From a00187d331b1ad3d861310f21ce41c723501e7f3 Mon Sep 17 00:00:00 2001 From: hpa Date: Mon, 23 Apr 2001 22:02:02 +0000 Subject: [PATCH] Actually make the tcpwrapper code work as advertised! --- tftpd/tftpd.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/tftpd/tftpd.c b/tftpd/tftpd.c index 4f22b96..c154b09 100644 --- a/tftpd/tftpd.c +++ b/tftpd/tftpd.c @@ -66,6 +66,7 @@ static const char *rcsid = "tftp-hpa $Id$"; #include #include #include +#define __USE_GNU /* Necessary for basename() on glibc systems */ #include #include #include @@ -80,7 +81,7 @@ static const char *rcsid = "tftp-hpa $Id$"; #include int deny_severity = LOG_WARNING; -int allow_severity = LOG_INFO; +int allow_severity = -1; /* Don't log at all */ struct request_info wrap_request; #endif @@ -174,7 +175,9 @@ main(int argc, char **argv) int setrv; char *user = "nobody"; /* Default user */ - openlog("tftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); + __progname = basename(argv[0]); + + openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON); while ((c = getopt(argc, argv, "csu:r:")) != -1) switch (c) { @@ -255,16 +258,24 @@ main(int argc, char **argv) } #ifdef HAVE_TCPWRAPPERS - /* Verify if this was a legal request for us. */ - + /* Verify if this was a legal request for us. This has to be + done before the chroot, while /etc is still accessible. */ request_init(&wrap_request, - RQ_DAEMON, "tftpd", + RQ_DAEMON, __progname, RQ_FILE, fd, RQ_CLIENT_SIN, &from, RQ_SERVER_SIN, &myaddr, 0); - if ( hosts_access(wrap_request) == 0 ) + sock_methods(&wrap_request); + if ( hosts_access(&wrap_request) == 0 ) { + if ( deny_severity != -1 ) + syslog(deny_severity, "connection refused from %s", + inet_ntoa(from.sin_addr)); exit(1); /* Access denied */ + } else if ( allow_severity != -1 ) { + syslog(allow_severity, "connect from %s", + inet_ntoa(from.sin_addr)); + } #endif /* Drop privileges */