From: Chuck Lever <chuck.lever@oracle.com>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH 02/12] mountd: add IPv6 support in auth_authenticate()
Date: Mon, 13 Sep 2010 13:21:08 -0400 [thread overview]
Message-ID: <20100913172108.19017.20534.stgit@seurat.1015granger.net> (raw)
In-Reply-To: <20100913171844.19017.13446.stgit@seurat.1015granger.net>
Make the entire auth_authenticate() code path address-family agnostic.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
utils/mountd/auth.c | 52 +++++++++++++++++++++++++------------------------
utils/mountd/mountd.c | 14 +++++++------
utils/mountd/mountd.h | 5 +++--
utils/mountd/rmtab.c | 3 ++-
4 files changed, 39 insertions(+), 35 deletions(-)
diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c
index 04487e5..ccc849a 100644
--- a/utils/mountd/auth.c
+++ b/utils/mountd/auth.c
@@ -15,6 +15,8 @@
#include <arpa/inet.h>
#include <errno.h>
#include <unistd.h>
+
+#include "sockaddr.h"
#include "misc.h"
#include "nfslib.h"
#include "exportfs.h"
@@ -111,13 +113,14 @@ auth_reload()
}
static char *
-get_client_hostname(struct sockaddr_in *caller, struct addrinfo *ai,
+get_client_hostname(const struct sockaddr *caller, struct addrinfo *ai,
enum auth_error *error)
{
+ char buf[INET6_ADDRSTRLEN];
char *n;
if (use_ipaddr)
- return strdup(inet_ntoa(caller->sin_addr));
+ return strdup(host_ntop(caller, buf, sizeof(buf)));
n = client_compose(ai);
*error = unknown_host;
if (!n)
@@ -130,8 +133,8 @@ get_client_hostname(struct sockaddr_in *caller, struct addrinfo *ai,
/* return static nfs_export with details filled in */
static nfs_export *
-auth_authenticate_newcache(struct sockaddr_in *caller,
- char *path, struct addrinfo *ai,
+auth_authenticate_newcache(const struct sockaddr *caller,
+ const char *path, struct addrinfo *ai,
enum auth_error *error)
{
nfs_export *exp;
@@ -144,7 +147,7 @@ auth_authenticate_newcache(struct sockaddr_in *caller,
return NULL;
my_client.m_naddr = 1;
- set_addrlist_in(&my_client, 0, caller);
+ set_addrlist(&my_client, 0, caller);
my_exp.m_client = &my_client;
exp = NULL;
@@ -168,9 +171,8 @@ auth_authenticate_newcache(struct sockaddr_in *caller,
}
static nfs_export *
-auth_authenticate_internal(struct sockaddr_in *caller,
- char *path, struct addrinfo *ai,
- enum auth_error *error)
+auth_authenticate_internal(const struct sockaddr *caller, const char *path,
+ struct addrinfo *ai, enum auth_error *error)
{
nfs_export *exp;
@@ -190,7 +192,7 @@ auth_authenticate_internal(struct sockaddr_in *caller,
return NULL;
}
if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
- ntohs(caller->sin_port) >= IPPORT_RESERVED) {
+ nfs_get_port(caller) >= IPPORT_RESERVED) {
*error = illegal_port;
return NULL;
}
@@ -200,18 +202,19 @@ auth_authenticate_internal(struct sockaddr_in *caller,
}
nfs_export *
-auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
+auth_authenticate(const char *what, const struct sockaddr *caller,
+ const char *path)
{
nfs_export *exp = NULL;
char epath[MAXPATHLEN+1];
char *p = NULL;
+ char buf[INET6_ADDRSTRLEN];
struct addrinfo *ai = NULL;
- struct in_addr addr = caller->sin_addr;
enum auth_error error = bad_path;
- if (path [0] != '/') {
- xlog(L_WARNING, "bad path in %s request from %s: \"%s\"",
- what, inet_ntoa(addr), path);
+ if (path[0] != '/') {
+ xlog(L_WARNING, "Bad path in %s request from %s: \"%s\"",
+ what, host_ntop(caller, buf, sizeof(buf)), path);
return exp;
}
@@ -219,14 +222,13 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
epath[sizeof (epath) - 1] = '\0';
auth_fixpath(epath); /* strip duplicate '/' etc */
- ai = client_resolve((struct sockaddr *)caller);
+ ai = client_resolve(caller);
if (ai == NULL)
return exp;
/* Try the longest matching exported pathname. */
while (1) {
- exp = auth_authenticate_internal(caller, epath,
- ai, &error);
+ exp = auth_authenticate_internal(caller, epath, ai, &error);
if (exp || (error != not_exported && error != no_entry))
break;
/* We have to treat the root, "/", specially. */
@@ -239,12 +241,12 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
switch (error) {
case bad_path:
xlog(L_WARNING, "bad path in %s request from %s: \"%s\"",
- what, inet_ntoa(addr), path);
+ what, host_ntop(caller, buf, sizeof(buf)), path);
break;
case unknown_host:
xlog(L_WARNING, "refused %s request from %s for %s (%s): unmatched host",
- what, inet_ntoa(addr), path, epath);
+ what, host_ntop(caller, buf, sizeof(buf)), path, epath);
break;
case no_entry:
@@ -258,17 +260,17 @@ auth_authenticate(char *what, struct sockaddr_in *caller, char *path)
break;
case illegal_port:
- xlog(L_WARNING, "refused %s request from %s for %s (%s): illegal port %d",
- what, ai->ai_canonname, path, epath, ntohs(caller->sin_port));
+ xlog(L_WARNING, "refused %s request from %s for %s (%s): illegal port %u",
+ what, ai->ai_canonname, path, epath, nfs_get_port(caller));
break;
case success:
- xlog(L_NOTICE, "authenticated %s request from %s:%d for %s (%s)",
- what, ai->ai_canonname, ntohs(caller->sin_port), path, epath);
+ xlog(L_NOTICE, "authenticated %s request from %s:%u for %s (%s)",
+ what, ai->ai_canonname, nfs_get_port(caller), path, epath);
break;
default:
- xlog(L_NOTICE, "%s request from %s:%d for %s (%s) gave %d",
- what, ai->ai_canonname, ntohs(caller->sin_port),
+ xlog(L_NOTICE, "%s request from %s:%u for %s (%s) gave %d",
+ what, ai->ai_canonname, nfs_get_port(caller),
path, epath, error);
}
diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
index 78f26c2..c8ea3f7 100644
--- a/utils/mountd/mountd.c
+++ b/utils/mountd/mountd.c
@@ -237,9 +237,9 @@ mount_umnt_1_svc(struct svc_req *rqstp, dirpath *argp, void *UNUSED(resp))
p = rpath;
}
- if (!(exp = auth_authenticate("unmount", sin, p))) {
+ exp = auth_authenticate("unmount", (struct sockaddr *)sin, p);
+ if (exp == NULL)
return 1;
- }
mountlist_del(inet_ntoa(sin->sin_addr), p);
return 1;
@@ -313,10 +313,10 @@ mount_pathconf_2_svc(struct svc_req *rqstp, dirpath *path, ppathcnf *res)
}
/* Now authenticate the intruder... */
- exp = auth_authenticate("pathconf", sin, p);
- if (!exp) {
+ exp = auth_authenticate("pathconf", (struct sockaddr *)sin, p);
+ if (exp == NULL)
return 1;
- } else if (stat(p, &stb) < 0) {
+ else if (stat(p, &stb) < 0) {
xlog(L_WARNING, "can't stat exported dir %s: %s",
p, strerror(errno));
return 1;
@@ -415,8 +415,8 @@ get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
}
/* Now authenticate the intruder... */
- exp = auth_authenticate("mount", sin, p);
- if (!exp) {
+ exp = auth_authenticate("mount", (struct sockaddr *)sin, p);
+ if (exp == NULL) {
*error = NFSERR_ACCES;
return NULL;
}
diff --git a/utils/mountd/mountd.h b/utils/mountd/mountd.h
index 31bacb5..96e9bf1 100644
--- a/utils/mountd/mountd.h
+++ b/utils/mountd/mountd.h
@@ -41,8 +41,9 @@ bool_t mount_mnt_3_svc(struct svc_req *, dirpath *, mountres3 *);
void mount_dispatch(struct svc_req *, SVCXPRT *);
void auth_init(char *export_file);
unsigned int auth_reload(void);
-nfs_export * auth_authenticate(char *what, struct sockaddr_in *sin,
- char *path);
+nfs_export * auth_authenticate(const char *what,
+ const struct sockaddr *caller,
+ const char *path);
void auth_export(nfs_export *exp);
void mountlist_add(char *host, const char *path);
diff --git a/utils/mountd/rmtab.c b/utils/mountd/rmtab.c
index ba0fcf6..d23712b 100644
--- a/utils/mountd/rmtab.c
+++ b/utils/mountd/rmtab.c
@@ -157,7 +157,8 @@ mountlist_del_all(struct sockaddr_in *sin)
while ((rep = getrmtabent(1, NULL)) != NULL) {
if (strcmp(rep->r_client, hostname) == 0 &&
- (exp = auth_authenticate("umountall", sin, rep->r_path)))
+ (exp = auth_authenticate("umountall",
+ (struct sockaddr *)sin, rep->r_path)))
continue;
fputrmtabent(fp, rep, NULL);
}
next prev parent reply other threads:[~2010-09-13 17:21 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-13 17:20 [PATCH 00/12] Next series of mountd IPv6 support patches Chuck Lever
2010-09-13 17:20 ` [PATCH 01/12] libnfs.a: Fix API for getfh() & friends Chuck Lever
2010-09-13 17:21 ` Chuck Lever [this message]
2010-09-13 17:21 ` [PATCH 03/12] mountd: Support IPv6 in mountd's svc routines Chuck Lever
2010-09-13 17:21 ` [PATCH 04/12] mountd: support IPv6 in mountlist_del_all() Chuck Lever
2010-09-13 17:21 ` [PATCH 05/12] mountd: Add mountlist_freeall() Chuck Lever
2010-09-13 17:22 ` [PATCH 06/12] mountd: Handle memory exhaustion in mountlist_list() Chuck Lever
2010-09-13 17:22 ` [PATCH 07/12] mountd: Support IPv6 " Chuck Lever
2010-09-13 17:22 ` [PATCH 08/12] exportfs: Enable IPv6 support in matchhostname() Chuck Lever
2010-09-13 17:22 ` [PATCH 09/12] mountd: clean up cache API Chuck Lever
2010-09-13 17:22 ` [PATCH 10/12] mountd: Handle IPv6 addresses in kernel auth_unix_ip upcalls Chuck Lever
2010-09-13 17:22 ` [PATCH 11/12] mountd: Ensure cache downcall can handle IPv6 addresses Chuck Lever
2010-09-13 17:23 ` [PATCH 12/12] libexport.a: Enable IPv6 support in hostname.c Chuck Lever
[not found] ` <20100913171844.19017.13446.stgit-x+BlCsqV7M/wdl/1UfZZQIVfYA8g3rJ/@public.gmane.org>
2010-09-16 21:29 ` [PATCH 00/12] Next series of mountd IPv6 support patches Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100913172108.19017.20534.stgit@seurat.1015granger.net \
--to=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox