* [PATCH 0/2] nfs-utils: fix check_netgroup()
@ 2010-08-04 17:12 Chuck Lever
2010-08-04 17:13 ` [PATCH 1/2] libexport: Add a common exit label to check_netgroup() Chuck Lever
2010-08-04 17:13 ` [PATCH 2/2] libexport: Fix IP address check in check_netgroup() Chuck Lever
0 siblings, 2 replies; 3+ messages in thread
From: Chuck Lever @ 2010-08-04 17:12 UTC (permalink / raw)
To: steved; +Cc: neilb, linux-nfs
This is the patch I posted yesterday, split into two smaller changes
and with Neil's comments addressed. This is reviewed and compile-
tested, but needs testing by someone who has real netgroup test cases,
which I don't have.
Steve, this fix should be included in the upcoming release of
nfs-utils (after appropriate testing, of course).
---
Chuck Lever (2):
libexport: Fix IP address check in check_netgroup()
libexport: Add a common exit label to check_netgroup()
support/export/client.c | 39 +++++++++++++++++++++++++++++----------
1 files changed, 29 insertions(+), 10 deletions(-)
--
Chuck Lever
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/2] libexport: Add a common exit label to check_netgroup()
2010-08-04 17:12 [PATCH 0/2] nfs-utils: fix check_netgroup() Chuck Lever
@ 2010-08-04 17:13 ` Chuck Lever
2010-08-04 17:13 ` [PATCH 2/2] libexport: Fix IP address check in check_netgroup() Chuck Lever
1 sibling, 0 replies; 3+ messages in thread
From: Chuck Lever @ 2010-08-04 17:13 UTC (permalink / raw)
To: steved; +Cc: neilb, linux-nfs
I'm about to change check_netgroup() to free dynamically allocated
resources before it returns, so a common exit point is needed.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Neil Brown <neilb@suse.de>
---
support/export/client.c | 23 ++++++++++++++++-------
1 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/support/export/client.c b/support/export/client.c
index 91b17f3..6667200 100644
--- a/support/export/client.c
+++ b/support/export/client.c
@@ -589,37 +589,46 @@ check_netgroup(const nfs_client *clp, const struct addrinfo *ai)
int i, match;
char *dot;
+ match = 0;
+
/* First, try to match the hostname without
* splitting off the domain */
- if (innetgr(netgroup, hname, NULL, NULL))
- return 1;
+ if (innetgr(netgroup, hname, NULL, NULL)) {
+ match = 1;
+ goto out;
+ }
/* See if hname aliases listed in /etc/hosts or nis[+]
* match the requested netgroup */
hp = gethostbyname(hname);
if (hp != NULL) {
for (i = 0; hp->h_aliases[i]; i++)
- if (innetgr(netgroup, hp->h_aliases[i], NULL, NULL))
- return 1;
+ if (innetgr(netgroup, hp->h_aliases[i], NULL, NULL)) {
+ match = 1;
+ goto out;
+ }
}
/* If hname is ip address convert to FQDN */
tmp = host_pton(hname);
if (tmp != NULL) {
freeaddrinfo(tmp);
- if (innetgr(netgroup, hname, NULL, NULL))
- return 1;
+ if (innetgr(netgroup, hname, NULL, NULL)) {
+ match = 1;
+ goto out;
+ }
}
/* Okay, strip off the domain (if we have one) */
dot = strchr(hname, '.');
if (dot == NULL)
- return 0;
+ goto out;
*dot = '\0';
match = innetgr(netgroup, hname, NULL, NULL);
*dot = '.';
+out:
return match;
}
#else /* !HAVE_INNETGR */
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] libexport: Fix IP address check in check_netgroup()
2010-08-04 17:12 [PATCH 0/2] nfs-utils: fix check_netgroup() Chuck Lever
2010-08-04 17:13 ` [PATCH 1/2] libexport: Add a common exit label to check_netgroup() Chuck Lever
@ 2010-08-04 17:13 ` Chuck Lever
1 sibling, 0 replies; 3+ messages in thread
From: Chuck Lever @ 2010-08-04 17:13 UTC (permalink / raw)
To: steved; +Cc: neilb, linux-nfs
Neil Brown reports that recent changes to replace
gethostby{addr,name}(3) with get{addr,info}name(3) may have
inadvertently broken netgroup support. There used to be a
gethostbyaddr(3) call in the third paragraph in check_netgroup().
See http://marc.info/?l=linux-nfs&m=128084830214653&w=2 .
Introduced by commit 0509d3428f523776ddd9d6e9fa318587d3ec7d84.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Neil Brown <neilb@suse.de>
---
support/export/client.c | 22 ++++++++++++++++------
1 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/support/export/client.c b/support/export/client.c
index 6667200..278a990 100644
--- a/support/export/client.c
+++ b/support/export/client.c
@@ -583,14 +583,19 @@ static int
check_netgroup(const nfs_client *clp, const struct addrinfo *ai)
{
const char *netgroup = clp->m_hostname + 1;
- const char *hname = ai->ai_canonname;
struct addrinfo *tmp = NULL;
struct hostent *hp;
+ char *dot, *hname;
int i, match;
- char *dot;
match = 0;
+ hname = strdup(ai->ai_canonname);
+ if (hname == NULL) {
+ xlog(D_GENERAL, "%s: no memory for strdup", __func__);
+ goto out;
+ }
+
/* First, try to match the hostname without
* splitting off the domain */
if (innetgr(netgroup, hname, NULL, NULL)) {
@@ -612,10 +617,15 @@ check_netgroup(const nfs_client *clp, const struct addrinfo *ai)
/* If hname is ip address convert to FQDN */
tmp = host_pton(hname);
if (tmp != NULL) {
+ char *cname = host_canonname(tmp->ai_addr);
freeaddrinfo(tmp);
- if (innetgr(netgroup, hname, NULL, NULL)) {
- match = 1;
- goto out;
+ if (cname != NULL) {
+ free(hname);
+ hname = cname;
+ if (innetgr(netgroup, hname, NULL, NULL)) {
+ match = 1;
+ goto out;
+ }
}
}
@@ -626,9 +636,9 @@ check_netgroup(const nfs_client *clp, const struct addrinfo *ai)
*dot = '\0';
match = innetgr(netgroup, hname, NULL, NULL);
- *dot = '.';
out:
+ free(hname);
return match;
}
#else /* !HAVE_INNETGR */
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-08-04 17:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-04 17:12 [PATCH 0/2] nfs-utils: fix check_netgroup() Chuck Lever
2010-08-04 17:13 ` [PATCH 1/2] libexport: Add a common exit label to check_netgroup() Chuck Lever
2010-08-04 17:13 ` [PATCH 2/2] libexport: Fix IP address check in check_netgroup() Chuck Lever
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).