X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fmountd%2Fauth.c;h=0aac273a9df44b68f4d37be2b2b54c13f2ab2594;hp=a821c131bf3e3d494cbd556d594527f5380a95da;hb=250c232f53bce01ffd0696f7a55b1e2b0feca51a;hpb=7a042b78ba064a36d1c7de797d2af796212fca2e diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c index a821c13..0aac273 100644 --- a/utils/mountd/auth.c +++ b/utils/mountd/auth.c @@ -20,6 +20,7 @@ #include "exportfs.h" #include "mountd.h" #include "xmalloc.h" +#include "v4root.h" enum auth_error { @@ -57,7 +58,7 @@ auth_init(char *exports) * expense of larger kernel caches. */ static void -check_useipaddr() +check_useipaddr(void) { nfs_client *clp; int old_use_ipaddr = use_ipaddr; @@ -102,62 +103,79 @@ auth_reload() memset(&my_client, 0, sizeof(my_client)); xtab_export_read(); check_useipaddr(); + v4root_set(); + ++counter; return counter; } +static char *get_client_hostname(struct sockaddr_in *caller, struct hostent *hp, enum auth_error *error) +{ + char *n; + + if (use_ipaddr) + return strdup(inet_ntoa(caller->sin_addr)); + n = client_compose(hp); + *error = unknown_host; + if (!n) + return NULL; + if (*n) + return n; + free(n); + return strdup("DEFAULT"); +} + +/* return static nfs_export with details filled in */ static nfs_export * -auth_authenticate_internal(char *what, struct sockaddr_in *caller, +auth_authenticate_newcache(char *what, struct sockaddr_in *caller, char *path, struct hostent *hp, enum auth_error *error) { - nfs_export *exp; + nfs_export *exp; + int i; - if (new_cache) { - int i; - /* return static nfs_export with details filled in */ - char *n; - free(my_client.m_hostname); - if (use_ipaddr) { - my_client.m_hostname = - strdup(inet_ntoa(caller->sin_addr)); - } else { - n = client_compose(hp); - *error = unknown_host; - if (!n) - my_client.m_hostname = NULL; - else if (*n) - my_client.m_hostname = n; - else { - free(n); - my_client.m_hostname = strdup("DEFAULT"); - } + free(my_client.m_hostname); + + my_client.m_hostname = get_client_hostname(caller, hp, error); + if (my_client.m_hostname == NULL) + return NULL; + + my_client.m_naddr = 1; + my_client.m_addrlist[0] = caller->sin_addr; + my_exp.m_client = &my_client; + + exp = NULL; + for (i = 0; !exp && i < MCL_MAXTYPES; i++) + for (exp = exportlist[i].p_head; exp; exp = exp->m_next) { + if (strcmp(path, exp->m_export.e_path)) + continue; + if (!use_ipaddr && !client_member(my_client.m_hostname, exp->m_client->m_hostname)) + continue; + if (use_ipaddr && !client_check(exp->m_client, hp)) + continue; + break; } - if (my_client.m_hostname == NULL) - return NULL; - my_client.m_naddr = 1; - my_client.m_addrlist[0] = caller->sin_addr; - my_exp.m_client = &my_client; - - exp = NULL; - for (i = 0; !exp && i < MCL_MAXTYPES; i++) - for (exp = exportlist[i]; exp; exp = exp->m_next) { - if (strcmp(path, exp->m_export.e_path)) - continue; - if (!use_ipaddr && !client_member(my_client.m_hostname, exp->m_client->m_hostname)) - continue; - if (use_ipaddr && !client_check(exp->m_client, hp)) - continue; - break; - } - *error = not_exported; - if (!exp) - return exp; + *error = not_exported; + if (!exp) + return NULL; - my_exp.m_export = exp->m_export; - exp = &my_exp; + my_exp.m_export = exp->m_export; + exp = &my_exp; + return exp; +} +static nfs_export * +auth_authenticate_internal(char *what, struct sockaddr_in *caller, + char *path, struct hostent *hp, + enum auth_error *error) +{ + nfs_export *exp; + + if (new_cache) { + exp = auth_authenticate_newcache(what, caller, path, hp, error); + if (!exp) + return NULL; } else { if (!(exp = export_find(hp, path))) { *error = no_entry; @@ -169,8 +187,7 @@ auth_authenticate_internal(char *what, struct sockaddr_in *caller, } } if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) && - (ntohs(caller->sin_port) < IPPORT_RESERVED/2 || - ntohs(caller->sin_port) >= IPPORT_RESERVED)) { + ntohs(caller->sin_port) >= IPPORT_RESERVED) { *error = illegal_port; return NULL; } @@ -187,7 +204,7 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path) char *p = NULL; struct hostent *hp = NULL; struct in_addr addr = caller->sin_addr; - enum auth_error error; + enum auth_error error = bad_path; if (path [0] != '/') { xlog(L_WARNING, "bad path in %s request from %s: \"%s\"", @@ -223,7 +240,7 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path) break; case unknown_host: - xlog(L_WARNING, "%s request from unknown host %s for %s (%s)", + xlog(L_WARNING, "refused %s request from %s for %s (%s): unmatched host", what, inet_ntoa(addr), path, epath); break;