source: trunk/third/tcp_wrappers/miscd.c @ 11717

Revision 11717, 3.1 KB checked in by danw, 26 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r11716, which included commits to RCS files with non-trunk default branches.
Line 
1 /*
2  * Front end to the ULTRIX miscd service. The front end logs the remote host
3  * name and then invokes the real miscd daemon. Install as "/usr/etc/miscd",
4  * after renaming the real miscd daemon to the name defined with the
5  * REAL_MISCD macro.
6  *
7  * Connections and diagnostics are logged through syslog(3).
8  *
9  * The Ultrix miscd program implements (among others) the systat service, which
10  * pipes the output from who(1) to stdout. This information is potentially
11  * useful to systems crackers.
12  *
13  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
14  */
15
16#ifndef lint
17static char sccsid[] = "@(#) miscd.c 1.10 96/02/11 17:01:30";
18#endif
19
20/* System libraries. */
21
22#include <sys/types.h>
23#include <sys/param.h>
24#include <sys/stat.h>
25#include <sys/socket.h>
26#include <netinet/in.h>
27#include <stdio.h>
28#include <syslog.h>
29
30#ifndef MAXPATHNAMELEN
31#define MAXPATHNAMELEN  BUFSIZ
32#endif
33
34#ifndef STDIN_FILENO
35#define STDIN_FILENO    0
36#endif
37
38/* Local stuff. */
39
40#include "patchlevel.h"
41#include "tcpd.h"
42
43int     allow_severity = SEVERITY;      /* run-time adjustable */
44int     deny_severity = LOG_WARNING;    /* ditto */
45
46main(argc, argv)
47int     argc;
48char  **argv;
49{
50    struct request_info request;
51    char    path[MAXPATHNAMELEN];
52
53    /* Attempt to prevent the creation of world-writable files. */
54
55#ifdef DAEMON_UMASK
56    umask(DAEMON_UMASK);
57#endif
58
59    /*
60     * Open a channel to the syslog daemon. Older versions of openlog()
61     * require only two arguments.
62     */
63
64#ifdef LOG_MAIL
65    (void) openlog(argv[0], LOG_PID, FACILITY);
66#else
67    (void) openlog(argv[0], LOG_PID);
68#endif
69
70    /*
71     * Find out the endpoint addresses of this conversation. Host name
72     * lookups and double checks will be done on demand.
73     */
74
75    request_init(&request, RQ_DAEMON, argv[0], RQ_FILE, STDIN_FILENO, 0);
76    fromhost(&request);
77
78    /*
79     * Optionally look up and double check the remote host name. Sites
80     * concerned with security may choose to refuse connections from hosts
81     * that pretend to have someone elses host name.
82     */
83
84#ifdef PARANOID
85    if (STR_EQ(eval_hostname(request.client), paranoid))
86        refuse(&request);
87#endif
88
89    /*
90     * The BSD rlogin and rsh daemons that came out after 4.3 BSD disallow
91     * socket options at the IP level. They do so for a good reason.
92     * Unfortunately, we cannot use this with SunOS 4.1.x because the
93     * getsockopt() system call can panic the system.
94     */
95
96#ifdef KILL_IP_OPTIONS
97    fix_options(&request);
98#endif
99
100    /*
101     * Check whether this host can access the service in argv[0]. The
102     * access-control code invokes optional shell commands as specified in
103     * the access-control tables.
104     */
105
106#ifdef HOSTS_ACCESS
107    if (!hosts_access(&request))
108        refuse(&request);
109#endif
110
111    /* Report request and invoke the real daemon program. */
112
113    syslog(allow_severity, "connect from %s", eval_client(&request));
114    sprintf(path, "%s/miscd", REAL_DAEMON_DIR);
115    closelog();
116    (void) execv(path, argv);
117    syslog(LOG_ERR, "error: cannot execute %s: %m", path);
118    clean_exit(&request);
119    /* NOTREACHED */
120}
Note: See TracBrowser for help on using the repository browser.