From: "J. Bruce Fields" <bfields@redhat.com>
Mountd is responsible for filling three interrelated kernel caches:
- auth_unix_ip maps an incoming ip addresses to a "domain".
- nfsd_fh maps (domain, filehandle-fragment) pairs to paths.
- nfsd_export maps (domain, path) pairs to export options.
Note that each export is assocated with a "client" string--the part
before the parentheses in an /etc/export line--which may be a domain
name, a netgroup, etc.
The "domain" string in the above three caches may be either:
- in the !use_ipaddr case, a comma-separated list of client
strings.
- in the use_ipaddr case, an ip address.
In the former case, mountd does the hard work of matching an ip address
to the clients when doing the auth_unix_ip mapping. In the latter case,
it delays that until the nfsd_fh or nfsd_export upcall.
We're currently depending on being able to flush the kernel caches
completely when switching between the use_ipaddr and !use_ipaddr cases.
However, the kernel's cache-flushing doesn't really provide reliable
guarantees on return; it's still possible we could see nfsd_fh or
nfsd_export upcalls with the old domain-type after flushing.
So, instead, make the two domain types self-describing by prepending a
"$" in the use_ipaddr case.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
+static char *get_client_ipaddr_name(const struct sockaddr *caller)
+{
+ char buf[INET6_ADDRSTRLEN + 1];
+
+ buf[0] = '$';
+ host_ntop(caller, buf + 1, sizeof(buf) - 1);
+ return strdup(buf);
+}
+
static char *
get_client_hostname(const struct sockaddr *caller, struct addrinfo *ai,
enum auth_error *error)
{
static char *
get_client_hostname(const struct sockaddr *caller, struct addrinfo *ai,
enum auth_error *error)
{
- char buf[INET6_ADDRSTRLEN];
- return strdup(host_ntop(caller, buf, sizeof(buf)));
+ return get_client_ipaddr_name(caller);
n = client_compose(ai);
*error = unknown_host;
if (!n)
n = client_compose(ai);
*error = unknown_host;
if (!n)
bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai)
{
bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai)
{
+ if (is_ipaddr_client(dom))
return ipaddr_client_matches(exp, ai);
return namelist_client_matches(exp, dom);
}
return ipaddr_client_matches(exp, ai);
return namelist_client_matches(exp, dom);
}
struct addrinfo *ret;
struct addrinfo *tmp;
struct addrinfo *ret;
struct addrinfo *tmp;
+ dom++; /* skip initial "$" */
+
tmp = host_pton(dom);
if (tmp == NULL)
return NULL;
tmp = host_pton(dom);
if (tmp == NULL)
return NULL;
+ if (is_ipaddr_client(dom)) {
ai = lookup_client_addr(dom);
if (!ai)
goto out;
ai = lookup_client_addr(dom);
if (!ai)
goto out;
next_exp = exp->m_next;
}
next_exp = exp->m_next;
}
- if (!use_ipaddr && !namelist_client_matches(exp, dom))
+ if (!is_ipaddr_client(dom)
+ && !namelist_client_matches(exp, dom))
continue;
if (exp->m_export.e_mountpoint &&
!is_mountpoint(exp->m_export.e_mountpoint[0]?
continue;
if (exp->m_export.e_mountpoint &&
!is_mountpoint(exp->m_export.e_mountpoint[0]?
if (!match_fsid(&parsed, exp, path))
continue;
if (!match_fsid(&parsed, exp, path))
continue;
- if (use_ipaddr && !ipaddr_client_matches(exp, ai))
+ if (is_ipaddr_client(dom)
+ && !ipaddr_client_matches(exp, ai))
continue;
if (!found || subexport(&exp->m_export, found)) {
found = &exp->m_export;
continue;
if (!found || subexport(&exp->m_export, found)) {
found = &exp->m_export;
+ if (is_ipaddr_client(dom)) {
ai = lookup_client_addr(dom);
if (!ai)
goto out;
ai = lookup_client_addr(dom);
if (!ai)
goto out;
bool namelist_client_matches(nfs_export *exp, char *dom);
bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai);
bool namelist_client_matches(nfs_export *exp, char *dom);
bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai);
+static inline bool is_ipaddr_client(char *dom)
+{
+ return dom[0] == '$';
+}
+