From owner-freebsd-arch@FreeBSD.ORG Sat Oct 1 09:35:51 2005 Return-Path: X-Original-To: arch@freebsd.org Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B92216A41F for ; Sat, 1 Oct 2005 09:35:51 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE03543D45 for ; Sat, 1 Oct 2005 09:35:50 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j919Zo6R002360 for ; Sat, 1 Oct 2005 02:35:50 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j919ZoN1002359 for arch@freebsd.org; Sat, 1 Oct 2005 02:35:50 -0700 Date: Sat, 1 Oct 2005 02:35:50 -0700 From: Brooks Davis To: arch@freebsd.org Message-ID: <20051001093550.GA32354@odin.ac.hmc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TB36FDmn/VVEgNH/" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Cc: Subject: error in trimdomain(3) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Oct 2005 09:35:51 -0000 --TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I discovered today that the trimdomain() implementation in libutil deviates slightly from the manpage. The manpage says: The function trimdomain() removes the current domain name from the pas= sed fullhost name by writing a NUL character over the first period of the ^^^^^^^^^^^^ passed name. The current domain name is determined by calling gethostname(3) and removing everything up to the first period. which clearly indicates that trimdomain() should return either the unmodified string or a host name with no domain. In reality it will remove the domain name even if the result is not a host name. This means that if the host b.com calls trimdomain with "a.b.com" as the input string, the result is "a.b". This causes rshd to fail when a.b.com attempts to connect to b.com because rshd uses realhostname_sa to check the rhosts file. To make matters worse, rlogind does not do this since it rolls it's own auth rather than using pam so "rsh b.com" (really "rlogin b.com") works fine while "rsh b.com " blows up making for all sorts of hair pulling fun (particularly since the b.com to a.b.com direction works just fine). Fixing trimdomain is in fact trivial (turn a for loop into an if statement), but I'm concerned that somewhere out there someone is relying on the prior behavior. Mostly trimdomain is used in logging functions so it doesn't seem like a big issue. Any objections to committing this change (along with a regression test)? -- Brooks http://perforce.freebsd.org/chv.cgi?CH=3D84604 Change 84604 by brooks@brooks_fellow on 2005/10/01 08:58:10 Implement the documented behavior of trim domain. The key change is that calling trimdomain with "a.b.com" on host "b.com" now leaves the input untouched instead of managling it to "a.b". =09 This fixes rsh connections from a.b.com to b.com. Because rsh uses an entierly different authentication implementation than rlogin, "rsh b.com" worked, but "rsh b.com command" did not. Affected files ... =2E. //depot/user/brooks/cleanup/lib/libutil/trimdomain.c#2 edit Differences ... =3D=3D=3D=3D //depot/user/brooks/cleanup/lib/libutil/trimdomain.c#2 (text+k= o) =3D=3D=3D=3D @@ -75,18 +75,16 @@ =20 s =3D fullhost; end =3D s + hostsize + 1; - for (; (s =3D memchr(s, '.', (size_t)(end - s))) !=3D NULL; s++) { + if ((s =3D memchr(s, '.', (size_t)(end - s))) !=3D NULL) { if (strncasecmp(s + 1, domain, dlen) =3D=3D 0) { if (s[dlen + 1] =3D=3D '\0') { /* Found -- lose the domain. */ *s =3D '\0'; - break; } else if (s[dlen + 1] =3D=3D ':' && isDISP(s + dlen + 2) && (len =3D strlen(s + dlen + 1)) < (size_t)(end - s)) { /* Found -- shuffle the DISPLAY back. */ memmove(s, s + dlen + 1, len + 1); - break; } } } --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDPlh1XY6L6fI4GtQRAvsBAKCc8tqF4GspUsdg2H09d4aBMjMTQgCgzSFD 4aB2nkz7+b0kX1bDprV2oC4= =/YZr -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/--