diff options
| -rw-r--r-- | usr.sbin/inetd/Makefile | 4 | ||||
| -rw-r--r-- | usr.sbin/inetd/inetd.8 | 7 | ||||
| -rw-r--r-- | usr.sbin/inetd/inetd.c | 39 |
3 files changed, 26 insertions, 24 deletions
diff --git a/usr.sbin/inetd/Makefile b/usr.sbin/inetd/Makefile index d3485d1..ddb15c5 100644 --- a/usr.sbin/inetd/Makefile +++ b/usr.sbin/inetd/Makefile @@ -1,11 +1,11 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 -# $Id: Makefile,v 1.7 1999/04/11 09:22:17 markm Exp $ +# $Id: Makefile,v 1.8 1999/05/07 06:48:01 markm Exp $ PROG= inetd MAN8= inetd.8 MLINKS= inetd.8 inetd.conf.5 -COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP +COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP -DLIBWRAP_INTERNAL #COPTS+= -DSANITY_CHECK DPADD+= ${LIBUTIL} ${LIBWRAP} diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index 61b97cd..ec367ed 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 -.\" $Id: inetd.8,v 1.22.2.1 1999/05/01 22:01:52 obrien Exp $ +.\" $Id: inetd.8,v 1.25 1999/05/01 22:03:00 obrien Exp $ .\" .Dd February 7, 1996 .Dt INETD 8 @@ -382,14 +382,15 @@ Except when started in debugging mode, records its process ID in the file .Pa /var/run/inetd.pid to assist in reconfiguration. +.Sh IMPLEMENTATION NOTES .Pp Support is provided for TCP Wrappers; see the relevant documentation ( .Xr hosts_access 5 ). The .Pa tcpd -daemon is not required, as that functionality is builtin. This also allows -the ``internal'' services to be wrapped. +daemon is not required, as that functionality is builtin. +Only stream-based services, including ``internal'' services, may be wrapped. .Sh TCPMUX .Pp .Tn RFC 1078 diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index e72d954..64114ba 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)from: inetd.c 8.4 (Berkeley) 4/13/94"; #endif static const char rcsid[] = - "$Id: inetd.c,v 1.48 1999/04/11 09:22:17 markm Exp $"; + "$Id: inetd.c,v 1.49 1999/05/11 12:50:14 des Exp $"; #endif /* not lint */ /* @@ -146,8 +146,8 @@ static const char rcsid[] = #ifndef LIBWRAP_DENY_SEVERITY # define LIBWRAP_DENY_SEVERITY LOG_WARNING #endif -int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY; -int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY; +int allow_severity; +int deny_severity; #endif #ifdef LOGIN_CAP @@ -344,8 +344,6 @@ main(argc, argv, envp) int tmpint, ch, dofork; pid_t pid; char buf[50]; - struct sockaddr_in peer; - int i; #ifdef LOGIN_CAP login_cap_t *lc = NULL; #endif @@ -353,6 +351,9 @@ main(argc, argv, envp) struct request_info req; int denied; char *service = NULL; +#else + struct sockaddr_in peer; + int i; #endif @@ -538,6 +539,7 @@ main(argc, argv, envp) close(ctrl); continue; } +#ifndef LIBWRAP if (log) { i = sizeof peer; if (getpeername(ctrl, (struct sockaddr *) @@ -552,11 +554,16 @@ main(argc, argv, envp) sep->se_service, inet_ntoa(peer.sin_addr)); } +#endif } else ctrl = sep->se_fd; (void) sigblock(SIGBLOCK); pid = 0; #ifdef LIBWRAP_INTERNAL + /* + * When builtins are wrapped, avoid a minor optimization + * that breaks hosts_options(5) twist. + */ dofork = 1; #else dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork); @@ -624,21 +631,13 @@ main(argc, argv, envp) #endif if (sep->se_accept && sep->se_socktype == SOCK_STREAM) { - request_init(&req, - RQ_DAEMON, sep->se_server_name ? - sep->se_server_name : sep->se_service, - RQ_FILE, ctrl, NULL); + service = sep->se_server_name ? + sep->se_server_name : sep->se_service; + request_init(&req, RQ_DAEMON, service, RQ_FILE, ctrl, NULL); fromhost(&req); + deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY; + allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY; denied = !hosts_access(&req); - if (denied || log) { - sp = getservbyport(sep->se_ctrladdr.sin_port, sep->se_proto); - if (sp == NULL) { - (void)snprintf(buf, sizeof buf, "%d", - ntohs(sep->se_ctrladdr.sin_port)); - service = buf; - } else - service = sp->s_name; - } if (denied) { syslog(deny_severity, "refused connection from %.500s, service %s (%s)", @@ -746,8 +745,9 @@ main(argc, argv, envp) #endif if (sep->se_socktype != SOCK_STREAM) recv(0, buf, sizeof (buf), 0); - _exit(EX_OSERR); } + if (dofork) + _exit(0); } if (sep->se_accept && sep->se_socktype == SOCK_STREAM) close(ctrl); @@ -911,6 +911,7 @@ void config() SWAP(sep->se_class, new->se_class); #endif SWAP(sep->se_server, new->se_server); + SWAP(sep->se_server_name, new->se_server_name); for (i = 0; i < MAXARGV; i++) SWAP(sep->se_argv[i], new->se_argv[i]); sigsetmask(omask); |
