Prevent lpd(8) from looking into hosts.equiv.

Access control is now done only using hosts.lpd.
See lpd(8) for more information about the format of this file.

"seems reasonable" tedu@
"looks good" deraadt@
ok sthen@

diff --git a/usr.sbin/lpr/common_source/pathnames.h b/usr.sbin/lpr/common_source/pathnames.h
index 303ff74..92bc6e4 100644 (file)
--- a/usr.sbin/lpr/common_source/pathnames.h
+++ b/usr.sbin/lpr/common_source/pathnames.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pathnames.h,v 1.4 2003/06/02 23:36:53 millert Exp $   */
+/*     $OpenBSD: pathnames.h,v 1.5 2014/04/20 22:35:10 ajacoutot Exp $ */
 /*     $NetBSD: pathnames.h,v 1.5 1995/11/28 19:43:27 jtc Exp $        */
 
 /*
@@ -36,7 +36,6 @@
 
 #define        _PATH_DEFDEVLP          "/dev/lp"
 #define        _PATH_DEFSPOOL          "/var/spool/output/lpd"
-#define        _PATH_HOSTSEQUIV        "/etc/hosts.equiv"
 #define        _PATH_HOSTSLPD          "/etc/hosts.lpd"
 #define        _PATH_MASTERLOCK        "/var/run/lpd.pid"
 #define        _PATH_PR                "/usr/bin/pr"

diff --git a/usr.sbin/lpr/lpd/lpd.8 b/usr.sbin/lpr/lpd/lpd.8
index df70794..bbbd800 100644 (file)
--- a/usr.sbin/lpr/lpd/lpd.8
+++ b/usr.sbin/lpr/lpd/lpd.8
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: lpd.8,v 1.25 2014/04/20 18:11:45 tedu Exp $
+.\"    $OpenBSD: lpd.8,v 1.26 2014/04/20 22:35:10 ajacoutot Exp $
 .\"    $NetBSD: lpd.8,v 1.23 2002/02/08 01:38:50 ross Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -159,9 +159,7 @@ port from
 .Pp
 Access control is provided by two means.
 First, all requests must come from one of the machines listed in the file
-.Pa /etc/hosts.lpd
-or
-.Pa /etc/hosts.equiv ,
+.Pa /etc/hosts.lpd ,
 one hostname per line.
 A plus "+" may be used as a wildcard to grant access to all hosts.
 Second, if the
@@ -337,11 +335,8 @@ minimum free space to leave
 line printer devices
 .It Pa /var/run/printer
 socket for local requests
-.It Pa /etc/hosts.equiv
-lists machine names allowed printer access
 .It Pa /etc/hosts.lpd
-lists machine names allowed printer access,
-but not under same administrative control.
+lists machine names allowed printer access
 .El
 .Sh SEE ALSO
 .Xr lpq 1 ,

diff --git a/usr.sbin/lpr/lpd/lpd.c b/usr.sbin/lpr/lpd/lpd.c
index 7984879..a3a77f2 100644 (file)
--- a/usr.sbin/lpr/lpd/lpd.c
+++ b/usr.sbin/lpr/lpd/lpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: lpd.c,v 1.52 2013/11/24 21:32:32 deraadt Exp $ */
+/*     $OpenBSD: lpd.c,v 1.53 2014/04/20 22:35:10 ajacoutot Exp $ */
 /*     $NetBSD: lpd.c,v 1.33 2002/01/21 14:42:29 wiz Exp $     */
 
 /*
@@ -666,7 +666,6 @@ chkhost(struct sockaddr *f)
 {
        struct addrinfo hints, *res, *r;
        FILE *hostf;
-       int first = 1;
        int good = 0;
        char host[NI_MAXHOST], ip[NI_MAXHOST];
        char serv[NI_MAXSERV];
@@ -719,9 +718,8 @@ chkhost(struct sockaddr *f)
                fatal("address for your hostname (%s) not matched", host);
        setproctitle("serving %s", from);
        PRIV_START;
-       hostf = fopen(_PATH_HOSTSEQUIV, "r");
+       hostf = fopen(_PATH_HOSTSLPD, "r");
        PRIV_END;
-again:
        if (hostf) {
                if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
                        (void)fclose(hostf);
@@ -729,15 +727,7 @@ again:
                }
                (void)fclose(hostf);
        }
-       if (first == 1) {
-               first = 0;
-               PRIV_START;
-               hostf = fopen(_PATH_HOSTSLPD, "r");
-               PRIV_END;
-               goto again;
-       }
        fatal("Your host does not have line printer access");
-       /*NOTREACHED*/
 }
 
 static __dead void