Date: Wed, 29 Oct 2003 17:10:09 +0100 From: Guido van Rooij <guido@gvr.org> To: Dan Langille <dan@langille.org> Cc: FreeBSD-hackers@freebsd.org Subject: Re: hosts_access(3) - correct usage? Message-ID: <20031029161009.GA26309@gvr.gvr.org> In-Reply-To: <3F9F8AAA.12507.14D8EE23@localhost> References: <3F9F8AAA.12507.14D8EE23@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 29, 2003 at 09:38:50AM -0500, Dan Langille wrote:
> Is this the right way to use hosts_access? The code blows up during
> the hosts_access call. I'm told it runs OK on Linux/Solaris. I'm
> wonderding if there's something different it needs to do be doing on
> FreeBSD.
>
> Thanks
>
> #ifdef HAVE_LIBWRAP
> P(mutex); /* hosts_access is not thread safe */
> request_init(&request, RQ_DAEMON, my_name, RQ_FILE, newsockfd,
> 0);
> fromhost(&request);
> if (!hosts_access(&request)) {
> V(mutex);
> Jmsg2(NULL, M_WARNING, 0, _("Connection from %s:%d refused
> by hosts.access"),
> inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port));
> close(newsockfd);
> continue;
> }
> V(mutex);
> #endif
This seems okay to me.
OpenSSH uses:
struct request_info req;
request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
fromhost(&req);
if (!hosts_access(&req)) {
debug("Connection refused by tcp wrapper");
refuse(&req);
/* NOTREACHED */
fatal("libwrap refuse returns");
}
I take it that newsockfd is the one returned from accept()?
I'd try using a debug version of libwrap...
-Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031029161009.GA26309>