diff options
| -rw-r--r-- | Changelog | 1 | ||||
| -rw-r--r-- | rquota_svc.c | 32 |
2 files changed, 6 insertions, 27 deletions
@@ -1,4 +1,5 @@ Changes in quota-tools from 3.16 to 3.17 +* Fix hostname checking of rpc.rquotad. It could allow access even though hostname was in /etc/hosts.deny (Jan Kara) * do not allow setting of user's grace time when softlimit is not exceeded (Jan Kara) * fix reference to rpc manpage (anonymous reporter) * add EXT4 (not only EXT4DEV) to the list of supported filesystems (Mingming Cao) diff --git a/rquota_svc.c b/rquota_svc.c index c766eed..e5cd8e1 100644 --- a/rquota_svc.c +++ b/rquota_svc.c @@ -12,7 +12,7 @@ * changes for new utilities by Jan Kara <jack@suse.cz> * patches by Jani Jaakkola <jjaakkol@cs.helsinki.fi> * - * Version: $Id: rquota_svc.c,v 1.20 2007/08/27 12:32:57 jkar8572 Exp $ + * Version: $Id: rquota_svc.c,v 1.21 2009/04/28 15:36:22 jkar8572 Exp $ * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -172,8 +172,7 @@ static void parse_options(int argc, char **argv) int good_client(struct sockaddr_in *addr, ulong rq_proc) { #ifdef HOSTS_ACCESS - struct hostent *h; - char *name, **ad; + struct request_info req; #endif char *remote = inet_ntoa(addr->sin_addr); @@ -199,31 +198,10 @@ int good_client(struct sockaddr_in *addr, ulong rq_proc) /* NOTE: we could use different servicename for setquota calls to * allow only some hosts to call setquota. */ - /* Check IP address */ - if (hosts_ctl("rquotad", "", remote, "")) + request_init(&req, RQ_DAEMON, "rquotad", RQ_CLIENT_SIN, addr, 0); + sock_methods(&req); + if (hosts_access(&req)) return 1; - /* Get address */ - if (!(h = gethostbyaddr((const char *)&(addr->sin_addr), sizeof(addr->sin_addr), AF_INET))) - goto denied; - if (!(name = alloca(strlen(h->h_name)+1))) - goto denied; - strcpy(name, h->h_name); - /* Try to resolve it back */ - if (!(h = gethostbyname(name))) - goto denied; - for (ad = h->h_addr_list; *ad; ad++) - if (!memcmp(*ad, &(addr->sin_addr), h->h_length)) - break; - if (!*ad) /* Our address not found? */ - goto denied; - /* Check host name */ - if (hosts_ctl("rquotad", h->h_name, remote, "")) - return 1; - /* Check aliases */ - for (ad = h->h_aliases; *ad; ad++) - if (hosts_ctl("rquotad", *ad, remote, "")) - return 1; -denied: errstr(_("Denied access to host %s\n"), remote); return 0; #else |