- fix #566711 - am-utils: incorrect use of tcp_wrapper
This commit is contained in:
parent
197cf35ac2
commit
ece19f8388
|
@ -0,0 +1,69 @@
|
||||||
|
diff -up am-utils-6.1.5/amd/amq_svc.c.kzak am-utils-6.1.5/amd/amq_svc.c
|
||||||
|
--- am-utils-6.1.5/amd/amq_svc.c.kzak 2006-01-02 19:40:31.000000000 +0100
|
||||||
|
+++ am-utils-6.1.5/amd/amq_svc.c 2010-03-01 12:43:25.000000000 +0100
|
||||||
|
@@ -65,47 +65,17 @@ int allow_severity=0, deny_severity=0;
|
||||||
|
* Returns: 1=allowed, 0=denied.
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
-amqsvc_is_client_allowed(const struct sockaddr_in *addr, char *remote)
|
||||||
|
+amqsvc_is_client_allowed(const struct sockaddr_in *addr)
|
||||||
|
{
|
||||||
|
- struct hostent *h;
|
||||||
|
- char *name = NULL, **ad;
|
||||||
|
- int ret = 0; /* default is 0==denied */
|
||||||
|
-
|
||||||
|
- /* Check IP address */
|
||||||
|
- if (hosts_ctl(AMD_SERVICE_NAME, "", remote, "")) {
|
||||||
|
- ret = 1;
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- /* Get address */
|
||||||
|
- if (!(h = gethostbyaddr((const char *)&(addr->sin_addr),
|
||||||
|
- sizeof(addr->sin_addr),
|
||||||
|
- AF_INET)))
|
||||||
|
- goto out;
|
||||||
|
- if (!(name = strdup(h->h_name)))
|
||||||
|
- goto out;
|
||||||
|
- /* Paranoia check */
|
||||||
|
- if (!(h = gethostbyname(name)))
|
||||||
|
- goto out;
|
||||||
|
- for (ad = h->h_addr_list; *ad; ad++)
|
||||||
|
- if (!memcmp(*ad, &(addr->sin_addr), h->h_length))
|
||||||
|
- break;
|
||||||
|
- if (!*ad)
|
||||||
|
- goto out;
|
||||||
|
- if (hosts_ctl(AMD_SERVICE_NAME, "", h->h_name, "")) {
|
||||||
|
- return 1;
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- /* Check aliases */
|
||||||
|
- for (ad = h->h_aliases; *ad; ad++)
|
||||||
|
- if (hosts_ctl(AMD_SERVICE_NAME, "", *ad, "")) {
|
||||||
|
- return 1;
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
+ struct request_info req;
|
||||||
|
+
|
||||||
|
+ request_init(&req, RQ_DAEMON, AMD_SERVICE_NAME, RQ_CLIENT_SIN, addr, 0);
|
||||||
|
+ sock_methods(&req);
|
||||||
|
+
|
||||||
|
+ if (hosts_access(&req))
|
||||||
|
+ return 1;
|
||||||
|
|
||||||
|
- out:
|
||||||
|
- if (name)
|
||||||
|
- XFREE(name);
|
||||||
|
- return ret;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
#endif /* defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) */
|
||||||
|
|
||||||
|
@@ -127,7 +97,7 @@ amq_program_1(struct svc_req *rqstp, SVC
|
||||||
|
struct sockaddr_in *remote_addr = svc_getcaller(rqstp->rq_xprt);
|
||||||
|
char *remote_hostname = inet_ntoa(remote_addr->sin_addr);
|
||||||
|
|
||||||
|
- if (!amqsvc_is_client_allowed(remote_addr, remote_hostname)) {
|
||||||
|
+ if (!amqsvc_is_client_allowed(remote_addr)) {
|
||||||
|
plog(XLOG_WARNING, "Amd denied remote amq service to %s", remote_hostname);
|
||||||
|
svcerr_auth(transp, AUTH_FAILED);
|
||||||
|
return;
|
|
@ -1,7 +1,7 @@
|
||||||
Summary: Automount utilities including an updated version of Amd
|
Summary: Automount utilities including an updated version of Amd
|
||||||
Name: am-utils
|
Name: am-utils
|
||||||
Version: 6.1.5
|
Version: 6.1.5
|
||||||
Release: 15%{?dist}
|
Release: 16%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Epoch: 5
|
Epoch: 5
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
@ -48,6 +48,8 @@ Patch4: am-utils-6.1.5-buildsys.patch
|
||||||
Patch5: am-utils-6.1.5-expn-temp.patch
|
Patch5: am-utils-6.1.5-expn-temp.patch
|
||||||
# 450754 - Amd does not work with 2.6.25
|
# 450754 - Amd does not work with 2.6.25
|
||||||
Patch6: am-utils-6.1.5-nolock-toplvl.patch
|
Patch6: am-utils-6.1.5-nolock-toplvl.patch
|
||||||
|
# 566711 - am-utils: incorrect use of tcp_wrapper
|
||||||
|
Patch7: am-utils-6.1.5-libwarp.patch
|
||||||
|
|
||||||
# We need to filter out some perl requirements for now.
|
# We need to filter out some perl requirements for now.
|
||||||
%define _use_internal_dependency_generator 0
|
%define _use_internal_dependency_generator 0
|
||||||
|
@ -73,6 +75,7 @@ mounting and unmounting filesystems.
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
|
|
||||||
find_requires=%{old_find_requires}
|
find_requires=%{old_find_requires}
|
||||||
echo "$find_requires | grep -v lostaltmail.conf" > find-requires
|
echo "$find_requires | grep -v lostaltmail.conf" > find-requires
|
||||||
|
@ -177,6 +180,9 @@ fi
|
||||||
%{_libdir}/libamu.so*
|
%{_libdir}/libamu.so*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 1 2010 Karel Zak <kzak@redhat.com> 5:6.1.5-16
|
||||||
|
- fix #566711 - am-utils: incorrect use of tcp_wrapper
|
||||||
|
|
||||||
* Wed Feb 24 2010 Karel Zak <kzak@redhat.com> 5:6.1.5-15
|
* Wed Feb 24 2010 Karel Zak <kzak@redhat.com> 5:6.1.5-15
|
||||||
- fix #523221 - initscript collected problems LSB-compilant
|
- fix #523221 - initscript collected problems LSB-compilant
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue