Date: Wed, 09 Jun 1999 17:44:04 +0200 From: Sheldon Hearn <sheldonh@uunet.co.za> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/12097: [PATCH] Various fixes for inetd with libwrap support Message-ID: <6300.928943044@axl.noc.iafrica.com>
next in thread | raw e-mail | index | archive | help
>Number: 12097
>Category: bin
>Synopsis: [PATCH] Various fixes for inetd with libwrap support
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 9 08:50:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Sheldon Hearn
>Release: FreeBSD 4.0-CURRENT i386
>Organization:
UUNET South Africa
>Environment:
FreeBSD 4.0-CURRENT #2: Wed Jun 9 14:28:13 SAST 1999 i386
>Description:
This PR supersedes:
PR 11651 - forked inetd children for internal services don't die
PR 11860 - inetd config() corrupts service names on HUP
PR 11960 - inetd doesn't honour hosts_access severity extension
>How-To-Repeat:
See relevant PR's.
>Fix:
The patch attached accompishes the following:
* Handle forking and non-forking internal services correctly.
* On HUP, preserve server names for each service.
* Handle -l option as appropriate for libwrap and non-libwrap
cases.
* Honour hosts_access severity options by resetting syslog
facility and priority before each call to hosts_access.
* Turn on wrapping for internal services because they work now.
Reported by: Pierre Beyssac <pb@fasterix.freenix.org>,
Masachika <ISHIZUKA ishizuka@ish.org>,
David Malone <dwmalone@maths.tcd.ie>
Submitted by: sheldonh, Masachika <ISHIZUKA ishizuka@ish.org>,
David Malone <dwmalone@maths.tcd.ie>
Index: usr.sbin/inetd/Makefile
===================================================================
RCS file: /home/ncvs/src/usr.sbin/inetd/Makefile,v
retrieving revision 1.8
diff -u -d -r1.8 Makefile
--- Makefile 1999/05/07 06:48:01 1.8
+++ Makefile 1999/06/09 15:13:53
@@ -5,7 +5,7 @@
MAN8= inetd.8
MLINKS= inetd.8 inetd.conf.5
-COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP
+COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP -DLIBWRAP_INTERNAL
#COPTS+= -DSANITY_CHECK
DPADD+= ${LIBUTIL} ${LIBWRAP}
Index: usr.sbin/inetd/inetd.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/inetd/inetd.c,v
retrieving revision 1.49
diff -u -d -r1.49 inetd.c
--- inetd.c 1999/05/11 12:50:14 1.49
+++ inetd.c 1999/06/09 15:13:04
@@ -146,8 +146,8 @@
#ifndef LIBWRAP_DENY_SEVERITY
# define LIBWRAP_DENY_SEVERITY LOG_WARNING
#endif
-int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
-int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
+int allow_severity;
+int deny_severity;
#endif
#ifdef LOGIN_CAP
@@ -344,8 +344,6 @@
int tmpint, ch, dofork;
pid_t pid;
char buf[50];
- struct sockaddr_in peer;
- int i;
#ifdef LOGIN_CAP
login_cap_t *lc = NULL;
#endif
@@ -353,6 +351,9 @@
struct request_info req;
int denied;
char *service = NULL;
+#else
+ struct sockaddr_in peer;
+ int i;
#endif
@@ -538,6 +539,7 @@
close(ctrl);
continue;
}
+#ifndef LIBWRAP
if (log) {
i = sizeof peer;
if (getpeername(ctrl, (struct sockaddr *)
@@ -552,15 +554,12 @@
sep->se_service,
inet_ntoa(peer.sin_addr));
}
+#endif
} else
ctrl = sep->se_fd;
(void) sigblock(SIGBLOCK);
pid = 0;
-#ifdef LIBWRAP_INTERNAL
- dofork = 1;
-#else
dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork);
-#endif
if (dofork) {
if (sep->se_count++ == 0)
(void)gettimeofday(&sep->se_time, (struct timezone *)NULL);
@@ -624,21 +623,13 @@
#endif
if (sep->se_accept
&& sep->se_socktype == SOCK_STREAM) {
- request_init(&req,
- RQ_DAEMON, sep->se_server_name ?
- sep->se_server_name : sep->se_service,
- RQ_FILE, ctrl, NULL);
+ service = sep->se_server_name ?
+ sep->se_server_name : sep->se_service;
+ request_init(&req, RQ_DAEMON, service, RQ_FILE, ctrl, NULL);
fromhost(&req);
+ deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
+ allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
denied = !hosts_access(&req);
- if (denied || log) {
- sp = getservbyport(sep->se_ctrladdr.sin_port, sep->se_proto);
- if (sp == NULL) {
- (void)snprintf(buf, sizeof buf, "%d",
- ntohs(sep->se_ctrladdr.sin_port));
- service = buf;
- } else
- service = sp->s_name;
- }
if (denied) {
syslog(deny_severity,
"refused connection from %.500s, service %s (%s)",
@@ -746,7 +737,8 @@
#endif
if (sep->se_socktype != SOCK_STREAM)
recv(0, buf, sizeof (buf), 0);
- _exit(EX_OSERR);
+ if (dofork)
+ _exit(EX_OSERR);
}
}
if (sep->se_accept && sep->se_socktype == SOCK_STREAM)
@@ -911,6 +903,7 @@
SWAP(sep->se_class, new->se_class);
#endif
SWAP(sep->se_server, new->se_server);
+ SWAP(sep->se_server_name, new->se_server_name);
for (i = 0; i < MAXARGV; i++)
SWAP(sep->se_argv[i], new->se_argv[i]);
sigsetmask(omask);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6300.928943044>