diff options
Diffstat (limited to 'contrib/amd/amd/amq_svc.c')
| -rw-r--r-- | contrib/amd/amd/amq_svc.c | 85 |
1 files changed, 82 insertions, 3 deletions
diff --git a/contrib/amd/amd/amq_svc.c b/contrib/amd/amd/amq_svc.c index 8468567..6fadb16 100644 --- a/contrib/amd/amd/amq_svc.c +++ b/contrib/amd/amd/amq_svc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2004 Erez Zadok + * Copyright (c) 1997-2006 Erez Zadok * Copyright (c) 1990 Jan-Simon Pendry * Copyright (c) 1990 Imperial College of Science, Technology & Medicine * Copyright (c) 1990 The Regents of the University of California. @@ -36,9 +36,8 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * %W% (Berkeley) %G% * - * $Id: amq_svc.c,v 1.4.2.5 2004/01/06 03:15:16 ezk Exp $ + * File: am-utils/amd/amq_svc.c * */ @@ -51,6 +50,65 @@ /* typedefs */ typedef char *(*amqsvcproc_t)(voidp, struct svc_req *); +#if defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) +# ifdef NEED_LIBWRAP_SEVERITY_VARIABLES +/* + * Some systems that define libwrap already define these two variables + * in libwrap, while others don't: so I need to know precisely iff + * to define these two severity variables. + */ +int allow_severity=0, deny_severity=0; +# endif /* NEED_LIBWRAP_SEVERITY_VARIABLES */ + +/* + * check if remote amq is authorized to access this amd. + * Returns: 1=allowed, 0=denied. + */ +static int +amqsvc_is_client_allowed(const struct sockaddr_in *addr, char *remote) +{ + struct hostent *h; + char *name = NULL, **ad; + int ret = 0; /* default is 0==denied */ + + /* Check IP address */ + if (hosts_ctl(AMD_SERVICE_NAME, "", remote, "")) { + ret = 1; + goto out; + } + /* Get address */ + if (!(h = gethostbyaddr((const char *)&(addr->sin_addr), + sizeof(addr->sin_addr), + AF_INET))) + goto out; + if (!(name = strdup(h->h_name))) + goto out; + /* Paranoia check */ + if (!(h = gethostbyname(name))) + goto out; + for (ad = h->h_addr_list; *ad; ad++) + if (!memcmp(*ad, &(addr->sin_addr), h->h_length)) + break; + if (!*ad) + goto out; + if (hosts_ctl(AMD_SERVICE_NAME, "", h->h_name, "")) { + return 1; + goto out; + } + /* Check aliases */ + for (ad = h->h_aliases; *ad; ad++) + if (hosts_ctl(AMD_SERVICE_NAME, "", *ad, "")) { + return 1; + goto out; + } + + out: + if (name) + XFREE(name); + return ret; +} +#endif /* defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) */ + void amq_program_1(struct svc_req *rqstp, SVCXPRT *transp) @@ -64,6 +122,21 @@ amq_program_1(struct svc_req *rqstp, SVCXPRT *transp) xdrproc_t xdr_argument, xdr_result; amqsvcproc_t local; +#if defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) + if (gopt.flags & CFM_USE_TCPWRAPPERS) { + struct sockaddr_in *remote_addr = svc_getcaller(rqstp->rq_xprt); + char *remote_hostname = inet_ntoa(remote_addr->sin_addr); + + if (!amqsvc_is_client_allowed(remote_addr, remote_hostname)) { + plog(XLOG_WARNING, "Amd denied remote amq service to %s", remote_hostname); + svcerr_auth(transp, AUTH_FAILED); + return; + } else { + dlog("Amd allowed remote amq service to %s", remote_hostname); + } + } +#endif /* defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) */ + switch (rqstp->rq_proc) { case AMQPROC_NULL: @@ -120,6 +193,12 @@ amq_program_1(struct svc_req *rqstp, SVCXPRT *transp) local = (amqsvcproc_t) amqproc_getpid_1_svc; break; + case AMQPROC_PAWD: + xdr_argument = (xdrproc_t) xdr_amq_string; + xdr_result = (xdrproc_t) xdr_amq_string; + local = (amqsvcproc_t) amqproc_pawd_1_svc; + break; + default: svcerr_noproc(transp); return; |
