[rrd-developers] [PATCH] Add support for rrdcache to use host_access authentication.

ShaunR mailinglists at unix-scripts.com
Fri Oct 29 03:05:57 CEST 2010

 From what I read rrdcache has no support for client authentication.  I 
have written this patch which adds hosts_access (man 3 host_access) 
based authentication.

My C skills are alittle rusty, not like they were all that good to begin 
with.  Tobias Oetiker, please look over this code to ensure it's safe. 
It's pretty basic but I want to be sure.  Also I added #ifdef TCPWRAP 
#endif /* TCPWRAP */ lines around my code so that configure could have 
an --enable-tcpwrap option.  I am unfamiliar with configure.ac so I'm 
going to leave that up to you guys to add (sorry I would if I could). 
Another thing is -lwrap needs to be used when compiling.  Also just a 
side note, i think host_access may only be a linux thing, BSD might have 
support for it, but not sure about OS flavors.

Instructions on how to use this patch (until configure.ac options are 
1. patch -p1 < /path/to/this/path
2. ./configure <your options>
3. Add '#define TCPWRAP 1' to the top of the config.h
4. make LDFLAGS="-lwrap" && make install

Shaun Reitan
Chief Technical Officer
Network Data Center Host Inc

diff -dNuar rrdtool-1.4.99910102900.orig/src/rrd_daemon.c 
--- rrdtool-1.4.99910102900.orig/src/rrd_daemon.c       2010-10-22 
14:02:20.000000000 -0700
+++ rrdtool-1.4.99910102900/src/rrd_daemon.c    2010-10-28 
17:47:01.000000000 -0700
@@ -109,6 +109,10 @@
  #include <libgen.h>
  #include <grp.h>

+#ifdef TCPWRAP
+#include <tcpd.h>
+#endif /* TCPWRAP */
  #include <glib-2.0/glib.h>
  /* }}} */

@@ -2635,6 +2639,17 @@
      return NULL;

+#ifdef TCPWRAP
+  struct request_info req;
+  request_init(&req, RQ_DAEMON, "rrdcache\0", RQ_FILE, fd, NULL );
+  fromhost(&req);
+  if(!hosts_access(&req)) {
+    RRDD_LOG(LOG_INFO, "refused connection from %s", eval_client(&req));
+    close_connection(sock);
+    return NULL;
+  }
+#endif /* TCPWRAP */
    pthread_mutex_lock (&connection_threads_lock);
    pthread_mutex_unlock (&connection_threads_lock);

More information about the rrd-developers mailing list