diff options
author | Lennart Poettering <lennart@poettering.net> | 2005-06-04 21:05:45 +0000 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2005-06-04 21:05:45 +0000 |
commit | eff6326436a65eef4fa195ea068575fbaf3e744d (patch) | |
tree | 26ba7fb55149302a3a32d22b5992ae19d7f36693 | |
parent | 16d4861bdd1f0251e02a7f2f1b14a85bc20a5dac (diff) |
* implement /etc/mdns.allow
* bump version number
git-svn-id: file:///home/lennart/svn/public/nss-mdns/trunk@78 0ee8848e-81ea-0310-a63a-f631d1a40d77
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | doc/README.html.in | 44 | ||||
-rw-r--r-- | src/Makefile.am | 2 | ||||
-rw-r--r-- | src/nss.c | 60 |
4 files changed, 103 insertions, 5 deletions
diff --git a/configure.ac b/configure.ac index e8cc023..b46fcbe 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ # USA. AC_PREREQ(2.57) -AC_INIT([nss-mdns],[0.4],[mzaffzqaf (at) 0pointer (dot) de]) +AC_INIT([nss-mdns],[0.5],[mzaffzqaf (at) 0pointer (dot) de]) AC_CONFIG_SRCDIR([src/query.c]) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([foreign -Wall]) diff --git a/doc/README.html.in b/doc/README.html.in index d3681fd..d4db836 100644 --- a/doc/README.html.in +++ b/doc/README.html.in @@ -42,6 +42,12 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.</p> <h2><a name="news">News</a></h2> +<div class="news-date">Sat Jun 4 2005: </div> <p class="news-text"><a +href="@PACKAGE_URL@nss-mdns-0.5.tar.gz">Version 0.5</a> +released. Changes include: only lookup hostnames ending in +<tt>.local</tt>; add support for a configuration file +(<tt>/etc/mdns.allow</tt>) to allow lookups for other names.</p> + <div class="news-date">Sun May 15 2005: </div> <p class="news-text"><a href="@PACKAGE_URL@nss-mdns-0.4.tar.gz">Version 0.4</a> released. Changes include: small portability fix for big endian @@ -145,6 +151,39 @@ sensible results.</p> <p>If you run a firewall, don't forget to allow UDP traffic to the the mDNS multicast address <tt>224.0.0.251</tt> on port 5353.</p> +<p>Starting with version 0.5, <tt>nss-mdns</tt> has a simple +configuration file <tt>/etc/mdns.allow</tt> for enabling name lookups +via mDNS in other domains than <tt>.local</tt>. The file contains +valid domain suffixes, seperated by newlines. Empty lines are ignored +as are comments starting with #. To enable mDNS lookups of all names, +regardless of the domain suffix add a line consisting of <tt>*</tt> +only (similar to <tt>nss-mdns</tt> mode of operation of versions <= 0.4):</p> + +<pre># /etc/mdns.allow +*</pre> + +<p>If the configuration file is absent or unreadable +<tt>nss-mdns</tt> behaves as if a configuration file with the following +contents is read: </p> + +<pre># /etc/mdns.allow +.local. +.local</pre> + +<p>i.e. only hostnames ending with <tt>.local</tt> are resolved via +mDNS.</p> + +<p>If the configuration file is existent but empty, mDNS name lookups +are disabled completely.</p> + +<p><tt>nss-mdns</tt> does not honour the domain search list of +<tt>/etc/resolv.conf</tt>, because I don't consider that this would be +a good idea, since every name lookup for non-existing domains would +result in a series of long timeouts of <tt>nss-mdns</tt>. If somebody +still considers this a good idea, he is free to send me a sensible +patch, which I might apply, but only if the domain search list may be +disabled.</p> + <h2><a name="requirements">Requirements</a></h2> <p>Currently, <tt>nss-mdns</tt> is tested on Linux only. A fairly @@ -156,8 +195,7 @@ kernel compiled with IPv4 multicasting support enabled.</p> "testing" from December 2004, it should work on most other Linux distributions (and maybe Unix versions) since it uses GNU autoconf and GNU libtool for source code configuration and shared library -management. <tt>nss-mdns</tt> has been tested exclusively against the -HOWL mDNS responder daemon.</p> +management.</p> <h2><a name="installation">Installation</a></h2> @@ -186,7 +224,7 @@ compilation and <tt>make install</tt> (as root) for installation of <p>If you want to be notified whenever I release a new version of this software use the subscription feature of <a href="http://freshmeat.net/projects/nss-mdns/">Freshmeat</a>.</p> <hr/> -<address class="grey">Lennart Poettering <@PACKAGE_BUGREPORT@>, May 2005</address> +<address class="grey">Lennart Poettering <@PACKAGE_BUGREPORT@>, June 2005</address> <div class="grey"><i>$Id$</i></div> </body> diff --git a/src/Makefile.am b/src/Makefile.am index 7387bf0..54c6ed6 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -19,7 +19,7 @@ rootlibexecdir=/lib -AM_CFLAGS=-D_GNU_SOURCE +AM_CFLAGS=-D_GNU_SOURCE -DMDNS_ALLOW_FILE=\"$(sysconfdir)/mdns.allow\" #-DNDEBUG=1 # This cool debug trap works on i386/gcc only @@ -30,6 +30,7 @@ #include <netdb.h> #include <sys/socket.h> #include <nss.h> +#include <stdio.h> #include "query.h" @@ -92,6 +93,58 @@ static void name_callback(const char*name, void *userdata) { u->data_len += strlen(name)+1; } +static int ends_with(const char *name, const char* suffix) { + size_t ln, ls; + assert(name); + assert(suffix); + + if ((ls = strlen(suffix)) > (ln = strlen(name))) + return 0; + + return strcasecmp(name+ln-ls, suffix) == 0; +} + +static int verify_name_allowed(const char *name) { + FILE *f; + int valid = 0; + + assert(name); + + if (!(f = fopen(MDNS_ALLOW_FILE, "r"))) + return ends_with(name, ".local") || ends_with(name, ".local."); + + while (!feof(f)) { + char ln[128], ln2[128], *t; + + if (!fgets(ln, sizeof(ln), f)) + break; + + ln[strcspn(ln, "#\t\n\r ")] = 0; + + if (ln[0] == 0) + continue; + + if (strcmp(ln, "*") == 0) { + valid = 1; + break; + } + + if (ln[0] != '.') + snprintf(t = ln2, sizeof(ln2), ".%s", ln); + else + t = ln; + + if (ends_with(name, t)) { + valid = 1; + break; + } + } + + fclose(f); + + return valid; +} + enum nss_status _nss_mdns_gethostbyname2_r( const char *name, int af, @@ -123,6 +176,13 @@ enum nss_status _nss_mdns_gethostbyname2_r( goto finish; } + if (! verify_name_allowed(name)) { + *errnop = ENOENT; + *h_errnop = HOST_NOT_FOUND; + status = NSS_STATUS_NOTFOUND; + goto finish; + } + address_length = af == AF_INET ? sizeof(ipv4_address_t) : sizeof(ipv6_address_t); if (buflen < sizeof(char*)+ /* alias names */ |