gregc@cgl.ucsf.edu (Greg Couch) (01/06/89)
We have had many problems with the NeWS security mechanism not accepting
connections because getsocketpeername returns the canonical name and
the names in the RemoteHostRegistry are either host aliases or in a
different case (i.e. .EDU vs. .edu).
An ideal solution, that would require changes to the NeWS server, would be
to add a canonicalizehostname function that would do a hostname lookup and
return the canonical name. Then all of the putting of hosts into the
RemoteHostRegistry would be of the form:
RemoteHostRegistery hostname canonicalizehostname true put
Unfortunatly, we don't have the NeWS source, so enclosed is a solution
for fixing problems with localhost not be in domain form, and the hostname
case problem. The former is fixed by adding localhost.domain if the
localhostname is in domain form (all of our hosts). And the latter is
fixed by converting all hostnames to lowercase. The files changed are
/usr/NeWS/lib/NeWS/{util,init}.ps and /usr/NeWS/bin/newshost.
- Greg Couch
gregc@cgl.ucsf.edu
-----
*** util.ps.orig Thu Jan 5 18:47:53 1989
--- util.ps Thu Jan 5 18:46:07 1989
***************
*** 263,268 ****
--- 263,280 ----
pop
} def
+ /UpperCaseDict 26 dict def
+ UpperCaseDict begin
+ (ABCDEFGHIJKLMNOPQRSTUVWXYZ) { dup def } forall
+ end
+ /strToLower { % string => string
+ [ exch % put string arg after [
+ {
+ dup UpperCaseDict exch known { 32 add } if
+ } forall
+ ] cvas
+ } def
+
%
% Mac-like bounding box graphics procs. Very useful for edge-critical drawing.
% The graphics prinitives are rects, ovals and round rects.
*** init.ps.orig Thu Jan 5 18:47:21 1989
--- init.ps Thu Jan 5 18:46:07 1989
***************
*** 561,568 ****
/&main {go! DebuggingServer? {executive} if} def
/RemoteHostRegistry 100 dict def % list of hosts allowed to connect to server.
! RemoteHostRegistry localhostname true put
RemoteHostRegistry /localhost true put
/NetSecurityWanted true def % false if everyone is allowed to connect
% The server; note that the dict size is client's userdict!
--- 561,576 ----
/&main {go! DebuggingServer? {executive} if} def
/RemoteHostRegistry 100 dict def % list of hosts allowed to connect to server.
! RemoteHostRegistry localhostname strToLower true put
RemoteHostRegistry /localhost true put
+ % Add localhost.domain if localhostname is domainized
+ localhostname (.) search
+ {
+ pop pop strToLower (localhost.) exch append
+ RemoteHostRegistry exch true put
+ } {
+ pop
+ } ifelse
/NetSecurityWanted true def % false if everyone is allowed to connect
% The server; note that the dict size is client's userdict!
***************
*** 574,580 ****
{ dup mark exch acceptconnection
{ 200 dict begin initmatrix newprocessgroup
exch pop exch pop dup
! getsocketpeername /OriginatingHost exch def
% See if OriginatingHost is in the Registry
RemoteHostRegistry OriginatingHost known
--- 582,588 ----
{ dup mark exch acceptconnection
{ 200 dict begin initmatrix newprocessgroup
exch pop exch pop dup
! getsocketpeername strToLower /OriginatingHost exch def
% See if OriginatingHost is in the Registry
RemoteHostRegistry OriginatingHost known
*** newshost.orig Thu Jan 5 18:47:40 1989
--- newshost Thu Jan 5 18:46:15 1989
***************
*** 47,57 ****
;;
add)
shift
! echo "{ $* } { RemoteHostRegistry exch cvlit true put } forall "|psh
;;
remove|sub)
shift
! echo "{ $* } { { RemoteHostRegistry exch undef } stopped clear } forall "|psh
;;
*)
echo "$0 manipulates the NeWS remote host access security facility."
--- 47,57 ----
;;
add)
shift
! echo "{ `echo $* | tr '[A-Z]' '[a-z]'` } { RemoteHostRegistry exch cvlit true put } forall "|psh
;;
remove|sub)
shift
! echo "{ `echo $* | tr '[A-Z]' '[a-z]'` } { { RemoteHostRegistry exch undef } stopped clear } forall "|psh
;;
*)
echo "$0 manipulates the NeWS remote host access security facility."