[Nut-upsdev] [PATCH] upsd tcp_wrappers parsing and logging
Stephen Beahm
stephenbeahm at comcast.net
Fri Dec 3 20:32:52 UTC 2010
Parsing bug was discussed here:
<http://lists.alioth.debian.org/pipermail/nut-upsuser/2010-September/006230.html>
Parsing bug summary
-------------------
working /etc/hosts.allow:
upsd 127.0.0.1 [::1] : ALLOW
broken in /etc/hosts.allow:
upsd localhost : ALLOW
It looks like upsd originally intended to match nut username with system
username? This is not the case now. This causes /etc/hosts.allow information to
be incorrectly parsed. This patch fixes the issue.
Logging was discussed here:
<http://lists.alioth.debian.org/pipermail/nut-upsuser/2010-September/006237.html>
tcp_wrappers was designed around servers that use a separate process for each
connection. The library has a function called refuse() that logs messages and
then calls exit() for that process. However, a single process server does not
exit, so it must perform its own logging. This patch adds logging for
tcp_wrapper denials.
---
server/upsd.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/server/upsd.c b/server/upsd.c
index 0e46595..eef5638 100644
--- a/server/upsd.c
+++ b/server/upsd.c
@@ -410,11 +410,13 @@ static void check_command(int cmdnum, ctype_t *client, int numarg,
}
#ifdef HAVE_WRAP
- request_init(&req, RQ_DAEMON, progname, RQ_CLIENT_ADDR, client->addr, RQ_USER, client->username, 0);
+ request_init(&req, RQ_DAEMON, progname, RQ_FILE, client->sock_fd, 0);
+ fromhost(&req);
if (!hosts_access(&req)) {
/* tcp-wrappers says access should be denied */
send_err(client, NUT_ERR_ACCESS_DENIED);
+ upslogx(deny_severity, "tcp_wrappers denied connection from %s", eval_client(&req));
return;
}
#endif /* HAVE_WRAP */
--
1.7.3.2
More information about the Nut-upsdev
mailing list