Changeset View
Changeset View
Standalone View
Standalone View
contrib/tcp_wrappers/tcpdchk.c
| Show First 20 Lines • Show All 83 Lines • ▼ Show 20 Lines | |||||
| #define YES 1 | #define YES 1 | ||||
| #define NO 0 | #define NO 0 | ||||
| static int defl_verdict; | static int defl_verdict; | ||||
| static char *myname; | static char *myname; | ||||
| static int allow_check; | static int allow_check; | ||||
| static char *inetcf; | static char *inetcf; | ||||
| int main(argc, argv) | int main(int argc, char **argv) | ||||
| int argc; | |||||
| char **argv; | |||||
| { | { | ||||
| struct request_info request; | struct request_info request; | ||||
| struct stat st; | struct stat st; | ||||
| int c; | int c; | ||||
| myname = argv[0]; | myname = argv[0]; | ||||
| /* | /* | ||||
| ▲ Show 20 Lines • Show All 84 Lines • ▼ Show 20 Lines | static void usage(void) | ||||
| fprintf(stderr, " -d: use allow/deny files in current directory\n"); | fprintf(stderr, " -d: use allow/deny files in current directory\n"); | ||||
| fprintf(stderr, " -i: location of inetd.conf file\n"); | fprintf(stderr, " -i: location of inetd.conf file\n"); | ||||
| fprintf(stderr, " -v: list all rules\n"); | fprintf(stderr, " -v: list all rules\n"); | ||||
| exit(1); | exit(1); | ||||
| } | } | ||||
| /* parse_table - like table_match(), but examines _all_ entries */ | /* parse_table - like table_match(), but examines _all_ entries */ | ||||
| static void parse_table(table, request) | static void parse_table(char *table, struct request_info *request) | ||||
| char *table; | |||||
| struct request_info *request; | |||||
| { | { | ||||
| FILE *fp; | FILE *fp; | ||||
| int real_verdict; | int real_verdict; | ||||
| char sv_list[BUFLEN]; /* becomes list of daemons */ | char sv_list[BUFLEN]; /* becomes list of daemons */ | ||||
| char *cl_list; /* becomes list of requests */ | char *cl_list; /* becomes list of requests */ | ||||
| char *sh_cmd; /* becomes optional shell command */ | char *sh_cmd; /* becomes optional shell command */ | ||||
| char buf[BUFSIZ]; | char buf[BUFSIZ]; | ||||
| int verdict; | int verdict; | ||||
| ▲ Show 20 Lines • Show All 57 Lines • ▼ Show 20 Lines | (void) fclose(fp); | ||||
| } else if (errno != ENOENT) { | } else if (errno != ENOENT) { | ||||
| tcpd_warn("cannot open %s: %m", table); | tcpd_warn("cannot open %s: %m", table); | ||||
| } | } | ||||
| tcpd_context = saved_context; | tcpd_context = saved_context; | ||||
| } | } | ||||
| /* print_list - pretty-print a list */ | /* print_list - pretty-print a list */ | ||||
| static void print_list(title, list) | static void print_list(char *title, char *list) | ||||
| char *title; | |||||
| char *list; | |||||
| { | { | ||||
| char buf[BUFLEN]; | char buf[BUFLEN]; | ||||
| char *cp; | char *cp; | ||||
| char *next; | char *next; | ||||
| fputs(title, stdout); | fputs(title, stdout); | ||||
| strcpy(buf, list); | strcpy(buf, list); | ||||
| for (cp = strtok(buf, sep); cp != 0; cp = next) { | for (cp = strtok(buf, sep); cp != 0; cp = next) { | ||||
| fputs(cp, stdout); | fputs(cp, stdout); | ||||
| next = strtok((char *) 0, sep); | next = strtok((char *) 0, sep); | ||||
| if (next != 0) | if (next != 0) | ||||
| fputs(" ", stdout); | fputs(" ", stdout); | ||||
| } | } | ||||
| fputs("\n", stdout); | fputs("\n", stdout); | ||||
| } | } | ||||
| /* check_daemon_list - criticize daemon list */ | /* check_daemon_list - criticize daemon list */ | ||||
| static void check_daemon_list(list) | static void check_daemon_list(char *list) | ||||
| char *list; | |||||
| { | { | ||||
| char buf[BUFLEN]; | char buf[BUFLEN]; | ||||
| char *cp; | char *cp; | ||||
| char *host; | char *host; | ||||
| int daemons = 0; | int daemons = 0; | ||||
| strcpy(buf, list); | strcpy(buf, list); | ||||
| Show All 10 Lines | static void check_daemon_list(char *list) | ||||
| } | } | ||||
| } | } | ||||
| if (daemons == 0) | if (daemons == 0) | ||||
| tcpd_warn("daemon list is empty or ends in EXCEPT"); | tcpd_warn("daemon list is empty or ends in EXCEPT"); | ||||
| } | } | ||||
| /* check_client_list - criticize client list */ | /* check_client_list - criticize client list */ | ||||
| static void check_client_list(list) | static void check_client_list(char *list) | ||||
| char *list; | |||||
| { | { | ||||
| char buf[BUFLEN]; | char buf[BUFLEN]; | ||||
| char *cp; | char *cp; | ||||
| char *host; | char *host; | ||||
| int clients = 0; | int clients = 0; | ||||
| strcpy(buf, list); | strcpy(buf, list); | ||||
| Show All 11 Lines | static void check_client_list(char *list) | ||||
| } | } | ||||
| } | } | ||||
| if (clients == 0) | if (clients == 0) | ||||
| tcpd_warn("client list is empty or ends in EXCEPT"); | tcpd_warn("client list is empty or ends in EXCEPT"); | ||||
| } | } | ||||
| /* check_daemon - criticize daemon pattern */ | /* check_daemon - criticize daemon pattern */ | ||||
| static void check_daemon(pat) | static void check_daemon(char *pat) | ||||
| char *pat; | |||||
| { | { | ||||
| if (pat[0] == '@') { | if (pat[0] == '@') { | ||||
| tcpd_warn("%s: daemon name begins with \"@\"", pat); | tcpd_warn("%s: daemon name begins with \"@\"", pat); | ||||
| } else if (pat[0] == '/') { | } else if (pat[0] == '/') { | ||||
| tcpd_warn("%s: daemon name begins with \"/\"", pat); | tcpd_warn("%s: daemon name begins with \"/\"", pat); | ||||
| } else if (pat[0] == '.') { | } else if (pat[0] == '.') { | ||||
| tcpd_warn("%s: daemon name begins with dot", pat); | tcpd_warn("%s: daemon name begins with dot", pat); | ||||
| } else if (pat[strlen(pat) - 1] == '.') { | } else if (pat[strlen(pat) - 1] == '.') { | ||||
| Show All 16 Lines | case WR_NOT: | ||||
| inet_set(pat, WR_YES); | inet_set(pat, WR_YES); | ||||
| break; | break; | ||||
| } | } | ||||
| } | } | ||||
| } | } | ||||
| /* check_user - criticize user pattern */ | /* check_user - criticize user pattern */ | ||||
| static void check_user(pat) | static void check_user(char *pat) | ||||
| char *pat; | |||||
| { | { | ||||
| if (pat[0] == '@') { /* @netgroup */ | if (pat[0] == '@') { /* @netgroup */ | ||||
| tcpd_warn("%s: user name begins with \"@\"", pat); | tcpd_warn("%s: user name begins with \"@\"", pat); | ||||
| } else if (pat[0] == '/') { | } else if (pat[0] == '/') { | ||||
| tcpd_warn("%s: user name begins with \"/\"", pat); | tcpd_warn("%s: user name begins with \"/\"", pat); | ||||
| } else if (pat[0] == '.') { | } else if (pat[0] == '.') { | ||||
| tcpd_warn("%s: user name begins with dot", pat); | tcpd_warn("%s: user name begins with dot", pat); | ||||
| } else if (pat[strlen(pat) - 1] == '.') { | } else if (pat[strlen(pat) - 1] == '.') { | ||||
| tcpd_warn("%s: user name ends in dot", pat); | tcpd_warn("%s: user name ends in dot", pat); | ||||
| } else if (STR_EQ(pat, "ALL") || STR_EQ(pat, unknown) | } else if (STR_EQ(pat, "ALL") || STR_EQ(pat, unknown) | ||||
| || STR_EQ(pat, "KNOWN")) { | || STR_EQ(pat, "KNOWN")) { | ||||
| /* void */ ; | /* void */ ; | ||||
| } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ | } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ | ||||
| tcpd_warn("FAIL is no longer recognized"); | tcpd_warn("FAIL is no longer recognized"); | ||||
| tcpd_warn("(use EXCEPT or DENY instead)"); | tcpd_warn("(use EXCEPT or DENY instead)"); | ||||
| } else if (reserved_name(pat)) { | } else if (reserved_name(pat)) { | ||||
| tcpd_warn("%s: user name may be reserved word", pat); | tcpd_warn("%s: user name may be reserved word", pat); | ||||
| } | } | ||||
| } | } | ||||
| #ifdef INET6 | #ifdef INET6 | ||||
| static int is_inet6_addr(pat) | static int is_inet6_addr(char *pat) | ||||
| char *pat; | |||||
| { | { | ||||
| struct addrinfo hints, *res; | struct addrinfo hints, *res; | ||||
| int len, ret; | int len, ret; | ||||
| char ch; | char ch; | ||||
| if (*pat != '[') | if (*pat != '[') | ||||
| return (0); | return (0); | ||||
| len = strlen(pat); | len = strlen(pat); | ||||
| if ((ch = pat[len - 1]) != ']') | if ((ch = pat[len - 1]) != ']') | ||||
| return (0); | return (0); | ||||
| pat[len - 1] = '\0'; | pat[len - 1] = '\0'; | ||||
| memset(&hints, 0, sizeof(hints)); | memset(&hints, 0, sizeof(hints)); | ||||
| hints.ai_family = AF_INET6; | hints.ai_family = AF_INET6; | ||||
| hints.ai_socktype = SOCK_STREAM; | hints.ai_socktype = SOCK_STREAM; | ||||
| hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; | hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; | ||||
| if ((ret = getaddrinfo(pat + 1, NULL, &hints, &res)) == 0) | if ((ret = getaddrinfo(pat + 1, NULL, &hints, &res)) == 0) | ||||
| freeaddrinfo(res); | freeaddrinfo(res); | ||||
| pat[len - 1] = ch; | pat[len - 1] = ch; | ||||
| return (ret == 0); | return (ret == 0); | ||||
| } | } | ||||
| #endif | #endif | ||||
| /* check_host - criticize host pattern */ | /* check_host - criticize host pattern */ | ||||
| static int check_host(pat) | static int check_host(char *pat) | ||||
| char *pat; | |||||
| { | { | ||||
| char buf[BUFSIZ]; | char buf[BUFSIZ]; | ||||
| char *mask; | char *mask; | ||||
| int addr_count = 1; | int addr_count = 1; | ||||
| FILE *fp; | FILE *fp; | ||||
| struct tcpd_context saved_context; | struct tcpd_context saved_context; | ||||
| char *cp; | char *cp; | ||||
| char *wsp = " \t\r\n"; | char *wsp = " \t\r\n"; | ||||
| ▲ Show 20 Lines • Show All 67 Lines • ▼ Show 20 Lines | if (STR_EQ(pat, "0.0.0.0") || STR_EQ(pat, "255.255.255.255")) { | ||||
| check_dns(pat); | check_dns(pat); | ||||
| } | } | ||||
| } | } | ||||
| return (addr_count); | return (addr_count); | ||||
| } | } | ||||
| /* reserved_name - determine if name is reserved */ | /* reserved_name - determine if name is reserved */ | ||||
| static int reserved_name(pat) | static int reserved_name(char *pat) | ||||
| char *pat; | |||||
| { | { | ||||
| return (STR_EQ(pat, unknown) | return (STR_EQ(pat, unknown) | ||||
| || STR_EQ(pat, "KNOWN") | || STR_EQ(pat, "KNOWN") | ||||
| || STR_EQ(pat, paranoid) | || STR_EQ(pat, paranoid) | ||||
| || STR_EQ(pat, "ALL") | || STR_EQ(pat, "ALL") | ||||
| || STR_EQ(pat, "LOCAL")); | || STR_EQ(pat, "LOCAL")); | ||||
| } | } | ||||