Submitted by: Bill Fenner <fenner@parc.xerox.com>
Fix for PR #510. The original problem was that __ivaliduser() was failing to grant access to a machine listed in a +@netgroup specified in /etc/hosts.equiv, even though the host being checked was most certainly in the +@netgroup. The /etc/hosts.equiv file in question looked like this: localhost +@netgroup The reason for the failure was had to do with gethostbyaddr(). Inside the __ivaliduser() routine, we need to do a gethostbyaddr() in order to get back the actual name of the host we're trying to validate since we're only passed its IP address. The hostname returned by gethostbyaddr() is later passed as an argument to innetgr(). The problem is that __icheckhost() later does a gethostbyname() of its own, which clobbers the buffer returned by gethostbyaddr(). The fix is just to copy the hostname into a private buffer and use _that_ as the 'host' argument that gets passed to innetgr(). And here I was crawling all over the innetgr() code thinking the problem was there. *sigh*
This commit is contained in:
parent
0699090b6a
commit
97cb50947e
@ -361,6 +361,7 @@ __ivaliduser(hostf, raddr, luser, ruser)
|
||||
register char *user, *p;
|
||||
int ch;
|
||||
char buf[MAXHOSTNAMELEN + 128]; /* host + login */
|
||||
char hname[MAXHOSTNAMELEN];
|
||||
struct hostent *hp;
|
||||
/* Presumed guilty until proven innocent. */
|
||||
int userok = 0, hostok = 0;
|
||||
@ -376,6 +377,7 @@ __ivaliduser(hostf, raddr, luser, ruser)
|
||||
if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
|
||||
AF_INET)) == NULL)
|
||||
return (-1);
|
||||
strcpy(hname, hp->h_name);
|
||||
|
||||
while (fgets(buf, sizeof(buf), hostf)) {
|
||||
p = buf;
|
||||
@ -414,15 +416,15 @@ __ivaliduser(hostf, raddr, luser, ruser)
|
||||
break;
|
||||
}
|
||||
if (buf[1] == '@') /* match a host by netgroup */
|
||||
hostok = innetgr((char *)&buf[2], hp->h_name,
|
||||
NULL, ypdomain);
|
||||
hostok = innetgr((char *)&buf[2],
|
||||
(char *)&hname, NULL, ypdomain);
|
||||
else /* match a host by addr */
|
||||
hostok = __icheckhost(raddr,(char *)&buf[1]);
|
||||
break;
|
||||
case '-': /* reject '-' hosts and all their users */
|
||||
if (buf[1] == '@') {
|
||||
if (innetgr((char *)&buf[2],
|
||||
hp->h_name, NULL, ypdomain))
|
||||
(char *)&hname, NULL, ypdomain))
|
||||
return(-1);
|
||||
} else {
|
||||
if (__icheckhost(raddr,(char *)&buf[1]))
|
||||
|
Loading…
Reference in New Issue
Block a user