summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--support/include/tcpwrapper.h8
-rw-r--r--support/misc/tcpwrapper.c56
-rw-r--r--utils/mountd/mount_dispatch.c2
-rw-r--r--utils/statd/statd.c2
4 files changed, 27 insertions, 41 deletions
diff --git a/support/include/tcpwrapper.h b/support/include/tcpwrapper.h
index f1145bd..941394e 100644
--- a/support/include/tcpwrapper.h
+++ b/support/include/tcpwrapper.h
@@ -5,14 +5,8 @@
#include <netinet/in.h>
#include <arpa/inet.h>
-extern int verboselog;
-
-extern int allow_severity;
-extern int deny_severity;
-
extern int good_client(char *daemon, struct sockaddr_in *addr);
extern int from_local(const struct sockaddr *sap);
-extern int check_default(char *daemon, struct sockaddr_in *addr,
- u_long proc, u_long prog);
+extern int check_default(char *daemon, struct sockaddr_in *addr, u_long prog);
#endif /* TCP_WRAPPER_H */
diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c
index af626ad..b981d58 100644
--- a/support/misc/tcpwrapper.c
+++ b/support/misc/tcpwrapper.c
@@ -34,13 +34,12 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
+
#ifdef HAVE_LIBWRAP
-#include <tcpwrapper.h>
#include <unistd.h>
#include <string.h>
#include <rpc/rpc.h>
#include <rpc/pmap_prot.h>
-#include <syslog.h>
#include <netdb.h>
#include <pwd.h>
#include <sys/types.h>
@@ -49,6 +48,7 @@
#include <sys/stat.h>
#include <tcpd.h>
+#include "tcpwrapper.h"
#include "xlog.h"
#ifdef SYSV40
@@ -56,21 +56,8 @@
#include <rpc/rpcent.h>
#endif
-static void logit(int severity, struct sockaddr_in *addr,
- u_long procnum, u_long prognum, char *text);
static int check_files(void);
-/*
- * These need to exist since they are externed
- * public header files.
- */
-int verboselog = 0;
-int allow_severity = LOG_INFO;
-int deny_severity = LOG_WARNING;
-
-#define log_bad_host(addr, proc, prog) \
- logit(deny_severity, addr, proc, prog, "request from unauthorized host")
-
#define ALLOW 1
#define DENY 0
@@ -143,6 +130,16 @@ haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long prog)
return NULL;
}
+static void
+logit(const struct sockaddr_in *sin)
+{
+ char buf[INET_ADDRSTRLEN];
+
+ xlog_warn("connect from %s denied: request from unauthorized host",
+ inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf)));
+
+}
+
int
good_client(daemon, addr)
char *daemon;
@@ -186,14 +183,17 @@ static int check_files()
return changed;
}
-/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
-
+/**
+ * check_default - additional checks for NULL, DUMP, GETPORT and unknown
+ * @daemon: pointer to '\0'-terminated ASCII string containing name of the
+ * daemon requesting the access check
+ * @addr: pointer to socket address containing address of caller
+ * @prog: RPC program number caller is attempting to access
+ *
+ * Returns TRUE if the caller is allowed access; otherwise FALSE is returned.
+ */
int
-check_default(daemon, addr, proc, prog)
-char *daemon;
-struct sockaddr_in *addr;
-u_long proc;
-u_long prog;
+check_default(char *daemon, struct sockaddr_in *addr, u_long prog)
{
haccess_t *acc = NULL;
int changed = check_files();
@@ -203,7 +203,7 @@ u_long prog;
return (acc->access);
if (!(from_local((struct sockaddr *)addr) || good_client(daemon, addr))) {
- log_bad_host(addr, proc, prog);
+ logit(addr);
if (acc)
acc->access = FALSE;
else
@@ -219,12 +219,4 @@ u_long prog;
return (TRUE);
}
-/* logit - report events of interest via the syslog daemon */
-
-static void logit(int severity, struct sockaddr_in *addr,
- u_long procnum, u_long prognum, char *text)
-{
- syslog(severity, "connect from %s denied: %s",
- inet_ntoa(addr->sin_addr), text);
-}
-#endif
+#endif /* HAVE_LIBWRAP */
diff --git a/utils/mountd/mount_dispatch.c b/utils/mountd/mount_dispatch.c
index 199fcec..d2802ef 100644
--- a/utils/mountd/mount_dispatch.c
+++ b/utils/mountd/mount_dispatch.c
@@ -75,7 +75,7 @@ mount_dispatch(struct svc_req *rqstp, SVCXPRT *transp)
/* remote host authorization check */
if (sin->sin_family == AF_INET &&
- !check_default("mountd", sin, rqstp->rq_proc, MOUNTPROG)) {
+ !check_default("mountd", sin, MOUNTPROG)) {
svcerr_auth (transp, AUTH_FAILED);
return;
}
diff --git a/utils/statd/statd.c b/utils/statd/statd.c
index 7be6454..fa3c6d5 100644
--- a/utils/statd/statd.c
+++ b/utils/statd/statd.c
@@ -79,7 +79,7 @@ sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp)
/* remote host authorization check */
if (sin->sin_family == AF_INET &&
- !check_default("statd", sin, rqstp->rq_proc, SM_PROG)) {
+ !check_default("statd", sin, SM_PROG)) {
svcerr_auth (transp, AUTH_FAILED);
return;
}
generated by cgit (git 2.34.1) at 2025-07-03 00:42:34 +0000