From 76c6b6105c861349ba651e09118176c8aca4247d Mon Sep 17 00:00:00 2001 From: Mats O Jansson Date: Tue, 5 Aug 1997 09:26:57 +0000 Subject: When using /var/yp/securenet the local host running ypserv wasn't garanteed access to ypserv. This has been fixed by always allowing the host 127.0.0.1 access when using /var/yp/securenet. This to keep compability with SunOS. When using the ypserv.acl(5) format access must be granted to 127.0.0.1 in the file. This to make it possible to disallow access to ypserv from the host running it. This has been documented in man page and example. Thanks to for bringing this to my attention (again). -moj --- usr.sbin/ypserv/ypserv/acl.c | 11 +++++++++-- usr.sbin/ypserv/ypserv/ypserv.acl | 1 + usr.sbin/ypserv/ypserv/ypserv.acl.5 | 7 ++++++- 3 files changed, 16 insertions(+), 3 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/ypserv/ypserv/acl.c b/usr.sbin/ypserv/ypserv/acl.c index 22494083799..62292a4ad8b 100644 --- a/usr.sbin/ypserv/ypserv/acl.c +++ b/usr.sbin/ypserv/ypserv/acl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: acl.c,v 1.4 1996/06/30 19:46:04 maja Exp $ */ +/* $OpenBSD: acl.c,v 1.5 1997/08/05 09:26:55 maja Exp $ */ /* * Copyright (c) 1994 Mats O Jansson @@ -32,7 +32,7 @@ */ #ifndef LINT -static char rcsid[] = "$OpenBSD: acl.c,v 1.4 1996/06/30 19:46:04 maja Exp $"; +static char rcsid[] = "$OpenBSD: acl.c,v 1.5 1997/08/05 09:26:55 maja Exp $"; #endif #include @@ -471,6 +471,13 @@ char *file; data_file = fopen(file,"r"); }; + /* Always add a localhost allow first, to be compatable with sun */ + + addr.s_addr = htonl(0x7f000001); + mask.s_addr = htonl(0xffffffff); + allow = TRUE; + acl_add_net(allow,&addr,&mask); + while ((data_file != NULL) && (acl_read_line(data_file,data_line,sizeof(data_line)))) { diff --git a/usr.sbin/ypserv/ypserv/ypserv.acl b/usr.sbin/ypserv/ypserv/ypserv.acl index 33c68568c80..afeb86fcb1b 100644 --- a/usr.sbin/ypserv/ypserv/ypserv.acl +++ b/usr.sbin/ypserv/ypserv/ypserv.acl @@ -13,6 +13,7 @@ # To process hostname gethostbyname is called. If the hostname has multiple # ip-addresses all will be added (I hope). ip-address is processed by # inet_aton. +allow host localhost deny host jodie ############################################################################# diff --git a/usr.sbin/ypserv/ypserv/ypserv.acl.5 b/usr.sbin/ypserv/ypserv/ypserv.acl.5 index 000824a474f..4e00b7bca1b 100644 --- a/usr.sbin/ypserv/ypserv/ypserv.acl.5 +++ b/usr.sbin/ypserv/ypserv/ypserv.acl.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ypserv.acl.5,v 1.5 1996/07/04 21:17:15 deraadt Exp $ +.\" $OpenBSD: ypserv.acl.5,v 1.6 1997/08/05 09:26:56 maja Exp $ .\" Copyright (c) 1994 Mats O Jansson .\" All rights reserved. .\" @@ -72,6 +72,10 @@ If access is denied every call will cause a .Nm no such domain error for the caller. .Pp +Don't forget to allow localhost access if you want the machine running +.Nm ypserv +access it too. +.Pp There is no default name for this file. Start .Nm ypserv with a @@ -131,6 +135,7 @@ A configuration file might appear as follows: # To process hostname gethostbyname is called. If the hostname has # multiple ip-addresses all will be added (I hope). ip-address # processed by inet_aton. +allow host localhost deny host jodie ########################################################################### -- cgit v1.2.3