X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fmountd%2Fauth.c;h=3c9a89a94dcdc7de5f76e175909ebf770c0d3304;hp=950ea20721fe6273821ced59166996fd46d89548;hb=f461e3348ef3a9e1713fe04ccaa1b88dc0530946;hpb=1cecd88106230fc9a8c3527bcdf4195150e9ad64 diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c index 950ea20..3c9a89a 100644 --- a/utils/mountd/auth.c +++ b/utils/mountd/auth.c @@ -37,6 +37,7 @@ static nfs_export my_exp; static nfs_client my_client; extern int new_cache; +extern int use_ipaddr; void auth_init(char *exports) @@ -47,6 +48,34 @@ auth_init(char *exports) xtab_mount_write(); } +/* + * A client can match many different netgroups and it's tough to know + * beforehand whether it will. If the concatenated string of netgroup + * m_hostnames is >512 bytes, then enable the "use_ipaddr" mode. This + * makes mountd change how it matches a client ip address when a mount + * request comes in. It's more efficient at handling netgroups at the + * expense of larger kernel caches. + */ +static void +check_useipaddr(void) +{ + nfs_client *clp; + int old_use_ipaddr = use_ipaddr; + unsigned int len = 0; + + /* add length of m_hostname + 1 for the comma */ + for (clp = clientlist[MCL_NETGROUP]; clp; clp = clp->m_next) + len += (strlen(clp->m_hostname) + 1); + + if (len > (NFSCLNT_IDMAX / 2)) + use_ipaddr = 1; + else + use_ipaddr = 0; + + if (use_ipaddr != old_use_ipaddr) + cache_flush(1); +} + unsigned int auth_reload() { @@ -72,6 +101,7 @@ auth_reload() export_freeall(); memset(&my_client, 0, sizeof(my_client)); xtab_export_read(); + check_useipaddr(); ++counter; return counter; @@ -88,28 +118,37 @@ auth_authenticate_internal(char *what, struct sockaddr_in *caller, int i; /* return static nfs_export with details filled in */ char *n; - my_client.m_addrlist[0] = caller->sin_addr; - n = client_compose(caller->sin_addr); - *error = unknown_host; - if (!n) - return NULL; free(my_client.m_hostname); - if (*n) { - my_client.m_hostname = n; + if (use_ipaddr) { + my_client.m_hostname = + strdup(inet_ntoa(caller->sin_addr)); } else { - free(n); - my_client.m_hostname = xstrdup("DEFAULT"); + n = client_compose(hp); + *error = unknown_host; + if (!n) + my_client.m_hostname = NULL; + else if (*n) + my_client.m_hostname = n; + else { + free(n); + my_client.m_hostname = strdup("DEFAULT"); + } } + if (my_client.m_hostname == NULL) + return NULL; my_client.m_naddr = 1; + my_client.m_addrlist[0] = caller->sin_addr; my_exp.m_client = &my_client; exp = NULL; for (i = 0; !exp && i < MCL_MAXTYPES; i++) for (exp = exportlist[i]; exp; exp = exp->m_next) { - if (!client_member(my_client.m_hostname, exp->m_client->m_hostname)) - continue; if (strcmp(path, exp->m_export.e_path)) continue; + if (!use_ipaddr && !client_member(my_client.m_hostname, exp->m_client->m_hostname)) + continue; + if (use_ipaddr && !client_check(exp->m_client, hp)) + continue; break; } *error = not_exported; @@ -160,11 +199,7 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path) epath[sizeof (epath) - 1] = '\0'; auth_fixpath(epath); /* strip duplicate '/' etc */ - hp = get_reliable_hostbyaddr((const char*)&caller->sin_addr, sizeof(struct in_addr), - AF_INET); - if (!hp) - hp = get_hostent((const char*)&caller->sin_addr, sizeof(struct in_addr), - AF_INET); + hp = client_resolve(caller->sin_addr); if (!hp) return exp;