X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fldapd%2Fmain.c;h=1be869fbc66c91fa2591fb366754fb8b2c2b0f69;hb=d2ef362f99f3fe5d5d2bb56ce2b4a96a08dbb41d;hp=5626a34c4fd2bc97435d864e05e86a974719f31c;hpb=42e0d83cb3a1a1c5b25183f1ab74ce7edbe25de7;p=openldap

diff --git a/servers/ldapd/main.c b/servers/ldapd/main.c
index 5626a34c4f..1be869fbc6 100644
--- a/servers/ldapd/main.c
+++ b/servers/ldapd/main.c
@@ -42,6 +42,13 @@
 #include <unistd.h>
 #endif /* USE_SYSCONF */
 
+#ifdef TCP_WRAPPERS
+#include <tcpd.h>
+
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_NOTICE;
+#endif /* TCP_WRAPPERS */
+
 void log_and_exit();
 static set_socket();
 static do_queries();
@@ -234,6 +241,12 @@ char	**argv;
 	dtblsize = getdtablesize();
 #endif /* USE_SYSCONF */
 
+#ifdef FD_SETSIZE
+	if( dtblsize > FD_SETSIZE ) {
+		dtblsize = FD_SETSIZE;
+	}
+#endif /* FD_SETSIZE */
+
 #ifndef NOSETPROCTITLE
 	/* for setproctitle */
 	Argv = argv;
@@ -393,10 +406,31 @@ char	**argv;
 
 		hp = gethostbyaddr( (char *) &(from.sin_addr.s_addr),
 		    sizeof(from.sin_addr.s_addr), AF_INET );
+
+#ifdef TCP_WRAPPERS
+		if ( !hosts_ctl("ldapd", (hp == NULL) ? "unknown" : hp->h_name,
+			inet_ntoa( from.sin_addr ), STRING_UNKNOWN ) {
+
+			Debug( LDAP_DEBUG_ARGS, "connection from %s (%s) denied.\n",
+		   		(hp == NULL) ? "unknown" : hp->h_name,
+		   		inet_ntoa( from.sin_addr ), 0 );
+
+			if ( dosyslog ) {
+				syslog( LOG_NOTICE, "connection from %s (%s) denied.",
+				    (hp == NULL) ? "unknown" : hp->h_name,
+				    inet_ntoa( from.sin_addr ) );
+			}
+
+			close(ns);
+			continue;
+		}
+#endif /* TCP_WRAPPERS */
+
 		Debug( LDAP_DEBUG_ARGS, "connection from %s (%s)\n",
 		    (hp == NULL) ? "unknown" : hp->h_name,
 		    inet_ntoa( from.sin_addr ), 0 );
 
+
 		if ( dosyslog ) {
 			syslog( LOG_INFO, "connection from %s (%s)",
 			    (hp == NULL) ? "unknown" : hp->h_name,