[syslog-ng]patch for adding tcp wrappers to syslog-ng?

Ed Ravin eravin@panix.com
Fri, 26 Oct 2001 23:56:15 -0400 (EDT)


I just patched my copy of syslog-ng-1.5.10 to use tcp wrappers - I want
to strictly control who is allowed to talk to my log server, and since
we do everything else at my shop with TCP wrappers, it seemed sensible
to add it in.  I am running NetBSD 1.5.2, which provides the tcp wrappers
code as part of the base OS.  The only other change needed was to
add "-lwrap" to the link flags.

Is there interest in this feature?  The patch below is only for incoming
TCP connections - I don't see the point of putting it in for udp, as the
packets are trivially spoofable.  I haven't had much time to review the
syslog-ng code, so I suspect this is not the best way to apply the patch:
on second thought, it seems it might belong in libol.

	-- Ed


--- afinet.c	2001/10/27 01:57:51	1.1
+++ afinet.c	2001/10/27 03:29:11
@@ -28,6 +28,13 @@
 #include "cfgfile.h"
 #include "pkt_buffer.h"
 
+#ifndef WE_DONT_WANT_TCP_WRAPPERS
+#include "tcpd.h"
+int allow_severity;
+int deny_severity;
+#endif
+
+
 #include <errno.h>
 #include <string.h>
 #include <assert.h>
@@ -210,6 +217,23 @@
 	CAST(afinet_source, self, c);
 	struct afsocket_source_connection *conn;
 	UINT32 res;
+
+
+#ifndef WE_DONT_WANT_TCP_WRAPPERS
+	{
+		struct request_info req;
+
+		request_init(&req, RQ_DAEMON, "syslog-ng", RQ_FILE, client->super.fd, 0);
+		fromhost(&req);
+		if (hosts_access(&req) == 0)
+		{
+			CAST(inet_address_info, inet_addr, client_addr);
+			notice("connection from %S:%i refused by hosts_access()\n", inet_addr->ip, inet_addr->port);
+			close_fd(&client->super, 0);
+			return ST_OK | ST_GOON;
+		}
+	}
+#endif
 
 	if (c->num_connections >= c->max_connections) {
 		CAST(inet_address_info, inet_addr, client_addr);