Add libwrap support to supfilesrv, as annnounced 2 weeks ago on tech-userlevel,

conditioned by #ifdef LIBWRAP (on by default).
I renamed '-l' (the 'live' mode) to '-d' and '-l' is now used to enable
logging of successfull connections, to be consistent with what other NetBSD
daemon use.
These changes are on on sup2.fr.netbsd.org since 2 weeks.
This commit is contained in:
bouyer 1999-08-24 15:52:52 +00:00
parent 5cfe8783f9
commit 28602510ee
6 changed files with 160 additions and 13 deletions

View File

@ -1,6 +1,6 @@
# $NetBSD: Makefile.inc,v 1.4 1998/01/21 09:07:04 mikel Exp $
# $NetBSD: Makefile.inc,v 1.5 1999/08/24 15:52:52 bouyer Exp $
CPPFLAGS+=-UCMUCS -UCMU -UMACH -DVAR_TMP -DHAS_DAEMON -DHAS_POSIX_DIR
CPPFLAGS+=-UCMUCS -UCMU -UMACH -DVAR_TMP -DHAS_DAEMON -DHAS_POSIX_DIR -DLIBWRAP
CPPFLAGS+=-I${.CURDIR}/../source -I${.CURDIR}/../lib -I${.CURDIR}/../sys
CPPFLAGS+=-DEE_XXX

View File

@ -1,4 +1,4 @@
/* $NetBSD: log.c,v 1.4 1999/04/12 20:48:07 pk Exp $ */
/* $NetBSD: log.c,v 1.5 1999/08/24 15:52:53 bouyer Exp $ */
/*
* Copyright (c) 1992 Carnegie Mellon University
@ -154,3 +154,82 @@ va_dcl
printf ("%s\n",buf);
(void) fflush (stdout);
}
#ifdef LIBWRAP
#include <tcpd.h>
#ifndef LIBWRAP_ALLOW_FACILITY
# define LIBWRAP_ALLOW_FACILITY LOG_AUTH
#endif
#ifndef LIBWRAP_ALLOW_SEVERITY
# define LIBWRAP_ALLOW_SEVERITY LOG_INFO
#endif
#ifndef LIBWRAP_DENY_FACILITY
# define LIBWRAP_DENY_FACILITY LOG_AUTH
#endif
#ifndef LIBWRAP_DENY_SEVERITY
# define LIBWRAP_DENY_SEVERITY LOG_WARNING
#endif
int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
void
#ifdef __STDC__
logdeny(char *fmt,...)
#else
/*VARARGS*//*ARGSUSED*/
logdeny(va_alist)
va_dcl
#endif
{
char buf[STRINGLENGTH];
va_list ap;
#ifdef __STDC__
va_start(ap,fmt);
#else
char *fmt;
va_start(ap);
fmt = va_arg(ap,char *);
#endif
vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
if (opened) {
syslog (deny_severity, buf);
return;
}
printf ("%s\n",buf);
(void) fflush (stdout);
}
void
#ifdef __STDC__
logallow(char *fmt,...)
#else
/*VARARGS*//*ARGSUSED*/
logallow(va_alist)
va_dcl
#endif
{
char buf[STRINGLENGTH];
va_list ap;
#ifdef __STDC__
va_start(ap,fmt);
#else
char *fmt;
va_start(ap);
fmt = va_arg(ap,char *);
#endif
vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
if (opened) {
syslog (allow_severity, buf);
return;
}
printf ("%s\n",buf);
(void) fflush (stdout);
}
#endif /* LIBWRAP */

View File

@ -1,4 +1,4 @@
/* $NetBSD: supextern.h,v 1.9 1999/08/02 05:36:05 erh Exp $ */
/* $NetBSD: supextern.h,v 1.10 1999/08/24 15:52:54 bouyer Exp $ */
struct stat;
@ -35,6 +35,10 @@ void logopen __P((char *));
void logquit __P((int, char *, ...));
void logerr __P((char *, ...));
void loginfo __P((char *, ...));
#ifdef LIBWRAP
void logdeny __P((char *, ...));
void logallow __P((char *, ...));
#endif
/* netcryptvoid.c */
int netcrypt __P((char *));

View File

@ -1,4 +1,4 @@
/* $NetBSD: supfilesrv.c,v 1.17 1999/04/12 20:48:08 pk Exp $ */
/* $NetBSD: supfilesrv.c,v 1.18 1999/08/24 15:52:56 bouyer Exp $ */
/*
* Copyright (c) 1992 Carnegie Mellon University
@ -28,8 +28,9 @@
/*
* supfilesrv -- SUP File Server
*
* Usage: supfilesrv [-l] [-P] [-N] [-R] [-S]
* -l "live" -- don't fork daemon
* Usage: supfilesrv [-d] [-l] [-P] [-N] [-R] [-S]
* -d "debug" -- don't fork daemon
* -l "log" -- print successull connects (when compiled with libwrap)
* -P "debug ports" -- use debugging network ports
* -N "debug network" -- print debugging messages for network i/o
* -R "RCS mode" -- if file is an rcs file, use co to get contents
@ -37,6 +38,9 @@
*
**********************************************************************
* HISTORY
* 2-Aug-99 Manuel Bouyer at LIP6
* Added libwrap support
*
* 13-Sep-92 Mary Thompson (mrt) at Carnegie-Mellon University
* Changed name of sup program in xpatch from /usr/cs/bin/sup to
* /usr/bin/sup for exported version of sup.
@ -250,6 +254,9 @@
# include <sys/mkdev.h>
# include <sys/statvfs.h>
#endif
#ifdef LIBWRAP
#include <tcpd.h>
#endif
#include "supcdefs.h"
#include "supextern.h"
@ -302,7 +309,10 @@ jmp_buf sjbuf; /* jump location for network errors */
TREELIST *listTL; /* list of trees to upgrade */
int silent; /* -S flag */
int live; /* -l flag */
#ifdef LIBWRAP
int clog; /* -l flag */
#endif
int live; /* -d flag */
int dbgportsq; /* -P flag */
extern int scmdebug; /* -N flag */
extern int netfile;
@ -376,6 +386,9 @@ char **argv;
sigset_t nset, oset;
struct sigaction chld,ign;
time_t tloc;
#ifdef LIBWRAP
struct request_info req;
#endif
/* initialize global variables */
pgmversion = PGMVERSION; /* export version number */
@ -396,8 +409,23 @@ char **argv;
PROTOVERSION,PGMVERSION,scmversion,fmttime (tloc));
if (live) {
x = service ();
if (x != SCMOK)
logquit (1,"Can't connect to network");
#ifdef LIBWRAP
request_init(&req, RQ_DAEMON, "supfilesrv", RQ_FILE, netfile,
NULL);
fromhost(&req);
if (hosts_access(&req) == 0) {
logdeny("refused connection from %.500s",
eval_client(&req));
servicekill();
exit(1);
}
if (clog) {
logallow("connection from %.500s", eval_client(&req));
}
#endif
answer ();
(void) serviceend ();
exit (0);
@ -424,6 +452,21 @@ char **argv;
sigaddset(&nset, SIGCHLD);
sigprocmask(SIG_BLOCK, &nset, &oset);
if ((pid = fork()) == 0) { /* server process */
#ifdef LIBWRAP
request_init(&req, RQ_DAEMON, "supfilesrv", RQ_FILE,
netfile, NULL);
fromhost(&req);
if (hosts_access(&req) == 0) {
logdeny("refused connection from %.500s",
eval_client(&req));
servicekill();
exit(1);
}
if (clog) {
logallow("connection from %.500s",
eval_client(&req));
}
#endif
(void) serviceprep ();
answer ();
(void) serviceend ();
@ -457,7 +500,11 @@ chldsig(snum)
void
usage ()
{
quit (1,"Usage: supfilesrv [ -l | -P | -N | -C <max children> | -H <host> <user> <cryptfile> <supargs> ]\n");
#ifdef LIBWRAP
quit (1,"Usage: supfilesrv [ -l | -d | -P | -N | -C <max children> | -H <host> <user> <cryptfile> <supargs> ]\n");
#else
quit (1,"Usage: supfilesrv [ -d | -P | -N | -C <max children> | -H <host> <user> <cryptfile> <supargs> ]\n");
#endif
}
void
@ -477,6 +524,9 @@ char **argv;
candorcs = FALSE;
#endif
live = FALSE;
#ifdef LIBWRAP
clog = FALSE;
#endif
dbgportsq = FALSE;
scmdebug = 0;
clienthost = NULL;
@ -490,7 +540,12 @@ char **argv;
case 'S':
silent = TRUE;
break;
#ifdef LIBWRAP
case 'l':
clog = TRUE;
break;
#endif
case 'd':
live = TRUE;
break;
case 'P':

View File

@ -1,4 +1,4 @@
.\" $NetBSD: supservers.8,v 1.5 1999/04/12 20:48:08 pk Exp $
.\" $NetBSD: supservers.8,v 1.6 1999/08/24 15:52:56 bouyer Exp $
.\"
.\" Copyright (c) 1992 Carnegie Mellon University
.\" All Rights Reserved.
@ -36,6 +36,9 @@ supfilesrv, supscan \- sup server processes
supfilesrv
[
.I
-d
] [
.I
-l
] [
.I
@ -103,7 +106,7 @@ Supfilesrv
generally runs as a network server process that listens for connections,
and for each connection (double-)forks a process to handle the interaction
with the client.
However, with the -l flag, no forking will take place:
However, with the -d flag, no forking will take place:
the server will listen for a network connection, handle it, and exit.
This is useful for debugging the servers in "live" mode rather than as
daemons.
@ -122,6 +125,10 @@ on
To suppress
log messages, the -q "quiet" flag can be used.
.I supfilesrv
uses libwrap style access control (the /etc/hosts.allow and /etc/hosts.deny
files) with service name "supfilesrv". The -l "log" flag turn on loggin of
accepted connections (denied connections are always logged).
Normally the
.I supfilesrv
@ -206,6 +213,8 @@ from list file
.PP
.SH "SEE ALSO"
sup(1)
hosts_access(5)
hosts_options(5)
.br
.I
The SUP Software Upgrade Protocol,

View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.1 1997/10/07 01:31:21 thorpej Exp $
# $NetBSD: Makefile,v 1.2 1999/08/24 15:52:57 bouyer Exp $
PROG= supfilesrv
SRCS= supfilesrv.c scan.c
@ -8,7 +8,7 @@ MLINKS= supservers.8 supfilesrv.8 supservers.8 supscan.8
.PATH: ${.CURDIR}/../source
DPADD= ${LIBSUP} ${LIBCRYPT}
LDADD= ${SUPLIB} -lcrypt
LDADD= ${SUPLIB} -lcrypt -lwrap
supfilesrv: .NOPATH