tcp_wrapper: Clean up logit()

Eliminate these compiler warnings:

tcpwrapper.c: In function logit
tcpwrapper.c:225: warning: unused parameter procnum
tcpwrapper.c:225: warning: unused parameter prognum

Actually, @procnum is not used anywhere in our tcpwrapper.c, so
let's just get rid of it.

Since there is only one logit() call site in tcpwrapper.c, the macro
wrapper just adds needless clutter.  Let's get rid of that too.

Finally, both mountd and statd now use xlog(), which adds an
appropriate program name prefix to every message.  Replace the
open-coded syslog(2) call with an xlog() call in order to
consistently identify the RPC service reporting the intrusion.

Since logit() no longer references "deny_severity" and no nfs-utils
caller sets either allow_severity or deny_severity, we remove them.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/support/include/tcpwrapper.h b/support/include/tcpwrapper.h
index f1145bdfa77fa31d162266d1031b77ac4ef1f3a1..941394e3582a18af08b2744dca194cb93b59f8e1 100644 (file)
--- a/support/include/tcpwrapper.h
+++ b/support/include/tcpwrapper.h
@@ -5,14 +5,8 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
-extern int verboselog;
-
-extern int allow_severity;
-extern int deny_severity;
-
 extern int good_client(char *daemon, struct sockaddr_in *addr);
 extern int from_local(const struct sockaddr *sap);
-extern int check_default(char *daemon, struct sockaddr_in *addr,
-                        u_long proc, u_long prog);
+extern int check_default(char *daemon, struct sockaddr_in *addr, u_long prog);
 
 #endif /* TCP_WRAPPER_H */

diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c
index af626adc5b5cdb430f20c92549a0c02a813823f4..b981d58c2e2246179e3a43ce3e707cf267e648c6 100644 (file)
--- a/support/misc/tcpwrapper.c
+++ b/support/misc/tcpwrapper.c
@@ -34,13 +34,12 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
+
 #ifdef HAVE_LIBWRAP
-#include <tcpwrapper.h>
 #include <unistd.h>
 #include <string.h>
 #include <rpc/rpc.h>
 #include <rpc/pmap_prot.h>
-#include <syslog.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <sys/types.h>
@@ -49,6 +48,7 @@
 #include <sys/stat.h>
 #include <tcpd.h>
 
+#include "tcpwrapper.h"
 #include "xlog.h"
 
 #ifdef SYSV40
@@ -56,21 +56,8 @@
 #include <rpc/rpcent.h>
 #endif
 
-static void logit(int severity, struct sockaddr_in *addr,
-                 u_long procnum, u_long prognum, char *text);
 static int check_files(void);
 
-/*
- * These need to exist since they are externed 
- * public header files.
- */
-int     verboselog = 0;
-int     allow_severity = LOG_INFO;
-int     deny_severity = LOG_WARNING;
-
-#define log_bad_host(addr, proc, prog) \
-  logit(deny_severity, addr, proc, prog, "request from unauthorized host")
-
 #define ALLOW 1
 #define DENY 0
 
@@ -143,6 +130,16 @@ haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long prog)
        return NULL;
 }
 
+static void
+logit(const struct sockaddr_in *sin)
+{
+       char buf[INET_ADDRSTRLEN];
+
+       xlog_warn("connect from %s denied: request from unauthorized host",
+                       inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf)));
+               
+}
+
 int
 good_client(daemon, addr)
 char *daemon;
@@ -186,14 +183,17 @@ static int check_files()
        return changed;
 }
 
-/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
-
+/**
+ * check_default - additional checks for NULL, DUMP, GETPORT and unknown
+ * @daemon: pointer to '\0'-terminated ASCII string containing name of the
+ *             daemon requesting the access check
+ * @addr: pointer to socket address containing address of caller
+ * @prog: RPC program number caller is attempting to access
+ *
+ * Returns TRUE if the caller is allowed access; otherwise FALSE is returned.
+ */
 int
-check_default(daemon, addr, proc, prog)
-char *daemon;
-struct sockaddr_in *addr;
-u_long  proc;
-u_long  prog;
+check_default(char *daemon, struct sockaddr_in *addr, u_long prog)
 {
        haccess_t *acc = NULL;
        int changed = check_files();
@@ -203,7 +203,7 @@ u_long  prog;
                return (acc->access);
 
        if (!(from_local((struct sockaddr *)addr) || good_client(daemon, addr))) {
-               log_bad_host(addr, proc, prog);
+               logit(addr);
                if (acc)
                        acc->access = FALSE;
                else 
@@ -219,12 +219,4 @@ u_long  prog;
     return (TRUE);
 }
 
-/* logit - report events of interest via the syslog daemon */
-
-static void logit(int severity, struct sockaddr_in *addr,
-                 u_long procnum, u_long prognum, char *text)
-{
-       syslog(severity, "connect from %s denied: %s",
-              inet_ntoa(addr->sin_addr), text);
-}
-#endif
+#endif /* HAVE_LIBWRAP */

diff --git a/utils/mountd/mount_dispatch.c b/utils/mountd/mount_dispatch.c
index 199fcece4f4682fb51e27dff87e42847b2096a47..d2802eff63eca504208c448ae3693222ffec6ea1 100644 (file)
--- a/utils/mountd/mount_dispatch.c
+++ b/utils/mountd/mount_dispatch.c
@@ -75,7 +75,7 @@ mount_dispatch(struct svc_req *rqstp, SVCXPRT *transp)
 
        /* remote host authorization check */
        if (sin->sin_family == AF_INET &&
-           !check_default("mountd", sin, rqstp->rq_proc, MOUNTPROG)) {
+           !check_default("mountd", sin, MOUNTPROG)) {
                svcerr_auth (transp, AUTH_FAILED);
                return;
        }

diff --git a/utils/statd/statd.c b/utils/statd/statd.c
index 7be6454cbe171bef72b2577aa7cf2f1ec1b68253..fa3c6d5a66fa16ef9dbdf4087db3341bce375995 100644 (file)
--- a/utils/statd/statd.c
+++ b/utils/statd/statd.c
@@ -79,7 +79,7 @@ sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp)
 
        /* remote host authorization check */
        if (sin->sin_family == AF_INET &&
-           !check_default("statd", sin, rqstp->rq_proc, SM_PROG)) {
+           !check_default("statd", sin, SM_PROG)) {
                svcerr_auth (transp, AUTH_FAILED);
                return;
        }