]>
Commit | Line | Data |
---|---|---|
3d551623 PG |
1 | diff --git a/CHANGELOG b/CHANGELOG |
2 | index fe7ae00..ca171a4 100644 | |
3 | --- a/CHANGELOG | |
4 | +++ b/CHANGELOG | |
5 | @@ -34,6 +34,7 @@ | |
6 | - fix lack of ferror() checking when reading files. | |
7 | - fix typo in autofs(5) man page. | |
8 | - fix map entry expansion when undefined macro is present. | |
9 | +- remove unused export validation code. | |
10 | ||
11 | 18/06/2007 autofs-5.0.2 | |
12 | ----------------------- | |
13 | diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c | |
14 | index 831d456..d79a94f 100644 | |
15 | --- a/lib/rpc_subs.c | |
16 | +++ b/lib/rpc_subs.c | |
17 | @@ -52,10 +52,7 @@ | |
18 | /* Get numeric value of the n bits starting at position p */ | |
19 | #define getbits(x, p, n) ((x >> (p + 1 - n)) & ~(~0 << n)) | |
20 | ||
21 | -static char *domain = NULL; | |
22 | - | |
23 | inline void dump_core(void); | |
24 | -static pthread_mutex_t networks_mutex = PTHREAD_MUTEX_INITIALIZER; | |
25 | ||
26 | /* | |
27 | * Create a UDP RPC client | |
28 | @@ -764,573 +761,6 @@ void rpc_exports_free(exports list) | |
29 | return; | |
30 | } | |
31 | ||
32 | -static int masked_match(const char *addr, const char *mask) | |
33 | -{ | |
34 | - char buf[MAX_IFC_BUF], *ptr; | |
35 | - struct sockaddr_in saddr; | |
36 | - struct sockaddr_in6 saddr6; | |
37 | - struct ifconf ifc; | |
38 | - struct ifreq *ifr; | |
39 | - int sock, cl_flags, ret, i, is_ipv4, is_ipv6; | |
40 | - unsigned int msize; | |
41 | - | |
42 | - sock = socket(AF_INET, SOCK_DGRAM, 0); | |
43 | - if (sock < 0) { | |
44 | - char *estr = strerror_r(errno, buf, MAX_ERR_BUF); | |
45 | - error(LOGOPT_ANY, "socket creation failed: %s", estr); | |
46 | - return 0; | |
47 | - } | |
48 | - | |
49 | - if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) { | |
50 | - cl_flags |= FD_CLOEXEC; | |
51 | - fcntl(sock, F_SETFD, cl_flags); | |
52 | - } | |
53 | - | |
54 | - ifc.ifc_len = sizeof(buf); | |
55 | - ifc.ifc_req = (struct ifreq *) buf; | |
56 | - ret = ioctl(sock, SIOCGIFCONF, &ifc); | |
57 | - if (ret == -1) { | |
58 | - close(sock); | |
59 | - char *estr = strerror_r(errno, buf, MAX_ERR_BUF); | |
60 | - error(LOGOPT_ANY, "ioctl: %s", estr); | |
61 | - return 0; | |
62 | - } | |
63 | - | |
64 | - is_ipv4 = is_ipv6 = 0; | |
65 | - is_ipv4 = inet_pton(AF_INET, addr, &saddr.sin_addr); | |
66 | - if (!is_ipv4) | |
67 | - is_ipv6 = inet_pton(AF_INET6, addr, &saddr6.sin6_addr); | |
68 | - | |
69 | - if (strchr(mask, '.')) { | |
70 | - struct sockaddr_in maddr; | |
71 | - uint32_t ma; | |
72 | - int i = 0; | |
73 | - | |
74 | - ret = inet_aton(mask, &maddr.sin_addr); | |
75 | - if (!ret) { | |
76 | - close(sock); | |
77 | - return 0; | |
78 | - } | |
79 | - | |
80 | - ma = ntohl((uint32_t) maddr.sin_addr.s_addr); | |
81 | - while (!(ma & 1)) { | |
82 | - i++; | |
83 | - ma = ma >> 1; | |
84 | - } | |
85 | - | |
86 | - msize = i; | |
87 | - } else | |
88 | - msize = atoi(mask); | |
89 | - | |
90 | - i = 0; | |
91 | - ptr = (char *) &ifc.ifc_buf[0]; | |
92 | - | |
93 | - while (ptr < buf + ifc.ifc_len) { | |
94 | - ifr = (struct ifreq *) ptr; | |
95 | - | |
96 | - switch (ifr->ifr_addr.sa_family) { | |
97 | - case AF_INET: | |
98 | - { | |
99 | - struct sockaddr_in *if_addr; | |
100 | - uint32_t m, ia, ha; | |
101 | - | |
102 | - if (!is_ipv4 || msize > 32) | |
103 | - break; | |
104 | - | |
105 | - m = -1; | |
106 | - m = m << (32 - msize); | |
107 | - ha = ntohl((uint32_t) saddr.sin_addr.s_addr); | |
108 | - | |
109 | - if_addr = (struct sockaddr_in *) &ifr->ifr_addr; | |
110 | - ia = ntohl((uint32_t) if_addr->sin_addr.s_addr); | |
111 | - | |
112 | - if ((ia & m) == (ha & m)) { | |
113 | - close(sock); | |
114 | - return 1; | |
115 | - } | |
116 | - break; | |
117 | - } | |
118 | - | |
119 | - /* glibc rpc only understands IPv4 atm */ | |
120 | - case AF_INET6: | |
121 | - break; | |
122 | - | |
123 | - default: | |
124 | - break; | |
125 | - } | |
126 | - | |
127 | - i++; | |
128 | - ptr = (char *) &ifc.ifc_req[i]; | |
129 | - } | |
130 | - | |
131 | - close(sock); | |
132 | - return 0; | |
133 | -} | |
134 | - | |
135 | -/* | |
136 | - * This function has been adapted from the match_patern function | |
137 | - * found in OpenSSH and is used in accordance with the copyright | |
138 | - * notice found their. | |
139 | - * | |
140 | - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland. | |
141 | - */ | |
142 | -/* | |
143 | - * Returns true if the given string matches the pattern (which | |
144 | - * may contain ? and * as wildcards), and zero if it does not | |
145 | - * match. | |
146 | - */ | |
147 | -static int pattern_match(const char *s, const char *pattern) | |
148 | -{ | |
149 | - for (;;) { | |
150 | - /* If at end of pattern, accept if also at end of string. */ | |
151 | - if (!*pattern) | |
152 | - return !*s; | |
153 | - | |
154 | - if (*pattern == '*') { | |
155 | - /* Skip the asterisk. */ | |
156 | - pattern++; | |
157 | - | |
158 | - /* If at end of pattern, accept immediately. */ | |
159 | - if (!*pattern) | |
160 | - return 1; | |
161 | - | |
162 | - /* If next character in pattern is known, optimize. */ | |
163 | - if (*pattern != '?' && *pattern != '*') { | |
164 | - /* | |
165 | - * Look instances of the next character in | |
166 | - * pattern, and try to match starting from | |
167 | - * those. | |
168 | - */ | |
169 | - for (; *s; s++) | |
170 | - if (*s == *pattern && | |
171 | - pattern_match(s + 1, pattern + 1)) | |
172 | - return 1; | |
173 | - | |
174 | - /* Failed. */ | |
175 | - return 0; | |
176 | - } | |
177 | - /* | |
178 | - * Move ahead one character at a time and try to | |
179 | - * match at each position. | |
180 | - */ | |
181 | - for (; *s; s++) | |
182 | - if (pattern_match(s, pattern)) | |
183 | - return 1; | |
184 | - /* Failed. */ | |
185 | - return 0; | |
186 | - } | |
187 | - /* | |
188 | - * There must be at least one more character in the string. | |
189 | - * If we are at the end, fail. | |
190 | - */ | |
191 | - if (!*s) | |
192 | - return 0; | |
193 | - | |
194 | - /* Check if the next character of the string is acceptable. */ | |
195 | - if (*pattern != '?' && *pattern != *s) | |
196 | - return 0; | |
197 | - | |
198 | - /* Move to the next character, both in string and in pattern. */ | |
199 | - s++; | |
200 | - pattern++; | |
201 | - } | |
202 | - /* NOTREACHED */ | |
203 | -} | |
204 | - | |
205 | -static int name_match(const char *name, const char *pattern) | |
206 | -{ | |
207 | - int ret; | |
208 | - | |
209 | - if (strchr(pattern, '*') || strchr(pattern, '?')) | |
210 | - ret = pattern_match(name, pattern); | |
211 | - else { | |
212 | - ret = !memcmp(name, pattern, strlen(pattern)); | |
213 | - /* Name could still be a netgroup (Solaris) */ | |
214 | - if (!ret) | |
215 | - ret = innetgr(pattern, name, NULL, domain); | |
216 | - } | |
217 | - | |
218 | - return ret; | |
219 | -} | |
220 | - | |
221 | -static int fqdn_match(const char *pattern) | |
222 | -{ | |
223 | - char buf[MAX_IFC_BUF], *ptr; | |
224 | - struct ifconf ifc; | |
225 | - struct ifreq *ifr; | |
226 | - int sock, cl_flags, ret, i; | |
227 | - char fqdn[NI_MAXHOST + 1]; | |
228 | - | |
229 | - sock = socket(AF_INET, SOCK_DGRAM, 0); | |
230 | - if (sock < 0) { | |
231 | - char *estr = strerror_r(errno, buf, MAX_ERR_BUF); | |
232 | - error(LOGOPT_ANY, "socket creation failed: %s", estr); | |
233 | - return 0; | |
234 | - } | |
235 | - | |
236 | - if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) { | |
237 | - cl_flags |= FD_CLOEXEC; | |
238 | - fcntl(sock, F_SETFD, cl_flags); | |
239 | - } | |
240 | - | |
241 | - ifc.ifc_len = sizeof(buf); | |
242 | - ifc.ifc_req = (struct ifreq *) buf; | |
243 | - ret = ioctl(sock, SIOCGIFCONF, &ifc); | |
244 | - if (ret == -1) { | |
245 | - close(sock); | |
246 | - char *estr = strerror_r(errno, buf, MAX_ERR_BUF); | |
247 | - error(LOGOPT_ANY, "ioctl: %s", estr); | |
248 | - return 0; | |
249 | - } | |
250 | - | |
251 | - i = 0; | |
252 | - ptr = (char *) &ifc.ifc_buf[0]; | |
253 | - | |
254 | - while (ptr < buf + ifc.ifc_len) { | |
255 | - ifr = (struct ifreq *) ptr; | |
256 | - | |
257 | - switch (ifr->ifr_addr.sa_family) { | |
258 | - case AF_INET: | |
259 | - { | |
260 | - socklen_t slen = sizeof(struct sockaddr); | |
261 | - | |
262 | - ret = getnameinfo(&ifr->ifr_addr, slen, fqdn, | |
263 | - NI_MAXHOST, NULL, 0, NI_NAMEREQD); | |
264 | - if (!ret) { | |
265 | - ret = name_match(fqdn, pattern); | |
266 | - if (ret) { | |
267 | - close(sock); | |
268 | - return 1; | |
269 | - } | |
270 | - } | |
271 | - break; | |
272 | - } | |
273 | - | |
274 | - /* glibc rpc only understands IPv4 atm */ | |
275 | - case AF_INET6: | |
276 | - break; | |
277 | - | |
278 | - default: | |
279 | - break; | |
280 | - } | |
281 | - | |
282 | - i++; | |
283 | - ptr = (char *) &ifc.ifc_req[i]; | |
284 | - } | |
285 | - | |
286 | - close(sock); | |
287 | - return 0; | |
288 | -} | |
289 | - | |
290 | -static int string_match(const char *myname, const char *pattern) | |
291 | -{ | |
292 | - struct addrinfo hints, *ni; | |
293 | - int ret; | |
294 | - | |
295 | - /* Try simple name match first */ | |
296 | - ret = name_match(myname, pattern); | |
297 | - if (ret) | |
298 | - goto done; | |
299 | - | |
300 | - memset(&hints, 0, sizeof(hints)); | |
301 | - hints.ai_flags = AI_CANONNAME; | |
302 | - hints.ai_family = 0; | |
303 | - hints.ai_socktype = 0; | |
304 | - | |
305 | - /* See if our canonical name matches */ | |
306 | - if (getaddrinfo(myname, NULL, &hints, &ni) == 0) { | |
307 | - ret = name_match(ni->ai_canonname, pattern); | |
308 | - freeaddrinfo(ni); | |
309 | - } else | |
310 | - warn(LOGOPT_ANY, "name lookup failed: %s", gai_strerror(ret)); | |
311 | - if (ret) | |
312 | - goto done; | |
313 | - | |
314 | - /* Lastly see if the name of an interfaces matches */ | |
315 | - ret = fqdn_match(pattern); | |
316 | -done: | |
317 | - return ret; | |
318 | -} | |
319 | - | |
320 | -static unsigned int inet_get_net_len(uint32_t net) | |
321 | -{ | |
322 | - int i; | |
323 | - | |
324 | - for (i = 0; i < 32; i += 8) { | |
325 | - if (getbits(net, i + 7, 8)) | |
326 | - break; | |
327 | - } | |
328 | - | |
329 | - return (unsigned int) 32 - i; | |
330 | -} | |
331 | - | |
332 | -static char *inet_fill_net(const char *net_num, char *net) | |
333 | -{ | |
334 | - char *np; | |
335 | - unsigned int dots = 3; | |
336 | - | |
337 | - if (strlen(net_num) > INET_ADDRSTRLEN) | |
338 | - return NULL; | |
339 | - | |
340 | - if (!isdigit(*net_num)) | |
341 | - return NULL; | |
342 | - | |
343 | - *net = '\0'; | |
344 | - strcpy(net, net_num); | |
345 | - | |
346 | - np = net; | |
347 | - while (*np++) { | |
348 | - if (*np == '.') { | |
349 | - np++; | |
350 | - dots--; | |
351 | - if (!*np && dots) | |
352 | - strcat(net, "0"); | |
353 | - continue; | |
354 | - } | |
355 | - | |
356 | - if ((*np && !isdigit(*np)) || dots < 0) { | |
357 | - *net = '\0'; | |
358 | - return NULL; | |
359 | - } | |
360 | - } | |
361 | - | |
362 | - while (dots--) | |
363 | - strcat(net, ".0"); | |
364 | - | |
365 | - return net; | |
366 | -} | |
367 | - | |
368 | -static int match_network(const char *network) | |
369 | -{ | |
370 | - struct netent *pnent, nent; | |
371 | - const char *pcnet; | |
372 | - char *net, cnet[MAX_NETWORK_LEN], mask[4], *pmask; | |
373 | - unsigned int size; | |
374 | - size_t l_network = strlen(network) + 1; | |
375 | - int status; | |
376 | - | |
377 | - if (l_network > MAX_NETWORK_LEN) { | |
378 | - error(LOGOPT_ANY, | |
379 | - "match string \"%s\" too long", network); | |
380 | - return 0; | |
381 | - } | |
382 | - | |
383 | - net = alloca(l_network); | |
384 | - if (!net) | |
385 | - return 0; | |
386 | - memset(net, 0, l_network); | |
387 | - strcpy(net, network); | |
388 | - | |
389 | - if ((pmask = strchr(net, '/'))) | |
390 | - *pmask++ = '\0'; | |
391 | - | |
392 | - status = pthread_mutex_lock(&networks_mutex); | |
393 | - if (status) | |
394 | - fatal(status); | |
395 | - | |
396 | - pnent = getnetbyname(net); | |
397 | - if (pnent) | |
398 | - memcpy(&nent, pnent, sizeof(struct netent)); | |
399 | - | |
400 | - status = pthread_mutex_unlock(&networks_mutex); | |
401 | - if (status) | |
402 | - fatal(status); | |
403 | - | |
404 | - if (pnent) { | |
405 | - uint32_t n_net; | |
406 | - | |
407 | - switch (nent.n_addrtype) { | |
408 | - case AF_INET: | |
409 | - n_net = ntohl(nent.n_net); | |
410 | - pcnet = inet_ntop(AF_INET, &n_net, cnet, INET_ADDRSTRLEN); | |
411 | - if (!pcnet) | |
412 | - return 0; | |
413 | - | |
414 | - if (!pmask) { | |
415 | - size = inet_get_net_len(nent.n_net); | |
416 | - if (!size) | |
417 | - return 0; | |
418 | - } | |
419 | - break; | |
420 | - | |
421 | - case AF_INET6: | |
422 | - return 0; | |
423 | - | |
424 | - default: | |
425 | - return 0; | |
426 | - } | |
427 | - } else { | |
428 | - int ret; | |
429 | - | |
430 | - if (strchr(net, ':')) { | |
431 | - return 0; | |
432 | - } else { | |
433 | - struct in_addr addr; | |
434 | - | |
435 | - pcnet = inet_fill_net(net, cnet); | |
436 | - if (!pcnet) | |
437 | - return 0; | |
438 | - | |
439 | - ret = inet_pton(AF_INET, pcnet, &addr); | |
440 | - if (ret <= 0) | |
441 | - return 0; | |
442 | - | |
443 | - if (!pmask) { | |
444 | - uint32_t nl_addr = htonl(addr.s_addr); | |
445 | - size = inet_get_net_len(nl_addr); | |
446 | - if (!size) | |
447 | - return 0; | |
448 | - } | |
449 | - } | |
450 | - } | |
451 | - | |
452 | - if (!pmask) { | |
453 | - if (sprintf(mask, "%u", size) <= 0) | |
454 | - return 0; | |
455 | - pmask = mask; | |
456 | - } | |
457 | - | |
458 | - debug(LOGOPT_ANY, "pcnet %s pmask %s", pcnet, pmask); | |
459 | - | |
460 | - return masked_match(pcnet, pmask); | |
461 | -} | |
462 | - | |
463 | -/* | |
464 | - * Two export formats need to be understood to cater for different | |
465 | - * NFS server exports. | |
466 | - * | |
467 | - * (host|wildcard|network[/mask]|@netgroup) | |
468 | - * | |
469 | - * A host name which can be cannonical. | |
470 | - * A wildcard host name containing "*" and "?" with the usual meaning. | |
471 | - * A network in numbers and dots form with optional mask given as | |
472 | - * either a length or as numbers and dots. | |
473 | - * A netgroup identified by the prefix "@". | |
474 | - * | |
475 | - * [-](host|domain suffix|netgroup|@network[/mask]) | |
476 | - * | |
477 | - * A host name which can be cannonical. | |
478 | - * A domain suffix identified by a leading "." which will match all | |
479 | - * hosts in the given domain. | |
480 | - * A netgroup. | |
481 | - * A network identified by the prefix "@" given in numbers and dots | |
482 | - * form or as a network name with optional mask given as either a | |
483 | - * length or as numbers and dots. | |
484 | - * A "-" prefix can be appended to indicate access is denied. | |
485 | - */ | |
486 | -static int host_match(char *pattern) | |
487 | -{ | |
488 | - unsigned int negate = (*pattern == '-'); | |
489 | - const char *m_pattern = (negate ? pattern + 1 : pattern); | |
490 | - char myname[MAXHOSTNAMELEN + 1] = "\0"; | |
491 | - int ret = 0; | |
492 | - | |
493 | - if (gethostname(myname, MAXHOSTNAMELEN)) | |
494 | - return 0; | |
495 | - | |
496 | - if (yp_get_default_domain(&domain)) | |
497 | - domain = NULL; | |
498 | - | |
499 | - if (*m_pattern == '@') { | |
500 | - /* | |
501 | - * The pattern begins with an "@" so it's a network | |
502 | - * spec or it's a netgroup. | |
503 | - */ | |
504 | - ret = match_network(m_pattern + 1); | |
505 | - if (!ret) | |
506 | - ret = innetgr(m_pattern + 1, myname, NULL, domain); | |
507 | - } else if (*m_pattern == '.') { | |
508 | - size_t m_len = strlen(m_pattern); | |
509 | - char *has_dot = strchr(myname, '.'); | |
510 | - /* | |
511 | - * The pattern starts with a "." so it's a domain spec | |
512 | - * of some sort. | |
513 | - * | |
514 | - * If the host name contains a dot then it must be either | |
515 | - * a cannonical name or a simple NIS name.domain. So | |
516 | - * perform a string match. Otherwise, append the domain | |
517 | - * pattern to our simple name and try a wildcard pattern | |
518 | - * match against the interfaces. | |
519 | - */ | |
520 | - if (has_dot) { | |
521 | - if (strlen(has_dot) == m_len) | |
522 | - ret = !memcmp(has_dot, m_pattern, m_len); | |
523 | - } else { | |
524 | - char *w_pattern = alloca(m_len + 2); | |
525 | - if (w_pattern) { | |
526 | - strcpy(w_pattern, "*"); | |
527 | - strcat(w_pattern, m_pattern); | |
528 | - ret = fqdn_match(w_pattern); | |
529 | - } | |
530 | - } | |
531 | - } else if (!strcmp(m_pattern, "gss/krb5")) { | |
532 | - /* Leave this to the GSS layer */ | |
533 | - return 1; | |
534 | - } else { | |
535 | - /* | |
536 | - * Otherwise it's a network name or host name | |
537 | - */ | |
538 | - ret = match_network(m_pattern); | |
539 | - if (!ret) | |
540 | - /* if not then try to match host name */ | |
541 | - ret = string_match(myname, m_pattern); | |
542 | - } | |
543 | - | |
544 | - if (negate && ret) | |
545 | - ret = -1; | |
546 | - | |
547 | - return ret; | |
548 | -} | |
549 | - | |
550 | -static int rpc_export_allowed(groups grouplist) | |
551 | -{ | |
552 | - groups grp = grouplist; | |
553 | - | |
554 | - /* NULL group list => everyone */ | |
555 | - if (!grp) | |
556 | - return 1; | |
557 | - | |
558 | - while (grp) { | |
559 | - int allowed = host_match(grp->gr_name); | |
560 | - /* Explicitly denied access */ | |
561 | - if (allowed == -1) | |
562 | - return 0; | |
563 | - else if (allowed) | |
564 | - return 1; | |
565 | - grp = grp->gr_next; | |
566 | - } | |
567 | - return 0; | |
568 | -} | |
569 | - | |
570 | -exports rpc_exports_prune(exports list) | |
571 | -{ | |
572 | - exports head = list; | |
573 | - exports exp; | |
574 | - exports last; | |
575 | - int res; | |
576 | - | |
577 | - exp = list; | |
578 | - last = NULL; | |
579 | - while (exp) { | |
580 | - res = rpc_export_allowed(exp->ex_groups); | |
581 | - if (!res) { | |
582 | - if (last == NULL) { | |
583 | - head = exp->ex_next; | |
584 | - rpc_export_free(exp); | |
585 | - exp = head; | |
586 | - } else { | |
587 | - last->ex_next = exp->ex_next; | |
588 | - rpc_export_free(exp); | |
589 | - exp = last->ex_next; | |
590 | - } | |
591 | - continue; | |
592 | - } | |
593 | - last = exp; | |
594 | - exp = exp->ex_next; | |
595 | - } | |
596 | - return head; | |
597 | -} | |
598 | - | |
599 | exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option) | |
600 | { | |
601 | struct conn_info info; | |
602 | diff --git a/modules/lookup_hosts.c b/modules/lookup_hosts.c | |
603 | index 1f8fa15..d711611 100644 | |
604 | --- a/modules/lookup_hosts.c | |
605 | +++ b/modules/lookup_hosts.c | |
606 | @@ -45,7 +45,6 @@ struct lookup_context { | |
607 | int lookup_version = AUTOFS_LOOKUP_VERSION; /* Required by protocol */ | |
608 | ||
609 | exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option); | |
610 | -exports rpc_exports_prune(exports list); | |
611 | void rpc_exports_free(exports list); | |
612 | ||
613 | int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **context) | |
614 | @@ -207,9 +206,6 @@ done: | |
615 | ||
616 | exp = rpc_get_exports(name, 10, 0, RPC_CLOSE_NOLINGER); | |
617 | ||
618 | - /* Check exports for obvious ones we don't have access to */ | |
619 | - /*exp = rpc_exports_prune(exp);*/ | |
620 | - | |
621 | mapent = NULL; | |
622 | while (exp) { | |
623 | if (mapent) { |