From 0da56f7d359475837008ea4b8d3764fe982ef512 Mon Sep 17 00:00:00 2001
From: Neil Brown <neilb@suse.de>
Date: Thu, 29 Mar 2007 13:08:08 +1000
Subject: [PATCH] statd - use dnsname to ensure correct matching of NOTIFY
 requests.

When lockd asks to monitor a host, we find the FQDN from the DNS
and remember that, both internally and in the /var/lib/nfs/sm/*
file.
When we receive an SM_NOTIFY request, we compare both the
mon_name and the source IP address against that DNS name to find
a match.

If a DNS name is not available, we fall back to the name provided by
lockd, which at least is known to map to an IP address via
gethostbyname.

Signed-off-by: Neil Brown <neilb@suse.de>
---
 utils/statd/callback.c | 11 +++++++----
 utils/statd/monitor.c  | 40 +++++++++++++++++++++++++++-------------
 utils/statd/notlist.h  |  2 ++
 3 files changed, 36 insertions(+), 17 deletions(-)

diff --git a/utils/statd/callback.c b/utils/statd/callback.c
index bb8bf52..b19bb90 100644
--- a/utils/statd/callback.c
+++ b/utils/statd/callback.c
@@ -27,6 +27,8 @@ sm_notify_1_svc(struct stat_chge *argp, struct svc_req *rqstp)
 {
 	notify_list    *lp, *call;
 	static char    *result = NULL;
+	char *ip_addr = xstrdup(inet_ntoa(svc_getcaller(rqstp->rq_xprt)
+					  ->sin_addr));
 
 	dprintf(N_DEBUG, "Received SM_NOTIFY from %s, state: %d",
 				argp->mon_name, argp->state);
@@ -45,14 +47,15 @@ sm_notify_1_svc(struct stat_chge *argp, struct svc_req *rqstp)
 	 * it. Lockd will want to continue monitoring the remote host
 	 * until it issues an SM_UNMON call.
 	 */
-	while ((lp = nlist_gethost(lp, argp->mon_name, 0)) != NULL) {
-		if (NL_STATE(lp) != argp->state) {
+	for (lp = rtnl ; lp ; lp = lp->next)
+		if (NL_STATE(lp) != argp->state &&
+		    (matchhostname(argp->mon_name, lp->dns_name) ||
+		     matchhostname(ip_addr, lp->dns_name))) {
 			NL_STATE(lp) = argp->state;
 			call = nlist_clone(lp);
 			nlist_insert(&notify, call);
 		}
-		lp = NL_NEXT(lp);
-	}
+
 
 	return ((void *) &result);
 }
diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c
index b0b19da..b95b0ad 100644
--- a/utils/statd/monitor.c
+++ b/utils/statd/monitor.c
@@ -43,11 +43,11 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 	int             fd;
 	notify_list	*clnt;
 	struct in_addr	my_addr;
+	char		*dnsname;
 #ifdef RESTRICTED_STATD
 	struct in_addr	caller;
-#else
-	struct hostent	*hostinfo = NULL;
 #endif
+	struct hostent	*hostinfo = NULL;
 
 	/* Assume that we'll fail. */
 	result.res_stat = STAT_FAIL;
@@ -104,6 +104,12 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 		goto failure;
 	}
 #endif
+#else
+	if (!(hostinfo = gethostbyname(my_name))) {
+		note(N_WARNING, "gethostbyname error for %s", my_name);
+		goto failure;
+	} else
+		my_addr = *(struct in_addr *) hostinfo->h_addr;
 #endif
 	/*
 	 * Check hostnames.  If I can't look them up, I won't monitor.  This
@@ -116,21 +122,27 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 		     "or starting '.': %s", mon_name);
 		note(N_CRIT, "POSSIBLE SPOOF/ATTACK ATTEMPT!");
 		goto failure;
-	} else if (gethostbyname(mon_name) == NULL) {
+	} else if ((hostinfo = gethostbyname(mon_name)) == NULL) {
 		note(N_WARNING, "gethostbyname error for %s", mon_name);
 		goto failure;
 	}
-#ifndef RESTRICTED_STATD
-	if (!(hostinfo = gethostbyname(my_name))) {
-		note(N_WARNING, "gethostbyname error for %s", my_name);
-		goto failure;
-	} else
-		my_addr = *(struct in_addr *) hostinfo->h_addr;
-#endif
 
 	/*
 	 * Hostnames checked OK.
-	 * Now check to see if this is a duplicate, and warn if so.
+	 * Now choose a hostname to use for matching.  We cannot
+	 * really trust much in the incoming NOTIFY, so to make
+	 * sure that multi-homed hosts work nicely, we get an
+	 * FQDN now, and use that for matching
+	 */
+	hostinfo = gethostbyaddr(hostinfo->h_addr,
+				 hostinfo->h_length,
+				 hostinfo->h_addrtype);
+	if (hostinfo)
+		dnsname = xstrdup(hostinfo->h_name);
+	else
+		dnsname = xstrdup(my_name);
+
+	/* Now check to see if this is a duplicate, and warn if so.
 	 * I will also return STAT_FAIL. (I *think* this is how I should
 	 * handle it.)
 	 *
@@ -175,13 +187,14 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 	NL_MY_VERS(clnt) = id->my_vers;
 	NL_MY_PROC(clnt) = id->my_proc;
 	memcpy(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE);
+	clnt->dns_name = dnsname;
 
 	/*
 	 * Now, Create file on stable storage for host.
 	 */
 
-	path=xmalloc(strlen(SM_DIR)+strlen(mon_name)+2);
-	sprintf(path, "%s/%s", SM_DIR, mon_name);
+	path=xmalloc(strlen(SM_DIR)+strlen(dnsname)+2);
+	sprintf(path, "%s/%s", SM_DIR, dnsname);
 	if ((fd = open(path, O_WRONLY|O_SYNC|O_CREAT|O_APPEND,
 		       S_IRUSR|S_IWUSR)) < 0) {
 		/* Didn't fly.  We won't monitor. */
@@ -268,6 +281,7 @@ void load_state(void)
 			NL_MY_PROG(clnt) = prog;
 			NL_MY_VERS(clnt) = vers;
 			NL_MY_PROC(clnt) = proc;
+			clnt->dns_name = xstrdup(de->d_name);
 			memcpy(NL_PRIV(clnt), priv, SM_PRIV_SIZE);
 			nlist_insert(&rtnl, clnt);
 		}
diff --git a/utils/statd/notlist.h b/utils/statd/notlist.h
index 12962af..664c9d8 100644
--- a/utils/statd/notlist.h
+++ b/utils/statd/notlist.h
@@ -16,6 +16,8 @@ struct notify_list {
   unsigned short	port;	/* port number for callback */
   short int		times;	/* Counter used for various things. */
   int			state;	/* For storing notified state for callbacks. */
+  char			*dns_name; /* used for matching incoming
+				    * NOTIFY requests */
   struct notify_list	*next;	/* Linked list forward pointer. */
   struct notify_list	*prev;	/* Linked list backward pointer. */
   u_int32_t		xid;	/* XID of MS_NOTIFY RPC call */
-- 
2.39.2