Merge pull request #94 from bjornaxis/master

garlick · web-flow · commit 9da28f911978 · 2022-10-12T07:44:28.000-07:00
Use privport with ipv6
diff --git a/libdiod/diod_conf.c b/libdiod/diod_conf.c
@@ -351,30 +351,6 @@ void diod_conf_clr_exports (void)
     config.exports = _xlist_create ((ListDelF)_destroy_export);
     config.ro_mask |= RO_EXPORTS;
 }
-void diod_conf_add_exports (char *path)
-{
-    Export *x = _xcreate_export (path);
-    _xlist_append (config.exports, x);
-    config.ro_mask |= RO_EXPORTS;
-}
-void diod_conf_validate_exports (void)
-{
-    ListIterator itr;
-    Export *x;
-
-    if (config.exportall == 0 && list_count (config.exports) == 0)
-        msg_exit ("no exports defined");
-    if ((itr = list_iterator_create (config.exports)) == NULL)
-        msg_exit ("out of memory");
-    while ((x = list_next (itr))) {
-        if (*x->path != '/' && strcmp (x->path, "ctl") != 0)
-            msg_exit ("exports should begin with '/'");
-        if (strstr (x->path, "/..") != 0)
-            msg_exit ("exports should not contain '/..'"); /* FIXME */
-    }
-    list_iterator_destroy (itr);
-}
-
 static void
 _parse_expopt (char *s, int *fp)
 {
@@ -403,6 +379,34 @@ _parse_expopt (char *s, int *fp)
     free (cpy);
     *fp = flags;
 }
+void diod_conf_add_exports (char *path)
+{
+    Export *x = _xcreate_export (path);
+    if (config.exportopts)
+	x->opts = _xstrdup (config.exportopts);
+    if (x->opts)
+	_parse_expopt (x->opts, &x->oflags);
+    _xlist_append (config.exports, x);
+    config.ro_mask |= RO_EXPORTS;
+
+}
+void diod_conf_validate_exports (void)
+{
+    ListIterator itr;
+    Export *x;
+
+    if (config.exportall == 0 && list_count (config.exports) == 0)
+        msg_exit ("no exports defined");
+    if ((itr = list_iterator_create (config.exports)) == NULL)
+        msg_exit ("out of memory");
+    while ((x = list_next (itr))) {
+        if (*x->path != '/' && strcmp (x->path, "ctl") != 0)
+            msg_exit ("exports should begin with '/'");
+        if (strstr (x->path, "/..") != 0)
+            msg_exit ("exports should not contain '/..'"); /* FIXME */
+    }
+    list_iterator_destroy (itr);
+}
 
 /* exportall - export everything in /proc/mounts
  */
diff --git a/libdiod/diod_sock.c b/libdiod/diod_sock.c
@@ -396,6 +396,30 @@ _bind_priv_inet4 (int sockfd)
     return rc;
 }
 
+/* Bind socket to a local IPv6 port < 1024.
+ */
+static int
+_bind_priv_inet6 (int sockfd)
+{
+    struct sockaddr_in6 in;
+    int port;
+    int rc = -1;
+
+    memset (&in, 0, sizeof(in));
+    in.sin6_family = AF_INET6;
+    in.sin6_addr = in6addr_any;
+
+    for (port = IPPORT_RESERVED - 1; port >= IPPORT_RESERVED / 2; port--) {
+        in.sin6_port = htons ((ushort)port);
+        rc = bind(sockfd, (struct sockaddr *) &in, sizeof(in));
+        if (rc == 0 || (rc < 0 && errno != EADDRINUSE))
+            break;
+    }
+    if (rc < 0 && errno == EADDRINUSE)
+        errno = EAGAIN;
+    return rc;
+}
+
 /* Connect to host:port.
  * Return fd on success, -1 on failure.
  */
@@ -428,16 +452,25 @@ diod_sock_connect_inet (char *host, char *port, int flags)
             continue;
         }
         if (flags & DIOD_SOCK_PRIVPORT) {
-            if (r->ai_family != AF_INET) {
+            if (r->ai_family == AF_INET) {
+                if (_bind_priv_inet4 (fd) < 0) {
+                    errnum = errno;
+                    errmsg = "_bind_resv_inet4";
+                    (void)close (fd);
+                    fd = -1;
+                    continue;
+                }
+            } else if (r->ai_family == AF_INET6) {
+                if (_bind_priv_inet6 (fd) < 0) {
+                    errnum = errno;
+                    errmsg = "_bind_resv_inet6";
+                    (void)close (fd);
+                    fd = -1;
+                    continue;
+                }
+            } else {
                 errnum = EINVAL;
-                errmsg = "_bind_resv_inet4";
-                (void)close (fd);
-                fd = -1;
-                continue;
-            }
-            if (_bind_priv_inet4 (fd) < 0) {
-                errnum = errno;
-                errmsg = "_bind_resv_inet4";
+                errmsg = "protocol";
                 (void)close (fd);
                 fd = -1;
                 continue;
@@ -485,6 +518,30 @@ diod_sock_connect_unix (char *path, int flags)
     return -1;
 }
 
+static int _diod_sock_connect_inet6(char *name, int flags)
+{
+    char *hoststart;
+    char *hostend;
+    char *port;
+
+    hoststart = name + 1;
+    if ((hostend = strchr (hoststart, ']'))) {
+	port = strchr (hostend, ':');
+	*hostend = '\0';
+    } else {
+	errno = EINVAL;
+	if (!(flags & DIOD_SOCK_QUIET))
+	    err ("diod_sock_connect invalid address %s", name);
+	return -1;
+    }
+    if (port) {
+	port++;
+	return diod_sock_connect_inet (hoststart, port, flags);
+    } else {
+	return diod_sock_connect_inet (hoststart, "564", flags);
+    }
+}
+
 int
 diod_sock_connect (char *name, int flags)
 {
@@ -505,6 +562,10 @@ diod_sock_connect (char *name, int flags)
                 err ("diod_sock_connect %s", name);
             goto done;
         }
+	if (host[0] == '[') {
+	    fd = _diod_sock_connect_inet6(host, flags);
+	    goto done;
+	}
         if (!(port = strchr (host, ':'))) {
             errno = EINVAL;
             if (!(flags & DIOD_SOCK_QUIET))
diff --git a/utils/diodmount.8.in b/utils/diodmount.8.in
@@ -45,6 +45,11 @@ Set verbose mode.
 .TP
 .I "-o, --options opt[,opt,...]"
 Set mount options (see below).
+.TP
+.I "-p, --privport"
+Connect from a socket bound to a port in the range of 512-1023,
+available to root only.  This can be used in conjunction with the
+\fIprivport\fR export option.
 .SH MOUNT OPTIONS
 The following file system specific mount options are handled by
 \fBmount.diod\fR.
diff --git a/utils/diodmount.c b/utils/diodmount.c
@@ -57,7 +57,7 @@
 #include "diod_auth.h"
 #include "opt.h"
 
-#define OPTIONS "fnvo:ad"
+#define OPTIONS "fnvo:adp"
 #if HAVE_GETOPT_LONG
 #define GETOPT(ac,av,opt,lopt) getopt_long (ac,av,opt,lopt,NULL)
 static const struct option longopts[] = {
@@ -67,6 +67,7 @@ static const struct option longopts[] = {
     {"options",         required_argument,   0, 'o'},
     {"9nbd-attach",     no_argument,         0, 'a'},
     {"9nbd-detach",     no_argument,         0, 'd'},
+    {"privport",        no_argument,         0, 'p'},
     {0, 0, 0, 0},
 };
 #else
@@ -106,6 +107,7 @@ usage (void)
 "   -n,--no-mtab                  do not update /etc/mtab\n"
 "   -v,--verbose                  verbose mode\n"
 "   -o,--options opt[,opt,...]    specify mount options\n"
+"   -p,--privport                 bind localy to a privileged port\n"
 //"Usage: mount.diod --9nbd-attach host[:aname] 9nbd-device\n"
 //"                  --9nbd-detach 9nbd-device\n"
 );
@@ -124,6 +126,7 @@ main (int argc, char *argv[])
     int fopt = 0;
     int aopt = 0;
     int dopt = 0;
+    int privport = 0;
     int rfd = -1, wfd = -1;
     Opt o;
 
@@ -152,6 +155,9 @@ main (int argc, char *argv[])
             case 'd':   /* --9nbd-detach */
                 dopt++;
                 break;
+            case 'p':   /* --privport */
+                privport++;
+                break;
             default:
                 usage ();
         }
@@ -263,9 +269,12 @@ main (int argc, char *argv[])
         if (!(hi = hostlist_iterator_create (hl)))
             msg_exit ("out of memory");
         while ((h = hostlist_next (hi))) {
+            int flags = DIOD_SOCK_QUIET;
+            if (privport)
+                flags |= DIOD_SOCK_PRIVPORT;
             if (vopt)
                 msg ("trying to connect to %s:%s", h, port);
-            if ((rfd = diod_sock_connect_inet (h, port, DIOD_SOCK_QUIET)) >= 0)
+            if ((rfd = diod_sock_connect_inet (h, port, flags )) >= 0)
                 break;
         }
         if (h) { /* create new 'spec' string identifying successful host */
