From owner-freebsd-bugs Wed Jun 9 8:50: 6 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0A6E814DFE for ; Wed, 9 Jun 1999 08:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id IAA46940; Wed, 9 Jun 1999 08:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 30F2D15988 for ; Wed, 9 Jun 1999 08:44:06 -0700 (PDT) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 3.02 #1) id 10rkWK-0001dd-00 for FreeBSD-gnats-submit@freebsd.org; Wed, 09 Jun 1999 17:44:04 +0200 Message-Id: <6300.928943044@axl.noc.iafrica.com> Date: Wed, 09 Jun 1999 17:44:04 +0200 From: Sheldon Hearn Reply-To: Sheldon Hearn To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/12097: [PATCH] Various fixes for inetd with libwrap support Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 12097 >Category: bin >Synopsis: [PATCH] Various fixes for inetd with libwrap support >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Jun 9 08:50:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Sheldon Hearn >Release: FreeBSD 4.0-CURRENT i386 >Organization: UUNET South Africa >Environment: FreeBSD 4.0-CURRENT #2: Wed Jun 9 14:28:13 SAST 1999 i386 >Description: This PR supersedes: PR 11651 - forked inetd children for internal services don't die PR 11860 - inetd config() corrupts service names on HUP PR 11960 - inetd doesn't honour hosts_access severity extension >How-To-Repeat: See relevant PR's. >Fix: The patch attached accompishes the following: * Handle forking and non-forking internal services correctly. * On HUP, preserve server names for each service. * Handle -l option as appropriate for libwrap and non-libwrap cases. * Honour hosts_access severity options by resetting syslog facility and priority before each call to hosts_access. * Turn on wrapping for internal services because they work now. Reported by: Pierre Beyssac , Masachika , David Malone Submitted by: sheldonh, Masachika , David Malone Index: usr.sbin/inetd/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/inetd/Makefile,v retrieving revision 1.8 diff -u -d -r1.8 Makefile --- Makefile 1999/05/07 06:48:01 1.8 +++ Makefile 1999/06/09 15:13:53 @@ -5,7 +5,7 @@ MAN8= inetd.8 MLINKS= inetd.8 inetd.conf.5 -COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP +COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP -DLIBWRAP_INTERNAL #COPTS+= -DSANITY_CHECK DPADD+= ${LIBUTIL} ${LIBWRAP} Index: usr.sbin/inetd/inetd.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/inetd/inetd.c,v retrieving revision 1.49 diff -u -d -r1.49 inetd.c --- inetd.c 1999/05/11 12:50:14 1.49 +++ inetd.c 1999/06/09 15:13:04 @@ -146,8 +146,8 @@ #ifndef LIBWRAP_DENY_SEVERITY # define LIBWRAP_DENY_SEVERITY LOG_WARNING #endif -int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY; -int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY; +int allow_severity; +int deny_severity; #endif #ifdef LOGIN_CAP @@ -344,8 +344,6 @@ int tmpint, ch, dofork; pid_t pid; char buf[50]; - struct sockaddr_in peer; - int i; #ifdef LOGIN_CAP login_cap_t *lc = NULL; #endif @@ -353,6 +351,9 @@ struct request_info req; int denied; char *service = NULL; +#else + struct sockaddr_in peer; + int i; #endif @@ -538,6 +539,7 @@ close(ctrl); continue; } +#ifndef LIBWRAP if (log) { i = sizeof peer; if (getpeername(ctrl, (struct sockaddr *) @@ -552,15 +554,12 @@ sep->se_service, inet_ntoa(peer.sin_addr)); } +#endif } else ctrl = sep->se_fd; (void) sigblock(SIGBLOCK); pid = 0; -#ifdef LIBWRAP_INTERNAL - dofork = 1; -#else dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork); -#endif if (dofork) { if (sep->se_count++ == 0) (void)gettimeofday(&sep->se_time, (struct timezone *)NULL); @@ -624,21 +623,13 @@ #endif if (sep->se_accept && sep->se_socktype == SOCK_STREAM) { - request_init(&req, - RQ_DAEMON, sep->se_server_name ? - sep->se_server_name : sep->se_service, - RQ_FILE, ctrl, NULL); + service = sep->se_server_name ? + sep->se_server_name : sep->se_service; + request_init(&req, RQ_DAEMON, service, RQ_FILE, ctrl, NULL); fromhost(&req); + deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY; + allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY; denied = !hosts_access(&req); - if (denied || log) { - sp = getservbyport(sep->se_ctrladdr.sin_port, sep->se_proto); - if (sp == NULL) { - (void)snprintf(buf, sizeof buf, "%d", - ntohs(sep->se_ctrladdr.sin_port)); - service = buf; - } else - service = sp->s_name; - } if (denied) { syslog(deny_severity, "refused connection from %.500s, service %s (%s)", @@ -746,7 +737,8 @@ #endif if (sep->se_socktype != SOCK_STREAM) recv(0, buf, sizeof (buf), 0); - _exit(EX_OSERR); + if (dofork) + _exit(EX_OSERR); } } if (sep->se_accept && sep->se_socktype == SOCK_STREAM) @@ -911,6 +903,7 @@ SWAP(sep->se_class, new->se_class); #endif SWAP(sep->se_server, new->se_server); + SWAP(sep->se_server_name, new->se_server_name); for (i = 0; i < MAXARGV; i++) SWAP(sep->se_argv[i], new->se_argv[i]); sigsetmask(omask); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message