default. There is no need.
For sockets that we send messages on, that are long-lived, and that might
need to appear 'privileged', avoid using a number that is registered in
/etc/services if possible.
Diffstat (limited to 'utils/statd/rmtcall.c')
-rw-r--r-- | utils/statd/rmtcall.c | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c index 816a6f3..eb1919a 100644 --- a/utils/statd/rmtcall.c +++ b/utils/statd/rmtcall.c @@ -62,25 +62,37 @@ int statd_get_socket(void) { struct sockaddr_in sin; + struct servent *se; + int loopcnt = 100; if (sockfd >= 0) return sockfd; - if ((sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { - note(N_CRIT, "Can't create socket: %m"); - return -1; - } + while (loopcnt-- > 0) { - FD_SET(sockfd, &SVC_FDSET); + if (sockfd >= 0) close(sockfd); - memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; + if ((sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { + note(N_CRIT, "Can't create socket: %m"); + return -1; + } - if (bindresvport(sockfd, &sin) < 0) { - dprintf(N_WARNING, - "process_hosts: can't bind to reserved port\n"); + + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = INADDR_ANY; + + if (bindresvport(sockfd, &sin) < 0) { + dprintf(N_WARNING, + "process_hosts: can't bind to reserved port\n"); + break; + } + se = getservbyport(sin.sin_port, "udp"); + if (se == NULL) + break; + /* rather not use that port, try again */ } + FD_SET(sockfd, &SVC_FDSET); return sockfd; } |