mountd: Don't do tcp wrapper check when there are no rules (bz 448898)

nfs-utils-1.1.4-tcpwrap-rulecheck.patch

@@ -0,0 +1,100 @@
+commit 5f09a2bacb4bf0a906e2d19931568b91fb6c5088
+Author: Steve Dickson <steved@redhat.com>
+Date:   Tue Jan 20 06:16:56 2009 -0500
+
+    mountd: Don't do tcp wrapper check when there are no rules
+    
+    If there are no rules in either /etc/hosts.deny or
+    /etc/hosts.allow there is no need to do the host validation.
+    
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c
+--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig	2009-01-07 12:56:07.000000000 -0500
++++ nfs-utils-1.1.4/support/misc/tcpwrapper.c	2009-01-20 06:00:38.000000000 -0500
+@@ -34,6 +34,7 @@
+ #ifdef HAVE_CONFIG_H
+ #include <config.h>
+ #endif
++#include <stdio.h>
+ #include <tcpwrapper.h>
+ #include <unistd.h>
+ #include <string.h>
+@@ -55,6 +56,8 @@
+ #include <rpc/rpcent.h>
+ #endif
+ 
++static int check_files(void);
++static int check_rules(void);
+ static void logit(int severity, struct sockaddr_in *addr,
+ 		  u_long procnum, u_long prognum, char *text);
+ static void toggle_verboselog(int sig);
+@@ -261,8 +264,40 @@ void    check_startup(void)
+     (void) signal(SIGINT, toggle_verboselog);
+ }
+ 
+-/* check_files - check to see if either access files have changed */
++/*
++ * check_rules - check to see if any entries exist in
++ * either hosts file.
++ */
++int check_rules()
++{
++	FILE *fp;
++	char buf[BUFSIZ];
++
++	if ((fp = fopen("/etc/hosts.allow", "r")) == NULL)
++		return 0;
++
++	while (fgets(buf, BUFSIZ, fp) != NULL) {
++		if (buf[0] == '#')
++			continue;
++		fclose(fp);
++		return 1;
++	}
++	fclose(fp);
++
++	if ((fp = fopen("/etc/hosts.deny", "r")) == NULL)
++		return 0;
++
++	while (fgets(buf, BUFSIZ, fp) != NULL) {
++		if (buf[0] == '#')
++			continue;
++		fclose(fp);
++		return 1;
++	}
++	fclose(fp);
++	return 0;
++}
+ 
++/* check_files - check to see if either access files have changed */
+ int check_files()
+ {
+ 	static time_t allow_mtime, deny_mtime;
+@@ -304,6 +339,13 @@ u_long  prog;
+ 	if (acc && changed == 0)
+ 		return (acc->access);
+ 
++	/*
++	 * See if there are any rules to be applied,
++	 * if not, no need to check the address
++	 */
++	if (check_rules() == 0)
++		goto done;
++
+ 	if (!(from_local(addr) || good_client(daemon, addr))) {
+ 		log_bad_host(addr, proc, prog);
+ 		if (acc)
+@@ -315,10 +357,12 @@ u_long  prog;
+ 	if (verboselog)
+ 		log_client(addr, proc, prog);
+ 
++done:
+ 	if (acc)
+ 		acc->access = TRUE;
+ 	else 
+ 		haccess_add(addr, proc, prog, TRUE);
++
+     return (TRUE);
+ }
+ 

nfs-utils.spec

@@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
 Name: nfs-utils
 URL: http://sourceforge.net/projects/nfs
 Version: 1.1.4
-Release: 12%{?dist}
+Release: 13%{?dist}
 Epoch: 1
 
 # group all 32bit related archs
@@ -44,6 +44,7 @@ Patch114: nfs-utils-1.1.4-gssd-verbosity.patch
 Patch115: nfs-utils-1.1.4-mount-addrconfig.patch
 Patch116: nfs-utils-1.1.4-configure-uuid.patch
 Patch117: nfs-utils-1.1.4-configure-tirpc.patch
+Patch118: nfs-utils-1.1.4-tcpwrap-rulecheck.patch
 
 %if %{enablefscache}
 Patch90: nfs-utils-1.1.0-mount-fsc.patch
@@ -116,6 +117,7 @@ This package also contains the mount.nfs and umount.nfs program.
 %patch115 -p1
 %patch116 -p1
 %patch117 -p1
+%patch118 -p1
 
 %if %{enablefscache}
 %patch90 -p1
@@ -279,6 +281,9 @@ fi
 %attr(4755,root,root)   /sbin/umount.nfs4
 
 %changelog
+* Tue Jan 20 2009 Steve Dickson <steved@redhat.com> 1.1.4-13
+- mountd: Don't do tcp wrapper check when there are no rules (bz 448898)
+
 * Wed Jan  7 2009 Steve Dickson <steved@redhat.com> 1.1.4-12
 - configure: Remove inet_ntop(3) check from configure.ac
 - configure: Add new build option "--enable-tirpc"