"Burton M. Strauss III" <[EMAIL PROTECTED]> writes:
> Looking in the code I find - that while there is a
> ./configure --enable-tcpwrap option, there doesn't seem to be any code to
> support it.
>
> The comments in ./configure are this:
>
> if test ".$ac_enable_tcpwrap" = ".yes"; then
> AC_MSG_WARN([TCP Wrap support enabled, if available, via command line
> option!])
> AC_CHECK_LIB(wrap, request_init, MORELIBS="$MORELIBS -lwrap" &&
> AC_DEFINE(HAVE_LIBWRAP))
> fi
>
> I assume that libwrap.a basically replaces certain c library functions with
> ones that respect the restrictions in hosts.allow and hosts.deny. I don't
> know this for sure, but that's my guess.
>
> Certainly there isn't anything in main.c's usage() function, nor the getopts
> stuff... I think the comment is bogus - if you add the library, you get tcp
> wrapper protection...
>
The relevant part is in webInterface.c
...
#ifdef HAVE_LIBWRAP
{
struct request_info req;
request_init(&req, RQ_DAEMON, DAEMONNAME, RQ_FILE, newSock, NULL);
fromhost(&req);
if (!hosts_access(&req)) {
closelog(); /* just in case */
openlog(DAEMONNAME,LOG_PID,SYSLOG_FACILITY);
syslog(deny_severity, "refused connect from %s", eval_client(&req));
}
else
handleHTTPrequest(from.sin_addr);
}
#else
handleHTTPrequest(from.sin_addr);
#endif /* HAVE_LIBWRAP */
--
Anthony David
Gambling(n): A discretionary tax on those asleep during high school maths
http://adavid.com.au/
0xA72CE1ED fingerprint = EA1E C69E FE59 BBE1 AA4B F354 BD09 9765 A72C E1ED
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
