InfoMagic Internet Tools 1993 July

home *** CD-ROM | disk | FTP | other *** search

/ InfoMagic Internet Tools 1993 July / Internet Tools.iso / RockRidge / security / xinetd / xinetd.2.0.6 / access.c next >

Wrap

C/C++ Source or Header | 1993-01-22 | 2.9 KB | 118 lines

/* * (c) Copyright 1992 by Panagiotis Tsirigotis * All rights reserved. The file named COPYRIGHT specifies the terms * and conditions for redistribution. */ static char RCSid[] = "$Id: access.c,v 5.2 1993/01/14 01:50:25 panos Exp $" ; #include <syslog.h> #include <time.h> #include "addr.h" #include "connection.h" #include "service.h" #include "access.h" #include "state.h" char *inet_ntoa() ; time_t time() ; void msg() ; /* * m is the mask pointer, t is the check type */ #define CHECK( mp, t ) ( ( (mp) == NULL ) || M_IS_SET( *mp, t ) ) /* * Perform the access controls specified by check_mask. * If check_mask is NULL, perform all access controls */ access_e access_control( sp, cp, check_mask ) register struct service *sp ; register connection_s *cp ; register mask_t *check_mask ; { struct service_config *scp = CONF( sp ) ; struct service_data *sdp = SDATA( sp ) ; status_e remote_address_check() ; if ( CHECK( check_mask, CF_ADDRESS ) && conn_address( cp ) != SOCKADDRIN_NULL && remote_address_check( sp, conn_address( cp ) ) == FAILED ) return( AC_ADDRESS ) ; if ( CHECK( check_mask, CF_TIME ) && scp->access_times && ! time_in_range( scp->access_times ) ) return( AC_TIME ) ; if ( CHECK( check_mask, CF_SERVICE_LIMIT ) && sdp->running_servers >= scp->instances ) return( AC_SERVICE_LIMIT ) ; if ( CHECK( check_mask, CF_PROCESS_LIMIT ) && ps.ros.process_limit ) { unsigned processes_to_create = IS_INTERCEPTED( CONF( sp ) ) ? 2 : 1 ; if ( pset_count( ps.rws.servers ) + processes_to_create > ps.ros.process_limit ) return( AC_PROCESS_LIMIT ) ; } return( AC_OK ) ; } PRIVATE status_e remote_address_check( sp, sinp ) struct service *sp ; struct sockaddr_in *sinp ; { unsigned long na_match, of_match ; register bool_int na_matched, of_matched ; struct in_addr *addr ; register struct service_data *sdp = SDATA( sp ) ; addr = &sinp->sin_addr ; if ( sdp->no_access != NULL ) na_matched = addrlist_match( sdp->no_access, addr, &na_match ) ; else na_matched = FALSE ; if ( sdp->only_from != NULL ) of_matched = addrlist_match( sdp->only_from, addr, &of_match ) ; else of_matched = FALSE ; /* * Check if the specified address is in both lists */ if ( na_matched && of_matched ) { /* * The greater match wins. * If the matches are equal, this is an error in the service entry * and we cannot allow a server to start. * We do not disable the service entry (not our job). */ if ( na_match == of_match ) msg( LOG_ERR, "remote_address_check", "Service=%s: only_from list and no_access list match equally the address %s", CONF( sp )->id, inet_ntoa( sinp->sin_addr ) ) ; return( ( of_match > na_match ) ? OK : FAILED ) ; } if ( sdp->no_access != NULL && na_matched ) return( FAILED ) ; if ( sdp->only_from != NULL && ! of_matched ) return( FAILED ) ; /* * If no lists were specified, the default is to allow starting a server */ return( OK ) ; }