[Nagios-devel] nsca libwrap support

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Guest

[Nagios-devel] nsca libwrap support

Post by Guest »

--+pHx0qQiF2pBVqBT
Content-Type: multipart/mixed; boundary="IJpNTDwzlM2Ie8A6"
Content-Disposition: inline


--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Attached is a patch for nsca.c (as of CVS this morning), that fixed the
recently added TCP wrappers support. Tested in both --single and --daemon
modes.

I moved the libwrap check up to just after the accept() and prior to the fork()
in MULTI_PROCESS mode so that rejected attempts don't cause process creation
(trivial DoS attack). I also fixed the reject logic; the reject() function
calls exit(), which broke single mode.

Let me know if the patch requires cleanup.

M

--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="nsca.c.libwrap.patch"
Content-Transfer-Encoding: quoted-printable

Index: nsca.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvsroot/nagios/nsca/src/nsca.c,v
retrieving revision 1.16
diff -u -r1.16 nsca.c
--- nsca.c 24 Oct 2003 01:31:08 -0000 1.16
+++ nsca.c 24 Oct 2003 15:55:48 -0000
@@ -725,6 +725,21 @@
return;
}
=20
+#ifdef HAVE_LIBWRAP
+
+ /* Check whether or not connections are allowed from this host */
+ request_init(&req,RQ_DAEMON,"nsca",RQ_FILE,new_sd,0);
+ fromhost(&req);
+
+ if(!hosts_access(&req)){
+ /* refuse the connection */
+ syslog(LOG_ERR, "refused connect from %s", eval_client(&req));
+ close(new_sd);
+ return;
+ }
+#endif
+
+
/* fork() if we have to... */
if(mode=3D=3DMULTI_PROCESS_DAEMON){
=20
@@ -760,29 +775,6 @@
/* log info to syslog facility */
if(debug=3D=3DTRUE)
syslog(LOG_DEBUG,"Connection from %s port %d",inet_ntoa(np=
tr->sin_addr),nptr->sin_port);
-
-#ifdef HAVE_LIBWRAP
-
- /* Check whether or not connections are allowed from this host */
- request_init(&req,RQ_DAEMON,"nsca",RQ_FILE,new_sd,0);
- fromhost(&req);
-
- if(!hosts_access(&req)){
-
- syslog(LOG_DEBUG,"Connection refused by TCP wrapper");
-
- /* cleanup */
- do_cleanup();
-
- /* refuse the connection */
- refuse(&req);
- close(new_sd);
-
- /* should not be reached */
- syslog(LOG_ERR,"libwrap refuse() returns!");
- exit(STATE_CRITICAL);
- }
-#endif
=20
/* handle the connection */
if(mode=3D=3DSINGLE_PROCESS_DAEMON)

--IJpNTDwzlM2Ie8A6--

--+pHx0qQiF2pBVqBT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/mUx0OtZWu2tc1lARAnfRAJ4ncKNbPyvc8LQi0sgwzAA3kY3QbwCfesbf
W4Y1zlO/cs597HDKxBMh548=
=w7zj
-----END PGP SIGNATURE-----

--+pHx0qQiF2pBVqBT--





This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Top
Locked

Return to “Open Source Nagios Projects”