#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
+
#ifdef HAVE_LIBWRAP
-#include <tcpwrapper.h>
#include <unistd.h>
#include <string.h>
#include <rpc/rpc.h>
#include <rpc/pmap_prot.h>
-#include <syslog.h>
#include <netdb.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <tcpd.h>
+#include "tcpwrapper.h"
#include "xlog.h"
#ifdef SYSV40
#include <rpc/rpcent.h>
#endif
-static void logit(int severity, struct sockaddr_in *addr,
- u_long procnum, u_long prognum, char *text);
static int check_files(void);
-/*
- * These need to exist since they are externed
- * public header files.
- */
-int verboselog = 0;
-int allow_severity = LOG_INFO;
-int deny_severity = LOG_WARNING;
-
-#define log_bad_host(addr, proc, prog) \
- logit(deny_severity, addr, proc, prog, "request from unauthorized host")
-
#define ALLOW 1
#define DENY 0
typedef struct _haccess_t {
- TAILQ_ENTRY(_haccess_t) list;
- int access;
- struct in_addr addr;
+ TAILQ_ENTRY(_haccess_t) list;
+ int allowed;
+ struct in_addr addr;
} haccess_t;
#define HASH_TABLE_SIZE 1021
} hash_head;
hash_head haccess_tbl[HASH_TABLE_SIZE];
static haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long);
-static void haccess_add(struct sockaddr_in *addr, u_long, int);
-inline unsigned int strtoint(char *str)
+static unsigned long
+strtoint(const char *str)
{
- unsigned int n = 0;
- int len = strlen(str);
- int i;
+ unsigned long i, n = 0;
+ size_t len = strlen(str);
- for (i=0; i < len; i++)
- n+=((int)str[i])*i;
+ for (i = 0; i < len; i++)
+ n += (unsigned char)str[i] * i;
return n;
}
-static inline int hashint(unsigned int num)
+
+static unsigned int
+hashint(const unsigned long num)
+{
+ return (unsigned int)(num % HASH_TABLE_SIZE);
+}
+
+static unsigned int
+HASH(const char *addr, const unsigned long program)
{
- return num % HASH_TABLE_SIZE;
+ return hashint(strtoint(addr) + program);
}
-#define HASH(_addr, _prog) \
- hashint((strtoint((_addr))+(_prog)))
-void haccess_add(struct sockaddr_in *addr, u_long prog, int access)
+static void
+haccess_add(struct sockaddr_in *addr, u_long prog, int allowed)
{
hash_head *head;
- haccess_t *hptr;
- int hash;
+ haccess_t *hptr;
+ unsigned int hash;
hptr = (haccess_t *)malloc(sizeof(haccess_t));
if (hptr == NULL)
hash = HASH(inet_ntoa(addr->sin_addr), prog);
head = &(haccess_tbl[hash]);
- hptr->access = access;
+ hptr->allowed = allowed;
hptr->addr.s_addr = addr->sin_addr.s_addr;
if (TAILQ_EMPTY(&head->h_head))
haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long prog)
{
hash_head *head;
- haccess_t *hptr;
- int hash;
+ haccess_t *hptr;
+ unsigned int hash;
hash = HASH(inet_ntoa(addr->sin_addr), prog);
head = &(haccess_tbl[hash]);
return NULL;
}
-int
-good_client(daemon, addr)
-char *daemon;
-struct sockaddr_in *addr;
+static void
+logit(const struct sockaddr_in *sin)
+{
+ char buf[INET_ADDRSTRLEN];
+
+ xlog_warn("connect from %s denied: request from unauthorized host",
+ inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf)));
+
+}
+
+static int
+good_client(char *name, struct sockaddr_in *addr)
{
struct request_info req;
- request_init(&req, RQ_DAEMON, daemon, RQ_CLIENT_SIN, addr, 0);
+ request_init(&req, RQ_DAEMON, name, RQ_CLIENT_SIN, addr, 0);
sock_methods(&req);
if (hosts_access(&req))
return changed;
}
-/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
-
+/**
+ * check_default - additional checks for NULL, DUMP, GETPORT and unknown
+ * @name: pointer to '\0'-terminated ASCII string containing name of the
+ * daemon requesting the access check
+ * @addr: pointer to socket address containing address of caller
+ * @prog: RPC program number caller is attempting to access
+ *
+ * Returns TRUE if the caller is allowed access; otherwise FALSE is returned.
+ */
int
-check_default(daemon, addr, proc, prog)
-char *daemon;
-struct sockaddr_in *addr;
-u_long proc;
-u_long prog;
+check_default(char *name, struct sockaddr_in *addr, u_long prog)
{
haccess_t *acc = NULL;
int changed = check_files();
acc = haccess_lookup(addr, prog);
if (acc && changed == 0)
- return (acc->access);
+ return acc->allowed;
- if (!(from_local(addr) || good_client(daemon, addr))) {
- log_bad_host(addr, proc, prog);
+ if (!(from_local((struct sockaddr *)addr) || good_client(name, addr))) {
+ logit(addr);
if (acc)
- acc->access = FALSE;
+ acc->allowed = FALSE;
else
haccess_add(addr, prog, FALSE);
return (FALSE);
}
if (acc)
- acc->access = TRUE;
+ acc->allowed = TRUE;
else
haccess_add(addr, prog, TRUE);
return (TRUE);
}
-/* logit - report events of interest via the syslog daemon */
-
-static void logit(int severity, struct sockaddr_in *addr,
- u_long procnum, u_long prognum, char *text)
-{
- syslog(severity, "connect from %s denied: %s",
- inet_ntoa(addr->sin_addr), text);
-}
-#endif
+#endif /* HAVE_LIBWRAP */