[Nut-upsdev] [PATCH] upsd tcp_wrappers parsing and logging

Stephen Beahm stephenbeahm at comcast.net
Fri Dec 3 20:32:52 UTC 2010


Parsing bug was discussed here:
<http://lists.alioth.debian.org/pipermail/nut-upsuser/2010-September/006230.html>

Parsing bug summary
-------------------
working /etc/hosts.allow:
	upsd	127.0.0.1 [::1]	: ALLOW

broken in /etc/hosts.allow:
	upsd	localhost	: ALLOW

It looks like upsd originally intended to match nut username with system
username? This is not the case now. This causes /etc/hosts.allow information to
be incorrectly parsed. This patch fixes the issue.


Logging was discussed here:
<http://lists.alioth.debian.org/pipermail/nut-upsuser/2010-September/006237.html>

tcp_wrappers was designed around servers that use a separate process for each
connection. The library has a function called refuse() that logs messages and
then calls exit() for that process. However, a single process server does not
exit, so it must perform its own logging. This patch adds logging for
tcp_wrapper denials.


---
 server/upsd.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/server/upsd.c b/server/upsd.c
index 0e46595..eef5638 100644
--- a/server/upsd.c
+++ b/server/upsd.c
@@ -410,11 +410,13 @@ static void check_command(int cmdnum, ctype_t *client, int numarg,
 		}
 
 #ifdef HAVE_WRAP
-		request_init(&req, RQ_DAEMON, progname, RQ_CLIENT_ADDR, client->addr, RQ_USER, client->username, 0);
+		request_init(&req, RQ_DAEMON, progname, RQ_FILE, client->sock_fd, 0);
+		fromhost(&req);
 
 		if (!hosts_access(&req)) {
 			/* tcp-wrappers says access should be denied */
 			send_err(client, NUT_ERR_ACCESS_DENIED);
+			upslogx(deny_severity, "tcp_wrappers denied connection from %s", eval_client(&req));
 			return;
 		}
 #endif	/* HAVE_WRAP */
-- 
1.7.3.2




More information about the Nut-upsdev mailing list