hosts_access(3) - correct usage?
Dan Langille
dan at langille.org
Wed Oct 29 15:26:23 PST 2003
On 29 Oct 2003 at 17:10, Guido van Rooij wrote:
> On Wed, Oct 29, 2003 at 09:38:50AM -0500, Dan Langille wrote:
> > Is this the right way to use hosts_access? The code blows up during
> > the hosts_access call. I'm told it runs OK on Linux/Solaris. I'm
> > wonderding if there's something different it needs to do be doing on
> > FreeBSD.
> >
> > Thanks
> >
> > #ifdef HAVE_LIBWRAP
> > P(mutex); /* hosts_access is not thread safe */
> > request_init(&request, RQ_DAEMON, my_name, RQ_FILE, newsockfd,
> > 0);
> > fromhost(&request);
> > if (!hosts_access(&request)) {
> > V(mutex);
> > Jmsg2(NULL, M_WARNING, 0, _("Connection from %s:%d refused
> > by hosts.access"),
> > inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port));
> > close(newsockfd);
> > continue;
> > }
> > V(mutex);
> > #endif
>
>
> This seems okay to me.
> OpenSSH uses:
> struct request_info req;
>
> request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
> fromhost(&req);
>
> if (!hosts_access(&req)) {
> debug("Connection refused by tcp wrapper");
> refuse(&req);
> /* NOTREACHED */
> fatal("libwrap refuse returns");
> }
>
> I take it that newsockfd is the one returned from accept()?
> I'd try using a debug version of libwrap...
I was speaking with dwhite on IRC about this. The application
(sysutils/bacula) has a hacked version of tcpd.h for use with C++.
This didn't have the #ifdef INET6 statements. So I patched that up.
But no difference in the results.
If hosts.allow is going to deny access, the crash occurs:
http://beta.freebsddiary.org/tmp/bacula-fd-gbd.success.html
If access is denied, this occurs:
http://beta.freebsddiary.org/tmp/bacula-fd-gbd.fails.html
I haven't looked into libwrap yet, but in case someone sees something
obvious, I've posted the above.
thanks
--
Dan Langille : http://www.langille.org/
More information about the freebsd-hackers
mailing list