From owner-cvs-src-old@FreeBSD.ORG Tue Apr 13 00:49:19 2010 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 127211065670 for ; Tue, 13 Apr 2010 00:49:19 +0000 (UTC) (envelope-from imp@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 012E98FC0A for ; Tue, 13 Apr 2010 00:49:19 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o3D0nISB039573 for ; Tue, 13 Apr 2010 00:49:18 GMT (envelope-from imp@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o3D0nImd039572 for cvs-src-old@freebsd.org; Tue, 13 Apr 2010 00:49:18 GMT (envelope-from imp@repoman.freebsd.org) Message-Id: <201004130049.o3D0nImd039572@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to imp@repoman.freebsd.org using -f From: Warner Losh Date: Tue, 13 Apr 2010 00:48:54 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: RELENG_8 Subject: cvs commit: src/usr.sbin/rpcbind rpcbind.c rpcbind.h util.c X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2010 00:49:19 -0000 imp 2010-04-13 00:48:54 UTC FreeBSD src repository Modified files: (Branch: RELENG_8) usr.sbin/rpcbind rpcbind.c rpcbind.h util.c Log: SVN rev 206535 on 2010-04-13 00:48:54Z by imp MFC r203710: When you have multiple addresses on the same network on different interfaces (such as when you are part of a carp pool), and you run rpcbind -h to restrict which interfaces have rpc services, rpcbind can none-the-less return addresses that aren't in the -h list. This patch enforces the rule that when you specify -h on the command line, then services returned from rpcbind must be to one of the addresses listed in -h, or be a loopback address (since localhost is implicit when running -h). The root cause of this is the assumption in addrmerge that there can be only one interface that matches a given network IP address. This turns out not to be the case. To retain historical behavior, I didn't try to fix the routine to prefer the address that the request came into, since I didn't know the side effects that might cause in the normal case. My quick analysis suggests that it wouldn't be a problem, but since this code is tricky I opted for the more conservative patch of only restricting the reply when -h is in effect. Hence, this change will have no effect when you are running rpcbind without -h. Reviewed by: alfred@ Sponsored by: iX Systems MFC after: 2 weeks Revision Changes Path 1.20.2.2 +74 -2 src/usr.sbin/rpcbind/rpcbind.c 1.3.2.2 +9 -0 src/usr.sbin/rpcbind/rpcbind.h 1.6.2.2 +10 -10 src/usr.sbin/rpcbind/util.c