[SCM] GNU Inetutils branch, master, updated. inetutils-1_9

commit-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-318-g2e8ca

From:	Mats Erik Andersson
Subject:	[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-318-g2e8cad2
Date:	Sat, 20 Jul 2013 01:33:36 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  2e8cad2200e7d1d794a23451d902de5a11528536 (commit)
      from  939fa3b7b899e1b843dfd2301d3ce1afc9183570 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=2e8cad2200e7d1d794a23451d902de5a11528536


commit 2e8cad2200e7d1d794a23451d902de5a11528536
Author: Mats Erik Andersson <address@hidden>
Date:   Sat Jul 20 03:23:08 2013 +0200

    talkd: Small audit of ACL.

diff --git a/ChangeLog b/ChangeLog
index 35ff971..672adbe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,18 @@
+2013-07-20  Mats Erik Andersson  <address@hidden>
+
+       talkd: Small audit of ACL.
+
+       * talkd/acl.c (struct netdef): Let `ipaddr' and
+       `netmask' be of type in_addr_t for better
+       architecture independence.
+       (netdef_parse): Likewise for IPADDR, NETMASK.
+       (acl_match): Likewise for IP.  When checking
+       address matches, make a bitwise AND of
+       `net->ipaddr' with `net->netmask'.
+
+       * talkd/talkd.c (main): Call openlog() before read_acl().
+       (talkd_init): Delete call to openlog().
+
 2013-07-13  Mats Erik Andersson  <address@hidden>
 
        talkd: Less ACL-logging.
diff --git a/doc/inetutils.texi b/doc/inetutils.texi
index 2b110b8..bc20491 100644
--- a/doc/inetutils.texi
+++ b/doc/inetutils.texi
@@ -4617,6 +4617,10 @@ and is intended to be invoked by a super-server
 @command{inetd} at that datagram port.
 It is recommended that @command{inetd} launch @command{talkd}
 with ownership @samp{nobody:tty}, or with @samp{tty:tty}.
+However, this works with ACL only if @file{.talkrc} can be assumed
+to be world readable for all users.
+This failing, the process ownership will need to be @samp{root:tty}
+if the ACL-mechanism is to be usable and trustworthy.
 
 Keep in mind that this service is usable with IPv4 only,
 since the exchange protocol was conceived to handle only
diff --git a/talkd/acl.c b/talkd/acl.c
index 7b50a82..6f63c1e 100644
--- a/talkd/acl.c
+++ b/talkd/acl.c
@@ -30,8 +30,8 @@ typedef struct netdef netdef_t;
 struct netdef
 {
   netdef_t *next;
-  unsigned int ipaddr;
-  unsigned int netmask;
+  in_addr_t ipaddr;
+  in_addr_t netmask;
 };
 
 typedef struct acl acl_t;
@@ -76,7 +76,7 @@ read_address (char **line_ptr, char *ptr)
 static netdef_t *
 netdef_parse (char *str)
 {
-  unsigned int ipaddr, netmask;
+  in_addr_t ipaddr, netmask;
   netdef_t *netdef;
   char ipbuf[DOTTED_QUAD_LEN + 1];
 
@@ -384,7 +384,7 @@ int
 acl_match (CTL_MSG * msg, struct sockaddr_in *sa_in)
 {
   acl_t *acl, *mark;
-  unsigned int ip;
+  in_addr_t ip;
   int system_action = ACL_ALLOW, user_action = ACL_ALLOW;
   int found_user_acl = 0;
 
@@ -402,7 +402,14 @@ acl_match (CTL_MSG * msg, struct sockaddr_in *sa_in)
 
       for (net = acl->netlist; net; net = net->next)
        {
-         if (net->ipaddr == (ip & net->netmask))
+         /* Help the administrator and his users
+          * to simplify net list syntax:
+          *
+          *   mask the address `net->ipaddr' with
+          *   `net->netmask' for less computations
+          *   within the ACL specification.
+          */
+         if ((net->ipaddr & net->netmask) == (ip & net->netmask))
            {
              /*
               * Site-wide ACLs concern user's name on this machine,
diff --git a/talkd/talkd.c b/talkd/talkd.c
index 981ac83..908766e 100644
--- a/talkd/talkd.c
+++ b/talkd/talkd.c
@@ -117,6 +117,7 @@ main (int argc, char *argv[])
   iu_argp_init ("talkd", program_authors);
   argp_parse (&argp, argc, argv, 0, NULL, NULL);
 
+  openlog ("talkd", LOG_PID, LOG_FACILITY);
   read_acl (acl_file, 1);      /* System wide ACL.  Can abort.  */
   talkd_init ();
   talkd_run (STDIN_FILENO);
@@ -126,7 +127,6 @@ main (int argc, char *argv[])
 void
 talkd_init (void)
 {
-  openlog ("talkd", LOG_PID, LOG_FACILITY);
   hostname = localhost ();
   if (!hostname)
     {

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog          |   15 +++++++++++++++
 doc/inetutils.texi |    4 ++++
 talkd/acl.c        |   17 ++++++++++++-----
 talkd/talkd.c      |    2 +-
 4 files changed, 32 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
GNU Inetutils

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-318-g2e8cad2, Mats Erik Andersson <=

Prev by Date: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-317-g939fa3b
Previous by thread: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-317-g939fa3b
Index(es):
- Date
- Thread