source: scripts/patches/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch@ 763fed9

clfs-1.2 clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since 763fed9 was 7f65c0e, checked in by Jim Gifford <clfs@…>, 19 years ago

r625@server (orig r623): jim | 2005-10-31 12:43:24 -0800
Final Move

  • Property mode set to 100644
File size: 37.9 KB
RevLine 
[617118d]1Submitted By: Tushar Teredesai <tushar@linuxfromscratch.org>
2Date: 2003-10-04
3Initial Package Version: 7.6
4Origin: http://archives.linuxfromscratch.org/mail-archives/blfs-dev/2003-January/001960.html
5Description: The patch was created from the tcp_wrappers modified package by Mark Heerdink.
6This patch provides the following improvements:
7 * Install libwrap.so along with libwrap.a.
8 * Create an install target for tcp_wrappers.
9 * Compilation and security fixes.
10 * Documentation fixes.
11
12$LastChangedBy: bdubbs $
13$Date: 2004-08-07 18:56:30 -0600 (Sat, 07 Aug 2004) $
14
15diff -Naur tcp_wrappers_7.6/Makefile tcp_wrappers_7.6.gimli/Makefile
16--- tcp_wrappers_7.6/Makefile 1997-03-21 12:27:21.000000000 -0600
17+++ tcp_wrappers_7.6.gimli/Makefile 2002-07-15 16:07:21.000000000 -0500
18@@ -1,5 +1,10 @@
19+GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h)
20+
21 # @(#) Makefile 1.23 97/03/21 19:27:20
22
23+# unset the HOSTNAME environment variable
24+HOSTNAME =
25+
26 what:
27 @echo
28 @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
29@@ -19,7 +24,7 @@
30 @echo " generic (most bsd-ish systems with sys5 compatibility)"
31 @echo " 386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543"
32 @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
33- @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
34+ @echo " linux gnu machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
35 @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
36 @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
37 @echo " uts215 uxp"
38@@ -43,8 +48,8 @@
39 # Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
40 #REAL_DAEMON_DIR=/usr/etc
41 #
42-# SysV.4 Solaris 2.x OSF AIX
43-#REAL_DAEMON_DIR=/usr/sbin
44+# SysV.4 Solaris 2.x OSF AIX Linux
45+REAL_DAEMON_DIR=/usr/sbin
46 #
47 # BSD 4.4
48 #REAL_DAEMON_DIR=/usr/libexec
49@@ -141,10 +146,21 @@
50 LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
51 EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
52
53+ifneq ($(GLIBC),0)
54+MYLIB=-lnsl
55+endif
56+
57 linux:
58 @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
59- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
60- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
61+ LIBS=$(MYLIB) RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
62+ NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= all \
63+ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_WEAKSYMS -D_REENTRANT"
64+
65+gnu:
66+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
67+ LIBS=$(MYLIB) RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
68+ NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= all \
69+ EXTRA_CFLAGS="-DHAVE_STRERROR -DHAVE_WEAKSYMS -D_REENTRANT"
70
71 # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
72 hpux hpux8 hpux9 hpux10:
73@@ -391,7 +407,7 @@
74 # the ones provided with this source distribution. The environ.c module
75 # implements setenv(), getenv(), and putenv().
76
77-AUX_OBJ= setenv.o
78+#AUX_OBJ= setenv.o
79 #AUX_OBJ= environ.o
80 #AUX_OBJ= environ.o strcasecmp.o
81
82@@ -454,7 +470,8 @@
83 # host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
84 # around this. The workaround does no harm on other Solaris versions.
85
86-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
87+BUGS =
88+#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
89 #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
90 #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
91
92@@ -464,7 +481,7 @@
93 # If your system supports NIS or YP-style netgroups, enable the following
94 # macro definition. Netgroups are used only for host access control.
95 #
96-#NETGROUP= -DNETGROUP
97+NETGROUP= -DNETGROUP
98
99 ###############################################################
100 # System dependencies: whether or not your system has vsyslog()
101@@ -491,7 +508,7 @@
102 # Uncomment the next definition to turn on the language extensions
103 # (examples: allow, deny, banners, twist and spawn).
104 #
105-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
106+STYLE = -DPROCESS_OPTIONS # Enable language extensions.
107
108 ################################################################
109 # Optional: Changing the default disposition of logfile records
110@@ -514,7 +531,7 @@
111 #
112 # The LOG_XXX names below are taken from the /usr/include/syslog.h file.
113
114-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
115+FACILITY= LOG_DAEMON # LOG_MAIL is what most sendmail daemons use
116
117 # The syslog priority at which successful connections are logged.
118
119@@ -610,7 +627,7 @@
120 # Paranoid mode implies hostname lookup. In order to disable hostname
121 # lookups altogether, see the next section.
122
123-PARANOID= -DPARANOID
124+#PARANOID= -DPARANOID
125
126 ########################################
127 # Optional: turning off hostname lookups
128@@ -623,7 +640,7 @@
129 # In order to perform selective hostname lookups, disable paranoid
130 # mode (see previous section) and comment out the following definition.
131
132-HOSTNAME= -DALWAYS_HOSTNAME
133+#HOSTNAME= -DALWAYS_HOSTNAME
134
135 #############################################
136 # Optional: Turning on host ADDRESS checking
137@@ -649,28 +666,46 @@
138 # source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
139 # Solaris 2.x, and Linux. See your system documentation for details.
140 #
141-# KILL_OPT= -DKILL_IP_OPTIONS
142+KILL_OPT= -DKILL_IP_OPTIONS
143
144 ## End configuration options
145 ############################
146
147 # Protection against weird shells or weird make programs.
148
149+CC = gcc
150 SHELL = /bin/sh
151-.c.o:; $(CC) $(CFLAGS) -c $*.c
152+.c.o:; $(CC) $(CFLAGS) -o $*.o -c $*.c
153+
154+SOMAJOR = 0
155+SOMINOR = 7.6
156+
157+LIB = libwrap.a
158+SHLIB = shared/libwrap.so.$(SOMAJOR).$(SOMINOR)
159+SHLIBSOMAJ= shared/libwrap.so.$(SOMAJOR)
160+SHLIBSO = shared/libwrap.so
161+SHLIBFLAGS = -Lshared -lwrap
162
163-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
164+shared/%.o: %.c
165+ $(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@
166+
167+CFLAGS = -O2 -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
168 $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
169 -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
170 -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
171 $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
172 $(VSYSLOG) $(HOSTNAME)
173
174+SHLINKFLAGS = -shared -Xlinker -soname -Xlinker libwrap.so.$(SOMAJOR) -lc $(LIBS)
175+SHCFLAGS = -fPIC -shared -D_REENTRANT
176+
177 LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
178 hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
179 $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
180 update.o misc.o diag.o percent_m.o myvsyslog.o
181
182+SHLIB_OBJ= $(addprefix shared/, $(LIB_OBJ));
183+
184 FROM_OBJ= fromhost.o
185
186 KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
187@@ -684,46 +719,80 @@
188 refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
189 scaffold.h tcpdmatch.8 README.NIS
190
191-LIB = libwrap.a
192-
193-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
194+all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(LIB)
195
196 # Invalidate all object files when the compiler options (CFLAGS) have changed.
197
198 config-check:
199 @set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; }
200- @set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \
201- if cmp cflags /tmp/cflags.$$$$ ; \
202- then rm /tmp/cflags.$$$$ ; \
203- else mv /tmp/cflags.$$$$ cflags ; \
204+ @set +e; echo $(CFLAGS) >cflags.new ; \
205+ if cmp cflags cflags.new ; \
206+ then rm cflags.new ; \
207+ else mv cflags.new cflags ; \
208 fi >/dev/null 2>/dev/null
209+ @if [ ! -d shared ]; then mkdir shared; fi
210
211 $(LIB): $(LIB_OBJ)
212 rm -f $(LIB)
213 $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
214 -$(RANLIB) $(LIB)
215
216-tcpd: tcpd.o $(LIB)
217- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
218+$(SHLIB): $(SHLIB_OBJ)
219+ rm -f $(SHLIB)
220+ $(CC) -o $(SHLIB) $(SHLINKFLAGS) $(SHLIB_OBJ)
221+ ln -s $(notdir $(SHLIB)) $(SHLIBSOMAJ)
222+ ln -s $(notdir $(SHLIBSOMAJ)) $(SHLIBSO)
223+
224+tcpd: tcpd.o $(SHLIB)
225+ $(CC) $(CFLAGS) -o $@ tcpd.o $(SHLIBFLAGS)
226
227-miscd: miscd.o $(LIB)
228- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
229+miscd: miscd.o $(SHLIB)
230+ $(CC) $(CFLAGS) -o $@ miscd.o $(SHLIBFLAGS)
231
232-safe_finger: safe_finger.o $(LIB)
233- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
234+safe_finger: safe_finger.o $(SHLIB)
235+ $(CC) $(CFLAGS) -o $@ safe_finger.o $(SHLIBFLAGS)
236
237 TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
238
239-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
240- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
241+tcpdmatch: $(TCPDMATCH_OBJ) $(SHLIB)
242+ $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS)
243
244-try-from: try-from.o fakelog.o $(LIB)
245- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
246+try-from: try-from.o fakelog.o $(SHLIB)
247+ $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS)
248
249 TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
250
251-tcpdchk: $(TCPDCHK_OBJ) $(LIB)
252- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
253+tcpdchk: $(TCPDCHK_OBJ) $(SHLIB)
254+ $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(SHLIBFLAGS)
255+
256+install: install-lib install-bin install-dev
257+
258+install-lib:
259+ install -o root -g root -m 0755 $(SHLIB) ${DESTDIR}/usr/lib/
260+ ln -sf $(notdir $(SHLIB)) ${DESTDIR}/usr/lib/$(notdir $(SHLIBSOMAJ))
261+ ln -sf $(notdir $(SHLIBSOMAJ)) ${DESTDIR}/usr/lib/$(notdir $(SHLIBSO))
262+
263+install-bin:
264+ install -o root -g root -m 0755 tcpd ${DESTDIR}/usr/sbin/
265+ install -o root -g root -m 0755 tcpdchk ${DESTDIR}/usr/sbin/
266+ install -o root -g root -m 0755 tcpdmatch ${DESTDIR}/usr/sbin/
267+ install -o root -g root -m 0755 try-from ${DESTDIR}/usr/sbin/
268+ install -o root -g root -m 0755 safe_finger ${DESTDIR}/usr/sbin/
269+ install -o root -g root -m 0644 tcpd.8 ${DESTDIR}/usr/share/man/man8/
270+ install -o root -g root -m 0644 tcpdchk.8 ${DESTDIR}/usr/share/man/man8/
271+ install -o root -g root -m 0644 try-from.8 ${DESTDIR}/usr/share/man/man8/
272+ install -o root -g root -m 0644 tcpdmatch.8 ${DESTDIR}/usr/share/man/man8/
273+ install -o root -g root -m 0644 safe_finger.8 ${DESTDIR}/usr/share/man/man8/
274+ install -o root -g root -m 0644 hosts_access.5 ${DESTDIR}/usr/share/man/man5/
275+ install -o root -g root -m 0644 hosts_options.5 ${DESTDIR}/usr/share/man/man5/
276+
277+install-dev:
278+ install -o root -g root -m 0644 hosts_access.3 ${DESTDIR}/usr/share/man/man3/
279+ install -o root -g root -m 0644 tcpd.h ${DESTDIR}/usr/include/
280+ install -o root -g root -m 0644 $(LIB) ${DESTDIR}/usr/lib/
281+ ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/hosts_ctl.3
282+ ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/request_init.3
283+ ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/request_set.3
284
285 shar: $(KIT)
286 @shar $(KIT)
287@@ -739,7 +808,8 @@
288
289 clean:
290 rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
291- cflags
292+ cflags libwrap*.so*
293+ rm -rf shared
294
295 tidy: clean
296 chmod -R a+r .
297@@ -885,5 +955,6 @@
298 update.o: mystdarg.h
299 update.o: tcpd.h
300 vfprintf.o: cflags
301+weak_symbols.o: tcpd.h
302 workarounds.o: cflags
303 workarounds.o: tcpd.h
304diff -Naur tcp_wrappers_7.6/fix_options.c tcp_wrappers_7.6.gimli/fix_options.c
305--- tcp_wrappers_7.6/fix_options.c 1997-04-07 19:29:19.000000000 -0500
306+++ tcp_wrappers_7.6.gimli/fix_options.c 2002-01-07 08:50:19.000000000 -0600
307@@ -35,7 +35,12 @@
308 #ifdef IP_OPTIONS
309 unsigned char optbuf[BUFFER_SIZE / 3], *cp;
310 char lbuf[BUFFER_SIZE], *lp;
311+#if !defined(__GLIBC__)
312 int optsize = sizeof(optbuf), ipproto;
313+#else /* __GLIBC__ */
314+ size_t optsize = sizeof(optbuf);
315+ int ipproto;
316+#endif /* __GLIBC__ */
317 struct protoent *ip;
318 int fd = request->fd;
319 unsigned int opt;
320diff -Naur tcp_wrappers_7.6/hosts_access.3 tcp_wrappers_7.6.gimli/hosts_access.3
321--- tcp_wrappers_7.6/hosts_access.3 1996-02-11 10:01:27.000000000 -0600
322+++ tcp_wrappers_7.6.gimli/hosts_access.3 2002-01-07 08:50:19.000000000 -0600
323@@ -3,7 +3,7 @@
324 hosts_access, hosts_ctl, request_init, request_set \- access control library
325 .SH SYNOPSIS
326 .nf
327-#include "tcpd.h"
328+#include <tcpd.h>
329
330 extern int allow_severity;
331 extern int deny_severity;
332diff -Naur tcp_wrappers_7.6/hosts_access.5 tcp_wrappers_7.6.gimli/hosts_access.5
333--- tcp_wrappers_7.6/hosts_access.5 1995-01-30 12:51:47.000000000 -0600
334+++ tcp_wrappers_7.6.gimli/hosts_access.5 2002-01-07 08:50:19.000000000 -0600
335@@ -8,9 +8,9 @@
336 impatient reader is encouraged to skip to the EXAMPLES section for a
337 quick introduction.
338 .PP
339-An extended version of the access control language is described in the
340-\fIhosts_options\fR(5) document. The extensions are turned on at
341-program build time by building with -DPROCESS_OPTIONS.
342+The extended version of the access control language is described in the
343+\fIhosts_options\fR(5) document. \fBNote that this language supersedes
344+the meaning of \fIshell_command\fB as documented below.\fR
345 .PP
346 In the following text, \fIdaemon\fR is the the process name of a
347 network daemon process, and \fIclient\fR is the name and/or address of
348@@ -40,7 +40,7 @@
349 character. This permits you to break up long lines so that they are
350 easier to edit.
351 .IP \(bu
352-Blank lines or lines that begin with a `#\' character are ignored.
353+Blank lines or lines that begin with a `#' character are ignored.
354 This permits you to insert comments and whitespace so that the tables
355 are easier to read.
356 .IP \(bu
357@@ -69,26 +69,33 @@
358 .SH PATTERNS
359 The access control language implements the following patterns:
360 .IP \(bu
361-A string that begins with a `.\' character. A host name is matched if
362+A string that begins with a `.' character. A host name is matched if
363 the last components of its name match the specified pattern. For
364-example, the pattern `.tue.nl\' matches the host name
365-`wzv.win.tue.nl\'.
366+example, the pattern `.tue.nl' matches the host name
367+`wzv.win.tue.nl'.
368 .IP \(bu
369-A string that ends with a `.\' character. A host address is matched if
370+A string that ends with a `.' character. A host address is matched if
371 its first numeric fields match the given string. For example, the
372-pattern `131.155.\' matches the address of (almost) every host on the
373+pattern `131.155.' matches the address of (almost) every host on the
374 Eind\%hoven University network (131.155.x.x).
375 .IP \(bu
376-A string that begins with an `@\' character is treated as an NIS
377+A string that begins with an `@' character is treated as an NIS
378 (formerly YP) netgroup name. A host name is matched if it is a host
379 member of the specified netgroup. Netgroup matches are not supported
380 for daemon process names or for client user names.
381 .IP \(bu
382-An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a
383-`net/mask\' pair. A host address is matched if `net\' is equal to the
384-bitwise AND of the address and the `mask\'. For example, the net/mask
385-pattern `131.155.72.0/255.255.254.0\' matches every address in the
386-range `131.155.72.0\' through `131.155.73.255\'.
387+An expression of the form `n.n.n.n/m.m.m.m' is interpreted as a
388+`net/mask' pair. A host address is matched if `net' is equal to the
389+bitwise AND of the address and the `mask'. For example, the net/mask
390+pattern `131.155.72.0/255.255.254.0' matches every address in the
391+range `131.155.72.0' through `131.155.73.255'.
392+.IP \(bu
393+A string that begins with a `/' character is treated as a file
394+name. A host name or address is matched if it matches any host name
395+or address pattern listed in the named file. The file format is
396+zero or more lines with zero or more host name or address patterns
397+separated by whitespace. A file name pattern can be used anywhere
398+a host name or address pattern can be used.
399 .SH WILDCARDS
400 The access control language supports explicit wildcards:
401 .IP ALL
402@@ -115,19 +122,19 @@
403 .ne 6
404 .SH OPERATORS
405 .IP EXCEPT
406-Intended use is of the form: `list_1 EXCEPT list_2\'; this construct
407+Intended use is of the form: `list_1 EXCEPT list_2'; this construct
408 matches anything that matches \fIlist_1\fR unless it matches
409 \fIlist_2\fR. The EXCEPT operator can be used in daemon_lists and in
410 client_lists. The EXCEPT operator can be nested: if the control
411-language would permit the use of parentheses, `a EXCEPT b EXCEPT c\'
412-would parse as `(a EXCEPT (b EXCEPT c))\'.
413+language would permit the use of parentheses, `a EXCEPT b EXCEPT c'
414+would parse as `(a EXCEPT (b EXCEPT c))'.
415 .br
416 .ne 6
417 .SH SHELL COMMANDS
418 If the first-matched access control rule contains a shell command, that
419 command is subjected to %<letter> substitutions (see next section).
420 The result is executed by a \fI/bin/sh\fR child process with standard
421-input, output and error connected to \fI/dev/null\fR. Specify an `&\'
422+input, output and error connected to \fI/dev/null\fR. Specify an `&'
423 at the end of the command if you do not want to wait until it has
424 completed.
425 .PP
426@@ -159,7 +166,7 @@
427 .IP %u
428 The client user name (or "unknown").
429 .IP %%
430-Expands to a single `%\' character.
431+Expands to a single `%' character.
432 .PP
433 Characters in % expansions that may confuse the shell are replaced by
434 underscores.
435@@ -243,9 +250,9 @@
436 less trustworthy. It is possible for an intruder to spoof both the
437 client connection and the IDENT lookup, although doing so is much
438 harder than spoofing just a client connection. It may also be that
439-the client\'s IDENT server is lying.
440+the client's IDENT server is lying.
441 .PP
442-Note: IDENT lookups don\'t work with UDP services.
443+Note: IDENT lookups don't work with UDP services.
444 .SH EXAMPLES
445 The language is flexible enough that different types of access control
446 policy can be expressed with a minimum of fuss. Although the language
447@@ -285,7 +292,7 @@
448 .br
449 ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
450 .PP
451-The first rule permits access from hosts in the local domain (no `.\'
452+The first rule permits access from hosts in the local domain (no `.'
453 in the host name) and from members of the \fIsome_netgroup\fP
454 netgroup. The second rule permits access from all hosts in the
455 \fIfoobar.edu\fP domain (notice the leading dot), with the exception of
456@@ -322,8 +329,8 @@
457 /etc/hosts.deny:
458 .in +3
459 .nf
460-in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\
461- /usr/ucb/mail -s %d-%h root) &
462+in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h | \\
463+ /usr/bin/mail -s %d-%h root) &
464 .fi
465 .PP
466 The safe_finger command comes with the tcpd wrapper and should be
467@@ -349,7 +356,7 @@
468 capacity of an internal buffer; when an access control rule is not
469 terminated by a newline character; when the result of %<letter>
470 expansion would overflow an internal buffer; when a system call fails
471-that shouldn\'t. All problems are reported via the syslog daemon.
472+that shouldn't. All problems are reported via the syslog daemon.
473 .SH FILES
474 .na
475 .nf
476diff -Naur tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.gimli/hosts_access.c
477--- tcp_wrappers_7.6/hosts_access.c 1997-02-11 19:13:23.000000000 -0600
478+++ tcp_wrappers_7.6.gimli/hosts_access.c 2002-01-07 08:50:19.000000000 -0600
479@@ -240,6 +240,26 @@
480 }
481 }
482
483+/* hostfile_match - look up host patterns from file */
484+
485+static int hostfile_match(path, host)
486+char *path;
487+struct hosts_info *host;
488+{
489+ char tok[BUFSIZ];
490+ int match = NO;
491+ FILE *fp;
492+
493+ if ((fp = fopen(path, "r")) != 0) {
494+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
495+ /* void */ ;
496+ fclose(fp);
497+ } else if (errno != ENOENT) {
498+ tcpd_warn("open %s: %m", path);
499+ }
500+ return (match);
501+}
502+
503 /* host_match - match host name and/or address against pattern */
504
505 static int host_match(tok, host)
506@@ -267,6 +287,8 @@
507 tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
508 return (NO);
509 #endif
510+ } else if (tok[0] == '/') { /* /file hack */
511+ return (hostfile_match(tok, host));
512 } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
513 char *name = eval_hostname(host);
514 return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
515diff -Naur tcp_wrappers_7.6/hosts_options.5 tcp_wrappers_7.6.gimli/hosts_options.5
516--- tcp_wrappers_7.6/hosts_options.5 1994-12-28 10:42:29.000000000 -0600
517+++ tcp_wrappers_7.6.gimli/hosts_options.5 2002-01-07 08:50:19.000000000 -0600
518@@ -58,12 +58,12 @@
519 Execute, in a child process, the specified shell command, after
520 performing the %<letter> expansions described in the hosts_access(5)
521 manual page. The command is executed with stdin, stdout and stderr
522-connected to the null device, so that it won\'t mess up the
523+connected to the null device, so that it won't mess up the
524 conversation with the client host. Example:
525 .sp
526 .nf
527 .ti +3
528-spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) &
529+spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) &
530 .fi
531 .sp
532 executes, in a background child process, the shell command "safe_finger
533diff -Naur tcp_wrappers_7.6/options.c tcp_wrappers_7.6.gimli/options.c
534--- tcp_wrappers_7.6/options.c 1996-02-11 10:01:32.000000000 -0600
535+++ tcp_wrappers_7.6.gimli/options.c 2002-01-07 08:50:19.000000000 -0600
536@@ -473,6 +473,9 @@
537 #ifdef LOG_CRON
538 "cron", LOG_CRON,
539 #endif
540+#ifdef LOG_FTP
541+ "ftp", LOG_FTP,
542+#endif
543 #ifdef LOG_LOCAL0
544 "local0", LOG_LOCAL0,
545 #endif
546diff -Naur tcp_wrappers_7.6/percent_m.c tcp_wrappers_7.6.gimli/percent_m.c
547--- tcp_wrappers_7.6/percent_m.c 1994-12-28 10:42:37.000000000 -0600
548+++ tcp_wrappers_7.6.gimli/percent_m.c 2002-01-07 08:50:19.000000000 -0600
549@@ -13,7 +13,7 @@
550 #include <string.h>
551
552 extern int errno;
553-#ifndef SYS_ERRLIST_DEFINED
554+#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
555 extern char *sys_errlist[];
556 extern int sys_nerr;
557 #endif
558@@ -29,11 +29,15 @@
559
560 while (*bp = *cp)
561 if (*cp == '%' && cp[1] == 'm') {
562+#ifdef HAVE_STRERROR
563+ strcpy(bp, strerror(errno));
564+#else
565 if (errno < sys_nerr && errno > 0) {
566 strcpy(bp, sys_errlist[errno]);
567 } else {
568 sprintf(bp, "Unknown error %d", errno);
569 }
570+#endif
571 bp += strlen(bp);
572 cp += 2;
573 } else {
574diff -Naur tcp_wrappers_7.6/rfc931.c tcp_wrappers_7.6.gimli/rfc931.c
575--- tcp_wrappers_7.6/rfc931.c 1995-01-02 09:11:34.000000000 -0600
576+++ tcp_wrappers_7.6.gimli/rfc931.c 2002-01-07 08:50:19.000000000 -0600
577@@ -33,7 +33,7 @@
578
579 int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */
580
581-static jmp_buf timebuf;
582+static sigjmp_buf timebuf;
583
584 /* fsocket - open stdio stream on top of socket */
585
586@@ -62,7 +62,7 @@
587 static void timeout(sig)
588 int sig;
589 {
590- longjmp(timebuf, sig);
591+ siglongjmp(timebuf, sig);
592 }
593
594 /* rfc931 - return remote user name, given socket structures */
595@@ -99,7 +99,7 @@
596 * Set up a timer so we won't get stuck while waiting for the server.
597 */
598
599- if (setjmp(timebuf) == 0) {
600+ if (sigsetjmp(timebuf,1) == 0) {
601 signal(SIGALRM, timeout);
602 alarm(rfc931_timeout);
603
604diff -Naur tcp_wrappers_7.6/safe_finger.8 tcp_wrappers_7.6.gimli/safe_finger.8
605--- tcp_wrappers_7.6/safe_finger.8 1969-12-31 18:00:00.000000000 -0600
606+++ tcp_wrappers_7.6.gimli/safe_finger.8 2002-01-07 08:50:19.000000000 -0600
607@@ -0,0 +1,34 @@
608+.TH SAFE_FINGER 8 "21th June 1997" Linux "Linux Programmer's Manual"
609+.SH NAME
610+safe_finger \- finger client wrapper that protects against nasty stuff
611+from finger servers
612+.SH SYNOPSIS
613+.B safe_finger [finger_options]
614+.SH DESCRIPTION
615+The
616+.B safe_finger
617+command protects against nasty stuff from finger servers. Use this
618+program for automatic reverse finger probes from the
619+.B tcp_wrapper
620+.B (tcpd)
621+, not the raw finger command. The
622+.B safe_finger
623+command makes sure that the finger client is not run with root
624+privileges. It also runs the finger client with a defined PATH
625+environment.
626+.B safe_finger
627+will also protect you from problems caused by the output of some
628+finger servers. The problem: some programs may react to stuff in
629+the first column. Other programs may get upset by thrash anywhere
630+on a line. File systems may fill up as the finger server keeps
631+sending data. Text editors may bomb out on extremely long lines.
632+The finger server may take forever because it is somehow wedged.
633+.B safe_finger
634+takes care of all this badness.
635+.SH SEE ALSO
636+.BR hosts_access (5),
637+.BR hosts_options (5),
638+.BR tcpd (8)
639+.SH AUTHOR
640+Wietse Venema, Eindhoven University of Technology, The Netherlands.
641+
642diff -Naur tcp_wrappers_7.6/safe_finger.c tcp_wrappers_7.6.gimli/safe_finger.c
643--- tcp_wrappers_7.6/safe_finger.c 1994-12-28 10:42:42.000000000 -0600
644+++ tcp_wrappers_7.6.gimli/safe_finger.c 2002-01-07 08:50:19.000000000 -0600
645@@ -26,21 +26,24 @@
646 #include <stdio.h>
647 #include <ctype.h>
648 #include <pwd.h>
649+#include <syslog.h>
650
651 extern void exit();
652
653 /* Local stuff */
654
655-char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
656+char path[] = "PATH=/bin:/usr/bin:/sbin:/usr/sbin";
657
658 #define TIME_LIMIT 60 /* Do not keep listinging forever */
659 #define INPUT_LENGTH 100000 /* Do not keep listinging forever */
660 #define LINE_LENGTH 128 /* Editors can choke on long lines */
661 #define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */
662 #define UNPRIV_NAME "nobody" /* Preferred privilege level */
663-#define UNPRIV_UGID 32767 /* Default uid and gid */
664+#define UNPRIV_UGID 65534 /* Default uid and gid */
665
666 int finger_pid;
667+int allow_severity = SEVERITY;
668+int deny_severity = LOG_WARNING;
669
670 void cleanup(sig)
671 int sig;
672diff -Naur tcp_wrappers_7.6/scaffold.c tcp_wrappers_7.6.gimli/scaffold.c
673--- tcp_wrappers_7.6/scaffold.c 1997-03-21 12:27:24.000000000 -0600
674+++ tcp_wrappers_7.6.gimli/scaffold.c 2002-01-07 08:50:19.000000000 -0600
675@@ -180,10 +180,12 @@
676
677 /* ARGSUSED */
678
679-void rfc931(request)
680-struct request_info *request;
681+void rfc931(rmt_sin, our_sin, dest)
682+struct sockaddr_in *rmt_sin;
683+struct sockaddr_in *our_sin;
684+char *dest;
685 {
686- strcpy(request->user, unknown);
687+ strcpy(dest, unknown);
688 }
689
690 /* check_path - examine accessibility */
691diff -Naur tcp_wrappers_7.6/socket.c tcp_wrappers_7.6.gimli/socket.c
692--- tcp_wrappers_7.6/socket.c 1997-03-21 12:27:25.000000000 -0600
693+++ tcp_wrappers_7.6.gimli/socket.c 2002-01-07 08:50:19.000000000 -0600
694@@ -76,7 +76,11 @@
695 {
696 static struct sockaddr_in client;
697 static struct sockaddr_in server;
698+#if !defined (__GLIBC__)
699 int len;
700+#else /* __GLIBC__ */
701+ size_t len;
702+#endif /* __GLIBC__ */
703 char buf[BUFSIZ];
704 int fd = request->fd;
705
706@@ -224,7 +228,11 @@
707 {
708 char buf[BUFSIZ];
709 struct sockaddr_in sin;
710+#if !defined(__GLIBC__)
711 int size = sizeof(sin);
712+#else /* __GLIBC__ */
713+ size_t size = sizeof(sin);
714+#endif /* __GLIBC__ */
715
716 /*
717 * Eat up the not-yet received datagram. Some systems insist on a
718diff -Naur tcp_wrappers_7.6/tcpd.8 tcp_wrappers_7.6.gimli/tcpd.8
719--- tcp_wrappers_7.6/tcpd.8 1996-02-21 09:39:16.000000000 -0600
720+++ tcp_wrappers_7.6.gimli/tcpd.8 2002-01-07 08:50:19.000000000 -0600
721@@ -94,7 +94,7 @@
722 .PP
723 The example assumes that the network daemons live in /usr/etc. On some
724 systems, network daemons live in /usr/sbin or in /usr/libexec, or have
725-no `in.\' prefix to their name.
726+no `in.' prefix to their name.
727 .SH EXAMPLE 2
728 This example applies when \fItcpd\fR expects that the network daemons
729 are left in their original place.
730@@ -110,26 +110,26 @@
731 becomes:
732 .sp
733 .ti +5
734-finger stream tcp nowait nobody /some/where/tcpd in.fingerd
735+finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
736 .sp
737 .fi
738 .PP
739 The example assumes that the network daemons live in /usr/etc. On some
740 systems, network daemons live in /usr/sbin or in /usr/libexec, the
741-daemons have no `in.\' prefix to their name, or there is no userid
742+daemons have no `in.' prefix to their name, or there is no userid
743 field in the inetd configuration file.
744 .PP
745 Similar changes will be needed for the other services that are to be
746-covered by \fItcpd\fR. Send a `kill -HUP\' to the \fIinetd\fR(8)
747+covered by \fItcpd\fR. Send a `kill -HUP' to the \fIinetd\fR(8)
748 process to make the changes effective. AIX users may also have to
749-execute the `inetimp\' command.
750+execute the `inetimp' command.
751 .SH EXAMPLE 3
752 In the case of daemons that do not live in a common directory ("secret"
753 or otherwise), edit the \fIinetd\fR configuration file so that it
754 specifies an absolute path name for the process name field. For example:
755 .nf
756 .sp
757- ntalk dgram udp wait root /some/where/tcpd /usr/local/lib/ntalkd
758+ ntalk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.ntalkd
759 .sp
760 .fi
761 .PP
762diff -Naur tcp_wrappers_7.6/tcpd.h tcp_wrappers_7.6.gimli/tcpd.h
763--- tcp_wrappers_7.6/tcpd.h 1996-03-19 09:22:25.000000000 -0600
764+++ tcp_wrappers_7.6.gimli/tcpd.h 2002-01-07 08:50:19.000000000 -0600
765@@ -4,6 +4,25 @@
766 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
767 */
768
769+#ifndef _TCPWRAPPERS_TCPD_H
770+#define _TCPWRAPPERS_TCPD_H
771+
772+/* someone else may have defined this */
773+#undef __P
774+
775+/* use prototypes if we have an ANSI C compiler or are using C++ */
776+#if defined(__STDC__) || defined(__cplusplus)
777+#define __P(args) args
778+#else
779+#define __P(args) ()
780+#endif
781+
782+/* Need definitions of struct sockaddr_in and FILE. */
783+#include <netinet/in.h>
784+#include <stdio.h>
785+
786+__BEGIN_DECLS
787+
788 /* Structure to describe one communications endpoint. */
789
790 #define STRING_LENGTH 128 /* hosts, users, processes */
791@@ -25,10 +44,10 @@
792 char pid[10]; /* access via eval_pid(request) */
793 struct host_info client[1]; /* client endpoint info */
794 struct host_info server[1]; /* server endpoint info */
795- void (*sink) (); /* datagram sink function or 0 */
796- void (*hostname) (); /* address to printable hostname */
797- void (*hostaddr) (); /* address to printable address */
798- void (*cleanup) (); /* cleanup function or 0 */
799+ void (*sink) __P((int)); /* datagram sink function or 0 */
800+ void (*hostname) __P((struct host_info *)); /* address to printable hostname */
801+ void (*hostaddr) __P((struct host_info *)); /* address to printable address */
802+ void (*cleanup) __P((struct request_info *)); /* cleanup function or 0 */
803 struct netconfig *config; /* netdir handle */
804 };
805
806@@ -61,25 +80,30 @@
807 /* Global functions. */
808
809 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
810-extern void fromhost(); /* get/validate client host info */
811+extern void fromhost __P((struct request_info *)); /* get/validate client host info */
812 #else
813 #define fromhost sock_host /* no TLI support needed */
814 #endif
815
816-extern int hosts_access(); /* access control */
817-extern void shell_cmd(); /* execute shell command */
818-extern char *percent_x(); /* do %<char> expansion */
819-extern void rfc931(); /* client name from RFC 931 daemon */
820-extern void clean_exit(); /* clean up and exit */
821-extern void refuse(); /* clean up and exit */
822-extern char *xgets(); /* fgets() on steroids */
823-extern char *split_at(); /* strchr() and split */
824-extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
825+extern void shell_cmd __P((char *)); /* execute shell command */
826+extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
827+extern void rfc931 __P((struct sockaddr_in *, struct sockaddr_in *, char *)); /* client name from RFC 931 daemon */
828+extern void clean_exit __P((struct request_info *)); /* clean up and exit */
829+extern void refuse __P((struct request_info *)); /* clean up and exit */
830+extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
831+extern char *split_at __P((char *, int)); /* strchr() and split */
832+extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
833
834 /* Global variables. */
835
836+#ifdef HAVE_WEAKSYMS
837+extern int allow_severity __attribute__ ((weak)); /* for connection logging */
838+extern int deny_severity __attribute__ ((weak)); /* for connection logging */
839+#else
840 extern int allow_severity; /* for connection logging */
841 extern int deny_severity; /* for connection logging */
842+#endif
843+
844 extern char *hosts_allow_table; /* for verification mode redirection */
845 extern char *hosts_deny_table; /* for verification mode redirection */
846 extern int hosts_access_verbose; /* for verbose matching mode */
847@@ -92,9 +116,14 @@
848 */
849
850 #ifdef __STDC__
851+extern int hosts_access(struct request_info *request);
852+extern int hosts_ctl(char *daemon, char *client_name, char *client_addr,
853+ char *client_user);
854 extern struct request_info *request_init(struct request_info *,...);
855 extern struct request_info *request_set(struct request_info *,...);
856 #else
857+extern int hosts_access();
858+extern int hosts_ctl();
859 extern struct request_info *request_init(); /* initialize request */
860 extern struct request_info *request_set(); /* update request structure */
861 #endif
862@@ -117,27 +146,31 @@
863 * host_info structures serve as caches for the lookup results.
864 */
865
866-extern char *eval_user(); /* client user */
867-extern char *eval_hostname(); /* printable hostname */
868-extern char *eval_hostaddr(); /* printable host address */
869-extern char *eval_hostinfo(); /* host name or address */
870-extern char *eval_client(); /* whatever is available */
871-extern char *eval_server(); /* whatever is available */
872+extern char *eval_user __P((struct request_info *)); /* client user */
873+extern char *eval_hostname __P((struct host_info *)); /* printable hostname */
874+extern char *eval_hostaddr __P((struct host_info *)); /* printable host address */
875+extern char *eval_hostinfo __P((struct host_info *)); /* host name or address */
876+extern char *eval_client __P((struct request_info *)); /* whatever is available */
877+extern char *eval_server __P((struct request_info *)); /* whatever is available */
878 #define eval_daemon(r) ((r)->daemon) /* daemon process name */
879 #define eval_pid(r) ((r)->pid) /* process id */
880
881 /* Socket-specific methods, including DNS hostname lookups. */
882
883-extern void sock_host(); /* look up endpoint addresses */
884-extern void sock_hostname(); /* translate address to hostname */
885-extern void sock_hostaddr(); /* address to printable address */
886+/* look up endpoint addresses */
887+extern void sock_host __P((struct request_info *));
888+/* translate address to hostname */
889+extern void sock_hostname __P((struct host_info *));
890+/* address to printable address */
891+extern void sock_hostaddr __P((struct host_info *));
892+
893 #define sock_methods(r) \
894 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
895
896 /* The System V Transport-Level Interface (TLI) interface. */
897
898 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
899-extern void tli_host(); /* look up endpoint addresses etc. */
900+extern void tli_host __P((struct request_info *)); /* look up endpoint addresses etc. */
901 #endif
902
903 /*
904@@ -178,7 +211,7 @@
905 * behavior.
906 */
907
908-extern void process_options(); /* execute options */
909+extern void process_options __P((char *, struct request_info *)); /* execute options */
910 extern int dry_run; /* verification flag */
911
912 /* Bug workarounds. */
913@@ -217,3 +250,7 @@
914 #define strtok my_strtok
915 extern char *my_strtok();
916 #endif
917+
918+__END_DECLS
919+
920+#endif /* tcpd.h */
921diff -Naur tcp_wrappers_7.6/tcpdchk.c tcp_wrappers_7.6.gimli/tcpdchk.c
922--- tcp_wrappers_7.6/tcpdchk.c 1997-02-11 19:13:25.000000000 -0600
923+++ tcp_wrappers_7.6.gimli/tcpdchk.c 2002-01-07 08:50:19.000000000 -0600
924@@ -350,6 +350,8 @@
925 {
926 if (pat[0] == '@') {
927 tcpd_warn("%s: daemon name begins with \"@\"", pat);
928+ } else if (pat[0] == '/') {
929+ tcpd_warn("%s: daemon name begins with \"/\"", pat);
930 } else if (pat[0] == '.') {
931 tcpd_warn("%s: daemon name begins with dot", pat);
932 } else if (pat[strlen(pat) - 1] == '.') {
933@@ -382,6 +384,8 @@
934 {
935 if (pat[0] == '@') { /* @netgroup */
936 tcpd_warn("%s: user name begins with \"@\"", pat);
937+ } else if (pat[0] == '/') {
938+ tcpd_warn("%s: user name begins with \"/\"", pat);
939 } else if (pat[0] == '.') {
940 tcpd_warn("%s: user name begins with dot", pat);
941 } else if (pat[strlen(pat) - 1] == '.') {
942@@ -402,8 +406,13 @@
943 static int check_host(pat)
944 char *pat;
945 {
946+ char buf[BUFSIZ];
947 char *mask;
948 int addr_count = 1;
949+ FILE *fp;
950+ struct tcpd_context saved_context;
951+ char *cp;
952+ char *wsp = " \t\r\n";
953
954 if (pat[0] == '@') { /* @netgroup */
955 #ifdef NO_NETGRENT
956@@ -422,6 +431,21 @@
957 tcpd_warn("netgroup support disabled");
958 #endif
959 #endif
960+ } else if (pat[0] == '/') { /* /path/name */
961+ if ((fp = fopen(pat, "r")) != 0) {
962+ saved_context = tcpd_context;
963+ tcpd_context.file = pat;
964+ tcpd_context.line = 0;
965+ while (fgets(buf, sizeof(buf), fp)) {
966+ tcpd_context.line++;
967+ for (cp = strtok(buf, wsp); cp; cp = strtok((char *) 0, wsp))
968+ check_host(cp);
969+ }
970+ tcpd_context = saved_context;
971+ fclose(fp);
972+ } else if (errno != ENOENT) {
973+ tcpd_warn("open %s: %m", pat);
974+ }
975 } else if (mask = split_at(pat, '/')) { /* network/netmask */
976 if (dot_quad_addr(pat) == INADDR_NONE
977 || dot_quad_addr(mask) == INADDR_NONE)
978diff -Naur tcp_wrappers_7.6/try-from.8 tcp_wrappers_7.6.gimli/try-from.8
979--- tcp_wrappers_7.6/try-from.8 1969-12-31 18:00:00.000000000 -0600
980+++ tcp_wrappers_7.6.gimli/try-from.8 2002-01-07 08:50:19.000000000 -0600
981@@ -0,0 +1,28 @@
982+.TH TRY-FROM 8 "21th June 1997" Linux "Linux Programmer's Manual"
983+.SH NAME
984+try-from \- test program for the tcp_wrapper
985+.SH SYNOPSIS
986+.B try-from
987+.SH DESCRIPTION
988+The
989+.B try-from
990+command can be called via a remote shell command to find out
991+if the hostname and address are properly recognized
992+by the
993+.B tcp_wrapper
994+library, if username lookup works, and (SysV only) if the TLI
995+on top of IP heuristics work. Diagnostics are reported through
996+.BR syslog (3)
997+and redirected to stderr.
998+
999+Example:
1000+
1001+rsh host /some/where/try-from
1002+
1003+.SH SEE ALSO
1004+.BR hosts_access (5),
1005+.BR hosts_options (5),
1006+.BR tcpd (8)
1007+.SH AUTHOR
1008+Wietse Venema, Eindhoven University of Technology, The Netherlands.
1009+
1010diff -Naur tcp_wrappers_7.6/weak_symbols.c tcp_wrappers_7.6.gimli/weak_symbols.c
1011--- tcp_wrappers_7.6/weak_symbols.c 1969-12-31 18:00:00.000000000 -0600
1012+++ tcp_wrappers_7.6.gimli/weak_symbols.c 2002-01-07 08:50:19.000000000 -0600
1013@@ -0,0 +1,11 @@
1014+ /*
1015+ * @(#) weak_symbols.h 1.5 99/12/29 23:50
1016+ *
1017+ * Author: Anthony Towns <ajt@debian.org>
1018+ */
1019+
1020+#ifdef HAVE_WEAKSYMS
1021+#include <syslog.h>
1022+int deny_severity = LOG_WARNING;
1023+int allow_severity = SEVERITY;
1024+#endif
1025diff -Naur tcp_wrappers_7.6/workarounds.c tcp_wrappers_7.6.gimli/workarounds.c
1026--- tcp_wrappers_7.6/workarounds.c 1996-03-19 09:22:26.000000000 -0600
1027+++ tcp_wrappers_7.6.gimli/workarounds.c 2002-01-07 08:50:19.000000000 -0600
1028@@ -163,7 +163,11 @@
1029 int fix_getpeername(sock, sa, len)
1030 int sock;
1031 struct sockaddr *sa;
1032+#if !defined(__GLIBC__)
1033 int *len;
1034+#else /* __GLIBC__ */
1035+size_t *len;
1036+#endif /* __GLIBC__ */
1037 {
1038 int ret;
1039 struct sockaddr_in *sin = (struct sockaddr_in *) sa;
Note: See TracBrowser for help on using the repository browser.