1 diff --git a/CHANGELOG b/CHANGELOG
2 index fe7ae00..ca171a4 100644
6 - fix lack of ferror() checking when reading files.
7 - fix typo in autofs(5) man page.
8 - fix map entry expansion when undefined macro is present.
9 +- remove unused export validation code.
11 18/06/2007 autofs-5.0.2
12 -----------------------
13 diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c
14 index 831d456..d79a94f 100644
18 /* Get numeric value of the n bits starting at position p */
19 #define getbits(x, p, n) ((x >> (p + 1 - n)) & ~(~0 << n))
21 -static char *domain = NULL;
23 inline void dump_core(void);
24 -static pthread_mutex_t networks_mutex = PTHREAD_MUTEX_INITIALIZER;
27 * Create a UDP RPC client
28 @@ -764,573 +761,6 @@ void rpc_exports_free(exports list)
32 -static int masked_match(const char *addr, const char *mask)
34 - char buf[MAX_IFC_BUF], *ptr;
35 - struct sockaddr_in saddr;
36 - struct sockaddr_in6 saddr6;
39 - int sock, cl_flags, ret, i, is_ipv4, is_ipv6;
42 - sock = socket(AF_INET, SOCK_DGRAM, 0);
44 - char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
45 - error(LOGOPT_ANY, "socket creation failed: %s", estr);
49 - if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) {
50 - cl_flags |= FD_CLOEXEC;
51 - fcntl(sock, F_SETFD, cl_flags);
54 - ifc.ifc_len = sizeof(buf);
55 - ifc.ifc_req = (struct ifreq *) buf;
56 - ret = ioctl(sock, SIOCGIFCONF, &ifc);
59 - char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
60 - error(LOGOPT_ANY, "ioctl: %s", estr);
64 - is_ipv4 = is_ipv6 = 0;
65 - is_ipv4 = inet_pton(AF_INET, addr, &saddr.sin_addr);
67 - is_ipv6 = inet_pton(AF_INET6, addr, &saddr6.sin6_addr);
69 - if (strchr(mask, '.')) {
70 - struct sockaddr_in maddr;
74 - ret = inet_aton(mask, &maddr.sin_addr);
80 - ma = ntohl((uint32_t) maddr.sin_addr.s_addr);
91 - ptr = (char *) &ifc.ifc_buf[0];
93 - while (ptr < buf + ifc.ifc_len) {
94 - ifr = (struct ifreq *) ptr;
96 - switch (ifr->ifr_addr.sa_family) {
99 - struct sockaddr_in *if_addr;
100 - uint32_t m, ia, ha;
102 - if (!is_ipv4 || msize > 32)
106 - m = m << (32 - msize);
107 - ha = ntohl((uint32_t) saddr.sin_addr.s_addr);
109 - if_addr = (struct sockaddr_in *) &ifr->ifr_addr;
110 - ia = ntohl((uint32_t) if_addr->sin_addr.s_addr);
112 - if ((ia & m) == (ha & m)) {
119 - /* glibc rpc only understands IPv4 atm */
128 - ptr = (char *) &ifc.ifc_req[i];
136 - * This function has been adapted from the match_patern function
137 - * found in OpenSSH and is used in accordance with the copyright
138 - * notice found their.
140 - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland.
143 - * Returns true if the given string matches the pattern (which
144 - * may contain ? and * as wildcards), and zero if it does not
147 -static int pattern_match(const char *s, const char *pattern)
150 - /* If at end of pattern, accept if also at end of string. */
154 - if (*pattern == '*') {
155 - /* Skip the asterisk. */
158 - /* If at end of pattern, accept immediately. */
162 - /* If next character in pattern is known, optimize. */
163 - if (*pattern != '?' && *pattern != '*') {
165 - * Look instances of the next character in
166 - * pattern, and try to match starting from
170 - if (*s == *pattern &&
171 - pattern_match(s + 1, pattern + 1))
178 - * Move ahead one character at a time and try to
179 - * match at each position.
182 - if (pattern_match(s, pattern))
188 - * There must be at least one more character in the string.
189 - * If we are at the end, fail.
194 - /* Check if the next character of the string is acceptable. */
195 - if (*pattern != '?' && *pattern != *s)
198 - /* Move to the next character, both in string and in pattern. */
205 -static int name_match(const char *name, const char *pattern)
209 - if (strchr(pattern, '*') || strchr(pattern, '?'))
210 - ret = pattern_match(name, pattern);
212 - ret = !memcmp(name, pattern, strlen(pattern));
213 - /* Name could still be a netgroup (Solaris) */
215 - ret = innetgr(pattern, name, NULL, domain);
221 -static int fqdn_match(const char *pattern)
223 - char buf[MAX_IFC_BUF], *ptr;
226 - int sock, cl_flags, ret, i;
227 - char fqdn[NI_MAXHOST + 1];
229 - sock = socket(AF_INET, SOCK_DGRAM, 0);
231 - char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
232 - error(LOGOPT_ANY, "socket creation failed: %s", estr);
236 - if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) {
237 - cl_flags |= FD_CLOEXEC;
238 - fcntl(sock, F_SETFD, cl_flags);
241 - ifc.ifc_len = sizeof(buf);
242 - ifc.ifc_req = (struct ifreq *) buf;
243 - ret = ioctl(sock, SIOCGIFCONF, &ifc);
246 - char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
247 - error(LOGOPT_ANY, "ioctl: %s", estr);
252 - ptr = (char *) &ifc.ifc_buf[0];
254 - while (ptr < buf + ifc.ifc_len) {
255 - ifr = (struct ifreq *) ptr;
257 - switch (ifr->ifr_addr.sa_family) {
260 - socklen_t slen = sizeof(struct sockaddr);
262 - ret = getnameinfo(&ifr->ifr_addr, slen, fqdn,
263 - NI_MAXHOST, NULL, 0, NI_NAMEREQD);
265 - ret = name_match(fqdn, pattern);
274 - /* glibc rpc only understands IPv4 atm */
283 - ptr = (char *) &ifc.ifc_req[i];
290 -static int string_match(const char *myname, const char *pattern)
292 - struct addrinfo hints, *ni;
295 - /* Try simple name match first */
296 - ret = name_match(myname, pattern);
300 - memset(&hints, 0, sizeof(hints));
301 - hints.ai_flags = AI_CANONNAME;
302 - hints.ai_family = 0;
303 - hints.ai_socktype = 0;
305 - /* See if our canonical name matches */
306 - if (getaddrinfo(myname, NULL, &hints, &ni) == 0) {
307 - ret = name_match(ni->ai_canonname, pattern);
310 - warn(LOGOPT_ANY, "name lookup failed: %s", gai_strerror(ret));
314 - /* Lastly see if the name of an interfaces matches */
315 - ret = fqdn_match(pattern);
320 -static unsigned int inet_get_net_len(uint32_t net)
324 - for (i = 0; i < 32; i += 8) {
325 - if (getbits(net, i + 7, 8))
329 - return (unsigned int) 32 - i;
332 -static char *inet_fill_net(const char *net_num, char *net)
335 - unsigned int dots = 3;
337 - if (strlen(net_num) > INET_ADDRSTRLEN)
340 - if (!isdigit(*net_num))
344 - strcpy(net, net_num);
356 - if ((*np && !isdigit(*np)) || dots < 0) {
368 -static int match_network(const char *network)
370 - struct netent *pnent, nent;
372 - char *net, cnet[MAX_NETWORK_LEN], mask[4], *pmask;
374 - size_t l_network = strlen(network) + 1;
377 - if (l_network > MAX_NETWORK_LEN) {
379 - "match string \"%s\" too long", network);
383 - net = alloca(l_network);
386 - memset(net, 0, l_network);
387 - strcpy(net, network);
389 - if ((pmask = strchr(net, '/')))
392 - status = pthread_mutex_lock(&networks_mutex);
396 - pnent = getnetbyname(net);
398 - memcpy(&nent, pnent, sizeof(struct netent));
400 - status = pthread_mutex_unlock(&networks_mutex);
407 - switch (nent.n_addrtype) {
409 - n_net = ntohl(nent.n_net);
410 - pcnet = inet_ntop(AF_INET, &n_net, cnet, INET_ADDRSTRLEN);
415 - size = inet_get_net_len(nent.n_net);
430 - if (strchr(net, ':')) {
433 - struct in_addr addr;
435 - pcnet = inet_fill_net(net, cnet);
439 - ret = inet_pton(AF_INET, pcnet, &addr);
444 - uint32_t nl_addr = htonl(addr.s_addr);
445 - size = inet_get_net_len(nl_addr);
453 - if (sprintf(mask, "%u", size) <= 0)
458 - debug(LOGOPT_ANY, "pcnet %s pmask %s", pcnet, pmask);
460 - return masked_match(pcnet, pmask);
464 - * Two export formats need to be understood to cater for different
465 - * NFS server exports.
467 - * (host|wildcard|network[/mask]|@netgroup)
469 - * A host name which can be cannonical.
470 - * A wildcard host name containing "*" and "?" with the usual meaning.
471 - * A network in numbers and dots form with optional mask given as
472 - * either a length or as numbers and dots.
473 - * A netgroup identified by the prefix "@".
475 - * [-](host|domain suffix|netgroup|@network[/mask])
477 - * A host name which can be cannonical.
478 - * A domain suffix identified by a leading "." which will match all
479 - * hosts in the given domain.
481 - * A network identified by the prefix "@" given in numbers and dots
482 - * form or as a network name with optional mask given as either a
483 - * length or as numbers and dots.
484 - * A "-" prefix can be appended to indicate access is denied.
486 -static int host_match(char *pattern)
488 - unsigned int negate = (*pattern == '-');
489 - const char *m_pattern = (negate ? pattern + 1 : pattern);
490 - char myname[MAXHOSTNAMELEN + 1] = "\0";
493 - if (gethostname(myname, MAXHOSTNAMELEN))
496 - if (yp_get_default_domain(&domain))
499 - if (*m_pattern == '@') {
501 - * The pattern begins with an "@" so it's a network
502 - * spec or it's a netgroup.
504 - ret = match_network(m_pattern + 1);
506 - ret = innetgr(m_pattern + 1, myname, NULL, domain);
507 - } else if (*m_pattern == '.') {
508 - size_t m_len = strlen(m_pattern);
509 - char *has_dot = strchr(myname, '.');
511 - * The pattern starts with a "." so it's a domain spec
514 - * If the host name contains a dot then it must be either
515 - * a cannonical name or a simple NIS name.domain. So
516 - * perform a string match. Otherwise, append the domain
517 - * pattern to our simple name and try a wildcard pattern
518 - * match against the interfaces.
521 - if (strlen(has_dot) == m_len)
522 - ret = !memcmp(has_dot, m_pattern, m_len);
524 - char *w_pattern = alloca(m_len + 2);
526 - strcpy(w_pattern, "*");
527 - strcat(w_pattern, m_pattern);
528 - ret = fqdn_match(w_pattern);
531 - } else if (!strcmp(m_pattern, "gss/krb5")) {
532 - /* Leave this to the GSS layer */
536 - * Otherwise it's a network name or host name
538 - ret = match_network(m_pattern);
540 - /* if not then try to match host name */
541 - ret = string_match(myname, m_pattern);
550 -static int rpc_export_allowed(groups grouplist)
552 - groups grp = grouplist;
554 - /* NULL group list => everyone */
559 - int allowed = host_match(grp->gr_name);
560 - /* Explicitly denied access */
565 - grp = grp->gr_next;
570 -exports rpc_exports_prune(exports list)
572 - exports head = list;
580 - res = rpc_export_allowed(exp->ex_groups);
582 - if (last == NULL) {
583 - head = exp->ex_next;
584 - rpc_export_free(exp);
587 - last->ex_next = exp->ex_next;
588 - rpc_export_free(exp);
589 - exp = last->ex_next;
594 - exp = exp->ex_next;
599 exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option)
601 struct conn_info info;
602 diff --git a/modules/lookup_hosts.c b/modules/lookup_hosts.c
603 index 1f8fa15..d711611 100644
604 --- a/modules/lookup_hosts.c
605 +++ b/modules/lookup_hosts.c
606 @@ -45,7 +45,6 @@ struct lookup_context {
607 int lookup_version = AUTOFS_LOOKUP_VERSION; /* Required by protocol */
609 exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option);
610 -exports rpc_exports_prune(exports list);
611 void rpc_exports_free(exports list);
613 int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **context)
614 @@ -207,9 +206,6 @@ done:
616 exp = rpc_get_exports(name, 10, 0, RPC_CLOSE_NOLINGER);
618 - /* Check exports for obvious ones we don't have access to */
619 - /*exp = rpc_exports_prune(exp);*/