diff --git a/nfs-utils-1.1.4-tcpwrap-rulecheck.patch b/nfs-utils-1.1.4-tcpwrap-rulecheck.patch new file mode 100644 index 0000000..1a19cbf --- /dev/null +++ b/nfs-utils-1.1.4-tcpwrap-rulecheck.patch @@ -0,0 +1,100 @@ +commit 5f09a2bacb4bf0a906e2d19931568b91fb6c5088 +Author: Steve Dickson +Date: Tue Jan 20 06:16:56 2009 -0500 + + mountd: Don't do tcp wrapper check when there are no rules + + If there are no rules in either /etc/hosts.deny or + /etc/hosts.allow there is no need to do the host validation. + + Signed-off-by: Steve Dickson + +diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c +--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig 2009-01-07 12:56:07.000000000 -0500 ++++ nfs-utils-1.1.4/support/misc/tcpwrapper.c 2009-01-20 06:00:38.000000000 -0500 +@@ -34,6 +34,7 @@ + #ifdef HAVE_CONFIG_H + #include + #endif ++#include + #include + #include + #include +@@ -55,6 +56,8 @@ + #include + #endif + ++static int check_files(void); ++static int check_rules(void); + static void logit(int severity, struct sockaddr_in *addr, + u_long procnum, u_long prognum, char *text); + static void toggle_verboselog(int sig); +@@ -261,8 +264,40 @@ void check_startup(void) + (void) signal(SIGINT, toggle_verboselog); + } + +-/* check_files - check to see if either access files have changed */ ++/* ++ * check_rules - check to see if any entries exist in ++ * either hosts file. ++ */ ++int check_rules() ++{ ++ FILE *fp; ++ char buf[BUFSIZ]; ++ ++ if ((fp = fopen("/etc/hosts.allow", "r")) == NULL) ++ return 0; ++ ++ while (fgets(buf, BUFSIZ, fp) != NULL) { ++ if (buf[0] == '#') ++ continue; ++ fclose(fp); ++ return 1; ++ } ++ fclose(fp); ++ ++ if ((fp = fopen("/etc/hosts.deny", "r")) == NULL) ++ return 0; ++ ++ while (fgets(buf, BUFSIZ, fp) != NULL) { ++ if (buf[0] == '#') ++ continue; ++ fclose(fp); ++ return 1; ++ } ++ fclose(fp); ++ return 0; ++} + ++/* check_files - check to see if either access files have changed */ + int check_files() + { + static time_t allow_mtime, deny_mtime; +@@ -304,6 +339,13 @@ u_long prog; + if (acc && changed == 0) + return (acc->access); + ++ /* ++ * See if there are any rules to be applied, ++ * if not, no need to check the address ++ */ ++ if (check_rules() == 0) ++ goto done; ++ + if (!(from_local(addr) || good_client(daemon, addr))) { + log_bad_host(addr, proc, prog); + if (acc) +@@ -315,10 +357,12 @@ u_long prog; + if (verboselog) + log_client(addr, proc, prog); + ++done: + if (acc) + acc->access = TRUE; + else + haccess_add(addr, proc, prog, TRUE); ++ + return (TRUE); + } + diff --git a/nfs-utils.spec b/nfs-utils.spec index e9e6215..425986f 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.1.4 -Release: 6%{?dist} +Release: 7%{?dist} Epoch: 1 # group all 32bit related archs @@ -30,6 +30,7 @@ Patch04: nfs-utils-1.1.4-statd-unlink.patch Patch05: nfs-utils-1.1.4-tcpwrapper-update.patch Patch06: nfs-utils-1.1.4-tcpwrap-warn.patch Patch07: nfs-utils-1.1.4-gssd-verbosity.patch +Patch08: nfs-utils-1.1.4-tcpwrap-rulecheck.patch %if %{enablefscache} Patch90: nfs-utils-1.1.0-mount-fsc.patch @@ -88,6 +89,7 @@ This package also contains the mount.nfs and umount.nfs program. %patch05 -p1 %patch06 -p1 %patch07 -p1 +%patch08 -p1 %if %{enablefscache} %patch90 -p1 @@ -251,6 +253,9 @@ fi %attr(4755,root,root) /sbin/umount.nfs4 %changelog +* Tue Jan 20 2009 Steve Dickson 1.1.4-7 +- mountd: Don't do tcp wrapper check when there are no rules (bz 448898) + * Mon Jan 5 2009 Steve Dickson 1.1.4-6 - Added warnings to tcp wrapper code when mounts are denied due to misconfigured DNS configurations.