wok: libwrap/stuff/tcp_wrappers-7.6-shared_lib_plus

wok annotate libwrap/stuff/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch @ rev 23933

dar: inserted libdir=/lib

author	Hans-G?nter Theisgen
date	Mon Sep 07 13:19:26 2020 +0100 (2020-09-07)
parents
children

rev	line source
erjo@286	1 Submitted By: Tushar Teredesai <tushar@linuxfromscratch.org>
erjo@286	2 Date: 2003-10-04
erjo@286	3 Initial Package Version: 7.6
erjo@286	4 Origin: http://archives.linuxfromscratch.org/mail-archives/blfs-dev/2003-January/001960.html
erjo@286	5 Description: The patch was created from the tcp_wrappers modified package by Mark Heerdink.
erjo@286	6 This patch provides the following improvements:
erjo@286	7 * Install libwrap.so along with libwrap.a.
erjo@286	8 * Create an install target for tcp_wrappers.
erjo@286	9 * Compilation and security fixes.
erjo@286	10 * Documentation fixes.
erjo@286	11 diff -Naur tcp_wrappers_7.6/Makefile tcp_wrappers_7.6.gimli/Makefile
erjo@286	12 --- tcp_wrappers_7.6/Makefile 1997-03-21 12:27:21.000000000 -0600
erjo@286	13 +++ tcp_wrappers_7.6.gimli/Makefile 2002-07-15 16:07:21.000000000 -0500
erjo@286	14 @@ -1,5 +1,10 @@
erjo@286	15 +GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h)
erjo@286	16 +
erjo@286	17 # @(#) Makefile 1.23 97/03/21 19:27:20
erjo@286	18
erjo@286	19 +# unset the HOSTNAME environment variable
erjo@286	20 +HOSTNAME =
erjo@286	21 +
erjo@286	22 what:
erjo@286	23 @echo
erjo@286	24 @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
erjo@286	25 @@ -19,7 +24,7 @@
erjo@286	26 @echo " generic (most bsd-ish systems with sys5 compatibility)"
erjo@286	27 @echo " 386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543"
erjo@286	28 @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
erjo@286	29 - @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
erjo@286	30 + @echo " linux gnu machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
erjo@286	31 @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
erjo@286	32 @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
erjo@286	33 @echo " uts215 uxp"
erjo@286	34 @@ -43,8 +48,8 @@
erjo@286	35 # Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
erjo@286	36 #REAL_DAEMON_DIR=/usr/etc
erjo@286	37 #
erjo@286	38 -# SysV.4 Solaris 2.x OSF AIX
erjo@286	39 -#REAL_DAEMON_DIR=/usr/sbin
erjo@286	40 +# SysV.4 Solaris 2.x OSF AIX Linux
erjo@286	41 +REAL_DAEMON_DIR=/usr/sbin
erjo@286	42 #
erjo@286	43 # BSD 4.4
erjo@286	44 #REAL_DAEMON_DIR=/usr/libexec
erjo@286	45 @@ -141,10 +146,21 @@
erjo@286	46 LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
erjo@286	47 EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
erjo@286	48
erjo@286	49 +ifneq ($(GLIBC),0)
erjo@286	50 +MYLIB=-lnsl
erjo@286	51 +endif
erjo@286	52 +
erjo@286	53 linux:
erjo@286	54 @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
erjo@286	55 - LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
erjo@286	56 - NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
erjo@286	57 + LIBS=$(MYLIB) RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
erjo@286	58 + NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= all \
erjo@286	59 + EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_WEAKSYMS -D_REENTRANT"
erjo@286	60 +
erjo@286	61 +gnu:
erjo@286	62 + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
erjo@286	63 + LIBS=$(MYLIB) RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
erjo@286	64 + NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= all \
erjo@286	65 + EXTRA_CFLAGS="-DHAVE_STRERROR -DHAVE_WEAKSYMS -D_REENTRANT"
erjo@286	66
erjo@286	67 # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
erjo@286	68 hpux hpux8 hpux9 hpux10:
erjo@286	69 @@ -391,7 +407,7 @@
erjo@286	70 # the ones provided with this source distribution. The environ.c module
erjo@286	71 # implements setenv(), getenv(), and putenv().
erjo@286	72
erjo@286	73 -AUX_OBJ= setenv.o
erjo@286	74 +#AUX_OBJ= setenv.o
erjo@286	75 #AUX_OBJ= environ.o
erjo@286	76 #AUX_OBJ= environ.o strcasecmp.o
erjo@286	77
erjo@286	78 @@ -454,7 +470,8 @@
erjo@286	79 # host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
erjo@286	80 # around this. The workaround does no harm on other Solaris versions.
erjo@286	81
erjo@286	82 -BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
erjo@286	83 +BUGS =
erjo@286	84 +#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
erjo@286	85 #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
erjo@286	86 #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
erjo@286	87
erjo@286	88 @@ -464,7 +481,7 @@
erjo@286	89 # If your system supports NIS or YP-style netgroups, enable the following
erjo@286	90 # macro definition. Netgroups are used only for host access control.
erjo@286	91 #
erjo@286	92 -#NETGROUP= -DNETGROUP
erjo@286	93 +NETGROUP= -DNETGROUP
erjo@286	94
erjo@286	95 ###############################################################
erjo@286	96 # System dependencies: whether or not your system has vsyslog()
erjo@286	97 @@ -491,7 +508,7 @@
erjo@286	98 # Uncomment the next definition to turn on the language extensions
erjo@286	99 # (examples: allow, deny, banners, twist and spawn).
erjo@286	100 #
erjo@286	101 -#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
erjo@286	102 +STYLE = -DPROCESS_OPTIONS # Enable language extensions.
erjo@286	103
erjo@286	104 ################################################################
erjo@286	105 # Optional: Changing the default disposition of logfile records
erjo@286	106 @@ -514,7 +531,7 @@
erjo@286	107 #
erjo@286	108 # The LOG_XXX names below are taken from the /usr/include/syslog.h file.
erjo@286	109
erjo@286	110 -FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
erjo@286	111 +FACILITY= LOG_DAEMON # LOG_MAIL is what most sendmail daemons use
erjo@286	112
erjo@286	113 # The syslog priority at which successful connections are logged.
erjo@286	114
erjo@286	115 @@ -610,7 +627,7 @@
erjo@286	116 # Paranoid mode implies hostname lookup. In order to disable hostname
erjo@286	117 # lookups altogether, see the next section.
erjo@286	118
erjo@286	119 -PARANOID= -DPARANOID
erjo@286	120 +#PARANOID= -DPARANOID
erjo@286	121
erjo@286	122 ########################################
erjo@286	123 # Optional: turning off hostname lookups
erjo@286	124 @@ -623,7 +640,7 @@
erjo@286	125 # In order to perform selective hostname lookups, disable paranoid
erjo@286	126 # mode (see previous section) and comment out the following definition.
erjo@286	127
erjo@286	128 -HOSTNAME= -DALWAYS_HOSTNAME
erjo@286	129 +#HOSTNAME= -DALWAYS_HOSTNAME
erjo@286	130
erjo@286	131 #############################################
erjo@286	132 # Optional: Turning on host ADDRESS checking
erjo@286	133 @@ -649,28 +666,46 @@
erjo@286	134 # source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
erjo@286	135 # Solaris 2.x, and Linux. See your system documentation for details.
erjo@286	136 #
erjo@286	137 -# KILL_OPT= -DKILL_IP_OPTIONS
erjo@286	138 +KILL_OPT= -DKILL_IP_OPTIONS
erjo@286	139
erjo@286	140 ## End configuration options
erjo@286	141 ############################
erjo@286	142
erjo@286	143 # Protection against weird shells or weird make programs.
erjo@286	144
erjo@286	145 +CC = gcc
erjo@286	146 SHELL = /bin/sh
erjo@286	147 -.c.o:; $(CC) $(CFLAGS) -c $*.c
erjo@286	148 +.c.o:; $(CC) $(CFLAGS) -o $.o -c $.c
erjo@286	149 +
erjo@286	150 +SOMAJOR = 0
erjo@286	151 +SOMINOR = 7.6
erjo@286	152 +
erjo@286	153 +LIB = libwrap.a
erjo@286	154 +SHLIB = shared/libwrap.so.$(SOMAJOR).$(SOMINOR)
erjo@286	155 +SHLIBSOMAJ= shared/libwrap.so.$(SOMAJOR)
erjo@286	156 +SHLIBSO = shared/libwrap.so
erjo@286	157 +SHLIBFLAGS = -Lshared -lwrap
erjo@286	158
erjo@286	159 -CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
erjo@286	160 +shared/%.o: %.c
erjo@286	161 + $(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@
erjo@286	162 +
erjo@286	163 +CFLAGS = -O2 -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
erjo@286	164 $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
erjo@286	165 -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
erjo@286	166 -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
erjo@286	167 $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
erjo@286	168 $(VSYSLOG) $(HOSTNAME)
erjo@286	169
erjo@286	170 +SHLINKFLAGS = -shared -Xlinker -soname -Xlinker libwrap.so.$(SOMAJOR) -lc $(LIBS)
erjo@286	171 +SHCFLAGS = -fPIC -shared -D_REENTRANT
erjo@286	172 +
erjo@286	173 LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
erjo@286	174 hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
erjo@286	175 $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
erjo@286	176 update.o misc.o diag.o percent_m.o myvsyslog.o
erjo@286	177
erjo@286	178 +SHLIB_OBJ= $(addprefix shared/, $(LIB_OBJ));
erjo@286	179 +
erjo@286	180 FROM_OBJ= fromhost.o
erjo@286	181
erjo@286	182 KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
erjo@286	183 @@ -684,46 +719,80 @@
erjo@286	184 refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
erjo@286	185 scaffold.h tcpdmatch.8 README.NIS
erjo@286	186
erjo@286	187 -LIB = libwrap.a
erjo@286	188 -
erjo@286	189 -all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
erjo@286	190 +all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(LIB)
erjo@286	191
erjo@286	192 # Invalidate all object files when the compiler options (CFLAGS) have changed.
erjo@286	193
erjo@286	194 config-check:
erjo@286	195 @set +e; test -n "$(REAL_DAEMON_DIR)" \|\| { make; exit 1; }
erjo@286	196 - @set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \
erjo@286	197 - if cmp cflags /tmp/cflags.$$$$ ; \
erjo@286	198 - then rm /tmp/cflags.$$$$ ; \
erjo@286	199 - else mv /tmp/cflags.$$$$ cflags ; \
erjo@286	200 + @set +e; echo $(CFLAGS) >cflags.new ; \
erjo@286	201 + if cmp cflags cflags.new ; \
erjo@286	202 + then rm cflags.new ; \
erjo@286	203 + else mv cflags.new cflags ; \
erjo@286	204 fi >/dev/null 2>/dev/null
erjo@286	205 + @if [ ! -d shared ]; then mkdir shared; fi
erjo@286	206
erjo@286	207 $(LIB): $(LIB_OBJ)
erjo@286	208 rm -f $(LIB)
erjo@286	209 $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
erjo@286	210 -$(RANLIB) $(LIB)
erjo@286	211
erjo@286	212 -tcpd: tcpd.o $(LIB)
erjo@286	213 - $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
erjo@286	214 +$(SHLIB): $(SHLIB_OBJ)
erjo@286	215 + rm -f $(SHLIB)
erjo@286	216 + $(CC) -o $(SHLIB) $(SHLINKFLAGS) $(SHLIB_OBJ)
erjo@286	217 + ln -s $(notdir $(SHLIB)) $(SHLIBSOMAJ)
erjo@286	218 + ln -s $(notdir $(SHLIBSOMAJ)) $(SHLIBSO)
erjo@286	219 +
erjo@286	220 +tcpd: tcpd.o $(SHLIB)
erjo@286	221 + $(CC) $(CFLAGS) -o $@ tcpd.o $(SHLIBFLAGS)
erjo@286	222
erjo@286	223 -miscd: miscd.o $(LIB)
erjo@286	224 - $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
erjo@286	225 +miscd: miscd.o $(SHLIB)
erjo@286	226 + $(CC) $(CFLAGS) -o $@ miscd.o $(SHLIBFLAGS)
erjo@286	227
erjo@286	228 -safe_finger: safe_finger.o $(LIB)
erjo@286	229 - $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
erjo@286	230 +safe_finger: safe_finger.o $(SHLIB)
erjo@286	231 + $(CC) $(CFLAGS) -o $@ safe_finger.o $(SHLIBFLAGS)
erjo@286	232
erjo@286	233 TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
erjo@286	234
erjo@286	235 -tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
erjo@286	236 - $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
erjo@286	237 +tcpdmatch: $(TCPDMATCH_OBJ) $(SHLIB)
erjo@286	238 + $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS)
erjo@286	239
erjo@286	240 -try-from: try-from.o fakelog.o $(LIB)
erjo@286	241 - $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
erjo@286	242 +try-from: try-from.o fakelog.o $(SHLIB)
erjo@286	243 + $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS)
erjo@286	244
erjo@286	245 TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
erjo@286	246
erjo@286	247 -tcpdchk: $(TCPDCHK_OBJ) $(LIB)
erjo@286	248 - $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
erjo@286	249 +tcpdchk: $(TCPDCHK_OBJ) $(SHLIB)
erjo@286	250 + $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(SHLIBFLAGS)
erjo@286	251 +
erjo@286	252 +install: install-lib install-bin install-dev
erjo@286	253 +
erjo@286	254 +install-lib:
erjo@286	255 + install -o root -g root -m 0755 $(SHLIB) ${DESTDIR}/usr/lib/
erjo@286	256 + ln -sf $(notdir $(SHLIB)) ${DESTDIR}/usr/lib/$(notdir $(SHLIBSOMAJ))
erjo@286	257 + ln -sf $(notdir $(SHLIBSOMAJ)) ${DESTDIR}/usr/lib/$(notdir $(SHLIBSO))
erjo@286	258 +
erjo@286	259 +install-bin:
erjo@286	260 + install -o root -g root -m 0755 tcpd ${DESTDIR}/usr/sbin/
erjo@286	261 + install -o root -g root -m 0755 tcpdchk ${DESTDIR}/usr/sbin/
erjo@286	262 + install -o root -g root -m 0755 tcpdmatch ${DESTDIR}/usr/sbin/
erjo@286	263 + install -o root -g root -m 0755 try-from ${DESTDIR}/usr/sbin/
erjo@286	264 + install -o root -g root -m 0755 safe_finger ${DESTDIR}/usr/sbin/
erjo@286	265 + install -o root -g root -m 0644 tcpd.8 ${DESTDIR}/usr/share/man/man8/
erjo@286	266 + install -o root -g root -m 0644 tcpdchk.8 ${DESTDIR}/usr/share/man/man8/
erjo@286	267 + install -o root -g root -m 0644 try-from.8 ${DESTDIR}/usr/share/man/man8/
erjo@286	268 + install -o root -g root -m 0644 tcpdmatch.8 ${DESTDIR}/usr/share/man/man8/
erjo@286	269 + install -o root -g root -m 0644 safe_finger.8 ${DESTDIR}/usr/share/man/man8/
erjo@286	270 + install -o root -g root -m 0644 hosts_access.5 ${DESTDIR}/usr/share/man/man5/
erjo@286	271 + install -o root -g root -m 0644 hosts_options.5 ${DESTDIR}/usr/share/man/man5/
erjo@286	272 +
erjo@286	273 +install-dev:
erjo@286	274 + install -o root -g root -m 0644 hosts_access.3 ${DESTDIR}/usr/share/man/man3/
erjo@286	275 + install -o root -g root -m 0644 tcpd.h ${DESTDIR}/usr/include/
erjo@286	276 + install -o root -g root -m 0644 $(LIB) ${DESTDIR}/usr/lib/
erjo@286	277 + ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/hosts_ctl.3
erjo@286	278 + ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/request_init.3
erjo@286	279 + ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/request_set.3
erjo@286	280
erjo@286	281 shar: $(KIT)
erjo@286	282 @shar $(KIT)
erjo@286	283 @@ -739,7 +808,8 @@
erjo@286	284
erjo@286	285 clean:
erjo@286	286 rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
erjo@286	287 - cflags
erjo@286	288 + cflags libwrap.so
erjo@286	289 + rm -rf shared
erjo@286	290
erjo@286	291 tidy: clean
erjo@286	292 chmod -R a+r .
erjo@286	293 @@ -885,5 +955,6 @@
erjo@286	294 update.o: mystdarg.h
erjo@286	295 update.o: tcpd.h
erjo@286	296 vfprintf.o: cflags
erjo@286	297 +weak_symbols.o: tcpd.h
erjo@286	298 workarounds.o: cflags
erjo@286	299 workarounds.o: tcpd.h
erjo@286	300 diff -Naur tcp_wrappers_7.6/fix_options.c tcp_wrappers_7.6.gimli/fix_options.c
erjo@286	301 --- tcp_wrappers_7.6/fix_options.c 1997-04-07 19:29:19.000000000 -0500
erjo@286	302 +++ tcp_wrappers_7.6.gimli/fix_options.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	303 @@ -35,7 +35,12 @@
erjo@286	304 #ifdef IP_OPTIONS
erjo@286	305 unsigned char optbuf[BUFFER_SIZE / 3], *cp;
erjo@286	306 char lbuf[BUFFER_SIZE], *lp;
erjo@286	307 +#if !defined(__GLIBC__)
erjo@286	308 int optsize = sizeof(optbuf), ipproto;
erjo@286	309 +#else /* __GLIBC__ */
erjo@286	310 + size_t optsize = sizeof(optbuf);
erjo@286	311 + int ipproto;
erjo@286	312 +#endif /* __GLIBC__ */
erjo@286	313 struct protoent *ip;
erjo@286	314 int fd = request->fd;
erjo@286	315 unsigned int opt;
erjo@286	316 diff -Naur tcp_wrappers_7.6/hosts_access.3 tcp_wrappers_7.6.gimli/hosts_access.3
erjo@286	317 --- tcp_wrappers_7.6/hosts_access.3 1996-02-11 10:01:27.000000000 -0600
erjo@286	318 +++ tcp_wrappers_7.6.gimli/hosts_access.3 2002-01-07 08:50:19.000000000 -0600
erjo@286	319 @@ -3,7 +3,7 @@
erjo@286	320 hosts_access, hosts_ctl, request_init, request_set \- access control library
erjo@286	321 .SH SYNOPSIS
erjo@286	322 .nf
erjo@286	323 -#include "tcpd.h"
erjo@286	324 +#include <tcpd.h>
erjo@286	325
erjo@286	326 extern int allow_severity;
erjo@286	327 extern int deny_severity;
erjo@286	328 diff -Naur tcp_wrappers_7.6/hosts_access.5 tcp_wrappers_7.6.gimli/hosts_access.5
erjo@286	329 --- tcp_wrappers_7.6/hosts_access.5 1995-01-30 12:51:47.000000000 -0600
erjo@286	330 +++ tcp_wrappers_7.6.gimli/hosts_access.5 2002-01-07 08:50:19.000000000 -0600
erjo@286	331 @@ -8,9 +8,9 @@
erjo@286	332 impatient reader is encouraged to skip to the EXAMPLES section for a
erjo@286	333 quick introduction.
erjo@286	334 .PP
erjo@286	335 -An extended version of the access control language is described in the
erjo@286	336 -\fIhosts_options\fR(5) document. The extensions are turned on at
erjo@286	337 -program build time by building with -DPROCESS_OPTIONS.
erjo@286	338 +The extended version of the access control language is described in the
erjo@286	339 +\fIhosts_options\fR(5) document. \fBNote that this language supersedes
erjo@286	340 +the meaning of \fIshell_command\fB as documented below.\fR
erjo@286	341 .PP
erjo@286	342 In the following text, \fIdaemon\fR is the the process name of a
erjo@286	343 network daemon process, and \fIclient\fR is the name and/or address of
erjo@286	344 @@ -40,7 +40,7 @@
erjo@286	345 character. This permits you to break up long lines so that they are
erjo@286	346 easier to edit.
erjo@286	347 .IP \(bu
erjo@286	348 -Blank lines or lines that begin with a `#\' character are ignored.
erjo@286	349 +Blank lines or lines that begin with a `#' character are ignored.
erjo@286	350 This permits you to insert comments and whitespace so that the tables
erjo@286	351 are easier to read.
erjo@286	352 .IP \(bu
erjo@286	353 @@ -69,26 +69,33 @@
erjo@286	354 .SH PATTERNS
erjo@286	355 The access control language implements the following patterns:
erjo@286	356 .IP \(bu
erjo@286	357 -A string that begins with a `.\' character. A host name is matched if
erjo@286	358 +A string that begins with a `.' character. A host name is matched if
erjo@286	359 the last components of its name match the specified pattern. For
erjo@286	360 -example, the pattern `.tue.nl\' matches the host name
erjo@286	361 -`wzv.win.tue.nl\'.
erjo@286	362 +example, the pattern `.tue.nl' matches the host name
erjo@286	363 +`wzv.win.tue.nl'.
erjo@286	364 .IP \(bu
erjo@286	365 -A string that ends with a `.\' character. A host address is matched if
erjo@286	366 +A string that ends with a `.' character. A host address is matched if
erjo@286	367 its first numeric fields match the given string. For example, the
erjo@286	368 -pattern `131.155.\' matches the address of (almost) every host on the
erjo@286	369 +pattern `131.155.' matches the address of (almost) every host on the
erjo@286	370 Eind\%hoven University network (131.155.x.x).
erjo@286	371 .IP \(bu
erjo@286	372 -A string that begins with an `@\' character is treated as an NIS
erjo@286	373 +A string that begins with an `@' character is treated as an NIS
erjo@286	374 (formerly YP) netgroup name. A host name is matched if it is a host
erjo@286	375 member of the specified netgroup. Netgroup matches are not supported
erjo@286	376 for daemon process names or for client user names.
erjo@286	377 .IP \(bu
erjo@286	378 -An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a
erjo@286	379 -`net/mask\' pair. A host address is matched if `net\' is equal to the
erjo@286	380 -bitwise AND of the address and the `mask\'. For example, the net/mask
erjo@286	381 -pattern `131.155.72.0/255.255.254.0\' matches every address in the
erjo@286	382 -range `131.155.72.0\' through `131.155.73.255\'.
erjo@286	383 +An expression of the form `n.n.n.n/m.m.m.m' is interpreted as a
erjo@286	384 +`net/mask' pair. A host address is matched if `net' is equal to the
erjo@286	385 +bitwise AND of the address and the `mask'. For example, the net/mask
erjo@286	386 +pattern `131.155.72.0/255.255.254.0' matches every address in the
erjo@286	387 +range `131.155.72.0' through `131.155.73.255'.
erjo@286	388 +.IP \(bu
erjo@286	389 +A string that begins with a `/' character is treated as a file
erjo@286	390 +name. A host name or address is matched if it matches any host name
erjo@286	391 +or address pattern listed in the named file. The file format is
erjo@286	392 +zero or more lines with zero or more host name or address patterns
erjo@286	393 +separated by whitespace. A file name pattern can be used anywhere
erjo@286	394 +a host name or address pattern can be used.
erjo@286	395 .SH WILDCARDS
erjo@286	396 The access control language supports explicit wildcards:
erjo@286	397 .IP ALL
erjo@286	398 @@ -115,19 +122,19 @@
erjo@286	399 .ne 6
erjo@286	400 .SH OPERATORS
erjo@286	401 .IP EXCEPT
erjo@286	402 -Intended use is of the form: `list_1 EXCEPT list_2\'; this construct
erjo@286	403 +Intended use is of the form: `list_1 EXCEPT list_2'; this construct
erjo@286	404 matches anything that matches \fIlist_1\fR unless it matches
erjo@286	405 \fIlist_2\fR. The EXCEPT operator can be used in daemon_lists and in
erjo@286	406 client_lists. The EXCEPT operator can be nested: if the control
erjo@286	407 -language would permit the use of parentheses, `a EXCEPT b EXCEPT c\'
erjo@286	408 -would parse as `(a EXCEPT (b EXCEPT c))\'.
erjo@286	409 +language would permit the use of parentheses, `a EXCEPT b EXCEPT c'
erjo@286	410 +would parse as `(a EXCEPT (b EXCEPT c))'.
erjo@286	411 .br
erjo@286	412 .ne 6
erjo@286	413 .SH SHELL COMMANDS
erjo@286	414 If the first-matched access control rule contains a shell command, that
erjo@286	415 command is subjected to %<letter> substitutions (see next section).
erjo@286	416 The result is executed by a \fI/bin/sh\fR child process with standard
erjo@286	417 -input, output and error connected to \fI/dev/null\fR. Specify an `&\'
erjo@286	418 +input, output and error connected to \fI/dev/null\fR. Specify an `&'
erjo@286	419 at the end of the command if you do not want to wait until it has
erjo@286	420 completed.
erjo@286	421 .PP
erjo@286	422 @@ -159,7 +166,7 @@
erjo@286	423 .IP %u
erjo@286	424 The client user name (or "unknown").
erjo@286	425 .IP %%
erjo@286	426 -Expands to a single `%\' character.
erjo@286	427 +Expands to a single `%' character.
erjo@286	428 .PP
erjo@286	429 Characters in % expansions that may confuse the shell are replaced by
erjo@286	430 underscores.
erjo@286	431 @@ -243,9 +250,9 @@
erjo@286	432 less trustworthy. It is possible for an intruder to spoof both the
erjo@286	433 client connection and the IDENT lookup, although doing so is much
erjo@286	434 harder than spoofing just a client connection. It may also be that
erjo@286	435 -the client\'s IDENT server is lying.
erjo@286	436 +the client's IDENT server is lying.
erjo@286	437 .PP
erjo@286	438 -Note: IDENT lookups don\'t work with UDP services.
erjo@286	439 +Note: IDENT lookups don't work with UDP services.
erjo@286	440 .SH EXAMPLES
erjo@286	441 The language is flexible enough that different types of access control
erjo@286	442 policy can be expressed with a minimum of fuss. Although the language
erjo@286	443 @@ -285,7 +292,7 @@
erjo@286	444 .br
erjo@286	445 ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
erjo@286	446 .PP
erjo@286	447 -The first rule permits access from hosts in the local domain (no `.\'
erjo@286	448 +The first rule permits access from hosts in the local domain (no `.'
erjo@286	449 in the host name) and from members of the \fIsome_netgroup\fP
erjo@286	450 netgroup. The second rule permits access from all hosts in the
erjo@286	451 \fIfoobar.edu\fP domain (notice the leading dot), with the exception of
erjo@286	452 @@ -322,8 +329,8 @@
erjo@286	453 /etc/hosts.deny:
erjo@286	454 .in +3
erjo@286	455 .nf
erjo@286	456 -in.tftpd: ALL: (/some/where/safe_finger -l @%h \| \\
erjo@286	457 - /usr/ucb/mail -s %d-%h root) &
erjo@286	458 +in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h \| \\
erjo@286	459 + /usr/bin/mail -s %d-%h root) &
erjo@286	460 .fi
erjo@286	461 .PP
erjo@286	462 The safe_finger command comes with the tcpd wrapper and should be
erjo@286	463 @@ -349,7 +356,7 @@
erjo@286	464 capacity of an internal buffer; when an access control rule is not
erjo@286	465 terminated by a newline character; when the result of %<letter>
erjo@286	466 expansion would overflow an internal buffer; when a system call fails
erjo@286	467 -that shouldn\'t. All problems are reported via the syslog daemon.
erjo@286	468 +that shouldn't. All problems are reported via the syslog daemon.
erjo@286	469 .SH FILES
erjo@286	470 .na
erjo@286	471 .nf
erjo@286	472 diff -Naur tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.gimli/hosts_access.c
erjo@286	473 --- tcp_wrappers_7.6/hosts_access.c 1997-02-11 19:13:23.000000000 -0600
erjo@286	474 +++ tcp_wrappers_7.6.gimli/hosts_access.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	475 @@ -240,6 +240,26 @@
erjo@286	476 }
erjo@286	477 }
erjo@286	478
erjo@286	479 +/* hostfile_match - look up host patterns from file */
erjo@286	480 +
erjo@286	481 +static int hostfile_match(path, host)
erjo@286	482 +char *path;
erjo@286	483 +struct hosts_info *host;
erjo@286	484 +{
erjo@286	485 + char tok[BUFSIZ];
erjo@286	486 + int match = NO;
erjo@286	487 + FILE *fp;
erjo@286	488 +
erjo@286	489 + if ((fp = fopen(path, "r")) != 0) {
erjo@286	490 + while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
erjo@286	491 + /* void */ ;
erjo@286	492 + fclose(fp);
erjo@286	493 + } else if (errno != ENOENT) {
erjo@286	494 + tcpd_warn("open %s: %m", path);
erjo@286	495 + }
erjo@286	496 + return (match);
erjo@286	497 +}
erjo@286	498 +
erjo@286	499 /* host_match - match host name and/or address against pattern */
erjo@286	500
erjo@286	501 static int host_match(tok, host)
erjo@286	502 @@ -267,6 +287,8 @@
erjo@286	503 tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
erjo@286	504 return (NO);
erjo@286	505 #endif
erjo@286	506 + } else if (tok[0] == '/') { /* /file hack */
erjo@286	507 + return (hostfile_match(tok, host));
erjo@286	508 } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
erjo@286	509 char *name = eval_hostname(host);
erjo@286	510 return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
erjo@286	511 diff -Naur tcp_wrappers_7.6/hosts_options.5 tcp_wrappers_7.6.gimli/hosts_options.5
erjo@286	512 --- tcp_wrappers_7.6/hosts_options.5 1994-12-28 10:42:29.000000000 -0600
erjo@286	513 +++ tcp_wrappers_7.6.gimli/hosts_options.5 2002-01-07 08:50:19.000000000 -0600
erjo@286	514 @@ -58,12 +58,12 @@
erjo@286	515 Execute, in a child process, the specified shell command, after
erjo@286	516 performing the %<letter> expansions described in the hosts_access(5)
erjo@286	517 manual page. The command is executed with stdin, stdout and stderr
erjo@286	518 -connected to the null device, so that it won\'t mess up the
erjo@286	519 +connected to the null device, so that it won't mess up the
erjo@286	520 conversation with the client host. Example:
erjo@286	521 .sp
erjo@286	522 .nf
erjo@286	523 .ti +3
erjo@286	524 -spawn (/some/where/safe_finger -l @%h \| /usr/ucb/mail root) &
erjo@286	525 +spawn (/usr/sbin/safe_finger -l @%h \| /usr/bin/mail root) &
erjo@286	526 .fi
erjo@286	527 .sp
erjo@286	528 executes, in a background child process, the shell command "safe_finger
erjo@286	529 diff -Naur tcp_wrappers_7.6/options.c tcp_wrappers_7.6.gimli/options.c
erjo@286	530 --- tcp_wrappers_7.6/options.c 1996-02-11 10:01:32.000000000 -0600
erjo@286	531 +++ tcp_wrappers_7.6.gimli/options.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	532 @@ -473,6 +473,9 @@
erjo@286	533 #ifdef LOG_CRON
erjo@286	534 "cron", LOG_CRON,
erjo@286	535 #endif
erjo@286	536 +#ifdef LOG_FTP
erjo@286	537 + "ftp", LOG_FTP,
erjo@286	538 +#endif
erjo@286	539 #ifdef LOG_LOCAL0
erjo@286	540 "local0", LOG_LOCAL0,
erjo@286	541 #endif
erjo@286	542 diff -Naur tcp_wrappers_7.6/percent_m.c tcp_wrappers_7.6.gimli/percent_m.c
erjo@286	543 --- tcp_wrappers_7.6/percent_m.c 1994-12-28 10:42:37.000000000 -0600
erjo@286	544 +++ tcp_wrappers_7.6.gimli/percent_m.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	545 @@ -13,7 +13,7 @@
erjo@286	546 #include <string.h>
erjo@286	547
erjo@286	548 extern int errno;
erjo@286	549 -#ifndef SYS_ERRLIST_DEFINED
erjo@286	550 +#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
erjo@286	551 extern char *sys_errlist[];
erjo@286	552 extern int sys_nerr;
erjo@286	553 #endif
erjo@286	554 @@ -29,11 +29,15 @@
erjo@286	555
erjo@286	556 while (bp = cp)
erjo@286	557 if (*cp == '%' && cp[1] == 'm') {
erjo@286	558 +#ifdef HAVE_STRERROR
erjo@286	559 + strcpy(bp, strerror(errno));
erjo@286	560 +#else
erjo@286	561 if (errno < sys_nerr && errno > 0) {
erjo@286	562 strcpy(bp, sys_errlist[errno]);
erjo@286	563 } else {
erjo@286	564 sprintf(bp, "Unknown error %d", errno);
erjo@286	565 }
erjo@286	566 +#endif
erjo@286	567 bp += strlen(bp);
erjo@286	568 cp += 2;
erjo@286	569 } else {
erjo@286	570 diff -Naur tcp_wrappers_7.6/rfc931.c tcp_wrappers_7.6.gimli/rfc931.c
erjo@286	571 --- tcp_wrappers_7.6/rfc931.c 1995-01-02 09:11:34.000000000 -0600
erjo@286	572 +++ tcp_wrappers_7.6.gimli/rfc931.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	573 @@ -33,7 +33,7 @@
erjo@286	574
erjo@286	575 int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */
erjo@286	576
erjo@286	577 -static jmp_buf timebuf;
erjo@286	578 +static sigjmp_buf timebuf;
erjo@286	579
erjo@286	580 /* fsocket - open stdio stream on top of socket */
erjo@286	581
erjo@286	582 @@ -62,7 +62,7 @@
erjo@286	583 static void timeout(sig)
erjo@286	584 int sig;
erjo@286	585 {
erjo@286	586 - longjmp(timebuf, sig);
erjo@286	587 + siglongjmp(timebuf, sig);
erjo@286	588 }
erjo@286	589
erjo@286	590 /* rfc931 - return remote user name, given socket structures */
erjo@286	591 @@ -99,7 +99,7 @@
erjo@286	592 * Set up a timer so we won't get stuck while waiting for the server.
erjo@286	593 */
erjo@286	594
erjo@286	595 - if (setjmp(timebuf) == 0) {
erjo@286	596 + if (sigsetjmp(timebuf,1) == 0) {
erjo@286	597 signal(SIGALRM, timeout);
erjo@286	598 alarm(rfc931_timeout);
erjo@286	599
erjo@286	600 diff -Naur tcp_wrappers_7.6/safe_finger.8 tcp_wrappers_7.6.gimli/safe_finger.8
erjo@286	601 --- tcp_wrappers_7.6/safe_finger.8 1969-12-31 18:00:00.000000000 -0600
erjo@286	602 +++ tcp_wrappers_7.6.gimli/safe_finger.8 2002-01-07 08:50:19.000000000 -0600
erjo@286	603 @@ -0,0 +1,34 @@
erjo@286	604 +.TH SAFE_FINGER 8 "21th June 1997" Linux "Linux Programmer's Manual"
erjo@286	605 +.SH NAME
erjo@286	606 +safe_finger \- finger client wrapper that protects against nasty stuff
erjo@286	607 +from finger servers
erjo@286	608 +.SH SYNOPSIS
erjo@286	609 +.B safe_finger [finger_options]
erjo@286	610 +.SH DESCRIPTION
erjo@286	611 +The
erjo@286	612 +.B safe_finger
erjo@286	613 +command protects against nasty stuff from finger servers. Use this
erjo@286	614 +program for automatic reverse finger probes from the
erjo@286	615 +.B tcp_wrapper
erjo@286	616 +.B (tcpd)
erjo@286	617 +, not the raw finger command. The
erjo@286	618 +.B safe_finger
erjo@286	619 +command makes sure that the finger client is not run with root
erjo@286	620 +privileges. It also runs the finger client with a defined PATH
erjo@286	621 +environment.
erjo@286	622 +.B safe_finger
erjo@286	623 +will also protect you from problems caused by the output of some
erjo@286	624 +finger servers. The problem: some programs may react to stuff in
erjo@286	625 +the first column. Other programs may get upset by thrash anywhere
erjo@286	626 +on a line. File systems may fill up as the finger server keeps
erjo@286	627 +sending data. Text editors may bomb out on extremely long lines.
erjo@286	628 +The finger server may take forever because it is somehow wedged.
erjo@286	629 +.B safe_finger
erjo@286	630 +takes care of all this badness.
erjo@286	631 +.SH SEE ALSO
erjo@286	632 +.BR hosts_access (5),
erjo@286	633 +.BR hosts_options (5),
erjo@286	634 +.BR tcpd (8)
erjo@286	635 +.SH AUTHOR
erjo@286	636 +Wietse Venema, Eindhoven University of Technology, The Netherlands.
erjo@286	637 +
erjo@286	638 diff -Naur tcp_wrappers_7.6/safe_finger.c tcp_wrappers_7.6.gimli/safe_finger.c
erjo@286	639 --- tcp_wrappers_7.6/safe_finger.c 1994-12-28 10:42:42.000000000 -0600
erjo@286	640 +++ tcp_wrappers_7.6.gimli/safe_finger.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	641 @@ -26,21 +26,24 @@
erjo@286	642 #include <stdio.h>
erjo@286	643 #include <ctype.h>
erjo@286	644 #include <pwd.h>
erjo@286	645 +#include <syslog.h>
erjo@286	646
erjo@286	647 extern void exit();
erjo@286	648
erjo@286	649 /* Local stuff */
erjo@286	650
erjo@286	651 -char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
erjo@286	652 +char path[] = "PATH=/bin:/usr/bin:/sbin:/usr/sbin";
erjo@286	653
erjo@286	654 #define TIME_LIMIT 60 /* Do not keep listinging forever */
erjo@286	655 #define INPUT_LENGTH 100000 /* Do not keep listinging forever */
erjo@286	656 #define LINE_LENGTH 128 /* Editors can choke on long lines */
erjo@286	657 #define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */
erjo@286	658 #define UNPRIV_NAME "nobody" /* Preferred privilege level */
erjo@286	659 -#define UNPRIV_UGID 32767 /* Default uid and gid */
erjo@286	660 +#define UNPRIV_UGID 65534 /* Default uid and gid */
erjo@286	661
erjo@286	662 int finger_pid;
erjo@286	663 +int allow_severity = SEVERITY;
erjo@286	664 +int deny_severity = LOG_WARNING;
erjo@286	665
erjo@286	666 void cleanup(sig)
erjo@286	667 int sig;
erjo@286	668 diff -Naur tcp_wrappers_7.6/scaffold.c tcp_wrappers_7.6.gimli/scaffold.c
erjo@286	669 --- tcp_wrappers_7.6/scaffold.c 1997-03-21 12:27:24.000000000 -0600
erjo@286	670 +++ tcp_wrappers_7.6.gimli/scaffold.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	671 @@ -180,10 +180,12 @@
erjo@286	672
erjo@286	673 /* ARGSUSED */
erjo@286	674
erjo@286	675 -void rfc931(request)
erjo@286	676 -struct request_info *request;
erjo@286	677 +void rfc931(rmt_sin, our_sin, dest)
erjo@286	678 +struct sockaddr_in *rmt_sin;
erjo@286	679 +struct sockaddr_in *our_sin;
erjo@286	680 +char *dest;
erjo@286	681 {
erjo@286	682 - strcpy(request->user, unknown);
erjo@286	683 + strcpy(dest, unknown);
erjo@286	684 }
erjo@286	685
erjo@286	686 /* check_path - examine accessibility */
erjo@286	687 diff -Naur tcp_wrappers_7.6/socket.c tcp_wrappers_7.6.gimli/socket.c
erjo@286	688 --- tcp_wrappers_7.6/socket.c 1997-03-21 12:27:25.000000000 -0600
erjo@286	689 +++ tcp_wrappers_7.6.gimli/socket.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	690 @@ -76,7 +76,11 @@
erjo@286	691 {
erjo@286	692 static struct sockaddr_in client;
erjo@286	693 static struct sockaddr_in server;
erjo@286	694 +#if !defined (__GLIBC__)
erjo@286	695 int len;
erjo@286	696 +#else /* __GLIBC__ */
erjo@286	697 + size_t len;
erjo@286	698 +#endif /* __GLIBC__ */
erjo@286	699 char buf[BUFSIZ];
erjo@286	700 int fd = request->fd;
erjo@286	701
erjo@286	702 @@ -224,7 +228,11 @@
erjo@286	703 {
erjo@286	704 char buf[BUFSIZ];
erjo@286	705 struct sockaddr_in sin;
erjo@286	706 +#if !defined(__GLIBC__)
erjo@286	707 int size = sizeof(sin);
erjo@286	708 +#else /* __GLIBC__ */
erjo@286	709 + size_t size = sizeof(sin);
erjo@286	710 +#endif /* __GLIBC__ */
erjo@286	711
erjo@286	712 /*
erjo@286	713 * Eat up the not-yet received datagram. Some systems insist on a
erjo@286	714 diff -Naur tcp_wrappers_7.6/tcpd.8 tcp_wrappers_7.6.gimli/tcpd.8
erjo@286	715 --- tcp_wrappers_7.6/tcpd.8 1996-02-21 09:39:16.000000000 -0600
erjo@286	716 +++ tcp_wrappers_7.6.gimli/tcpd.8 2002-01-07 08:50:19.000000000 -0600
erjo@286	717 @@ -94,7 +94,7 @@
erjo@286	718 .PP
erjo@286	719 The example assumes that the network daemons live in /usr/etc. On some
erjo@286	720 systems, network daemons live in /usr/sbin or in /usr/libexec, or have
erjo@286	721 -no `in.\' prefix to their name.
erjo@286	722 +no `in.' prefix to their name.
erjo@286	723 .SH EXAMPLE 2
erjo@286	724 This example applies when \fItcpd\fR expects that the network daemons
erjo@286	725 are left in their original place.
erjo@286	726 @@ -110,26 +110,26 @@
erjo@286	727 becomes:
erjo@286	728 .sp
erjo@286	729 .ti +5
erjo@286	730 -finger stream tcp nowait nobody /some/where/tcpd in.fingerd
erjo@286	731 +finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
erjo@286	732 .sp
erjo@286	733 .fi
erjo@286	734 .PP
erjo@286	735 The example assumes that the network daemons live in /usr/etc. On some
erjo@286	736 systems, network daemons live in /usr/sbin or in /usr/libexec, the
erjo@286	737 -daemons have no `in.\' prefix to their name, or there is no userid
erjo@286	738 +daemons have no `in.' prefix to their name, or there is no userid
erjo@286	739 field in the inetd configuration file.
erjo@286	740 .PP
erjo@286	741 Similar changes will be needed for the other services that are to be
erjo@286	742 -covered by \fItcpd\fR. Send a `kill -HUP\' to the \fIinetd\fR(8)
erjo@286	743 +covered by \fItcpd\fR. Send a `kill -HUP' to the \fIinetd\fR(8)
erjo@286	744 process to make the changes effective. AIX users may also have to
erjo@286	745 -execute the `inetimp\' command.
erjo@286	746 +execute the `inetimp' command.
erjo@286	747 .SH EXAMPLE 3
erjo@286	748 In the case of daemons that do not live in a common directory ("secret"
erjo@286	749 or otherwise), edit the \fIinetd\fR configuration file so that it
erjo@286	750 specifies an absolute path name for the process name field. For example:
erjo@286	751 .nf
erjo@286	752 .sp
erjo@286	753 - ntalk dgram udp wait root /some/where/tcpd /usr/local/lib/ntalkd
erjo@286	754 + ntalk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.ntalkd
erjo@286	755 .sp
erjo@286	756 .fi
erjo@286	757 .PP
erjo@286	758 diff -Naur tcp_wrappers_7.6/tcpd.h tcp_wrappers_7.6.gimli/tcpd.h
erjo@286	759 --- tcp_wrappers_7.6/tcpd.h 1996-03-19 09:22:25.000000000 -0600
erjo@286	760 +++ tcp_wrappers_7.6.gimli/tcpd.h 2002-01-07 08:50:19.000000000 -0600
erjo@286	761 @@ -4,6 +4,25 @@
erjo@286	762 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
erjo@286	763 */
erjo@286	764
erjo@286	765 +#ifndef _TCPWRAPPERS_TCPD_H
erjo@286	766 +#define _TCPWRAPPERS_TCPD_H
erjo@286	767 +
erjo@286	768 +/* someone else may have defined this */
erjo@286	769 +#undef __P
erjo@286	770 +
erjo@286	771 +/* use prototypes if we have an ANSI C compiler or are using C++ */
erjo@286	772 +#if defined(__STDC__) \|\| defined(__cplusplus)
erjo@286	773 +#define __P(args) args
erjo@286	774 +#else
erjo@286	775 +#define __P(args) ()
erjo@286	776 +#endif
erjo@286	777 +
erjo@286	778 +/* Need definitions of struct sockaddr_in and FILE. */
erjo@286	779 +#include <netinet/in.h>
erjo@286	780 +#include <stdio.h>
erjo@286	781 +
erjo@286	782 +__BEGIN_DECLS
erjo@286	783 +
erjo@286	784 /* Structure to describe one communications endpoint. */
erjo@286	785
erjo@286	786 #define STRING_LENGTH 128 /* hosts, users, processes */
erjo@286	787 @@ -25,10 +44,10 @@
erjo@286	788 char pid[10]; /* access via eval_pid(request) */
erjo@286	789 struct host_info client[1]; /* client endpoint info */
erjo@286	790 struct host_info server[1]; /* server endpoint info */
erjo@286	791 - void (sink) (); / datagram sink function or 0 */
erjo@286	792 - void (hostname) (); / address to printable hostname */
erjo@286	793 - void (hostaddr) (); / address to printable address */
erjo@286	794 - void (cleanup) (); / cleanup function or 0 */
erjo@286	795 + void (sink) __P((int)); / datagram sink function or 0 */
erjo@286	796 + void (hostname) __P((struct host_info )); /* address to printable hostname */
erjo@286	797 + void (hostaddr) __P((struct host_info )); /* address to printable address */
erjo@286	798 + void (cleanup) __P((struct request_info )); /* cleanup function or 0 */
erjo@286	799 struct netconfig config; / netdir handle */
erjo@286	800 };
erjo@286	801
erjo@286	802 @@ -61,25 +80,30 @@
erjo@286	803 /* Global functions. */
erjo@286	804
erjo@286	805 #if defined(TLI) \|\| defined(PTX) \|\| defined(TLI_SEQUENT)
erjo@286	806 -extern void fromhost(); /* get/validate client host info */
erjo@286	807 +extern void fromhost __P((struct request_info )); / get/validate client host info */
erjo@286	808 #else
erjo@286	809 #define fromhost sock_host /* no TLI support needed */
erjo@286	810 #endif
erjo@286	811
erjo@286	812 -extern int hosts_access(); /* access control */
erjo@286	813 -extern void shell_cmd(); /* execute shell command */
erjo@286	814 -extern char percent_x(); / do %<char> expansion */
erjo@286	815 -extern void rfc931(); /* client name from RFC 931 daemon */
erjo@286	816 -extern void clean_exit(); /* clean up and exit */
erjo@286	817 -extern void refuse(); /* clean up and exit */
erjo@286	818 -extern char xgets(); / fgets() on steroids */
erjo@286	819 -extern char split_at(); / strchr() and split */
erjo@286	820 -extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
erjo@286	821 +extern void shell_cmd __P((char )); / execute shell command */
erjo@286	822 +extern char percent_x __P((char , int, char , struct request_info )); /* do %<char> expansion */
erjo@286	823 +extern void rfc931 __P((struct sockaddr_in , struct sockaddr_in , char )); / client name from RFC 931 daemon */
erjo@286	824 +extern void clean_exit __P((struct request_info )); / clean up and exit */
erjo@286	825 +extern void refuse __P((struct request_info )); / clean up and exit */
erjo@286	826 +extern char xgets __P((char , int, FILE )); / fgets() on steroids */
erjo@286	827 +extern char split_at __P((char , int)); /* strchr() and split */
erjo@286	828 +extern unsigned long dot_quad_addr __P((char )); / restricted inet_addr() */
erjo@286	829
erjo@286	830 /* Global variables. */
erjo@286	831
erjo@286	832 +#ifdef HAVE_WEAKSYMS
erjo@286	833 +extern int allow_severity __attribute__ ((weak)); /* for connection logging */
erjo@286	834 +extern int deny_severity __attribute__ ((weak)); /* for connection logging */
erjo@286	835 +#else
erjo@286	836 extern int allow_severity; /* for connection logging */
erjo@286	837 extern int deny_severity; /* for connection logging */
erjo@286	838 +#endif
erjo@286	839 +
erjo@286	840 extern char hosts_allow_table; / for verification mode redirection */
erjo@286	841 extern char hosts_deny_table; / for verification mode redirection */
erjo@286	842 extern int hosts_access_verbose; /* for verbose matching mode */
erjo@286	843 @@ -92,9 +116,14 @@
erjo@286	844 */
erjo@286	845
erjo@286	846 #ifdef __STDC__
erjo@286	847 +extern int hosts_access(struct request_info *request);
erjo@286	848 +extern int hosts_ctl(char daemon, char client_name, char *client_addr,
erjo@286	849 + char *client_user);
erjo@286	850 extern struct request_info request_init(struct request_info ,...);
erjo@286	851 extern struct request_info request_set(struct request_info ,...);
erjo@286	852 #else
erjo@286	853 +extern int hosts_access();
erjo@286	854 +extern int hosts_ctl();
erjo@286	855 extern struct request_info request_init(); / initialize request */
erjo@286	856 extern struct request_info request_set(); / update request structure */
erjo@286	857 #endif
erjo@286	858 @@ -117,27 +146,31 @@
erjo@286	859 * host_info structures serve as caches for the lookup results.
erjo@286	860 */
erjo@286	861
erjo@286	862 -extern char eval_user(); / client user */
erjo@286	863 -extern char eval_hostname(); / printable hostname */
erjo@286	864 -extern char eval_hostaddr(); / printable host address */
erjo@286	865 -extern char eval_hostinfo(); / host name or address */
erjo@286	866 -extern char eval_client(); / whatever is available */
erjo@286	867 -extern char eval_server(); / whatever is available */
erjo@286	868 +extern char eval_user __P((struct request_info )); /* client user */
erjo@286	869 +extern char eval_hostname __P((struct host_info )); /* printable hostname */
erjo@286	870 +extern char eval_hostaddr __P((struct host_info )); /* printable host address */
erjo@286	871 +extern char eval_hostinfo __P((struct host_info )); /* host name or address */
erjo@286	872 +extern char eval_client __P((struct request_info )); /* whatever is available */
erjo@286	873 +extern char eval_server __P((struct request_info )); /* whatever is available */
erjo@286	874 #define eval_daemon(r) ((r)->daemon) /* daemon process name */
erjo@286	875 #define eval_pid(r) ((r)->pid) /* process id */
erjo@286	876
erjo@286	877 /* Socket-specific methods, including DNS hostname lookups. */
erjo@286	878
erjo@286	879 -extern void sock_host(); /* look up endpoint addresses */
erjo@286	880 -extern void sock_hostname(); /* translate address to hostname */
erjo@286	881 -extern void sock_hostaddr(); /* address to printable address */
erjo@286	882 +/* look up endpoint addresses */
erjo@286	883 +extern void sock_host __P((struct request_info *));
erjo@286	884 +/* translate address to hostname */
erjo@286	885 +extern void sock_hostname __P((struct host_info *));
erjo@286	886 +/* address to printable address */
erjo@286	887 +extern void sock_hostaddr __P((struct host_info *));
erjo@286	888 +
erjo@286	889 #define sock_methods(r) \
erjo@286	890 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
erjo@286	891
erjo@286	892 /* The System V Transport-Level Interface (TLI) interface. */
erjo@286	893
erjo@286	894 #if defined(TLI) \|\| defined(PTX) \|\| defined(TLI_SEQUENT)
erjo@286	895 -extern void tli_host(); /* look up endpoint addresses etc. */
erjo@286	896 +extern void tli_host __P((struct request_info )); / look up endpoint addresses etc. */
erjo@286	897 #endif
erjo@286	898
erjo@286	899 /*
erjo@286	900 @@ -178,7 +211,7 @@
erjo@286	901 * behavior.
erjo@286	902 */
erjo@286	903
erjo@286	904 -extern void process_options(); /* execute options */
erjo@286	905 +extern void process_options __P((char , struct request_info )); /* execute options */
erjo@286	906 extern int dry_run; /* verification flag */
erjo@286	907
erjo@286	908 /* Bug workarounds. */
erjo@286	909 @@ -217,3 +250,7 @@
erjo@286	910 #define strtok my_strtok
erjo@286	911 extern char *my_strtok();
erjo@286	912 #endif
erjo@286	913 +
erjo@286	914 +__END_DECLS
erjo@286	915 +
erjo@286	916 +#endif /* tcpd.h */
erjo@286	917 diff -Naur tcp_wrappers_7.6/tcpdchk.c tcp_wrappers_7.6.gimli/tcpdchk.c
erjo@286	918 --- tcp_wrappers_7.6/tcpdchk.c 1997-02-11 19:13:25.000000000 -0600
erjo@286	919 +++ tcp_wrappers_7.6.gimli/tcpdchk.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	920 @@ -350,6 +350,8 @@
erjo@286	921 {
erjo@286	922 if (pat[0] == '@') {
erjo@286	923 tcpd_warn("%s: daemon name begins with \"@\"", pat);
erjo@286	924 + } else if (pat[0] == '/') {
erjo@286	925 + tcpd_warn("%s: daemon name begins with \"/\"", pat);
erjo@286	926 } else if (pat[0] == '.') {
erjo@286	927 tcpd_warn("%s: daemon name begins with dot", pat);
erjo@286	928 } else if (pat[strlen(pat) - 1] == '.') {
erjo@286	929 @@ -382,6 +384,8 @@
erjo@286	930 {
erjo@286	931 if (pat[0] == '@') { /* @netgroup */
erjo@286	932 tcpd_warn("%s: user name begins with \"@\"", pat);
erjo@286	933 + } else if (pat[0] == '/') {
erjo@286	934 + tcpd_warn("%s: user name begins with \"/\"", pat);
erjo@286	935 } else if (pat[0] == '.') {
erjo@286	936 tcpd_warn("%s: user name begins with dot", pat);
erjo@286	937 } else if (pat[strlen(pat) - 1] == '.') {
erjo@286	938 @@ -402,8 +406,13 @@
erjo@286	939 static int check_host(pat)
erjo@286	940 char *pat;
erjo@286	941 {
erjo@286	942 + char buf[BUFSIZ];
erjo@286	943 char *mask;
erjo@286	944 int addr_count = 1;
erjo@286	945 + FILE *fp;
erjo@286	946 + struct tcpd_context saved_context;
erjo@286	947 + char *cp;
erjo@286	948 + char *wsp = " \t\r\n";
erjo@286	949
erjo@286	950 if (pat[0] == '@') { /* @netgroup */
erjo@286	951 #ifdef NO_NETGRENT
erjo@286	952 @@ -422,6 +431,21 @@
erjo@286	953 tcpd_warn("netgroup support disabled");
erjo@286	954 #endif
erjo@286	955 #endif
erjo@286	956 + } else if (pat[0] == '/') { /* /path/name */
erjo@286	957 + if ((fp = fopen(pat, "r")) != 0) {
erjo@286	958 + saved_context = tcpd_context;
erjo@286	959 + tcpd_context.file = pat;
erjo@286	960 + tcpd_context.line = 0;
erjo@286	961 + while (fgets(buf, sizeof(buf), fp)) {
erjo@286	962 + tcpd_context.line++;
erjo@286	963 + for (cp = strtok(buf, wsp); cp; cp = strtok((char *) 0, wsp))
erjo@286	964 + check_host(cp);
erjo@286	965 + }
erjo@286	966 + tcpd_context = saved_context;
erjo@286	967 + fclose(fp);
erjo@286	968 + } else if (errno != ENOENT) {
erjo@286	969 + tcpd_warn("open %s: %m", pat);
erjo@286	970 + }
erjo@286	971 } else if (mask = split_at(pat, '/')) { /* network/netmask */
erjo@286	972 if (dot_quad_addr(pat) == INADDR_NONE
erjo@286	973 \|\| dot_quad_addr(mask) == INADDR_NONE)
erjo@286	974 diff -Naur tcp_wrappers_7.6/try-from.8 tcp_wrappers_7.6.gimli/try-from.8
erjo@286	975 --- tcp_wrappers_7.6/try-from.8 1969-12-31 18:00:00.000000000 -0600
erjo@286	976 +++ tcp_wrappers_7.6.gimli/try-from.8 2002-01-07 08:50:19.000000000 -0600
erjo@286	977 @@ -0,0 +1,28 @@
erjo@286	978 +.TH TRY-FROM 8 "21th June 1997" Linux "Linux Programmer's Manual"
erjo@286	979 +.SH NAME
erjo@286	980 +try-from \- test program for the tcp_wrapper
erjo@286	981 +.SH SYNOPSIS
erjo@286	982 +.B try-from
erjo@286	983 +.SH DESCRIPTION
erjo@286	984 +The
erjo@286	985 +.B try-from
erjo@286	986 +command can be called via a remote shell command to find out
erjo@286	987 +if the hostname and address are properly recognized
erjo@286	988 +by the
erjo@286	989 +.B tcp_wrapper
erjo@286	990 +library, if username lookup works, and (SysV only) if the TLI
erjo@286	991 +on top of IP heuristics work. Diagnostics are reported through
erjo@286	992 +.BR syslog (3)
erjo@286	993 +and redirected to stderr.
erjo@286	994 +
erjo@286	995 +Example:
erjo@286	996 +
erjo@286	997 +rsh host /some/where/try-from
erjo@286	998 +
erjo@286	999 +.SH SEE ALSO
erjo@286	1000 +.BR hosts_access (5),
erjo@286	1001 +.BR hosts_options (5),
erjo@286	1002 +.BR tcpd (8)
erjo@286	1003 +.SH AUTHOR
erjo@286	1004 +Wietse Venema, Eindhoven University of Technology, The Netherlands.
erjo@286	1005 +
erjo@286	1006 diff -Naur tcp_wrappers_7.6/weak_symbols.c tcp_wrappers_7.6.gimli/weak_symbols.c
erjo@286	1007 --- tcp_wrappers_7.6/weak_symbols.c 1969-12-31 18:00:00.000000000 -0600
erjo@286	1008 +++ tcp_wrappers_7.6.gimli/weak_symbols.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	1009 @@ -0,0 +1,11 @@
erjo@286	1010 + /*
erjo@286	1011 + * @(#) weak_symbols.h 1.5 99/12/29 23:50
erjo@286	1012 + *
erjo@286	1013 + * Author: Anthony Towns <ajt@debian.org>
erjo@286	1014 + */
erjo@286	1015 +
erjo@286	1016 +#ifdef HAVE_WEAKSYMS
erjo@286	1017 +#include <syslog.h>
erjo@286	1018 +int deny_severity = LOG_WARNING;
erjo@286	1019 +int allow_severity = SEVERITY;
erjo@286	1020 +#endif
erjo@286	1021 diff -Naur tcp_wrappers_7.6/workarounds.c tcp_wrappers_7.6.gimli/workarounds.c
erjo@286	1022 --- tcp_wrappers_7.6/workarounds.c 1996-03-19 09:22:26.000000000 -0600
erjo@286	1023 +++ tcp_wrappers_7.6.gimli/workarounds.c 2002-01-07 08:50:19.000000000 -0600
erjo@286	1024 @@ -163,7 +163,11 @@
erjo@286	1025 int fix_getpeername(sock, sa, len)
erjo@286	1026 int sock;
erjo@286	1027 struct sockaddr *sa;
erjo@286	1028 +#if !defined(__GLIBC__)
erjo@286	1029 int *len;
erjo@286	1030 +#else /* __GLIBC__ */
erjo@286	1031 +size_t *len;
erjo@286	1032 +#endif /* __GLIBC__ */
erjo@286	1033 {
erjo@286	1034 int ret;
erjo@286	1035 struct sockaddr_in sin = (struct sockaddr_in ) sa;

SliTaz Repositories

wok annotate libwrap/stuff/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch @ rev 23933