From owner-freebsd-bugs Wed Feb 13 14:50:52 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8C7DC37B41B for ; Wed, 13 Feb 2002 14:50:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1DMo2o01689; Wed, 13 Feb 2002 14:50:02 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 18BF837B41A for ; Wed, 13 Feb 2002 14:48:14 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1DMmEQ01440; Wed, 13 Feb 2002 14:48:14 -0800 (PST) (envelope-from nobody) Message-Id: <200202132248.g1DMmEQ01440@freefall.freebsd.org> Date: Wed, 13 Feb 2002 14:48:14 -0800 (PST) From: Gerd Knops To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/34919: portmap can not exclusively bind to 127.0.0.1 [patch included] Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 34919 >Category: bin >Synopsis: portmap can not exclusively bind to 127.0.0.1 [patch included] >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Feb 13 14:50:02 PST 2002 >Closed-Date: >Last-Modified: >Originator: Gerd Knops >Release: 4.5 stable >Organization: BITart Consulting >Environment: FreeBSD install.bitart.com 4.5-STABLE FreeBSD 4.5-STABLE #0: Wed Feb 13 15:55:02 CST 2002 me@install.bitart.com:/usr/obj/usr/src/sys/INFAX_BAK i386 >Description: When using software like the Cryptographic File System (pretends to be an NFS server) it may be desirable to bind portmap only to address 127.0.0.1. Unders 4.5 stable this isn't possible. '-h 127.0.0.1' results in portmap to attempt to bind to 127.0.0.1 twice, and it fails. The patch below introduces the '-l' flag which enables portmap to bind to 127.0.0.1 exclusively. >How-To-Repeat: >Fix: --- portmap.c.orig Wed Feb 13 16:01:01 2002 +++ portmap.c Wed Feb 13 16:05:45 2002 @@ -122,8 +122,9 @@ struct sockaddr_in addr; int len = sizeof(struct sockaddr_in); register struct pmaplist *pml; + int local = 0; - while ((c = getopt(argc, argv, "dvh:")) != -1) { + while ((c = getopt(argc, argv, "dvlh:")) != -1) { switch (c) { case 'd': @@ -139,6 +140,9 @@ hosts = realloc(hosts, nhosts * sizeof(char *)); hosts[nhosts - 1] = optarg; break; + case 'l': + local = 1; + break; default: usage(); @@ -163,6 +167,7 @@ hosts = realloc(hosts, nhosts * sizeof(char *)); if (nhosts == 1) hosts[0] = "0.0.0.0"; + if(local == 1) hosts[0] = "127.0.0.1"; else hosts[nhosts - 1] = "127.0.0.1"; --- portmap.8.orig Wed Feb 13 16:06:35 2002 +++ portmap.8 Wed Feb 13 16:17:22 2002 @@ -48,6 +48,7 @@ .Nm .Op Fl d .Op Fl v +.Op Fl l .Op Fl h Ar bindip .Sh DESCRIPTION .Nm Portmap @@ -114,6 +115,10 @@ to portmap returning a udp packet from a different IP address then it was sent to. Note that when specifying ip addresses with -h, portmap will automatically add 127.0.0.1 to the list so you don't have to. +.It Fl l +This option allows for portmap to bind to 127.0.0.1 only. This can be +used if you want to run CFS (Cryptographic File System) and want to +only allow local access. .El .Sh SEE ALSO .Xr hosts_access 5 , >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message