X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=utils%2Fmountd%2Fauth.c;h=eb9cdebad2314093efba87b0e20bfb63e9b6da26;hb=refs%2Ftags%2Fnfs-utils-1-1-0-pre2;hp=9f63120b8b58b5677bcfd99060ed6081a9377222;hpb=8b7ad01b14df1e7529b9ba8a1ea17df0d6004ef9;p=nfs-utils.git diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c index 9f63120..eb9cdeb 100644 --- a/utils/mountd/auth.c +++ b/utils/mountd/auth.c @@ -16,6 +16,7 @@ #include "nfslib.h" #include "exportfs.h" #include "mountd.h" +#include "xmalloc.h" enum auth_error { @@ -24,14 +25,10 @@ enum auth_error no_entry, not_exported, illegal_port, - faked_hostent, success }; static void auth_fixpath(char *path); -static nfs_export* auth_authenticate_internal - (char *what, struct sockaddr_in *caller, char *path, - struct hostent **hpp, enum auth_error *error); static char *export_file = NULL; void @@ -64,44 +61,12 @@ auth_reload() static nfs_export * auth_authenticate_internal(char *what, struct sockaddr_in *caller, - char *path, struct hostent **hpp, + char *path, struct hostent *hp, enum auth_error *error) { - struct in_addr addr = caller->sin_addr; nfs_export *exp; - if (path[0] != '/') { - *error = bad_path; - return NULL; - } - auth_fixpath(path); - - if (!(*hpp = gethostbyaddr((const char *)&addr, sizeof(addr), AF_INET))) - *hpp = get_hostent((const char *)&addr, sizeof(addr), - AF_INET); - else { - /* must make sure the hostent is authorative. */ - char *name = strdup((*hpp)->h_name); - char **sp; - *hpp = gethostbyname(name); - /* now make sure the "addr" is in the list */ - for (sp = (*hpp)->h_addr_list ; *sp ; sp++) { - if (memcmp(*sp, &addr, (*hpp)->h_length)==0) - break; - } - - if (!*sp) { - free(name); - /* it was a FAKE */ - *error = faked_hostent; - *hpp = NULL; - return NULL; - } - *hpp = hostent_dup (*hpp); - free(name); - } - - if (!(exp = export_find(*hpp, path))) { + if (!(exp = export_find(hp, path))) { *error = no_entry; return NULL; } @@ -132,19 +97,28 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path) struct in_addr addr = caller->sin_addr; enum auth_error error; - if (path [0] != '/') return exp; + if (path [0] != '/') { + xlog(L_WARNING, "bad path in %s request from %s: \"%s\"", + what, inet_ntoa(addr), path); + return exp; + } strncpy(epath, path, sizeof (epath) - 1); epath[sizeof (epath) - 1] = '\0'; + auth_fixpath(epath); /* strip duplicate '/' etc */ + + hp = get_reliable_hostbyaddr((const char*)&caller->sin_addr, sizeof(struct in_addr), + AF_INET); + if (!hp) + hp = get_hostent((const char*)&caller->sin_addr, sizeof(struct in_addr), + AF_INET); + if (!hp) + return exp; /* Try the longest matching exported pathname. */ while (1) { - if (hp) { - free (hp); - hp = NULL; - } exp = auth_authenticate_internal(what, caller, epath, - &hp, &error); + hp, &error); if (exp || (error != not_exported && error != no_entry)) break; /* We have to treat the root, "/", specially. */ @@ -153,6 +127,7 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path) if (p == epath) p++; *p = '\0'; } + free(hp); switch (error) { case bad_path: @@ -180,11 +155,6 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path) what, hp->h_name, path, epath, ntohs(caller->sin_port)); break; - case faked_hostent: - xlog(L_WARNING, "refused %s request from %s for %s (%s): faked hostent", - what, inet_ntoa(addr), path, epath); - break; - case success: xlog(L_NOTICE, "authenticated %s request from %s:%d for %s (%s)", what, hp->h_name, ntohs(caller->sin_port), path, epath);