X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=support%2Fexport%2Fclient.c;h=dbfc2b1449bfe251a74f5e8d08026e5e2ba63d40;hp=4c6cd69465be2651addf9b49a25515bc1739d3d1;hb=b7df3370555877598d9f2ef49fae2ad4458e9f72;hpb=965b15b855c0c621462256b0ab687fc32644255a diff --git a/support/export/client.c b/support/export/client.c index 4c6cd69..dbfc2b1 100644 --- a/support/export/client.c +++ b/support/export/client.c @@ -19,6 +19,7 @@ #include #include +#include "sockaddr.h" #include "misc.h" #include "nfslib.h" #include "exportfs.h" @@ -59,86 +60,111 @@ client_free(nfs_client *clp) } static int -init_netmask(nfs_client *clp, const char *slash, const sa_family_t family) +init_netmask4(nfs_client *clp, const char *slash) { struct sockaddr_in sin = { .sin_family = AF_INET, }; - unsigned long prefixlen; uint32_t shift; -#ifdef IPV6_SUPPORTED - struct sockaddr_in6 sin6 = { - .sin6_family = AF_INET6, - }; - int i; -#endif - /* No slash present; assume netmask is all ones */ - if (slash == NULL) { - switch (family) { - case AF_INET: - prefixlen = 32; - break; -#ifdef IPV6_SUPPORTED - case AF_INET6: - prefixlen = 128; - break; -#endif - default: - goto out_badfamily; - } - } else { - char *endptr; + /* + * Decide what kind of netmask was specified. If there's + * no '/' present, assume the netmask is all ones. If + * there is a '/' and at least one '.', look for a spelled- + * out netmask. Otherwise, assume it was a prefixlen. + */ + if (slash == NULL) + shift = 0; + else { + unsigned long prefixlen; - /* A spelled out netmask address, perhaps? */ if (strchr(slash + 1, '.') != NULL) { if (inet_pton(AF_INET, slash + 1, &sin.sin_addr.s_addr) == 0) goto out_badmask; set_addrlist_in(clp, 1, &sin); return 1; + } else { + char *endptr; + + prefixlen = strtoul(slash + 1, &endptr, 10); + if (*endptr != '\0' && prefixlen != ULONG_MAX && + errno != ERANGE) + goto out_badprefix; } + if (prefixlen > 32) + goto out_badprefix; + shift = 32 - (uint32_t)prefixlen; + } + + /* + * Now construct the full netmask bitmask in a sockaddr_in, + * and plant it in the nfs_client record. + */ + sin.sin_addr.s_addr = htonl((uint32_t)~0 << shift); + set_addrlist_in(clp, 1, &sin); + + return 1; + +out_badmask: + xlog(L_ERROR, "Invalid netmask `%s' for %s", slash + 1, clp->m_hostname); + return 0; + +out_badprefix: + xlog(L_ERROR, "Invalid prefix `%s' for %s", slash + 1, clp->m_hostname); + return 0; +} + #ifdef IPV6_SUPPORTED - if (strchr(slash + 1, ':')) { +static int +init_netmask6(nfs_client *clp, const char *slash) +{ + struct sockaddr_in6 sin6 = { + .sin6_family = AF_INET6, + }; + unsigned long prefixlen; + uint32_t shift; + int i; + + /* + * Decide what kind of netmask was specified. If there's + * no '/' present, assume the netmask is all ones. If + * there is a '/' and at least one ':', look for a spelled- + * out netmask. Otherwise, assume it was a prefixlen. + */ + if (slash == NULL) + prefixlen = 128; + else { + if (strchr(slash + 1, ':') != NULL) { if (!inet_pton(AF_INET6, slash + 1, &sin6.sin6_addr)) goto out_badmask; set_addrlist_in6(clp, 1, &sin6); return 1; - } -#endif + } else { + char *endptr; - /* A prefixlen was given */ - prefixlen = strtoul(slash + 1, &endptr, 10); - if (*endptr != '\0' && prefixlen != ULONG_MAX && errno != ERANGE) + prefixlen = strtoul(slash + 1, &endptr, 10); + if (*endptr != '\0' && prefixlen != ULONG_MAX && + errno != ERANGE) + goto out_badprefix; + } + if (prefixlen > 128) goto out_badprefix; } - switch (family) { - case AF_INET: - if (prefixlen > 32) - goto out_badprefix; - shift = 32 - (uint32_t)prefixlen; - sin.sin_addr.s_addr = htonl((uint32_t)~0 << shift); - set_addrlist_in(clp, 1, &sin); - return 1; -#ifdef IPV6_SUPPORTED - case AF_INET6: - if (prefixlen > 128) - goto out_badprefix; - for (i = 0; prefixlen > 32; i++) { - sin6.sin6_addr.s6_addr32[i] = 0xffffffff; - prefixlen -= 32; - } - shift = 32 - (uint32_t)prefixlen; - sin6.sin6_addr.s6_addr32[i] = htonl((uint32_t)~0 << shift); - set_addrlist_in6(clp, 1, &sin6); - return 1; -#endif + /* + * Now construct the full netmask bitmask in a sockaddr_in6, + * and plant it in the nfs_client record. + */ + for (i = 0; prefixlen > 32; i++) { + sin6.sin6_addr.s6_addr32[i] = 0xffffffff; + prefixlen -= 32; } + shift = 32 - (uint32_t)prefixlen; + sin6.sin6_addr.s6_addr32[i] = htonl((uint32_t)~0 << shift); + set_addrlist_in6(clp, 1, &sin6); -out_badfamily: - xlog(L_ERROR, "Unsupported address family for %s", clp->m_hostname); - return 0; + return 1; out_badmask: xlog(L_ERROR, "Invalid netmask `%s' for %s", slash + 1, clp->m_hostname); @@ -148,12 +174,24 @@ out_badprefix: xlog(L_ERROR, "Invalid prefix `%s' for %s", slash + 1, clp->m_hostname); return 0; } +#else /* IPV6_SUPPORTED */ +static int +init_netmask6(nfs_client *UNUSED(clp), const char *UNUSED(slash)) +{ +} +#endif /* IPV6_SUPPORTED */ +/* + * Parse the network mask for M_SUBNETWORK type clients. + * + * Return TRUE if successful, or FALSE if some error occurred. + */ static int init_subnetwork(nfs_client *clp) { struct addrinfo *ai; sa_family_t family; + int result = 0; char *slash; slash = strchr(clp->m_hostname, '/'); @@ -165,7 +203,7 @@ init_subnetwork(nfs_client *clp) ai = host_pton(clp->m_hostname); if (ai == NULL) { xlog(L_ERROR, "Invalid IP address %s", clp->m_hostname); - return false; + return result; } set_addrlist(clp, 0, ai->ai_addr); @@ -173,7 +211,19 @@ init_subnetwork(nfs_client *clp) freeaddrinfo(ai); - return init_netmask(clp, slash, family); + switch (family) { + case AF_INET: + result = init_netmask4(clp, slash); + break; + case AF_INET6: + result = init_netmask6(clp, slash); + break; + default: + xlog(L_ERROR, "Unsupported address family for %s", + clp->m_hostname); + } + + return result; } static int @@ -444,27 +494,6 @@ add_name(char *old, const char *add) return new; } -static _Bool -addrs_match4(const struct sockaddr *sa1, const struct sockaddr *sa2) -{ - const struct sockaddr_in *si1 = (const struct sockaddr_in *)sa1; - const struct sockaddr_in *si2 = (const struct sockaddr_in *)sa2; - - return si1->sin_addr.s_addr == si2->sin_addr.s_addr; -} - -static _Bool -addrs_match(const struct sockaddr *sa1, const struct sockaddr *sa2) -{ - if (sa1->sa_family == sa2->sa_family) - switch (sa1->sa_family) { - case AF_INET: - return addrs_match4(sa1, sa2); - } - - return false; -} - /* * Check each address listed in @ai against each address * stored in @clp. Return 1 if a match is found, otherwise @@ -477,7 +506,8 @@ check_fqdn(const nfs_client *clp, const struct addrinfo *ai) for (; ai; ai = ai->ai_next) for (i = 0; i < clp->m_naddr; i++) - if (addrs_match(ai->ai_addr, get_addrlist(clp, i))) + if (nfs_compare_sockaddr(ai->ai_addr, + get_addrlist(clp, i))) return 1; return 0; @@ -507,6 +537,43 @@ check_subnet_v4(const struct sockaddr_in *address, return 0; } +#ifdef IPV6_SUPPORTED +static int +check_subnet_v6(const struct sockaddr_in6 *address, + const struct sockaddr_in6 *mask, const struct addrinfo *ai) +{ + for (; ai; ai = ai->ai_next) { + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ai->ai_addr; + + if (sin6->sin6_family != AF_INET6) + continue; + + if (mask_match(address->sin6_addr.s6_addr32[0], + sin6->sin6_addr.s6_addr32[0], + mask->sin6_addr.s6_addr32[0]) && + mask_match(address->sin6_addr.s6_addr32[1], + sin6->sin6_addr.s6_addr32[1], + mask->sin6_addr.s6_addr32[1]) && + mask_match(address->sin6_addr.s6_addr32[2], + sin6->sin6_addr.s6_addr32[2], + mask->sin6_addr.s6_addr32[2]) && + mask_match(address->sin6_addr.s6_addr32[3], + sin6->sin6_addr.s6_addr32[3], + mask->sin6_addr.s6_addr32[3])) + return 1; + } + return 0; +} +#else /* !IPV6_SUPPORTED */ +static int +check_subnet_v6(const struct sockaddr_in6 *UNUSED(address), + const struct sockaddr_in6 *UNUSED(mask), + const struct addrinfo *UNUSED(ai)) +{ + return 0; +} +#endif /* !IPV6_SUPPORTED */ + /* * Check each address listed in @ai against the subnetwork or * host address stored in @clp. Return 1 if an address in @hp @@ -519,6 +586,9 @@ check_subnetwork(const nfs_client *clp, const struct addrinfo *ai) case AF_INET: return check_subnet_v4(get_addrlist_in(clp, 0), get_addrlist_in(clp, 1), ai); + case AF_INET6: + return check_subnet_v6(get_addrlist_in6(clp, 0), + get_addrlist_in6(clp, 1), ai); } return 0;