From 89af843130a49f6c0b89341d0b415c2373727816 Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Mon, 5 Jan 2009 18:03:37 +0000 Subject: [PATCH] - Added warnings to tcp wrapper code when mounts are denied due to misconfigured DNS configurations. --- nfs-utils-1.1.4-tcpwrap-warn.patch | 55 ++++++++++++++++++++++++++++++ nfs-utils.spec | 8 ++++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 nfs-utils-1.1.4-tcpwrap-warn.patch diff --git a/nfs-utils-1.1.4-tcpwrap-warn.patch b/nfs-utils-1.1.4-tcpwrap-warn.patch new file mode 100644 index 0000000..5c8914e --- /dev/null +++ b/nfs-utils-1.1.4-tcpwrap-warn.patch @@ -0,0 +1,55 @@ +commit 6e3f696e788a56f30b5b3f8250647fe4cd63c884 +Author: Steve Dickson +Date: Sat Jan 3 14:08:25 2009 -0500 + + Now that the TCP wrapper actually works, mounts will + be denied with misconfigured DNS configurations. Warnings + will be logged when these types of configurations are + detected. + + Signed-off-by: Steve Dickson + +diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c +--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig 2009-01-03 13:02:15.000000000 -0500 ++++ nfs-utils-1.1.4/support/misc/tcpwrapper.c 2009-01-03 14:05:42.000000000 -0500 +@@ -48,6 +48,8 @@ + #include + #include + ++#include "xlog.h" ++ + #ifdef SYSV40 + #include + #include +@@ -179,17 +181,27 @@ struct sockaddr_in *addr; + /* Now do the hostname lookup */ + hp = gethostbyaddr ((const char *) &(addr->sin_addr), + sizeof (addr->sin_addr), AF_INET); +- if (!hp) ++ if (!hp) { ++ xlog(L_WARNING, ++ "Warning: Client IP address '%s' not found in host lookup", ++ inet_ntoa(addr->sin_addr)); + return DENY; /* never heard of it. misconfigured DNS? */ ++ } + + /* Make sure the hostent is authorative. */ + tmpname = strdup(hp->h_name); +- if (!tmpname) ++ if (!tmpname) { ++ xlog(L_WARNING, "Warning: No memory for Host access check"); + return DENY; ++ } + hp = gethostbyname(tmpname); +- free(tmpname); +- if (!hp) ++ if (!hp) { ++ xlog(L_WARNING, ++ "Warning: Client hostname '%s' not found in host lookup", tmpname); ++ free(tmpname); + return DENY; /* never heard of it. misconfigured DNS? */ ++ } ++ free(tmpname); + + /* Now make sure the address is on the list */ + for (sp = hp->h_addr_list ; *sp ; sp++) { diff --git a/nfs-utils.spec b/nfs-utils.spec index 5672827..9a6820e 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.1.4 -Release: 10%{?dist} +Release: 11%{?dist} Epoch: 1 # group all 32bit related archs @@ -39,6 +39,7 @@ Patch109: nfs-utils-1.1.4-mount-po_get_numeric.patch Patch110: nfs-utils-1.1.4-sm-notify-freeaddrinfo.patch Patch111: nfs-utils-1.1.4-statd-xunlink.patch Patch112: nfs-utils-1.1.4-tcpwrapper-update.patch +Patch113: nfs-utils-1.1.4-tcpwrap-warn.patch %if %{enablefscache} Patch90: nfs-utils-1.1.0-mount-fsc.patch @@ -106,6 +107,7 @@ This package also contains the mount.nfs and umount.nfs program. %patch110 -p1 %patch111 -p1 %patch112 -p1 +%patch113 -p1 %if %{enablefscache} %patch90 -p1 @@ -269,6 +271,10 @@ fi %attr(4755,root,root) /sbin/umount.nfs4 %changelog +* Sat Jan 3 2009 Steve Dickson 1.1.4-11 +- Added warnings to tcp wrapper code when mounts are + denied due to misconfigured DNS configurations. + * Fri Dec 19 2008 Steve Dickson 1.1.4-10 - Re-enabled and fixed/enhanced tcp wrappers.