| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Assuming the tcp_wrappers library can actually support IPv6 addresses,
here's a crack at IPv6 support in nfs-utils' TCP wrapper shim.
Some reorganization is done to limit the number of times that @sap
is converted to a presentation address string.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: the use of identifiers called "access" and "daemon" shadow
function declarations in unistd.h. Seen with "-Wextra -pedantic".
tcpwrapper.c: In function haccess_add:
tcpwrapper.c:112: warning: declaration of access shadows a global
declaration /usr/include/unistd.h:288: warning: shadowed declaration is here
tcpwrapper.c: In function good_client:
tcpwrapper.c:161: warning: declaration of daemon shadows a global declaration
/usr/include/unistd.h:953: warning: shadowed declaration is here
tcpwrapper.c: In function check_default:
tcpwrapper.c:212: warning: declaration of daemon shadows a
global declaration
/usr/include/unistd.h:953: warning: shadowed declaration is here
good_client() is used only in support/misc/tcpwrapper.c, so make it
static (and update its prototype to c99 standard form).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate the following compiler warnings:
tcpwrapper.c:78: warning: no previous prototype for strtoint
tcpwrapper.c: In function strtoint
tcpwrapper.c:81: warning: conversion to int size_t may change the
sign of the result
tcpwrapper.c:85: warning: conversion to unsigned int from int may
change the sign of the result
tcpwrapper.c: In function hashint:
tcpwrapper.c:91: warning: conversion to int from unsigned int may
change the sign of the result
The hash value is probably computed consistently even with
unexpected sign inversions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate these compiler warnings:
tcpwrapper.c: In function logit
tcpwrapper.c:225: warning: unused parameter procnum
tcpwrapper.c:225: warning: unused parameter prognum
Actually, @procnum is not used anywhere in our tcpwrapper.c, so
let's just get rid of it.
Since there is only one logit() call site in tcpwrapper.c, the macro
wrapper just adds needless clutter. Let's get rid of that too.
Finally, both mountd and statd now use xlog(), which adds an
appropriate program name prefix to every message. Replace the
open-coded syslog(2) call with an xlog() call in order to
consistently identify the RPC service reporting the intrusion.
Since logit() no longer references "deny_severity" and no nfs-utils
caller sets either allow_severity or deny_severity, we remove them.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After glibc 2.3.3, getifaddrs(3) can return AF_INET6 addresses for
local network interfaces. Using the library call is easier than
trying to update the open code in from_local(), and means we have
less to maintain in nfs-utils going forward.
And, since from_local() can now support IPv6, change its synopsis to
take a "struct sockaddr *" .
Note that the original code discovers local addresses once. These
days, with wifi, DHCP, and NetworkManager, the local network
configuration can change dynamically over time. So, call getifaddrs()
more often to ensure from_local() has up-to-date network configuration
information.
This implementation refreshes the list if from_local() has not been
called in the last second. This is actually not terribly honerous.
check_default() invokes from_local() only when the remote host is not
in its access cache, or the access/deny files have changed.
So new hosts will cause a refresh, but previously seen hosts
(including localhost) should not.
On the other hand, it still may not be often enough. After the first
call, if only previously seen hosts attempt to access our daemons,
from_local() would never be called, and the local list would never be
updated. This might be possible during steady-state operation with
a small number of servers and clients.
It would also be nice if we could free the local interface address
list at shutdown time, but that would be a lot of trouble for little
gain.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: Replace calls to syslog(2) and perror(3) in from_local.c
with calls to xlog(). The problems displayed by the perror(3) calls
especially should be reported. Currently they are never seen in the
system log.
As part of a build test, I defined TEST, and found a couple of
problems with main(), which are also addressed in this patch.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
| |
with the explicit permission of Sun Microsystems
Signed-off-by: Tom "spot" Callaway <tcallawa@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
longer used but, unfortunately, they are extern-ed by
public headers files which are not under the control
of this package.
Spotted-by: Juergen Daubert <jue@jue.li>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
message to (hopefully) make it more sensible. Move
"#ifdef HAVE_LIBWRAP" around so nothing will be defined
when tcp wrapper is not configured.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
interface and added a note to the mountd man page saying
hostnames will be ignored when they can not be looked up.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
number only creates needles extra hash entries.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were some problems with exportfs and rpc.mountd for long export
lists - see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=76643
I do optimalization as my bachelors thesis (Facuulty of informatics,
Masaryk's university Brno, Czech Republic), under lead of Yenya
Kasprzak.
Both exportfs and rpc.mount build linked list of exports (shared
functions in export.c). Every time they are inserting new export into
list, they search for same export in list.
I replaced linked list by hash table and functions export_add and
export_lookup by functions hash_export_add and hash_export_lookup
(export.c).
Because some other functions required exportlist as linked list, hash
table has some implementation modification im comparison with ordinary
hash table. It also keeps exports in linked list and has pointer to
head of the list. So there's no need of implementation function
<for_all_in_hash_table>.
Signed-off-by: Tomas Richter <krik3t@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
be denied with misconfigured DNS configurations. Warnings
will be logged when these types of configurations are
detected.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
access rights, check the modification times on
both access files. If one of them have change,
update the hash entry instead of creating a
new entry.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
every RPC request, to both mountd and statd
when TCP wrappers are enabled. To help this
process scale better the access rights are stored
in a hash table, which are hashed per IP address,
RPC program and procudure numbers.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
access is allow due to misinterpreting the return value of
hosts_ctl(). This patch reworks that logic which closes
that hole.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
used in the tcpwrapper support.
Signe-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
Greg Banks suggested some variations, particularly improved
use of xmalloc/xstrdup functions. Thanks.
|
| |
| |
| |
| | |
Thanks to Michael Halcrow for finding them.
|
|/
|
|
|
|
| |
distribution. They cause compile warnings, there is no longer any
reason to try to build them into the binaries, and gcc seems to be
eliding some of them anyway.
|
|
|
|
|
|
| |
support/include/config.h.in from source control
These are auto autogenerated by
aclocal -I aclocal ; autoheader ; automake ; autoconf
|
|
|
|
|
| |
Check for sufficient version of librpcsecgss and libgssapi
in configure.in
|
|
|
|
|
| |
Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and
HAVE_TCP_WRAPPERS as appropriate.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* utils/showmount/showmount.c (main): Don't assume that strings
starting with digits are IP addresses.
* utils/nfsd/nfsd.c (main): Close all fds and reopen 0,1,2 on
/dev/null before nfssvc(). Use syslog to report nfssvc errors.
* support/misc/tcpwrapper.c, utils/mountd/mountd.man,
utils/rquotad/rquotad.man, utils/statd/statd.man: Fix comments and
man pages: We check host names *and* addresses with tcpwrappers.
|
|
|
|
| |
* support/misc/tcpwrapper.c (logit): Modify the log output.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* utils/rquotad/rquotad.man, utils/statd/statd.man,
utils/mountd/mountd.man: updated
* utils/mountd/Makefile (LIBS): added -lmisc $(LIBWRAP) $(LIBNSL)
* utils/rquotad/Makefile: fix comment
* support/misc/tcpwrapper.c (logit): added comment about waiting
for the children after fork()
* utils/mountd/mountd.c (main): ignore SIGCHLD to prevent leaving
zombies behind (from logit()'s fork)
* utils/rquotad/rquota_svc.c (main): ditto
* utils/statd/statd.c (main): ditto
* utils/rquotad/rquota_svc.c (rquotaprog_1): pass RQUOTAPROG
to check_default instead of 0, for prognum
* utils/statd/statd.c (sm_prog_1_wrapper): pass SM_PROG
to check_default instead of 0, for prognum
* utils/mountd/mount_dispatch.c: Include "tcpwrapper.h" if
HAVE_TCP_WRAPPER is defined.
(mount_dispatch): Call check_default () if HAVE_TCP_WRAPPER is
defined. Reject an RPC call if check_default () fails.
|
|
* support/include/tcpwrapper.h: New for the tcp wrapper
support.
* support/misc/Makefile: Likewise.
* support/misc/from_local.c: Likewise.
* support/misc/tcpwrapper.c: Likewise.
* aclocal.m4 (AC_TCP_WRAPPER): New.
* configure.in: Use it. Substitute LIBWRAP.
* configure: Rebuilt.
* config.mk.in (LIBNSL): New.
(LIBWRAP): Likewise.
* support/Makefile (SUBDIRS): Add misc.
* support/lib/Makefile (LIBS): Add libmisc.a.
* utils/rquotad/Makefile (LIBS): Add
-lmisc $(LIBWRAP) $(LIBNSL)
* utils/statd/Makefile (LIBS): Likewise.
* utils/rquotad/rquota_svc.c: Include "tcpwrapper.h" if
HAVE_TCP_WRAPPER is defined.
(rquotaprog_1): Call check_default () if HAVE_TCP_WRAPPER is
defined. Reject an RPC call if check_default () fails.
* utils/statd/statd.c: Include "tcpwrapper.h" if
HAVE_TCP_WRAPPER is defined.
(sm_prog_1_wrapper): New. A wrapper for sm_prog_1. Call
check_default () before calling sm_prog_1 (). Define it as
sm_prog_1_wrapper if HAVE_TCP_WRAPPER is defined.
|