Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
correct the error-checking that was there. With the old code, an error
return from getpwuid(daemon_user) could turn the lpd process into a very
effective fork-bomb...
Reviewed by: freebsd-audit freebsd-print (a little...)
MFC after: 6 days
than the long-standing -w option in NetBSD, so change it before anyone in
FreeBSD gets used to it. For now, -w is still accepted, but prints out
some warnings via syslog.
MFC after: 1 week
receives them from other hosts. This is meant to protect from both
nefarious users (which maybe broke into some remote host that we accept
print jobs from), and broken implementations of lpr on other platforms.
This is done by changing recvjob.c to call the new ctl_renametf()
routine in the new common_source/ctlinfo.[ch] files. This will not
affect jobs coming via lpr on the local machine.
Reviewed by: freebsd-print@bostonradio.org & freebsd-audit
MFC after: 16 days
often by just telling gcc that some internal routine is "__printflike"
(work done by Kris Kennaway <kris@FreeBSD.org>). Also fix the new warnings
which show up once gcc starts checking the "printf-like parameters" passed
to those routines.
MFC after: 1 week
This fixes a problem with using print filters (if=, of=, etc) that showed
up in -current around June 20th. That problem initially reported by
Georg-W Koltermann <gwk@sgi.com>, while most of the investigation that
led to this fix was done by Anton Berezin <tobez@FreeBSD.org>.
Reviewed by: freebsd-print@bostonradio.org
MFC after: 1 week
one to see what files would be removed *if* an 'lpc clean' is done. 'tclean'
will remove no files, and is therefore not a privileged command. Also, both
'lpc clean' and 'lpc tclean' will now look for 'core' files in spool directories
(but not remove them). They also print out an extra line of info when a
datafile to be removed is a symlink (from 'lpr -s'), saying what file it is
a symlink to.
The 'lpc clean' commands also now print out a summary line saying how many
queues were checked, how many files were removed (or "would be" removed, for
tclean), and how much disk space is involved. For the benefit of those who
have many print queues, 'lpc clean all' will only print out the names of print
queues where some "interesting" files were found, instead of printing out a
header-line for every queue in your printcap file.
Reviewed by: freebsd-print@bostonradio.orgfreebsd-audit@FreeBSD.org
MFC after: 2 weeks
while -w allows connection from non-reserved ports. Also improves the
helpfulness of various connection-error messages.
The changes for IPv6 added back in the reserved-port check which was mistakenly
dropped from lpd in 1997 (copying a change from openbsd). It is best to have
that check in place, but the check breaks lpr's from some implementations of
lpr/lpd for Windows. The -w option is for those admins who need to accept
jobs from non-reserved ports, the -c option is for admins who would like a
print-server machine to log all failed connection-attempts to syslog.
Reviewed by: freebsd-audit@FreeBSD.orgfreebsd-print@bostonradio.org
MFC after: 2 weeks
more sensible/understandable. 'from'->'from_host' 'host'->'local_host'
'fromb'->'frombuf' 'fromhost'->'origin_host' and a local-variable
named 'host'->'hostbuf'. This fixes some compile-time warnings about
local variables shadowing global variables.
Other than renaming variables, the only actual code changes are to call
strlcpy() instead of strncpy() when setting those (renamed) variables,
and that 'from_ip' is now a strdup()-created buffer instead of being a
static buffer compiled in as 1025 bytes.
Reviewed by: freebsd-print@bostonradio.org (an earlier version)
MFC after: 1 week
warnings which come up for various routines that have a parameter which
is also called 'name'.
Reviewed by: freebsd-print@bostonradio.org
MFC after: 1 week
with BDECFLAGS on, mainly by adding 'const' to parameters in a number
of routine declarations. While I'm at it, ANSI-fy all of the routine
declarations. The resulting object code is exactly the same after
this update as before it, with the exception of one unavoidable
change to lpd.o on freebsd/alpha.
Also added $FreeBSD$ line to lpc/extern.h lpc/lpc.h lptest/lptest.c
Reviewed by: /sbin/md5, and no feedback from freebsd-audit
to be the same as -ragged in the current implementation) to
-ragged. With mdocNG, -filled displays produce the correct
output, formatted and justified to both margins.
done, so the correct directory is being checked. The mkstemp() call
is meant to create a temp file for stderrs when running filters. This
update also fixes log-file processing for remote (rm=) queues which
specify an input filter (if=). Before, filter-errs were thrown away.
Now they'll be copied to the queue's logfile (lf=).
Reviewed by: (a little) audit@FreeBSD.ORG & freebsd-print@bostonradio.org
try to move the file from the source to the destination (spool) directory.
If that succeeds, much time and disk-space will be saved by doing that
instead of copying the entire file only to remove the original. This
could be a big win on machines doing samba-service or CAP-based printing.
Note that this is about the fourth or fifth iteration of the patch, after
trying to address all possible security implications of the change.
PR: 16124
Reviewed by: freebsd-current or freebsd-hackers (some time ago)
in lpd. Stat.recv is useful on a printserver, as something of a network
performance-monitoring tool. Stat.send is a minimal accounting record of
sorts for jobs going to tcp/ip based printers.
Reviewed by: freebsd-print@bostonradio.org
which have long names. Instead of just listing '...', try to list some
reasonable subset of the name (with a "..." to indicate something missing).
Reviewed by: freebsd-print@bostonradio.org (only a little review)
that is not true. Instead of looping NGROUPS times, get the return value
from getgroups() and loop over the return that many times.
Noticed by: David A. Holland <dholland@eecs.harvard.edu>
These are not used anymore and are outdated and only cause
confusion (I just committed a fix to one of these files within
the last hour, thinking it was still valid).
that was lost during the lite-2 merge. From the original commit message:
Initialize the group list so that any filter programs that are
run by lpd are not run with root's groups.
was having its last element zero'd. It turns out not to be a security
hole or to have any real effect on the code because 'from' was previously
pointing to a buffer of the same size as 'fromb', and the last
element in fromb is already 0 anyway due to the use of sizeof(fromb)-1
in the strncpy() call. But I'm not pressing my luck so only the type-o
is being fixed.
with remote hosts feeding it, so that some hosts have their header
pages supressed and some don't. This is because lpd doesn't know
how to rewrite a print job before forwarding it to a remote lpd.
In particular this causes problems with p rinters that contain
their own lpd, eg. HP jet direct cards, because they can't suppress
headers. It's not possible to have headers supressed by putting
'sh' in any printcap in the lpd chain, it is up to the originating
lpr to have a '-h' option specified at run time.
Lpr has been modified to allow _it_ to honour the 'sh' flag in the
local print cap. This allows the administrator to switch off
headers for a particular printer (on a particular host) irrespective
of whether that printer is local to the machine or remote.
This doesn't break anything, because in the case of a remote printer
the 'sh' flag would have had no meaning, in the case of the local
printer it would have been on anyway.
Submitted by: Scott James Remnant <scott@pavilion.net>
Remove src/contrib/bind/bin/nslookup/commands.c as it is generated by lex
from commands.l.
Submitted by: lpc/cdcontrol patches originally by msmith.
Reviewed by: msmith (in theory)
track.
The Id line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;
.\" $Id$
.\"
If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.
Approved by: bde
However, it doesn't check if the remote printer name it
is sending it to is the same as the local printer name,
and so chokes 'cos "laser" is not a real printer.
PR: 7081
Submitted by: David Malone <dwmalone@maths.tcd.ie>
arguments to be numbers. Also use '0' base to allow hex, octal or
decimal numbers.
This was done by me based on ideas in pr 3556, submitted by Uwe
Laubenstein and commented upon by j@uriah.heep.sax.de (J Wunsch).
PR: 3556
libraries so that `ld -f' in can create correct dependencies for
yet-to-be-built libraries.
Get the default BINDIR correctly (by including ../Makefile.inc recursively.
Override the default it it is wrong.
Don't override defaults when the defaults are correct.
GCC suppresses the warning for ``standard'' header files, but since the
headers do not come from the ``standard'' place in a ``make world'', GCC
doesn't get it.
- Get rid of a lot of the static variables which were shared by
many routines and programs in the suite.
- Create an abstract interface to the printcap database, so that
other retrieval and iteration mechanisms could be developed
(e.g., YP, Hesiod, or automatic retrieval from a trusted server).
- Give each capability a human-readable name in addition to the historic
two-character one.
- Otherwise generally clean up a lot of dark corners. Many still remain.
- When submitting jobs, use the official login name record (from getlogin())
if there is one, rather than reverse-mapping the uid.
More to come...
Properlay clean the global RM variable if cgetstr() failed for it.
Otherwise, a connection attempt to a remote machine was made (and a
bogus result code printed) if a local printer followed a remote one in
printcap, and you did a `lpq -a', since checkremote() falsely assumed
the printer to be a remote one.
While i was at it, removed a gratuituous newline printed in front of
the remote machine's name, thus making the output more consistent (and
better machine-parseable) now.
connection timeout controllable by a new printcap(5) capability named
`ct' (connectiom timeout), defaulting to 120 seconds (which is the
default TCP connection timeout).
Would anybody see a problem with merging all this into RELENG_2_2?
with libc's version.
lpd: use getopt(3), err(3), add usage(), allow specification of a port #
on the command line as the documentation suggested for more than 10 years.
PR: docs/3290
diffes with NetBSD/OpenBSD. These changes seem to predate the NetBSD/OpenBSD
split, so it is hard to give proper credit for them.
Obtained from: OpenBSD.
overflow patches that were "near" to where these operations are taking
place. The buffer overflows are from OpenBSD. The setuid/seteuid patches
are from NetBSD by way of OpenBSD (they changed them a little), at least from
my read of the tree.
This is the first of a series of OpenBSD lpr/et al merges. It (and them)
should be merged back into 2.2 and/or 2.1 (if requested) branches when they
have been shaken out in -current.
Obtained from: OpenBSD
the hostname into. In theory the bind library should do this, but
in practice the limites between system defines and bind defines make
an attack using this vector possible. These patches have been in
use on my systems for three months now, so I am fairly confident about
them. I plan on commiting this to 2.2 and 2.1 in the near future,
as well as many other patches of this nature.
Rev 1.4 deraadt: (partial from full commit, other files not done yet)
proactive bounds checking; help from millert
Rev 1.5 millert:
Possible buf oflow.
Plus minor style nits to keep the style police happy (I hope)
Obtained from: OpenBSD
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
From NetBSD via OpenBSD to fix NetBSD PR #506
More descriptive message for printer status
(OpenBSD: 1.2)
Various warnings cleaned up (OpenBSD: 1.4)
lpc/lpc.c:
Various warnings cleaned up (OpenBSD: 1.3)
lpd/lpd.c:
Remove trailing blank lines (OpenBSD: 1.2)
Potential umask problem with creating /dev/printer
(OpenBSD: 1.4 and 1.5)
Ftp bounce attack (untested on FreeBSD)
(OpenBSD: 1.6, 1.8, 1.9)
Fencepost in strncpy
(OpenBSD: 1.6)
lpd/printjob.c:
Fix from freebsd for waiting for an exiting filter, that
appears not in the FreeBSD CVS tree.
(OpenBSD: 1.6)
lpd/recvjob.c:
Buffer overflow protection: use strncpy rather than strcpy.
(OpenBSD: 1.3)
lpr/lpr.c:
NetBSD change of return type for main()
(OpenBSD: 1.2)
Restrict time running as root
(OpenBSD: 1.7)
Use getcwd rather than getwd (from NetBSD)
Use snprintf rather than sprintf
(OpenBSD: 1.8)
Minor tweak to end of loop and buffer overflow sanity. card()
overflow already in FreeBSD
(OpenBSD: 1.9)
lptest/lptest.c:
void -> int return type of main, from NetBSD via OpenBSD
(OpenBSD: 1.2)
pac/pac.c:
void -> int return type of main, from NetBSD via OpenBSD
(OpenBSD: 1.3)
Obtained from: OpenBSD
buffer which could be made to lead to a root shell. This patch is
OpenBSD's solution to the problem, and will silently truncate the
output rather than overflow the buffer.
Obtained from: OpenBSD
having a hosts.lpd(5) manpage and some references to it from
within lpd(8) might help here. Close PR docs/1277
Submitted by: andreas@knobel.gun.de (Andreas Klemm)
orthogonal with the rest of the system (you can now use either -PPS or
-P PS), and makes the parser more intelligible. The only drawback is
that the old semantics for the -i flag in case a non-numeric argument
is following are no longer fully supported (only if -i is the very
last arg at all), since getopt(3) doesn't support the discticnction
between numeric and non-numeric arguments.
Make lpr also understand dashes as input pseudo filenames. This
finally makes lp(1) fully comply with Posix.2.
The removed files are no longer needed, they are actually labelled as
``Use only if you are not 4.4BSD''. (Yeah, the ol' crufty printcap.c
is really gone!)
Properly declare all external objects in files ending in .h, as
opposed to embed them into files ending in .c.
surprising how many trivial errors there have been... :-)
Some more cleanup is needed, but i'd like to separate the Lite2 changes
from other work, that's why this goes into a different commit.
People with serial printers should see whether i have broken the stty-
style printcap options (i hope not).
Inspired by: Sergey Shkonda <serg@bcs1.bcs.zaporizhzhe.ua>
man pages up to mdoc guidelines and fix some minor formatting glitches.
Also fixed a number of man pages to not abuse the .Xr macro to
display functions and path names and a lot of other junk.
printjob.c: Use termios instead of sgtty structs and ioctls; remove
support for fs/fc/xs/xc capabilities, and replace them with the ms
capability (stty-like words, instead of octal bit patterns).
modes.c: Modified from stty's file, parses comma-seperated list of
tty modes (e.g., "cs8,-paren,-opost").
Reviewed by: rgrimes, joerg
interface set at 57600 baud, and I found out the hard way that lpd doesn't
know about speeds greater than 38400, even though <sys/ttydev.h> also
permits 57600 and 115200 baud. Fix this by adding B57600 and B115200 to the
'bauds' table. (The Apple printer worked properly once I did this, BTW. :)
is writeable (by the real uid). if it is, lpr assumes that the file
can be unlinked. lpr does not check for directories with S_ISVTX set
Reviewed by: dima
>Number: 368
>Category: bin
>Synopsis: Lpd doesn't log errors after failed exec
>Description:
If an exec done by lpd fails, nothing is sent to the system log
indicating what went wrong. This is because lpd closes all of
the file descriptors before doing the exec, thus closing the syslog
file descriptor in the process.
[Fix applied]
Submitted by: pritc003@maroon.tc.umn.edu
This command is required to exist in terms of compatibility with the
Posix 1003.2 specification. It actually invokes the lpr service with
the proper options.
