From 04bbad7e282e5fc2c167596b566c9710de537141 Mon Sep 17 00:00:00 2001 From: Kim Holviala Date: Fri, 1 Jan 2016 10:12:19 +0200 Subject: [PATCH] Added optional support for TCP wrappers --- INSTALL | 20 ++++++++++++++++++++ Makefile | 14 ++++++++++---- gophernicus.c | 11 +++++++++-- gophernicus.h | 9 ++++++++- 4 files changed, 47 insertions(+), 7 deletions(-) diff --git a/INSTALL b/INSTALL index f74c397..96bfec5 100644 --- a/INSTALL +++ b/INSTALL @@ -27,6 +27,23 @@ hostname (the one set with -h ) directory available (mkdir /var/gopher/$HOSTNAME). +Compiling with TCP wrappers +=========================== + +Gophernicus uses no extra libraries... well... except libwrap +(TCP wrappers) if it is installed with headers in default Unix +directories at the time of compiling. If you have the headers +installed and don't want wrapper support, run 'make generic' +instead of just 'make', and if you have wrappers installed in +non-standard place and want to force compile with wrappers +just run 'make withwrap'. + +For configuring IP access lists with TCP wrappers, take a look +at the files /etc/hosts.allow and /etc/hosts.deny (because the +manual pages suck). Use the daemon name 'in.gophernicus' to +make your access lists. + + Running with traditional inetd superserver ========================================== @@ -49,6 +66,9 @@ of "sudo make install" you should just install the deb with "dpkg -i ../gophernicus_*.deb" after which It Should Just Work(tm). +If you need TCP wrappers support on Debian/Ubuntu, please +install libwrap0-dev before compiling. + Cross-compiling =============== diff --git a/Makefile b/Makefile index ab5eee4..a00d129 100644 --- a/Makefile +++ b/Makefile @@ -52,19 +52,25 @@ IPCRM = /usr/bin/ipcrm # all: @case `uname` in \ - Darwin) $(MAKE) ROOT="$(OSXROOT)" DESTDIR="$(OSXDEST)" $(BINARY); ;; \ - Haiku) $(MAKE) EXTRA_LDFLAGS="-lnetwork" $(BINARY); ;; \ - *) $(MAKE) $(BINARY); ;; \ + Darwin) $(MAKE) ROOT="$(OSXROOT)" DESTDIR="$(OSXDEST)" $(BINARY); ;; \ + Haiku) $(MAKE) EXTRA_LDFLAGS="-lnetwork" $(BINARY); ;; \ + *) if [ -f "/usr/include/tcpd.h" ]; then $(MAKE) withwrap; else $(MAKE) $(BINARY); fi; ;; \ esac generic: $(BINARY) +withwrap: + $(MAKE) EXTRA_CFLAGS="-DHAVE_LIBWRAP" EXTRA_LDFLAGS="-lwrap" $(BINARY) + # # Special targets # deb: ChangeLog - dpkg-buildpackage -rfakeroot -uc -us + @echo + @echo "Debian package building can haz borken, plz wait some moar..." + @echo + @#dpkg-buildpackage -rfakeroot -uc -us ChangeLog: if [ -d .git ]; then \ diff --git a/gophernicus.c b/gophernicus.c index 28e6bd6..38b494f 100644 --- a/gophernicus.c +++ b/gophernicus.c @@ -329,7 +329,7 @@ char *get_local_address(void) #endif /* Nothing works... I'm out of ideas */ - return DEFAULT_ADDR; + return UNKNOWN_ADDR; } @@ -374,7 +374,7 @@ char *get_peer_address(void) #endif /* Nothing works... I'm out of ideas */ - return DEFAULT_ADDR; + return UNKNOWN_ADDR; } @@ -498,6 +498,13 @@ int main(int argc, char *argv[]) /* Open syslog() */ if (st.opt_syslog) openlog(self, LOG_PID, LOG_DAEMON); + /* Check if TCP wrappers have something to say about this connection */ +#ifdef HAVE_LIBWRAP + if (sstrncmp(st.req_remote_addr, UNKNOWN_ADDR) != MATCH && + hosts_ctl(self, STRING_UNKNOWN, st.req_remote_addr, STRING_UNKNOWN) == WRAP_DENIED) + die(&st, ERR_ACCESS, "Refused connection"); +#endif + /* Make sure the computer is turned on */ #ifdef __HAIKU__ if (is_computer_on() != TRUE) diff --git a/gophernicus.h b/gophernicus.h index a80d3c5..2014e4f 100644 --- a/gophernicus.h +++ b/gophernicus.h @@ -48,6 +48,7 @@ #define HAVE_POPEN /* popen() */ #undef HAVE_STRLCPY /* strlcpy() from OpenBSD */ #undef HAVE_SENDFILE /* sendfile() in Linux & others */ +/* #undef HAVE_LIBWRAP autodetected, don't enable here */ /* Linux */ #ifdef __linux @@ -130,6 +131,10 @@ size_t strlcpy(char *dst, const char *src, size_t siz); size_t strlcat(char *dst, const char *src, size_t siz); #endif +#ifdef HAVE_LIBWRAP +#include +#endif + /* * Compile-time configuration */ @@ -148,6 +153,8 @@ size_t strlcat(char *dst, const char *src, size_t siz); #define ERROR -1 #define MATCH 0 +#define WRAP_DENIED 0 + /* Gopher filetypes */ #define TYPE_TEXT '0' @@ -188,11 +195,11 @@ size_t strlcat(char *dst, const char *src, size_t siz); #define DEFAULT_TAG "gophertag" #define DEFAULT_CGI "/cgi-bin/" #define DEFAULT_USERDIR "public_gopher" -#define DEFAULT_ADDR "unknown" #define DEFAULT_WIDTH 76 #define DEFAULT_CHARSET US_ASCII #define MIN_WIDTH 33 #define MAX_WIDTH 200 +#define UNKNOWN_ADDR "unknown" /* Session defaults */ #define DEFAULT_SESSION_TIMEOUT 1800