xref: /src/usr.sbin/lpr/lpd/lpd.c

/*	$NetBSD: lpd.c,v 1.60 2023/04/26 18:25:02 kre Exp $	*/

/*
 * Copyright (c) 1983, 1993, 1994
 *	The Regents of the University of California.  All rights reserved.
 *
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/cdefs.h>

#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 1983, 1993, 1994\
 The Regents of the University of California.  All rights reserved.");
#endif /* not lint */

#ifndef lint
#if 0
static char sccsid[] = "@(#)lpd.c	8.7 (Berkeley) 5/10/95";
#else
__RCSID("$NetBSD: lpd.c,v 1.60 2023/04/26 18:25:02 kre Exp $");
#endif
#endif /* not lint */

/*
 * lpd -- line printer daemon.
 *
 * Listen for a connection and perform the requested operation.
 * Operations are:
 *	\1printer\n
 *		check the queue for jobs and print any found.
 *	\2printer\n
 *		receive a job from another machine and queue it.
 *	\3printer [users ...] [jobs ...]\n
 *		return the current state of the queue (short form).
 *	\4printer [users ...] [jobs ...]\n
 *		return the current state of the queue (long form).
 *	\5printer person [users ...] [jobs ...]\n
 *		remove jobs from the queue.
 *
 * Strategy to maintain protected spooling area:
 *	1. Spooling area is writable only by daemon and spooling group
 *	2. lpr runs setuid root and setgrp spooling group; it uses
 *	   root to access any file it wants (verifying things before
 *	   with an access call) and group id to know how it should
 *	   set up ownership of files in the spooling area.
 *	3. Files in spooling area are owned by root, group spooling
 *	   group, with mode 660.
 *	4. lpd, lpq and lprm run setuid daemon and setgrp spooling group to
 *	   access files and printer.  Users can't get to anything
 *	   w/o help of lpq and lprm programs.
 */

#include <sys/param.h>
#include <sys/wait.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/stat.h>
#include <sys/file.h>
#include <sys/poll.h>
#include <netinet/in.h>

#include <err.h>
#include <netdb.h>
#include <unistd.h>
#include <syslog.h>
#include <signal.h>
#include <errno.h>
#include <fcntl.h>
#include <dirent.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <arpa/inet.h>

#ifdef LIBWRAP
#include <tcpd.h>
#endif

#include "lp.h"
#include "lp.local.h"
#include "pathnames.h"
#include "extern.h"

/* XXX from libc/net/rcmd.c */
extern int __ivaliduser_sa(FILE *, const struct sockaddr *, socklen_t,
			   const char *, const char *);

#ifdef LIBWRAP
int allow_severity = LOG_AUTH|LOG_INFO;
int deny_severity = LOG_AUTH|LOG_WARNING;
#endif

int	lflag;				/* log requests flag */
int	rflag;				/* allow of for remote printers */
int	sflag;				/* secure (no inet) flag */
int	from_remote;			/* from remote socket */
char	**blist;			/* list of addresses to bind(2) to */
int	blist_size;
int	blist_addrs;

static void		reapchild(int);
__dead static void	mcleanup(int);
static void		doit(void);
static void		startup(void);
static void		chkhost(struct sockaddr *, int);
__dead static void	usage(void);
static struct pollfd	*socksetup(int, int, const char *, int *);
static void		chkplushost(int, FILE *, char*);

uid_t	uid, euid;
int child_count;

#define LPD_NOPORTCHK	0001		/* skip reserved-port check */

int
main(int argc, char **argv)
{
	struct sockaddr_storage frm;
	socklen_t frmlen;
	sigset_t nmask, omask;
	int lfd, errs, i, f, nfds;
	struct pollfd *socks;
	int child_max = 32;	/* more than enough to hose the system */
	int options = 0, check_options = 0;
	struct servent *sp;
	const char *port = "printer";
	char **newblist;

	euid = geteuid();	/* these shouldn't be different */
	uid = getuid();
	gethostname(host, sizeof(host));
	host[sizeof(host) - 1] = '\0';
	setprogname(*argv);

	errs = 0;
	while ((i = getopt(argc, argv, "b:dln:srw:W")) != -1)
		switch (i) {
		case 'b':
			if (blist_addrs >= blist_size) {
				newblist = realloc(blist,
				    blist_size + sizeof(char *) * 4);
				if (newblist == NULL)
					err(1, "cant allocate bind addr list");
				blist = newblist;
				blist_size += sizeof(char *) * 4;
			}
			blist[blist_addrs++] = strdup(optarg);
			break;
		case 'd':
			options |= SO_DEBUG;
			break;
		case 'l':
			lflag++;
			break;
		case 'n':
			child_max = atoi(optarg);
			if (child_max < 0 || child_max > 1024)
				errx(1, "invalid number of children: %s",
				    optarg);
			break;
		case 'r':
			rflag++;
			break;
		case 's':
			sflag++;
			break;
		case 'w':
			wait_time = atoi(optarg);
			if (wait_time < 0)
				errx(1, "wait time must be positive: %s",
				    optarg);
			if (wait_time < 30)
			    warnx("warning: wait time less than 30 seconds");
			break;
		case 'W':/* allow connections coming from a non-reserved port */
			 /* (done by some lpr-implementations for MS-Windows) */
			check_options |= LPD_NOPORTCHK;
			break;
		default:
			errs++;
		}
	argc -= optind;
	argv += optind;
	if (errs)
		usage();

	switch (argc) {
	case 1:
		if ((i = atoi(argv[0])) == 0)
			usage();
		if (i < 0 || i > USHRT_MAX)
			errx(1, "port # %d is invalid", i);

		port = argv[0];
		break;
	case 0:
		sp = getservbyname(port, "tcp");
		if (sp == NULL)
			errx(1, "%s/tcp: unknown service", port);
		break;
	default:
		usage();
	}

#ifndef DEBUG
	/*
	 * Set up standard environment by detaching from the parent.
	 */
	daemon(0, 0);
#endif

	openlog("lpd", LOG_PID, LOG_LPR);
	syslog(LOG_INFO, "restarted");
	(void)umask(0);
	lfd = open(_PATH_MASTERLOCK, O_WRONLY|O_CREAT, 0644);
	if (lfd < 0) {
		syslog(LOG_ERR, "%s: %m", _PATH_MASTERLOCK);
		exit(1);
	}
	if (flock(lfd, LOCK_EX|LOCK_NB) < 0) {
		if (errno == EWOULDBLOCK) {	/* active daemon present */
			syslog(LOG_ERR, "%s is locked; another lpd is running",
			    _PATH_MASTERLOCK);
			exit(0);
		}
		syslog(LOG_ERR, "%s: %m", _PATH_MASTERLOCK);
		exit(1);
	}
	ftruncate(lfd, 0);
	/*
	 * write process id for others to know
	 */
	(void)snprintf(line, sizeof(line), "%u\n", getpid());
	f = strlen(line);
	if (write(lfd, line, f) != f) {
		syslog(LOG_ERR, "%s: %m", _PATH_MASTERLOCK);
		exit(1);
	}
	signal(SIGCHLD, reapchild);
	/*
	 * Restart all the printers.
	 */
	startup();

	sigemptyset(&nmask);
	sigaddset(&nmask, SIGHUP);
	sigaddset(&nmask, SIGINT);
	sigaddset(&nmask, SIGQUIT);
	sigaddset(&nmask, SIGTERM);
	sigprocmask(SIG_BLOCK, &nmask, &omask);

	signal(SIGHUP, mcleanup);
	signal(SIGINT, mcleanup);
	signal(SIGQUIT, mcleanup);
	signal(SIGTERM, mcleanup);

	socks = socksetup(PF_UNSPEC, options, port, &nfds);

	sigprocmask(SIG_SETMASK, &omask, (sigset_t *)0);

	if (blist != NULL) {
		for (i = 0; i < blist_addrs; i++)
			free(blist[i]);
		free(blist);
	}

	/*
	 * Main loop: accept, do a request, continue.
	 */
	memset(&frm, 0, sizeof(frm));
	for (;;) {
		int rv, s;
		/* "short" so it overflows in about 2 hours */
		struct timespec sleeptime = {10, 0};

		while (child_max < child_count) {
			syslog(LOG_WARNING,
			    "too many children, sleeping for %ld seconds",
				(long)sleeptime.tv_sec);
			nanosleep(&sleeptime, NULL);
			sleeptime.tv_sec <<= 1;
			if (sleeptime.tv_sec <= 0) {
				syslog(LOG_CRIT, "sleeptime overflowed! help!");
				sleeptime.tv_sec = 10;
			}
		}

		rv = poll(socks, nfds, INFTIM);
		if (rv <= 0) {
			if (rv < 0 && errno != EINTR)
				syslog(LOG_WARNING, "poll: %m");
			continue;
		}
		s = -1;
                for (i = 0; i < nfds; i++)
			if (socks[i].revents & POLLIN) {
				frmlen = sizeof(frm);
				s = accept(socks[i].fd,
				    (struct sockaddr *)&frm, &frmlen);
				break;
			}
		if (s < 0) {
			if (errno != EINTR)
				syslog(LOG_WARNING, "accept: %m");
			continue;
		}

		switch (fork()) {
		case 0:
			signal(SIGCHLD, SIG_DFL);
			signal(SIGHUP, SIG_IGN);
			signal(SIGINT, SIG_IGN);
			signal(SIGQUIT, SIG_IGN);
			signal(SIGTERM, SIG_IGN);
                       	for (i = 0; i < nfds; i++)
				(void)close(socks[i].fd);
			dup2(s, STDOUT_FILENO);
			(void)close(s);
			if (frm.ss_family != AF_LOCAL) {
				/* for both AF_INET and AF_INET6 */
				from_remote = 1;
				chkhost((struct sockaddr *)&frm, check_options);
			} else
				from_remote = 0;
			doit();
			exit(0);
		case -1:
			syslog(LOG_WARNING, "fork: %m, sleeping for 10 seconds...");
			sleep(10);
			continue;
		default:
			child_count++;
		}
		(void)close(s);
	}
}

/*
 * If there was a forward/backward name resolution mismatch, check
 * that there's a '+' entry in fhost.
 */

void
chkplushost(int good, FILE *fhost, char *hst)
{
	int c1, c2, c3;

	if (good) {
		return;
	}

	rewind(fhost);
	while (EOF != (c1 = fgetc(fhost))) {
		if (c1 == '+') {
			c2 = fgetc(fhost);
			if (c2 == ' ' || c2 == '\t' || c2 == '\n') {
				return;
			}
		}
		do {
			c3 = fgetc(fhost);
		} while (c3 != EOF && c3 != '\n');
	}
	fatal("address for your hostname (%s) not matched", hst);
}

static void
reapchild(int signo)
{
	int status;

	while (wait3(&status, WNOHANG, 0) > 0)
		child_count--;
}

static void
mcleanup(int signo)
{
	if (lflag)
		syslog(LOG_INFO, "exiting");
	unlink(_PATH_SOCKETNAME);
	exit(0);
}

/*
 * Stuff for handling job specifications
 */
char	*user[MAXUSERS];	/* users to process */
int	users;			/* # of users in user array */
int	requ[MAXREQUESTS];	/* job number of spool entries */
int	requests;		/* # of spool requests */
char	*person;		/* name of person doing lprm */

char	fromb[NI_MAXHOST];	/* buffer for client's machine name */
char	cbuf[BUFSIZ];		/* command line buffer */
const char *cmdnames[] = {
	"null",
	"printjob",
	"recvjob",
	"displayq short",
	"displayq long",
	"rmjob"
};

static void
doit(void)
{
	char *cp;
	int n;

	for (;;) {
		cp = cbuf;
		do {
			if (cp >= &cbuf[sizeof(cbuf) - 1])
				fatal("Command line too long");
			if ((n = read(STDOUT_FILENO, cp, 1)) != 1) {
				if (n < 0)
					fatal("Lost connection");
				return;
			}
		} while (*cp++ != '\n');
		*--cp = '\0';
		cp = cbuf;
		if (lflag) {
			if (*cp >= '\1' && *cp <= '\5') {
				syslog(LOG_INFO, "%s requests %s %s",
					from, cmdnames[(int)*cp], cp+1);
				setproctitle("serving %s: %s %s", from,
				    cmdnames[(int)*cp], cp+1);
			}
			else
				syslog(LOG_INFO, "bad request (%d) from %s",
					*cp, from);
		}
		switch (*cp++) {
		case '\1':	/* check the queue and print any jobs there */
			printer = cp;
			if (*printer == '\0')
				printer = DEFLP;
			printjob();
			break;
		case '\2':	/* receive files to be queued */
			if (!from_remote) {
				syslog(LOG_INFO, "illegal request (%d)", *cp);
				exit(1);
			}
			printer = cp;
			if (*printer == '\0')
				printer = DEFLP;
			recvjob();
			break;
		case '\3':	/* display the queue (short form) */
		case '\4':	/* display the queue (long form) */
			printer = cp;
			if (*printer == '\0')
				printer = DEFLP;
			while (*cp) {
				if (*cp != ' ') {
					cp++;
					continue;
				}
				*cp++ = '\0';
				while (isspace((unsigned char)*cp))
					cp++;
				if (*cp == '\0')
					break;
				if (isdigit((unsigned char)*cp)) {
					if (requests >= MAXREQUESTS)
						fatal("Too many requests");
					requ[requests++] = atoi(cp);
				} else {
					if (users >= MAXUSERS)
						fatal("Too many users");
					user[users++] = cp;
				}
			}
			displayq(cbuf[0] - '\3');
			exit(0);
		case '\5':	/* remove a job from the queue */
			if (!from_remote) {
				syslog(LOG_INFO, "illegal request (%d)", *cp);
				exit(1);
			}
			printer = cp;
			if (*printer == '\0')
				printer = DEFLP;
			while (*cp && *cp != ' ')
				cp++;
			if (!*cp)
				break;
			*cp++ = '\0';
			person = cp;
			while (*cp) {
				if (*cp != ' ') {
					cp++;
					continue;
				}
				*cp++ = '\0';
				while (isspace((unsigned char)*cp))
					cp++;
				if (*cp == '\0')
					break;
				if (isdigit((unsigned char)*cp)) {
					if (requests >= MAXREQUESTS)
						fatal("Too many requests");
					requ[requests++] = atoi(cp);
				} else {
					if (users >= MAXUSERS)
						fatal("Too many users");
					user[users++] = cp;
				}
			}
			rmjob();
			break;
		}
		fatal("Illegal service request");
	}
}

/*
 * Make a pass through the printcap database and start printing any
 * files left from the last time the machine went down.
 */
static void
startup(void)
{
	char *buf;
	char *cp;

	/*
	 * Restart the daemons.
	 */
	while (cgetnext(&buf, printcapdb) > 0) {
		if (ckqueue(buf) <= 0) {
			free(buf);
			continue;	/* no work to do for this printer */
		}
		for (cp = buf; *cp; cp++)
			if (*cp == '|' || *cp == ':') {
				*cp = '\0';
				break;
			}
		if (lflag)
			syslog(LOG_INFO, "work for %s", buf);
		switch (fork()) {
		case -1:
			syslog(LOG_WARNING, "startup: cannot fork");
			mcleanup(0);
		case 0:
			printer = buf;
			setproctitle("working on printer %s", printer);
			cgetclose();
			printjob();
			/* NOTREACHED */
		default:
			child_count++;
			free(buf);
		}
	}
}

#define DUMMY ":nobody::"

/*
 * Check to see if the from host has access to the line printer.
 */
static void
chkhost(struct sockaddr *f, int check_opts)
{
	struct addrinfo hints, *res, *r;
	FILE *hostf;
	int good = 0;
	char hst[NI_MAXHOST], ip[NI_MAXHOST];
	char serv[NI_MAXSERV];
	int error;
#ifdef LIBWRAP
	struct request_info req;
#endif

	error = getnameinfo(f, f->sa_len, NULL, 0, serv, sizeof(serv),
			    NI_NUMERICSERV);
	if (error)
		fatal("Malformed from address: %s", gai_strerror(error));

         if (!(check_opts & LPD_NOPORTCHK) &&
	       atoi(serv) >= IPPORT_RESERVED)
		fatal("Connect from invalid port (%s)", serv);

	/* Need real hostname for temporary filenames */
	error = getnameinfo(f, f->sa_len, hst, sizeof(hst), NULL, 0,
			    NI_NAMEREQD);
	if (error) {
		error = getnameinfo(f, f->sa_len, hst, sizeof(hst), NULL, 0,
				    NI_NUMERICHOST);
		if (error)
			fatal("Host name for your address unknown");
		else
			fatal("Host name for your address (%s) unknown", hst);
	}

	(void)strlcpy(fromb, hst, sizeof(fromb));
	from = fromb;

	/* need address in stringform for comparison (no DNS lookup here) */
	error = getnameinfo(f, f->sa_len, hst, sizeof(hst), NULL, 0,
			    NI_NUMERICHOST);
	if (error)
		fatal("Cannot print address");

	/* Check for spoof, ala rlogind */
	good = 0;
	memset(&hints, 0, sizeof(hints));
	hints.ai_family = PF_UNSPEC;
	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
	error = getaddrinfo(fromb, NULL, &hints, &res);
	if (!error) {
		for (r = res; good == 0 && r; r = r->ai_next) {
			error = getnameinfo(r->ai_addr, r->ai_addrlen,
				    ip, sizeof(ip), NULL, 0, NI_NUMERICHOST);
			if (!error && !strcmp(hst, ip))
				good = 1;
		}
		if (res)
			freeaddrinfo(res);
	}

	/* complain about !good later in chkplushost if needed. */

	setproctitle("serving %s", from);

#ifdef LIBWRAP
	request_init(&req, RQ_DAEMON, "lpd", RQ_CLIENT_SIN, f,
	    RQ_FILE, STDOUT_FILENO, NULL);
	fromhost(&req);
	if (!hosts_access(&req))
		goto denied;
#endif

	hostf = fopen(_PATH_HOSTSEQUIV, "r");
	if (hostf) {
		if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
			chkplushost(good, hostf, hst);
			(void)fclose(hostf);
			return;
		}
		(void)fclose(hostf);
	}
	hostf = fopen(_PATH_HOSTSLPD, "r");
	if (hostf) {
		if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
			chkplushost(good, hostf, hst);
			(void)fclose(hostf);
			return;
		}
		(void)fclose(hostf);
	}
#ifdef LIBWRAP
  denied:
#endif
	fatal("Your host does not have line printer access");
	/*NOTREACHED*/
}


static void
usage(void)
{

	(void)fprintf(stderr,
	    "Usage: %s [-dlrsW] [-b bind-address] [-n maxchild] "
	    "[-w maxwait] [port]\n", getprogname());
	exit(1);
}

/* setup server socket for specified address family */
/* if af is PF_UNSPEC more than one socket may be returned */
/* the returned list is dynamically allocated, so caller needs to free it */
struct pollfd *
socksetup(int af, int options, const char *port, int *nfds)
{
	struct sockaddr_un un;
	struct addrinfo hints, *res, *r;
	int error, s, blidx = 0, n;
	struct pollfd *socks, *newsocks;
	const int on = 1;

	*nfds = 0;

	socks = malloc(1 * sizeof(socks[0]));
	if (!socks) {
		syslog(LOG_ERR, "couldn't allocate memory for sockets");
		mcleanup(0);
	}

	s = socket(AF_LOCAL, SOCK_STREAM, 0);
	if (s < 0) {
		syslog(LOG_ERR, "socket(): %m");
		exit(1);
	}
	memset(&un, 0, sizeof(un));
	un.sun_family = AF_LOCAL;
	strncpy(un.sun_path, _PATH_SOCKETNAME, sizeof(un.sun_path) - 1);
	un.sun_len = SUN_LEN(&un);
	(void)umask(07);
	(void)unlink(_PATH_SOCKETNAME);
	if (bind(s, (struct sockaddr *)&un, un.sun_len) < 0) {
		syslog(LOG_ERR, "bind(): %m");
		exit(1);
	}
	(void)umask(0);
	listen(s, 5);
	socks[*nfds].fd = s;
	socks[*nfds].events = POLLIN;
	(*nfds)++;

	if (sflag && !blist_addrs)
		return (socks);

	do {
		memset(&hints, 0, sizeof(hints));
		hints.ai_flags = AI_PASSIVE;
		hints.ai_family = af;
		hints.ai_socktype = SOCK_STREAM;
		error = getaddrinfo((blist_addrs == 0) ? NULL : blist[blidx],
		    port ? port : "printer", &hints, &res);
		if (error) {
			if (blist_addrs)
				syslog(LOG_ERR, "%s: %s", blist[blidx],
				    gai_strerror(error));
			else
				syslog(LOG_ERR, "%s", gai_strerror(error));
			mcleanup(0);
		}

		/* Count max number of sockets we may open */
		for (r = res, n = 0; r; r = r->ai_next, n++)
			;
		newsocks = realloc(socks, (*nfds + n) * sizeof(socks[0]));
		if (!newsocks) {
			syslog(LOG_ERR, "couldn't allocate memory for sockets");
			mcleanup(0);
		}
		socks = newsocks;

		for (r = res; r; r = r->ai_next) {
			s = socket(r->ai_family, r->ai_socktype,
			    r->ai_protocol);
			if (s < 0) {
				syslog(LOG_DEBUG, "socket(): %m");
				continue;
			}
			if (options & SO_DEBUG)
				if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
					       &on, sizeof(on)) < 0) {
					syslog(LOG_ERR,
					       "setsockopt (SO_DEBUG): %m");
					close(s);
					continue;
				}
			if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &on,
			    sizeof(on)) < 0) {
				syslog(LOG_ERR,
				    "setsockopt (SO_REUSEPORT): %m");
				close(s);
				continue;
			}
			if (r->ai_family == AF_INET6 && setsockopt(s,
			    IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) {
				syslog(LOG_ERR,
				    "setsockopt (IPV6_V6ONLY): %m");
				close(s);
				continue;
			}
			if (bind(s, r->ai_addr, r->ai_addrlen) < 0) {
				syslog(LOG_DEBUG, "bind(): %m");
				close(s);
				continue;
			}
			listen(s, 5);
			socks[*nfds].fd = s;
			socks[*nfds].events = POLLIN;
			(*nfds)++;
		}

		if (res)
			freeaddrinfo(res);
	} while (++blidx < blist_addrs);

	return (socks);
}