/* $OpenLDAP$ */
/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#ifdef HAVE_TCPD
#include <tcpd.h>
+#define SLAP_STRING_UNKNOWN STRING_UNKNOWN
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
-#endif /* TCP Wrappers */
+#else /* ! TCP Wrappers */
+#define SLAP_STRING_UNKNOWN "unknown"
+#endif /* ! TCP Wrappers */
#ifdef LDAP_PF_LOCAL
#include <sys/stat.h>
}
}
-#ifdef LDAP_PF_LOCAL
-#ifdef SLAP_X_LISTENER_MOD
+#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
if ( lud->lud_exts ) {
err = get_url_perms( lud->lud_exts, &l.sl_perms, &crit );
- } else
-#endif /* SLAP_X_LISTENER_MOD */
- {
+ } else {
l.sl_perms = S_IRWXU;
}
-#endif /* LDAP_PF_LOCAL */
+#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */
ldap_free_urldesc( lud );
if ( err ) {
l.sl_name.bv_val = ber_memalloc( sizeof("IP=255.255.255.255:65535") );
snprintf( l.sl_name.bv_val, sizeof("IP=255.255.255.255:65535"),
"IP=%s:%d",
- s != NULL ? s : "unknown" , port );
+ s != NULL ? s : SLAP_STRING_UNKNOWN, port );
l.sl_name.bv_len = strlen( l.sl_name.bv_val );
} break;
long id;
slap_ssf_t ssf = 0;
char *authid = NULL;
+#ifdef SLAPD_RLOOKUPS
+ char *hebuf = NULL;
+#endif
char *dnsname = NULL;
char *peeraddr = NULL;
case AF_LOCAL:
sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path );
ssf = LDAP_PVT_SASL_LOCAL_SSF;
+ {
+ uid_t uid;
+ gid_t gid;
+
+ if( getpeereid( s, &uid, &gid ) == 0 ) {
+ authid = ch_malloc(
+ sizeof("uidNumber=4294967295+gidNumber=4294967295,"
+ "cn=peercred,cn=external,cn=auth"));
+ sprintf(authid, "uidNumber=%d+gidNumber=%d,"
+ "cn=peercred,cn=external,cn=auth",
+ uid, gid);
+ }
+ }
dnsname = "local";
break;
#endif /* LDAP_PF_LOCAL */
peeraddr = inet_ntoa( *((struct in_addr *)
&from.sa_in6_addr.sin6_addr.s6_addr[12]) );
sprintf( peername, "IP=%s:%d",
- peeraddr != NULL ? peeraddr : "unknown",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
(unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
} else {
char addr[INET6_ADDRSTRLEN];
&from.sa_in6_addr.sin6_addr,
addr, sizeof addr );
sprintf( peername, "IP=%s %d",
- peeraddr != NULL ? peeraddr : "unknown",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
(unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
}
break;
case AF_INET:
peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
sprintf( peername, "IP=%s:%d",
- peeraddr != NULL ? peeraddr : "unknown",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
(unsigned) ntohs( from.sa_in_addr.sin_port ) );
break;
) {
#ifdef SLAPD_RLOOKUPS
if ( use_reverse_lookup ) {
+ struct hostent he;
+ int herr;
+ struct hostent *hp = NULL;
# ifdef LDAP_PF_INET6
if ( from.sa_addr.sa_family == AF_INET6 )
- hp = gethostbyaddr(
+ ldap_pvt_gethostbyaddr_a(
(char *)&(from.sa_in6_addr.sin6_addr),
sizeof(from.sa_in6_addr.sin6_addr),
- AF_INET6 );
+ AF_INET6, &he, &hebuf,
+ &hp, &herr );
else
# endif /* LDAP_PF_INET6 */
- hp = gethostbyaddr(
+ ldap_pvt_gethostbyaddr_a(
(char *) &(from.sa_in_addr.sin_addr),
sizeof(from.sa_in_addr.sin_addr),
- AF_INET );
+ AF_INET, &he, &hebuf, &hp, &herr );
dnsname = hp ? ldap_pvt_str2lower( hp->h_name ) : NULL;
}
#else
#ifdef HAVE_TCPD
if ( !hosts_ctl("slapd",
- dnsname != NULL ? dnsname : STRING_UNKNOWN,
- peeraddr != NULL ? peeraddr : STRING_UNKNOWN,
- STRING_UNKNOWN ))
+ dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ SLAP_STRING_UNKNOWN ))
{
/* DENY ACCESS */
- Statslog( LDAP_DEBUG_ANY,
- "fd=%ld host access from %s (%s) denied.\n",
+ Statslog( LDAP_DEBUG_STATS,
+ "fd=%ld DENIED from %s (%s)",
(long) s,
- dnsname != NULL ? dnsname : "unknown",
- peeraddr != NULL ? peeraddr : "unknown",
+ dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
0, 0 );
slapd_close(s);
continue;
id = connection_init(s,
slap_listeners[l],
- dnsname != NULL ? dnsname : "unknown",
+ dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
peername,
#ifdef HAVE_TLS
slap_listeners[l]->sl_is_tls,
authid );
if( authid ) ch_free(authid);
+#ifdef SLAPD_RLOOKUPS
+ if( hebuf ) ldap_memfree(hebuf);
+#endif
if( id < 0 ) {
#ifdef NEW_LOGGING
}
Statslog( LDAP_DEBUG_STATS,
- "daemon: conn=%ld fd=%ld connection from %s "
- "(%s) accepted.\n",
+ "conn=%ld fd=%ld ACCEPT from %s (%s)\n",
id, (long) s,
peername,
slap_listeners[l]->sl_name.bv_val,