Date: Wed, 9 Jun 1999 08:10:03 -0700 (PDT) From: Sheldon Hearn <sheldonh@uunet.co.za> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does. Message-ID: <199906091510.IAA42398@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR bin/11960; it has been noted by GNATS.
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: David Malone <dwmalone@maths.tcd.ie>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does.
Date: Wed, 09 Jun 1999 17:08:37 +0200
On Wed, 09 Jun 1999 15:07:12 +0100, David Malone wrote:
> Second, with this method all connections are logged twice if you give -l,
> once about line 541 and once after the tcp_wrapper stuff is done.
Ah, okay I spot it. I must admit that I would have been comfortable with
inetd spewing duplicate messages, since they're unlikely to be on the
same faciliy.priority .
> We either need to zap this first log line, or make a flag for tcpd
> style logging (-t?).
Neither, actually. One of the two should always be enabled, depending on
whether LIBWRAP is defined. Remember, some people are going to want to
compile out inetd _without_ libwrap support and we should be mindful of
them.
I suspect that the diff attached will make you _and_ non-wrapping users
happy. As before, apply to clean sources. Note that this diff contains a
fix for SIGHUP handling from PR 11860 (courtesy of Masachika ISHIZUKA).
Feedback?
Ciao,
Sheldon.
Index: usr.sbin/inetd/Makefile
===================================================================
RCS file: /home/ncvs/src/usr.sbin/inetd/Makefile,v
retrieving revision 1.8
diff -u -d -r1.8 Makefile
--- Makefile 1999/05/07 06:48:01 1.8
+++ Makefile 1999/05/22 13:32:00
@@ -5,7 +5,7 @@
MAN8= inetd.8
MLINKS= inetd.8 inetd.conf.5
-COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP
+COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP -DLIBWRAP_INTERNAL
#COPTS+= -DSANITY_CHECK
DPADD+= ${LIBUTIL} ${LIBWRAP}
Index: usr.sbin/inetd/inetd.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/inetd/inetd.c,v
retrieving revision 1.49
diff -u -d -r1.49 inetd.c
--- inetd.c 1999/05/11 12:50:14 1.49
+++ inetd.c 1999/06/09 15:04:23
@@ -146,8 +146,8 @@
#ifndef LIBWRAP_DENY_SEVERITY
# define LIBWRAP_DENY_SEVERITY LOG_WARNING
#endif
-int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
-int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
+int allow_severity;
+int deny_severity;
#endif
#ifdef LOGIN_CAP
@@ -538,6 +538,7 @@
close(ctrl);
continue;
}
+#ifndef LIBWRAP
if (log) {
i = sizeof peer;
if (getpeername(ctrl, (struct sockaddr *)
@@ -552,15 +553,12 @@
sep->se_service,
inet_ntoa(peer.sin_addr));
}
+#endif
} else
ctrl = sep->se_fd;
(void) sigblock(SIGBLOCK);
pid = 0;
-#ifdef LIBWRAP_INTERNAL
- dofork = 1;
-#else
dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork);
-#endif
if (dofork) {
if (sep->se_count++ == 0)
(void)gettimeofday(&sep->se_time, (struct timezone *)NULL);
@@ -624,21 +622,13 @@
#endif
if (sep->se_accept
&& sep->se_socktype == SOCK_STREAM) {
- request_init(&req,
- RQ_DAEMON, sep->se_server_name ?
- sep->se_server_name : sep->se_service,
- RQ_FILE, ctrl, NULL);
+ service = sep->se_server_name ?
+ sep->se_server_name : sep->se_service;
+ request_init(&req, RQ_DAEMON, service, RQ_FILE, ctrl, NULL);
fromhost(&req);
+ deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
+ allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
denied = !hosts_access(&req);
- if (denied || log) {
- sp = getservbyport(sep->se_ctrladdr.sin_port, sep->se_proto);
- if (sp == NULL) {
- (void)snprintf(buf, sizeof buf, "%d",
- ntohs(sep->se_ctrladdr.sin_port));
- service = buf;
- } else
- service = sp->s_name;
- }
if (denied) {
syslog(deny_severity,
"refused connection from %.500s, service %s (%s)",
@@ -746,7 +736,8 @@
#endif
if (sep->se_socktype != SOCK_STREAM)
recv(0, buf, sizeof (buf), 0);
- _exit(EX_OSERR);
+ if (dofork)
+ _exit(EX_OSERR);
}
}
if (sep->se_accept && sep->se_socktype == SOCK_STREAM)
@@ -911,6 +902,7 @@
SWAP(sep->se_class, new->se_class);
#endif
SWAP(sep->se_server, new->se_server);
+ SWAP(sep->se_server_name, new->se_server_name);
for (i = 0; i < MAXARGV; i++)
SWAP(sep->se_argv[i], new->se_argv[i]);
sigsetmask(omask);
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906091510.IAA42398>