[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-184-gc2355
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-184-gc235508 |
|
Date: |
Tue, 09 Oct 2012 20:21:47 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via c235508d8df9371a1da1bfa1e147d0cfd5a8ced4 (commit)
from 88ff7a44098fd6e26ddaa4fc7a61e5ed6f6e1678 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=c235508d8df9371a1da1bfa1e147d0cfd5a8ced4
commit c235508d8df9371a1da1bfa1e147d0cfd5a8ced4
Author: Mats Erik Andersson <address@hidden>
Date: Mon Oct 8 19:06:59 2012 +0200
rlogind: Support libwrap in daemon mode.
diff --git a/ChangeLog b/ChangeLog
index de25dc7..c2474df 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2012-10-08 Mats Erik Andersson <address@hidden>
+
+ rlogind: Support libwrap in daemon mode.
+
+ * configure.ac <rlogind summary>: Print $LIBWRAP.
+ * src/Makefile.am (rlogind_LDADD): Add $(LIBWRAP).
+ * src/rlogind.c [HAVE_TCPD_H]: Include <tcpd.h>.
+ [WITH_WRAP && !HAVE_DECL_HOSTS_CTL]: New prototype
+ for missing hosts_ctl() declaration.
+ (allow_severity, deny_severity) [WITH_WRAP]:
+ New variables.
+ (check_host) [WITH_WRAP]: New function.
+ (rlogin_daemon) [WITH_WRAP]: Call check_host().
+ (protocol) [!SHISHI]: Trivial use of AP.
+
+ * ftpd/server_mode.c (check_host): Use severity
+ `deny_severity' to syslog() at rejects.
+
2012-10-05 Mats Erik Andersson <address@hidden>
telnet: Reliability fix caused by OpenSolaris,
diff --git a/configure.ac b/configure.ac
index e348aff..11f23d0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1047,7 +1047,7 @@ ${ftpd_BUILD:+${FTPD_LIBPAM:+PAM }$LIBWRAP}
rexecd ${enable_rexecd} \
${rexecd_BUILD:+${LIBPAM:+PAM}}
rlogind ${enable_rlogind} \
-${rlogind_BUILD:+$KERBEROS_VERSION}
+${rlogind_BUILD:+${KERBEROS_VERSION:+$KERBEROS_VERSION }$LIBWRAP}
rshd ${enable_rshd} \
${rshd_BUILD:+${KERBEROS_VERSION:+$KERBEROS_VERSION }${LIBPAM:+PAM}}
syslogd ${enable_syslogd}
diff --git a/ftpd/server_mode.c b/ftpd/server_mode.c
index 113ee79..6b304d7 100644
--- a/ftpd/server_mode.c
+++ b/ftpd/server_mode.c
@@ -78,7 +78,7 @@ check_host (struct sockaddr *sa, socklen_t len)
{
if (!hosts_ctl ("ftpd", name, addr, STRING_UNKNOWN))
{
- syslog (LOG_NOTICE, "tcpwrappers rejected: %s [%s]",
+ syslog (deny_severity, "tcpwrappers rejected: %s [%s]",
name, addr);
return 0;
}
@@ -87,7 +87,7 @@ check_host (struct sockaddr *sa, socklen_t len)
{
if (!hosts_ctl ("ftpd", STRING_UNKNOWN, addr, STRING_UNKNOWN))
{
- syslog (LOG_NOTICE, "tcpwrappers rejected: [%s]", addr);
+ syslog (deny_severity, "tcpwrappers rejected: [%s]", addr);
return 0;
}
}
diff --git a/src/Makefile.am b/src/Makefile.am
index 1f7bf13..05e3aa1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -79,7 +79,7 @@ EXTRA_PROGRAMS += rexecd
inetdaemon_PROGRAMS += $(rlogind_BUILD)
rlogind_SOURCES = rlogind.c
-rlogind_LDADD = $(LDADD) $(LIBAUTH)
+rlogind_LDADD = $(LDADD) $(LIBAUTH) $(LIBWRAP)
EXTRA_PROGRAMS += rlogind
inetdaemon_PROGRAMS += $(rshd_BUILD)
diff --git a/src/rlogind.c b/src/rlogind.c
index 9e16cfc..9663be6 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -67,6 +67,10 @@
#include <pty.h>
+#ifdef HAVE_TCPD_H
+# include <tcpd.h>
+#endif
+
#include <progname.h>
#include <argp.h>
#include <libinetutils.h>
@@ -161,9 +165,9 @@ struct auth_data
krb5_ccache ccache;
krb5_keytab keytab;
# endif
-# endif
+# endif /* KERBEROS */
};
-#endif
+#endif /* !SHISHI */
#define MODE_INETD 0
#define MODE_DAEMON 1
@@ -197,6 +201,15 @@ int local_dot_count;
struct winsize win = { 0, 0, 0, 0 };
+#ifdef WITH_WRAP
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_NOTICE;
+
+# if !HAVE_DECL_HOSTS_CTL
+extern int hosts_ctl (char *, char *, char *, char *);
+# endif
+#endif /* WITH_WRAP */
+
#if defined __GLIBC__ && defined WITH_IRUSEROK
extern int iruserok (uint32_t raddr, int superuser,
const char *ruser, const char *luser);
@@ -232,6 +245,76 @@ rlogind_sigchld (int signo _GL_UNUSED_PARAMETER)
--numchildren;
}
+#ifdef WITH_WRAP
+static int
+check_host (struct sockaddr *sa, socklen_t len)
+{
+ int rc;
+ char addr[INET6_ADDRSTRLEN];
+# if HAVE_DECL_GETNAMEINFO
+ char name[NI_MAXHOST];
+# else
+ struct hostent *hp;
+ void *addrp;
+ char *name;
+# endif /* !HAVE_DECL_NAMEINFO */
+
+ if (sa->sa_family != AF_INET
+# ifdef IPV6
+ && sa->sa_family != AF_INET6)
+# endif
+ return 1;
+
+# if HAVE_DECL_GETNAMEINFO
+ (void) getnameinfo(sa, len, addr, sizeof (addr), NULL, 0, NI_NUMERICHOST);
+ rc = getnameinfo(sa, len, name, sizeof (name), NULL, 0, NI_NAMEREQD);
+# else /* !HAVE_DECL_GETNAMEINFO */
+
+ (void) len; /* Silence warning. */
+
+ switch (sa->sa_family)
+ {
+# ifdef IPV6
+ case AF_INET6:
+ addrp = (void *) &((struct sockaddr_in6 *) sa)->sin6_addr;
+ hp = gethostbyaddr (addrp, sizeof (struct in6_addr),
+ sa->sa_family);
+ break;
+# endif
+ case AF_INET:
+ default:
+ addrp = (void *) &((struct sockaddr_in *) sa)->sin_addr;
+ hp = gethostbyaddr (addrp, sizeof (struct in_addr),
+ sa->sa_family);
+ }
+
+ (void) inet_ntop (sa->sa_family, addrp, addr, sizeof (addr));
+ if (hp)
+ name = hp->h_name;
+ rc = (hp == NULL); /* Translate to getnameinfo style. */
+# endif /* !HAVE_DECL_GETNAMEINFO */
+
+ if (!rc)
+ {
+ if (!hosts_ctl ("rlogind", name, addr, STRING_UNKNOWN))
+ {
+ syslog (deny_severity, "tcpd rejects %s [%s]",
+ name, addr);
+ return 0;
+ }
+ }
+ else
+ {
+ if (!hosts_ctl ("rlogind", STRING_UNKNOWN, addr, STRING_UNKNOWN))
+ {
+ syslog (deny_severity, "tcpd rejects [%s]", addr);
+ return 0;
+ }
+ }
+ return 1;
+}
+#endif /* WITH_WRAP */
+
#if defined KERBEROS && defined ENCRYPTION
# define ENCRYPT_IO encrypt_io
# define IF_ENCRYPT(stmt) if (encrypt_io) stmt
@@ -665,6 +748,10 @@ rlogin_daemon (int maxchildren, int port)
close (listenfd[0]);
if (numfd > 1)
close (listenfd[1]);
+#ifdef WITH_WRAP
+ if (!check_host ((struct sockaddr *) &saddr, size))
+ exit (EXIT_FAILURE);
+#endif
exit (rlogind_mainloop (fd, fd));
}
/* parent only */
@@ -1576,6 +1663,9 @@ protocol (int f, int p, struct auth_data *ap)
int cc, nfd, n;
char cntl;
+#ifndef SHISHI
+ (void) ap; /* Silence warning. */
+#endif
/*
* Must ignore SIGTTOU, otherwise we'll stop
* when we try and set slave pty's window shape
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 18 ++++++++++
configure.ac | 2 +-
ftpd/server_mode.c | 4 +-
src/Makefile.am | 2 +-
src/rlogind.c | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++-
5 files changed, 114 insertions(+), 6 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-184-gc235508,
Mats Erik Andersson <=