diff options
| author | Neil Brown <neilb@suse.de> | 2007-03-29 13:08:08 +1000 |
|---|---|---|
| committer | Neil Brown <neilb@suse.de> | 2007-03-29 13:08:08 +1000 |
| commit | 0da56f7d359475837008ea4b8d3764fe982ef512 (patch) | |
| tree | 57ada9d84c59c5cd4adbb764ae78f026b773fbbc | |
| parent | 63d92ed0bc0e62b77e974b10f4ec02f004ef33cc (diff) | |
| download | nfs-utils-0da56f7d359475837008ea4b8d3764fe982ef512.tar.gz nfs-utils-0da56f7d359475837008ea4b8d3764fe982ef512.tar.xz nfs-utils-0da56f7d359475837008ea4b8d3764fe982ef512.zip | |
statd - use dnsname to ensure correct matching of NOTIFY requests.
When lockd asks to monitor a host, we find the FQDN from the DNS
and remember that, both internally and in the /var/lib/nfs/sm/*
file.
When we receive an SM_NOTIFY request, we compare both the
mon_name and the source IP address against that DNS name to find
a match.
If a DNS name is not available, we fall back to the name provided by
lockd, which at least is known to map to an IP address via
gethostbyname.
Signed-off-by: Neil Brown <neilb@suse.de>
| -rw-r--r-- | utils/statd/callback.c | 11 | ||||
| -rw-r--r-- | utils/statd/monitor.c | 40 | ||||
| -rw-r--r-- | utils/statd/notlist.h | 2 |
3 files changed, 36 insertions, 17 deletions
diff --git a/utils/statd/callback.c b/utils/statd/callback.c index bb8bf52..b19bb90 100644 --- a/utils/statd/callback.c +++ b/utils/statd/callback.c @@ -27,6 +27,8 @@ sm_notify_1_svc(struct stat_chge *argp, struct svc_req *rqstp) { notify_list *lp, *call; static char *result = NULL; + char *ip_addr = xstrdup(inet_ntoa(svc_getcaller(rqstp->rq_xprt) + ->sin_addr)); dprintf(N_DEBUG, "Received SM_NOTIFY from %s, state: %d", argp->mon_name, argp->state); @@ -45,14 +47,15 @@ sm_notify_1_svc(struct stat_chge *argp, struct svc_req *rqstp) * it. Lockd will want to continue monitoring the remote host * until it issues an SM_UNMON call. */ - while ((lp = nlist_gethost(lp, argp->mon_name, 0)) != NULL) { - if (NL_STATE(lp) != argp->state) { + for (lp = rtnl ; lp ; lp = lp->next) + if (NL_STATE(lp) != argp->state && + (matchhostname(argp->mon_name, lp->dns_name) || + matchhostname(ip_addr, lp->dns_name))) { NL_STATE(lp) = argp->state; call = nlist_clone(lp); nlist_insert(¬ify, call); } - lp = NL_NEXT(lp); - } + return ((void *) &result); } diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c index b0b19da..b95b0ad 100644 --- a/utils/statd/monitor.c +++ b/utils/statd/monitor.c @@ -43,11 +43,11 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) int fd; notify_list *clnt; struct in_addr my_addr; + char *dnsname; #ifdef RESTRICTED_STATD struct in_addr caller; -#else - struct hostent *hostinfo = NULL; #endif + struct hostent *hostinfo = NULL; /* Assume that we'll fail. */ result.res_stat = STAT_FAIL; @@ -104,6 +104,12 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) goto failure; } #endif +#else + if (!(hostinfo = gethostbyname(my_name))) { + note(N_WARNING, "gethostbyname error for %s", my_name); + goto failure; + } else + my_addr = *(struct in_addr *) hostinfo->h_addr; #endif /* * Check hostnames. If I can't look them up, I won't monitor. This @@ -116,21 +122,27 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) "or starting '.': %s", mon_name); note(N_CRIT, "POSSIBLE SPOOF/ATTACK ATTEMPT!"); goto failure; - } else if (gethostbyname(mon_name) == NULL) { + } else if ((hostinfo = gethostbyname(mon_name)) == NULL) { note(N_WARNING, "gethostbyname error for %s", mon_name); goto failure; } -#ifndef RESTRICTED_STATD - if (!(hostinfo = gethostbyname(my_name))) { - note(N_WARNING, "gethostbyname error for %s", my_name); - goto failure; - } else - my_addr = *(struct in_addr *) hostinfo->h_addr; -#endif /* * Hostnames checked OK. - * Now check to see if this is a duplicate, and warn if so. + * Now choose a hostname to use for matching. We cannot + * really trust much in the incoming NOTIFY, so to make + * sure that multi-homed hosts work nicely, we get an + * FQDN now, and use that for matching + */ + hostinfo = gethostbyaddr(hostinfo->h_addr, + hostinfo->h_length, + hostinfo->h_addrtype); + if (hostinfo) + dnsname = xstrdup(hostinfo->h_name); + else + dnsname = xstrdup(my_name); + + /* Now check to see if this is a duplicate, and warn if so. * I will also return STAT_FAIL. (I *think* this is how I should * handle it.) * @@ -175,13 +187,14 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) NL_MY_VERS(clnt) = id->my_vers; NL_MY_PROC(clnt) = id->my_proc; memcpy(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE); + clnt->dns_name = dnsname; /* * Now, Create file on stable storage for host. */ - path=xmalloc(strlen(SM_DIR)+strlen(mon_name)+2); - sprintf(path, "%s/%s", SM_DIR, mon_name); + path=xmalloc(strlen(SM_DIR)+strlen(dnsname)+2); + sprintf(path, "%s/%s", SM_DIR, dnsname); if ((fd = open(path, O_WRONLY|O_SYNC|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR)) < 0) { /* Didn't fly. We won't monitor. */ @@ -268,6 +281,7 @@ void load_state(void) NL_MY_PROG(clnt) = prog; NL_MY_VERS(clnt) = vers; NL_MY_PROC(clnt) = proc; + clnt->dns_name = xstrdup(de->d_name); memcpy(NL_PRIV(clnt), priv, SM_PRIV_SIZE); nlist_insert(&rtnl, clnt); } diff --git a/utils/statd/notlist.h b/utils/statd/notlist.h index 12962af..664c9d8 100644 --- a/utils/statd/notlist.h +++ b/utils/statd/notlist.h @@ -16,6 +16,8 @@ struct notify_list { unsigned short port; /* port number for callback */ short int times; /* Counter used for various things. */ int state; /* For storing notified state for callbacks. */ + char *dns_name; /* used for matching incoming + * NOTIFY requests */ struct notify_list *next; /* Linked list forward pointer. */ struct notify_list *prev; /* Linked list backward pointer. */ u_int32_t xid; /* XID of MS_NOTIFY RPC call */ |