diff options
| author | Antoine Jacoutot <ajacoutot@cvs.openbsd.org> | 2014-04-20 22:35:11 +0000 |
|---|---|---|
| committer | Antoine Jacoutot <ajacoutot@cvs.openbsd.org> | 2014-04-20 22:35:11 +0000 |
| commit | 7ab1e70634a5a1221c1f3ea53de7e059b31f8960 (patch) | |
| tree | e9a1cae6bd3a198bd8a4fa0c51e2303babf71698 /usr.sbin/lpr/lpd | |
| parent | ff413308c99ccc274b4d6cd5c18d243d4dd60071 (diff) | |
Prevent lpd(8) from looking into hosts.equiv.
Access control is now done only using hosts.lpd.
See lpd(8) for more information about the format of this file.
"seems reasonable" tedu@
"looks good" deraadt@
ok sthen@
Diffstat (limited to 'usr.sbin/lpr/lpd')
| -rw-r--r-- | usr.sbin/lpr/lpd/lpd.8 | 11 | ||||
| -rw-r--r-- | usr.sbin/lpr/lpd/lpd.c | 14 |
2 files changed, 5 insertions, 20 deletions
diff --git a/usr.sbin/lpr/lpd/lpd.8 b/usr.sbin/lpr/lpd/lpd.8 index df7079423aa..bbbd800887e 100644 --- a/usr.sbin/lpr/lpd/lpd.8 +++ b/usr.sbin/lpr/lpd/lpd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: lpd.8,v 1.25 2014/04/20 18:11:45 tedu Exp $ +.\" $OpenBSD: lpd.8,v 1.26 2014/04/20 22:35:10 ajacoutot Exp $ .\" $NetBSD: lpd.8,v 1.23 2002/02/08 01:38:50 ross Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 @@ -159,9 +159,7 @@ port from .Pp Access control is provided by two means. First, all requests must come from one of the machines listed in the file -.Pa /etc/hosts.lpd -or -.Pa /etc/hosts.equiv , +.Pa /etc/hosts.lpd , one hostname per line. A plus "+" may be used as a wildcard to grant access to all hosts. Second, if the @@ -337,11 +335,8 @@ minimum free space to leave line printer devices .It Pa /var/run/printer socket for local requests -.It Pa /etc/hosts.equiv -lists machine names allowed printer access .It Pa /etc/hosts.lpd -lists machine names allowed printer access, -but not under same administrative control. +lists machine names allowed printer access .El .Sh SEE ALSO .Xr lpq 1 , diff --git a/usr.sbin/lpr/lpd/lpd.c b/usr.sbin/lpr/lpd/lpd.c index 79848795a47..a3a77f24ed5 100644 --- a/usr.sbin/lpr/lpd/lpd.c +++ b/usr.sbin/lpr/lpd/lpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lpd.c,v 1.52 2013/11/24 21:32:32 deraadt Exp $ */ +/* $OpenBSD: lpd.c,v 1.53 2014/04/20 22:35:10 ajacoutot Exp $ */ /* $NetBSD: lpd.c,v 1.33 2002/01/21 14:42:29 wiz Exp $ */ /* @@ -666,7 +666,6 @@ chkhost(struct sockaddr *f) { struct addrinfo hints, *res, *r; FILE *hostf; - int first = 1; int good = 0; char host[NI_MAXHOST], ip[NI_MAXHOST]; char serv[NI_MAXSERV]; @@ -719,9 +718,8 @@ chkhost(struct sockaddr *f) fatal("address for your hostname (%s) not matched", host); setproctitle("serving %s", from); PRIV_START; - hostf = fopen(_PATH_HOSTSEQUIV, "r"); + hostf = fopen(_PATH_HOSTSLPD, "r"); PRIV_END; -again: if (hostf) { if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) { (void)fclose(hostf); @@ -729,15 +727,7 @@ again: } (void)fclose(hostf); } - if (first == 1) { - first = 0; - PRIV_START; - hostf = fopen(_PATH_HOSTSLPD, "r"); - PRIV_END; - goto again; - } fatal("Your host does not have line printer access"); - /*NOTREACHED*/ } static __dead void |