- Added warnings to tcp wrapper code when mounts are denied due to

misconfigured DNS configurations.
2009-01-05 18:03:37 +00:00 · 2009-01-05 18:03:37 +00:00 · 89af843130
commit 89af843130
parent 36e2ddf1fc
2 changed files with 62 additions and 1 deletions
--- a/nfs-utils-1.1.4-tcpwrap-warn.patch
+++ b/nfs-utils-1.1.4-tcpwrap-warn.patch
@ -0,0 +1,55 @@
+commit 6e3f696e788a56f30b5b3f8250647fe4cd63c884
+Author: Steve Dickson <steved@redhat.com>
+Date:   Sat Jan 3 14:08:25 2009 -0500
+
+    Now that the TCP wrapper actually works, mounts will
+    be denied with misconfigured DNS configurations. Warnings
+    will be logged when these types of configurations are
+    detected.
+    
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c
+--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig	2009-01-03 13:02:15.000000000 -0500
+++ nfs-utils-1.1.4/support/misc/tcpwrapper.c	2009-01-03 14:05:42.000000000 -0500
+@@ -48,6 +48,8 @@
+ #include <sys/stat.h>
+ #include <unistd.h>
+ 
+#include "xlog.h"
+
+ #ifdef SYSV40
+ #include <netinet/in.h>
+ #include <rpc/rpcent.h>
+@@ -179,17 +181,27 @@ struct sockaddr_in *addr;
+ 	/* Now do the hostname lookup */
+ 	hp = gethostbyaddr ((const char *) &(addr->sin_addr),
+ 		sizeof (addr->sin_addr), AF_INET);
+-	if (!hp)
+	if (!hp) {
+		xlog(L_WARNING, 
+			"Warning: Client IP address '%s' not found in host lookup",
+			inet_ntoa(addr->sin_addr));
+ 		return DENY; /* never heard of it. misconfigured DNS? */
+	}
+ 
+ 	/* Make sure the hostent is authorative. */
+ 	tmpname = strdup(hp->h_name);
+-	if (!tmpname)
+	if (!tmpname) {
+		xlog(L_WARNING, "Warning: No memory for Host access check");
+ 		return DENY;
+	}
+ 	hp = gethostbyname(tmpname);
+-	free(tmpname);
+-	if (!hp)
+	if (!hp) {
+		xlog(L_WARNING, 
+			"Warning: Client hostname '%s' not found in host lookup", tmpname);
+		free(tmpname);
+ 		return DENY; /* never heard of it. misconfigured DNS? */
+	}
+	free(tmpname);
+ 
+ 	/* Now make sure the address is on the list */
+ 	for (sp = hp->h_addr_list ; *sp ; sp++) {
--- a/nfs-utils.spec
+++ b/nfs-utils.spec
@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
 Name: nfs-utils
 URL: http://sourceforge.net/projects/nfs
 Version: 1.1.4
-Release: 10%{?dist}
+Release: 11%{?dist}
 Epoch: 1

 # group all 32bit related archs
@ -39,6 +39,7 @@ Patch109: nfs-utils-1.1.4-mount-po_get_numeric.patch
 Patch110: nfs-utils-1.1.4-sm-notify-freeaddrinfo.patch
 Patch111: nfs-utils-1.1.4-statd-xunlink.patch
 Patch112: nfs-utils-1.1.4-tcpwrapper-update.patch
+Patch113: nfs-utils-1.1.4-tcpwrap-warn.patch

 %if %{enablefscache}
 Patch90: nfs-utils-1.1.0-mount-fsc.patch
@ -106,6 +107,7 @@ This package also contains the mount.nfs and umount.nfs program.
 %patch110 -p1
 %patch111 -p1
 %patch112 -p1
+%patch113 -p1

 %if %{enablefscache}
 %patch90 -p1
@ -269,6 +271,10 @@ fi
 %attr(4755,root,root)   /sbin/umount.nfs4

 %changelog
+* Sat Jan  3 2009 Steve Dickson <steved@redhat.com> 1.1.4-11
+- Added warnings to tcp wrapper code when mounts are 
+  denied due to misconfigured DNS configurations.
+
 * Fri Dec 19 2008 Steve Dickson <steved@redhat.com> 1.1.4-10
 - Re-enabled and fixed/enhanced tcp wrappers.