-Tattling is bad, users should be allowed to run anything on the system

without it generating logs
-exit with 0 and 1 instead of EX_FOO
-make read_config (with the test and exit) the first thing that
happens in main, no openlog or memset first.

2 files changed, 23 insertions, 29 deletions

diff --git a/usr.sbin/authpf/authpf.8 b/usr.sbin/authpf/authpf.8
index c24c52e11eb..e2b6284f6b6 100644
--- a/usr.sbin/authpf/authpf.8
+++ b/usr.sbin/authpf/authpf.8
@@ -1,4 +1,4 @@
-\" $OpenBSD: authpf.8,v 1.3 2002/04/01 18:36:27 mickey Exp $
+\" $OpenBSD: authpf.8,v 1.4 2002/04/01 18:54:32 beck Exp $
 .\"
 .\" Copyright (c) 2002 Bob Beck (beck@openbsd.org>.  All rights reserved.
 .\"
@@ -220,19 +220,19 @@ facilities.
 .Pp
 .Nm
 modifies the packet filter and address translation rules, and because
-of this it needs to be configured carefully. After considering the effect
+of this it needs to be configured carefully.
+.Nm
+will not run and will exit silently if the
+.Pa /etc/authpf/authpf.conf
+file does not exist.
+After considering the effect
 .Nm
 may have on the main packet filter rules, the system administrator may
 enable 
 .Nm
 by creating an appropriate
 .Pa /etc/authpf/authpf.conf
-file. Should someone attempt to run
-.Nm
-when the 
-.Pa /etc/authpf/authpf.conf
-file does not exist, the attempt will be logged to 
-.Xr syslog 8
+file.
 .Sh EXAMPLES
 \fBControl Files\fP - To illustrate the user-specific access control
 mechanisms, let us consider a typical user named bob. Normally, as long as
diff --git a/usr.sbin/authpf/authpf.c b/usr.sbin/authpf/authpf.c
index f14677742cc..23c8aa37f55 100644
--- a/usr.sbin/authpf/authpf.c
+++ b/usr.sbin/authpf/authpf.c
@@ -112,19 +112,18 @@ main(int argc, char *argv[])
 
 	namep = (struct sockaddr *)&peer;
 	namelen = sizeof(peer);
-	memset(namep, 0, namelen);
-
-	openlog("authpf", LOG_PID | LOG_NDELAY, LOG_DAEMON);
 
 	read_config();
 
+	memset(namep, 0, namelen);
+
 	if ((foo = getenv("LOGNAME")) != NULL)
 		strlcpy(luser, foo, sizeof(luser));
 	else if ((foo = getenv("USER")) != NULL)
 		strlcpy(luser, foo, sizeof(luser));
 	else {
 		syslog(LOG_ERR, "No user given!");
-		exit(EX_CONFIG);
+		exit(1);
 	}
 
 	if ((foo = getenv("SSH_CLIENT")) != NULL) {
@@ -138,12 +137,12 @@ main(int argc, char *argv[])
 		}
 	} else {
 		syslog(LOG_ERR, "Can't determine connection source");
-		exit(EX_CONFIG);
+		exit(1);
 	}
 	if (!check_luser(bannedir, luser) || !allowed_luser(luser)) {
 		/* give the luser time to read our nastygram on the screen */
 		sleep(180);
-		exit(EX_NOPERM);
+		exit(1);
 	}
 
 	/*
@@ -280,7 +279,7 @@ main(int argc, char *argv[])
 		unlink(pidfile); /* fail silently */
 	if (userfile[0] != '\0')
 		unlink(userfile); /* fail silently */
-	exit(EX_CONFIG);
+	exit(1);
 }
 
 /* read_config:
@@ -295,16 +294,11 @@ read_config(void)
 	FILE *f;
 
 	f = fopen(configfile, "r");
-	if (f == NULL) {
-		if (errno == ENOTDIR || errno == ENOENT)
-			/* if the config file is not present, refuse to run */
-			syslog(LOG_INFO, "run by uid %d but no %s file exits",
-			    getuid(), configfile);
-		else 
-			syslog(LOG_INFO, "can't open %s (%m)", configfile);
-		exit(EX_CONFIG);
-	}
+	if (f == NULL) 
+		exit(1); /* exit silently if we have no config file */
 
+	openlog("authpf", LOG_PID | LOG_NDELAY, LOG_DAEMON);
+	
 	do {
 		char **ap, *pair[4], *cp, *tp;
 		int len;
@@ -318,7 +312,7 @@ read_config(void)
 		if (buf[len - 1] != '\n' && !feof(f)) {
 			syslog(LOG_ERR, "line %d too long in %s", i,
 			    configfile);
-			exit(EX_CONFIG);
+			exit(1);
 		}
 		buf[len - 1] = '\0';
 
@@ -369,7 +363,7 @@ read_config(void)
  parse_error:
 	fclose(f);
 	syslog(LOG_ERR, "parse error, line %d of %s", i, configfile);
-	exit(EX_CONFIG);
+	exit(1);
 }
 
 
@@ -829,17 +823,17 @@ terminator(int s)
 static __dead void
 go_away(void)
 {
-	int ret = EX_OK;
+	int ret = 0;
 
 	changefilter(0, luser, ipsrc);
 	authpf_kill_states();
 	if (unlink(pidfile) != 0) {
 		syslog(LOG_ERR, "Couldn't unlink %s! (%m)", pidfile);
-		ret = EX_OSERR;
+		ret = 1;
 	}
 	if (unlink(userfile) != 0) {
 		syslog(LOG_ERR, "Couldn't unlink %s! (%m)", userfile);
-		ret = EX_OSERR;
+		ret = 1;
 	}
 	exit(ret);
 }