From: Steve Dickson Date: Fri, 19 Dec 2008 19:20:14 +0000 (-0500) Subject: To ensure the hash table of clients has valid X-Git-Tag: nfs-utils-1-1-5~37 X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=71f9f61517bf301f723b79651d53590ef97c3556;p=nfs-utils.git To ensure the hash table of clients has valid access rights, check the modification times on both access files. If one of them have change, update the hash entry instead of creating a new entry. Signed-off-by: Steve Dickson --- diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c index f7fd3a9..bc7fb4a 100644 --- a/support/misc/tcpwrapper.c +++ b/support/misc/tcpwrapper.c @@ -45,6 +45,9 @@ #include #include #include +#include +#include + #ifdef SYSV40 #include #include @@ -53,6 +56,8 @@ static void logit(int severity, struct sockaddr_in *addr, u_long procnum, u_long prognum, char *text); static void toggle_verboselog(int sig); +static int check_files(void); + int verboselog = 0; int allow_severity = LOG_INFO; int deny_severity = LOG_WARNING; @@ -246,6 +251,33 @@ void check_startup(void) (void) signal(SIGINT, toggle_verboselog); } +/* check_files - check to see if either access files have changed */ + +static int check_files() +{ + static time_t allow_mtime, deny_mtime; + struct stat astat, dstat; + int changed = 0; + + if (stat("/etc/hosts.allow", &astat) < 0) + astat.st_mtime = 0; + if (stat("/etc/hosts.deny", &dstat) < 0) + dstat.st_mtime = 0; + + if(!astat.st_mtime || !dstat.st_mtime) + return changed; + + if (astat.st_mtime != allow_mtime) + changed = 1; + else if (dstat.st_mtime != deny_mtime) + changed = 1; + + allow_mtime = astat.st_mtime; + deny_mtime = dstat.st_mtime; + + return changed; +} + /* check_default - additional checks for NULL, DUMP, GETPORT and unknown */ int @@ -256,20 +288,27 @@ u_long proc; u_long prog; { haccess_t *acc = NULL; + int changed = check_files(); acc = haccess_lookup(addr, proc, prog); - if (acc) + if (acc && changed == 0) return (acc->access); if (!(from_local(addr) || good_client(daemon, addr))) { log_bad_host(addr, proc, prog); - haccess_add(addr, proc, prog, FALSE); + if (acc) + acc->access = FALSE; + else + haccess_add(addr, proc, prog, FALSE); return (FALSE); } if (verboselog) log_client(addr, proc, prog); - haccess_add(addr, proc, prog, TRUE); + if (acc) + acc->access = TRUE; + else + haccess_add(addr, proc, prog, TRUE); return (TRUE); }