#include <sys/types.h>
#include <sys/signal.h>
#include <sys/queue.h>
+#include <sys/stat.h>
+#include <tcpd.h>
+
+#include "xlog.h"
+
#ifdef SYSV40
#include <netinet/in.h>
#include <rpc/rpcent.h>
static void logit(int severity, struct sockaddr_in *addr,
u_long procnum, u_long prognum, char *text);
static void toggle_verboselog(int sig);
+static int check_files(void);
+
int verboselog = 0;
int allow_severity = LOG_INFO;
int deny_severity = LOG_WARNING;
TAILQ_HEAD(host_list, _haccess_t) h_head;
} hash_head;
hash_head haccess_tbl[HASH_TABLE_SIZE];
-static haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long, u_long);
-static void haccess_add(struct sockaddr_in *addr, u_long, u_long, int);
+static haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long);
+static void haccess_add(struct sockaddr_in *addr, u_long, int);
inline unsigned int strtoint(char *str)
{
return n;
}
-inline int hashint(unsigned int num)
+static inline int hashint(unsigned int num)
{
return num % HASH_TABLE_SIZE;
}
-#define HASH(_addr, _proc, _prog) \
- hashint((strtoint((_addr))+(_proc)+(_prog)))
+#define HASH(_addr, _prog) \
+ hashint((strtoint((_addr))+(_prog)))
-void haccess_add(struct sockaddr_in *addr, u_long proc,
- u_long prog, int access)
+void haccess_add(struct sockaddr_in *addr, u_long prog, int access)
{
hash_head *head;
haccess_t *hptr;
if (hptr == NULL)
return;
- hash = HASH(inet_ntoa(addr->sin_addr), proc, prog);
+ hash = HASH(inet_ntoa(addr->sin_addr), prog);
head = &(haccess_tbl[hash]);
hptr->access = access;
else
TAILQ_INSERT_TAIL(&head->h_head, hptr, list);
}
-haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long proc, u_long prog)
+haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long prog)
{
hash_head *head;
haccess_t *hptr;
int hash;
- hash = HASH(inet_ntoa(addr->sin_addr), proc, prog);
+ hash = HASH(inet_ntoa(addr->sin_addr), prog);
head = &(haccess_tbl[hash]);
TAILQ_FOREACH(hptr, &head->h_head, list) {
char *daemon;
struct sockaddr_in *addr;
{
- struct hostent *hp;
- char **sp;
- char *tmpname;
-
- /* First check the address. */
- if (hosts_ctl(daemon, "", inet_ntoa(addr->sin_addr), "") == DENY)
- return DENY;
-
- /* Now do the hostname lookup */
- hp = gethostbyaddr ((const char *) &(addr->sin_addr),
- sizeof (addr->sin_addr), AF_INET);
- if (!hp)
- return DENY; /* never heard of it. misconfigured DNS? */
-
- /* Make sure the hostent is authorative. */
- tmpname = strdup(hp->h_name);
- if (!tmpname)
- return DENY;
- hp = gethostbyname(tmpname);
- free(tmpname);
- if (!hp)
- return DENY; /* never heard of it. misconfigured DNS? */
-
- /* Now make sure the address is on the list */
- for (sp = hp->h_addr_list ; *sp ; sp++) {
- if (memcmp(*sp, &(addr->sin_addr), hp->h_length) == 0)
- break;
- }
- if (!*sp)
- return DENY; /* it was a FAKE. */
+ struct request_info req;
- /* Check the official name and address. */
- if (hosts_ctl(daemon, hp->h_name, inet_ntoa(addr->sin_addr), "") == DENY)
- return DENY;
+ request_init(&req, RQ_DAEMON, daemon, RQ_CLIENT_SIN, addr, 0);
+ sock_methods(&req);
- /* Now check aliases. */
- for (sp = hp->h_aliases; *sp ; sp++) {
- if (hosts_ctl(daemon, *sp, inet_ntoa(addr->sin_addr), "") == DENY)
- return DENY;
- }
+ if (hosts_access(&req))
+ return ALLOW;
- return ALLOW;
+ return DENY;
}
/* check_startup - additional startup code */
(void) signal(SIGINT, toggle_verboselog);
}
+/* check_files - check to see if either access files have changed */
+
+static int check_files()
+{
+ static time_t allow_mtime, deny_mtime;
+ struct stat astat, dstat;
+ int changed = 0;
+
+ if (stat("/etc/hosts.allow", &astat) < 0)
+ astat.st_mtime = 0;
+ if (stat("/etc/hosts.deny", &dstat) < 0)
+ dstat.st_mtime = 0;
+
+ if(!astat.st_mtime || !dstat.st_mtime)
+ return changed;
+
+ if (astat.st_mtime != allow_mtime)
+ changed = 1;
+ else if (dstat.st_mtime != deny_mtime)
+ changed = 1;
+
+ allow_mtime = astat.st_mtime;
+ deny_mtime = dstat.st_mtime;
+
+ return changed;
+}
+
/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
int
u_long prog;
{
haccess_t *acc = NULL;
+ int changed = check_files();
- acc = haccess_lookup(addr, proc, prog);
- if (acc)
+ acc = haccess_lookup(addr, prog);
+ if (acc && changed == 0)
return (acc->access);
if (!(from_local(addr) || good_client(daemon, addr))) {
log_bad_host(addr, proc, prog);
- haccess_add(addr, proc, prog, FALSE);
+ if (acc)
+ acc->access = FALSE;
+ else
+ haccess_add(addr, prog, FALSE);
return (FALSE);
}
if (verboselog)
log_client(addr, proc, prog);
- haccess_add(addr, proc, prog, TRUE);
+ if (acc)
+ acc->access = TRUE;
+ else
+ haccess_add(addr, prog, TRUE);
return (TRUE);
}