Changeset View
Changeset View
Standalone View
Standalone View
contrib/tcp_wrappers/tcpdchk.c
Show First 20 Lines • Show All 83 Lines • ▼ Show 20 Lines | |||||
#define YES 1 | #define YES 1 | ||||
#define NO 0 | #define NO 0 | ||||
static int defl_verdict; | static int defl_verdict; | ||||
static char *myname; | static char *myname; | ||||
static int allow_check; | static int allow_check; | ||||
static char *inetcf; | static char *inetcf; | ||||
int main(argc, argv) | int main(int argc, char **argv) | ||||
int argc; | |||||
char **argv; | |||||
{ | { | ||||
struct request_info request; | struct request_info request; | ||||
struct stat st; | struct stat st; | ||||
int c; | int c; | ||||
myname = argv[0]; | myname = argv[0]; | ||||
/* | /* | ||||
▲ Show 20 Lines • Show All 84 Lines • ▼ Show 20 Lines | static void usage(void) | ||||
fprintf(stderr, " -d: use allow/deny files in current directory\n"); | fprintf(stderr, " -d: use allow/deny files in current directory\n"); | ||||
fprintf(stderr, " -i: location of inetd.conf file\n"); | fprintf(stderr, " -i: location of inetd.conf file\n"); | ||||
fprintf(stderr, " -v: list all rules\n"); | fprintf(stderr, " -v: list all rules\n"); | ||||
exit(1); | exit(1); | ||||
} | } | ||||
/* parse_table - like table_match(), but examines _all_ entries */ | /* parse_table - like table_match(), but examines _all_ entries */ | ||||
static void parse_table(table, request) | static void parse_table(char *table, struct request_info *request) | ||||
char *table; | |||||
struct request_info *request; | |||||
{ | { | ||||
FILE *fp; | FILE *fp; | ||||
int real_verdict; | int real_verdict; | ||||
char sv_list[BUFLEN]; /* becomes list of daemons */ | char sv_list[BUFLEN]; /* becomes list of daemons */ | ||||
char *cl_list; /* becomes list of requests */ | char *cl_list; /* becomes list of requests */ | ||||
char *sh_cmd; /* becomes optional shell command */ | char *sh_cmd; /* becomes optional shell command */ | ||||
char buf[BUFSIZ]; | char buf[BUFSIZ]; | ||||
int verdict; | int verdict; | ||||
▲ Show 20 Lines • Show All 57 Lines • ▼ Show 20 Lines | (void) fclose(fp); | ||||
} else if (errno != ENOENT) { | } else if (errno != ENOENT) { | ||||
tcpd_warn("cannot open %s: %m", table); | tcpd_warn("cannot open %s: %m", table); | ||||
} | } | ||||
tcpd_context = saved_context; | tcpd_context = saved_context; | ||||
} | } | ||||
/* print_list - pretty-print a list */ | /* print_list - pretty-print a list */ | ||||
static void print_list(title, list) | static void print_list(char *title, char *list) | ||||
char *title; | |||||
char *list; | |||||
{ | { | ||||
char buf[BUFLEN]; | char buf[BUFLEN]; | ||||
char *cp; | char *cp; | ||||
char *next; | char *next; | ||||
fputs(title, stdout); | fputs(title, stdout); | ||||
strcpy(buf, list); | strcpy(buf, list); | ||||
for (cp = strtok(buf, sep); cp != 0; cp = next) { | for (cp = strtok(buf, sep); cp != 0; cp = next) { | ||||
fputs(cp, stdout); | fputs(cp, stdout); | ||||
next = strtok((char *) 0, sep); | next = strtok((char *) 0, sep); | ||||
if (next != 0) | if (next != 0) | ||||
fputs(" ", stdout); | fputs(" ", stdout); | ||||
} | } | ||||
fputs("\n", stdout); | fputs("\n", stdout); | ||||
} | } | ||||
/* check_daemon_list - criticize daemon list */ | /* check_daemon_list - criticize daemon list */ | ||||
static void check_daemon_list(list) | static void check_daemon_list(char *list) | ||||
char *list; | |||||
{ | { | ||||
char buf[BUFLEN]; | char buf[BUFLEN]; | ||||
char *cp; | char *cp; | ||||
char *host; | char *host; | ||||
int daemons = 0; | int daemons = 0; | ||||
strcpy(buf, list); | strcpy(buf, list); | ||||
Show All 10 Lines | static void check_daemon_list(char *list) | ||||
} | } | ||||
} | } | ||||
if (daemons == 0) | if (daemons == 0) | ||||
tcpd_warn("daemon list is empty or ends in EXCEPT"); | tcpd_warn("daemon list is empty or ends in EXCEPT"); | ||||
} | } | ||||
/* check_client_list - criticize client list */ | /* check_client_list - criticize client list */ | ||||
static void check_client_list(list) | static void check_client_list(char *list) | ||||
char *list; | |||||
{ | { | ||||
char buf[BUFLEN]; | char buf[BUFLEN]; | ||||
char *cp; | char *cp; | ||||
char *host; | char *host; | ||||
int clients = 0; | int clients = 0; | ||||
strcpy(buf, list); | strcpy(buf, list); | ||||
Show All 11 Lines | static void check_client_list(char *list) | ||||
} | } | ||||
} | } | ||||
if (clients == 0) | if (clients == 0) | ||||
tcpd_warn("client list is empty or ends in EXCEPT"); | tcpd_warn("client list is empty or ends in EXCEPT"); | ||||
} | } | ||||
/* check_daemon - criticize daemon pattern */ | /* check_daemon - criticize daemon pattern */ | ||||
static void check_daemon(pat) | static void check_daemon(char *pat) | ||||
char *pat; | |||||
{ | { | ||||
if (pat[0] == '@') { | if (pat[0] == '@') { | ||||
tcpd_warn("%s: daemon name begins with \"@\"", pat); | tcpd_warn("%s: daemon name begins with \"@\"", pat); | ||||
} else if (pat[0] == '/') { | } else if (pat[0] == '/') { | ||||
tcpd_warn("%s: daemon name begins with \"/\"", pat); | tcpd_warn("%s: daemon name begins with \"/\"", pat); | ||||
} else if (pat[0] == '.') { | } else if (pat[0] == '.') { | ||||
tcpd_warn("%s: daemon name begins with dot", pat); | tcpd_warn("%s: daemon name begins with dot", pat); | ||||
} else if (pat[strlen(pat) - 1] == '.') { | } else if (pat[strlen(pat) - 1] == '.') { | ||||
Show All 16 Lines | case WR_NOT: | ||||
inet_set(pat, WR_YES); | inet_set(pat, WR_YES); | ||||
break; | break; | ||||
} | } | ||||
} | } | ||||
} | } | ||||
/* check_user - criticize user pattern */ | /* check_user - criticize user pattern */ | ||||
static void check_user(pat) | static void check_user(char *pat) | ||||
char *pat; | |||||
{ | { | ||||
if (pat[0] == '@') { /* @netgroup */ | if (pat[0] == '@') { /* @netgroup */ | ||||
tcpd_warn("%s: user name begins with \"@\"", pat); | tcpd_warn("%s: user name begins with \"@\"", pat); | ||||
} else if (pat[0] == '/') { | } else if (pat[0] == '/') { | ||||
tcpd_warn("%s: user name begins with \"/\"", pat); | tcpd_warn("%s: user name begins with \"/\"", pat); | ||||
} else if (pat[0] == '.') { | } else if (pat[0] == '.') { | ||||
tcpd_warn("%s: user name begins with dot", pat); | tcpd_warn("%s: user name begins with dot", pat); | ||||
} else if (pat[strlen(pat) - 1] == '.') { | } else if (pat[strlen(pat) - 1] == '.') { | ||||
tcpd_warn("%s: user name ends in dot", pat); | tcpd_warn("%s: user name ends in dot", pat); | ||||
} else if (STR_EQ(pat, "ALL") || STR_EQ(pat, unknown) | } else if (STR_EQ(pat, "ALL") || STR_EQ(pat, unknown) | ||||
|| STR_EQ(pat, "KNOWN")) { | || STR_EQ(pat, "KNOWN")) { | ||||
/* void */ ; | /* void */ ; | ||||
} else if (STR_EQ(pat, "FAIL")) { /* obsolete */ | } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ | ||||
tcpd_warn("FAIL is no longer recognized"); | tcpd_warn("FAIL is no longer recognized"); | ||||
tcpd_warn("(use EXCEPT or DENY instead)"); | tcpd_warn("(use EXCEPT or DENY instead)"); | ||||
} else if (reserved_name(pat)) { | } else if (reserved_name(pat)) { | ||||
tcpd_warn("%s: user name may be reserved word", pat); | tcpd_warn("%s: user name may be reserved word", pat); | ||||
} | } | ||||
} | } | ||||
#ifdef INET6 | #ifdef INET6 | ||||
static int is_inet6_addr(pat) | static int is_inet6_addr(char *pat) | ||||
char *pat; | |||||
{ | { | ||||
struct addrinfo hints, *res; | struct addrinfo hints, *res; | ||||
int len, ret; | int len, ret; | ||||
char ch; | char ch; | ||||
if (*pat != '[') | if (*pat != '[') | ||||
return (0); | return (0); | ||||
len = strlen(pat); | len = strlen(pat); | ||||
if ((ch = pat[len - 1]) != ']') | if ((ch = pat[len - 1]) != ']') | ||||
return (0); | return (0); | ||||
pat[len - 1] = '\0'; | pat[len - 1] = '\0'; | ||||
memset(&hints, 0, sizeof(hints)); | memset(&hints, 0, sizeof(hints)); | ||||
hints.ai_family = AF_INET6; | hints.ai_family = AF_INET6; | ||||
hints.ai_socktype = SOCK_STREAM; | hints.ai_socktype = SOCK_STREAM; | ||||
hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; | hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; | ||||
if ((ret = getaddrinfo(pat + 1, NULL, &hints, &res)) == 0) | if ((ret = getaddrinfo(pat + 1, NULL, &hints, &res)) == 0) | ||||
freeaddrinfo(res); | freeaddrinfo(res); | ||||
pat[len - 1] = ch; | pat[len - 1] = ch; | ||||
return (ret == 0); | return (ret == 0); | ||||
} | } | ||||
#endif | #endif | ||||
/* check_host - criticize host pattern */ | /* check_host - criticize host pattern */ | ||||
static int check_host(pat) | static int check_host(char *pat) | ||||
char *pat; | |||||
{ | { | ||||
char buf[BUFSIZ]; | char buf[BUFSIZ]; | ||||
char *mask; | char *mask; | ||||
int addr_count = 1; | int addr_count = 1; | ||||
FILE *fp; | FILE *fp; | ||||
struct tcpd_context saved_context; | struct tcpd_context saved_context; | ||||
char *cp; | char *cp; | ||||
char *wsp = " \t\r\n"; | char *wsp = " \t\r\n"; | ||||
▲ Show 20 Lines • Show All 67 Lines • ▼ Show 20 Lines | if (STR_EQ(pat, "0.0.0.0") || STR_EQ(pat, "255.255.255.255")) { | ||||
check_dns(pat); | check_dns(pat); | ||||
} | } | ||||
} | } | ||||
return (addr_count); | return (addr_count); | ||||
} | } | ||||
/* reserved_name - determine if name is reserved */ | /* reserved_name - determine if name is reserved */ | ||||
static int reserved_name(pat) | static int reserved_name(char *pat) | ||||
char *pat; | |||||
{ | { | ||||
return (STR_EQ(pat, unknown) | return (STR_EQ(pat, unknown) | ||||
|| STR_EQ(pat, "KNOWN") | || STR_EQ(pat, "KNOWN") | ||||
|| STR_EQ(pat, paranoid) | || STR_EQ(pat, paranoid) | ||||
|| STR_EQ(pat, "ALL") | || STR_EQ(pat, "ALL") | ||||
|| STR_EQ(pat, "LOCAL")); | || STR_EQ(pat, "LOCAL")); | ||||
} | } |