rpms/nfs-utils/F-10 nfs-utils-1.1.4-tcpwrap-rulecheck.patch, NONE, 1.1 nfs-utils.spec, 1.198, 1.199

Tue Jan 20 12:06:53 UTC 2009

Author: steved

Update of /cvs/pkgs/rpms/nfs-utils/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13507

Modified Files:
	nfs-utils.spec 
Added Files:
	nfs-utils-1.1.4-tcpwrap-rulecheck.patch 
Log Message:
mountd: Don't do tcp wrapper check when there are no rules (bz 448898)


nfs-utils-1.1.4-tcpwrap-rulecheck.patch:

--- NEW FILE nfs-utils-1.1.4-tcpwrap-rulecheck.patch ---
commit 5f09a2bacb4bf0a906e2d19931568b91fb6c5088
Author: Steve Dickson <steved at redhat.com>
Date:   Tue Jan 20 06:16:56 2009 -0500

    mountd: Don't do tcp wrapper check when there are no rules
    
    If there are no rules in either /etc/hosts.deny or
    /etc/hosts.allow there is no need to do the host validation.
    
    Signed-off-by: Steve Dickson <steved at redhat.com>

diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c
--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig	2009-01-07 12:56:07.000000000 -0500
+++ nfs-utils-1.1.4/support/misc/tcpwrapper.c	2009-01-20 06:00:38.000000000 -0500
@@ -34,6 +34,7 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
+#include <stdio.h>
 #include <tcpwrapper.h>
 #include <unistd.h>
 #include <string.h>
@@ -55,6 +56,8 @@
 #include <rpc/rpcent.h>
 #endif
 
+static int check_files(void);
+static int check_rules(void);
 static void logit(int severity, struct sockaddr_in *addr,
 		  u_long procnum, u_long prognum, char *text);
 static void toggle_verboselog(int sig);
@@ -261,8 +264,40 @@ void    check_startup(void)
     (void) signal(SIGINT, toggle_verboselog);
 }
 
-/* check_files - check to see if either access files have changed */
+/*
+ * check_rules - check to see if any entries exist in
+ * either hosts file.
+ */
+int check_rules()
+{
+	FILE *fp;
+	char buf[BUFSIZ];
+
+	if ((fp = fopen("/etc/hosts.allow", "r")) == NULL)
+		return 0;
+
+	while (fgets(buf, BUFSIZ, fp) != NULL) {
+		if (buf[0] == '#')
+			continue;
+		fclose(fp);
+		return 1;
+	}
+	fclose(fp);
+
+	if ((fp = fopen("/etc/hosts.deny", "r")) == NULL)
+		return 0;
+
+	while (fgets(buf, BUFSIZ, fp) != NULL) {
+		if (buf[0] == '#')
+			continue;
+		fclose(fp);
+		return 1;
+	}
+	fclose(fp);
+	return 0;
+}
 
+/* check_files - check to see if either access files have changed */
 int check_files()
 {
 	static time_t allow_mtime, deny_mtime;
@@ -304,6 +339,13 @@ u_long  prog;
 	if (acc && changed == 0)
 		return (acc->access);
 
+	/*
+	 * See if there are any rules to be applied,
+	 * if not, no need to check the address
+	 */
+	if (check_rules() == 0)
+		goto done;
+
 	if (!(from_local(addr) || good_client(daemon, addr))) {
 		log_bad_host(addr, proc, prog);
 		if (acc)
@@ -315,10 +357,12 @@ u_long  prog;
 	if (verboselog)
 		log_client(addr, proc, prog);
 
+done:
 	if (acc)
 		acc->access = TRUE;
 	else 
 		haccess_add(addr, proc, prog, TRUE);
+
     return (TRUE);
 }
 


Index: nfs-utils.spec
===================================================================
RCS file: /cvs/pkgs/rpms/nfs-utils/F-10/nfs-utils.spec,v
retrieving revision 1.198
retrieving revision 1.199
diff -u -r1.198 -r1.199
--- nfs-utils.spec	5 Jan 2009 19:33:04 -0000	1.198
+++ nfs-utils.spec	20 Jan 2009 12:06:23 -0000	1.199
@@ -2,7 +2,7 @@
 Name: nfs-utils
 URL: http://sourceforge.net/projects/nfs
 Version: 1.1.4
-Release: 6%{?dist}
+Release: 7%{?dist}
 Epoch: 1
 
 # group all 32bit related archs
@@ -30,6 +30,7 @@
 Patch05: nfs-utils-1.1.4-tcpwrapper-update.patch
 Patch06: nfs-utils-1.1.4-tcpwrap-warn.patch
 Patch07: nfs-utils-1.1.4-gssd-verbosity.patch
+Patch08: nfs-utils-1.1.4-tcpwrap-rulecheck.patch
 
 %if %{enablefscache}
 Patch90: nfs-utils-1.1.0-mount-fsc.patch
@@ -88,6 +89,7 @@
 %patch05 -p1
 %patch06 -p1
 %patch07 -p1
+%patch08 -p1
 
 %if %{enablefscache}
 %patch90 -p1
@@ -251,6 +253,9 @@
 %attr(4755,root,root)   /sbin/umount.nfs4
 
 %changelog
+* Tue Jan 20 2009 Steve Dickson <steved at redhat.com> 1.1.4-7
+- mountd: Don't do tcp wrapper check when there are no rules (bz 448898)
+
 * Mon Jan  5 2009 Steve Dickson <steved at redhat.com> 1.1.4-6
 - Added warnings to tcp wrapper code when mounts are 
   denied due to misconfigured DNS configurations.


