#include "exportfs.h"
#include "mountd.h"
#include "xmalloc.h"
+#include "v4root.h"
enum auth_error
{
static nfs_client my_client;
extern int new_cache;
+extern int use_ipaddr;
void
auth_init(char *exports)
xtab_mount_write();
}
+/*
+ * A client can match many different netgroups and it's tough to know
+ * beforehand whether it will. If the concatenated string of netgroup
+ * m_hostnames is >512 bytes, then enable the "use_ipaddr" mode. This
+ * makes mountd change how it matches a client ip address when a mount
+ * request comes in. It's more efficient at handling netgroups at the
+ * expense of larger kernel caches.
+ */
+static void
+check_useipaddr(void)
+{
+ nfs_client *clp;
+ int old_use_ipaddr = use_ipaddr;
+ unsigned int len = 0;
+
+ /* add length of m_hostname + 1 for the comma */
+ for (clp = clientlist[MCL_NETGROUP]; clp; clp = clp->m_next)
+ len += (strlen(clp->m_hostname) + 1);
+
+ if (len > (NFSCLNT_IDMAX / 2))
+ use_ipaddr = 1;
+ else
+ use_ipaddr = 0;
+
+ if (use_ipaddr != old_use_ipaddr)
+ cache_flush(1);
+}
+
unsigned int
auth_reload()
{
export_freeall();
memset(&my_client, 0, sizeof(my_client));
xtab_export_read();
+ check_useipaddr();
+ v4root_set();
+
++counter;
return counter;
int i;
/* return static nfs_export with details filled in */
char *n;
- my_client.m_addrlist[0] = caller->sin_addr;
- n = client_compose(caller->sin_addr);
- *error = unknown_host;
- if (!n)
+ free(my_client.m_hostname);
+ if (use_ipaddr) {
+ my_client.m_hostname =
+ strdup(inet_ntoa(caller->sin_addr));
+ } else {
+ n = client_compose(hp);
+ *error = unknown_host;
+ if (!n)
+ my_client.m_hostname = NULL;
+ else if (*n)
+ my_client.m_hostname = n;
+ else {
+ free(n);
+ my_client.m_hostname = strdup("DEFAULT");
+ }
+ }
+ if (my_client.m_hostname == NULL)
return NULL;
- strcpy(my_client.m_hostname, *n?n:"DEFAULT");
- free(n);
my_client.m_naddr = 1;
+ my_client.m_addrlist[0] = caller->sin_addr;
my_exp.m_client = &my_client;
exp = NULL;
for (i = 0; !exp && i < MCL_MAXTYPES; i++)
- for (exp = exportlist[i]; exp; exp = exp->m_next) {
- if (!client_member(my_client.m_hostname, exp->m_client->m_hostname))
- continue;
+ for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
if (strcmp(path, exp->m_export.e_path))
continue;
+ if (!use_ipaddr && !client_member(my_client.m_hostname, exp->m_client->m_hostname))
+ continue;
+ if (use_ipaddr && !client_check(exp->m_client, hp))
+ continue;
break;
}
*error = not_exported;
}
}
if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
- (ntohs(caller->sin_port) < IPPORT_RESERVED/2 ||
- ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+ ntohs(caller->sin_port) >= IPPORT_RESERVED) {
*error = illegal_port;
return NULL;
}
char *p = NULL;
struct hostent *hp = NULL;
struct in_addr addr = caller->sin_addr;
- enum auth_error error;
+ enum auth_error error = bad_path;
if (path [0] != '/') {
xlog(L_WARNING, "bad path in %s request from %s: \"%s\"",
epath[sizeof (epath) - 1] = '\0';
auth_fixpath(epath); /* strip duplicate '/' etc */
- hp = get_reliable_hostbyaddr((const char*)&caller->sin_addr, sizeof(struct in_addr),
- AF_INET);
- if (!hp)
- hp = get_hostent((const char*)&caller->sin_addr, sizeof(struct in_addr),
- AF_INET);
+ hp = client_resolve(caller->sin_addr);
if (!hp)
return exp;
break;
case unknown_host:
- xlog(L_WARNING, "%s request from unknown host %s for %s (%s)",
+ xlog(L_WARNING, "refused %s request from %s for %s (%s): unmatched host",
what, inet_ntoa(addr), path, epath);
break;