From owner-freebsd-hackers@FreeBSD.ORG  Wed Oct 29 08:10:12 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C546E16A4CE
	for <FreeBSD-hackers@freebsd.org>;
	Wed, 29 Oct 2003 08:10:12 -0800 (PST)
Received: from gvr.gvr.org (gvr.gvr.org [212.61.40.17])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DF38443F85
	for <FreeBSD-hackers@freebsd.org>;
	Wed, 29 Oct 2003 08:10:10 -0800 (PST)	(envelope-from guido@gvr.org)
Received: by gvr.gvr.org (Postfix, from userid 657)
	id 5B12041; Wed, 29 Oct 2003 17:10:09 +0100 (CET)
Date: Wed, 29 Oct 2003 17:10:09 +0100
From: Guido van Rooij <guido@gvr.org>
To: Dan Langille <dan@langille.org>
Message-ID: <20031029161009.GA26309@gvr.gvr.org>
References: <3F9F8AAA.12507.14D8EE23@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F9F8AAA.12507.14D8EE23@localhost>
cc: FreeBSD-hackers@freebsd.org
Subject: Re: hosts_access(3) - correct usage?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2003 16:10:12 -0000

On Wed, Oct 29, 2003 at 09:38:50AM -0500, Dan Langille wrote:
> Is this the right way to use hosts_access?  The code blows up during 
> the hosts_access call.  I'm told it runs OK on Linux/Solaris.  I'm 
> wonderding if there's something different it needs to do be doing on 
> FreeBSD.
> 
> Thanks
> 
> #ifdef HAVE_LIBWRAP
>       P(mutex);               /* hosts_access is not thread safe */
>       request_init(&request, RQ_DAEMON, my_name, RQ_FILE, newsockfd, 
> 0);
>       fromhost(&request);
>       if (!hosts_access(&request)) {
>      V(mutex);
>          Jmsg2(NULL, M_WARNING, 0, _("Connection from %s:%d refused 
> by hosts.access"),
>            inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port));
>      close(newsockfd);
>      continue;
>       }
>       V(mutex);
> #endif


This seems okay to me.
OpenSSH uses:
                struct request_info req;
 
                request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
                fromhost(&req);
 
                if (!hosts_access(&req)) {
                        debug("Connection refused by tcp wrapper");
                        refuse(&req);
                        /* NOTREACHED */
                        fatal("libwrap refuse returns");
                }

I take it that newsockfd is the one returned from accept()?
I'd try using a debug version of libwrap...

-Guido