summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>1997-12-17 21:18:04 +0000
committerbrian <brian@cvs.openbsd.org>1997-12-17 21:18:04 +0000
commitbcfe4f48e6f31b443331e3c2660e36cf38a5d694 (patch)
tree793f2f2262d7465a210778e67055d1caaef98610
parent92e98e5eac72bb917aa345720967a5e907266eb5 (diff)
Log the source of client connections to the diagnostic port.
Disallow connections from port numbers <1024 as low port numbers can only really mean trouble (ftp bounces etc.). Discussed at length with: Theo de Raadt <deraadt@cvs.openbsd.org>
-rw-r--r--usr.sbin/ppp/main.c40
1 files changed, 32 insertions, 8 deletions
diff --git a/usr.sbin/ppp/main.c b/usr.sbin/ppp/main.c
index 2882267ceca..cc13f227789 100644
--- a/usr.sbin/ppp/main.c
+++ b/usr.sbin/ppp/main.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: main.c,v 1.4 1997/12/17 21:17:55 brian Exp $
+ * $Id: main.c,v 1.5 1997/12/17 21:18:03 brian Exp $
*
* TODO:
* o Add commands for traffic summary, version display, etc.
@@ -746,15 +746,20 @@ StartRedialTimer(int Timeout)
}
}
+#define IN_SIZE sizeof(struct sockaddr_in)
+#define UN_SIZE sizeof(struct sockaddr_in)
+#define ADDRSZ (IN_SIZE > UN_SIZE ? IN_SIZE : UN_SIZE)
static void
DoLoop(void)
{
fd_set rfds, wfds, efds;
int pri, i, n, wfd, nfds;
- struct sockaddr_in hisaddr;
+ char hisaddr[ADDRSZ];
+ struct sockaddr *sa = (struct sockaddr *)hisaddr;
+ struct sockaddr_in *sin = (struct sockaddr_in *)hisaddr;
struct timeval timeout, *tp;
- int ssize = sizeof(hisaddr);
+ int ssize = ADDRSZ;
const u_char *cp;
int tries;
int qlen;
@@ -966,18 +971,37 @@ DoLoop(void)
break;
}
if (server >= 0 && FD_ISSET(server, &rfds)) {
- LogPrintf(LogPHASE, "connected to client.\n");
- wfd = accept(server, (struct sockaddr *) & hisaddr, &ssize);
+ wfd = accept(server, sa, &ssize);
if (wfd < 0) {
LogPrintf(LogERROR, "DoLoop: accept(): %s\n", strerror(errno));
continue;
}
+ switch (sa->sa_family) {
+ case AF_LOCAL:
+ LogPrintf(LogPHASE, "Connected to local client.\n");
+ break;
+ case AF_INET:
+ if (sin->sin_port < 1024) {
+ LogPrintf(LogALERT, "Rejected client connection from %s:%u"
+ "(invalid port number) !\n",
+ inet_ntoa(sin->sin_addr), sin->sin_port);
+ close(wfd);
+ continue;
+ }
+ LogPrintf(LogPHASE, "Connected to client from %s:%u\n",
+ inet_ntoa(sin->sin_addr), sin->sin_port);
+ break;
+ default:
+ write(wfd, "Unrecognised access !\n", 22);
+ close(wfd);
+ continue;
+ }
if (netfd >= 0) {
- write(wfd, "already in use.\n", 16);
+ write(wfd, "Connection already in use.\n", 27);
close(wfd);
continue;
- } else
- netfd = wfd;
+ }
+ netfd = wfd;
VarTerm = fdopen(netfd, "a+");
LocalAuthInit();
Greetings();