Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/usr.sbin/lpr/lpd Using hand patch from Havard (requeste...
details: https://anonhg.NetBSD.org/src/rev/2402c12e8ce8
branches: netbsd-1-6
changeset: 530912:2402c12e8ce8
user: jmc <jmc%NetBSD.org@localhost>
date: Tue Oct 21 03:54:37 2003 +0000
description:
Using hand patch from Havard (requested by thorpej in ticket #946)
* Use STDOUT_FILENO instead of 1.
* Pass the file descriptor to request_init() (libwrap) so that
it can actually do something useful later in fromhost().
diffstat:
usr.sbin/lpr/lpd/Makefile | 6 ++++-
usr.sbin/lpr/lpd/lpd.8 | 23 +++++++++++++++++---
usr.sbin/lpr/lpd/lpd.c | 52 ++++++++++++++++++++++++++++++++++++++--------
3 files changed, 67 insertions(+), 14 deletions(-)
diffs (202 lines):
diff -r d43363c8c6f4 -r 2402c12e8ce8 usr.sbin/lpr/lpd/Makefile
--- a/usr.sbin/lpr/lpd/Makefile Tue Oct 21 03:48:43 2003 +0000
+++ b/usr.sbin/lpr/lpd/Makefile Tue Oct 21 03:54:37 2003 +0000
@@ -1,10 +1,14 @@
-# $NetBSD: Makefile,v 1.14 2000/06/05 17:41:19 mycroft Exp $
+# $NetBSD: Makefile,v 1.14.4.1 2003/10/21 03:54:37 jmc Exp $
# @(#)Makefile 8.1 (Berkeley) 6/6/93
PROG= lpd
MAN= lpd.8
SRCS= lpd.c printjob.c recvjob.c lpdchar.c key.c modes.c ttcompat.c rcmd.c
+CPPFLAGS+=-DLIBWRAP
+LDADD+= -lwrap
+DPADD+= ${LIBWRAP}
+
# the ugly hack is to correctly include lib/libc/include/pathnames.h,
# not usr.sbin/lpr/common_source/pathnames.h
rcmd.o: rcmd.c
diff -r d43363c8c6f4 -r 2402c12e8ce8 usr.sbin/lpr/lpd/lpd.8
--- a/usr.sbin/lpr/lpd/lpd.8 Tue Oct 21 03:48:43 2003 +0000
+++ b/usr.sbin/lpr/lpd/lpd.8 Tue Oct 21 03:54:37 2003 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: lpd.8,v 1.23.2.1 2002/12/07 21:48:13 he Exp $
+.\" $NetBSD: lpd.8,v 1.23.2.2 2003/10/21 03:54:37 jmc Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -163,13 +163,21 @@
port from
.Pa /etc/services .
.Pp
-Access control is provided by two means.
-First, all requests must come from one of the machines listed in
+Access control is provided by three means.
+First,
+.Pa /etc/hosts.allow
+and
+.Pa /etc/hosts.deny
+are consulted as described in
+.Xr hosts_access 5
+with daemon name
+.Nm Ns .
+Second, all requests must come from one of the machines listed in
the file
.Pa /etc/hosts.equiv
or
.Pa /etc/hosts.lpd .
-Second, if the
+Lastly, if the
.Li rs
capability is specified in the
.Xr printcap 5
@@ -177,6 +185,7 @@
.Em lpr
requests will only be honored for those users with accounts on the
machine with the printer.
+Requests must pass all three tests.
.Pp
The file
.Em minfree
@@ -335,6 +344,10 @@
line printer devices
.It Pa /var/run/printer
socket for local requests
+.It Pa /etc/hosts.allow
+explicit remote host access list.
+.It Pa /etc/hosts.deny
+explicit remote host denial of service list.
.It Pa /etc/hosts.equiv
lists machine names allowed printer access
.It Pa /etc/hosts.lpd
@@ -348,6 +361,8 @@
.Xr setsockopt 2 ,
.Xr syslog 3 ,
.Xr hosts.equiv 5 ,
+.Xr hosts_access 5 ,
+.Xr hosts_options 5 ,
.Xr printcap 5 ,
.Xr lpc 8 ,
.Xr pac 8
diff -r d43363c8c6f4 -r 2402c12e8ce8 usr.sbin/lpr/lpd/lpd.c
--- a/usr.sbin/lpr/lpd/lpd.c Tue Oct 21 03:48:43 2003 +0000
+++ b/usr.sbin/lpr/lpd/lpd.c Tue Oct 21 03:54:37 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lpd.c,v 1.33.2.1 2002/10/02 03:35:07 lukem Exp $ */
+/* $NetBSD: lpd.c,v 1.33.2.2 2003/10/21 03:54:37 jmc Exp $ */
/*
* Copyright (c) 1983, 1993, 1994
@@ -45,7 +45,7 @@
#if 0
static char sccsid[] = "@(#)lpd.c 8.7 (Berkeley) 5/10/95";
#else
-__RCSID("$NetBSD: lpd.c,v 1.33.2.1 2002/10/02 03:35:07 lukem Exp $");
+__RCSID("$NetBSD: lpd.c,v 1.33.2.2 2003/10/21 03:54:37 jmc Exp $");
#endif
#endif /* not lint */
@@ -102,6 +102,10 @@
#include <ctype.h>
#include <arpa/inet.h>
+#ifdef LIBWRAP
+#include <tcpd.h>
+#endif
+
#include "lp.h"
#include "lp.local.h"
#include "pathnames.h"
@@ -111,6 +115,11 @@
extern int __ivaliduser_sa __P((FILE *, struct sockaddr *, socklen_t,
const char *, const char *));
+#ifdef LIBWRAP
+int allow_severity = LOG_AUTH|LOG_INFO;
+int deny_severity = LOG_AUTH|LOG_WARNING;
+#endif
+
int lflag; /* log requests flag */
int rflag; /* allow of for remote printers */
int sflag; /* secure (no inet) flag */
@@ -370,7 +379,7 @@
if (!sflag && finet)
for (i = 1; i <= *finet; i++)
(void)close(finet[i]);
- dup2(s, 1);
+ dup2(s, STDOUT_FILENO);
(void)close(s);
if (domain == AF_INET) {
/* for both AF_INET and AF_INET6 */
@@ -620,10 +629,13 @@
{
struct addrinfo hints, *res, *r;
FILE *hostf;
- int first = 1, good = 0;
+ int good = 0;
char host[NI_MAXHOST], ip[NI_MAXHOST];
char serv[NI_MAXSERV];
int error;
+#ifdef LIBWRAP
+ struct request_info req;
+#endif
error = getnameinfo(f, f->sa_len, NULL, 0, serv, sizeof(serv),
NI_NUMERICSERV);
@@ -676,9 +688,18 @@
freeaddrinfo(res);
if (good == 0)
fatal("address for your hostname (%s) not matched", host);
+
setproctitle("serving %s", from);
+
+#ifdef LIBWRAP
+ request_init(&req, RQ_DAEMON, "lpd", RQ_CLIENT_SIN, f,
+ RQ_FILE, STDOUT_FILENO, NULL);
+ fromhost(&req);
+ if (!hosts_access(&req))
+ goto denied;
+#endif
+
hostf = fopen(_PATH_HOSTSEQUIV, "r");
-again:
if (hostf) {
if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
(void)fclose(hostf);
@@ -686,11 +707,17 @@
}
(void)fclose(hostf);
}
- if (first == 1) {
- first = 0;
- hostf = fopen(_PATH_HOSTSLPD, "r");
- goto again;
+ hostf = fopen(_PATH_HOSTSLPD, "r");
+ if (hostf) {
+ if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
+ (void)fclose(hostf);
+ return;
+ }
+ (void)fclose(hostf);
}
+#ifdef LIBWRAP
+ denied:
+#endif
fatal("Your host does not have line printer access");
/*NOTREACHED*/
}
@@ -761,6 +788,13 @@
close (*s);
continue;
}
+ if (setsockopt(*s, SOL_SOCKET, SO_REUSEPORT, &on,
+ sizeof(on)) < 0) {
+ syslog(LOG_ERR,
+ "setsockopt (SO_REUSEPORT): %m");
+ close (*s);
+ continue;
+ }
if (r->ai_family == AF_INET6 && setsockopt(*s,
IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) {
syslog(LOG_ERR,
Home |
Main Index |
Thread Index |
Old Index