summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
4bc0dba)
Eliminate these compiler warnings:
tcpwrapper.c: In function logit
tcpwrapper.c:225: warning: unused parameter procnum
tcpwrapper.c:225: warning: unused parameter prognum
Actually, @procnum is not used anywhere in our tcpwrapper.c, so
let's just get rid of it.
Since there is only one logit() call site in tcpwrapper.c, the macro
wrapper just adds needless clutter. Let's get rid of that too.
Finally, both mountd and statd now use xlog(), which adds an
appropriate program name prefix to every message. Replace the
open-coded syslog(2) call with an xlog() call in order to
consistently identify the RPC service reporting the intrusion.
Since logit() no longer references "deny_severity" and no nfs-utils
caller sets either allow_severity or deny_severity, we remove them.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-extern int verboselog;
-
-extern int allow_severity;
-extern int deny_severity;
-
extern int good_client(char *daemon, struct sockaddr_in *addr);
extern int from_local(const struct sockaddr *sap);
extern int good_client(char *daemon, struct sockaddr_in *addr);
extern int from_local(const struct sockaddr *sap);
-extern int check_default(char *daemon, struct sockaddr_in *addr,
- u_long proc, u_long prog);
+extern int check_default(char *daemon, struct sockaddr_in *addr, u_long prog);
#endif /* TCP_WRAPPER_H */
#endif /* TCP_WRAPPER_H */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <unistd.h>
#include <string.h>
#include <rpc/rpc.h>
#include <rpc/pmap_prot.h>
#include <unistd.h>
#include <string.h>
#include <rpc/rpc.h>
#include <rpc/pmap_prot.h>
#include <netdb.h>
#include <pwd.h>
#include <sys/types.h>
#include <netdb.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <tcpd.h>
#include <sys/stat.h>
#include <tcpd.h>
#include "xlog.h"
#ifdef SYSV40
#include "xlog.h"
#ifdef SYSV40
#include <rpc/rpcent.h>
#endif
#include <rpc/rpcent.h>
#endif
-static void logit(int severity, struct sockaddr_in *addr,
- u_long procnum, u_long prognum, char *text);
static int check_files(void);
static int check_files(void);
-/*
- * These need to exist since they are externed
- * public header files.
- */
-int verboselog = 0;
-int allow_severity = LOG_INFO;
-int deny_severity = LOG_WARNING;
-
-#define log_bad_host(addr, proc, prog) \
- logit(deny_severity, addr, proc, prog, "request from unauthorized host")
-
#define ALLOW 1
#define DENY 0
#define ALLOW 1
#define DENY 0
+static void
+logit(const struct sockaddr_in *sin)
+{
+ char buf[INET_ADDRSTRLEN];
+
+ xlog_warn("connect from %s denied: request from unauthorized host",
+ inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf)));
+
+}
+
int
good_client(daemon, addr)
char *daemon;
int
good_client(daemon, addr)
char *daemon;
-/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
-
+/**
+ * check_default - additional checks for NULL, DUMP, GETPORT and unknown
+ * @daemon: pointer to '\0'-terminated ASCII string containing name of the
+ * daemon requesting the access check
+ * @addr: pointer to socket address containing address of caller
+ * @prog: RPC program number caller is attempting to access
+ *
+ * Returns TRUE if the caller is allowed access; otherwise FALSE is returned.
+ */
-check_default(daemon, addr, proc, prog)
-char *daemon;
-struct sockaddr_in *addr;
-u_long proc;
-u_long prog;
+check_default(char *daemon, struct sockaddr_in *addr, u_long prog)
{
haccess_t *acc = NULL;
int changed = check_files();
{
haccess_t *acc = NULL;
int changed = check_files();
return (acc->access);
if (!(from_local((struct sockaddr *)addr) || good_client(daemon, addr))) {
return (acc->access);
if (!(from_local((struct sockaddr *)addr) || good_client(daemon, addr))) {
- log_bad_host(addr, proc, prog);
if (acc)
acc->access = FALSE;
else
if (acc)
acc->access = FALSE;
else
-/* logit - report events of interest via the syslog daemon */
-
-static void logit(int severity, struct sockaddr_in *addr,
- u_long procnum, u_long prognum, char *text)
-{
- syslog(severity, "connect from %s denied: %s",
- inet_ntoa(addr->sin_addr), text);
-}
-#endif
+#endif /* HAVE_LIBWRAP */
/* remote host authorization check */
if (sin->sin_family == AF_INET &&
/* remote host authorization check */
if (sin->sin_family == AF_INET &&
- !check_default("mountd", sin, rqstp->rq_proc, MOUNTPROG)) {
+ !check_default("mountd", sin, MOUNTPROG)) {
svcerr_auth (transp, AUTH_FAILED);
return;
}
svcerr_auth (transp, AUTH_FAILED);
return;
}
/* remote host authorization check */
if (sin->sin_family == AF_INET &&
/* remote host authorization check */
if (sin->sin_family == AF_INET &&
- !check_default("statd", sin, rqstp->rq_proc, SM_PROG)) {
+ !check_default("statd", sin, SM_PROG)) {
svcerr_auth (transp, AUTH_FAILED);
return;
}
svcerr_auth (transp, AUTH_FAILED);
return;
}