X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=utils%2Fstatd%2Fsimu.c;h=82d794e1c2667a20198f0cb24a89bcf5e95f75ca;hb=25001e18ff31933d1f40b510da969a8cee317310;hp=78a6ee2e9d6cc059d233b11c4efa8ef9631ff2af;hpb=430052cab3c8044ef6d1be7b5a5ded13c45d0c40;p=nfs-utils.git

diff --git a/utils/statd/simu.c b/utils/statd/simu.c
index 78a6ee2..82d794e 100644
--- a/utils/statd/simu.c
+++ b/utils/statd/simu.c
@@ -4,7 +4,11 @@
  * NSM for Linux.
  */
 
-#include "config.h"
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <arpa/inet.h>
+
 #include "statd.h"
 #include "notlist.h"
 
@@ -19,11 +23,34 @@ sm_simu_crash_1_svc (void *argp, struct svc_req *rqstp)
 {
   static char *result = NULL;
 
+#ifdef RESTRICTED_STATD
+	struct in_addr	caller;
+
+	/* 1.	Reject anyone not calling from 127.0.0.1.
+	 *	Ignore the my_name specified by the caller, and
+	 *	use "127.0.0.1" instead.
+	 */
+	caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
+	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
+		note(N_WARNING,
+			"Call to statd from non-local host %s",
+			inet_ntoa(caller));
+		goto failure;
+	}
+	if (ntohs(svc_getcaller(rqstp->rq_xprt)->sin_port) >= 1024) {
+		note(N_WARNING,
+		     "Call to statd-simu-crash from unprivileged port\n");
+		goto failure;
+	}
+#endif
   note (N_WARNING, "*** SIMULATING CRASH! ***");
   my_svc_exit ();
 
   if (rtnl)
     nlist_kill (&rtnl);
 
+#ifdef RESTRICTED_STATD
+ failure:
+#endif
   return ((void *)&result);
 }