X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=support%2Fexport%2Fclient.c;h=c74961e56f0e6eb0bcb1eefbafc53689ce29dfd7;hp=dc0106767a4d5cc64eaa424cba80f71d461c2589;hb=60abb9889cea52022adf9c8bb946e9d19d79f9ed;hpb=22d6566d473f71e241c791a02435d414648c99e8

diff --git a/support/export/client.c b/support/export/client.c
index dc01067..c74961e 100644
--- a/support/export/client.c
+++ b/support/export/client.c
@@ -17,7 +17,9 @@
 #include <string.h>
 #include <ctype.h>
 #include <netdb.h>
+#include <errno.h>
 
+#include "sockaddr.h"
 #include "misc.h"
 #include "nfslib.h"
 #include "exportfs.h"
@@ -58,25 +60,90 @@ client_free(nfs_client *clp)
 }
 
 static int
-init_netmask(nfs_client *clp, const char *slash)
+init_netmask(nfs_client *clp, const char *slash, const sa_family_t family)
 {
 	struct sockaddr_in sin = {
 		.sin_family		= AF_INET,
 	};
+	unsigned long prefixlen;
+	uint32_t shift;
+#ifdef IPV6_SUPPORTED
+	struct sockaddr_in6 sin6 = {
+		.sin6_family		= AF_INET6,
+	};
+	int i;
+#endif
 
-	if (strchr(slash + 1, '.') != NULL)
-		sin.sin_addr.s_addr = inet_addr(slash + 1);
-	else {
-		int prefixlen = atoi(slash + 1);
-		if (0 < prefixlen && prefixlen <= 32)
-			sin.sin_addr.s_addr =
-					htonl((uint32_t)~0 << (32 - prefixlen));
-		else
+	/* No slash present; assume netmask is all ones */
+	if (slash == NULL) {
+		switch (family) {
+		case AF_INET:
+			prefixlen = 32;
+			break;
+#ifdef IPV6_SUPPORTED
+		case AF_INET6:
+			prefixlen = 128;
+			break;
+#endif
+		default:
+			goto out_badfamily;
+		}
+	} else {
+		char *endptr;
+
+		/* A spelled out netmask address, perhaps? */
+		if (strchr(slash + 1, '.') != NULL) {
+			if (inet_pton(AF_INET, slash + 1,
+						&sin.sin_addr.s_addr) == 0)
+				goto out_badmask;
+			set_addrlist_in(clp, 1, &sin);
+			return 1;
+		}
+#ifdef IPV6_SUPPORTED
+		if (strchr(slash + 1, ':')) {
+			if (!inet_pton(AF_INET6, slash + 1, &sin6.sin6_addr))
+				goto out_badmask;
+			set_addrlist_in6(clp, 1, &sin6);
+			return 1;
+		}
+#endif
+
+		/* A prefixlen was given */
+		prefixlen = strtoul(slash + 1, &endptr, 10);
+		if (*endptr != '\0' && prefixlen != ULONG_MAX && errno != ERANGE)
 			goto out_badprefix;
 	}
 
-	set_addrlist_in(clp, 1, &sin);
-	return 1;
+	switch (family) {
+	case AF_INET:
+		if (prefixlen > 32)
+			goto out_badprefix;
+		shift = 32 - (uint32_t)prefixlen;
+		sin.sin_addr.s_addr = htonl((uint32_t)~0 << shift);
+		set_addrlist_in(clp, 1, &sin);
+		return 1;
+#ifdef IPV6_SUPPORTED
+	case AF_INET6:
+		if (prefixlen > 128)
+			goto out_badprefix;
+		for (i = 0; prefixlen > 32; i++) {
+			sin6.sin6_addr.s6_addr32[i] = 0xffffffff;
+			prefixlen -= 32;
+		}
+		shift = 32 - (uint32_t)prefixlen;
+		sin6.sin6_addr.s6_addr32[i] = htonl((uint32_t)~0 << shift);
+		set_addrlist_in6(clp, 1, &sin6);
+		return 1;
+#endif
+	}
+
+out_badfamily:
+	xlog(L_ERROR, "Unsupported address family for %s", clp->m_hostname);
+	return 0;
+
+out_badmask:
+	xlog(L_ERROR, "Invalid netmask `%s' for %s", slash + 1, clp->m_hostname);
+	return 0;
 
 out_badprefix:
 	xlog(L_ERROR, "Invalid prefix `%s' for %s", slash + 1, clp->m_hostname);
@@ -86,22 +153,28 @@ out_badprefix:
 static int
 init_subnetwork(nfs_client *clp)
 {
-	struct sockaddr_in sin = {
-		.sin_family		= AF_INET,
-	};
-	static char slash32[] = "/32";
-	char *cp;
+	struct addrinfo *ai;
+	sa_family_t family;
+	char *slash;
+
+	slash = strchr(clp->m_hostname, '/');
+	if (slash != NULL) {
+		*slash = '\0';
+		ai = host_pton(clp->m_hostname);
+		*slash = '/';
+	} else
+		ai = host_pton(clp->m_hostname);
+	if (ai == NULL) {
+		xlog(L_ERROR, "Invalid IP address %s", clp->m_hostname);
+		return false;
+	}
 
-	cp = strchr(clp->m_hostname, '/');
-	if (cp == NULL)
-		cp = slash32;
+	set_addrlist(clp, 0, ai->ai_addr);
+	family = ai->ai_addr->sa_family;
 
-	*cp = '\0';
-	sin.sin_addr.s_addr = inet_addr(clp->m_hostname);
-	set_addrlist_in(clp, 0, &sin);
-	*cp = '/';
+	freeaddrinfo(ai);
 
-	return init_netmask(clp, cp);
+	return init_netmask(clp, slash, family);
 }
 
 static int
@@ -372,27 +445,6 @@ add_name(char *old, const char *add)
 	return new;
 }
 
-static _Bool
-addrs_match4(const struct sockaddr *sa1, const struct sockaddr *sa2)
-{
-	const struct sockaddr_in *si1 = (const struct sockaddr_in *)sa1;
-	const struct sockaddr_in *si2 = (const struct sockaddr_in *)sa2;
-
-	return si1->sin_addr.s_addr == si2->sin_addr.s_addr;
-}
-
-static _Bool
-addrs_match(const struct sockaddr *sa1, const struct sockaddr *sa2)
-{
-	if (sa1->sa_family == sa2->sa_family)
-		switch (sa1->sa_family) {
-		case AF_INET:
-			return addrs_match4(sa1, sa2);
-		}
-
-	return false;
-}
-
 /*
  * Check each address listed in @ai against each address
  * stored in @clp.  Return 1 if a match is found, otherwise
@@ -405,7 +457,8 @@ check_fqdn(const nfs_client *clp, const struct addrinfo *ai)
 
 	for (; ai; ai = ai->ai_next)
 		for (i = 0; i < clp->m_naddr; i++)
-			if (addrs_match(ai->ai_addr, get_addrlist(clp, i)))
+			if (nfs_compare_sockaddr(ai->ai_addr,
+							get_addrlist(clp, i)))
 				return 1;
 
 	return 0;
@@ -435,6 +488,43 @@ check_subnet_v4(const struct sockaddr_in *address,
 	return 0;
 }
 
+#ifdef IPV6_SUPPORTED
+static int
+check_subnet_v6(const struct sockaddr_in6 *address,
+		const struct sockaddr_in6 *mask, const struct addrinfo *ai)
+{
+	for (; ai; ai = ai->ai_next) {
+		struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ai->ai_addr;
+
+		if (sin6->sin6_family != AF_INET6)
+			continue;
+
+		if (mask_match(address->sin6_addr.s6_addr32[0],
+				sin6->sin6_addr.s6_addr32[0],
+				mask->sin6_addr.s6_addr32[0]) &&
+		    mask_match(address->sin6_addr.s6_addr32[1],
+				sin6->sin6_addr.s6_addr32[1],
+				mask->sin6_addr.s6_addr32[1]) &&
+		    mask_match(address->sin6_addr.s6_addr32[2],
+				sin6->sin6_addr.s6_addr32[2],
+				mask->sin6_addr.s6_addr32[2]) &&
+		    mask_match(address->sin6_addr.s6_addr32[3],
+				sin6->sin6_addr.s6_addr32[3],
+				mask->sin6_addr.s6_addr32[3]))
+			return 1;
+	}
+	return 0;
+}
+#else	/* !IPV6_SUPPORTED */
+static int
+check_subnet_v6(const struct sockaddr_in6 *UNUSED(address),
+		const struct sockaddr_in6 *UNUSED(mask),
+		const struct addrinfo *UNUSED(ai))
+{
+	return 0;
+}
+#endif	/* !IPV6_SUPPORTED */
+
 /*
  * Check each address listed in @ai against the subnetwork or
  * host address stored in @clp.  Return 1 if an address in @hp
@@ -447,6 +537,9 @@ check_subnetwork(const nfs_client *clp, const struct addrinfo *ai)
 	case AF_INET:
 		return check_subnet_v4(get_addrlist_in(clp, 0),
 				get_addrlist_in(clp, 1), ai);
+	case AF_INET6:
+		return check_subnet_v6(get_addrlist_in6(clp, 0),
+				get_addrlist_in6(clp, 1), ai);
 	}
 
 	return 0;
@@ -490,43 +583,65 @@ static int
 check_netgroup(const nfs_client *clp, const struct addrinfo *ai)
 {
 	const char *netgroup = clp->m_hostname + 1;
-	const char *hname = ai->ai_canonname;
 	struct addrinfo *tmp = NULL;
 	struct hostent *hp;
+	char *dot, *hname;
 	int i, match;
-	char *dot;
+
+	match = 0;
+
+	hname = strdup(ai->ai_canonname);
+	if (hname == NULL) {
+		xlog(D_GENERAL, "%s: no memory for strdup", __func__);
+		goto out;
+	}
 
 	/* First, try to match the hostname without
 	 * splitting off the domain */
-	if (innetgr(netgroup, hname, NULL, NULL))
-		return 1;
+	if (innetgr(netgroup, hname, NULL, NULL)) {
+		match = 1;
+		goto out;
+	}
 
 	/* See if hname aliases listed in /etc/hosts or nis[+]
 	 * match the requested netgroup */
 	hp = gethostbyname(hname);
 	if (hp != NULL) {
 		for (i = 0; hp->h_aliases[i]; i++)
-			if (innetgr(netgroup, hp->h_aliases[i], NULL, NULL))
-				return 1;
+			if (innetgr(netgroup, hp->h_aliases[i], NULL, NULL)) {
+				match = 1;
+				goto out;
+			}
 	}
 
-	/* If hname is ip address convert to FQDN */
+	/* If hname happens to be an IP address, convert it
+	 * to a the canonical DNS name bound to this address. */
 	tmp = host_pton(hname);
 	if (tmp != NULL) {
+		char *cname = host_canonname(tmp->ai_addr);
 		freeaddrinfo(tmp);
-		if (innetgr(netgroup, hname, NULL, NULL))
-			return 1;
+
+		/* The resulting FQDN may be in our netgroup. */
+		if (cname != NULL) {
+			free(hname);
+			hname = cname;
+			if (innetgr(netgroup, hname, NULL, NULL)) {
+				match = 1;
+				goto out;
+			}
+		}
 	}
 
 	/* Okay, strip off the domain (if we have one) */
 	dot = strchr(hname, '.');
 	if (dot == NULL)
-		return 0;
+		goto out;
 
 	*dot = '\0';
 	match = innetgr(netgroup, hname, NULL, NULL);
-	*dot = '.';
 
+out:
+	free(hname);
 	return match;
 }
 #else	/* !HAVE_INNETGR */
@@ -580,7 +695,8 @@ client_check(const nfs_client *clp, const struct addrinfo *ai)
 int
 client_gettype(char *ident)
 {
-	char	*sp;
+	struct addrinfo *ai;
+	char *sp;
 
 	if (ident[0] == '\0' || strcmp(ident, "*")==0)
 		return MCL_ANONYMOUS;
@@ -600,12 +716,16 @@ client_gettype(char *ident)
 		if (*sp == '\\' && sp[1])
 			sp++;
 	}
-	/* check for N.N.N.N */
-	sp = ident;
-	if(!isdigit(*sp) || strtoul(sp, &sp, 10) > 255 || *sp != '.') return MCL_FQDN;
-	sp++; if(!isdigit(*sp) || strtoul(sp, &sp, 10) > 255 || *sp != '.') return MCL_FQDN;
-	sp++; if(!isdigit(*sp) || strtoul(sp, &sp, 10) > 255 || *sp != '.') return MCL_FQDN;
-	sp++; if(!isdigit(*sp) || strtoul(sp, &sp, 10) > 255 || *sp != '\0') return MCL_FQDN;
-	/* we lie here a bit. but technically N.N.N.N == N.N.N.N/32 :) */
-	return MCL_SUBNETWORK;
+
+	/*
+	 * Treat unadorned IP addresses as MCL_SUBNETWORK.
+	 * Everything else is MCL_FQDN.
+	 */
+	ai = host_pton(ident);
+	if (ai != NULL) {
+		freeaddrinfo(ai);
+		return MCL_SUBNETWORK;
+	}
+
+	return MCL_FQDN;
 }