nfs-utils/nfs-utils-1.1.4-tcpwrap-newrules.patch

107 lines
3.1 KiB
Diff
Raw Normal View History

Author: Steve Dickson <steved@redhat.com>
Date: Sat Jan 31 05:50:51 2009 -0500
Converted good_client() to correctly use the tcp wrapper
interface and added a note to the mountd man page saying
hostnames will be ignored when they can not be looked up.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c
--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig 2009-01-31 06:25:16.000000000 -0500
+++ nfs-utils-1.1.4/support/misc/tcpwrapper.c 2009-01-31 06:26:27.000000000 -0500
@@ -46,7 +46,7 @@
#include <sys/signal.h>
#include <sys/queue.h>
#include <sys/stat.h>
-#include <unistd.h>
+#include <tcpd.h>
#include "xlog.h"
@@ -169,58 +169,15 @@ good_client(daemon, addr)
char *daemon;
struct sockaddr_in *addr;
{
- struct hostent *hp;
- char **sp;
- char *tmpname;
-
- /* First check the address. */
- if (hosts_ctl(daemon, "", inet_ntoa(addr->sin_addr), "") == DENY)
- return DENY;
-
- /* Now do the hostname lookup */
- hp = gethostbyaddr ((const char *) &(addr->sin_addr),
- sizeof (addr->sin_addr), AF_INET);
- if (!hp) {
- xlog(L_WARNING,
- "Warning: Client IP address '%s' not found in host lookup",
- inet_ntoa(addr->sin_addr));
- return DENY; /* never heard of it. misconfigured DNS? */
- }
-
- /* Make sure the hostent is authorative. */
- tmpname = strdup(hp->h_name);
- if (!tmpname) {
- xlog(L_WARNING, "Warning: No memory for Host access check");
- return DENY;
- }
- hp = gethostbyname(tmpname);
- if (!hp) {
- xlog(L_WARNING,
- "Warning: Client hostname '%s' not found in host lookup", tmpname);
- free(tmpname);
- return DENY; /* never heard of it. misconfigured DNS? */
- }
- free(tmpname);
+ struct request_info req;
- /* Now make sure the address is on the list */
- for (sp = hp->h_addr_list ; *sp ; sp++) {
- if (memcmp(*sp, &(addr->sin_addr), hp->h_length) == 0)
- break;
- }
- if (!*sp)
- return DENY; /* it was a FAKE. */
+ request_init(&req, RQ_DAEMON, daemon, RQ_CLIENT_SIN, addr, 0);
+ sock_methods(&req);
- /* Check the official name and address. */
- if (hosts_ctl(daemon, hp->h_name, inet_ntoa(addr->sin_addr), "") == DENY)
- return DENY;
-
- /* Now check aliases. */
- for (sp = hp->h_aliases; *sp ; sp++) {
- if (hosts_ctl(daemon, *sp, inet_ntoa(addr->sin_addr), "") == DENY)
- return DENY;
- }
+ if (hosts_access(&req))
+ return ALLOW;
- return ALLOW;
+ return DENY;
}
/* check_startup - additional startup code */
diff -up nfs-utils-1.1.4/utils/mountd/mountd.man.orig nfs-utils-1.1.4/utils/mountd/mountd.man
--- nfs-utils-1.1.4/utils/mountd/mountd.man.orig 2008-10-17 10:20:09.000000000 -0400
+++ nfs-utils-1.1.4/utils/mountd/mountd.man 2009-01-31 06:26:27.000000000 -0500
@@ -181,13 +181,15 @@ mountd: .bar.com
You have to use the daemon name
.B mountd
for the daemon name (even if the binary has a different name).
+.B Note:
+hostnames used in either access file will be ignored when
+they can not be resolved into IP addresses.
For further information please have a look at the
.BR tcpd (8)
and
.BR hosts_access (5)
manual pages.
-
.SH SEE ALSO
.BR rpc.nfsd (8),
.BR exportfs (8),