diff options
| author | Mark Murray <markm@FreeBSD.org> | 1999-03-28 10:50:30 +0000 |
|---|---|---|
| committer | Mark Murray <markm@FreeBSD.org> | 1999-03-28 10:50:30 +0000 |
| commit | 9980037e50c813836fc1d6c60b482ee8848ee928 (patch) | |
| tree | e1e8dc5a440ec3dd5578737d01a79d9fd351058f | |
| parent | f8b0e8c9ff02561cf6efcecbcf9dcab7f0aa8ca8 (diff) | |
Notes
| -rw-r--r-- | usr.sbin/inetd/Makefile | 7 | ||||
| -rw-r--r-- | usr.sbin/inetd/inetd.8 | 10 | ||||
| -rw-r--r-- | usr.sbin/inetd/inetd.c | 72 |
3 files changed, 80 insertions, 9 deletions
diff --git a/usr.sbin/inetd/Makefile b/usr.sbin/inetd/Makefile index 2682ea5c9a0b..1c671fc66df2 100644 --- a/usr.sbin/inetd/Makefile +++ b/usr.sbin/inetd/Makefile @@ -1,13 +1,14 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 +# $Id$ PROG= inetd MAN8= inetd.8 MLINKS= inetd.8 inetd.conf.5 -COPTS+= -Wall -DLOGIN_CAP +COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP #COPTS+= -DSANITY_CHECK -DPADD+= ${LIBUTIL} -LDADD+= -lutil +DPADD+= ${LIBUTIL} ${LIBWRAP} +LDADD+= -lutil -lwrap .include <bsd.prog.mk> diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index 272db9472bf0..55c246184d6c 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 -.\" $Id: inetd.8,v 1.21 1998/05/15 19:16:35 pb Exp $ +.\" $Id: inetd.8,v 1.22 1998/06/10 12:34:25 phk Exp $ .\" .Dd February 7, 1996 .Dt INETD 8 @@ -382,6 +382,10 @@ Except when started in debugging mode, records its process ID in the file .Pa /var/run/inetd.pid to assist in reconfiguration. +.Pp +Support is provided for tcp_wrappers; see the relevant documentation. The +.Pa tcpd +daemon is not required. .Sh TCPMUX .Pp .Tn RFC 1078 @@ -521,7 +525,9 @@ socket but was unable to. .Xr rlogind 8 , .Xr rshd 8 , .Xr telnetd 8 , -.Xr tftpd 8 +.Xr tftpd 8 , +.Xr hosts_access 5 , +.Xr hosts_options 5 .Sh HISTORY The .Nm diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index 124d8042ac9a..f7cd1d56c42d 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)from: inetd.c 8.4 (Berkeley) 4/13/94"; #endif static const char rcsid[] = - "$Id: inetd.c,v 1.45 1999/01/02 16:04:19 des Exp $"; + "$Id: inetd.c,v 1.46 1999/01/05 11:56:35 danny Exp $"; #endif /* not lint */ /* @@ -132,6 +132,24 @@ static const char rcsid[] = #include <libutil.h> #include <sysexits.h> +#ifdef LIBWRAP +# include <tcpd.h> +#ifndef LIBWRAP_ALLOW_FACILITY +# define LIBWRAP_ALLOW_FACILITY LOG_AUTH +#endif +#ifndef LIBWRAP_ALLOW_SEVERITY +# define LIBWRAP_ALLOW_SEVERITY LOG_INFO +#endif +#ifndef LIBWRAP_DENY_FACILITY +# define LIBWRAP_DENY_FACILITY LOG_AUTH +#endif +#ifndef LIBWRAP_DENY_SEVERITY +# define LIBWRAP_DENY_SEVERITY LOG_WARNING +#endif +int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY; +int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY; +#endif + #ifdef LOGIN_CAP #include <login_cap.h> @@ -268,7 +286,7 @@ struct biltin { { "discard", SOCK_STREAM, 1, 0, discard_stream }, { "discard", SOCK_DGRAM, 0, 0, discard_dg }, - /* Return 32 bit time since 1900 */ + /* Return 32 bit time since 1970 */ { "time", SOCK_STREAM, 0, 0, machtime_stream }, { "time", SOCK_DGRAM, 0, 0, machtime_dg }, @@ -330,6 +348,11 @@ main(argc, argv, envp) #ifdef LOGIN_CAP login_cap_t *lc = NULL; #endif +#ifdef LIBWRAP + struct request_info req; + int denied; + char *service = NULL; +#endif #ifdef OLD_SETPROCTITLE @@ -532,7 +555,11 @@ main(argc, argv, envp) ctrl = sep->se_fd; (void) sigblock(SIGBLOCK); pid = 0; +#ifdef LIBWRAP_INTERNAL + dofork = 1; +#else dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork); +#endif if (dofork) { if (sep->se_count++ == 0) (void)gettimeofday(&sep->se_time, (struct timezone *)NULL); @@ -590,6 +617,40 @@ main(argc, argv, envp) _exit(0); } } +#ifdef LIBWRAP +#ifndef LIBWRAP_INTERNAL + if (sep->se_bi == 0) +#endif + if (sep->se_accept + && sep->se_socktype == SOCK_STREAM) { + request_init(&req, + RQ_DAEMON, sep->se_argv[0] ? + sep->se_argv[0] : sep->se_service, + RQ_FILE, ctrl, NULL); + fromhost(&req); + denied = !hosts_access(&req); + if (denied || log) { + sp = getservbyport(sep->se_ctrladdr.sin_port, sep->se_proto); + if (sp == NULL) { + (void)snprintf(buf, sizeof buf, "%d", + ntohs(sep->se_ctrladdr.sin_port)); + service = buf; + } else + service = sp->s_name; + } + if (denied) { + syslog(deny_severity, + "refused connection from %.500s, service %s (%s)", + eval_client(&req), service, sep->se_proto); + goto reject; + } + if (log) { + syslog(allow_severity, + "connection from %.500s, service %s (%s)", + eval_client(&req), service, sep->se_proto); + } + } +#endif /* LIBWRAP */ if (sep->se_bi) { (*sep->se_bi->bi_fn)(ctrl, sep); /* NOTREACHED */ @@ -677,10 +738,13 @@ main(argc, argv, envp) sigaction(SIGPIPE, &sapipe, (struct sigaction *)0); execv(sep->se_server, sep->se_argv); - if (sep->se_socktype != SOCK_STREAM) - recv(0, buf, sizeof (buf), 0); syslog(LOG_ERR, "cannot execute %s: %m", sep->se_server); +#ifdef LIBWRAP + reject: +#endif + if (sep->se_socktype != SOCK_STREAM) + recv(0, buf, sizeof (buf), 0); _exit(EX_OSERR); } } |