Module Name:src
Committed By: is
Date: Wed Nov 9 12:45:58 UTC 2011
Modified Files:
src/usr.sbin/lpr/lpd: lpd.8 lpd.c
Log Message:
If hosts.lpd contains '+', don't insist on reverse DNS == forward DNS.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/usr.sbin/lpr/lpd/lpd.8
cvs rdiff -u -r1.56 -r1.57 src/usr.sbin/lpr/lpd/lpd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/lpr/lpd/lpd.8
diff -u src/usr.sbin/lpr/lpd/lpd.8:1.33 src/usr.sbin/lpr/lpd/lpd.8:1.34
--- src/usr.sbin/lpr/lpd/lpd.8:1.33 Sun Jan 22 21:31:17 2006
+++ src/usr.sbin/lpr/lpd/lpd.8 Wed Nov 9 12:45:58 2011
@@ -1,4 +1,4 @@
-.\ $NetBSD: lpd.8,v 1.33 2006/01/22 21:31:17 wiz Exp $
+.\ $NetBSD: lpd.8,v 1.34 2011/11/09 12:45:58 is Exp $
.\
.\ Copyright (c) 1983, 1991, 1993
.\ The Regents of the University of California. All rights reserved.
@@ -176,7 +176,11 @@ Second, all requests must come from one
the file
.Pa /etc/hosts.equiv
or
-.Pa /etc/hosts.lpd .
+.Pa /etc/hosts.lpd
+unless there is a line consisting of '+', in which case any host
+will be accepted that passes the
+.Xr hosts_access 5
+test and has reverse resolving set up.
Lastly, if the
.Li rs
capability is specified in the
Index: src/usr.sbin/lpr/lpd/lpd.c
diff -u src/usr.sbin/lpr/lpd/lpd.c:1.56 src/usr.sbin/lpr/lpd/lpd.c:1.57
--- src/usr.sbin/lpr/lpd/lpd.c:1.56 Tue Aug 30 19:27:37 2011
+++ src/usr.sbin/lpr/lpd/lpd.c Wed Nov 9 12:45:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: lpd.c,v 1.56 2011/08/30 19:27:37 joerg Exp $ */
+/* $NetBSD: lpd.c,v 1.57 2011/11/09 12:45:58 is Exp $ */
/*
* Copyright (c) 1983, 1993, 1994
@@ -41,7 +41,7 @@ __COPYRIGHT(@(#) Copyright (c) 1983, 19
#if 0
static char sccsid[] = @(#)lpd.c 8.7 (Berkeley) 5/10/95;
#else
-__RCSID($NetBSD: lpd.c,v 1.56 2011/08/30 19:27:37 joerg Exp $);
+__RCSID($NetBSD: lpd.c,v 1.57 2011/11/09 12:45:58 is Exp $);
#endif
#endif /* not lint */
@@ -133,6 +133,7 @@ static void startup(void);
static void chkhost(struct sockaddr *, int);
__dead static void usage(void);
static struct pollfd *socksetup(int, int, const char *, int *);
+static void chkplushost(int, FILE *, char*);
uid_t uid, euid;
int child_count;
@@ -362,6 +363,35 @@ main(int argc, char **argv)
}
}
+/*
+ * If there was a forward/backward name resolution mismatch, check
+ * that there's a '+' entry in fhost.
+ */
+
+void
+chkplushost(int good, FILE *fhost, char *hst)
+{
+ int c1, c2, c3;
+
+ if (good) {
+ return;
+ }
+
+ rewind(fhost);
+ while (EOF != (c1 = fgetc(fhost))) {
+ if (c1 == '+') {
+ c2 = fgetc(fhost);
+ if (c2 == ' ' || c2 == '\t' || c2 == '\n') {
+return;
+ }
+ }
+ do {
+ c3 = fgetc(fhost);
+ } while (c3 != EOF c3 != '\n');
+ }
+ fatal(address for your hostname (%s) not matched, hst);
+}
+
static void
reapchild(int signo)
{
@@ -606,25 +636,23 @@ chkhost(struct sockaddr *f, int check_op
fatal(Cannot print address);
/* Check for spoof, ala rlogind */
+ good = 0;
memset(hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM; /*dummy*/
error = getaddrinfo(fromb, NULL, hints, res);
- if (error) {
- fatal(hostname for your address (%s) unknown: %s, hst,
- gai_strerror(error));
+ if (!error) {
+ for (r = res; good == 0 r; r = r-ai_next) {
+ error = getnameinfo(r-ai_addr, r-ai_addrlen,
+ip, sizeof(ip), NULL, 0, NI_NUMERICHOST);
+ if (!error !strcmp(hst, ip))
+good = 1;
+ }
+ if (res)
+ freeaddrinfo(res);
}
- good = 0;
- for (r = res; good == 0 r; r = r-ai_next) {
- error = getnameinfo(r-ai_addr, r-ai_addrlen, ip, sizeof(ip),
-NULL, 0, NI_NUMERICHOST);
- if (!error !strcmp(hst, ip))
- good = 1;
- }
- if (res)
- freeaddrinfo(res);
- if (good == 0)
- fatal(address for your hostname (%s) not matched, hst);
+
+ /* complain about !good later in chkplushost if needed. */
setproctitle(serving %s, from);
@@ -639,6 +667,7 @@ chkhost(struct sockaddr *f, int check_op
hostf = fopen(_PATH_HOSTSEQUIV, r);
if (hostf) {
if (__ivaliduser_sa(hostf, f, f-sa_len, DUMMY, DUMMY) == 0) {
+ chkplushost(good, hostf, hst);
(void)fclose(hostf);
return;
}
@@ -647,6 +676,7 @@ chkhost(struct sockaddr *f, int check_op
hostf = fopen(_PATH_HOSTSLPD, r);
if (hostf) {
if (__ivaliduser_sa(hostf, f, f-sa_len, DUMMY, DUMMY) == 0) {
+ chkplushost(good, hostf, hst);
(void)fclose(hostf);
return;
}