* utils/mountd/auth.c (auth_authenticate_internal): Reverse

[nfs-utils.git] / utils / mountd / auth.c

diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c
index 9f63120b8b58b5677bcfd99060ed6081a9377222..d88c46f31b52563827aac1aedfe5703e7fbc182f 100644 (file)
--- a/utils/mountd/auth.c
+++ b/utils/mountd/auth.c
@@ -16,6 +16,7 @@
 #include "nfslib.h"
 #include "exportfs.h"
 #include "mountd.h"
+#include "xmalloc.h"
 
 enum auth_error
 {
@@ -25,6 +26,7 @@ enum auth_error
   not_exported,
   illegal_port,
   faked_hostent,
+  no_forward_dns,
   success
 };
 
@@ -81,24 +83,36 @@ auth_authenticate_internal(char *what, struct sockaddr_in *caller,
                                   AF_INET);
        else {
                /* must make sure the hostent is authorative. */
-               char *name = strdup((*hpp)->h_name);
                char **sp;
-               *hpp = gethostbyname(name);
-               /* now make sure the "addr" is in the list */
-               for (sp = (*hpp)->h_addr_list ; *sp ; sp++) {
-                       if (memcmp(*sp, &addr, (*hpp)->h_length)==0)
-                               break;
+               struct hostent *forward = NULL;
+               char *tmpname;
+
+               *hpp = hostent_dup (*hpp);
+               tmpname = xstrdup((*hpp)->h_name);
+               if (tmpname) {
+                       forward = gethostbyname(tmpname);
+                       free(tmpname);
                }
+               if (forward) {
+                       /* now make sure the "addr" is in the list */
+                       for (sp = forward->h_addr_list ; *sp ; sp++) {
+                               if (memcmp(*sp, &addr, forward->h_length)==0)
+                                       break;
+                       }
                
-               if (!*sp) {
-                       free(name);
-                       /* it was a FAKE */
-                       *error = faked_hostent;
-                       *hpp = NULL;
+                       if (!*sp) {
+                               /* it was a FAKE */
+                               *error = faked_hostent;
+                               return NULL;
+                       }
+                       free (*hpp);
+                       *hpp = hostent_dup (forward);
+               }
+               else {
+                       /* never heard of it. misconfigured DNS? */
+                       *error = no_forward_dns;
                        return NULL;
                }
-               *hpp = hostent_dup (*hpp);
-               free(name);
        }
 
        if (!(exp = export_find(*hpp, path))) {
@@ -132,7 +146,11 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
        struct in_addr  addr = caller->sin_addr;
        enum auth_error error;
 
-       if (path [0] != '/') return exp;
+       if (path [0] != '/') {
+               xlog(L_WARNING, "bad path in %s request from %s: \"%s\"",
+                    what, inet_ntoa(addr), path);
+               return exp;
+       }
 
        strncpy(epath, path, sizeof (epath) - 1);
        epath[sizeof (epath) - 1] = '\0';
@@ -181,8 +199,13 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
                break;
 
        case faked_hostent:
-               xlog(L_WARNING, "refused %s request from %s for %s (%s): faked hostent",
-                    what, inet_ntoa(addr), path, epath);
+               xlog(L_WARNING, "refused %s request from %s (%s) for %s (%s): DNS forward lookup does't match with reverse",
+                    what, inet_ntoa(addr), hp->h_name, path, epath);
+               break;
+
+       case no_forward_dns:
+               xlog(L_WARNING, "refused %s request from %s (%s) for %s (%s): no DNS forward lookup",
+                    what, inet_ntoa(addr), hp->h_name, path, epath);
                break;
 
        case success: