aclexec 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. diff -ruNp tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
  2. --- tcp_wrappers_7.6.orig/hosts_access.c 2006-03-01 19:25:45.000000000 +0100
  3. +++ tcp_wrappers_7.6/hosts_access.c 2006-03-01 19:23:58.000000000 +0100
  4. @@ -82,6 +82,9 @@ int hosts_access_verbose = 0;
  5. */
  6. int resident = (-1); /* -1, 0: unknown; +1: yes */
  7. +#ifdef ACLEXEC
  8. +int aclexec_matched = 0;
  9. +#endif
  10. /* Forward declarations. */
  11. @@ -185,6 +188,12 @@ struct request_info *request;
  12. if (sh_cmd) {
  13. #ifdef PROCESS_OPTIONS
  14. process_options(sh_cmd, request);
  15. +# ifdef ACLEXEC
  16. + if (aclexec_matched) {
  17. + syslog(LOG_INFO, "aclexec returned %d", aclexec_matched);
  18. + match = NO;
  19. + }
  20. +# endif
  21. #else
  22. char cmd[BUFSIZ];
  23. shell_cmd(percent_x(cmd, sizeof(cmd), sh_cmd, request));
  24. diff -ruNp tcp_wrappers_7.6.orig/options.c tcp_wrappers_7.6/options.c
  25. --- tcp_wrappers_7.6.orig/options.c 1996-02-11 17:01:32.000000000 +0100
  26. +++ tcp_wrappers_7.6/options.c 2006-03-01 19:24:25.000000000 +0100
  27. @@ -47,6 +47,7 @@ static char sccsid[] = "@(#) options.c 1
  28. #include <ctype.h>
  29. #include <setjmp.h>
  30. #include <string.h>
  31. +#include <sys/wait.h>
  32. #ifndef MAXPATHNAMELEN
  33. #define MAXPATHNAMELEN BUFSIZ
  34. @@ -76,6 +77,7 @@ static void group_option(); /* execute
  35. static void umask_option(); /* execute "umask mask" option */
  36. static void linger_option(); /* execute "linger time" option */
  37. static void keepalive_option(); /* execute "keepalive" option */
  38. +static void aclexec_option(); /* execute "aclexec command" option */
  39. static void spawn_option(); /* execute "spawn command" option */
  40. static void twist_option(); /* execute "twist command" option */
  41. static void rfc931_option(); /* execute "rfc931" option */
  42. @@ -113,6 +115,9 @@ static struct option option_table[] = {
  43. "umask", umask_option, NEED_ARG,
  44. "linger", linger_option, NEED_ARG,
  45. "keepalive", keepalive_option, 0,
  46. +#ifdef ACLEXEC
  47. + "aclexec", aclexec_option, NEED_ARG | EXPAND_ARG,
  48. +#endif
  49. "spawn", spawn_option, NEED_ARG | EXPAND_ARG,
  50. "twist", twist_option, NEED_ARG | EXPAND_ARG | USE_LAST,
  51. "rfc931", rfc931_option, OPT_ARG,
  52. @@ -310,6 +315,54 @@ struct request_info *request;
  53. shell_cmd(value);
  54. }
  55. +#ifdef ACLEXEC
  56. +/* aclexec_option - spawn a shell command and check status */
  57. +
  58. +/* ARGSUSED */
  59. +
  60. +static void aclexec_option(value, request)
  61. +char *value;
  62. +struct request_info *request;
  63. +{
  64. + int status, child_pid, wait_pid;
  65. + extern int aclexec_matched;
  66. +
  67. + if (dry_run != 0)
  68. + return;
  69. +
  70. + child_pid = fork();
  71. +
  72. + /* Something went wrong: we MUST terminate the process. */
  73. + if (child_pid < 0) {
  74. + tcpd_warn("aclexec_option: /bin/sh: %m");
  75. + clean_exit(request);
  76. + }
  77. +
  78. + if (child_pid == 0) {
  79. + execl("/bin/sh", "sh", "-c", value, (char *) 0);
  80. +
  81. + /* Something went wrong. We MUST terminate the child process. */
  82. + tcpd_warn("execl /bin/sh: %m");
  83. + _exit(0);
  84. + }
  85. +
  86. + while ((wait_pid = wait(&status)) != -1 && wait_pid != child_pid)
  87. + /* void */ ;
  88. +
  89. + aclexec_matched = 1;
  90. +
  91. + if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
  92. + aclexec_matched = 0;
  93. + }
  94. +
  95. + if (WIFSIGNALED(status))
  96. + tcpd_warn("process %d exited with signal %d", child_pid,
  97. + WTERMSIG(status));
  98. +
  99. + return;
  100. +}
  101. +#endif
  102. +
  103. /* linger_option - set the socket linger time (Marc Boucher <marc@cam.org>) */
  104. /* ARGSUSED */
  105. diff -ruNp tcp_wrappers_7.6.orig/hosts_options.5 tcp_wrappers_7.6/hosts_options.5
  106. --- tcp_wrappers_7.6.orig/hosts_options.5 2006-03-01 21:48:43.000000000 +0100
  107. +++ tcp_wrappers_7.6/hosts_options.5 2006-03-01 21:47:39.000000000 +0100
  108. @@ -52,6 +52,23 @@ ALL: ALL: ALLOW
  109. .sp
  110. Notice the leading dot on the domain name patterns.
  111. .SH RUNNING OTHER COMMANDS
  112. +.IP "aclexec shell_command"
  113. +Execute, in a child process, the specified shell command, after
  114. +performing the %<letter> expansions described in the hosts_access(5)
  115. +manual page. The command is executed with stdin, stdout and stderr
  116. +connected to the null device, so that it won't mess up the
  117. +conversation with the client host. Example:
  118. +.sp
  119. +.nf
  120. +.ti +3
  121. +smtp : ALL : aclexec checkdnsbl %a
  122. +.fi
  123. +.sp
  124. +executes, in a background child process, the shell command "checkdnsbl %a"
  125. +after replacing %a by the address of the remote host.
  126. +.sp
  127. +The connection will be allowed or refused depending on whether the
  128. +command returns a true or false exit status.
  129. .IP "spawn shell_command"
  130. Execute, in a child process, the specified shell command, after
  131. performing the %<letter> expansions described in the hosts_access(5)