aboutsummaryrefslogtreecommitdiff
path: root/src/tcpwrap.c
blob: 907bc2075e29922757e09ae56461262098f2e7e3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/* wydawca - automatic release submission daemon
   Copyright (C) 2007-2013 Sergey Poznyakoff

   Wydawca is free software; you can redistribute it and/or modify it
   under the terms of the GNU General Public License as published by the
   Free Software Foundation; either version 3 of the License, or (at your
   option) any later version.

   Wydawca is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License along
   with wydawca. If not, see <http://www.gnu.org/licenses/>. */

#include "wydawca.h"
#include <mailutils/syslog.h>

#ifdef WITH_LIBWRAP
# include <tcpd.h>

static int tcpwrap_enable;
static char *tcpwrap_daemon;
int deny_severity = LOG_INFO;
int allow_severity = LOG_INFO;

static int
cb_syslog_priority(enum grecs_callback_command cmd,
		   grecs_locus_t * locus,
		   void *varptr, grecs_value_t * value, void *cb_data)
{
	if (assert_string_arg(locus, cmd, value))
		return 1;

	if (mu_string_to_syslog_priority(value->v.string, varptr))
		grecs_error(locus, 0, _("Unknown syslog priority `%s'"),
			    value->v.string);
	return 0;
}

struct grecs_keyword tcpwrapper_kw[] = {
	{ "enable", NULL,
	  N_("Enable TCP wrapper access control.  Default is \"yes\"."),
	  grecs_type_bool, GRECS_DFLT, &tcpwrap_enable },
	{ "daemon", N_("name"),
	  N_("Set daemon name for TCP wrapper lookups.  "
	     "Default is program name."),
	  grecs_type_string, GRECS_DFLT, &tcpwrap_daemon },
	{ "allow-table", N_("file"),
	  N_("Use file for positive client address access control "
	     "(default: /etc/hosts.allow)."),
	  grecs_type_string, GRECS_DFLT, &hosts_allow_table },
	{ "deny-table", N_("file"),
	  N_("Use file for negative client address access control "
	     "(default: /etc/hosts.deny)."),
	  grecs_type_string, GRECS_DFLT, &hosts_deny_table },
	{ "allow-syslog-priority", N_("prio"),
	  N_("Log host allows at this syslog priority."),
	  grecs_type_string, GRECS_DFLT, &allow_severity, 0,
	  cb_syslog_priority },
	{ "deny-syslog-priority", N_("prio"),
	  N_("Log host denies at this syslog priority."),
	  grecs_type_string, GRECS_DFLT, &deny_severity, 0,
	  cb_syslog_priority },
	{ NULL }
};

int
tcpwrap_access(int fd)
{
	struct request_info req;

	if (!tcpwrap_enable)
		return 1;
	request_init(&req,
		     RQ_DAEMON,
		     tcpwrap_daemon ? tcpwrap_daemon : program_name,
		     RQ_FILE, fd, NULL);
	fromhost(&req);
	return hosts_access(&req);
}

#endif

Return to:

Send suggestions and report system problems to the System administrator.