107 lines
3.1 KiB
Diff
107 lines
3.1 KiB
Diff
|
Author: Steve Dickson <steved@redhat.com>
|
||
|
Date: Sat Jan 31 05:50:51 2009 -0500
|
||
|
|
||
|
Converted good_client() to correctly use the tcp wrapper
|
||
|
interface and added a note to the mountd man page saying
|
||
|
hostnames will be ignored when they can not be looked up.
|
||
|
|
||
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||
|
|
||
|
diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c
|
||
|
--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig 2009-01-31 06:25:16.000000000 -0500
|
||
|
+++ nfs-utils-1.1.4/support/misc/tcpwrapper.c 2009-01-31 06:26:27.000000000 -0500
|
||
|
@@ -46,7 +46,7 @@
|
||
|
#include <sys/signal.h>
|
||
|
#include <sys/queue.h>
|
||
|
#include <sys/stat.h>
|
||
|
-#include <unistd.h>
|
||
|
+#include <tcpd.h>
|
||
|
|
||
|
#include "xlog.h"
|
||
|
|
||
|
@@ -169,58 +169,15 @@ good_client(daemon, addr)
|
||
|
char *daemon;
|
||
|
struct sockaddr_in *addr;
|
||
|
{
|
||
|
- struct hostent *hp;
|
||
|
- char **sp;
|
||
|
- char *tmpname;
|
||
|
-
|
||
|
- /* First check the address. */
|
||
|
- if (hosts_ctl(daemon, "", inet_ntoa(addr->sin_addr), "") == DENY)
|
||
|
- return DENY;
|
||
|
-
|
||
|
- /* Now do the hostname lookup */
|
||
|
- hp = gethostbyaddr ((const char *) &(addr->sin_addr),
|
||
|
- sizeof (addr->sin_addr), AF_INET);
|
||
|
- if (!hp) {
|
||
|
- xlog(L_WARNING,
|
||
|
- "Warning: Client IP address '%s' not found in host lookup",
|
||
|
- inet_ntoa(addr->sin_addr));
|
||
|
- return DENY; /* never heard of it. misconfigured DNS? */
|
||
|
- }
|
||
|
-
|
||
|
- /* Make sure the hostent is authorative. */
|
||
|
- tmpname = strdup(hp->h_name);
|
||
|
- if (!tmpname) {
|
||
|
- xlog(L_WARNING, "Warning: No memory for Host access check");
|
||
|
- return DENY;
|
||
|
- }
|
||
|
- hp = gethostbyname(tmpname);
|
||
|
- if (!hp) {
|
||
|
- xlog(L_WARNING,
|
||
|
- "Warning: Client hostname '%s' not found in host lookup", tmpname);
|
||
|
- free(tmpname);
|
||
|
- return DENY; /* never heard of it. misconfigured DNS? */
|
||
|
- }
|
||
|
- free(tmpname);
|
||
|
+ struct request_info req;
|
||
|
|
||
|
- /* Now make sure the address is on the list */
|
||
|
- for (sp = hp->h_addr_list ; *sp ; sp++) {
|
||
|
- if (memcmp(*sp, &(addr->sin_addr), hp->h_length) == 0)
|
||
|
- break;
|
||
|
- }
|
||
|
- if (!*sp)
|
||
|
- return DENY; /* it was a FAKE. */
|
||
|
+ request_init(&req, RQ_DAEMON, daemon, RQ_CLIENT_SIN, addr, 0);
|
||
|
+ sock_methods(&req);
|
||
|
|
||
|
- /* Check the official name and address. */
|
||
|
- if (hosts_ctl(daemon, hp->h_name, inet_ntoa(addr->sin_addr), "") == DENY)
|
||
|
- return DENY;
|
||
|
-
|
||
|
- /* Now check aliases. */
|
||
|
- for (sp = hp->h_aliases; *sp ; sp++) {
|
||
|
- if (hosts_ctl(daemon, *sp, inet_ntoa(addr->sin_addr), "") == DENY)
|
||
|
- return DENY;
|
||
|
- }
|
||
|
+ if (hosts_access(&req))
|
||
|
+ return ALLOW;
|
||
|
|
||
|
- return ALLOW;
|
||
|
+ return DENY;
|
||
|
}
|
||
|
|
||
|
/* check_startup - additional startup code */
|
||
|
diff -up nfs-utils-1.1.4/utils/mountd/mountd.man.orig nfs-utils-1.1.4/utils/mountd/mountd.man
|
||
|
--- nfs-utils-1.1.4/utils/mountd/mountd.man.orig 2008-10-17 10:20:09.000000000 -0400
|
||
|
+++ nfs-utils-1.1.4/utils/mountd/mountd.man 2009-01-31 06:26:27.000000000 -0500
|
||
|
@@ -181,13 +181,15 @@ mountd: .bar.com
|
||
|
You have to use the daemon name
|
||
|
.B mountd
|
||
|
for the daemon name (even if the binary has a different name).
|
||
|
+.B Note:
|
||
|
+hostnames used in either access file will be ignored when
|
||
|
+they can not be resolved into IP addresses.
|
||
|
|
||
|
For further information please have a look at the
|
||
|
.BR tcpd (8)
|
||
|
and
|
||
|
.BR hosts_access (5)
|
||
|
manual pages.
|
||
|
-
|
||
|
.SH SEE ALSO
|
||
|
.BR rpc.nfsd (8),
|
||
|
.BR exportfs (8),
|