From: Steve Dickson <SteveD@redhat.com>
To: Simo Sorce <simo@redhat.com>
Cc: Linux NFS Mailing list <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 1/2] Avoid reverse resolution for server name
Date: Mon, 08 Apr 2013 09:39:49 -0400 [thread overview]
Message-ID: <5162C8A5.4030307@RedHat.com> (raw)
In-Reply-To: <1364931149-18484-2-git-send-email-simo@redhat.com>
On 02/04/13 15:32, Simo Sorce wrote:
> A NFS client should be able to work properly even if the DNS Reverse record
> for the server is not set. There is no excuse to forcefully prevent that
> from working when it can.
>
> This patch adds a new pair of options (-z/-Z) that allow to turn on/off
> DNS reverse resolution for determining the server name to use with GSSAPI.
Again, please tell me why we need the -Z flag when that is the default?
steved.
>
> To avoid breaking current behavior the option defaults to off by default,
> ideally we will turn this on by default after a transition period.
>
> Signed-off-by: Simo Sorce <simo@redhat.com>
> ---
> utils/gssd/gss_util.h | 2 ++
> utils/gssd/gssd.c | 10 ++++++++--
> utils/gssd/gssd_proc.c | 25 +++++++++++++++++++++----
> 3 files changed, 31 insertions(+), 6 deletions(-)
>
> diff --git a/utils/gssd/gss_util.h b/utils/gssd/gss_util.h
> index aa9f77806075f9ab67a7763a75a010369ba2d1b9..663fb0998bede6144118f890b9311ee8687176e3 100644
> --- a/utils/gssd/gss_util.h
> +++ b/utils/gssd/gss_util.h
> @@ -52,4 +52,6 @@ int gssd_check_mechs(void);
> gss_krb5_set_allowable_enctypes(min, cred, num, types)
> #endif
>
> +extern int avoid_ptr;
> +
> #endif /* _GSS_UTIL_H_ */
> diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
> index 07b1e52e6b84e9bcba96e7a63b0505ca7823482a..1f0ac0c47667c42ed03e271cb18b6124165e5d5f 100644
> --- a/utils/gssd/gssd.c
> +++ b/utils/gssd/gssd.c
> @@ -85,7 +85,7 @@ sig_hup(int signal)
> static void
> usage(char *progname)
> {
> - fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm]\n",
> + fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-z] [-Z]\n",
> progname);
> exit(1);
> }
> @@ -102,7 +102,7 @@ main(int argc, char *argv[])
> char *progname;
>
> memset(ccachesearch, 0, sizeof(ccachesearch));
> - while ((opt = getopt(argc, argv, "fvrlmnMp:k:d:t:R:")) != -1) {
> + while ((opt = getopt(argc, argv, "fvrlmnMp:k:d:t:R:zZ")) != -1) {
> switch (opt) {
> case 'f':
> fg = 1;
> @@ -150,6 +150,12 @@ main(int argc, char *argv[])
> errx(1, "Encryption type limits not supported by Kerberos libraries.");
> #endif
> break;
> + case 'z':
> + avoid_ptr = 1;
> + break;
> + case 'Z':
> + avoid_ptr = 0;
> + break;
> default:
> usage(argv[0]);
> break;
> diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
> index ea01e92e4565670b97dea1a936d2f0dbdc7c4610..21d4e1d78eb54d177626cb0a19b9de4e93e0a20d 100644
> --- a/utils/gssd/gssd_proc.c
> +++ b/utils/gssd/gssd_proc.c
> @@ -67,6 +67,7 @@
> #include <errno.h>
> #include <gssapi/gssapi.h>
> #include <netdb.h>
> +#include <ctype.h>
>
> #include "gssd.h"
> #include "err_util.h"
> @@ -107,6 +108,8 @@ struct pollfd * pollarray;
>
> unsigned long pollsize; /* the size of pollaray (in pollfd's) */
>
> +int avoid_ptr = 0;
> +
> /*
> * convert a presentation address string to a sockaddr_storage struct. Returns
> * true on success or false on failure.
> @@ -165,12 +168,26 @@ addrstr_to_sockaddr(struct sockaddr *sa, const char *node, const char *port)
> * convert a sockaddr to a hostname
> */
> static char *
> -sockaddr_to_hostname(const struct sockaddr *sa, const char *addr)
> +get_servername(const char *name, const struct sockaddr *sa, const char *addr)
> {
> socklen_t addrlen;
> int err;
> char *hostname;
> char hbuf[NI_MAXHOST];
> + unsigned char buf[sizeof(struct in6_addr)];
> + int do_ptr_lookup = 0;
> +
> + if (avoid_ptr) {
> + /* try to determine if this is a name, or an IP address.
> + * If it is an IP fallback to a PTR lookup */
> + if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
> + do_ptr_lookup = 1; /* IPv4 */
> + else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
> + do_ptr_lookup = 1; /* or IPv6 */
> + if (!do_ptr_lookup) {
> + return strdup(name);
> + }
> + }
>
> switch (sa->sa_family) {
> case AF_INET:
> @@ -208,7 +225,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
> struct sockaddr *addr) {
> #define INFOBUFLEN 256
> char buf[INFOBUFLEN + 1];
> - static char dummy[128];
> + static char server[128];
> int nbytes;
> static char service[128];
> static char address[128];
> @@ -236,7 +253,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
> "service: %127s %15s version %15s\n"
> "address: %127s\n"
> "protocol: %15s\n",
> - dummy,
> + server,
> service, program, version,
> address,
> protoname);
> @@ -258,7 +275,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
> if (!addrstr_to_sockaddr(addr, address, port))
> goto fail;
>
> - *servername = sockaddr_to_hostname(addr, address);
> + *servername = get_servername(server, addr, address);
> if (*servername == NULL)
> goto fail;
>
>
next prev parent reply other threads:[~2013-04-08 13:39 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-02 17:49 [PATCH 0/3] Avoid DNS Reverse lookups when possible Simo Sorce
2013-04-02 17:49 ` [PATCH 1/3] Fix segfault when using -R option Simo Sorce
2013-04-02 19:11 ` Steve Dickson
2013-04-02 17:49 ` [PATCH 2/3] Avoid reverse resolution for server name Simo Sorce
2013-04-02 17:58 ` Myklebust, Trond
2013-04-02 18:08 ` Simo Sorce
2013-04-02 18:53 ` Jeff Layton
2013-04-02 18:21 ` Simo Sorce
2013-04-02 18:25 ` Steve Dickson
2013-04-02 18:44 ` Simo Sorce
2013-04-02 19:20 ` Steve Dickson
2013-04-02 19:32 ` [PATCH 0/2] Alternative patchset to avoid PTR lookups Simo Sorce
2013-04-02 19:32 ` [PATCH 1/2] Avoid reverse resolution for server name Simo Sorce
2013-04-08 13:39 ` Steve Dickson [this message]
2013-04-08 14:08 ` Simo Sorce
2013-04-09 17:15 ` Steve Dickson
2013-04-09 17:25 ` Simo Sorce
2013-04-09 17:35 ` Steve Dickson
2013-04-09 18:02 ` Simo Sorce
2013-04-09 18:54 ` J. Bruce Fields
2013-04-09 19:12 ` Steve Dickson
2013-04-09 19:22 ` J. Bruce Fields
2013-04-10 10:43 ` Jeff Layton
2013-04-10 14:53 ` Steve Dickson
2013-04-02 19:32 ` [PATCH 2/2] Document new -z/-Z options Simo Sorce
2013-04-03 14:20 ` J. Bruce Fields
2013-04-03 14:35 ` Myklebust, Trond
2013-04-03 14:56 ` J. Bruce Fields
2013-04-03 15:10 ` Myklebust, Trond
2013-04-03 15:27 ` Myklebust, Trond
2013-04-02 17:49 ` [PATCH 3/3] Document new -N option Simo Sorce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5162C8A5.4030307@RedHat.com \
--to=steved@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.