|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
Author: Steve Dickson <steved@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
Date: Sat Jan 31 06:17:18 2009 -0500
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
General clean up. Removed unused routines. Reworked syslog
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
message to (hopefully) make it more sensible. Move
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
"#ifdef HAVE_LIBWRAP" around so nothing will be defined
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
when tcp wrapper is not configured.
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
diff -up nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig nfs-utils-1.1.4/support/misc/tcpwrapper.c
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
--- nfs-utils-1.1.4/support/misc/tcpwrapper.c.orig 2009-01-31 06:27:54.000000000 -0500
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
+++ nfs-utils-1.1.4/support/misc/tcpwrapper.c 2009-01-31 06:31:32.000000000 -0500
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
@@ -34,6 +34,7 @@
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
#ifdef HAVE_CONFIG_H
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
#include <config.h>
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
#endif
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
+#ifdef HAVE_LIBWRAP
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
#include <tcpwrapper.h>
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
#include <unistd.h>
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
#include <string.h>
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
@@ -57,40 +58,10 @@
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
static void logit(int severity, struct sockaddr_in *addr,
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
u_long procnum, u_long prognum, char *text);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-static void toggle_verboselog(int sig);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-int verboselog = 0;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-int allow_severity = LOG_INFO;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-int deny_severity = LOG_WARNING;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-/* A handful of macros for "readability". */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#ifdef HAVE_LIBWRAP
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-/* coming from libwrap.a (tcp_wrappers) */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-extern int hosts_ctl(char *daemon, char *name, char *addr, char *user);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#else
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-int hosts_ctl(char *daemon, char *name, char *addr, char *user)
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-{
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- return 0;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-}
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#endif
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#define legal_port(a,p) \
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- (ntohs((a)->sin_port) < IPPORT_RESERVED || (p) >= IPPORT_RESERVED)
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#define log_bad_port(addr, proc, prog) \
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- logit(deny_severity, addr, proc, prog, ": request from unprivileged port")
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
+static int check_files(void);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
#define log_bad_host(addr, proc, prog) \
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- logit(deny_severity, addr, proc, prog, ": request from unauthorized host")
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#define log_bad_owner(addr, proc, prog) \
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- logit(deny_severity, addr, proc, prog, ": request from non-local host")
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#define log_no_forward(addr, proc, prog) \
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- logit(deny_severity, addr, proc, prog, ": request not forwarded")
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#define log_client(addr, proc, prog) \
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- logit(allow_severity, addr, proc, prog, "")
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
+ logit(LOG_WARNING, addr, proc, prog, "request from unauthorized host")
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
#define ALLOW 1
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
#define DENY 0
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
@@ -180,46 +151,9 @@ struct sockaddr_in *addr;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
return DENY;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
}
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-/* check_startup - additional startup code */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-void check_startup(void)
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-{
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- /*
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- * Give up root privileges so that we can never allocate a privileged
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- * port when forwarding an rpc request.
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- *
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- * Fix 8/3/00 Philipp Knirsch: First lookup our rpc user. If we find it,
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- * switch to that uid, otherwise simply resue the old bin user and print
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- * out a warning in syslog.
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- struct passwd *pwent;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- pwent = getpwnam("rpc");
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- if (pwent == NULL) {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- syslog(LOG_WARNING, "user rpc not found, reverting to user bin");
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- if (setuid(1) == -1) {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- syslog(LOG_ERR, "setuid(1) failed: %m");
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- exit(1);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- }
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- }
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- else {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- if (setuid(pwent->pw_uid) == -1) {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- syslog(LOG_WARNING, "setuid() to rpc user failed: %m");
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- if (setuid(1) == -1) {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- syslog(LOG_ERR, "setuid(1) failed: %m");
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- exit(1);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- }
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- }
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- }
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- (void) signal(SIGINT, toggle_verboselog);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-}
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
/* check_files - check to see if either access files have changed */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-int check_files()
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
+static int check_files()
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
{
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
static time_t allow_mtime, deny_mtime;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
struct stat astat, dstat;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
@@ -268,78 +202,21 @@ u_long prog;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
haccess_add(addr, prog, FALSE);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
return (FALSE);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
}
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- if (verboselog)
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- log_client(addr, proc, prog);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
if (acc)
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
acc->access = TRUE;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
else
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
haccess_add(addr, prog, TRUE);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- return (TRUE);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-}
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-/* check_privileged_port - additional checks for privileged-port updates */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-int
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-check_privileged_port(struct sockaddr_in *addr,
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- u_long proc, u_long prog, u_long port)
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-{
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#ifdef CHECK_PORT
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- if (!legal_port(addr, port)) {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- log_bad_port(addr, proc, prog);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- return (FALSE);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- }
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-#endif
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
return (TRUE);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
}
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-/* toggle_verboselog - toggle verbose logging flag */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-static void toggle_verboselog(int sig)
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-{
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- (void) signal(sig, toggle_verboselog);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- verboselog = !verboselog;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-}
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
/* logit - report events of interest via the syslog daemon */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
static void logit(int severity, struct sockaddr_in *addr,
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
u_long procnum, u_long prognum, char *text)
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
{
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- char *procname;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- char procbuf[16 + 4 * sizeof(u_long)];
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- char *progname;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- char progbuf[16 + 4 * sizeof(u_long)];
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- struct rpcent *rpc;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- /*
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- * Fork off a process or the portmap daemon might hang while
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- * getrpcbynumber() or syslog() does its thing.
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- *
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- * Don't forget to wait for the children, too...
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- if (fork() == 0) {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- /* Try to map program number to name. */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- if (prognum == 0) {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- progname = "";
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- } else if ((rpc = getrpcbynumber((int) prognum))) {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- progname = rpc->r_name;
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- } else {
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- snprintf(progname = progbuf, sizeof (progbuf),
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- "prog (%lu)", prognum);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- }
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- /* Try to map procedure number to name. */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- snprintf(procname = procbuf, sizeof (procbuf),
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- "proc (%lu)", (u_long) procnum);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- /* Write syslog record. */
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
-
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- syslog(severity, "connect from %s to %s in %s%s",
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- inet_ntoa(addr->sin_addr), procname, progname, text);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- exit(0);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
- }
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
+ syslog(severity, "connect from %s denied: %s",
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
+ inet_ntoa(addr->sin_addr), text);
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
}
|
|
![](https://seccdn.libravatar.org/avatar/79dde3aae8e74a087a9437286a490898715b52e98b8655cac3f971ab0a473044?s=16&d=retro) |
ca5a1da |
+#endif
|