diff -up autofs-5.0.1/modules/lookup_hosts.c.remove-unsed-export-validation-code autofs-5.0.1/modules/lookup_hosts.c --- autofs-5.0.1/modules/lookup_hosts.c.remove-unsed-export-validation-code 2007-10-18 21:42:17.000000000 +0800 +++ autofs-5.0.1/modules/lookup_hosts.c 2007-10-18 21:44:42.000000000 +0800 @@ -39,7 +39,6 @@ struct lookup_context { int lookup_version = AUTOFS_LOOKUP_VERSION; /* Required by protocol */ exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option); -exports rpc_exports_prune(exports list); void rpc_exports_free(exports list); int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **context) @@ -200,9 +199,6 @@ done: exp = rpc_get_exports(name, 10, 0, RPC_CLOSE_NOLINGER); - /* Check exports for obvious ones we don't have access to */ - /*exp = rpc_exports_prune(exp);*/ - mapent = NULL; while (exp) { if (mapent) { diff -up autofs-5.0.1/lib/rpc_subs.c.remove-unsed-export-validation-code autofs-5.0.1/lib/rpc_subs.c --- autofs-5.0.1/lib/rpc_subs.c.remove-unsed-export-validation-code 2007-10-18 21:42:17.000000000 +0800 +++ autofs-5.0.1/lib/rpc_subs.c 2007-10-18 21:48:12.000000000 +0800 @@ -45,8 +45,6 @@ #define MAX_IFC_BUF 1024 #define MAX_ERR_BUF 128 -static char *ypdomain = NULL; - /* * Create a UDP RPC client */ @@ -754,384 +752,6 @@ void rpc_exports_free(exports list) return; } -static int masked_match(const char *addr, const char *mask) -{ - char buf[MAX_IFC_BUF], *ptr; - struct sockaddr_in saddr; - struct sockaddr_in6 saddr6; - struct ifconf ifc; - struct ifreq *ifr; - int sock, cl_flags, ret, i, is_ipv4, is_ipv6; - unsigned int msize; - - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) { - char *estr = strerror_r(errno, buf, MAX_ERR_BUF); - error(LOGOPT_ANY, "socket creation failed: %s", estr); - return 0; - } - - if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) { - cl_flags |= FD_CLOEXEC; - fcntl(sock, F_SETFD, cl_flags); - } - - ifc.ifc_len = sizeof(buf); - ifc.ifc_req = (struct ifreq *) buf; - ret = ioctl(sock, SIOCGIFCONF, &ifc); - if (ret == -1) { - close(sock); - char *estr = strerror_r(errno, buf, MAX_ERR_BUF); - error(LOGOPT_ANY, "ioctl: %s", estr); - return 0; - } - - is_ipv4 = is_ipv6 = 0; - is_ipv4 = inet_pton(AF_INET, addr, &saddr.sin_addr); - if (!is_ipv4) - is_ipv6 = inet_pton(AF_INET6, addr, &saddr6.sin6_addr); - - if (strchr(mask, '.')) { - struct sockaddr_in maddr; - uint32_t ma; - int i = 0; - - ret = inet_aton(mask, &maddr.sin_addr); - if (!ret) { - close(sock); - return 0; - } - - ma = ntohl((uint32_t) maddr.sin_addr.s_addr); - while (!(ma & 1)) { - i++; - ma = ma >> 1; - } - - msize = i; - } else - msize = atoi(mask); - - i = 0; - ptr = (char *) &ifc.ifc_buf[0]; - - while (ptr < buf + ifc.ifc_len) { - ifr = (struct ifreq *) ptr; - - switch (ifr->ifr_addr.sa_family) { - case AF_INET: - { - struct sockaddr_in *if_addr; - uint32_t m, ia, ha; - - if (!is_ipv4 || msize > 32) - break; - - m = -1; - m = m << (32 - msize); - ha = ntohl((uint32_t) saddr.sin_addr.s_addr); - - if_addr = (struct sockaddr_in *) &ifr->ifr_addr; - ia = ntohl((uint32_t) if_addr->sin_addr.s_addr); - - if ((ia & m) == (ha & m)) { - close(sock); - return 1; - } - break; - } - - /* glibc rpc only understands IPv4 atm */ - case AF_INET6: - break; - - default: - break; - } - - i++; - ptr = (char *) &ifc.ifc_req[i]; - } - - close(sock); - return 0; -} - -/* - * This function has been adapted from the match_patern function - * found in OpenSSH and is used in accordance with the copyright - * notice found their. - * - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland. - */ -/* - * Returns true if the given string matches the pattern (which - * may contain ? and * as wildcards), and zero if it does not - * match. - */ -static int pattern_match(const char *s, const char *pattern) -{ - for (;;) { - /* If at end of pattern, accept if also at end of string. */ - if (!*pattern) - return !*s; - - if (*pattern == '*') { - /* Skip the asterisk. */ - pattern++; - - /* If at end of pattern, accept immediately. */ - if (!*pattern) - return 1; - - /* If next character in pattern is known, optimize. */ - if (*pattern != '?' && *pattern != '*') { - /* - * Look instances of the next character in - * pattern, and try to match starting from - * those. - */ - for (; *s; s++) - if (*s == *pattern && - pattern_match(s + 1, pattern + 1)) - return 1; - - /* Failed. */ - return 0; - } - /* - * Move ahead one character at a time and try to - * match at each position. - */ - for (; *s; s++) - if (pattern_match(s, pattern)) - return 1; - /* Failed. */ - return 0; - } - /* - * There must be at least one more character in the string. - * If we are at the end, fail. - */ - if (!*s) - return 0; - - /* Check if the next character of the string is acceptable. */ - if (*pattern != '?' && *pattern != *s) - return 0; - - /* Move to the next character, both in string and in pattern. */ - s++; - pattern++; - } - /* NOTREACHED */ -} - -static int name_match(const char *name, const char *pattern) -{ - int ret; - - if (strchr(pattern, '*') || strchr(pattern, '?')) - ret = pattern_match(name, pattern); - else { - ret = !memcmp(name, pattern, strlen(pattern)); - /* Name could still be a netgroup (Solaris) */ - if (!ret && ypdomain) - ret = innetgr(pattern, name, NULL, ypdomain); - } - - return ret; -} - -static int fqdn_match(const char *pattern) -{ - char buf[MAX_IFC_BUF], *ptr; - struct ifconf ifc; - struct ifreq *ifr; - int sock, cl_flags, ret, i; - char fqdn[NI_MAXHOST + 1]; - - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) { - char *estr = strerror_r(errno, buf, MAX_ERR_BUF); - error(LOGOPT_ANY, "socket creation failed: %s", estr); - return 0; - } - - if ((cl_flags = fcntl(sock, F_GETFD, 0)) != -1) { - cl_flags |= FD_CLOEXEC; - fcntl(sock, F_SETFD, cl_flags); - } - - ifc.ifc_len = sizeof(buf); - ifc.ifc_req = (struct ifreq *) buf; - ret = ioctl(sock, SIOCGIFCONF, &ifc); - if (ret == -1) { - close(sock); - char *estr = strerror_r(errno, buf, MAX_ERR_BUF); - error(LOGOPT_ANY, "ioctl: %s", estr); - return 0; - } - - i = 0; - ptr = (char *) &ifc.ifc_buf[0]; - - while (ptr < buf + ifc.ifc_len) { - ifr = (struct ifreq *) ptr; - - switch (ifr->ifr_addr.sa_family) { - case AF_INET: - { - socklen_t slen = sizeof(struct sockaddr); - - ret = getnameinfo(&ifr->ifr_addr, slen, fqdn, - NI_MAXHOST, NULL, 0, NI_NAMEREQD); - if (!ret) { - ret = name_match(fqdn, pattern); - if (ret) { - close(sock); - return 1; - } - } - break; - } - - /* glibc rpc only understands IPv4 atm */ - case AF_INET6: - break; - - default: - break; - } - - i++; - ptr = (char *) &ifc.ifc_req[i]; - } - - close(sock); - return 0; -} - -static int string_match(const char *myname, const char *pattern) -{ - struct addrinfo hints, *ni; - int ret; - - /* Try simple name match first */ - ret = name_match(myname, pattern); - if (ret) - goto done; - - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_CANONNAME; - hints.ai_family = 0; - hints.ai_socktype = 0; - - /* See if our canonical name matches */ - if (getaddrinfo(myname, NULL, &hints, &ni) == 0) { - ret = name_match(ni->ai_canonname, pattern); - freeaddrinfo(ni); - } else - warn(LOGOPT_ANY, "name lookup failed: %s", gai_strerror(ret)); - if (ret) - goto done; - - /* Lastly see if the name of an interfaces matches */ - ret = fqdn_match(pattern); -done: - return ret; -} - -static int host_match(char *pattern) -{ - unsigned int negate = (*pattern == '-'); - const char *m_pattern = (negate ? pattern + 1 : pattern); - char myname[MAXHOSTNAMELEN + 1] = "\0"; - struct in_addr tmp; - int ret = 0; - - if (gethostname(myname, MAXHOSTNAMELEN)) - return 0; - - if (yp_get_default_domain(&ypdomain)) - ypdomain = NULL; - - if (*m_pattern == '@') { - if (ypdomain) - ret = innetgr(m_pattern + 1, myname, NULL, ypdomain); - } else if (inet_aton(m_pattern, &tmp) || strchr(m_pattern, '/')) { - size_t len = strlen(m_pattern) + 1; - char *addr, *mask; - - addr = alloca(len); - if (!addr) - return 0; - - memset(addr, 0, len); - memcpy(addr, m_pattern, len - 1); - mask = strchr(addr, '/'); - if (mask) { - *mask++ = '\0'; - ret = masked_match(addr, mask); - } else - ret = masked_match(addr, "32"); - } else if (!strcmp(m_pattern, "gss/krb5")) { - /* Leave this to the GSS layer */ - ret = 1; - } else - ret = string_match(myname, m_pattern); - - if (negate) - ret = !ret; - - return ret; -} - -static int rpc_export_allowed(groups grouplist) -{ - groups grp = grouplist; - - /* NULL group list => everyone */ - if (!grp) - return 1; - - while (grp) { - if (host_match(grp->gr_name)) - return 1; - grp = grp->gr_next; - } - return 0; -} - -exports rpc_exports_prune(exports list) -{ - exports head = list; - exports exp; - exports last; - int res; - - exp = list; - last = NULL; - while (exp) { - res = rpc_export_allowed(exp->ex_groups); - if (!res) { - if (last == NULL) { - head = exp->ex_next; - rpc_export_free(exp); - exp = head; - } else { - last->ex_next = exp->ex_next; - rpc_export_free(exp); - exp = last->ex_next; - } - continue; - } - last = exp; - exp = exp->ex_next; - } - return head; -} - exports rpc_get_exports(const char *host, long seconds, long micros, unsigned int option) { struct conn_info info;