Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/lpr/lpd add libwrap support for lpd (you need to pa...
details: https://anonhg.NetBSD.org/src/rev/03bece55a143
branches: trunk
changeset: 535227:03bece55a143
user: itojun <itojun%NetBSD.org@localhost>
date: Mon Aug 12 18:03:41 2002 +0000
description:
add libwrap support for lpd (you need to pass all tests to print,
so you will want "+" in hosts.lpd then restrict by hosts.allow/deny).
setsockopt(SO_REUSEPORT) while i'm here.
diffstat:
usr.sbin/lpr/lpd/Makefile | 6 ++++-
usr.sbin/lpr/lpd/lpd.8 | 23 ++++++++++++++++++---
usr.sbin/lpr/lpd/lpd.c | 49 +++++++++++++++++++++++++++++++++++++++-------
3 files changed, 65 insertions(+), 13 deletions(-)
diffs (192 lines):
diff -r 791698f47bd5 -r 03bece55a143 usr.sbin/lpr/lpd/Makefile
--- a/usr.sbin/lpr/lpd/Makefile Mon Aug 12 17:41:32 2002 +0000
+++ b/usr.sbin/lpr/lpd/Makefile Mon Aug 12 18:03:41 2002 +0000
@@ -1,10 +1,14 @@
-# $NetBSD: Makefile,v 1.14 2000/06/05 17:41:19 mycroft Exp $
+# $NetBSD: Makefile,v 1.15 2002/08/12 18:03:41 itojun Exp $
# @(#)Makefile 8.1 (Berkeley) 6/6/93
PROG= lpd
MAN= lpd.8
SRCS= lpd.c printjob.c recvjob.c lpdchar.c key.c modes.c ttcompat.c rcmd.c
+CPPFLAGS+=-DLIBWRAP
+LDADD+= -lwrap
+DPADD+= ${LIBWRAP}
+
# the ugly hack is to correctly include lib/libc/include/pathnames.h,
# not usr.sbin/lpr/common_source/pathnames.h
rcmd.o: rcmd.c
diff -r 791698f47bd5 -r 03bece55a143 usr.sbin/lpr/lpd/lpd.8
--- a/usr.sbin/lpr/lpd/lpd.8 Mon Aug 12 17:41:32 2002 +0000
+++ b/usr.sbin/lpr/lpd/lpd.8 Mon Aug 12 18:03:41 2002 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: lpd.8,v 1.24 2002/07/31 01:49:48 jschauma Exp $
+.\" $NetBSD: lpd.8,v 1.25 2002/08/12 18:03:41 itojun Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -161,13 +161,21 @@
port from
.Pa /etc/services .
.Pp
-Access control is provided by two means.
-First, all requests must come from one of the machines listed in
+Access control is provided by three means.
+First,
+.Pa /etc/hosts.allow
+and
+.Pa /etc/hosts.deny
+are consulted as described in
+.Xr hosts_access 5
+with daemon name
+.Nm Ns .
+Second, all requests must come from one of the machines listed in
the file
.Pa /etc/hosts.equiv
or
.Pa /etc/hosts.lpd .
-Second, if the
+Lastly, if the
.Li rs
capability is specified in the
.Xr printcap 5
@@ -175,6 +183,7 @@
.Em lpr
requests will only be honored for those users with accounts on the
machine with the printer.
+Requests must pass all three tests.
.Pp
The file
.Em minfree
@@ -333,6 +342,10 @@
line printer devices
.It Pa /var/run/printer
socket for local requests
+.It Pa /etc/hosts.allow
+explicit remote host access list.
+.It Pa /etc/hosts.deny
+explicit remote host denial of service list.
.It Pa /etc/hosts.equiv
lists machine names allowed printer access
.It Pa /etc/hosts.lpd
@@ -346,6 +359,8 @@
.Xr setsockopt 2 ,
.Xr syslog 3 ,
.Xr hosts.equiv 5 ,
+.Xr hosts_access 5 ,
+.Xr hosts_options 5 ,
.Xr printcap 5 ,
.Xr lpc 8 ,
.Xr pac 8
diff -r 791698f47bd5 -r 03bece55a143 usr.sbin/lpr/lpd/lpd.c
--- a/usr.sbin/lpr/lpd/lpd.c Mon Aug 12 17:41:32 2002 +0000
+++ b/usr.sbin/lpr/lpd/lpd.c Mon Aug 12 18:03:41 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lpd.c,v 1.37 2002/08/11 07:04:00 grant Exp $ */
+/* $NetBSD: lpd.c,v 1.38 2002/08/12 18:03:41 itojun Exp $ */
/*
* Copyright (c) 1983, 1993, 1994
@@ -45,7 +45,7 @@
#if 0
static char sccsid[] = "@(#)lpd.c 8.7 (Berkeley) 5/10/95";
#else
-__RCSID("$NetBSD: lpd.c,v 1.37 2002/08/11 07:04:00 grant Exp $");
+__RCSID("$NetBSD: lpd.c,v 1.38 2002/08/12 18:03:41 itojun Exp $");
#endif
#endif /* not lint */
@@ -102,6 +102,10 @@
#include <ctype.h>
#include <arpa/inet.h>
+#ifdef LIBWRAP
+#include <tcpd.h>
+#endif
+
#include "lp.h"
#include "lp.local.h"
#include "pathnames.h"
@@ -111,6 +115,11 @@
extern int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
const char *, const char *);
+#ifdef LIBWRAP
+int allow_severity = LOG_AUTH|LOG_INFO;
+int deny_severity = LOG_AUTH|LOG_WARNING;
+#endif
+
int lflag; /* log requests flag */
int rflag; /* allow of for remote printers */
int sflag; /* secure (no inet) flag */
@@ -628,10 +637,13 @@
{
struct addrinfo hints, *res, *r;
FILE *hostf;
- int first = 1, good = 0;
+ int good = 0;
char host[NI_MAXHOST], ip[NI_MAXHOST];
char serv[NI_MAXSERV];
int error;
+#ifdef LIBWRAP
+ struct request_info req;
+#endif
error = getnameinfo(f, f->sa_len, NULL, 0, serv, sizeof(serv),
NI_NUMERICSERV);
@@ -684,9 +696,17 @@
freeaddrinfo(res);
if (good == 0)
fatal("address for your hostname (%s) not matched", host);
+
setproctitle("serving %s", from);
+
+#ifdef LIBWRAP
+ request_init(&req, RQ_DAEMON, "lpd", RQ_CLIENT_SIN, f, NULL);
+ fromhost(&req);
+ if (!hosts_access(&req))
+ goto denied;
+#endif
+
hostf = fopen(_PATH_HOSTSEQUIV, "r");
-again:
if (hostf) {
if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
(void)fclose(hostf);
@@ -694,11 +714,17 @@
}
(void)fclose(hostf);
}
- if (first == 1) {
- first = 0;
- hostf = fopen(_PATH_HOSTSLPD, "r");
- goto again;
+ hostf = fopen(_PATH_HOSTSLPD, "r");
+ if (hostf) {
+ if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
+ (void)fclose(hostf);
+ return;
+ }
+ (void)fclose(hostf);
}
+#ifdef LIBWRAP
+ denied:
+#endif
fatal("Your host does not have line printer access");
/*NOTREACHED*/
}
@@ -769,6 +795,13 @@
close (*s);
continue;
}
+ if (setsockopt(*s, SOL_SOCKET, SO_REUSEPORT, &on,
+ sizeof(on)) < 0) {
+ syslog(LOG_ERR,
+ "setsockopt (SO_REUSEPORT): %m");
+ close (*s);
+ continue;
+ }
if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
syslog(LOG_DEBUG, "bind(): %m");
close (*s);
Home |
Main Index |
Thread Index |
Old Index