CVS commit: src/usr.sbin/lpr/lpd

Wed, 09 Nov 2011 04:46:10 -0800 

Module Name:    src
Committed By:   is
Date:           Wed Nov  9 12:45:58 UTC 2011

Modified Files:
        src/usr.sbin/lpr/lpd: lpd.8 lpd.c

Log Message:
If hosts.lpd contains '+', don't insist on reverse DNS == forward DNS.


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/usr.sbin/lpr/lpd/lpd.8
cvs rdiff -u -r1.56 -r1.57 src/usr.sbin/lpr/lpd/lpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/lpr/lpd/lpd.8
diff -u src/usr.sbin/lpr/lpd/lpd.8:1.33 src/usr.sbin/lpr/lpd/lpd.8:1.34
--- src/usr.sbin/lpr/lpd/lpd.8:1.33	Sun Jan 22 21:31:17 2006
+++ src/usr.sbin/lpr/lpd/lpd.8	Wed Nov  9 12:45:58 2011
@@ -1,4 +1,4 @@
-.\"	$NetBSD: lpd.8,v 1.33 2006/01/22 21:31:17 wiz Exp $
+.\"	$NetBSD: lpd.8,v 1.34 2011/11/09 12:45:58 is Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -176,7 +176,11 @@ Second, all requests must come from one 
 the file
 .Pa /etc/hosts.equiv
 or
-.Pa /etc/hosts.lpd .
+.Pa /etc/hosts.lpd 
+unless there is a line consisting of '+', in which case any host
+will be accepted that passes the 
+.Xr hosts_access 5
+test and has reverse resolving set up.
 Lastly, if the
 .Li rs
 capability is specified in the

Index: src/usr.sbin/lpr/lpd/lpd.c
diff -u src/usr.sbin/lpr/lpd/lpd.c:1.56 src/usr.sbin/lpr/lpd/lpd.c:1.57
--- src/usr.sbin/lpr/lpd/lpd.c:1.56	Tue Aug 30 19:27:37 2011
+++ src/usr.sbin/lpr/lpd/lpd.c	Wed Nov  9 12:45:58 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: lpd.c,v 1.56 2011/08/30 19:27:37 joerg Exp $	*/
+/*	$NetBSD: lpd.c,v 1.57 2011/11/09 12:45:58 is Exp $	*/
 
 /*
  * Copyright (c) 1983, 1993, 1994
@@ -41,7 +41,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 19
 #if 0
 static char sccsid[] = "@(#)lpd.c	8.7 (Berkeley) 5/10/95";
 #else
-__RCSID("$NetBSD: lpd.c,v 1.56 2011/08/30 19:27:37 joerg Exp $");
+__RCSID("$NetBSD: lpd.c,v 1.57 2011/11/09 12:45:58 is Exp $");
 #endif
 #endif /* not lint */
 
@@ -133,6 +133,7 @@ static void		startup(void);
 static void		chkhost(struct sockaddr *, int);
 __dead static void	usage(void);
 static struct pollfd	*socksetup(int, int, const char *, int *);
+static void		chkplushost(int, FILE *, char*);
 
 uid_t	uid, euid;
 int child_count;
@@ -362,6 +363,35 @@ main(int argc, char **argv)
 	}
 }
 
+/*
+ * If there was a forward/backward name resolution mismatch, check
+ * that there's a '+' entry in fhost.
+ */
+
+void
+chkplushost(int good, FILE *fhost, char *hst)
+{
+	int c1, c2, c3;
+
+	if (good) {
+		return;
+	}
+
+	rewind(fhost);
+	while (EOF != (c1 = fgetc(fhost))) {
+		if (c1 == '+') {
+			c2 = fgetc(fhost);
+			if (c2 == ' ' || c2 == '\t' || c2 == '\n') {
+				return;
+			}
+		}
+		do {
+			c3 = fgetc(fhost);
+		} while (c3 != EOF && c3 != '\n');
+	}
+	fatal("address for your hostname (%s) not matched", hst);
+}
+
 static void
 reapchild(int signo)
 {
@@ -606,25 +636,23 @@ chkhost(struct sockaddr *f, int check_op
 		fatal("Cannot print address");
 
 	/* Check for spoof, ala rlogind */
+	good = 0;
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = PF_UNSPEC;
 	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
 	error = getaddrinfo(fromb, NULL, &hints, &res);
-	if (error) {
-		fatal("hostname for your address (%s) unknown: %s", hst,
-		    gai_strerror(error));
+	if (!error) {
+		for (r = res; good == 0 && r; r = r->ai_next) {
+			error = getnameinfo(r->ai_addr, r->ai_addrlen,
+				    ip, sizeof(ip), NULL, 0, NI_NUMERICHOST);
+			if (!error && !strcmp(hst, ip))
+				good = 1;
+		}
+		if (res)
+			freeaddrinfo(res);
 	}
-	good = 0;
-	for (r = res; good == 0 && r; r = r->ai_next) {
-		error = getnameinfo(r->ai_addr, r->ai_addrlen, ip, sizeof(ip),
-				    NULL, 0, NI_NUMERICHOST);
-		if (!error && !strcmp(hst, ip))
-			good = 1;
-	}
-	if (res)
-		freeaddrinfo(res);
-	if (good == 0)
-		fatal("address for your hostname (%s) not matched", hst);
+
+	/* complain about !good later in chkplushost if needed. */
 
 	setproctitle("serving %s", from);
 
@@ -639,6 +667,7 @@ chkhost(struct sockaddr *f, int check_op
 	hostf = fopen(_PATH_HOSTSEQUIV, "r");
 	if (hostf) {
 		if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
+			chkplushost(good, hostf, hst);
 			(void)fclose(hostf);
 			return;
 		}
@@ -647,6 +676,7 @@ chkhost(struct sockaddr *f, int check_op
 	hostf = fopen(_PATH_HOSTSLPD, "r");
 	if (hostf) {
 		if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
+			chkplushost(good, hostf, hst);
 			(void)fclose(hostf);
 			return;
 		}

Reply via email to