diff options
author | Steve Dickson <steved@redhat.com> | 2009-01-03 14:08:25 -0500 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2009-01-03 14:08:25 -0500 |
commit | 6e3f696e788a56f30b5b3f8250647fe4cd63c884 (patch) | |
tree | a6341e571d0738fb859d44ff18642c8ed7770b11 | |
parent | 71f9f61517bf301f723b79651d53590ef97c3556 (diff) | |
download | nfs-utils-6e3f696e788a56f30b5b3f8250647fe4cd63c884.tar.gz nfs-utils-6e3f696e788a56f30b5b3f8250647fe4cd63c884.tar.xz nfs-utils-6e3f696e788a56f30b5b3f8250647fe4cd63c884.zip |
Now that the TCP wrapper actually works, mounts will
be denied with misconfigured DNS configurations. Warnings
will be logged when these types of configurations are
detected.
Signed-off-by: Steve Dickson <steved@redhat.com>
-rw-r--r-- | support/misc/tcpwrapper.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c index bc7fb4a..977dfca 100644 --- a/support/misc/tcpwrapper.c +++ b/support/misc/tcpwrapper.c @@ -48,6 +48,8 @@ #include <sys/stat.h> #include <unistd.h> +#include "xlog.h" + #ifdef SYSV40 #include <netinet/in.h> #include <rpc/rpcent.h> @@ -181,17 +183,27 @@ struct sockaddr_in *addr; /* Now do the hostname lookup */ hp = gethostbyaddr ((const char *) &(addr->sin_addr), sizeof (addr->sin_addr), AF_INET); - if (!hp) + if (!hp) { + xlog(L_WARNING, + "Warning: Client IP address '%s' not found in host lookup", + inet_ntoa(addr->sin_addr)); return DENY; /* never heard of it. misconfigured DNS? */ + } /* Make sure the hostent is authorative. */ tmpname = strdup(hp->h_name); - if (!tmpname) + if (!tmpname) { + xlog(L_WARNING, "Warning: No memory for Host access check"); return DENY; + } hp = gethostbyname(tmpname); - free(tmpname); - if (!hp) + if (!hp) { + xlog(L_WARNING, + "Warning: Client hostname '%s' not found in host lookup", tmpname); + free(tmpname); return DENY; /* never heard of it. misconfigured DNS? */ + } + free(tmpname); /* Now make sure the address is on the list */ for (sp = hp->h_addr_list ; *sp ; sp++) { |