[packages/autofs.git] / autofs-5.0.2-remove-unsed-export-validation-code.patch

diff --git a/CHANGELOG b/CHANGELOG
index fe7ae00..ca171a4 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -34,6 +34,7 @@
 - fix lack of ferror() checking when reading files.
 - fix typo in autofs(5) man page.
 - fix map entry expansion when undefined macro is present.
+- remove unused export validation code.
 
 18/06/2007 autofs-5.0.2
 -----------------------
diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c
index 831d456..d79a94f 100644
--- a/lib/rpc_subs.c
+++ b/lib/rpc_subs.c
@@ -52,10 +52,7 @@
 /* Get numeric value of the n bits starting at position p */
 #define getbits(x, p, n)      ((x >> (p + 1 - n)) & ~(~0 << n))
 
-static char *domain = NULL;
-
 inline void dump_core(void);
-static pthread_mutex_t networks_mutex = PTHREAD_MUTEX_INITIALIZER;
 
 /*
  * Create a UDP RPC client
@@ -764,573 +761,6 @@ void rpc_exports_free(exports list)
 	return;
 }
 
-static int masked_match(const char *addr, const char *mask)
-{
-	char buf[MAX_IFC_BUF], *ptr;
-	struct sockaddr_in saddr;
-	struct sockaddr_in6 saddr6;
-	struct ifconf ifc;
-	struct ifreq *ifr;
-	int sock, cl_flags, ret, i, is_ipv4, is_ipv6;
-	unsigned int msize;
-
-	sock = socket(AF_INET, SOCK_DGRAM, 0);
-	if (sock < 0) {
-		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
-		error(LOGOPT_ANY, "socket creation failed: %s", estr);
-		return 0;
-	}
-
-	if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) {
-		cl_flags |= FD_CLOEXEC;
-		fcntl(sock, F_SETFD, cl_flags);
-	}
-
-	ifc.ifc_len = sizeof(buf);
-	ifc.ifc_req = (struct ifreq *) buf;
-	ret = ioctl(sock, SIOCGIFCONF, &ifc);
-	if (ret == -1) {
-		close(sock);
-		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
-		error(LOGOPT_ANY, "ioctl: %s", estr);
-		return 0;
-	}
-
-	is_ipv4 = is_ipv6 = 0;
-	is_ipv4 = inet_pton(AF_INET, addr, &saddr.sin_addr);
-	if (!is_ipv4)
-		is_ipv6 = inet_pton(AF_INET6, addr, &saddr6.sin6_addr);
-
-	if (strchr(mask, '.')) {
-		struct sockaddr_in maddr;
-		uint32_t ma;
-		int i = 0;
-
-		ret = inet_aton(mask, &maddr.sin_addr);
-		if (!ret) {
-			close(sock);
-			return 0;
-		}
-
-		ma = ntohl((uint32_t) maddr.sin_addr.s_addr);
-		while (!(ma & 1)) {
-			i++;
-			ma = ma >> 1;
-		}
-
-		msize = i;
-	} else
-		msize = atoi(mask);
-
-	i = 0;
-	ptr = (char *) &ifc.ifc_buf[0];
-
-	while (ptr < buf + ifc.ifc_len) {
-		ifr = (struct ifreq *) ptr;
-
-		switch (ifr->ifr_addr.sa_family) {
-		case AF_INET:
-		{
-			struct sockaddr_in *if_addr;
-			uint32_t m, ia, ha;
-
-			if (!is_ipv4 || msize > 32)
-				break;
-
-			m = -1;
-			m = m << (32 - msize);
-			ha = ntohl((uint32_t) saddr.sin_addr.s_addr);
-
-			if_addr = (struct sockaddr_in *) &ifr->ifr_addr;
-			ia = ntohl((uint32_t) if_addr->sin_addr.s_addr);
-
-			if ((ia & m) == (ha & m)) {
-				close(sock);
-				return 1;
-			}
-			break;
-		}
-
-		/* glibc rpc only understands IPv4 atm */
-		case AF_INET6:
-			break;
-
-		default:
-			break;
-		}
-
-		i++;
-		ptr = (char *) &ifc.ifc_req[i];
-	}
-
-	close(sock);
-	return 0;
-}
-
-/*
- * This function has been adapted from the match_patern function
- * found in OpenSSH and is used in accordance with the copyright
- * notice found their.
- *
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland.
- */
-/*
- * Returns true if the given string matches the pattern (which
- * may contain ? and * as wildcards), and zero if it does not
- * match.
- */
-static int pattern_match(const char *s, const char *pattern)
-{
-	for (;;) {
-		/* If at end of pattern, accept if also at end of string. */
-		if (!*pattern)
-			return !*s;
-
-		if (*pattern == '*') {
-			/* Skip the asterisk. */
-			pattern++;
-
-			/* If at end of pattern, accept immediately. */
-			if (!*pattern)
-				return 1;
-
-			/* If next character in pattern is known, optimize. */
-			if (*pattern != '?' && *pattern != '*') {
-				/*
-				 * Look instances of the next character in
-				 * pattern, and try to match starting from
-				 * those.
-				 */
-				for (; *s; s++)
-					if (*s == *pattern &&
-					    pattern_match(s + 1, pattern + 1))
-						return 1;
-
-				/* Failed. */
-				return 0;
-			}
-			/*
-			 * Move ahead one character at a time and try to
-			 * match at each position.
-			 */
-			for (; *s; s++)
-				if (pattern_match(s, pattern))
-					return 1;
-			/* Failed. */
-			return 0;
-		}
-		/*
-		 * There must be at least one more character in the string.
-		 * If we are at the end, fail.
-		 */
-		if (!*s)
-			return 0;
-
-		/* Check if the next character of the string is acceptable. */
-		if (*pattern != '?' && *pattern != *s)
-			return 0;
-
-		/* Move to the next character, both in string and in pattern. */
-		s++;
-		pattern++;
-	}
-	/* NOTREACHED */
-}
-
-static int name_match(const char *name, const char *pattern)
-{
-	int ret;
-
-	if (strchr(pattern, '*') || strchr(pattern, '?'))
-		ret = pattern_match(name, pattern);
-	else {
-		ret = !memcmp(name, pattern, strlen(pattern));
-		/* Name could still be a netgroup (Solaris) */
-		if (!ret)
-			ret = innetgr(pattern, name, NULL, domain);
-	}
-
-	return ret;
-}
-
-static int fqdn_match(const char *pattern)
-{
-	char buf[MAX_IFC_BUF], *ptr;
-	struct ifconf ifc;
-	struct ifreq *ifr;
-	int sock, cl_flags, ret, i;
-	char fqdn[NI_MAXHOST + 1];
-
-	sock = socket(AF_INET, SOCK_DGRAM, 0);
-	if (sock < 0) {
-		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
-		error(LOGOPT_ANY, "socket creation failed: %s", estr);
-		return 0;
-	}
-
-	if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) {
-		cl_flags |= FD_CLOEXEC;
-		fcntl(sock, F_SETFD, cl_flags);
-	}
-
-	ifc.ifc_len = sizeof(buf);
-	ifc.ifc_req = (struct ifreq *) buf;
-	ret = ioctl(sock, SIOCGIFCONF, &ifc);
-	if (ret == -1) {
-		close(sock);
-		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
-		error(LOGOPT_ANY, "ioctl: %s", estr);
-		return 0;
-	}
-
-	i = 0;
-	ptr = (char *) &ifc.ifc_buf[0];
-
-	while (ptr < buf + ifc.ifc_len) {
-		ifr = (struct ifreq *) ptr;
-
-		switch (ifr->ifr_addr.sa_family) {
-		case AF_INET:
-		{
-			socklen_t slen = sizeof(struct sockaddr);
-
-			ret = getnameinfo(&ifr->ifr_addr, slen, fqdn,
-					  NI_MAXHOST, NULL, 0, NI_NAMEREQD);
-			if (!ret) {
-				ret = name_match(fqdn, pattern);
-				if (ret) {
-					close(sock);
-					return 1;
-				}
-			}
-			break;
-		}
-
-		/* glibc rpc only understands IPv4 atm */
-		case AF_INET6:
-			break;
-
-		default:
-			break;
-		}
-
-		i++;
-		ptr = (char *) &ifc.ifc_req[i];
-	}
-
-	close(sock);
-	return 0;
-}
-
-static int string_match(const char *myname, const char *pattern)
-{
-	struct addrinfo hints, *ni;
-	int ret;
-
-	/* Try simple name match first */
-	ret = name_match(myname, pattern);
-	if (ret)
-		goto done;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	hints.ai_family = 0;
-	hints.ai_socktype = 0;
-
-	/* See if our canonical name matches */
-	if (getaddrinfo(myname, NULL, &hints, &ni) == 0) {
-		ret = name_match(ni->ai_canonname, pattern);
-		freeaddrinfo(ni);
-	} else
-		warn(LOGOPT_ANY, "name lookup failed: %s", gai_strerror(ret));
-	if (ret)
-		goto done;
-
-	/* Lastly see if the name of an interfaces matches */
-	ret = fqdn_match(pattern);
-done:
-	return ret;
-}
-
-static unsigned int inet_get_net_len(uint32_t net)
-{
-	int i;
-
-	for (i = 0; i < 32; i += 8) {
-		if (getbits(net, i + 7, 8))
-			break;
-	}
-
-	return (unsigned int) 32 - i;
-}
-
-static char *inet_fill_net(const char *net_num, char *net)
-{
-	char *np;
-	unsigned int dots = 3;
-
-	if (strlen(net_num) > INET_ADDRSTRLEN)
-		return NULL;
-
-	if (!isdigit(*net_num))
-		return NULL;
-
-	*net = '\0';
-	strcpy(net, net_num);
-
-	np = net;
-	while (*np++) {
-		if (*np == '.') {
-			np++;
-			dots--;
-			if (!*np && dots)
-				strcat(net, "0");
-			continue;
-		}
-
-		if ((*np && !isdigit(*np)) || dots < 0) {
-			*net = '\0';
-			return NULL;
-		}
-	}
-
-	while (dots--)
-		strcat(net, ".0");
-
-	return net;
-}
-
-static int match_network(const char *network)
-{
-	struct netent *pnent, nent;
-	const char *pcnet;
-	char *net, cnet[MAX_NETWORK_LEN], mask[4], *pmask;
-	unsigned int size;
-	size_t l_network = strlen(network) + 1;
-	int status;
-
-	if (l_network > MAX_NETWORK_LEN) {
-		error(LOGOPT_ANY,
-		      "match string \"%s\" too long", network);
-		return 0;
-	}
-
-	net = alloca(l_network);
-	if (!net)
-		return 0;
-	memset(net, 0, l_network);
-	strcpy(net, network);
-
-	if ((pmask = strchr(net, '/')))
-		*pmask++ = '\0';
-
-	status = pthread_mutex_lock(&networks_mutex);
-	if (status)
-		fatal(status);
-
-	pnent = getnetbyname(net);
-	if (pnent)
-		memcpy(&nent, pnent, sizeof(struct netent));
-
-	status = pthread_mutex_unlock(&networks_mutex);
-	if (status)
-		fatal(status);
-
-	if (pnent) {
-		uint32_t n_net;
-
-		switch (nent.n_addrtype) {
-		case AF_INET:
-			n_net = ntohl(nent.n_net);
-			pcnet = inet_ntop(AF_INET, &n_net, cnet, INET_ADDRSTRLEN);
-			if (!pcnet)
-				return 0;
-
-			if (!pmask) {
-				size = inet_get_net_len(nent.n_net);
-				if (!size)
-					return 0;
-			}
-			break;
-
-		case AF_INET6:
-			return 0;
-
-		default:
-			return 0;
-		}
-	} else {
-		int ret;
-
-		if (strchr(net, ':')) {
-			return 0;
-		} else {
-			struct in_addr addr;
-
-			pcnet = inet_fill_net(net, cnet);
-			if (!pcnet)
-				return 0;
-
-			ret = inet_pton(AF_INET, pcnet, &addr);
-			if (ret <= 0)
-				return 0;
-
-			if (!pmask) {
-				uint32_t nl_addr = htonl(addr.s_addr);
-				size = inet_get_net_len(nl_addr);
-				if (!size)
-					return 0;
-			}
-		}
-	}
-
-	if (!pmask) {
-		if (sprintf(mask, "%u", size) <= 0)
-			return 0;
-		pmask = mask;
-	}
-
-	debug(LOGOPT_ANY, "pcnet %s pmask %s", pcnet, pmask);
-
-	return masked_match(pcnet, pmask);
-}
-
-/*
- * Two export formats need to be understood to cater for different
- * NFS server exports.
- *
- * (host|wildcard|network[/mask]|@netgroup)
- *
- *     A host name which can be cannonical.
- *     A wildcard host name containing "*" and "?" with the usual meaning.
- *     A network in numbers and dots form with optional mask given as
- *     either a length or as numbers and dots.
- *     A netgroup identified by the prefix "@".
- *
- * [-](host|domain suffix|netgroup|@network[/mask])
- *
- *     A host name which can be cannonical.
- *     A domain suffix identified by a leading "." which will match all
- *     hosts in the given domain.
- *     A netgroup.
- *     A network identified by the prefix "@" given in numbers and dots
- *     form or as a network name with optional mask given as either a
- *     length or as numbers and dots.
- *     A "-" prefix can be appended to indicate access is denied.
- */
-static int host_match(char *pattern)
-{
-	unsigned int negate = (*pattern == '-');
-	const char *m_pattern = (negate ? pattern + 1 : pattern);
-	char myname[MAXHOSTNAMELEN + 1] = "\0";
-	int ret = 0;
-
-	if (gethostname(myname, MAXHOSTNAMELEN))
-		return 0;
-
-	if (yp_get_default_domain(&domain))
-		domain = NULL;
-
-	if (*m_pattern == '@') {
-		/*
-		 * The pattern begins with an "@" so it's a network
-		 * spec or it's a netgroup.
-		 */
-		ret = match_network(m_pattern + 1);
-		if (!ret)
-			ret = innetgr(m_pattern + 1, myname, NULL, domain);
-	} else if (*m_pattern == '.') {
-		size_t m_len = strlen(m_pattern);
-		char *has_dot = strchr(myname, '.');
-		/*
-		 * The pattern starts with a "." so it's a domain spec
-		 * of some sort.
-		 *
-		 * If the host name contains a dot then it must be either
-		 * a cannonical name or a simple NIS name.domain. So
-		 * perform a string match. Otherwise, append the domain
-		 * pattern to our simple name and try a wildcard pattern
-		 * match against the interfaces.
-		 */
-		if (has_dot) {
-			if (strlen(has_dot) == m_len)
-				ret = !memcmp(has_dot, m_pattern, m_len);
-		} else {
-			char *w_pattern = alloca(m_len + 2);
-			if (w_pattern) {
-				strcpy(w_pattern, "*");
-				strcat(w_pattern, m_pattern);
-				ret = fqdn_match(w_pattern);
-			}
-		}
-	} else if (!strcmp(m_pattern, "gss/krb5")) {
-		/* Leave this to the GSS layer */
-		return 1;
-	} else {
-		/*
-		 * Otherwise it's a network name or host name 
-		 */
-		ret = match_network(m_pattern);
-		if (!ret)
-			/* if not then try to match host name */
-			ret = string_match(myname, m_pattern);
-	}
-
-	if (negate && ret)
-		ret = -1;
-
-	return ret;
-}
-
-static int rpc_export_allowed(groups grouplist)
-{
-	groups grp = grouplist;
-
-	/* NULL group list => everyone */
-	if (!grp)
-		return 1;
-
-	while (grp) {
-		int allowed = host_match(grp->gr_name);
-		/* Explicitly denied access */
-		if (allowed == -1)
-			return 0;
-		else if (allowed)
-			return 1;
-		grp = grp->gr_next;
-	}
-	return 0;
-}
-
-exports rpc_exports_prune(exports list)
-{
-	exports head = list;
-	exports exp;
-	exports last;
-	int res;
-
-	exp = list;
-	last = NULL;
-	while (exp) {
-		res = rpc_export_allowed(exp->ex_groups);
-		if (!res) {
-			if (last == NULL) {
-				head = exp->ex_next;
-				rpc_export_free(exp);
-				exp = head;
-			} else {
-				last->ex_next = exp->ex_next;
-				rpc_export_free(exp);
-				exp = last->ex_next;
-			}
-			continue;
-		}
-		last = exp;
-		exp = exp->ex_next;
-	}
-	return head;
-}
-
 exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option)
 {
 	struct conn_info info;
diff --git a/modules/lookup_hosts.c b/modules/lookup_hosts.c
index 1f8fa15..d711611 100644
--- a/modules/lookup_hosts.c
+++ b/modules/lookup_hosts.c
@@ -45,7 +45,6 @@ struct lookup_context {
 int lookup_version = AUTOFS_LOOKUP_VERSION;	/* Required by protocol */
 
 exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option);
-exports rpc_exports_prune(exports list);
 void rpc_exports_free(exports list);
 
 int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **context)
@@ -207,9 +206,6 @@ done:
 
 	exp = rpc_get_exports(name, 10, 0, RPC_CLOSE_NOLINGER);
 
-	/* Check exports for obvious ones we don't have access to */
-	/*exp = rpc_exports_prune(exp);*/
-
 	mapent = NULL;
 	while (exp) {
 		if (mapent) {
Commit	Line	Data
3d551623 PG	1	diff --git a/CHANGELOG b/CHANGELOG
	2	index fe7ae00..ca171a4 100644
	3	--- a/CHANGELOG
	4	+++ b/CHANGELOG
	5	@@ -34,6 +34,7 @@
	6	- fix lack of ferror() checking when reading files.
	7	- fix typo in autofs(5) man page.
	8	- fix map entry expansion when undefined macro is present.
	9	+- remove unused export validation code.
	10
	11	18/06/2007 autofs-5.0.2
	12	-----------------------
	13	diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c
	14	index 831d456..d79a94f 100644
	15	--- a/lib/rpc_subs.c
	16	+++ b/lib/rpc_subs.c
	17	@@ -52,10 +52,7 @@
	18	/* Get numeric value of the n bits starting at position p */
	19	#define getbits(x, p, n) ((x >> (p + 1 - n)) & ~(~0 << n))
	20
	21	-static char *domain = NULL;
	22	-
	23	inline void dump_core(void);
	24	-static pthread_mutex_t networks_mutex = PTHREAD_MUTEX_INITIALIZER;
	25
	26	/*
	27	* Create a UDP RPC client
	28	@@ -764,573 +761,6 @@ void rpc_exports_free(exports list)
	29	return;
	30	}
	31
	32	-static int masked_match(const char addr, const char mask)
	33	-{
	34	- char buf[MAX_IFC_BUF], *ptr;
	35	- struct sockaddr_in saddr;
	36	- struct sockaddr_in6 saddr6;
	37	- struct ifconf ifc;
	38	- struct ifreq *ifr;
	39	- int sock, cl_flags, ret, i, is_ipv4, is_ipv6;
	40	- unsigned int msize;
	41	-
	42	- sock = socket(AF_INET, SOCK_DGRAM, 0);
	43	- if (sock < 0) {
	44	- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
	45	- error(LOGOPT_ANY, "socket creation failed: %s", estr);
	46	- return 0;
	47	- }
	48	-
	49	- if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) {
	50	- cl_flags \|= FD_CLOEXEC;
	51	- fcntl(sock, F_SETFD, cl_flags);
	52	- }
	53	-
	54	- ifc.ifc_len = sizeof(buf);
	55	- ifc.ifc_req = (struct ifreq *) buf;
	56	- ret = ioctl(sock, SIOCGIFCONF, &ifc);
	57	- if (ret == -1) {
	58	- close(sock);
	59	- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
	60	- error(LOGOPT_ANY, "ioctl: %s", estr);
	61	- return 0;
	62	- }
	63	-
	64	- is_ipv4 = is_ipv6 = 0;
65	- is_ipv4 = inet_pton(AF_INET, addr, &saddr.sin_addr);
66	- if (!is_ipv4)
67	- is_ipv6 = inet_pton(AF_INET6, addr, &saddr6.sin6_addr);
68	-
69	- if (strchr(mask, '.')) {
70	- struct sockaddr_in maddr;
71	- uint32_t ma;
72	- int i = 0;
73	-
74	- ret = inet_aton(mask, &maddr.sin_addr);
75	- if (!ret) {
76	- close(sock);
77	- return 0;
78	- }
79	-
80	- ma = ntohl((uint32_t) maddr.sin_addr.s_addr);
81	- while (!(ma & 1)) {
82	- i++;
83	- ma = ma >> 1;
84	- }
85	-
86	- msize = i;
87	- } else
88	- msize = atoi(mask);
89	-
90	- i = 0;
91	- ptr = (char *) &ifc.ifc_buf[0];
92	-
93	- while (ptr < buf + ifc.ifc_len) {
94	- ifr = (struct ifreq *) ptr;
95	-
96	- switch (ifr->ifr_addr.sa_family) {
97	- case AF_INET:
98	- {
99	- struct sockaddr_in *if_addr;
100	- uint32_t m, ia, ha;
101	-
102	- if (!is_ipv4 \|\| msize > 32)
103	- break;
104	-
105	- m = -1;
106	- m = m << (32 - msize);
107	- ha = ntohl((uint32_t) saddr.sin_addr.s_addr);
108	-
109	- if_addr = (struct sockaddr_in *) &ifr->ifr_addr;
110	- ia = ntohl((uint32_t) if_addr->sin_addr.s_addr);
111	-
112	- if ((ia & m) == (ha & m)) {
113	- close(sock);
114	- return 1;
115	- }
116	- break;
117	- }
118	-
119	- /* glibc rpc only understands IPv4 atm */
120	- case AF_INET6:
121	- break;
122	-
123	- default:
124	- break;
125	- }
126	-
127	- i++;
128	- ptr = (char *) &ifc.ifc_req[i];
129	- }
130	-
131	- close(sock);
132	- return 0;
133	-}
134	-
135	-/*
136	- * This function has been adapted from the match_patern function
137	- * found in OpenSSH and is used in accordance with the copyright
138	- * notice found their.
139	- *
140	- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland.
141	- */
142	-/*
143	- * Returns true if the given string matches the pattern (which
144	- * may contain ? and * as wildcards), and zero if it does not
145	- * match.
146	- */
147	-static int pattern_match(const char s, const char pattern)
148	-{
149	- for (;;) {
150	- /* If at end of pattern, accept if also at end of string. */
151	- if (!*pattern)
152	- return !*s;
153	-
154	- if (pattern == '') {
155	- /* Skip the asterisk. */
156	- pattern++;
157	-
158	- /* If at end of pattern, accept immediately. */
159	- if (!*pattern)
160	- return 1;
161	-
162	- /* If next character in pattern is known, optimize. */
163	- if (pattern != '?' && pattern != '*') {
164	- /*
165	- * Look instances of the next character in
166	- * pattern, and try to match starting from
167	- * those.
168	- */
169	- for (; *s; s++)
170	- if (s == pattern &&
171	- pattern_match(s + 1, pattern + 1))
172	- return 1;
173	-
174	- /* Failed. */
175	- return 0;
176	- }
177	- /*
178	- * Move ahead one character at a time and try to
179	- * match at each position.
180	- */
181	- for (; *s; s++)
182	- if (pattern_match(s, pattern))
183	- return 1;
184	- /* Failed. */
185	- return 0;
186	- }
187	- /*
188	- * There must be at least one more character in the string.
189	- * If we are at the end, fail.
190	- */
191	- if (!*s)
192	- return 0;
193	-
194	- /* Check if the next character of the string is acceptable. */
195	- if (pattern != '?' && pattern != *s)
196	- return 0;
197	-
198	- /* Move to the next character, both in string and in pattern. */
199	- s++;
200	- pattern++;
201	- }
202	- /* NOTREACHED */
203	-}
204	-
205	-static int name_match(const char name, const char pattern)
206	-{
207	- int ret;
208	-
209	- if (strchr(pattern, '*') \|\| strchr(pattern, '?'))
210	- ret = pattern_match(name, pattern);
211	- else {
212	- ret = !memcmp(name, pattern, strlen(pattern));
213	- /* Name could still be a netgroup (Solaris) */
214	- if (!ret)
215	- ret = innetgr(pattern, name, NULL, domain);
216	- }
217	-
218	- return ret;
219	-}
220	-
221	-static int fqdn_match(const char *pattern)
222	-{
223	- char buf[MAX_IFC_BUF], *ptr;
224	- struct ifconf ifc;
225	- struct ifreq *ifr;
226	- int sock, cl_flags, ret, i;
227	- char fqdn[NI_MAXHOST + 1];
228	-
229	- sock = socket(AF_INET, SOCK_DGRAM, 0);
230	- if (sock < 0) {
231	- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
232	- error(LOGOPT_ANY, "socket creation failed: %s", estr);
233	- return 0;
234	- }
235	-
236	- if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) {
237	- cl_flags \|= FD_CLOEXEC;
238	- fcntl(sock, F_SETFD, cl_flags);
239	- }
240	-
241	- ifc.ifc_len = sizeof(buf);
242	- ifc.ifc_req = (struct ifreq *) buf;
243	- ret = ioctl(sock, SIOCGIFCONF, &ifc);
244	- if (ret == -1) {
245	- close(sock);
246	- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
247	- error(LOGOPT_ANY, "ioctl: %s", estr);
248	- return 0;
249	- }
250	-
251	- i = 0;
252	- ptr = (char *) &ifc.ifc_buf[0];
253	-
254	- while (ptr < buf + ifc.ifc_len) {
255	- ifr = (struct ifreq *) ptr;
256	-
257	- switch (ifr->ifr_addr.sa_family) {
258	- case AF_INET:
259	- {
260	- socklen_t slen = sizeof(struct sockaddr);
261	-
262	- ret = getnameinfo(&ifr->ifr_addr, slen, fqdn,
263	- NI_MAXHOST, NULL, 0, NI_NAMEREQD);
264	- if (!ret) {
265	- ret = name_match(fqdn, pattern);
266	- if (ret) {
267	- close(sock);
268	- return 1;
269	- }
270	- }
271	- break;
272	- }
273	-
274	- /* glibc rpc only understands IPv4 atm */
275	- case AF_INET6:
276	- break;
277	-
278	- default:
279	- break;
280	- }
281	-
282	- i++;
283	- ptr = (char *) &ifc.ifc_req[i];
284	- }
285	-
286	- close(sock);
287	- return 0;
288	-}
289	-
290	-static int string_match(const char myname, const char pattern)
291	-{
292	- struct addrinfo hints, *ni;
293	- int ret;
294	-
295	- /* Try simple name match first */
296	- ret = name_match(myname, pattern);
297	- if (ret)
298	- goto done;
299	-
300	- memset(&hints, 0, sizeof(hints));
301	- hints.ai_flags = AI_CANONNAME;
302	- hints.ai_family = 0;
303	- hints.ai_socktype = 0;
304	-
305	- /* See if our canonical name matches */
306	- if (getaddrinfo(myname, NULL, &hints, &ni) == 0) {
307	- ret = name_match(ni->ai_canonname, pattern);
308	- freeaddrinfo(ni);
309	- } else
310	- warn(LOGOPT_ANY, "name lookup failed: %s", gai_strerror(ret));
311	- if (ret)
312	- goto done;
313	-
314	- /* Lastly see if the name of an interfaces matches */
315	- ret = fqdn_match(pattern);
316	-done:
317	- return ret;
318	-}
319	-
320	-static unsigned int inet_get_net_len(uint32_t net)
321	-{
322	- int i;
323	-
324	- for (i = 0; i < 32; i += 8) {
325	- if (getbits(net, i + 7, 8))
326	- break;
327	- }
328	-
329	- return (unsigned int) 32 - i;
330	-}
331	-
332	-static char inet_fill_net(const char net_num, char *net)
333	-{
334	- char *np;
335	- unsigned int dots = 3;
336	-
337	- if (strlen(net_num) > INET_ADDRSTRLEN)
338	- return NULL;
339	-
340	- if (!isdigit(*net_num))
341	- return NULL;
342	-
343	- *net = '\0';
344	- strcpy(net, net_num);
345	-
346	- np = net;
347	- while (*np++) {
348	- if (*np == '.') {
349	- np++;
350	- dots--;
351	- if (!*np && dots)
352	- strcat(net, "0");
353	- continue;
354	- }
355	-
356	- if ((np && !isdigit(np)) \|\| dots < 0) {
357	- *net = '\0';
358	- return NULL;
359	- }
360	- }
361	-
362	- while (dots--)
363	- strcat(net, ".0");
364	-
365	- return net;
366	-}
367	-
368	-static int match_network(const char *network)
369	-{
370	- struct netent *pnent, nent;
371	- const char *pcnet;
372	- char net, cnet[MAX_NETWORK_LEN], mask[4], pmask;
373	- unsigned int size;
374	- size_t l_network = strlen(network) + 1;
375	- int status;
376	-
377	- if (l_network > MAX_NETWORK_LEN) {
378	- error(LOGOPT_ANY,
379	- "match string \"%s\" too long", network);
380	- return 0;
381	- }
382	-
383	- net = alloca(l_network);
384	- if (!net)
385	- return 0;
386	- memset(net, 0, l_network);
387	- strcpy(net, network);
388	-
389	- if ((pmask = strchr(net, '/')))
390	- *pmask++ = '\0';
391	-
392	- status = pthread_mutex_lock(&networks_mutex);
393	- if (status)
394	- fatal(status);
395	-
396	- pnent = getnetbyname(net);
397	- if (pnent)
398	- memcpy(&nent, pnent, sizeof(struct netent));
399	-
400	- status = pthread_mutex_unlock(&networks_mutex);
401	- if (status)
402	- fatal(status);
403	-
404	- if (pnent) {
405	- uint32_t n_net;
406	-
407	- switch (nent.n_addrtype) {
408	- case AF_INET:
409	- n_net = ntohl(nent.n_net);
410	- pcnet = inet_ntop(AF_INET, &n_net, cnet, INET_ADDRSTRLEN);
411	- if (!pcnet)
412	- return 0;
413	-
414	- if (!pmask) {
415	- size = inet_get_net_len(nent.n_net);
416	- if (!size)
417	- return 0;
418	- }
419	- break;
420	-
421	- case AF_INET6:
422	- return 0;
423	-
424	- default:
425	- return 0;
426	- }
427	- } else {
428	- int ret;
429	-
430	- if (strchr(net, ':')) {
431	- return 0;
432	- } else {
433	- struct in_addr addr;
434	-
435	- pcnet = inet_fill_net(net, cnet);
436	- if (!pcnet)
437	- return 0;
438	-
439	- ret = inet_pton(AF_INET, pcnet, &addr);
440	- if (ret <= 0)
441	- return 0;
442	-
443	- if (!pmask) {
444	- uint32_t nl_addr = htonl(addr.s_addr);
445	- size = inet_get_net_len(nl_addr);
446	- if (!size)
447	- return 0;
448	- }
449	- }
450	- }
451	-
452	- if (!pmask) {
453	- if (sprintf(mask, "%u", size) <= 0)
454	- return 0;
455	- pmask = mask;
456	- }
457	-
458	- debug(LOGOPT_ANY, "pcnet %s pmask %s", pcnet, pmask);
459	-
460	- return masked_match(pcnet, pmask);
461	-}
462	-
463	-/*
464	- * Two export formats need to be understood to cater for different
465	- * NFS server exports.
466	- *
467	- * (host\|wildcard\|network[/mask]\|@netgroup)
468	- *
469	- * A host name which can be cannonical.
470	- * A wildcard host name containing "*" and "?" with the usual meaning.
471	- * A network in numbers and dots form with optional mask given as
472	- * either a length or as numbers and dots.
473	- * A netgroup identified by the prefix "@".
474	- *
475	- * [-](host\|domain suffix\|netgroup\|@network[/mask])
476	- *
477	- * A host name which can be cannonical.
478	- * A domain suffix identified by a leading "." which will match all
479	- * hosts in the given domain.
480	- * A netgroup.
481	- * A network identified by the prefix "@" given in numbers and dots
482	- * form or as a network name with optional mask given as either a
483	- * length or as numbers and dots.
484	- * A "-" prefix can be appended to indicate access is denied.
485	- */
486	-static int host_match(char *pattern)
487	-{
488	- unsigned int negate = (*pattern == '-');
489	- const char *m_pattern = (negate ? pattern + 1 : pattern);
490	- char myname[MAXHOSTNAMELEN + 1] = "\0";
491	- int ret = 0;
492	-
493	- if (gethostname(myname, MAXHOSTNAMELEN))
494	- return 0;
495	-
496	- if (yp_get_default_domain(&domain))
497	- domain = NULL;
498	-
499	- if (*m_pattern == '@') {
500	- /*
501	- * The pattern begins with an "@" so it's a network
502	- * spec or it's a netgroup.
503	- */
504	- ret = match_network(m_pattern + 1);
505	- if (!ret)
506	- ret = innetgr(m_pattern + 1, myname, NULL, domain);
507	- } else if (*m_pattern == '.') {
508	- size_t m_len = strlen(m_pattern);
509	- char *has_dot = strchr(myname, '.');
510	- /*
511	- * The pattern starts with a "." so it's a domain spec
512	- * of some sort.
513	- *
514	- * If the host name contains a dot then it must be either
515	- * a cannonical name or a simple NIS name.domain. So
516	- * perform a string match. Otherwise, append the domain
517	- * pattern to our simple name and try a wildcard pattern
518	- * match against the interfaces.
519	- */
520	- if (has_dot) {
521	- if (strlen(has_dot) == m_len)
522	- ret = !memcmp(has_dot, m_pattern, m_len);
523	- } else {
524	- char *w_pattern = alloca(m_len + 2);
525	- if (w_pattern) {
526	- strcpy(w_pattern, "*");
527	- strcat(w_pattern, m_pattern);
528	- ret = fqdn_match(w_pattern);
529	- }
530	- }
531	- } else if (!strcmp(m_pattern, "gss/krb5")) {
532	- /* Leave this to the GSS layer */
533	- return 1;
534	- } else {
535	- /*
536	- * Otherwise it's a network name or host name
537	- */
538	- ret = match_network(m_pattern);
539	- if (!ret)
540	- /* if not then try to match host name */
541	- ret = string_match(myname, m_pattern);
542	- }
543	-
544	- if (negate && ret)
545	- ret = -1;
546	-
547	- return ret;
548	-}
549	-
550	-static int rpc_export_allowed(groups grouplist)
551	-{
552	- groups grp = grouplist;
553	-
554	- /* NULL group list => everyone */
555	- if (!grp)
556	- return 1;
557	-
558	- while (grp) {
559	- int allowed = host_match(grp->gr_name);
560	- /* Explicitly denied access */
561	- if (allowed == -1)
562	- return 0;
563	- else if (allowed)
564	- return 1;
565	- grp = grp->gr_next;
566	- }
567	- return 0;
568	-}
569	-
570	-exports rpc_exports_prune(exports list)
571	-{
572	- exports head = list;
573	- exports exp;
574	- exports last;
575	- int res;
576	-
577	- exp = list;
578	- last = NULL;
579	- while (exp) {
580	- res = rpc_export_allowed(exp->ex_groups);
581	- if (!res) {
582	- if (last == NULL) {
583	- head = exp->ex_next;
584	- rpc_export_free(exp);
585	- exp = head;
586	- } else {
587	- last->ex_next = exp->ex_next;
588	- rpc_export_free(exp);
589	- exp = last->ex_next;
590	- }
591	- continue;
592	- }
593	- last = exp;
594	- exp = exp->ex_next;
595	- }
596	- return head;
597	-}
598	-
599	exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option)
600	{
601	struct conn_info info;
602	diff --git a/modules/lookup_hosts.c b/modules/lookup_hosts.c
603	index 1f8fa15..d711611 100644
604	--- a/modules/lookup_hosts.c
605	+++ b/modules/lookup_hosts.c
606	@@ -45,7 +45,6 @@ struct lookup_context {
607	int lookup_version = AUTOFS_LOOKUP_VERSION; /* Required by protocol */
608
609	exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option);
610	-exports rpc_exports_prune(exports list);
611	void rpc_exports_free(exports list);
612
613	int lookup_init(const char mapfmt, int argc, const char const argv, void *context)
614	@@ -207,9 +206,6 @@ done:
615
616	exp = rpc_get_exports(name, 10, 0, RPC_CLOSE_NOLINGER);
617
618	- /* Check exports for obvious ones we don't have access to */
619	- /exp = rpc_exports_prune(exp);/
620	-
621	mapent = NULL;
622	while (exp) {
623	if (mapent) {