[PATCH 2/3] nfs-utils: Don't do tcp wrapper check when there are no rules

public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Steve Dickson <SteveD@redhat.com>
To: Linux NFS Mailing list <linux-nfs@vger.kernel.org>
Subject: [PATCH 2/3] nfs-utils: Don't do tcp wrapper check when there are no rules
Date: Fri, 23 Jan 2009 13:11:46 -0500	[thread overview]
Message-ID: <497A0862.40008@RedHat.com> (raw)
In-Reply-To: <497A056E.1030606-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>

commit 58b7e3ef82c5d9e008befcce391027c4741d3a56
Author: Steve Dickson <steved@redhat.com>
Date:   Fri Jan 23 09:15:57 2009 -0500

    If there are no rules in either /etc/hosts.deny or
    /etc/hosts.allow there is no need to do the host validation.
    
    Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c
index a450ad5..098406c 100644
--- a/support/misc/tcpwrapper.c
+++ b/support/misc/tcpwrapper.c
@@ -34,6 +34,7 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
+#include <stdio.h>
 #include <tcpwrapper.h>
 #include <unistd.h>
 #include <string.h>
@@ -55,6 +56,8 @@
 #include <rpc/rpcent.h>
 #endif
 
+static int check_files(void);
+static int check_rules(void);
 static void logit(int severity, struct sockaddr_in *addr,
 		  u_long procnum, u_long prognum, char *text);
 static void toggle_verboselog(int sig);
@@ -175,6 +178,9 @@ struct sockaddr_in *addr;
     char **sp;
     char *tmpname;
 
+	xlog(D_CALL, "good_client: %s: doing access check on %s",
+		daemon, inet_ntoa(addr->sin_addr));
+
 	/* First check the address. */
 	if (hosts_ctl(daemon, "", inet_ntoa(addr->sin_addr), "") == DENY)
 		return DENY;
@@ -262,8 +268,50 @@ void    check_startup(void)
     (void) signal(SIGINT, toggle_verboselog);
 }
 
+/*
+ * check_rules - check to see if any entries exist in
+ * either hosts file.
+ */
+int check_rules()
+{
+	FILE *fp;
+	char buf[BUFSIZ];
+
+ 	if ((fp = fopen("/etc/hosts.allow", "r")) == NULL)
+		return 0;
+
+	while (fgets(buf, BUFSIZ, fp) != NULL) {
+		/* Check for commented lines */
+		if (buf[0] == '#')
+			continue;
+		/* Check for blank lines */
+		if (buf[strspn(buf, " \t\r\n")] == 0)
+			continue;
+		/* Not emtpy */
+		fclose(fp);
+		return 1;
+	}
+	fclose(fp);
+
+	if ((fp = fopen("/etc/hosts.deny", "r")) == NULL)
+		return 0;
+
+	while (fgets(buf, BUFSIZ, fp) != NULL) {
+		/* Check for commented lines */
+		if (buf[0] == '#')
+			continue;
+		/* Check for blank lines */
+		if (buf[strspn(buf, " \t\r\n")] == 0)
+			continue;
+		/* Not emtpy */
+		fclose(fp);
+		return 1;
+	}
+	fclose(fp);
+	return 0;
+}
+  
 /* check_files - check to see if either access files have changed */
-
 static int check_files()
 {
 	static time_t allow_mtime, deny_mtime;
@@ -305,6 +353,13 @@ u_long  prog;
 	if (acc && changed == 0)
 		return (acc->access);
 
+	/*
+	 * See if there are any rules to be applied,
+	 * if not, no need to check the address
+	 */
+	if (check_rules() == 0)
+		goto done;
+
 	if (!(from_local(addr) || good_client(daemon, addr))) {
 		log_bad_host(addr, proc, prog);
 		if (acc)
@@ -315,11 +370,12 @@ u_long  prog;
 	}
 	if (verboselog)
 		log_client(addr, proc, prog);
-
+done:
 	if (acc)
 		acc->access = TRUE;
 	else 
 		haccess_add(addr, prog, TRUE);
+
     return (TRUE);
 }

next prev parent reply	other threads:[~2009-01-23 18:14 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-23 17:59 [PATCH 0/3] nfs-utils: Enabling TCP wrappers Part 2 Steve Dickson
     [not found] ` <497A056E.1030606-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2009-01-23 18:10   ` [PATCH 1/3] nfs-utils: Hash only on IP address and Program number Steve Dickson
2009-01-23 18:11   ` Steve Dickson [this message]
     [not found]     ` <497A0862.40008-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2009-01-23 18:34       ` [PATCH 2/3] nfs-utils: Don't do tcp wrapper check when there are no rules Chuck Lever
2009-01-23 18:37         ` Steve Dickson
2009-01-23 18:13   ` [PATCH 3/3] nfs-utils: Adding the --insecure flag to mountd and statd Steve Dickson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a450ad5 dfblob:098406c )
 OR (
bs:"[PATCH 2/3] nfs-utils: Don't do tcp wrapper check when there are no rules" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=497A0862.40008@RedHat.com \
    --to=steved@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox