Date: Wed, 9 Jun 1999 07:00:04 -0700 (PDT) From: Sheldon Hearn <sheldonh@uunet.co.za> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does. Message-ID: <199906091400.HAA34635@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/11960; it has been noted by GNATS.
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: David Malone <dwmalone@maths.tcd.ie>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does.
Date: Wed, 09 Jun 1999 15:53:57 +0200
Okay, could you do me a favour and see if you're happy with these diffs.
They're a compromise, in that you still have to run inetd -l to log
successful connections.
You should apply them to clean inetd sources, not whatever we've got so
far. :-)
These incorporate your stuff and mine from PR 11651 .
Ciao,
Sheldon.
Index: usr.sbin/inetd/Makefile
===================================================================
RCS file: /home/ncvs/src/usr.sbin/inetd/Makefile,v
retrieving revision 1.8
diff -u -d -r1.8 Makefile
--- Makefile 1999/05/07 06:48:01 1.8
+++ Makefile 1999/05/22 13:32:00
@@ -5,7 +5,7 @@
MAN8= inetd.8
MLINKS= inetd.8 inetd.conf.5
-COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP
+COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP -DLIBWRAP_INTERNAL
#COPTS+= -DSANITY_CHECK
DPADD+= ${LIBUTIL} ${LIBWRAP}
Index: usr.sbin/inetd/inetd.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/inetd/inetd.c,v
retrieving revision 1.49
diff -u -d -r1.49 inetd.c
--- inetd.c 1999/05/11 12:50:14 1.49
+++ inetd.c 1999/06/09 13:43:55
@@ -146,8 +146,8 @@
#ifndef LIBWRAP_DENY_SEVERITY
# define LIBWRAP_DENY_SEVERITY LOG_WARNING
#endif
-int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
-int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
+int allow_severity;
+int deny_severity;
#endif
#ifdef LOGIN_CAP
@@ -556,11 +556,7 @@
ctrl = sep->se_fd;
(void) sigblock(SIGBLOCK);
pid = 0;
-#ifdef LIBWRAP_INTERNAL
- dofork = 1;
-#else
dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork);
-#endif
if (dofork) {
if (sep->se_count++ == 0)
(void)gettimeofday(&sep->se_time, (struct timezone *)NULL);
@@ -624,21 +620,13 @@
#endif
if (sep->se_accept
&& sep->se_socktype == SOCK_STREAM) {
- request_init(&req,
- RQ_DAEMON, sep->se_server_name ?
- sep->se_server_name : sep->se_service,
- RQ_FILE, ctrl, NULL);
+ service = sep->se_server_name ?
+ sep->se_server_name : sep->se_service;
+ request_init(&req, RQ_DAEMON, service, RQ_FILE, ctrl, NULL);
fromhost(&req);
+ deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
+ allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
denied = !hosts_access(&req);
- if (denied || log) {
- sp = getservbyport(sep->se_ctrladdr.sin_port, sep->se_proto);
- if (sp == NULL) {
- (void)snprintf(buf, sizeof buf, "%d",
- ntohs(sep->se_ctrladdr.sin_port));
- service = buf;
- } else
- service = sp->s_name;
- }
if (denied) {
syslog(deny_severity,
"refused connection from %.500s, service %s (%s)",
@@ -746,7 +734,8 @@
#endif
if (sep->se_socktype != SOCK_STREAM)
recv(0, buf, sizeof (buf), 0);
- _exit(EX_OSERR);
+ if (dofork)
+ _exit(EX_OSERR);
}
}
if (sep->se_accept && sep->se_socktype == SOCK_STREAM)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906091400.HAA34635>