From owner-freebsd-bugs Tue Jun 8 7: 0:26 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 379F314D6A for ; Tue, 8 Jun 1999 07:00:05 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id HAA08531; Tue, 8 Jun 1999 07:00:04 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Tue, 8 Jun 1999 07:00:04 -0700 (PDT) Message-Id: <199906081400.HAA08531@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: David Malone Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does. Reply-To: David Malone Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/11960; it has been noted by GNATS. From: David Malone To: Sheldon Hearn Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does. Date: Tue, 08 Jun 1999 14:54:44 +0100 > I'm being obtuse. Next time I'll read more carefully. This looks like > what we want. Do your changes work with wrapped internal services (see > PR 11651)? Looks to me like your method handles both cases of forked and > non-forked internals nicely. I think the code makes sense in both cases. I read the PR and I can't see how this could upset the internally wrapped case. Reading the code more carefully, I think I've discovered something else which should be done all the time - calculating the service name for the syslog. I've checked all these changes on a 3.2-stable machine and it seems to do the right thing. I've an interesting tail of caution for people - if you already have services wrapped with tcpd and wonder why: in.rshd rshd: ALL : severity dshosadh.warning : deny Is alowd by inetd's tcp wrapping, but denied by tcpd's wrapping - remember inetd will be calling hosts_access with a daemon name of "tcpd"! I wonder if we should log the daemon's name when we log the rest of the info about the service - as that is what people are most likely to grep for? David. --- inetd.c Tue Jun 8 13:39:35 1999 +++ inetd.c.orig Tue Jun 8 12:34:30 1999 @@ -629,24 +629,25 @@ sep->se_server_name : sep->se_service, RQ_FILE, ctrl, NULL); fromhost(&req); - deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY; - allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY; denied = !hosts_access(&req); - sp = getservbyport(sep->se_ctrladdr.sin_port, sep->se_proto); - if (sp == NULL) { - (void)snprintf(buf, sizeof buf, "%d", - ntohs(sep->se_ctrladdr.sin_port)); - service = buf; - } else - service = sp->s_name; + if (denied || log) { + sp = getservbyport(sep->se_ctrladdr.sin_port, sep->se_proto); + if (sp == NULL) { + (void)snprintf(buf, sizeof buf, "%d", + ntohs(sep->se_ctrladdr.sin_port)); + service = buf; + } else + service = sp->s_name; + } if (denied) { syslog(deny_severity, "refused connection from %.500s, service %s (%s)", eval_client(&req), service, sep->se_proto); goto reject; - } else { + } + if (log) { syslog(allow_severity, - "connection from %.500s, service %s (%s)", + "connection from %.500s, service %s (%s)", eval_client(&req), service, sep->se_proto); } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message