--- ltspinfod.c.orig 2004-07-08 06:08:56.000000000 +0100 +++ ltspinfod.c 2005-11-14 13:07:50.000000000 +0000 @@ -1,8 +1,8 @@ /* ** ltspinfod ** -** Linux Terminal Server Printer Daemon -** Version 0.1 +** Linux Terminal Server Information Daemon +** Version 0.2 ** James McQuillan (jam@ltsp.org), October 2003 ** Placed under GPL. ** @@ -38,18 +38,24 @@ #define LOGOPTS (LOG_PERROR|LOG_PID|LOG_DAEMON|LOG_ERR) -static char version[] = "ltspinfod Version 0.1"; +static char version[] = "ltspinfod Version 0.2"; static int nPort = 9200; +static char *sCmdServer = NULL; +static int fCmdSysOnly = FALSE; static int fDebug = FALSE; static int fAllowShutdown = FALSE; static int fAllowProcRead = FALSE; static int fNoDaemon = FALSE; +int NotFromCmdServer = FALSE; +char *src_addr; + char delims[] = " \t\n"; // SPACE, TAB, NEWLINE void DecodeCommandLine(int, char **); int split( char *, char **); +int IsFromCmdServer( char * ); void process_getcfg( char **, int, int ); void process_getproc( char **, int, int ); void process_shutdown( ); @@ -98,11 +104,36 @@ else if( strcasecmp(args[0], "getproc" ) == 0 && fAllowProcRead ){ process_getproc( args+1, argc-1, fd ); } - else if( strcasecmp(args[0], "shutdown" ) == 0 && fAllowShutdown ){ - process_shutdown( ); - } - else if( strcasecmp(args[0], "reboot" ) == 0 && fAllowShutdown ){ - process_reboot( ); + else { + int shutdown = FALSE; + int reboot = FALSE; + + if( strcasecmp(args[0], "shutdown" ) == 0 ){ + shutdown = TRUE; + } + else if( strcasecmp(args[0], "reboot" ) == 0 ){ + reboot = TRUE; + } + + if( shutdown || reboot ) { + if( !fAllowShutdown || NotFromCmdServer ){ + syslog(LOGOPTS, "%s command denied from %s\n", + args[0], src_addr); + + if(fDebug){ + fprintf(stderr, "%s command denied from %s\n", + args[0], src_addr); + } + + write(fd,"Access denied\n",14); + } + else if( shutdown ){ + process_shutdown( ); + } + else if( reboot ){ + process_reboot( ); + } + } } } } @@ -306,6 +337,35 @@ //----------------------------------------------------------------------------- +int IsFromCmdServer( char *ipaddr ) +{ + unsigned char buffer[1024]; + char *args[MAXARGS]; + int argc, s = 0; + + if(fDebug) + fprintf(stderr,"Inside of IsFromCmdServer()\n"); + + if ( sCmdServer == NULL ) + return TRUE; + + strncpy(buffer, sCmdServer, sizeof(buffer)-1); + + argc = split( buffer, args ); + + for (s = 0; s < argc; ++s) { + if(fDebug) + fprintf(stderr,"Testing server %s against %s\n", args[s], ipaddr); + + if ( strcmp(args[s], ipaddr) == 0 ) + return TRUE; + } + + return FALSE; +} + +//----------------------------------------------------------------------------- + void server() { struct rlimit resourcelimit; @@ -313,6 +373,8 @@ struct sockaddr_in netaddr, client; int netfd, fd, clientlen, one = 1; + + char denied[8]; if(fDebug){ fprintf(stderr,"Inside of server()\n"); @@ -414,22 +476,42 @@ } while(( fd = accept( netfd, (struct sockaddr *)&client, &clientlen ) ) >= 0){ + denied[0] = '\0'; + NotFromCmdServer = FALSE; + + src_addr = inet_ntoa(client.sin_addr); - syslog(LOGOPTS, "Connection from %s port %hd\n", - inet_ntoa(client.sin_addr), - ntohs(client.sin_port)); + if ( sCmdServer != NULL && !IsFromCmdServer(src_addr) ) { + if (fCmdSysOnly) { + NotFromCmdServer = TRUE; + + if(fDebug) + fprintf(stderr,"Command not from cmd server: only system cmds being checked\n"); + } + else { + strcpy(denied, "denied "); + } + } + + syslog(LOGOPTS, "Connection %sfrom %s port %hd\n", + denied, src_addr, ntohs(client.sin_port)); if(fDebug){ - fprintf(stderr, "Connection from %s port %hd\n", - inet_ntoa(client.sin_addr), - ntohs(client.sin_port)); + fprintf(stderr, "Connection %sfrom %s port %hd\n", + denied, src_addr, ntohs(client.sin_port)); } - command_loop( fd ); + if (strlen(denied) == 0) { + command_loop( fd ); - if( fDebug ){ - fprintf(stderr,"Command processing complete, going back to loop\n"); + if( fDebug ){ + fprintf(stderr,"Command processing complete, going back to loop\n"); + } + } + else { + write(fd,"Access denied\n",14); } + (void)close(fd); } @@ -455,9 +537,11 @@ void usage() { - fprintf(stderr,"\nUsage: ltspinfod [{-p|--port} ] default=9200\n"); - fprintf(stderr," [{-x|--debug}] Turn on debugging\n"); - fprintf(stderr," [{-v|--version}] Display version\n"); + fprintf(stderr,"\nUsage: ltspinfod [{-p|--port} ] (default=9200)\n"); + fprintf(stderr," [{-f|--cmd_server} ] Allow cmds only from IP addr\n"); + fprintf(stderr," [{-F|--cmd_sys_only}] Restrict only shutdown/reboot cmds\n"); + fprintf(stderr," [{-x|--debug}] Turn on debugging\n"); + fprintf(stderr," [{-v|--version}] Display version\n"); exit(1); } @@ -470,6 +554,8 @@ struct poptOption optionsTable[] = { { "port", 'p', POPT_ARG_INT, &nPort, 0, NULL, NULL }, + { "cmd_server", 'f', POPT_ARG_STRING, &sCmdServer, 0, NULL, NULL }, + { "cmd_sys_only", 'F', 0, 0, 'F', NULL, NULL }, { "help", 'h', 0, 0, 'h', NULL, NULL }, { "debug", 'x', 0, 0, 'x', NULL, NULL }, { "nodaemon", 'n', 0, 0, 'n', NULL, NULL }, @@ -496,6 +582,8 @@ break; case 'n': fNoDaemon = TRUE; break; + case 'F': fCmdSysOnly = TRUE; + break; case 'v': fprintf(stderr,"%s\n",version); exit(1); }