diff options
author | brian <brian@cvs.openbsd.org> | 1997-12-17 21:18:04 +0000 |
---|---|---|
committer | brian <brian@cvs.openbsd.org> | 1997-12-17 21:18:04 +0000 |
commit | bcfe4f48e6f31b443331e3c2660e36cf38a5d694 (patch) | |
tree | 793f2f2262d7465a210778e67055d1caaef98610 | |
parent | 92e98e5eac72bb917aa345720967a5e907266eb5 (diff) |
Log the source of client connections to the diagnostic port.
Disallow connections from port numbers <1024 as low port numbers
can only really mean trouble (ftp bounces etc.).
Discussed at length with: Theo de Raadt <deraadt@cvs.openbsd.org>
-rw-r--r-- | usr.sbin/ppp/main.c | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/usr.sbin/ppp/main.c b/usr.sbin/ppp/main.c index 2882267ceca..cc13f227789 100644 --- a/usr.sbin/ppp/main.c +++ b/usr.sbin/ppp/main.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: main.c,v 1.4 1997/12/17 21:17:55 brian Exp $ + * $Id: main.c,v 1.5 1997/12/17 21:18:03 brian Exp $ * * TODO: * o Add commands for traffic summary, version display, etc. @@ -746,15 +746,20 @@ StartRedialTimer(int Timeout) } } +#define IN_SIZE sizeof(struct sockaddr_in) +#define UN_SIZE sizeof(struct sockaddr_in) +#define ADDRSZ (IN_SIZE > UN_SIZE ? IN_SIZE : UN_SIZE) static void DoLoop(void) { fd_set rfds, wfds, efds; int pri, i, n, wfd, nfds; - struct sockaddr_in hisaddr; + char hisaddr[ADDRSZ]; + struct sockaddr *sa = (struct sockaddr *)hisaddr; + struct sockaddr_in *sin = (struct sockaddr_in *)hisaddr; struct timeval timeout, *tp; - int ssize = sizeof(hisaddr); + int ssize = ADDRSZ; const u_char *cp; int tries; int qlen; @@ -966,18 +971,37 @@ DoLoop(void) break; } if (server >= 0 && FD_ISSET(server, &rfds)) { - LogPrintf(LogPHASE, "connected to client.\n"); - wfd = accept(server, (struct sockaddr *) & hisaddr, &ssize); + wfd = accept(server, sa, &ssize); if (wfd < 0) { LogPrintf(LogERROR, "DoLoop: accept(): %s\n", strerror(errno)); continue; } + switch (sa->sa_family) { + case AF_LOCAL: + LogPrintf(LogPHASE, "Connected to local client.\n"); + break; + case AF_INET: + if (sin->sin_port < 1024) { + LogPrintf(LogALERT, "Rejected client connection from %s:%u" + "(invalid port number) !\n", + inet_ntoa(sin->sin_addr), sin->sin_port); + close(wfd); + continue; + } + LogPrintf(LogPHASE, "Connected to client from %s:%u\n", + inet_ntoa(sin->sin_addr), sin->sin_port); + break; + default: + write(wfd, "Unrecognised access !\n", 22); + close(wfd); + continue; + } if (netfd >= 0) { - write(wfd, "already in use.\n", 16); + write(wfd, "Connection already in use.\n", 27); close(wfd); continue; - } else - netfd = wfd; + } + netfd = wfd; VarTerm = fdopen(netfd, "a+"); LocalAuthInit(); Greetings(); |