From owner-freebsd-stable Sat Sep 22 12:43:36 2001 Delivered-To: freebsd-stable@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 34BDD37B401; Sat, 22 Sep 2001 12:43:23 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id MAA24044; Sat, 22 Sep 2001 12:43:10 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda24042; Sat Sep 22 12:43:01 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id f8MJh1C38516; Sat, 22 Sep 2001 12:43:01 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpda38510; Sat Sep 22 12:42:17 2001 Received: (from smtpd@localhost) by cwsys.cwsent.com (8.11.6/8.9.1) id f8MJgFi28807; Sat, 22 Sep 2001 12:42:15 -0700 (PDT) Message-Id: <200109221942.f8MJgFi28807@cwsys.cwsent.com> X-Authentication-Warning: cwsys.cwsent.com: smtpd set sender to using -f Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdi28794; Sat Sep 22 12:41:27 2001 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: Garance A Drosihn Cc: Cy Schubert , freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: LPD problems in 4.4-STABLE In-reply-to: Your message of "Sat, 22 Sep 2001 01:58:26 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 22 Sep 2001 12:41:27 -0700 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message , Garance A Drosihn writes: > At 2:01 PM -0700 9/18/01, Cy Schubert - ITSD Open Systems Group wrote: > >Hajimu UMEMOTO writes: > > > However, many clients break lpr's traditional scheme. So, new option > >> -W was added. From man lpd: > >> > > > -W By default, the lpd daemon will only accept connections which > > > originate from a reserved-port (<1024) on the remote host. The > > > -W flag causes lpd to accept connections coming from any port. > > > >RFC 1179 states that LPD connections should originate from ports 721-731. > >I know of only one LPD, MVS TCP/IP Print Services, enforces this. I > >think it's fine to have an LPD option or options that allows print to > >come from non-standard ports, e.g. < 1024 or any port, however should > >LPR/LPD conform to the standard? > > [I am not quite sure what you are asking. FreeBSD's lpd does conform > to the RFC in that it does require a connection from a reserved-port. > That may not be "standard" in the sense of "matching the most common > implementations of lpr", but it does follow the RFC...] Warner answered my question yesterday. Thanks. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC > > The RFC claims that the only valid ports are 721-731, but freebsd's lpd > accepts connections from almost any reserved port. So, we're already a > little bit looser than the RFC. I think it is reasonable for us to > allow any reserved port [if that is what you are asking...]. > > There is a good reason to have the requirement of a reserved port. In > the RPI environment, we have print servers accepting print jobs from > unix machines that we (the computer center) also runs. There are > several hundred different students who use those unix workstations. > When the print server accepts a job from a unix client, it assumes > that the information in the control file is correct. Among other > things, this includes the userid of the person sending the job, and > we charge that userid based on how many pages the job will print. > > If the lpd server accepts connections from any port on a client, then > a user can just telnet to the lpd port and submit their own control > file (which conveniently does NOT charge them...). How could the > server possibly tell legitimate control files from bogus ones? > > I am not much of a slave to the RFC, and I would happily change the > protocol if it improves security or reliability. In the case of > this change, I think we're better off following the RFC by default, > and allowing a way to accept jobs from any port for those people > who need it. (really I would like to have that an option which was > set on a per-hostname basis, but -W was quick-and-easy to do). > > >Having said that, all UNIX systems I've worked on, except for AIX, do > >not completely adhere to the RFC, hence printing from non-conforming > >systems would definitely break. > > Based on what I have seen over the years, I doubt that there is ANY > implementation which strictly and completely follows the RFC... :-) > > That said, if someone does run into a problem because they have an > lpd client which connects from ports > 1024, then they will get an > explicit-enough message from freebsd's lpd which will explain the > problem to them. > > At that point they can decide to drop the reserved-port requirement > (by adding -W to lpd's startup flags), or instead they might decide > to drop the non-conforming lpd on their remote hosts... > > -- > Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu > Senior Systems Programmer or gad@freebsd.org > Rensselaer Polytechnic Institute or drosih@rpi.edu > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message