[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-311-g50ef032

[Mats Erik Andersson]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  50ef032a587b6ba374d48e7b8c8a29795e29c5d4 (commit)
      from  0baf4fe8dcd656eb5153f40993ee916c3aee346d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=50ef032a587b6ba374d48e7b8c8a29795e29c5d4


commit 50ef032a587b6ba374d48e7b8c8a29795e29c5d4
Author: Mats Erik Andersson <address@hidden>
Date:   Thu Jun 27 11:04:11 2013 +0200

    rshd: Require host name.

diff --git a/ChangeLog b/ChangeLog
index bf527aa..a1d3e00 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2013-06-27  Mats Erik Andersson  <address@hidden>
+
+       rshd: Require host name.
+
+       * src/rshd.c (reverse_required): New variable.
+       (options): New option `-r/--reverse-required'.
+       (parse_opt) <'r'>: New case.
+       (doit) <reverse_required>: New exit path for
+       clients whose IP addresses have no host name.
+
 2013-06-26  Mats Erik Andersson  <address@hidden>
 
        rlogind: Error handling.
diff --git a/NEWS b/NEWS
index f491a94..bd5ff7b 100644
--- a/NEWS
+++ b/NEWS
@@ -115,7 +115,8 @@ mode.  New switches `-4/--ipv4', `-6/--ipv6', and
 
 Now has support for IPv6, PAM, and Shishi, with PAM services
 `rsh' and `krsh'.  New switches `-k/--kerberos',
-`-S/--server-principal', `-v/--vacuous', and `-x/--encrypt'.
+`-r/--reverse-required', `-S/--server-principal',
+`-v/--vacuous', and `-x/--encrypt'.
 
 * talkd
 
diff --git a/doc/inetutils.texi b/doc/inetutils.texi
index 4b41e19..0d2de39 100644
--- a/doc/inetutils.texi
+++ b/doc/inetutils.texi
@@ -4188,11 +4188,12 @@ Fail any call asking for non-Kerberos authentication.
 @c @opindex --port
 @c Listen on given port (valid only in daemon mode).
 
address@hidden @item -r
address@hidden @itemx --reverse-required
address@hidden @opindex -r
address@hidden @opindex --reverse-required
address@hidden Required  Require reverse resolving of a remote host IP.
address@hidden -r
address@hidden --reverse-required
address@hidden -r
address@hidden --reverse-required
+Demand that the client's IP address be resolvable
+as a host name.
 @end table
 
 Should @command{rshd} have been built with PAM support,
@@ -4228,7 +4229,8 @@ No password file entry for the user name existed.
 The chdir command to the home directory failed.
 
 @item Permission denied
-The authentication procedure described above failed.
+The authentication procedure described above failed,
+or address resolution was insufficient.
 
 @item Can't make pipe.
 The pipe needed for the stderr, wasn't created.
diff --git a/src/rshd.c b/src/rshd.c
index 3cf6f22..4751b1f 100644
--- a/src/rshd.c
+++ b/src/rshd.c
@@ -185,6 +185,7 @@
 int keepalive = 1;             /* flag for SO_KEEPALIVE scoket option */
 int check_all;
 int log_success;               /* If TRUE, log all successful accesses */
+int reverse_required = 0;      /* Demand IP to host name resolution.  */
 int sent_null;
 
 void doit (int, struct sockaddr *, socklen_t);
@@ -225,6 +226,8 @@ char *servername = NULL;
 
 static struct argp_option options[] = {
 #define GRP 10
+  { "reverse-required", 'r', NULL, 0,
+    "require reverse resolving of remote host IP", GRP },
   { "verify-hostname", 'a', NULL, 0,
     "ask hostname for verification", GRP },
 #ifdef HAVE___CHECK_RHOSTS_FILE
@@ -285,6 +288,10 @@ parse_opt (int key, char *arg, struct argp_state *state 
_GL_UNUSED_PARAMETER)
       keepalive = 0;   /* don't enable SO_KEEPALIVE */
       break;
 
+    case 'r':
+      reverse_required = 1;
+      break;
+
 #if defined KERBEROS || defined SHISHI
     case 'k':
       use_kerberos = 1;
@@ -826,6 +833,14 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t 
fromlen)
          }
     }
 #endif /* !HAVE_DECL_GETNAMEINFO */
+
+  else if (reverse_required)
+    {
+      syslog (LOG_NOTICE,
+             "Could not resolve remote %s.", addrstr);
+      rshd_error ("Permission denied.\n");
+      exit (EXIT_FAILURE);
+    }
   else
     errorhost = hostname = addrstr;
 
@@ -846,7 +861,7 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
                           (struct sockaddr *) &local_addr, &rc) < 0)
            {
              syslog (LOG_ERR, "getsockname: %m");
-             rshd_error ("rlogind: getsockname: %s", strerror (errno));
+             rshd_error ("rshd: getsockname: %s", strerror (errno));
              exit (EXIT_FAILURE);
            }
          authopts = KOPT_DO_MUTUAL;
@@ -936,7 +951,7 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
                           (struct sockaddr *) &local_addr, &rc) < 0)
            {
              syslog (LOG_ERR, "getsockname: %m");
-             rshd_error ("rlogind: getsockname: %s", strerror (errno));
+             rshd_error ("rshd: getsockname: %s", strerror (errno));
              exit (EXIT_FAILURE);
            }
          authopts = KOPT_DO_MUTUAL;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog          |   10 ++++++++++
 NEWS               |    3 ++-
 doc/inetutils.texi |   14 ++++++++------
 src/rshd.c         |   19 +++++++++++++++++--
 4 files changed, 37 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
GNU Inetutils