#include "exportfs.h"
#include "mountd.h"
#include "xmalloc.h"
+#include "v4root.h"
enum auth_error
{
memset(&my_client, 0, sizeof(my_client));
xtab_export_read();
check_useipaddr();
+ v4root_set();
+
++counter;
return counter;
}
+static char *
+get_client_hostname(struct sockaddr_in *caller, struct addrinfo *ai,
+ enum auth_error *error)
+{
+ char *n;
+
+ if (use_ipaddr)
+ return strdup(inet_ntoa(caller->sin_addr));
+ n = client_compose(ai);
+ *error = unknown_host;
+ if (!n)
+ return NULL;
+ if (*n)
+ return n;
+ free(n);
+ return strdup("DEFAULT");
+}
+
+/* return static nfs_export with details filled in */
static nfs_export *
-auth_authenticate_internal(char *what, struct sockaddr_in *caller,
- char *path, struct hostent *hp,
+auth_authenticate_newcache(struct sockaddr_in *caller,
+ char *path, struct addrinfo *ai,
enum auth_error *error)
{
- nfs_export *exp;
+ nfs_export *exp;
+ int i;
- if (new_cache) {
- int i;
- /* return static nfs_export with details filled in */
- char *n;
- free(my_client.m_hostname);
- if (use_ipaddr) {
- my_client.m_hostname =
- strdup(inet_ntoa(caller->sin_addr));
- } else {
- n = client_compose(hp);
- *error = unknown_host;
- if (!n)
- my_client.m_hostname = NULL;
- else if (*n)
- my_client.m_hostname = n;
- else {
- free(n);
- my_client.m_hostname = strdup("DEFAULT");
- }
+ free(my_client.m_hostname);
+
+ my_client.m_hostname = get_client_hostname(caller, ai, error);
+ if (my_client.m_hostname == NULL)
+ return NULL;
+
+ my_client.m_naddr = 1;
+ set_addrlist_in(&my_client, 0, caller);
+ my_exp.m_client = &my_client;
+
+ exp = NULL;
+ for (i = 0; !exp && i < MCL_MAXTYPES; i++)
+ for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
+ if (strcmp(path, exp->m_export.e_path))
+ continue;
+ if (!use_ipaddr && !client_member(my_client.m_hostname, exp->m_client->m_hostname))
+ continue;
+ if (use_ipaddr && !client_check(exp->m_client, ai))
+ continue;
+ break;
}
- if (my_client.m_hostname == NULL)
- return NULL;
- my_client.m_naddr = 1;
- my_client.m_addrlist[0] = caller->sin_addr;
- my_exp.m_client = &my_client;
-
- exp = NULL;
- for (i = 0; !exp && i < MCL_MAXTYPES; i++)
- for (exp = exportlist[i]; exp; exp = exp->m_next) {
- if (strcmp(path, exp->m_export.e_path))
- continue;
- if (!use_ipaddr && !client_member(my_client.m_hostname, exp->m_client->m_hostname))
- continue;
- if (use_ipaddr && !client_check(exp->m_client, hp))
- continue;
- break;
- }
- *error = not_exported;
- if (!exp)
- return exp;
+ *error = not_exported;
+ if (!exp)
+ return NULL;
- my_exp.m_export = exp->m_export;
- exp = &my_exp;
+ my_exp.m_export = exp->m_export;
+ exp = &my_exp;
+ return exp;
+}
+static nfs_export *
+auth_authenticate_internal(struct sockaddr_in *caller,
+ char *path, struct addrinfo *ai,
+ enum auth_error *error)
+{
+ nfs_export *exp;
+
+ if (new_cache) {
+ exp = auth_authenticate_newcache(caller, path, ai, error);
+ if (!exp)
+ return NULL;
} else {
- if (!(exp = export_find(hp, path))) {
+ exp = export_find(ai, path);
+ if (exp == NULL) {
*error = no_entry;
return NULL;
}
- if (!exp->m_mayexport) {
- *error = not_exported;
- return NULL;
- }
+ }
+ if (exp->m_export.e_flags & NFSEXP_V4ROOT) {
+ *error = no_entry;
+ return NULL;
}
if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
- (ntohs(caller->sin_port) < IPPORT_RESERVED/2 ||
- ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+ ntohs(caller->sin_port) >= IPPORT_RESERVED) {
*error = illegal_port;
return NULL;
}
nfs_export *exp = NULL;
char epath[MAXPATHLEN+1];
char *p = NULL;
- struct hostent *hp = NULL;
+ struct addrinfo *ai = NULL;
struct in_addr addr = caller->sin_addr;
enum auth_error error = bad_path;
epath[sizeof (epath) - 1] = '\0';
auth_fixpath(epath); /* strip duplicate '/' etc */
- hp = client_resolve(caller->sin_addr);
- if (!hp)
+ ai = client_resolve((struct sockaddr *)caller);
+ if (ai == NULL)
return exp;
/* Try the longest matching exported pathname. */
while (1) {
- exp = auth_authenticate_internal(what, caller, epath,
- hp, &error);
+ exp = auth_authenticate_internal(caller, epath,
+ ai, &error);
if (exp || (error != not_exported && error != no_entry))
break;
/* We have to treat the root, "/", specially. */
break;
case unknown_host:
- xlog(L_WARNING, "%s request from unknown host %s for %s (%s)",
+ xlog(L_WARNING, "refused %s request from %s for %s (%s): unmatched host",
what, inet_ntoa(addr), path, epath);
break;
case no_entry:
xlog(L_WARNING, "refused %s request from %s for %s (%s): no export entry",
- what, hp->h_name, path, epath);
+ what, ai->ai_canonname, path, epath);
break;
case not_exported:
xlog(L_WARNING, "refused %s request from %s for %s (%s): not exported",
- what, hp->h_name, path, epath);
+ what, ai->ai_canonname, path, epath);
break;
case illegal_port:
xlog(L_WARNING, "refused %s request from %s for %s (%s): illegal port %d",
- what, hp->h_name, path, epath, ntohs(caller->sin_port));
+ what, ai->ai_canonname, path, epath, ntohs(caller->sin_port));
break;
case success:
xlog(L_NOTICE, "authenticated %s request from %s:%d for %s (%s)",
- what, hp->h_name, ntohs(caller->sin_port), path, epath);
+ what, ai->ai_canonname, ntohs(caller->sin_port), path, epath);
break;
default:
xlog(L_NOTICE, "%s request from %s:%d for %s (%s) gave %d",
- what, hp->h_name, ntohs(caller->sin_port), path, epath, error);
+ what, ai->ai_canonname, ntohs(caller->sin_port),
+ path, epath, error);
}
- if (hp)
- free (hp);
-
+ freeaddrinfo(ai);
return exp;
}