Submitted by: Bill Fenner <fenner@parc.xerox.com>

Fix for PR #510. The original problem was that __ivaliduser() was
failing to grant access to a machine listed in a +@netgroup specified
in /etc/hosts.equiv, even though the host being checked was most
certainly in the +@netgroup.

The /etc/hosts.equiv file in question looked like this:

localhost
+@netgroup

The reason for the failure was had to do with gethostbyaddr(). Inside
the __ivaliduser() routine, we need to do a gethostbyaddr() in order
to get back the actual name of the host we're trying to validate since
we're only passed its IP address. The hostname returned by gethostbyaddr()
is later passed as an argument to innetgr(). The problem is that
__icheckhost() later does a gethostbyname() of its own, which clobbers
the buffer returned by gethostbyaddr().

The fix is just to copy the hostname into a private buffer and use
_that_ as the 'host' argument that gets passed to innetgr().

And here I was crawling all over the innetgr() code thinking the
problem was there. *sigh*
This commit is contained in:
Bill Paul 1995-08-14 23:52:49 +00:00
parent 0699090b6a
commit 97cb50947e

View File

@ -361,6 +361,7 @@ __ivaliduser(hostf, raddr, luser, ruser)
register char *user, *p;
int ch;
char buf[MAXHOSTNAMELEN + 128]; /* host + login */
char hname[MAXHOSTNAMELEN];
struct hostent *hp;
/* Presumed guilty until proven innocent. */
int userok = 0, hostok = 0;
@ -376,6 +377,7 @@ __ivaliduser(hostf, raddr, luser, ruser)
if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
AF_INET)) == NULL)
return (-1);
strcpy(hname, hp->h_name);
while (fgets(buf, sizeof(buf), hostf)) {
p = buf;
@ -414,15 +416,15 @@ __ivaliduser(hostf, raddr, luser, ruser)
break;
}
if (buf[1] == '@') /* match a host by netgroup */
hostok = innetgr((char *)&buf[2], hp->h_name,
NULL, ypdomain);
hostok = innetgr((char *)&buf[2],
(char *)&hname, NULL, ypdomain);
else /* match a host by addr */
hostok = __icheckhost(raddr,(char *)&buf[1]);
break;
case '-': /* reject '-' hosts and all their users */
if (buf[1] == '@') {
if (innetgr((char *)&buf[2],
hp->h_name, NULL, ypdomain))
(char *)&hname, NULL, ypdomain))
return(-1);
} else {
if (__icheckhost(raddr,(char *)&buf[1]))