Make --enable-secure-statd the default.

[nfs-utils.git] / utils / statd / simu.c

diff --git a/utils/statd/simu.c b/utils/statd/simu.c
index 9d685adc3da3b268408954451e4298e9b2fec25b..82d794e1c2667a20198f0cb24a89bcf5e95f75ca 100644 (file)
--- a/utils/statd/simu.c
+++ b/utils/statd/simu.c
@@ -7,6 +7,7 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
+#include <arpa/inet.h>
 
 #include "statd.h"
 #include "notlist.h"
@@ -22,11 +23,34 @@ sm_simu_crash_1_svc (void *argp, struct svc_req *rqstp)
 {
   static char *result = NULL;
 
+#ifdef RESTRICTED_STATD
+       struct in_addr  caller;
+
+       /* 1.   Reject anyone not calling from 127.0.0.1.
+        *      Ignore the my_name specified by the caller, and
+        *      use "127.0.0.1" instead.
+        */
+       caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
+       if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
+               note(N_WARNING,
+                       "Call to statd from non-local host %s",
+                       inet_ntoa(caller));
+               goto failure;
+       }
+       if (ntohs(svc_getcaller(rqstp->rq_xprt)->sin_port) >= 1024) {
+               note(N_WARNING,
+                    "Call to statd-simu-crash from unprivileged port\n");
+               goto failure;
+       }
+#endif
   note (N_WARNING, "*** SIMULATING CRASH! ***");
   my_svc_exit ();
 
   if (rtnl)
     nlist_kill (&rtnl);
 
+#ifdef RESTRICTED_STATD
+ failure:
+#endif
   return ((void *)&result);
 }