Changeset 328

Timestamp:

Apr 6, 2011, 8:37:39 PM (14 years ago)

Author:

katerina

Message:

Fix for ticket #247: The port range for the open port check should be configurable

Location:

trunk

Files:

• docs/Changelog (modified) (3 diffs)
• src/sh_portcheck.c (modified) (7 diffs)

trunk/docs/Changelog

@@ -4 +4 @@
         * Add support for X-Forwarded-For in apache logfile parser, add
           option 'RE{regex}' to insert arbitrary regex
+        * New options PortcheckMinPort, PortcheckMaxPort for the open ports
+          check
 
 2.8.3a:
@@ -14 +16 @@
         * sh_entropy.c: move pthread usage out of child
         * sh_hash.c, sh_pthread.c, sh_pthread.h: sh_hash_hashdelete()
-          needs deadlock detection, may be called from within sh_hash_init() 
+          needs deadlock detection, may be called from within sh_hash_init()
           via atexit handler on error condition
         * sh_suidchk.c, sh_calls.c, sh_calls.h: need a nosub version of lstat()
@@ -24 +26 @@
         * fix spurious warnings about unsupported address family (reported
           by N Silverman)
-        * option to run lstat/stat in subprocess to avoid hanging on NFS mounts 
+        * option to run lstat/stat in subprocess to avoid hanging on NFS mounts
           (off by default)
         * fix Windows/Cygwin compile error (reported by A. Schmidt)

trunk/src/sh_portcheck.c

@@ -129 +129 @@
 static int sh_portchk_interval  = SH_PORTCHK_INTERVAL;
 
+static int sh_portchk_minport = -1;
+static int sh_portchk_maxport = -1;
+
 struct sh_port {
   int                  port;
@@ -195 +198 @@
 }
 
+static int sh_portchk_set_port_minmax (const char * c, int * setthis)
+{
+  int retval = 0;
+  long val;
+
+  SL_ENTER(_("sh_portchk_set_port_minmax"));
+  val = strtol (c, (char **)NULL, 10);
+  if (val < 0 || val > 65535)
+    {
+      SH_MUTEX_LOCK(mutex_thread_nolog);
+      sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS,
+                       _("port check port minmax"), c);
+      SH_MUTEX_UNLOCK(mutex_thread_nolog);
+      retval = -1;
+    }
+
+  *setthis = (int) val;
+  SL_RETURN(0, _("sh_portchk_set_port_minmax"));
+}
+
+
+static int sh_portchk_set_minport   (const char * str)
+{
+  return sh_portchk_set_port_minmax (str, &sh_portchk_minport);
+}
+
+static int sh_portchk_set_maxport   (const char * str)
+{
+  return sh_portchk_set_port_minmax (str, &sh_portchk_maxport);
+}
 
 static int sh_portchk_set_active   (const char * str)
@@ -246 +279 @@
         N_("portcheckinterval"),
         sh_portchk_set_interval,
+    },
+    {
+        N_("portcheckminport"),
+        sh_portchk_set_minport,
+    },
+    {
+        N_("portcheckmaxport"),
+        sh_portchk_set_maxport,
     },
     {
@@ -1166 +1207 @@
   sh_portchk_interval  = SH_PORTCHK_INTERVAL;
 
+  sh_portchk_minport = -1;
+  sh_portchk_maxport = -1;
+
   portlist_udp = sh_portchk_kill_list (portlist_udp);
   portlist_tcp = sh_portchk_kill_list (portlist_tcp);
@@ -1724 +1768 @@
   SH_MUTEX_LOCK(mutex_port_check);
 
-  min_port = 0;
+  min_port = (sh_portchk_minport == -1) ? 0 : sh_portchk_minport;
 
   if (sh_portchk_active != S_FALSE)
@@ -1733 +1777 @@
 
       sh_portchk_reset_lists();
-      if (0 != geteuid())
+      if ((0 != geteuid()) && (min_port < 1024))
         {
           min_port = 1024;
@@ -1749 +1793 @@
       sh_port2proc_prepare();
 
+      min_port = (sh_portchk_minport == -1) ? min_port : sh_portchk_minport;
+
       if (sh_portchk_check_udp == 1)
-        sh_portchk_scan_ports_udp(min_port, -1);
-      sh_portchk_scan_ports_tcp(min_port, -1);
+        sh_portchk_scan_ports_udp(min_port, sh_portchk_maxport);
+      sh_portchk_scan_ports_tcp(min_port, sh_portchk_maxport);