#include <arpa/inet.h>
#include <errno.h>
#include <unistd.h>
+
+#include "sockaddr.h"
#include "misc.h"
#include "nfslib.h"
#include "exportfs.h"
return counter;
}
-static char *get_client_hostname(struct sockaddr_in *caller, struct hostent *hp, enum auth_error *error)
+static char *get_client_ipaddr_name(const struct sockaddr *caller)
+{
+ char buf[INET6_ADDRSTRLEN + 1];
+
+ buf[0] = '$';
+ host_ntop(caller, buf + 1, sizeof(buf) - 1);
+ return strdup(buf);
+}
+
+static char *
+get_client_hostname(const struct sockaddr *caller, struct addrinfo *ai,
+ enum auth_error *error)
{
char *n;
if (use_ipaddr)
- return strdup(inet_ntoa(caller->sin_addr));
- n = client_compose(hp);
+ return get_client_ipaddr_name(caller);
+ n = client_compose(ai);
*error = unknown_host;
if (!n)
return NULL;
return strdup("DEFAULT");
}
+bool ipaddr_client_matches(nfs_export *exp, struct addrinfo *ai)
+{
+ return client_check(exp->m_client, ai);
+}
+
+bool namelist_client_matches(nfs_export *exp, char *dom)
+{
+ return client_member(dom, exp->m_client->m_hostname);
+}
+
+bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai)
+{
+ if (is_ipaddr_client(dom))
+ return ipaddr_client_matches(exp, ai);
+ return namelist_client_matches(exp, dom);
+}
+
/* return static nfs_export with details filled in */
static nfs_export *
-auth_authenticate_newcache(char *what, struct sockaddr_in *caller,
- char *path, struct hostent *hp,
+auth_authenticate_newcache(const struct sockaddr *caller,
+ const char *path, struct addrinfo *ai,
enum auth_error *error)
{
nfs_export *exp;
free(my_client.m_hostname);
- my_client.m_hostname = get_client_hostname(caller, hp, error);
+ my_client.m_hostname = get_client_hostname(caller, ai, error);
if (my_client.m_hostname == NULL)
return NULL;
my_client.m_naddr = 1;
- my_client.m_addrlist[0] = caller->sin_addr;
+ set_addrlist(&my_client, 0, caller);
my_exp.m_client = &my_client;
exp = NULL;
for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
if (strcmp(path, exp->m_export.e_path))
continue;
- if (!use_ipaddr && !client_member(my_client.m_hostname, exp->m_client->m_hostname))
+ if (!client_matches(exp, my_client.m_hostname, ai))
continue;
- if (use_ipaddr && !client_check(exp->m_client, hp))
+ if (exp->m_export.e_flags & NFSEXP_V4ROOT)
+ /* not acceptable for v[23] export */
continue;
break;
}
}
static nfs_export *
-auth_authenticate_internal(char *what, struct sockaddr_in *caller,
- char *path, struct hostent *hp,
- enum auth_error *error)
+auth_authenticate_internal(const struct sockaddr *caller, const char *path,
+ struct addrinfo *ai, enum auth_error *error)
{
nfs_export *exp;
if (new_cache) {
- exp = auth_authenticate_newcache(what, caller, path, hp, error);
+ exp = auth_authenticate_newcache(caller, path, ai, error);
if (!exp)
return NULL;
} else {
- if (!(exp = export_find(hp, path))) {
+ exp = export_find(ai, path);
+ if (exp == NULL) {
*error = no_entry;
return NULL;
}
}
- if (exp->m_export.e_flags & NFSEXP_V4ROOT) {
- *error = no_entry;
- return NULL;
- }
if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
- ntohs(caller->sin_port) >= IPPORT_RESERVED) {
+ nfs_get_port(caller) >= IPPORT_RESERVED) {
*error = illegal_port;
return NULL;
}
}
nfs_export *
-auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
+auth_authenticate(const char *what, const struct sockaddr *caller,
+ const char *path)
{
nfs_export *exp = NULL;
char epath[MAXPATHLEN+1];
char *p = NULL;
- struct hostent *hp = NULL;
- struct in_addr addr = caller->sin_addr;
+ char buf[INET6_ADDRSTRLEN];
+ struct addrinfo *ai = NULL;
enum auth_error error = bad_path;
- if (path [0] != '/') {
- xlog(L_WARNING, "bad path in %s request from %s: \"%s\"",
- what, inet_ntoa(addr), path);
+ if (path[0] != '/') {
+ xlog(L_WARNING, "Bad path in %s request from %s: \"%s\"",
+ what, host_ntop(caller, buf, sizeof(buf)), path);
return exp;
}
epath[sizeof (epath) - 1] = '\0';
auth_fixpath(epath); /* strip duplicate '/' etc */
- hp = client_resolve(caller->sin_addr);
- if (!hp)
+ ai = client_resolve(caller);
+ if (ai == NULL)
return exp;
/* Try the longest matching exported pathname. */
while (1) {
- exp = auth_authenticate_internal(what, caller, epath,
- hp, &error);
+ exp = auth_authenticate_internal(caller, epath, ai, &error);
if (exp || (error != not_exported && error != no_entry))
break;
/* We have to treat the root, "/", specially. */
switch (error) {
case bad_path:
xlog(L_WARNING, "bad path in %s request from %s: \"%s\"",
- what, inet_ntoa(addr), path);
+ what, host_ntop(caller, buf, sizeof(buf)), path);
break;
case unknown_host:
xlog(L_WARNING, "refused %s request from %s for %s (%s): unmatched host",
- what, inet_ntoa(addr), path, epath);
+ what, host_ntop(caller, buf, sizeof(buf)), path, epath);
break;
case no_entry:
xlog(L_WARNING, "refused %s request from %s for %s (%s): no export entry",
- what, hp->h_name, path, epath);
+ what, ai->ai_canonname, path, epath);
break;
case not_exported:
xlog(L_WARNING, "refused %s request from %s for %s (%s): not exported",
- what, hp->h_name, path, epath);
+ what, ai->ai_canonname, path, epath);
break;
case illegal_port:
- xlog(L_WARNING, "refused %s request from %s for %s (%s): illegal port %d",
- what, hp->h_name, path, epath, ntohs(caller->sin_port));
+ xlog(L_WARNING, "refused %s request from %s for %s (%s): illegal port %u",
+ what, ai->ai_canonname, path, epath, nfs_get_port(caller));
break;
case success:
- xlog(L_NOTICE, "authenticated %s request from %s:%d for %s (%s)",
- what, hp->h_name, ntohs(caller->sin_port), path, epath);
+ xlog(L_NOTICE, "authenticated %s request from %s:%u for %s (%s)",
+ what, ai->ai_canonname, nfs_get_port(caller), path, epath);
break;
default:
- xlog(L_NOTICE, "%s request from %s:%d for %s (%s) gave %d",
- what, hp->h_name, ntohs(caller->sin_port), path, epath, error);
+ xlog(L_NOTICE, "%s request from %s:%u for %s (%s) gave %d",
+ what, ai->ai_canonname, nfs_get_port(caller),
+ path, epath, error);
}
- if (hp)
- free (hp);
-
+ freeaddrinfo(ai);
return exp;
}