diff options
| author | des <des@FreeBSD.org> | 2000-01-14 15:09:06 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2000-01-14 15:09:06 +0000 |
| commit | 3663c2376bf921e4474b8365ff2fb707ea3b6d4f (patch) | |
| tree | 89a5124ce8e4f5776295342eb2a0683a4ef9d67f /usr.sbin | |
| parent | 873e6077f11187875268f5fe59ad061777b05c92 (diff) | |
| download | FreeBSD-src-3663c2376bf921e4474b8365ff2fb707ea3b6d4f.zip FreeBSD-src-3663c2376bf921e4474b8365ff2fb707ea3b6d4f.tar.gz | |
Slight change of secure mode semantics: instead of reading (and counting)
vogons, set the size of the receive buffer to 1 and rely on the kernel to
simply drop incoming packets. The logging code was buggy anyway.
Use socklen_t instead of int for the length argument to recvfrom.
Add a 'continue' at the end of a loop for ANSI conformance.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/syslogd/syslogd.c | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index fb6094e..25d4e42 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -258,7 +258,6 @@ int Initialized = 0; /* set when we have initialized ourselves */ int MarkInterval = 20 * 60; /* interval between marks in seconds */ int MarkSeq = 0; /* mark sequence number */ int SecureMode = 0; /* when true, receive only unix domain socks */ -u_int Vogons = 0; /* packets arriving in SecureMode */ char bootfile[MAXLINE+1]; /* booted kernel file */ @@ -297,13 +296,14 @@ main(argc, argv) int argc; char *argv[]; { - int ch, i, l, len; + int ch, i, l; struct sockaddr_un sunx, fromunix; struct sockaddr_in sin, frominet; FILE *fp; char *p, *hname, line[MAXLINE + 1]; struct timeval tv, *tvp; pid_t ppid = 1; + socklen_t len; while ((ch = getopt(argc, argv, "a:dl:f:m:p:suv")) != -1) switch(ch) { @@ -417,6 +417,17 @@ main(argc, argv) die(0); } } + if (finet >= 0 && SecureMode) { + int bufsize; + + bufsize = 1; + if (setsockopt(finet, SOL_SOCKET, SO_RCVBUF, + &bufsize, sizeof bufsize) < 0) { + logerror("setsockopt"); + if (!Debug) + die(0); + } + } if ((fklog = open(_PATH_KLOG, O_RDONLY, 0)) >= 0) if (fcntl(fklog, F_SETFL, O_NONBLOCK) < 0) @@ -449,7 +460,7 @@ main(argc, argv) if (fklog > nfds) nfds = fklog; } - if (finet != -1) { + if (finet != -1 && !SecureMode) { FD_SET(finet, &readfds); if (finet > nfds) nfds = finet; @@ -485,16 +496,7 @@ main(argc, argv) len = sizeof(frominet); l = recvfrom(finet, line, MAXLINE, 0, (struct sockaddr *)&frominet, &len); - if (SecureMode) { - Vogons++; - if (!(Vogons & (Vogons - 1))) { - (void)snprintf(line, sizeof line, -"syslogd: discarded %d unwanted packets in secure mode, last from %s", Vogons, - inet_ntoa(frominet.sin_addr)); - logmsg(LOG_SYSLOG|LOG_AUTH, line, - LocalHostName, ADDDATE); - } - } else if (l > 0) { + if (l > 0) { line[l] = '\0'; hname = cvthname(&frominet); if (validate(&frominet, hname)) @@ -1084,6 +1086,7 @@ reapchild(signo) break; } oncemore: + continue; } } |
