List,
The following patch set implements new features so that you can configure
LPRng to trust certain network address (like those originating on a low
port on your network) and write the user names given in the control from
these as the accounting user field (R) in the control file. You can also
specify a list of untrusted address and what accounting user they will be
given, and also a default user (default "_untrusted") for those address
not caught by the trusted and untrusted rules. The accounting user is
passed via the -R flag to all filter and other scripts called from LPRng.
This patch also includes my old feature of rewriting the control file host
name field (H) with the real remote fully qualified domain name (host
name). To rewrite all H fields with real remote host use:
force_controlfile_originate_hostname=0.0.0.0/0.0.0.0
To turn on the first feature, put in lpd.conf/printcap:
force_controlfile_accountingname=1
To specify which addresses you trust user names from:
force_controlfile_accountingname_trusted=10.0.0.0/255.255.255.0
To specify which you don't trust and what to use as their accounting name
force_controlfile_accountingname_untrusted=_unauthenticated=192.168.0.0/255.255.0.0,10.0.1.0/255.255.255.0;_public=10.0.2.42
To override default user, set the following variable to something:
force_controlfile_accountingname_default
All code released under the GPL just like LPRng. Enjoy and report bugs you
find to me. I hope this release will be bug free, but it is first release
so you never know as usual. It has been tested on my production system, so
I should notice pretty quickly if something goes bezerk.
Regards, Henrik
--- LPRng-3.8.21/src/include/getqueue.h.orig Wed Apr 16 01:37:43 2003
+++ LPRng-3.8.21/src/include/getqueue.h Thu Jun 19 12:48:01 2003
@@ -15,6 +15,7 @@
EXTERN char *CTRL_A_str DEFINE( = "\001" );
/* SSL */
+EXTERN const char * ACCNTNAME DEFINE( = "R" );
EXTERN const char * ACTION DEFINE( = "action" );
EXTERN const char * ACTIVE_TIME DEFINE( = "active_time" );
EXTERN const char * ADDR DEFINE( = "addr" );
--- LPRng-3.8.21/src/common/vars.c.orig Wed Apr 16 01:37:42 2003
+++ LPRng-3.8.21/src/common/vars.c Thu Jun 19 20:37:39 2003
@@ -230,6 +230,16 @@
{ "filter_stderr_to_status_file", 0, FLAG_K, &Filter_stderr_to_status_file_DYN,0,0,0},
/* print a form feed when device is opened */
{ "fo", 0, FLAG_K, &FF_on_open_DYN,0,0,0},
+ /* force control file setting of user name as accounting name */
+{ "force_controlfile_accountingname", 0, FLAG_K,
&Force_controlfile_accountingname_DYN,0,0,0},
+ /* use specified user name as accounting name for host names not explicity
specified under trusted or untrusted */
+{ "force_controlfile_accountingname_default", 0, STRING_K,
&Force_controlfile_accountingname_default_DYN,0,0,"=_untrusted"},
+ /* trust user names as accounting names from specified host names */
+{ "force_controlfile_accountingname_trusted", 0, STRING_K,
&Force_controlfile_accountingname_trusted_DYN,0,0,0},
+ /* use specified user names as accounting names for specified host names */
+{ "force_controlfile_accountingname_untrusted", 0, STRING_K,
&Force_controlfile_accountingname_untrusted_DYN,0,0,0},
+ /* force control file originate host name for specified host names */
+{ "force_controlfile_originate_hostname", 0, STRING_K,
&Force_controlfile_originate_hostname_DYN,0,0,0},
/* force FQDN HOST value in control file */
{ "force_fqdn_hostname", 0, FLAG_K, &Force_FQDN_hostname_DYN,0,0,0},
/* force IPADDR of Originating host for host value in control file */
--- LPRng-3.8.21/src/include/lp.h.orig Wed Apr 16 01:37:43 2003
+++ LPRng-3.8.21/src/include/lp.h Thu Jun 19 20:37:18 2003
@@ -303,6 +303,11 @@
EXTERN char* Filter_path_DYN;
EXTERN int Fake_large_file_DYN; /* fake large file size if you cannot use 0 */
EXTERN int Filter_poll_interval_DYN; /* intervals at which to check filter */
+EXTERN int Force_controlfile_accountingname_DYN; /* force control file setting
of user name as accounting name */
+EXTERN char* Force_controlfile_accountingname_default_DYN; /* use specified user
name as accounting name for host names not explicity specified under trusted or
untrusted */
+EXTERN char* Force_controlfile_accountingname_trusted_DYN; /* trust user names as
accounting names from specified host names */
+EXTERN char* Force_controlfile_accountingname_untrusted_DYN; /* use specified user
names as accounting names for specified host names */
+EXTERN char* Force_controlfile_originate_hostname_DYN; /* force control file
originate host name for specified host names */
EXTERN int Force_FQDN_hostname_DYN; /* force FQDN Host name in control file */
EXTERN int Force_IPADDR_hostname_DYN; /* force IPADDR for Host name in control file */
EXTERN int Force_localhost_DYN; /* force localhost for client job transfer */
--- LPRng-3.8.21/src/common/getqueue.c.orig Wed Apr 16 01:37:42 2003
+++ LPRng-3.8.21/src/common/getqueue.c Thu Jun 19 20:41:36 2003
@@ -2104,11 +2104,74 @@
int status = 0, fd, i;
struct stat statb;
+ struct line_list l, listv;
+ Init_line_list(&l);
+ Init_line_list(&listv);
+
if(DEBUGL3) Dump_job( "Create_control: before fixing", job );
/* deal with authentication */
Make_identifier( job );
+
+ /*
+ * if enabled; change accounting name in control file to either user
+ * name (if coming from trusted host name), accounting name specified
+ * for specific host names, or default accounting name
+ */
+ if( Force_controlfile_accountingname_DYN ){
+ char *logname = Find_str_value(&job->info,LOGNAME,Value_sep);
+ char *accountingname = 0;
+ if( logname && Force_controlfile_accountingname_trusted_DYN ){
+ Free_line_list(&l);
+
Split(&l,Force_controlfile_accountingname_trusted_DYN,File_sep,0,0,0,0,0,0);
+ if( Match_ipaddr_value( &l, &RemoteHost_IP ) == 0 ){
+ Set_str_value(&job->info,ACCNTNAME,logname);
+ accountingname =
Find_str_value(&job->info,ACCNTNAME,Value_sep);
+ }
+ Free_line_list(&l);
+ }
+ if( !accountingname && Force_controlfile_accountingname_untrusted_DYN
){
+ char *s, *t;
+ Free_line_list(&listv);
+
Split(&listv,Force_controlfile_accountingname_untrusted_DYN,";",0,0,0,0,0,0);
+ for(i = 0; i < listv.count; ++i ){
+ s = listv.list[i];
+ if( (t = safestrpbrk(s,Value_sep)) ) *t++ = 0;
+ Free_line_list(&l);
+ Split(&l,t,File_sep,0,0,0,0,0,0);
+ if( Match_ipaddr_value( &l, &RemoteHost_IP ) == 0 ){
+ Set_str_value(&job->info,ACCNTNAME,s);
+ accountingname =
Find_str_value(&job->info,ACCNTNAME,Value_sep);
+ break;
+ }
+ }
+ Free_line_list(&l);
+ Free_line_list(&listv);
+ }
+ if( !accountingname && Force_controlfile_accountingname_default_DYN ){
+
Set_str_value(&job->info,ACCNTNAME,Force_controlfile_accountingname_default_DYN );
+ accountingname =
Find_str_value(&job->info,ACCNTNAME,Value_sep);
+ }
+ if( accountingname ){
+ DEBUG1("Create_control: accountingname '%s'", accountingname );
+ }
+ }
+
+ /*
+ * if we get a request from these hosts, change host name in control
+ * file (possibly faked if from untrusted host) to FQDN of remote host
+ */
+ if( Force_controlfile_originate_hostname_DYN ){
+ Free_line_list(&l);
+
Split(&l,Force_controlfile_originate_hostname_DYN,File_sep,0,0,0,0,0,0);
+ if( Match_ipaddr_value( &l, &RemoteHost_IP ) == 0 ){
+ DEBUG1("Create_control: remotehost '%s'", FQDNRemote_FQDN );
+ Set_str_value(&job->info,FROMHOST,FQDNRemote_FQDN);
+ fromhost = Find_str_value(&job->info,FROMHOST,Value_sep);
+ }
+ Free_line_list(&l);
+ }
if( !(fromhost = Find_str_value(&job->info,FROMHOST,Value_sep)) ||
Is_clean_name(fromhost) ){
Set_str_value(&job->info,FROMHOST,FQDNRemote_FQDN);
