[Bug libc/11070] New: Glibc netdb.h does not provide prototype for 'iruserok'

[Bug libc/11070] New: Glibc netdb.h does not provide prototype for 'iruserok'

[simon at josefsson dot org]

The function 'iruserok' is exported by libc.so, but there is no prototype for it
in any header file and the manual is silent on it.  Options to improving this
situation:

1) Provide a prototype in netdb.h for the function.

2) Suggest in the manual that people shouldn't use 'iruserok'.

I note that netdb.h already has a prototype for 'ruserok'.

Other options?

The background here is that GNU InetUtils is using the 'iruserok' function in
rshd and rlogind, and provides its own internal prototype because it is missing
in glibc.  This breaks building on BSD systems which uses another prototype. 
For more background, see http://thread.gmane.org/gmane.comp.lib.gnulib.bugs/19842

-- 
           Summary: Glibc netdb.h does not provide prototype for 'iruserok'
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: simon at josefsson dot org
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=11070

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/11070] Glibc netdb.h does not provide prototype for 'iruserok'

[bruno at clisp dot org]

------- Additional Comments From bruno at clisp dot org  2009-12-09 12:12 -------
Note that the Linux manual page 
<http://www.kernel.org/doc/man-pages/online/pages/man3/rcmd.3.html>
documents this function, with a first argument of type 'uint32_t'.
This matches the declaration of the function on NetBSD and OpenBSD.
Whereas on FreeBSD 6.0 and MacOS X, the first argument is of type 'unsigned 
long'.


-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=11070

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/11070] Glibc netdb.h does not provide prototype for 'iruserok'

[simon at josefsson dot org]

------- Additional Comments From simon at josefsson dot org  2009-12-09 17:16 -------
Here is a patch if you want to consider option 1.

Thanks,
/Simon

2009-12-09  Simon Josefsson  <simon@josefsson.org>

	* resolv/netdb.h [__USE_BSD]: Add prototype for iruserok.

>From a1340a98a1e161fb9b0cdbeb91670cc738ee9952 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Wed, 9 Dec 2009 18:15:57 +0100
Subject: [PATCH] Add prototype for iruserok to netdb.h.

---
 resolv/netdb.h |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/resolv/netdb.h b/resolv/netdb.h
index dc1f7ce..1fe6afe 100644
--- a/resolv/netdb.h
+++ b/resolv/netdb.h
@@ -516,6 +516,18 @@ extern int ruserok_af (__const char *__rhost, int __suser,
 		       __const char *__remuser, __const char *__locuser,
 		       sa_family_t __af);
 
+/* Check whether user REMUSER on system indicated by IPv4 address
+   RADDR is allowed to login as LOCUSER.  Non-IPv4 (e.g., IPv6) are
+   not supported.  If SUSER is not zero the user tries to become
+   superuser.  Return 0 if it is possible.
+
+   This function is not part of POSIX and therefore no official
+   cancellation point.  But due to similarity with an POSIX interface
+   or due to the implementation it is a cancellation point and
+   therefore not marked with __THROW.  */
+extern int iruserok (uint32_t __raddr, int __suser,
+		    __const char *__remuser, __const char *__locuser);
+
 /* Try to allocate reserved port, returning a descriptor for a socket opened
    at this port or -1 if unsuccessful.  The search for an available port
    will start at ALPORT and continues with lower numbers.
-- 
1.6.5.3


-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=11070

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/11070] Glibc netdb.h does not provide prototype for 'iruserok'

[simon at josefsson dot org]

------- Additional Comments From simon at josefsson dot org  2009-12-09 17:28 -------
If you want to take the opportunity to also export the iruserok_af interface,
which seems equally exported by libc.so but not prototyped in any header file,
here is an alternative patch.   The iruserok_af interface appears to be a more
usable interface (because it is not IPv4 specific).

/Simon

2009-12-09  Simon Josefsson  <simon@josefsson.org>

	* resolv/netdb.h [__USE_BSD]: Add prototype for iruserok and
	iruserok_af.

>From e3db0b2ff7bd1d645d6b28a0eda344b0141f0c49 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Wed, 9 Dec 2009 18:26:15 +0100
Subject: [PATCH] Add prototype for iruserok and iruserok_af to netdb.h.

---
 resolv/netdb.h |   25 +++++++++++++++++++++++++
 1 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/resolv/netdb.h b/resolv/netdb.h
index dc1f7ce..c84f65e 100644
--- a/resolv/netdb.h
+++ b/resolv/netdb.h
@@ -516,6 +516,31 @@ extern int ruserok_af (__const char *__rhost, int __suser,
 		       __const char *__remuser, __const char *__locuser,
 		       sa_family_t __af);
 
+/* Check whether user REMUSER on system indicated by IPv4 address
+   RADDR is allowed to login as LOCUSER.  Non-IPv4 (e.g., IPv6) are
+   not supported.  If SUSER is not zero the user tries to become
+   superuser.  Return 0 if it is possible.
+
+   This function is not part of POSIX and therefore no official
+   cancellation point.  But due to similarity with an POSIX interface
+   or due to the implementation it is a cancellation point and
+   therefore not marked with __THROW.  */
+extern int iruserok (uint32_t __raddr, int __suser,
+		    __const char *__remuser, __const char *__locuser);
+
+/* Check whether user REMUSER on system indicated by socket address
+   RADDR with family AF is allowed to login as LOCUSER.  If SUSER is
+   not zero the user tries to become superuser.  Return 0 if it is
+   possible.
+
+   This function is not part of POSIX and therefore no official
+   cancellation point.  But due to similarity with an POSIX interface
+   or due to the implementation it is a cancellation point and
+   therefore not marked with __THROW.  */
+extern int iruserok_af (const void *__raddr, int __suser,
+			__const char *__remuser, __const char *__locuser,
+			sa_family_t af);
+
 /* Try to allocate reserved port, returning a descriptor for a socket opened
    at this port or -1 if unsuccessful.  The search for an available port
    will start at ALPORT and continues with lower numbers.
-- 
1.6.5.3


-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=11070

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/11070] Glibc netdb.h does not provide prototype for 'iruserok'

[drepper at redhat dot com]

------- Additional Comments From drepper at redhat dot com  2010-04-05 05:03 -------
If iruserok is added then iruserok_af must be added, too.  Checked in.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED


http://sourceware.org/bugzilla/show_bug.cgi?id=11070

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/11070] Glibc netdb.h does not provide prototype for 'iruserok'

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=11070

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.