diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -162,11 +162,17 @@ #define MAXUNAMES 20 /* maximum number of user names */ #define sstosa(ss) ((struct sockaddr *)(ss)) + #ifdef INET +#define HAS_INET true #define sstosin(ss) ((struct sockaddr_in *)(void *)(ss)) #define satosin(sa) ((struct sockaddr_in *)(void *)(sa)) +#else +#define HAS_INET false #endif + #ifdef INET6 +#define HAS_INET6 true #define sstosin6(ss) ((struct sockaddr_in6 *)(void *)(ss)) #define satosin6(sa) ((struct sockaddr_in6 *)(void *)(sa)) #define s6_addr32 __u6_addr.__u6_addr32 @@ -175,7 +181,10 @@ (((d)->s6_addr32[1] ^ (a)->s6_addr32[1]) & (m)->s6_addr32[1]) == 0 && \ (((d)->s6_addr32[2] ^ (a)->s6_addr32[2]) & (m)->s6_addr32[2]) == 0 && \ (((d)->s6_addr32[3] ^ (a)->s6_addr32[3]) & (m)->s6_addr32[3]) == 0 ) +#else +#define HAS_INET6 false #endif + /* * List of peers and sockets for binding. */ @@ -384,11 +393,7 @@ static int NoBind; /* don't bind() as suggested by RFC 3164 */ static int SecureMode; /* when true, receive only unix domain socks */ static int MaxForwardLen = 1024; /* max length of forwared message */ -#ifdef INET6 -static int family = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */ -#else -static int family = PF_INET; /* protocol family (IPv4 only) */ -#endif +static int family = PF_UNSPEC; /* protocol family */ static int mask_C1 = 1; /* mask characters from 0x80 - 0x9F */ static int send_to_all; /* send message to all IPv4/IPv6 addresses */ static int use_bootfile; /* log entire bootfile for every kern msg */ @@ -413,7 +418,7 @@ struct iovlist; -static int allowaddr(char *); +static bool allowaddr(char *); static int addpeer(struct peer *); static int addsock(struct addrinfo *, struct socklist *); static void cfline(const char *, const char *, const char *, const char *); @@ -452,7 +457,7 @@ static void reapchild(int); static const char *ttymsg_check(struct iovec *, int, char *, int); static void usage(void); -static int validate(struct sockaddr *, const char *); +static bool validate(struct sockaddr *, const char *); static void unmapped(struct sockaddr *); static void wallmsg(struct filed *, struct iovec *, const int iovlen); static int waitdaemon(int); @@ -542,24 +547,26 @@ while ((ch = getopt(argc, argv, "468Aa:b:cCdf:FHkl:M:m:nNoO:p:P:sS:Tuv")) != -1) switch (ch) { -#ifdef INET case '4': - family = PF_INET; + if (HAS_INET) + family = PF_INET; + else + errx(1, "IPv4 not supported, exiting"); break; -#endif -#ifdef INET6 case '6': - family = PF_INET6; + if (HAS_INET6) + family = PF_INET6; + else + errx(1, "IPv6 not supported, exiting"); break; -#endif case '8': mask_C1 = 0; break; case 'A': send_to_all++; break; - case 'a': /* allow specific network addresses only */ - if (allowaddr(optarg) == -1) + case 'a': + if (HAS_INET && !allowaddr(optarg)) usage(); break; case 'b': @@ -896,14 +903,19 @@ line[len] = '\0'; if (sl->sl_sa != NULL && sl->sl_family == AF_LOCAL) hname = LocalHostName; - else { + else if (sl->sl_family == AF_INET || sl->sl_family == AF_INET6) { hname = cvthname(sa); unmapped(sa); if (validate(sa, hname) == 0) { dprintf("Message from %s was ignored.", hname); return (-1); } + } else { + /* This should not happen. */ + dprintf("Invalid socklist info\n"); + return (-1); } + parsemsg(hname, line); return (0); @@ -912,7 +924,6 @@ static void unmapped(struct sockaddr *sa) { -#if defined(INET) && defined(INET6) struct sockaddr_in6 *sin6; struct sockaddr_in sin; @@ -931,10 +942,6 @@ memcpy(&sin.sin_addr, &sin6->sin6_addr.s6_addr[12], sizeof(sin.sin_addr)); memcpy(sa, &sin, sizeof(sin)); -#else - if (sa == NULL) - return; -#endif } static void @@ -1795,7 +1802,6 @@ } } -#if defined(INET) || defined(INET6) static void iovlist_truncate(struct iovlist *il, size_t size) { @@ -1816,7 +1822,6 @@ } } } -#endif static void fprintlog_write(struct filed *f, struct iovlist *il, int flags) @@ -1831,26 +1836,21 @@ case F_FORW: dprintf(" %s", f->fu_forw_hname); switch (f->fu_forw_addr->ai_family) { -#ifdef INET case AF_INET: dprintf(":%d\n", ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port)); break; -#endif -#ifdef INET6 case AF_INET6: dprintf(":%d\n", ntohs(satosin6(f->fu_forw_addr->ai_addr)->sin6_port)); break; -#endif default: dprintf("\n"); } -#if defined(INET) || defined(INET6) /* Truncate messages to maximum forward length. */ - iovlist_truncate(il, MaxForwardLen); -#endif + if (HAS_INET) + iovlist_truncate(il, MaxForwardLen); lsent = 0; for (r = f->fu_forw_addr; r; r = r->ai_next) { @@ -2667,16 +2667,12 @@ case F_FORW: switch (f->fu_forw_addr->ai_family) { -#ifdef INET case AF_INET: port = ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port); break; -#endif -#ifdef INET6 case AF_INET6: port = ntohs(satosin6(f->fu_forw_addr->ai_addr)->sin6_port); break; -#endif default: port = 0; } @@ -3333,34 +3329,23 @@ * * Returns -1 on error, 0 if the argument was valid. */ -static int -#if defined(INET) || defined(INET6) +static bool allowaddr(char *s) -#else -allowaddr(char *s __unused) -#endif { -#if defined(INET) || defined(INET6) char *cp1, *cp2; struct allowedpeer *ap; struct servent *se; int masklen = -1; struct addrinfo hints, *res = NULL; -#ifdef INET in_addr_t *addrp, *maskp; -#endif -#ifdef INET6 uint32_t *addr6p, *mask6p; -#endif char ip[NI_MAXHOST]; ap = calloc(1, sizeof(*ap)); if (ap == NULL) err(1, "malloc failed"); -#ifdef INET6 if (*s != '[' || (cp1 = strchr(s + 1, ']')) == NULL) -#endif cp1 = s; if ((cp1 = strrchr(cp1, ':'))) { /* service/port provided */ @@ -3390,7 +3375,6 @@ if ((masklen = atoi(cp1 + 1)) < 0) goto err; } -#ifdef INET6 if (*s == '[') { cp2 = s + strlen(s) - 1; if (*cp2 == ']') { @@ -3402,7 +3386,6 @@ } else { cp2 = NULL; } -#endif hints = (struct addrinfo){ .ai_family = PF_UNSPEC, .ai_socktype = SOCK_DGRAM, @@ -3416,7 +3399,6 @@ .ss_len = res->ai_addrlen }; switch (res->ai_family) { -#ifdef INET case AF_INET: maskp = &sstosin(&ap->a_mask)->sin_addr.s_addr; addrp = &sstosin(&ap->a_addr)->sin_addr.s_addr; @@ -3439,8 +3421,6 @@ /* Lose any host bits in the network number. */ *addrp &= *maskp; break; -#endif -#ifdef INET6 case AF_INET6: if (masklen > 128) goto err; @@ -3463,7 +3443,6 @@ } } break; -#endif default: goto err; } @@ -3474,12 +3453,10 @@ ap->a_name = s; if (cp1) *cp1 = '/'; -#ifdef INET6 if (cp2) { *cp2 = ']'; --s; } -#endif } STAILQ_INSERT_TAIL(&aphead, ap, next); @@ -3501,30 +3478,25 @@ printf("port = %d\n", ap->port); } - return (0); + return (true); err: if (res != NULL) freeaddrinfo(res); free(ap); -#endif - return (-1); + return (false); } /* * Validate that the remote peer has permission to log to us. */ -static int +static bool validate(struct sockaddr *sa, const char *hname) { int i; char name[NI_MAXHOST], ip[NI_MAXHOST], port[NI_MAXSERV]; struct allowedpeer *ap; -#ifdef INET struct sockaddr_in *sin4, *a4p = NULL, *m4p = NULL; -#endif -#ifdef INET6 struct sockaddr_in6 *sin6, *a6p = NULL, *m6p = NULL; -#endif struct addrinfo hints, *res; u_short sport; int num = 0; @@ -3535,7 +3507,7 @@ dprintf("# of validation rule: %d\n", num); if (num == 0) /* traditional behaviour, allow everything */ - return (1); + return (true); (void)strlcpy(name, hname, sizeof(name)); hints = (struct addrinfo){ @@ -3551,7 +3523,7 @@ } if (getnameinfo(sa, sa->sa_len, ip, sizeof(ip), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV) != 0) - return (0); /* for safety, should not occur */ + return (false); /* for safety, should not occur */ dprintf("validate: dgram from IP %s, port %s, name %s;\n", ip, port, name); sport = atoi(port); @@ -3570,9 +3542,7 @@ if (ap->a_addr.ss_family != sa->sa_family) { dprintf("rejected in rule %d due to address family mismatch.\n", i); continue; - } -#ifdef INET - else if (ap->a_addr.ss_family == AF_INET) { + } else if (ap->a_addr.ss_family == AF_INET) { sin4 = satosin(sa); a4p = satosin(&ap->a_addr); m4p = satosin(&ap->a_mask); @@ -3581,10 +3551,7 @@ dprintf("rejected in rule %d due to IP mismatch.\n", i); continue; } - } -#endif -#ifdef INET6 - else if (ap->a_addr.ss_family == AF_INET6) { + } else if (ap->a_addr.ss_family == AF_INET6) { sin6 = satosin6(sa); a6p = satosin6(&ap->a_addr); m6p = satosin6(&ap->a_mask); @@ -3598,10 +3565,9 @@ dprintf("rejected in rule %d due to IP mismatch.\n", i); continue; } - } -#endif - else + } else { continue; + } } else { if (fnmatch(ap->a_name, name, FNM_NOESCAPE) == FNM_NOMATCH) { @@ -3611,9 +3577,9 @@ } } dprintf("accepted in rule %d.\n", i); - return (1); /* hooray! */ + return (true); /* hooray! */ } - return (0); + return (false); } /* @@ -3779,7 +3745,6 @@ * assume this is an inet6 address without a service. */ if (pe->pe_name != NULL) { -#ifdef INET6 if (pe->pe_name[0] == '[' && (cp = strchr(pe->pe_name + 1, ']')) != NULL) { pe->pe_name = &pe->pe_name[1]; @@ -3787,7 +3752,6 @@ if (cp[1] == ':' && cp[2] != '\0') pe->pe_serv = cp + 2; } else { -#endif cp = strchr(pe->pe_name, ':'); if (cp != NULL && strchr(cp + 1, ':') == NULL) { *cp = '\0'; @@ -3796,9 +3760,7 @@ if (cp == pe->pe_name) pe->pe_name = NULL; } -#ifdef INET6 } -#endif } hints = (struct addrinfo){ .ai_family = AF_UNSPEC, @@ -3843,7 +3805,6 @@ error++; continue; } -#ifdef INET6 if (res->ai_family == AF_INET6) { if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &(int){1}, sizeof(int)) < 0) { @@ -3853,7 +3814,6 @@ continue; } } -#endif if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int)) < 0) { logerror("setsockopt(SO_REUSEADDR)"); @@ -3902,7 +3862,6 @@ listen(s, 5); } sl_recv = socklist_recv_sock; -#if defined(INET) || defined(INET6) if (SecureMode && (res->ai_family == AF_INET || res->ai_family == AF_INET6)) { dprintf("shutdown\n"); @@ -3915,7 +3874,6 @@ } sl_recv = NULL; } else -#endif dprintf("listening on socket\n"); dprintf("sending on socket\n"); addsock(res, &(struct socklist){