]>
Commit | Line | Data |
---|---|---|
f1ed6c4e AF |
1 | diff -urN tcp_wrappers_7.6.orig/Makefile tcp_wrappers_7.6/Makefile |
2 | --- tcp_wrappers_7.6.orig/Makefile Mon Dec 13 13:58:15 1999 | |
3 | +++ tcp_wrappers_7.6/Makefile Mon Dec 13 14:07:48 1999 | |
4 | @@ -71,6 +71,7 @@ | |
5 | # | |
6 | # HP-UX SCO Unicos | |
7 | #REAL_DAEMON_DIR=/etc/... | |
8 | +REAL_DAEMON_DIR=/usr/sbin | |
9 | ||
10 | # End of mandatory section | |
11 | ########################## | |
12 | @@ -150,8 +151,8 @@ | |
13 | ||
14 | linux: | |
15 | @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ | |
16 | - LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP= TLI= \ | |
17 | - EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all | |
18 | + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ | |
19 | + EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all | |
20 | ||
21 | linux-old: | |
22 | @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ | |
23 | @@ -373,6 +374,9 @@ | |
24 | NETGROUP= TLI= all | |
25 | ||
26 | ############################################################### | |
27 | +LIBTOOL = libtool | |
28 | +PREFIX = /usr/local | |
29 | +############################################################### | |
30 | # System dependencies: TLI (transport-level interface) support. | |
31 | # | |
32 | # Uncomment the following macro if your system has System V.4-style TLI | |
33 | @@ -504,7 +508,7 @@ | |
34 | # Uncomment the next definition to turn on the language extensions | |
35 | # (examples: allow, deny, banners, twist and spawn). | |
36 | # | |
37 | -#STYLE = -DPROCESS_OPTIONS # Enable language extensions. | |
38 | +STYLE = -DPROCESS_OPTIONS # Enable language extensions. | |
39 | ||
40 | ################################################################ | |
41 | # Optional: Changing the default disposition of logfile records | |
42 | @@ -527,7 +531,7 @@ | |
43 | # | |
44 | # The LOG_XXX names below are taken from the /usr/include/syslog.h file. | |
45 | ||
46 | -FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use | |
47 | +FACILITY= LOG_AUTHPRIV | |
48 | ||
49 | # The syslog priority at which successful connections are logged. | |
50 | ||
51 | @@ -544,7 +548,7 @@ | |
52 | # and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken | |
53 | # from /etc/hosts or from NIS maps. It does work with DNS through NIS. | |
54 | # | |
55 | -# DOT= -DAPPEND_DOT | |
56 | +DOT= -DAPPEND_DOT | |
57 | ||
58 | ################################################## | |
59 | # Optional: Always attempt remote username lookups | |
60 | @@ -564,7 +568,7 @@ | |
61 | # still do selective username lookups as documented in the hosts_access.5 | |
62 | # and hosts_options.5 manual pages (`nroff -man' format). | |
63 | # | |
64 | -#AUTH = -DALWAYS_RFC931 | |
65 | +AUTH = -DALWAYS_RFC931 | |
66 | # | |
67 | # The default username lookup timeout is 10 seconds. This may not be long | |
68 | # enough for slow hosts or networks, but is enough to irritate PC users. | |
69 | @@ -603,7 +607,7 @@ | |
70 | # look for access control information. Watch out for the quotes and | |
71 | # backslashes when you make changes. | |
72 | ||
73 | -TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\" | |
74 | +TABLES = -DHOSTS_DENY=\"/etc/tcpd/hosts.deny\" -DHOSTS_ALLOW=\"/etc/tcpd/hosts.allow\" | |
75 | ||
76 | #################################################### | |
77 | # Optional: dealing with host name/address conflicts | |
78 | @@ -623,7 +627,7 @@ | |
79 | # Paranoid mode implies hostname lookup. In order to disable hostname | |
80 | # lookups altogether, see the next section. | |
81 | ||
82 | -PARANOID= -DPARANOID | |
83 | +PARANOID= #-DPARANOID | |
84 | ||
85 | ######################################## | |
86 | # Optional: turning off hostname lookups | |
87 | @@ -636,7 +640,7 @@ | |
88 | # In order to perform selective hostname lookups, disable paranoid | |
89 | # mode (see previous section) and comment out the following definition. | |
90 | ||
91 | -HOSTNAME= -DALWAYS_HOSTNAME | |
92 | +HOSTNAME= #-DALWAYS_HOSTNAME | |
93 | ||
94 | ############################################# | |
95 | # Optional: Turning on host ADDRESS checking | |
96 | @@ -670,7 +674,9 @@ | |
97 | # Protection against weird shells or weird make programs. | |
98 | ||
99 | SHELL = /bin/sh | |
100 | -.c.o:; $(CC) $(CFLAGS) -c $*.c | |
101 | +.c.o:; $(LIBTOOL) $(CC) $(CFLAGS) -c $*.c | |
102 | + | |
103 | +%.lo:; $(LIBTOOL) $(CC) $(CFLAGS) -c $*.c | |
104 | ||
105 | CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ | |
106 | $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \ | |
107 | @@ -679,12 +685,12 @@ | |
108 | $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \ | |
109 | $(VSYSLOG) $(HOSTNAME) | |
110 | ||
111 | -LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \ | |
112 | - hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \ | |
113 | - $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \ | |
114 | - update.o misc.o diag.o percent_m.o myvsyslog.o | |
115 | +LIB_OBJ= hosts_access.lo options.lo shell_cmd.lo rfc931.lo eval.lo \ | |
116 | + hosts_ctl.lo refuse.lo percent_x.lo clean_exit.lo $(AUX_OBJ) \ | |
117 | + $(FROM_OBJ) fix_options.lo socket.lo tli.lo workarounds.lo \ | |
118 | + update.lo misc.lo diag.lo percent_m.lo myvsyslog.lo | |
119 | ||
120 | -FROM_OBJ= fromhost.o | |
121 | +FROM_OBJ= fromhost.lo | |
122 | ||
123 | KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \ | |
124 | tcpd.h tcpdmatch.c Makefile hosts_access.5 strcasecmp.c BLURB rfc931.c \ | |
125 | @@ -697,7 +703,7 @@ | |
126 | refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \ | |
127 | scaffold.h tcpdmatch.8 README.NIS | |
128 | ||
129 | -LIB = libwrap.a | |
130 | +LIB = libwrap.la | |
131 | ||
132 | all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk | |
133 | ||
134 | @@ -713,30 +719,29 @@ | |
135 | ||
136 | $(LIB): $(LIB_OBJ) | |
137 | rm -f $(LIB) | |
138 | - $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ) | |
139 | - -$(RANLIB) $(LIB) | |
140 | + $(LIBTOOL) $(CC) -O -o $(LIB) $(LIB_OBJ) -rpath /usr/lib | |
141 | ||
142 | tcpd: tcpd.o $(LIB) | |
143 | - $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS) | |
144 | + $(LIBTOOL) $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS) | |
145 | ||
146 | miscd: miscd.o $(LIB) | |
147 | - $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS) | |
148 | + $(LIBTOOL) $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS) | |
149 | ||
150 | safe_finger: safe_finger.o $(LIB) | |
151 | - $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS) | |
152 | + $(LIBTOOL) $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS) | |
153 | ||
154 | TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o | |
155 | ||
156 | tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) | |
157 | - $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS) | |
158 | + $(LIBTOOL) $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS) | |
159 | ||
160 | try-from: try-from.o fakelog.o $(LIB) | |
161 | - $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS) | |
162 | + $(LIBTOOL) $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS) | |
163 | ||
164 | TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o | |
165 | ||
166 | tcpdchk: $(TCPDCHK_OBJ) $(LIB) | |
167 | - $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS) | |
168 | + $(LIBTOOL) $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS) | |
169 | ||
170 | shar: $(KIT) | |
171 | @shar $(KIT) | |
172 | @@ -757,6 +762,13 @@ | |
173 | tidy: clean | |
174 | chmod -R a+r . | |
175 | chmod 755 . | |
176 | + | |
177 | +install: | |
178 | + -install -d $(PREFIX)/{sbin,include} | |
179 | + $(LIBTOOL) install -c $(LIB) $(PREFIX)/lib/$(LIB) | |
180 | + for PROG in safe_finger tcpdchk try-from tcpd tcpdmatch ; do \ | |
181 | + $(LIBTOOL) install -c $$PROG $(PREFIX)/sbin/$$PROG ; done | |
182 | + install tcpd.h $(PREFIX)/include/ | |
183 | ||
184 | # Enable all bells and whistles for linting. | |
185 | ||
186 | diff -urN tcp_wrappers_7.6.orig/README tcp_wrappers_7.6/README | |
187 | --- tcp_wrappers_7.6.orig/README Mon Dec 13 13:58:15 1999 | |
188 | +++ tcp_wrappers_7.6/README Mon Dec 13 14:09:31 1999 | |
189 | @@ -169,7 +169,7 @@ | |
190 | 2) The advanced way: leave the network daemons alone and modify the | |
191 | inetd configuration file. For example, an entry such as: | |
192 | ||
193 | - tftp dgram udp wait root /usr/etc/tcpd in.tftpd -s /tftpboot | |
194 | + tftp dgram udp wait root /usr/sbin/tcpd in.tftpd -s /tftpboot | |
195 | ||
196 | When a tftp request arrives, inetd will run the wrapper program | |
197 | (tcpd) with a process name `in.tftpd'. This is the name that the | |
198 | @@ -821,12 +821,12 @@ | |
199 | Then perform the following edits on the inetd configuration file | |
200 | (usually /etc/inetd.conf or /etc/inet/inetd.conf): | |
201 | ||
202 | - finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd | |
203 | - ^^^^^^^^^^^^^^^^^^^ | |
204 | + finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd | |
205 | + ^^^^^^^^^^^^^^^^^^^^ | |
206 | becomes: | |
207 | ||
208 | - finger stream tcp nowait nobody /usr/etc/tcpd in.fingerd | |
209 | - ^^^^^^^^^^^^^ | |
210 | + finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd | |
211 | + ^^^^^^^^^^^^^^ | |
212 | Send a `kill -HUP' to the inetd process to make the change effective. | |
213 | Some IRIX inetd implementations require that you first disable the | |
214 | finger service (comment out the finger service and `kill -HUP' the | |
215 | @@ -873,7 +873,7 @@ | |
216 | Instead you can specify, in the inetd configuration file, an absolute | |
217 | path name for the daemon process name. For example, | |
218 | ||
219 | - ntalk dgram udp wait root /usr/etc/tcpd /usr/local/lib/ntalkd | |
220 | + ntalk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.ntalkd | |
221 | ||
222 | When the daemon process name is an absolute path name, tcpd ignores the | |
223 | value of the REAL_DAEMON_DIR constant, and uses the last path component | |
224 | @@ -940,7 +940,7 @@ | |
225 | you can look up the name from the inetd configuration file. Coming back | |
226 | to the tftp example in the tutorial section above: | |
227 | ||
228 | - tftp dgram udp wait root /usr/etc/tcpd in.tftpd -s /tftpboot | |
229 | + tftp dgram udp wait root /usr/sbin/tcpd in.tftpd -s /tftpboot | |
230 | ||
231 | This entry causes the inetd to run the wrapper program (tcpd) with a | |
232 | process name `in.tftpd'. This is the name that the wrapper will use | |
233 | @@ -976,7 +976,7 @@ | |
234 | listener, but it should be registered in the inetd configuration file. | |
235 | For example: | |
236 | ||
237 | - smtp stream tcp nowait root /usr/etc/tcpd /usr/lib/sendmail -bs | |
238 | + smtp stream tcp nowait root /usr/sbin/tcpd /usr/lib/sendmail -bs | |
239 | ||
240 | You will still need to run one sendmail background process to handle | |
241 | queued-up outgoing mail. A command like: | |
242 | diff -urN tcp_wrappers_7.6.orig/fix_options.c tcp_wrappers_7.6/fix_options.c | |
243 | --- tcp_wrappers_7.6.orig/fix_options.c Mon Dec 13 13:58:15 1999 | |
244 | +++ tcp_wrappers_7.6/fix_options.c Mon Dec 13 14:09:18 1999 | |
245 | @@ -38,7 +38,12 @@ | |
246 | #ifdef IP_OPTIONS | |
247 | unsigned char optbuf[BUFFER_SIZE / 3], *cp; | |
248 | char lbuf[BUFFER_SIZE], *lp; | |
249 | +#if !defined(__GLIBC__) | |
250 | int optsize = sizeof(optbuf), ipproto; | |
251 | +#else | |
252 | + size_t optsize = sizeof(optbuf); | |
253 | + int ipproto; | |
254 | +#endif | |
255 | struct protoent *ip; | |
256 | int fd = request->fd; | |
257 | unsigned int opt; | |
258 | diff -urN tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c | |
259 | --- tcp_wrappers_7.6.orig/rfc931.c Mon Dec 13 13:58:15 1999 | |
260 | +++ tcp_wrappers_7.6/rfc931.c Mon Dec 13 14:09:18 1999 | |
261 | @@ -33,7 +33,7 @@ | |
262 | ||
263 | int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */ | |
264 | ||
265 | -static jmp_buf timebuf; | |
266 | +static sigjmp_buf timebuf; | |
267 | ||
268 | /* fsocket - open stdio stream on top of socket */ | |
269 | ||
270 | @@ -62,7 +62,7 @@ | |
271 | static void timeout(sig) | |
272 | int sig; | |
273 | { | |
274 | - longjmp(timebuf, sig); | |
275 | + siglongjmp(timebuf, sig); | |
276 | } | |
277 | ||
278 | /* rfc931 - return remote user name, given socket structures */ | |
279 | @@ -133,7 +133,7 @@ | |
280 | * Set up a timer so we won't get stuck while waiting for the server. | |
281 | */ | |
282 | ||
283 | - if (setjmp(timebuf) == 0) { | |
284 | + if (sigsetjmp(timebuf,1) == 0) { | |
285 | signal(SIGALRM, timeout); | |
286 | alarm(rfc931_timeout); | |
287 | ||
288 | diff -urN tcp_wrappers_7.6.orig/safe_finger.c tcp_wrappers_7.6/safe_finger.c | |
289 | --- tcp_wrappers_7.6.orig/safe_finger.c Mon Dec 13 13:58:15 1999 | |
290 | +++ tcp_wrappers_7.6/safe_finger.c Mon Dec 13 14:15:09 1999 | |
291 | @@ -31,14 +31,14 @@ | |
292 | ||
293 | /* Local stuff */ | |
294 | ||
295 | -char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin"; | |
296 | +char path[] = "PATH=/bin:/usr/bin:/sbin:/usr/sbin"; | |
297 | ||
298 | #define TIME_LIMIT 60 /* Do not keep listinging forever */ | |
299 | #define INPUT_LENGTH 100000 /* Do not keep listinging forever */ | |
300 | #define LINE_LENGTH 128 /* Editors can choke on long lines */ | |
301 | #define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */ | |
302 | #define UNPRIV_NAME "nobody" /* Preferred privilege level */ | |
303 | -#define UNPRIV_UGID 32767 /* Default uid and gid */ | |
304 | +#define UNPRIV_UGID 99 /* Default uid and gid */ | |
305 | ||
306 | int finger_pid; | |
307 | ||
308 | @@ -48,6 +48,9 @@ | |
309 | kill(finger_pid, SIGKILL); | |
310 | exit(0); | |
311 | } | |
312 | + | |
313 | +int allow_severity; /* for connection logging */ | |
314 | +int deny_severity; /* for connection logging */ | |
315 | ||
316 | main(argc, argv) | |
317 | int argc; | |
318 | diff -urN tcp_wrappers_7.6.orig/workarounds.c tcp_wrappers_7.6/workarounds.c | |
319 | --- tcp_wrappers_7.6.orig/workarounds.c Mon Dec 13 13:58:15 1999 | |
320 | +++ tcp_wrappers_7.6/workarounds.c Mon Dec 13 14:09:18 1999 | |
321 | @@ -163,7 +163,11 @@ | |
322 | int fix_getpeername(sock, sa, len) | |
323 | int sock; | |
324 | struct sockaddr *sa; | |
325 | +#if !defined(__GLIBC__) | |
326 | int *len; | |
327 | +#else | |
328 | +size_t *len; | |
329 | +#endif | |
330 | { | |
331 | int ret; | |
332 | #ifdef INET6 |