From 2db01c69c96e70f23f573d4653f8aa4cc523b2b2 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Mon, 12 Dec 2005 16:02:33 +0000 Subject: Backout previous change back to 1.92 - My fault, committed diff from unclean tree. --- usr.sbin/authpf/authpf.c | 59 ++++++++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/usr.sbin/authpf/authpf.c b/usr.sbin/authpf/authpf.c index 2701fff4745..d21abcb347d 100644 --- a/usr.sbin/authpf/authpf.c +++ b/usr.sbin/authpf/authpf.c @@ -1,19 +1,28 @@ -/* $OpenBSD: authpf.c,v 1.94 2005/12/09 23:51:21 beck Exp $ */ +/* $OpenBSD: authpf.c,v 1.95 2005/12/12 16:02:32 beck Exp $ */ /* - * Copyright (C) 1998 - 2005 Bob Beck (beck@openbsd.org). + * Copyright (C) 1998 - 2002 Bob Beck (beck@openbsd.org). * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include @@ -431,7 +440,7 @@ static int allowed_luser(char *luser) { char *buf, *lbuf; - int matched = 0; + int matched; size_t len; FILE *f; @@ -480,7 +489,7 @@ allowed_luser(char *luser) } if (matched) - goto done; /* matched an allowed username */ + return (1); /* matched an allowed username */ } syslog(LOG_INFO, "denied access to %s: not listed in %s", luser, PATH_ALLOWFILE); @@ -489,15 +498,13 @@ allowed_luser(char *luser) buf = "\n\nSorry, you are not allowed to use this facility!\n"; fputs(buf, stdout); } -done: - fclose(f); fflush(stdout); - return (matched); + return (0); } /* * check_luser checks to see if user "luser" has been banned - * from using us by virtue of having a file of the same name + * from using us by virtue of having an file of the same name * in the "luserdir" directory. * * If the user has been banned, we copy the contents of the file @@ -553,7 +560,6 @@ check_luser(char *luserdir, char *luser) } } } - fclose(f); fflush(stdout); return (0); } @@ -635,14 +641,13 @@ change_filter(int add, const char *luser, const char *ipsrc) }; char *fdpath = NULL, *userstr = NULL, *ipstr = NULL; char *rsn = NULL, *fn = NULL; - int ret = -1; pid_t pid; gid_t gid; int s; if (luser == NULL || !luser[0] || ipsrc == NULL || !ipsrc[0]) { syslog(LOG_ERR, "invalid luser/ipsrc"); - goto done; + goto error; } if (asprintf(&rsn, "%s/%s", anchorname, rulesetname) == -1) @@ -682,7 +687,8 @@ change_filter(int add, const char *luser, const char *ipsrc) /* revoke group privs before exec */ gid = getgid(); if (setregid(gid, gid) == -1) { - err(1, "setregid failed:"); + err(1, "setregid: %s", strerror(errno)); + do_death(0); } execvp(PATH_PFCTL, pargv); warn("exec of %s failed", PATH_PFCTL); @@ -694,7 +700,7 @@ change_filter(int add, const char *luser, const char *ipsrc) if (s != 0) { if (WIFEXITED(s)) { syslog(LOG_ERR, "pfctl exited abnormally"); - goto done; + goto error; } } @@ -706,11 +712,10 @@ change_filter(int add, const char *luser, const char *ipsrc) syslog(LOG_INFO, "removed %s, user %s - duration %ld seconds", ipsrc, luser, Tend.tv_sec - Tstart.tv_sec); } - ret = 0; - goto done; + return (0); no_mem: syslog(LOG_ERR, "malloc failed"); -done: +error: free(fdpath); fdpath = NULL; free(rsn); @@ -722,7 +727,7 @@ done: free(fn); fn = NULL; infile = NULL; - return (ret); + return (-1); } /* -- cgit v1.2.3