nfs-utils/nfs-utils-1.1.4-tcpwrap-newrules.patch

Author: Steve Dickson <steved@redhat.com>
Date:   Sat Jan 31 05:50:51 2009 -0500

    Converted good_client() to correctly use the tcp wrapper
    interface and added a note to the mountd man page saying
    hostnames will be ignored when they can not be looked up.
    
    Signed-off-by: Steve Dickson <steved@redhat.com>

diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c
--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig	2009-01-31 06:25:16.000000000 -0500
+++ nfs-utils-1.1.4/support/misc/tcpwrapper.c	2009-01-31 06:26:27.000000000 -0500
@@ -46,7 +46,7 @@
 #include <sys/signal.h>
 #include <sys/queue.h>
 #include <sys/stat.h>
-#include <unistd.h>
+#include <tcpd.h>
 
 #include "xlog.h"
 
@@ -169,58 +169,15 @@ good_client(daemon, addr)
 char *daemon;
 struct sockaddr_in *addr;
 {
-    struct hostent *hp;
-    char **sp;
-    char *tmpname;
-
-	/* First check the address. */
-	if (hosts_ctl(daemon, "", inet_ntoa(addr->sin_addr), "") == DENY)
-		return DENY;
-
-	/* Now do the hostname lookup */
-	hp = gethostbyaddr ((const char *) &(addr->sin_addr),
-		sizeof (addr->sin_addr), AF_INET);
-	if (!hp) {
-		xlog(L_WARNING, 
-			"Warning: Client IP address '%s' not found in host lookup",
-			inet_ntoa(addr->sin_addr));
-		return DENY; /* never heard of it. misconfigured DNS? */
-	}
-
-	/* Make sure the hostent is authorative. */
-	tmpname = strdup(hp->h_name);
-	if (!tmpname) {
-		xlog(L_WARNING, "Warning: No memory for Host access check");
-		return DENY;
-	}
-	hp = gethostbyname(tmpname);
-	if (!hp) {
-		xlog(L_WARNING, 
-			"Warning: Client hostname '%s' not found in host lookup", tmpname);
-		free(tmpname);
-		return DENY; /* never heard of it. misconfigured DNS? */
-	}
-	free(tmpname);
+	struct request_info req;
 
-	/* Now make sure the address is on the list */
-	for (sp = hp->h_addr_list ; *sp ; sp++) {
-	    if (memcmp(*sp, &(addr->sin_addr), hp->h_length) == 0)
-			break;
-	}
-	if (!*sp)
-	    return DENY; /* it was a FAKE. */
+	request_init(&req, RQ_DAEMON, daemon, RQ_CLIENT_SIN, addr, 0);
+	sock_methods(&req);
 
-	/* Check the official name and address. */
-	if (hosts_ctl(daemon, hp->h_name, inet_ntoa(addr->sin_addr), "") == DENY)
-		return DENY;
-
-	/* Now check aliases. */
-	for (sp = hp->h_aliases; *sp ; sp++) {
-		if (hosts_ctl(daemon, *sp, inet_ntoa(addr->sin_addr), "") == DENY)
-	    	return DENY;
-	}
+	if (hosts_access(&req)) 
+		return ALLOW;
 
-   return ALLOW;
+	return DENY;
 }
 
 /* check_startup - additional startup code */
diff -up nfs-utils-1.1.4/utils/mountd/mountd.man.orig nfs-utils-1.1.4/utils/mountd/mountd.man
--- nfs-utils-1.1.4/utils/mountd/mountd.man.orig	2008-10-17 10:20:09.000000000 -0400
+++ nfs-utils-1.1.4/utils/mountd/mountd.man	2009-01-31 06:26:27.000000000 -0500
@@ -181,13 +181,15 @@ mountd: .bar.com
 You have to use the daemon name 
 .B mountd
 for the daemon name (even if the binary has a different name).
+.B Note:
+hostnames used in either access file will be ignored when
+they can not be resolved into IP addresses.
 
 For further information please have a look at the
 .BR tcpd (8)
 and
 .BR hosts_access (5)
 manual pages.
-
 .SH SEE ALSO
 .BR rpc.nfsd (8),
 .BR exportfs (8),
- Reworked tcp wrapper code to correctly use API (bz 480223) - General clean up of tcp wrapper code. 2009-01-31 11:42:01 +00:00			`Author: Steve Dickson <steved@redhat.com>`
			`Date: Sat Jan 31 05:50:51 2009 -0500`

			`Converted good_client() to correctly use the tcp wrapper`
			`interface and added a note to the mountd man page saying`
			`hostnames will be ignored when they can not be looked up.`

			`Signed-off-by: Steve Dickson <steved@redhat.com>`

			`diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c`
			`--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig 2009-01-31 06:25:16.000000000 -0500`
			`+++ nfs-utils-1.1.4/support/misc/tcpwrapper.c 2009-01-31 06:26:27.000000000 -0500`
			`@@ -46,7 +46,7 @@`
			`#include <sys/signal.h>`
			`#include <sys/queue.h>`
			`#include <sys/stat.h>`
			`-#include <unistd.h>`
			`+#include <tcpd.h>`

			`#include "xlog.h"`

			`@@ -169,58 +169,15 @@ good_client(daemon, addr)`
			`char *daemon;`
			`struct sockaddr_in *addr;`
			`{`
			`- struct hostent *hp;`
			`- char **sp;`
			`- char *tmpname;`
			`-`
			`- /* First check the address. */`
			`- if (hosts_ctl(daemon, "", inet_ntoa(addr->sin_addr), "") == DENY)`
			`- return DENY;`
			`-`
			`- /* Now do the hostname lookup */`
			`- hp = gethostbyaddr ((const char *) &(addr->sin_addr),`
			`- sizeof (addr->sin_addr), AF_INET);`
			`- if (!hp) {`
			`- xlog(L_WARNING,`
			`- "Warning: Client IP address '%s' not found in host lookup",`
			`- inet_ntoa(addr->sin_addr));`
			`- return DENY; /* never heard of it. misconfigured DNS? */`
			`- }`
			`-`
			`- /* Make sure the hostent is authorative. */`
			`- tmpname = strdup(hp->h_name);`
			`- if (!tmpname) {`
			`- xlog(L_WARNING, "Warning: No memory for Host access check");`
			`- return DENY;`
			`- }`
			`- hp = gethostbyname(tmpname);`
			`- if (!hp) {`
			`- xlog(L_WARNING,`
			`- "Warning: Client hostname '%s' not found in host lookup", tmpname);`
			`- free(tmpname);`
			`- return DENY; /* never heard of it. misconfigured DNS? */`
			`- }`
			`- free(tmpname);`
			`+ struct request_info req;`

			`- /* Now make sure the address is on the list */`
			`- for (sp = hp->h_addr_list ; *sp ; sp++) {`
			`- if (memcmp(*sp, &(addr->sin_addr), hp->h_length) == 0)`
			`- break;`
			`- }`
			`- if (!*sp)`
			`- return DENY; /* it was a FAKE. */`
			`+ request_init(&req, RQ_DAEMON, daemon, RQ_CLIENT_SIN, addr, 0);`
			`+ sock_methods(&req);`

			`- /* Check the official name and address. */`
			`- if (hosts_ctl(daemon, hp->h_name, inet_ntoa(addr->sin_addr), "") == DENY)`
			`- return DENY;`
			`-`
			`- /* Now check aliases. */`
			`- for (sp = hp->h_aliases; *sp ; sp++) {`
			`- if (hosts_ctl(daemon, *sp, inet_ntoa(addr->sin_addr), "") == DENY)`
			`- return DENY;`
			`- }`
			`+ if (hosts_access(&req))`
			`+ return ALLOW;`

			`- return ALLOW;`
			`+ return DENY;`
			`}`

			`/* check_startup - additional startup code */`
			`diff -up nfs-utils-1.1.4/utils/mountd/mountd.man.orig nfs-utils-1.1.4/utils/mountd/mountd.man`
			`--- nfs-utils-1.1.4/utils/mountd/mountd.man.orig 2008-10-17 10:20:09.000000000 -0400`
			`+++ nfs-utils-1.1.4/utils/mountd/mountd.man 2009-01-31 06:26:27.000000000 -0500`
			`@@ -181,13 +181,15 @@ mountd: .bar.com`
			`You have to use the daemon name`
			`.B mountd`
			`for the daemon name (even if the binary has a different name).`
			`+.B Note:`
			`+hostnames used in either access file will be ignored when`
			`+they can not be resolved into IP addresses.`

			`For further information please have a look at the`
			`.BR tcpd (8)`
			`and`
			`.BR hosts_access (5)`
			`manual pages.`
			`-`
			`.SH SEE ALSO`
			`.BR rpc.nfsd (8),`
			`.BR exportfs (8),`