[sane-devel] saned.conf hostname format

Henning Meier-Geinitz henning@meier-geinitz.de
Fri, 21 Sep 2001 21:46:31 +0200 

Hi,

On Fri, Sep 21, 2001 at 03:51:10PM +0200, Sebastien Sable wrote:
> Maybe saned compares the string `incubus.snv.jussieu.fr` with
> `incubus` and decides that the host is not allowed.
> 
> [taking a quick look at saned source code....]
> found saned.c and function check_host
> 
> it checks hosts.equiv (I have no such file) and saned.conf for
> authorized hostnames = rhost
> 
> then compares with the hostname of the client = he->h_name
> 
> if (strcasecmp (rhost, he->h_name) == 0 || strcmp (rhost, "+") == 0)
>     access_ok = 1;
> 
> So I suppose that is the problem if he->h_name is
> incubus.snv.jussieu.fr and rhost is incubus.
> 
> Maybe when you tested on your side the client was in hosts.equiv or
> the gethostbyaddr reports something different?

My hosts.equiv is empty. I have added some output to saned.c:

      while (!access_ok && sanei_config_read (rhost, sizeof (rhost), fp))
	{
	  if (rhost[0] == '#')	/* ignore line comments */
	    continue;
	  len = strlen (rhost);
	  if (rhost[len - 1] == '\n')
	    rhost[--len] = '\0';

	  if (!len)
	    continue;		/* ignore empty lines */

	  DBG (1, "checking for: %s\n", rhost);
	  
	  if (strcasecmp (rhost, he->h_name) == 0 || strcmp (rhost, "+") == 0)
	    access_ok = 1;
	  DBG (1, "peer name: %s\n", he->h_name);
	  for (i = 0; he->h_aliases[i]; ++i)
	    {
	      DBG (1, "peer name alias: %s\n", he->h_aliases[i]);

	      if (strcasecmp (rhost, he->h_aliases[i]) == 0)
		{
		  access_ok = 1;
		  break;
		}
	    }
	}

When saned.conf has only entries that are commented out it looks like
this:

Sep 21 21:31:45 hmg1 saned[20533]: my name: hmg1 
Sep 21 21:31:45 hmg1 saned[20533]: access by root@vortex rejected 
Sep 21 21:31:45 hmg1 saned[20533]: exiting 

With "vortex.swb.de" in saned.conf:

Sep 21 21:36:59 hmg1 saned[20543]: my name: hmg1 
Sep 21 21:36:59 hmg1 saned[20543]: checking for: vortex.swb.de 
Sep 21 21:36:59 hmg1 saned[20543]: peer name: vortex 
Sep 21 21:36:59 hmg1 saned[20543]: peer name alias: vortex.swb.de 
Sep 21 21:36:59 hmg1 saned[20543]: access by root@vortex accepted 

With "vortex" in saned.conf:

Sep 21 21:38:20 hmg1 saned[20554]: my name: hmg1 
Sep 21 21:38:20 hmg1 saned[20554]: checking for: vortex 
Sep 21 21:38:20 hmg1 saned[20554]: peer name: vortex 
Sep 21 21:38:20 hmg1 saned[20554]: peer name alias: vortex.swb.de 
Sep 21 21:38:20 hmg1 saned[20554]: access by root@vortex accepted 

So it finds the name for both cases, name and alias.

> I could modify saned.c to log the different values if it is needed.

Yes, try the code above (there is one more line for "my name" but that
one doesn't matter.

The difference seems to be that for me the peer name is sent without
the domain. 

Bye,
  Henning