On Dec 18, 2008, at Dec 18, 2008, 2:59 PM, Steve Dickson wrote:
Chuck Lever wrote:
A general comment: This code will need support for IPv6 addresses.
Until it has it, perhaps we should add some logic to configure.ac
that
prevents the use of tcpwrappers when --enable-ipv6 is in effect.
The following patch does address this concern....
comments?
steved.
commit 5526bb225c745d169c070d392402fc1a569f1d15
Author: Steve Dickson <steved@xxxxxxxxxx>
Date: Thu Dec 18 14:57:52 2008 -0500
Skip the host access check when IPv6 is enabled and its an IPv6
address.
Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
diff --git a/utils/mountd/mount_dispatch.c b/utils/mountd/
mount_dispatch.c
index f00c0c5..8aa1955 100644
--- a/utils/mountd/mount_dispatch.c
+++ b/utils/mountd/mount_dispatch.c
@@ -12,6 +12,8 @@
#include "tcpwrapper.h"
#endif
+#include <sys/syslog.h>
+
#include "mountd.h"
#include "rpcmisc.h"
@@ -72,12 +74,29 @@ mount_dispatch(struct svc_req *rqstp, SVCXPRT
*transp)
union mountd_results result;
#ifdef HAVE_TCP_WRAPPER
+#ifdef IPV6_SUPPORTED
+ static int once = 0;
+
+ if (svc_getcaller(transp)->sin_family != AF_INET) {
It's not clear to me that svc_getcaller() will ever return a non-
AF_INET address.
Should we use svc_getcaller_netbuf() here instead?
+ if (!once) {
+ syslog(LOG_WARNING,
+ "No IPv6 support in Access Control Library (TCP Wrappers)");
+ once++;
+ }
+ goto skipcheck;
+ }
+#endif
/* remote host authorization check */
if (!check_default("mountd", svc_getcaller(transp),
rqstp->rq_proc, MOUNTPROG)) {
svcerr_auth (transp, AUTH_FAILED);
return;
}
+
+#ifdef IPV6_SUPPORTED
+skipcheck:
+#endif
+
#endif
rpc_dispatch(rqstp, transp, dtable, number_of(dtable),
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html