Re: [hylafax-users] hosts.hfaxd ip range

[Aidan Van Dyk <aidan@xxxxxxxx>]

* Neil Wilson <neil@xxxxxxxxxxxx> [050224 09:34]:
> Hi Guys and Girls,
> 
> I used to be able to put a range of ip address into my
> /var/spool/hylafax/etc/hosts.hfaxd (EG:192.168.0.) file, to grant
> access to an entire network, but it doesn't appear to work anymore
> with the newer version.
> 
> Is this the case, has the functionality been taken out of the new
> hylafax versions, or have I just buggered something up, and that's the
> reason its not working like it used to?

> Thanks any help would be greatly appreciated!

No, previous versions did not match the man page, and were actually
insecure.  We just made it actually follow the hosts.hfaxd man page:

       client  is a regular expression to be matched against a string
       ``user@host'' that is formed from the user string passed to hfaxd
       with the USER command and the official host name or the DARPA
       Internet address, specified in ``dot notation''.  If  client
       does not contain an ``@'' then, for backwards compatibility, it
       is treated as a host for which any user may have access; i.e. it
       is automatically converted to the regular expression
       ``^.*@client$''.

This should work:
	^.*@192.168.0.[0-9]+$:::

Just putting "192.168.0." would have worked in previous versions,
contrary to what the man page says, but actually would have allowed
anyone to log into your server if they could connect to it.

a.

-- 
Aidan Van Dyk                                             aidan@xxxxxxxx
Senior Software Developer                          +1 215 438-4638 x8103
iFAX Solutions, Inc.                                http://www.ifax.com/

Attachment: signature.asc
Description: Digital signature