X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fmountd%2Fauth.c;h=3c9a89a94dcdc7de5f76e175909ebf770c0d3304;hp=eb9cdebad2314093efba87b0e20bfb63e9b6da26;hb=f461e3348ef3a9e1713fe04ccaa1b88dc0530946;hpb=77c32fa565d6af59cbeb8601e08efa9af6ef3d81

diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c
index eb9cdeb..3c9a89a 100644
--- a/utils/mountd/auth.c
+++ b/utils/mountd/auth.c
@@ -6,12 +6,15 @@
  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
  */
 
-#include "config.h"
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
 
 #include <sys/stat.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <errno.h>
+#include <unistd.h>
 #include "misc.h"
 #include "nfslib.h"
 #include "exportfs.h"
@@ -30,6 +33,11 @@ enum auth_error
 
 static void		auth_fixpath(char *path);
 static char	*export_file = NULL;
+static nfs_export my_exp;
+static nfs_client my_client;
+
+extern int new_cache;
+extern int use_ipaddr;
 
 void
 auth_init(char *exports)
@@ -40,23 +48,63 @@ auth_init(char *exports)
 	xtab_mount_write();
 }
 
-int
+/*
+ * A client can match many different netgroups and it's tough to know
+ * beforehand whether it will. If the concatenated string of netgroup
+ * m_hostnames is >512 bytes, then enable the "use_ipaddr" mode. This
+ * makes mountd change how it matches a client ip address when a mount
+ * request comes in. It's more efficient at handling netgroups at the
+ * expense of larger kernel caches.
+ */
+static void
+check_useipaddr(void)
+{
+	nfs_client *clp;
+	int old_use_ipaddr = use_ipaddr;
+	unsigned int len = 0;
+
+	/* add length of m_hostname + 1 for the comma */
+	for (clp = clientlist[MCL_NETGROUP]; clp; clp = clp->m_next)
+		len += (strlen(clp->m_hostname) + 1);
+
+	if (len > (NFSCLNT_IDMAX / 2))
+		use_ipaddr = 1;
+	else
+		use_ipaddr = 0;
+
+	if (use_ipaddr != old_use_ipaddr)
+		cache_flush(1);
+}
+
+unsigned int
 auth_reload()
 {
 	struct stat		stb;
-	static time_t		last_modified = 0;
+	static ino_t		last_inode;
+	static int		last_fd;
+	static unsigned int	counter;
+	int			fd;
 
-	if (stat(_PATH_ETAB, &stb) < 0)
+	if ((fd = open(_PATH_ETAB, O_RDONLY)) < 0) {
+		xlog(L_FATAL, "couldn't open %s", _PATH_ETAB);
+	} else if (fstat(fd, &stb) < 0) {
 		xlog(L_FATAL, "couldn't stat %s", _PATH_ETAB);
-	if (stb.st_mtime == last_modified)
-		return 0;
-	last_modified = stb.st_mtime;
+	} else if (stb.st_ino == last_inode) {
+		close(fd);
+		return counter;
+	} else {
+		close(last_fd);
+		last_fd = fd;
+		last_inode = stb.st_ino;
+	}
 
 	export_freeall();
-	// export_read(export_file);
+	memset(&my_client, 0, sizeof(my_client));
 	xtab_export_read();
+	check_useipaddr();
+	++counter;
 
-	return 1;
+	return counter;
 }
 
 static nfs_export *
@@ -66,22 +114,66 @@ auth_authenticate_internal(char *what, struct sockaddr_in *caller,
 {
 	nfs_export		*exp;
 
-	if (!(exp = export_find(hp, path))) {
-		*error = no_entry;
-		return NULL;
-	}
-	if (!exp->m_mayexport) {
+	if (new_cache) {
+		int i;
+		/* return static nfs_export with details filled in */
+		char *n;
+		free(my_client.m_hostname);
+		if (use_ipaddr) {
+			my_client.m_hostname =
+				strdup(inet_ntoa(caller->sin_addr));
+		} else {
+			n = client_compose(hp);
+			*error = unknown_host;
+			if (!n)
+				my_client.m_hostname = NULL;
+			else if (*n)
+				my_client.m_hostname = n;
+			else {
+				free(n);
+				my_client.m_hostname = strdup("DEFAULT");
+			}
+		}
+		if (my_client.m_hostname == NULL)
+			return NULL;
+		my_client.m_naddr = 1;
+		my_client.m_addrlist[0] = caller->sin_addr;
+		my_exp.m_client = &my_client;
+
+		exp = NULL;
+		for (i = 0; !exp && i < MCL_MAXTYPES; i++) 
+			for (exp = exportlist[i]; exp; exp = exp->m_next) {
+				if (strcmp(path, exp->m_export.e_path))
+					continue;
+				if (!use_ipaddr && !client_member(my_client.m_hostname, exp->m_client->m_hostname))
+					continue;
+				if (use_ipaddr && !client_check(exp->m_client, hp))
+					continue;
+				break;
+			}
 		*error = not_exported;
-		return NULL;
-	}
+		if (!exp)
+			return exp;
+
+		my_exp.m_export = exp->m_export;
+		exp = &my_exp;
 
+	} else {
+		if (!(exp = export_find(hp, path))) {
+			*error = no_entry;
+			return NULL;
+		}
+		if (!exp->m_mayexport) {
+			*error = not_exported;
+			return NULL;
+		}
+	}
 	if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
-	    (ntohs(caller->sin_port) <  IPPORT_RESERVED/2 ||
-	     ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+		    (ntohs(caller->sin_port) <  IPPORT_RESERVED/2 ||
+		     ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
 		*error = illegal_port;
 		return NULL;
 	}
-
 	*error = success;
 
 	return exp;
@@ -107,11 +199,7 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
 	epath[sizeof (epath) - 1] = '\0';
 	auth_fixpath(epath); /* strip duplicate '/' etc */
 
-	hp = get_reliable_hostbyaddr((const char*)&caller->sin_addr, sizeof(struct in_addr),
-				     AF_INET);
-	if (!hp)
-		hp = get_hostent((const char*)&caller->sin_addr, sizeof(struct in_addr),
-				     AF_INET);
+	hp = client_resolve(caller->sin_addr);
 	if (!hp)
 		return exp;
 
@@ -127,7 +215,6 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
 		if (p == epath) p++;
 		*p = '\0';
 	}
-	free(hp);
 
 	switch (error) {
 	case bad_path: