X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=support%2Fmisc%2Ftcpwrapper.c;h=03f5dc4401761496c0fd548ead71d52f0c6ab935;hp=a361496e25720b5f8cf56f7e06dabaa3689bc4f5;hb=7d81b45faeb9ca652f4076cfecd0da742caa22a8;hpb=9d1cf415ecf3466ca5c4cf518915e363d75a6a6e diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c index a361496..03f5dc4 100644 --- a/support/misc/tcpwrapper.c +++ b/support/misc/tcpwrapper.c @@ -34,13 +34,12 @@ #ifdef HAVE_CONFIG_H #include #endif + #ifdef HAVE_LIBWRAP -#include #include #include #include #include -#include #include #include #include @@ -49,6 +48,7 @@ #include #include +#include "tcpwrapper.h" #include "xlog.h" #ifdef SYSV40 @@ -56,20 +56,15 @@ #include #endif -static void logit(int severity, struct sockaddr_in *addr, - u_long procnum, u_long prognum, char *text); static int check_files(void); -#define log_bad_host(addr, proc, prog) \ - logit(LOG_WARNING, addr, proc, prog, "request from unauthorized host") - #define ALLOW 1 #define DENY 0 typedef struct _haccess_t { - TAILQ_ENTRY(_haccess_t) list; - int access; - struct in_addr addr; + TAILQ_ENTRY(_haccess_t) list; + int allowed; + struct in_addr addr; } haccess_t; #define HASH_TABLE_SIZE 1021 @@ -78,31 +73,37 @@ typedef struct _hash_head { } hash_head; hash_head haccess_tbl[HASH_TABLE_SIZE]; static haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long); -static void haccess_add(struct sockaddr_in *addr, u_long, int); -inline unsigned int strtoint(char *str) +static unsigned long +strtoint(const char *str) { - unsigned int n = 0; - int len = strlen(str); - int i; + unsigned long i, n = 0; + size_t len = strlen(str); - for (i=0; i < len; i++) - n+=((int)str[i])*i; + for (i = 0; i < len; i++) + n += (unsigned char)str[i] * i; return n; } -static inline int hashint(unsigned int num) + +static unsigned int +hashint(const unsigned long num) +{ + return (unsigned int)(num % HASH_TABLE_SIZE); +} + +static unsigned int +HASH(const char *addr, const unsigned long program) { - return num % HASH_TABLE_SIZE; + return hashint(strtoint(addr) + program); } -#define HASH(_addr, _prog) \ - hashint((strtoint((_addr))+(_prog))) -void haccess_add(struct sockaddr_in *addr, u_long prog, int access) +static void +haccess_add(struct sockaddr_in *addr, u_long prog, int allowed) { hash_head *head; - haccess_t *hptr; - int hash; + haccess_t *hptr; + unsigned int hash; hptr = (haccess_t *)malloc(sizeof(haccess_t)); if (hptr == NULL) @@ -111,7 +112,7 @@ void haccess_add(struct sockaddr_in *addr, u_long prog, int access) hash = HASH(inet_ntoa(addr->sin_addr), prog); head = &(haccess_tbl[hash]); - hptr->access = access; + hptr->allowed = allowed; hptr->addr.s_addr = addr->sin_addr.s_addr; if (TAILQ_EMPTY(&head->h_head)) @@ -122,8 +123,8 @@ void haccess_add(struct sockaddr_in *addr, u_long prog, int access) haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long prog) { hash_head *head; - haccess_t *hptr; - int hash; + haccess_t *hptr; + unsigned int hash; hash = HASH(inet_ntoa(addr->sin_addr), prog); head = &(haccess_tbl[hash]); @@ -135,14 +136,22 @@ haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long prog) return NULL; } -int -good_client(daemon, addr) -char *daemon; -struct sockaddr_in *addr; +static void +logit(const struct sockaddr_in *sin) +{ + char buf[INET_ADDRSTRLEN]; + + xlog_warn("connect from %s denied: request from unauthorized host", + inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf))); + +} + +static int +good_client(char *name, struct sockaddr_in *addr) { struct request_info req; - request_init(&req, RQ_DAEMON, daemon, RQ_CLIENT_SIN, addr, 0); + request_init(&req, RQ_DAEMON, name, RQ_CLIENT_SIN, addr, 0); sock_methods(&req); if (hosts_access(&req)) @@ -178,45 +187,40 @@ static int check_files() return changed; } -/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */ - +/** + * check_default - additional checks for NULL, DUMP, GETPORT and unknown + * @name: pointer to '\0'-terminated ASCII string containing name of the + * daemon requesting the access check + * @addr: pointer to socket address containing address of caller + * @prog: RPC program number caller is attempting to access + * + * Returns TRUE if the caller is allowed access; otherwise FALSE is returned. + */ int -check_default(daemon, addr, proc, prog) -char *daemon; -struct sockaddr_in *addr; -u_long proc; -u_long prog; +check_default(char *name, struct sockaddr_in *addr, u_long prog) { haccess_t *acc = NULL; int changed = check_files(); acc = haccess_lookup(addr, prog); if (acc && changed == 0) - return (acc->access); + return acc->allowed; - if (!(from_local(addr) || good_client(daemon, addr))) { - log_bad_host(addr, proc, prog); + if (!(from_local((struct sockaddr *)addr) || good_client(name, addr))) { + logit(addr); if (acc) - acc->access = FALSE; + acc->allowed = FALSE; else haccess_add(addr, prog, FALSE); return (FALSE); } if (acc) - acc->access = TRUE; + acc->allowed = TRUE; else haccess_add(addr, prog, TRUE); return (TRUE); } -/* logit - report events of interest via the syslog daemon */ - -static void logit(int severity, struct sockaddr_in *addr, - u_long procnum, u_long prognum, char *text) -{ - syslog(severity, "connect from %s denied: %s", - inet_ntoa(addr->sin_addr), text); -} -#endif +#endif /* HAVE_LIBWRAP */