From 280b7f981aaaa4ce1bab13d096353858a113b4d7 Mon Sep 17 00:00:00 2001 From: Simon Schubert Date: Tue, 13 Jun 2006 12:38:37 +0000 Subject: [PATCH] Also obey securenets when TCP wrappers are enabled. Submitted-by: Ancient Taken-from: FreeBSD SA --- usr.sbin/ypserv/yp_access.c | 40 +++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/usr.sbin/ypserv/yp_access.c b/usr.sbin/ypserv/yp_access.c index 6668a4c1be..604655d33f 100644 --- a/usr.sbin/ypserv/yp_access.c +++ b/usr.sbin/ypserv/yp_access.c @@ -30,7 +30,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/usr.sbin/ypserv/yp_access.c,v 1.17.2.1 2002/02/15 00:47:00 des Exp $ - * $DragonFly: src/usr.sbin/ypserv/yp_access.c,v 1.4 2004/03/31 23:20:22 cpressey Exp $ + * $DragonFly: src/usr.sbin/ypserv/yp_access.c,v 1.5 2006/06/13 12:38:37 corecode Exp $ */ #include @@ -85,13 +85,6 @@ char *yp_procs[] = { "ypoldproc_null", "ypproc_maplist" }; - -#ifdef TCP_WRAPPER -void -load_securenets(void) -{ -} -#else struct securenet { struct in_addr net; struct in_addr mask; @@ -176,7 +169,6 @@ load_securenets(void) fclose(fp); } -#endif /* * Access control functions. @@ -218,11 +210,12 @@ yp_access(const char *map, const struct svc_req *rqstp) #endif { struct sockaddr_in *rqhost; - int status = 0; + int status_securenets = 0; +#ifdef TCP_WRAPPER + int status_tcpwrap; +#endif static unsigned long oldaddr = 0; -#ifndef TCP_WRAPPER struct securenet *tmp; -#endif char *yp_procedure = NULL; char procbuf[50]; @@ -272,21 +265,34 @@ not privileged", map, inet_ntoa(rqhost->sin_addr), ntohs(rqhost->sin_port)); } #ifdef TCP_WRAPPER - status = hosts_ctl("ypserv", STRING_UNKNOWN, + status_tcpwrap = hosts_ctl("ypserv", STRING_UNKNOWN, inet_ntoa(rqhost->sin_addr), ""); -#else +#endif tmp = securenets; while (tmp) { if (((rqhost->sin_addr.s_addr & ~tmp->mask.s_addr) | tmp->net.s_addr) == rqhost->sin_addr.s_addr) { - status = 1; + status_securenets = 1; break; } tmp = tmp->next; } -#endif - if (!status) { +#ifdef TCP_WRAPPER + if (status_securenets == 0 || status_tcpwrap == 0) { +#else + if (status_securenets == 0) { +#endif + /* + * One of the following two events occured: + * + * (1) The /var/yp/securenets exists and the remote host does not + * match any of the networks specified in it. + * (2) The hosts.allow file has denied access and TCP_WRAPPER is + * defined. + * + * In either case deny access. + */ if (rqhost->sin_addr.s_addr != oldaddr) { yp_error("connect from %s:%d to procedure %s refused", inet_ntoa(rqhost->sin_addr), -- 2.41.0