> From [EMAIL PROTECTED] Tue Mar 26 22:12:12 2002
> Date: Wed, 27 Mar 2002 16:09:01 +1100
> To: [EMAIL PROTECTED]
> Subject: LPRng: [[EMAIL PROTECTED]: Bug#140033: lprng: [PATCH] lprng
>should use the libwrap library (/etc/hosts.{allow,deny})]
> From: [EMAIL PROTECTED] (Craig Small)
>
> Hello Patrick,
> Here is a patch from the SuSE folks that allows you to use libwrap.
I hate to add one more level of complexity to this whole issue,
but WHY would you want to add tcp wrappers to the confusion?
Note 1: libwrap is not available on all systems, you would need to
add a configure entry to handle this.
Note 2: now you have to configure the TCP wrappers to handle lpd.
Note 3: you need to DOCUMENT this as well, so that unsuspecting
folks do not get blown away by the fun stuff.
Note 4: LPRng already has a mechanism (lpd.perms) to handle this...
that is documented and portable across various systems.
I thought about this for quite a while before I reluctantly concluded
that the costs (dependencies, portability, multiple layers of authentication)
outweighed the benefits of using this.
sigh...
If you want, I will put the patches into the next LPRng distribution.
>
> ----- Forwarded message from Tobias Burnus <[EMAIL PROTECTED]> -----
>
> Subject: Bug#140033: lprng: [PATCH] lprng should use the libwrap library
> (/etc/hosts.{allow,deny})
> Reply-To: Tobias Burnus <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Resent-From: Tobias Burnus <[EMAIL PROTECTED]>
> Resent-To: [EMAIL PROTECTED]
> Resent-CC: Craig Small <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Resent-Date: Tue, 26 Mar 2002 18:48:04 GMT
> Resent-Message-Id: <[EMAIL PROTECTED]>
> X-Debian-PR-Message: report 140033
> X-Debian-PR-Package: lprng
> X-Debian-PR-Keywords:
> From: Tobias Burnus <[EMAIL PROTECTED]>
> To: Debian Bug Tracking System <[EMAIL PROTECTED]>
> Resent-Sender: Debian BTS <[EMAIL PROTECTED]>
> X-Spam-Status: No, hits=1 required=5 tests=FORGED_RCVD_FOUND,BUGS_DEBIAN_O
> RG,TRACKER_ID
>
> Package: lprng
> Version: 3.8.9-1
>
> >From SuSE lprng I optained this patch which works like a charm:
>
> diff -ruN LPRng-3.8.5.orig/src/Makefile.in LPRng-3.8.5/src/Makefile.in
> --- LPRng-3.8.5.orig/src/Makefile.in Wed Jan 23 01:04:35 2002
> +++ LPRng-3.8.5/src/Makefile.in Mon Jan 28 22:58:45 2002
> @@ -253,7 +253,7 @@
> $(LINK) $(LIBLPR_OBJS) -rpath ${libdir}
>
> lpd: $(LPD_OBJS) liblpr.la
> - $(LINK) ${LPD_OBJS} liblpr.la $(LIBS)
> + $(LINK) ${LPD_OBJS} liblpr.la $(LIBS) -lwrap
> lpr: $(LPR_OBJS) liblpr.la
> $(LINK) ${LPR_OBJS} liblpr.la $(LIBS)
> lpq: $(LPQ_OBJS) liblpr.la
> diff -ruN LPRng-3.8.5.orig/src/common/lpd.c LPRng-3.8.5/src/common/lpd.c
> --- LPRng-3.8.5.orig/src/common/lpd.c Wed Jan 23 02:01:17 2002
> +++ LPRng-3.8.5/src/common/lpd.c Tue Jan 29 14:28:13 2002
> @@ -44,6 +44,10 @@
>
> #include "lpd.h"
>
> +#include <tcpd.h>
> +int allow_severity = LOG_INFO;
> +int deny_severity = LOG_WARNING;
> +
> /**** ENDINCLUDE ****/
>
> /***************************************************************************
> @@ -490,6 +494,20 @@
> err = errno;
> DEBUG1("lpd: connection fd %d", newsock );
> if( newsock > 0 ){
> +/*
> + * libwrap/tcp_wrappers:
> + * [EMAIL PROTECTED], Mon Jan 28 2002
> + */
> +
> + struct request_info wrap_req;
> +
> + request_init(&wrap_req, RQ_DAEMON, "lpd" ,
> RQ_FILE, newsock, NULL);
> + fromhost(&wrap_req);
> + openlog("lpd", LOG_PID, LOG_LPR); /* we
> syslog(3) initialized, no closelog(). */
> + if (hosts_access(&wrap_req)) {
> + /* We accept. */
> + syslog(LOG_INFO, "connection from %s",
> eval_client(&wrap_req));
> +
> pid = Start_worker( "server", &args,
> newsock );
> if( pid < 0 ){
> LOGERR(LOG_INFO) _("lpd: fork()
> failed") );
> @@ -497,6 +515,13 @@
> } else {
> DEBUG1( "lpd: listener pid %d
> running", pid );
> }
> + } else { /* we do not accept the connection:
> */
> + syslog(LOG_WARNING, "connection refused
> from %s", eval_client(&wrap_req));
> + }
> +/*
> + * end libwrap
> + */
> +
> close( newsock );
> Free_line_list(&args);
> } else {
>
>
> -- System Information
> Debian Release: 3.0
> Architecture: i386
> Kernel: Linux fantasio 2.4.16 #1 Fri Dec 14 14:22:43 CET 2001 i686
> Locale: LANG=C, LC_CTYPE=C
>
> Versions of packages lprng depends on:
> ii debconf 1.0.26 Debian configuration management sy
> ii libc6 2.2.5-3 GNU C Library: Shared libraries an
>
>
> ----- End forwarded message -----
>
> --
> Craig Small VK2XLZ GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5
> Eye-Net Consulting http://www.eye-net.com.au/ <[EMAIL PROTECTED]>
> MIEEE <[EMAIL PROTECTED]> Debian developer <[EMAIL PROTECTED]>
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
