And yet another fix to this patch, fixing Value_sep to File_sep in one
place. Hopefully this will be the last post about this, as I am rewriting
this patch to put a trusted username in the R record (accounting info) in
the control file instead, and leaving the P record (username) to be
whatever the user sets and hence untrusted.
--- LPRng-3.8.21/src/common/getqueue.c.orig Wed Apr 16 01:37:42 2003
+++ LPRng-3.8.21/src/common/getqueue.c Thu Jun 19 13:23:11 2003
@@ -2104,11 +2104,53 @@
int status = 0, fd, i;
struct stat statb;
+ struct line_list l, listv;
+ char *s, *t;
+ Init_line_list(&l);
+ Init_line_list(&listv);
+
if(DEBUGL3) Dump_job( "Create_control: before fixing", job );
/* deal with authentication */
Make_identifier( job );
+
+ /*
+ * if we get a request from these hosts, change host name in control
+ * file (possibly faked if from untrusted host) to FQDN of remote host
+ */
+ if( Force_controlfile_originate_hostname_DYN ){
+ Free_line_list(&l);
+
Split(&l,Force_controlfile_originate_hostname_DYN,File_sep,0,0,0,0,0,0);
+ if( Match_ipaddr_value( &l, &RemoteHost_IP ) == 0 ){
+ DEBUG1("Create_control: remotehost '%s'", FQDNRemote_FQDN );
+ Set_str_value(&job->info,FROMHOST,FQDNRemote_FQDN);
+ fromhost = Find_str_value(&job->info,FROMHOST,Value_sep);
+ }
+ Free_line_list(&l);
+ }
+
+ /*
+ * if we get a request from these hosts, change user name in control
+ * file (possibly faked if from untrusted host) to specified
+ */
+ if( Force_controlfile_username_DYN ){
+ Free_line_list(&listv);
+ Split(&listv,Force_controlfile_username_DYN,";",0,0,0,0,0,0);
+ for(i = 0; i < listv.count; ++i ){
+ s = listv.list[i];
+ if( (t = safestrpbrk(s,Value_sep)) ) *t++ = 0;
+ Free_line_list(&l);
+ Split(&l,t,File_sep,0,0,0,0,0,0);
+ if( Match_ipaddr_value( &l, &RemoteHost_IP ) == 0 ){
+ DEBUG1("Create_control: username '%s'", s );
+ Set_str_value(&job->info,LOGNAME,s);
+ break;
+ }
+ }
+ Free_line_list(&l);
+ Free_line_list(&listv);
+ }
if( !(fromhost = Find_str_value(&job->info,FROMHOST,Value_sep)) ||
Is_clean_name(fromhost) ){
Set_str_value(&job->info,FROMHOST,FQDNRemote_FQDN);
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
