70 lines
2.1 KiB
Diff
70 lines
2.1 KiB
Diff
diff -up am-utils-6.1.5/amd/amq_svc.c.kzak am-utils-6.1.5/amd/amq_svc.c
|
|
--- am-utils-6.1.5/amd/amq_svc.c.kzak 2006-01-02 19:40:31.000000000 +0100
|
|
+++ am-utils-6.1.5/amd/amq_svc.c 2010-03-01 12:43:25.000000000 +0100
|
|
@@ -65,47 +65,17 @@ int allow_severity=0, deny_severity=0;
|
|
* Returns: 1=allowed, 0=denied.
|
|
*/
|
|
static int
|
|
-amqsvc_is_client_allowed(const struct sockaddr_in *addr, char *remote)
|
|
+amqsvc_is_client_allowed(const struct sockaddr_in *addr)
|
|
{
|
|
- struct hostent *h;
|
|
- char *name = NULL, **ad;
|
|
- int ret = 0; /* default is 0==denied */
|
|
-
|
|
- /* Check IP address */
|
|
- if (hosts_ctl(AMD_SERVICE_NAME, "", remote, "")) {
|
|
- ret = 1;
|
|
- goto out;
|
|
- }
|
|
- /* Get address */
|
|
- if (!(h = gethostbyaddr((const char *)&(addr->sin_addr),
|
|
- sizeof(addr->sin_addr),
|
|
- AF_INET)))
|
|
- goto out;
|
|
- if (!(name = strdup(h->h_name)))
|
|
- goto out;
|
|
- /* Paranoia check */
|
|
- if (!(h = gethostbyname(name)))
|
|
- goto out;
|
|
- for (ad = h->h_addr_list; *ad; ad++)
|
|
- if (!memcmp(*ad, &(addr->sin_addr), h->h_length))
|
|
- break;
|
|
- if (!*ad)
|
|
- goto out;
|
|
- if (hosts_ctl(AMD_SERVICE_NAME, "", h->h_name, "")) {
|
|
- return 1;
|
|
- goto out;
|
|
- }
|
|
- /* Check aliases */
|
|
- for (ad = h->h_aliases; *ad; ad++)
|
|
- if (hosts_ctl(AMD_SERVICE_NAME, "", *ad, "")) {
|
|
- return 1;
|
|
- goto out;
|
|
- }
|
|
+ struct request_info req;
|
|
+
|
|
+ request_init(&req, RQ_DAEMON, AMD_SERVICE_NAME, RQ_CLIENT_SIN, addr, 0);
|
|
+ sock_methods(&req);
|
|
+
|
|
+ if (hosts_access(&req))
|
|
+ return 1;
|
|
|
|
- out:
|
|
- if (name)
|
|
- XFREE(name);
|
|
- return ret;
|
|
+ return 0;
|
|
}
|
|
#endif /* defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) */
|
|
|
|
@@ -127,7 +97,7 @@ amq_program_1(struct svc_req *rqstp, SVC
|
|
struct sockaddr_in *remote_addr = svc_getcaller(rqstp->rq_xprt);
|
|
char *remote_hostname = inet_ntoa(remote_addr->sin_addr);
|
|
|
|
- if (!amqsvc_is_client_allowed(remote_addr, remote_hostname)) {
|
|
+ if (!amqsvc_is_client_allowed(remote_addr)) {
|
|
plog(XLOG_WARNING, "Amd denied remote amq service to %s", remote_hostname);
|
|
svcerr_auth(transp, AUTH_FAILED);
|
|
return;
|