[PATCH 3/3] nfs-utils: Enabling TCP wrappers

Linux NFS development
 help / color / mirror / Atom feed

From: Steve Dickson <SteveD@redhat.com>
To: Linux NFS Mailing list <linux-nfs@vger.kernel.org>
Subject: [PATCH 3/3] nfs-utils: Enabling TCP wrappers
Date: Mon, 15 Dec 2008 12:11:26 -0500	[thread overview]
Message-ID: <49468FBE.2000705@RedHat.com> (raw)
In-Reply-To: <49468BC7.2000907-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>

commit e1956712782b4bb7b4369420bfada972e5bc4398
Author: Steve Dickson <steved@redhat.com>
Date:   Mon Dec 15 11:44:51 2008 -0500

    To ensure the hash table of clients has valid
    access rights, check the modification times on
    both access files. If one of them have change,
    update the hash entry instead of creating a
    new entry.
    
    Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c
index f7fd3a9..c0c5af7 100644
--- a/support/misc/tcpwrapper.c
+++ b/support/misc/tcpwrapper.c
@@ -45,6 +45,9 @@
 #include <sys/types.h>
 #include <sys/signal.h>
 #include <sys/queue.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
 #ifdef SYSV40
 #include <netinet/in.h>
 #include <rpc/rpcent.h>
@@ -246,6 +249,33 @@ void    check_startup(void)
     (void) signal(SIGINT, toggle_verboselog);
 }
 
+/* check_files - check to see if either access files have changed */
+
+int check_files()
+{
+	static time_t allow_mtime, deny_mtime;
+	struct stat astat, dstat;
+	int changed = 0;
+
+	if (stat("/etc/hosts.allow", &astat) < 0)
+		astat.st_mtime = 0;
+	if (stat("/etc/hosts.deny", &dstat) < 0)
+		dstat.st_mtime = 0;
+
+	if(!astat.st_mtime || !dstat.st_mtime)
+		return changed;
+
+	if (astat.st_mtime != allow_mtime)
+		changed = 1;
+	else if (dstat.st_mtime != deny_mtime)
+		changed = 1;
+
+	allow_mtime = astat.st_mtime;
+	deny_mtime = dstat.st_mtime;
+
+	return changed;
+}
+
 /* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
 
 int
@@ -256,20 +286,27 @@ u_long  proc;
 u_long  prog;
 {
 	haccess_t *acc = NULL;
+	int changed = check_files();
 
 	acc = haccess_lookup(addr, proc, prog);
-	if (acc)
+	if (acc && changed == 0)
 		return (acc->access);
 
 	if (!(from_local(addr) || good_client(daemon, addr))) {
 		log_bad_host(addr, proc, prog);
-		haccess_add(addr, proc, prog, FALSE);
+		if (acc)
+			acc->access = FALSE;
+		else 
+			haccess_add(addr, proc, prog, FALSE);
 		return (FALSE);
 	}
 	if (verboselog)
 		log_client(addr, proc, prog);
 
-	haccess_add(addr, proc, prog, TRUE);
+	if (acc)
+		acc->access = TRUE;
+	else 
+		haccess_add(addr, proc, prog, TRUE);
     return (TRUE);
 }

next prev parent reply	other threads:[~2008-12-15 17:13 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-12-15 16:54 [PATCH 0/3] nfs-utils: Enabling TCP wrappers Steve Dickson
     [not found] ` <49468BC7.2000907-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2008-12-15 16:58   ` [PATCH 1/3] " Steve Dickson
2008-12-15 17:10   ` [PATCH 2/3] " Steve Dickson
2008-12-15 17:11   ` Steve Dickson [this message]
2008-12-15 17:26   ` [PATCH 0/3] " Chuck Lever
2008-12-15 17:56     ` Steve Dickson
2008-12-18 19:59     ` Steve Dickson
     [not found]       ` <494AABA1.4070006-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2008-12-18 20:23         ` Chuck Lever
2008-12-18 20:49           ` Steve Dickson
     [not found]             ` <494AB74E.3040403-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2008-12-18 20:56               ` Chuck Lever
2008-12-18 21:21                 ` Steve Dickson
2008-12-19 17:00           ` Steve Dickson
2008-12-20 12:35   ` Steve Dickson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f7fd3a9 dfblob:c0c5af7 )
 OR (
bs:"[PATCH 3/3] nfs-utils: Enabling TCP wrappers" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49468FBE.2000705@RedHat.com \
    --to=steved@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox