From eff6326436a65eef4fa195ea068575fbaf3e744d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sat, 4 Jun 2005 21:05:45 +0000 Subject: * implement /etc/mdns.allow * bump version number git-svn-id: file:///home/lennart/svn/public/nss-mdns/trunk@78 0ee8848e-81ea-0310-a63a-f631d1a40d77 --- configure.ac | 2 +- doc/README.html.in | 44 ++++++++++++++++++++++++++++++++++++--- src/Makefile.am | 2 +- src/nss.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 103 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index e8cc023..b46fcbe 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ # USA. AC_PREREQ(2.57) -AC_INIT([nss-mdns],[0.4],[mzaffzqaf (at) 0pointer (dot) de]) +AC_INIT([nss-mdns],[0.5],[mzaffzqaf (at) 0pointer (dot) de]) AC_CONFIG_SRCDIR([src/query.c]) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([foreign -Wall]) diff --git a/doc/README.html.in b/doc/README.html.in index d3681fd..d4db836 100644 --- a/doc/README.html.in +++ b/doc/README.html.in @@ -42,6 +42,12 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

News

+
Sat Jun 4 2005:

Version 0.5 +released. Changes include: only lookup hostnames ending in +.local; add support for a configuration file +(/etc/mdns.allow) to allow lookups for other names.

+
Sun May 15 2005:

Version 0.4 released. Changes include: small portability fix for big endian @@ -145,6 +151,39 @@ sensible results.

If you run a firewall, don't forget to allow UDP traffic to the the mDNS multicast address 224.0.0.251 on port 5353.

+

Starting with version 0.5, nss-mdns has a simple +configuration file /etc/mdns.allow for enabling name lookups +via mDNS in other domains than .local. The file contains +valid domain suffixes, seperated by newlines. Empty lines are ignored +as are comments starting with #. To enable mDNS lookups of all names, +regardless of the domain suffix add a line consisting of * +only (similar to nss-mdns mode of operation of versions <= 0.4):

+ +
# /etc/mdns.allow
+*
+ +

If the configuration file is absent or unreadable +nss-mdns behaves as if a configuration file with the following +contents is read:

+ +
# /etc/mdns.allow
+.local.
+.local
+ +

i.e. only hostnames ending with .local are resolved via +mDNS.

+ +

If the configuration file is existent but empty, mDNS name lookups +are disabled completely.

+ +

nss-mdns does not honour the domain search list of +/etc/resolv.conf, because I don't consider that this would be +a good idea, since every name lookup for non-existing domains would +result in a series of long timeouts of nss-mdns. If somebody +still considers this a good idea, he is free to send me a sensible +patch, which I might apply, but only if the domain search list may be +disabled.

+

Requirements

Currently, nss-mdns is tested on Linux only. A fairly @@ -156,8 +195,7 @@ kernel compiled with IPv4 multicasting support enabled.

"testing" from December 2004, it should work on most other Linux distributions (and maybe Unix versions) since it uses GNU autoconf and GNU libtool for source code configuration and shared library -management. nss-mdns has been tested exclusively against the -HOWL mDNS responder daemon.

+management.

Installation

@@ -186,7 +224,7 @@ compilation and make install (as root) for installation of

If you want to be notified whenever I release a new version of this software use the subscription feature of Freshmeat.

-
Lennart Poettering <@PACKAGE_BUGREPORT@>, May 2005
+
Lennart Poettering <@PACKAGE_BUGREPORT@>, June 2005
$Id$
diff --git a/src/Makefile.am b/src/Makefile.am index 7387bf0..54c6ed6 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -19,7 +19,7 @@ rootlibexecdir=/lib -AM_CFLAGS=-D_GNU_SOURCE +AM_CFLAGS=-D_GNU_SOURCE -DMDNS_ALLOW_FILE=\"$(sysconfdir)/mdns.allow\" #-DNDEBUG=1 # This cool debug trap works on i386/gcc only diff --git a/src/nss.c b/src/nss.c index b89637f..7802b09 100644 --- a/src/nss.c +++ b/src/nss.c @@ -30,6 +30,7 @@ #include #include #include +#include #include "query.h" @@ -92,6 +93,58 @@ static void name_callback(const char*name, void *userdata) { u->data_len += strlen(name)+1; } +static int ends_with(const char *name, const char* suffix) { + size_t ln, ls; + assert(name); + assert(suffix); + + if ((ls = strlen(suffix)) > (ln = strlen(name))) + return 0; + + return strcasecmp(name+ln-ls, suffix) == 0; +} + +static int verify_name_allowed(const char *name) { + FILE *f; + int valid = 0; + + assert(name); + + if (!(f = fopen(MDNS_ALLOW_FILE, "r"))) + return ends_with(name, ".local") || ends_with(name, ".local."); + + while (!feof(f)) { + char ln[128], ln2[128], *t; + + if (!fgets(ln, sizeof(ln), f)) + break; + + ln[strcspn(ln, "#\t\n\r ")] = 0; + + if (ln[0] == 0) + continue; + + if (strcmp(ln, "*") == 0) { + valid = 1; + break; + } + + if (ln[0] != '.') + snprintf(t = ln2, sizeof(ln2), ".%s", ln); + else + t = ln; + + if (ends_with(name, t)) { + valid = 1; + break; + } + } + + fclose(f); + + return valid; +} + enum nss_status _nss_mdns_gethostbyname2_r( const char *name, int af, @@ -123,6 +176,13 @@ enum nss_status _nss_mdns_gethostbyname2_r( goto finish; } + if (! verify_name_allowed(name)) { + *errnop = ENOENT; + *h_errnop = HOST_NOT_FOUND; + status = NSS_STATUS_NOTFOUND; + goto finish; + } + address_length = af == AF_INET ? sizeof(ipv4_address_t) : sizeof(ipv6_address_t); if (buflen < sizeof(char*)+ /* alias names */ -- cgit