From djb-qmail-return-3343-dgaudet-list-qmail=arctic.org@koobera.math.uic.edu Thu Jun 12 20:34:02 1997 Return-Path: Delivered-To: dgaudet-list-qmail@arctic.org Received: (qmail 17192 invoked from network); 12 Jun 1997 20:34:01 -0000 Received: from cruncher.math.uic.edu (131.193.178.241) by twinlark.arctic.org with SMTP; 12 Jun 1997 20:34:01 -0000 Received: (qmail 22929 invoked by uid 1001); 12 Jun 1997 20:26:34 -0000 Mailing-List: contact djb-qmail-help@koobera.math.uic.edu; run by ezmlm Delivered-To: mailing list djb-qmail@koobera.math.uic.edu Received: (qmail 22924 invoked from network); 12 Jun 1997 20:26:34 -0000 Received: from koobera.math.uic.edu (qmailr@131.193.178.247) by cruncher.math.uic.edu with SMTP; 12 Jun 1997 20:26:34 -0000 Received: (qmail 27777 invoked by uid 666); 12 Jun 1997 20:35:15 -0000 Delivered-To: djb-qmail@koobera.math.uic.edu Received: (qmail 27773 invoked from network); 12 Jun 1997 20:35:14 -0000 Received: from twinlark.arctic.org (204.62.130.91) by koobera.math.uic.edu with SMTP; 12 Jun 1997 20:35:14 -0000 Received: (qmail 17148 invoked by uid 500); 12 Jun 1997 20:33:01 -0000 Date: Thu, 12 Jun 1997 13:33:01 -0700 (PDT) From: Dean Gaudet To: djb-qmail@koobera.math.uic.edu Subject: [PATCH] allow tcp_wrappers to work with tcpserver Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: O X-Status: I liked the tcpserver solution to the DoS attacks much better. But I remembered one reason why I didn't like using tcpserver before -- because tcpcontrol doesn't provide as robust a syntax for matching addresses. For example it doesn't allow subnet syntax or dns lookups. But you can't easily use tcp_wrappers with tcpserver because tcp_wrappers takes an argument in argv[0]. What follows is a tiny patch against tcpserver (from ucspi-tcp-0.73) which allows you to use tcp_wrappers instead of tcpcontrol. The -0 flag to tcpserver makes it treat the second program argument as argv[0] instead of argv[1]. For example: tcpserver -0 -v -u 301 -g 301 0 smtp /usr/sbin/tcpd \ /var/qmail/bin/qmail-smtpd Invokes tcpd with argv[0] == "qmail-smtpd", which causes it to use qmail-smtpd when reading /etc/hosts.allow and /etc/hosts.deny. So for example in /etc/hosts.allow: qmail-smtpd: 127.0.0.1, 10.2.3.32/255.255.255.224 : setenv = RELAYCLIENT qmail-smtpd: ALL Yeah it involves a double DNS lookup ... but right now that doesn't bug me. Dean --- tcpserver.c.dist Thu Apr 10 14:14:27 1997 +++ tcpserver.c Thu Jun 12 13:19:52 1997 @@ -33,7 +33,7 @@ void usage() { out("tcpserver: usage: \ -tcpserver [ -qQvdDoOpPhHrR1 ] \ +tcpserver [ -qQvdDoOpPhHrR01 ] \ [ -bbacklog ] [ -climit ] [ -ttimeout ] [ -llocalname ] [ -ggid ] [ -uuid ] \ host port program\n"); flush(); _exit(100); } void die(s) char *s; @@ -103,6 +103,7 @@ int flagremoteinfo = 1; int flagremotehost = 1; int flagparanoid = 0; +int flag0 = 0; int flag1 = 0; unsigned long backlog = 20; unsigned long timeout = 26; @@ -134,7 +135,7 @@ struct servent *se; int j; - while ((opt = getopt(argc,argv,"dDvqQhHrR1t:u:g:l:b:c:pPoO")) != opteof) + while ((opt = getopt(argc,argv,"dDvqQhHrR01t:u:g:l:b:c:pPoO")) != opteof) switch(opt) { case 'b': scan_ulong(optarg,&backlog); break; case 'c': scan_ulong(optarg,&limit); break; @@ -154,6 +155,7 @@ case 't': scan_ulong(optarg,&timeout); break; case 'g': scan_ulong(optarg,&gid); break; case 'u': scan_ulong(optarg,&uid); break; + case '0': flag0 = 1; break; case '1': flag1 = 1; break; case 'l': forcelocal = optarg; break; default: usage(); @@ -315,7 +317,7 @@ sig_childdefault(); sig_termdefault(); sig_pipedefault(); - execvp(*argv,argv); + execvp(*argv,argv+flag0); diep("unable to execute"); } close(t);