[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-310-g0baf4
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-310-g0baf4fe |
|
Date: |
Wed, 26 Jun 2013 20:14:32 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via 0baf4fe8dcd656eb5153f40993ee916c3aee346d (commit)
from 9d72b998f18b02381cbf6c1b2fd8b797e35ea50a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=0baf4fe8dcd656eb5153f40993ee916c3aee346d
commit 0baf4fe8dcd656eb5153f40993ee916c3aee346d
Author: Mats Erik Andersson <address@hidden>
Date: Wed Jun 26 22:15:38 2013 +0200
rlogind: Error handling.
diff --git a/ChangeLog b/ChangeLog
index 8d6af4a..bf527aa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2013-06-26 Mats Erik Andersson <address@hidden>
+
+ rlogind: Error handling.
+
+ * src/rlogind.c (rlogind_auth) <reverse_required>:
+ Call fatal() on failure to reverse resolve the address.
+ Lower syslog severity to LOG_NOTICE.
+ (rlogind_mainloop): Lower severity to LOG_ERR.
+
2013-06-24 Mats Erik Andersson <address@hidden>
telnetd: Reverse resolution of client.
diff --git a/doc/inetutils.texi b/doc/inetutils.texi
index f546cd0..4b41e19 100644
--- a/doc/inetutils.texi
+++ b/doc/inetutils.texi
@@ -4466,6 +4466,11 @@ indicating the cause of failure. All network connections
are closed
at the server side after this message. Some common messages follow:
@table @samp
address@hidden Permission denied.
+The client presented insufficient credentials,
+or the client's address is not sufficiently resolvable
+to pass the checks induced by options @option{-a} or @option{-r}.
+
@item Try again.
A fork by the server failed.
@end table
@@ -4820,6 +4825,9 @@ default settings in part only, like @samp{srv.local},
@opindex --reverse-lookup
Refuse connections from addresses that cannot be mapped back into a
symbolic name.
+A client is accepted only if the IP address can be resolved as
+a host name, and the same name is resolvable to addresses among
+which the clients's address is included.
@item -X @var{authtype}
@itemx address@hidden
diff --git a/src/rlogind.c b/src/rlogind.c
index db1ce15..409a929 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -911,10 +911,11 @@ rlogind_auth (int fd, struct auth_data *ap)
if (hp)
hostname = hp->h_name;
#endif /* !HAVE_DECL_GETNAMEINFO */
+
else if (reverse_required)
{
- syslog (LOG_CRIT, "can't resolve remote IP address");
- exit (EXIT_FAILURE);
+ syslog (LOG_NOTICE, "can't resolve remote IP address");
+ fatal (fd, "Permission denied", 0);
}
else
hostname = ap->hostaddr;
@@ -1219,7 +1220,7 @@ rlogind_mainloop (int infd, int outfd)
/* Read the null byte */
if (read (infd, &c, 1) != 1 || c != 0)
{
- syslog (LOG_CRIT, "protocol error: expected 0 byte");
+ syslog (LOG_ERR, "protocol error: expected 0 byte");
exit (EXIT_FAILURE);
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 9 +++++++++
doc/inetutils.texi | 8 ++++++++
src/rlogind.c | 7 ++++---
3 files changed, 21 insertions(+), 3 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-310-g0baf4fe,
Mats Erik Andersson <=