Package: netkit-telnet / 0.17-41

142-numeric_hosts.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
Description: Resolve remote host as numeric host identifier.
 Implement a new switch '-N' in the server, avoiding reverse DNS
 resolution and instead registering a numeric host representation.
 The environment variable REMOTEHOST is set to this numeric address.
 .
 The change could be of benefit in PAM rules for access control as well
 as for accounting and tracing of network activity.  In addition, the use
 of '-N' mitigates cases when a hostile third party might have gained
 control of reverse DNS resolution and is trying to inject fake answers.

Author: Dean Gaudet
Bug-Debian: http://bugs.debian.org/258371
Comment: The patch was first applied to netkit-telnet-ssl.
Last-Update: 2004-12-05

--- netkit-telnet-0.17/telnetd/telnetd.c.orig
+++ netkit-telnet-0.17/telnetd/telnetd.c
@@ -86,6 +86,7 @@ int	hostinfo = 1;			/* do we print login
 
 int debug = 0;
 int keepalive = 1;
+int numeric_hosts = 0;
 #ifdef LOGIN_WRAPPER
 char *loginprg = LOGIN_WRAPPER;
 #else
@@ -220,7 +221,7 @@ main(int argc, char *argv[], char *env[]
 	pfrontp = pbackp = ptyobuf;
 	netip = netibuf;
 
-	while ((ch = getopt(argc, argv, "d:a:e:lhnr:I:D:B:sS:a:X:L:")) != EOF) {
+	while ((ch = getopt(argc, argv, "d:a:e:lhnNr:I:D:B:sS:a:X:L:")) != EOF) {
 		switch(ch) {
 
 #ifdef	AUTHENTICATE
@@ -319,6 +320,10 @@ main(int argc, char *argv[], char *env[]
 			keepalive = 0;
 			break;
 
+		case 'N':
+			numeric_hosts = 1;
+			break;
+
 #ifdef	SecurID
 		case 's':
 			/* SecurID required */
@@ -680,7 +685,8 @@ doit(struct sockaddr *who, socklen_t who
 
 	/* get name of connected client */
 	if (getnameinfo(who, who_len, remote_host_name,
-			sizeof(remote_host_name), 0, 0, 0)) {
+			sizeof(remote_host_name), 0, 0, 
+			numeric_hosts ? NI_NUMERICHOST : 0)) {
 		syslog(LOG_ERR, "doit: getnameinfo: %m");
 		*remote_host_name = 0;
         }
--- netkit-telnet-0.17/telnetd/telnetd.8.orig
+++ netkit-telnet-0.17/telnetd/telnetd.8
@@ -42,7 +42,7 @@
 protocol server
 .Sh SYNOPSIS
 .Nm /usr/sbin/in.telnetd
-.Op Fl hns
+.Op Fl hnNs
 .Op Fl a Ar authmode
 .Op Fl D Ar debugmode
 .Op Fl L Ar loginprg
@@ -176,6 +176,9 @@
 if the client is still there, so that idle connections
 from machines that have crashed or can no longer
 be reached may be cleaned up.
+.It Fl N
+Disable reverse DNS lookups and use the numeric IP address in logs
+and REMOTEHOST environment variable.
 .It Fl s
 This option is only enabled if
 .Nm telnetd