mountd: auth.c no longer needs #include xmalloc.h

[nfs-utils.git] / utils / mountd / auth.c
diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c

index 13eba70b7bcbab152d2d6a50f4776175c6e48879..330cab531ea5b7832c987b8824b3200f392650a7 100644 (file)
--- a/utils/mountd/auth.c
+++ b/utils/mountd/auth.c
@@ -10,16 +10,19 @@
  #include <config.h>
  #endif
  
+#include <sys/types.h>
  #include <sys/stat.h>
  #include <netinet/in.h>
  #include <arpa/inet.h>
  #include <errno.h>
+#include <fcntl.h>
  #include <unistd.h>
+
+#include "sockaddr.h"
  #include "misc.h"
  #include "nfslib.h"
  #include "exportfs.h"
  #include "mountd.h"
-#include "xmalloc.h"
  #include "v4root.h"
  
  enum auth_error
@@ -110,13 +113,24 @@ auth_reload()
         return counter;
  }
  
-static char *get_client_hostname(struct sockaddr_in *caller, struct hostent *hp, enum auth_error *error)
+static char *get_client_ipaddr_name(const struct sockaddr *caller)
+{
+       char buf[INET6_ADDRSTRLEN + 1];
+
+       buf[0] = '$';
+       host_ntop(caller, buf + 1, sizeof(buf) - 1);
+       return strdup(buf);
+}
+
+static char *
+get_client_hostname(const struct sockaddr *caller, struct addrinfo *ai,
+               enum auth_error *error)
  {
         char *n;
  
         if (use_ipaddr)
-               return strdup(inet_ntoa(caller->sin_addr));
-       n = client_compose(hp);
+               return get_client_ipaddr_name(caller);
+       n = client_compose(ai);
         *error = unknown_host;
         if (!n)
                 return NULL;
@@ -126,10 +140,27 @@ static char *get_client_hostname(struct sockaddr_in *caller, struct hostent *hp,
         return strdup("DEFAULT");
  }
  
+bool ipaddr_client_matches(nfs_export *exp, struct addrinfo *ai)
+{
+       return client_check(exp->m_client, ai);
+}
+
+bool namelist_client_matches(nfs_export *exp, char *dom)
+{
+       return client_member(dom, exp->m_client->m_hostname);
+}
+
+bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai)
+{
+       if (is_ipaddr_client(dom))
+               return ipaddr_client_matches(exp, ai);
+       return namelist_client_matches(exp, dom);
+}
+
  /* return static nfs_export with details filled in */
  static nfs_export *
-auth_authenticate_newcache(char *what, struct sockaddr_in *caller,
-                          char *path, struct hostent *hp,
+auth_authenticate_newcache(const struct sockaddr *caller,
+                          const char *path, struct addrinfo *ai,
                            enum auth_error *error)
  {
         nfs_export *exp;
@@ -137,12 +168,12 @@ auth_authenticate_newcache(char *what, struct sockaddr_in *caller,
  
         free(my_client.m_hostname);
  
-       my_client.m_hostname = get_client_hostname(caller, hp, error);
+       my_client.m_hostname = get_client_hostname(caller, ai, error);
         if (my_client.m_hostname == NULL)
                 return NULL;
  
         my_client.m_naddr = 1;
-       my_client.m_addrlist[0] = caller->sin_addr;
+       set_addrlist(&my_client, 0, caller);
         my_exp.m_client = &my_client;
  
         exp = NULL;
@@ -150,9 +181,10 @@ auth_authenticate_newcache(char *what, struct sockaddr_in *caller,
                 for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
                         if (strcmp(path, exp->m_export.e_path))
                                 continue;
-                       if (!use_ipaddr && !client_member(my_client.m_hostname, exp->m_client->m_hostname))
+                       if (!client_matches(exp, my_client.m_hostname, ai))
                                 continue;
-                       if (use_ipaddr && !client_check(exp->m_client, hp))
+                       if (exp->m_export.e_flags & NFSEXP_V4ROOT)
+                               /* not acceptable for v[23] export */
                                 continue;
                         break;
                 }
@@ -166,28 +198,24 @@ auth_authenticate_newcache(char *what, struct sockaddr_in *caller,
  }
  
  static nfs_export *
-auth_authenticate_internal(char *what, struct sockaddr_in *caller,
-                          char *path, struct hostent *hp,
-                          enum auth_error *error)
+auth_authenticate_internal(const struct sockaddr *caller, const char *path,
+               struct addrinfo *ai, enum auth_error *error)
  {
         nfs_export *exp;
  
         if (new_cache) {
-               exp = auth_authenticate_newcache(what, caller, path, hp, error);
+               exp = auth_authenticate_newcache(caller, path, ai, error);
                 if (!exp)
                         return NULL;
         } else {
-               if (!(exp = export_find(hp, path))) {
+               exp = export_find(ai, path);
+               if (exp == NULL) {
                         *error = no_entry;
                         return NULL;
                 }
         }
-       if (exp->m_export.e_flags & NFSEXP_V4ROOT) {
-               *error = no_entry;
-               return NULL;
-       }
         if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
-                    ntohs(caller->sin_port) >= IPPORT_RESERVED) {
+                    nfs_get_port(caller) >= IPPORT_RESERVED) {
                 *error = illegal_port;
                 return NULL;
         }
@@ -197,18 +225,19 @@ auth_authenticate_internal(char *what, struct sockaddr_in *caller,
  }
  
  nfs_export *
-auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
+auth_authenticate(const char *what, const struct sockaddr *caller,
+               const char *path)
  {
         nfs_export      *exp = NULL;
         char            epath[MAXPATHLEN+1];
         char            *p = NULL;
-       struct hostent  *hp = NULL;
-       struct in_addr  addr = caller->sin_addr;
+       char            buf[INET6_ADDRSTRLEN];
+       struct addrinfo *ai = NULL;
         enum auth_error error = bad_path;
  
-       if (path [0] != '/') {
-               xlog(L_WARNING, "bad path in %s request from %s: \"%s\"",
-                    what, inet_ntoa(addr), path);
+       if (path[0] != '/') {
+               xlog(L_WARNING, "Bad path in %s request from %s: \"%s\"",
+                            what, host_ntop(caller, buf, sizeof(buf)), path);
                 return exp;
         }
  
@@ -216,14 +245,13 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
         epath[sizeof (epath) - 1] = '\0';
         auth_fixpath(epath); /* strip duplicate '/' etc */
  
-       hp = client_resolve(caller->sin_addr);
-       if (!hp)
+       ai = client_resolve(caller);
+       if (ai == NULL)
                 return exp;
  
         /* Try the longest matching exported pathname. */
         while (1) {
-               exp = auth_authenticate_internal(what, caller, epath,
-                                                hp, &error);
+               exp = auth_authenticate_internal(caller, epath, ai, &error);
                 if (exp || (error != not_exported && error != no_entry))
                         break;
                 /* We have to treat the root, "/", specially. */
@@ -236,41 +264,40 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
         switch (error) {
         case bad_path:
                 xlog(L_WARNING, "bad path in %s request from %s: \"%s\"",
-                    what, inet_ntoa(addr), path);
+                    what, host_ntop(caller, buf, sizeof(buf)), path);
                 break;
  
         case unknown_host:
                 xlog(L_WARNING, "refused %s request from %s for %s (%s): unmatched host",
-                    what, inet_ntoa(addr), path, epath);
+                    what, host_ntop(caller, buf, sizeof(buf)), path, epath);
                 break;
  
         case no_entry:
                 xlog(L_WARNING, "refused %s request from %s for %s (%s): no export entry",
-                    what, hp->h_name, path, epath);
+                    what, ai->ai_canonname, path, epath);
                 break;
  
         case not_exported:
                 xlog(L_WARNING, "refused %s request from %s for %s (%s): not exported",
-                    what, hp->h_name, path, epath);
+                    what, ai->ai_canonname, path, epath);
                 break;
  
         case illegal_port:
-               xlog(L_WARNING, "refused %s request from %s for %s (%s): illegal port %d",
-                    what, hp->h_name, path, epath, ntohs(caller->sin_port));
+               xlog(L_WARNING, "refused %s request from %s for %s (%s): illegal port %u",
+                    what, ai->ai_canonname, path, epath, nfs_get_port(caller));
                 break;
  
         case success:
-               xlog(L_NOTICE, "authenticated %s request from %s:%d for %s (%s)",
-                    what, hp->h_name, ntohs(caller->sin_port), path, epath);
+               xlog(L_NOTICE, "authenticated %s request from %s:%u for %s (%s)",
+                    what, ai->ai_canonname, nfs_get_port(caller), path, epath);
                 break;
         default:
-               xlog(L_NOTICE, "%s request from %s:%d for %s (%s) gave %d",
-                    what, hp->h_name, ntohs(caller->sin_port), path, epath, error);
+               xlog(L_NOTICE, "%s request from %s:%u for %s (%s) gave %d",
+                    what, ai->ai_canonname, nfs_get_port(caller),
+                       path, epath, error);
         }
  
-       if (hp)
-               free (hp);
-
+       freeaddrinfo(ai);
         return exp;
  }