wok-current view libwrap/stuff/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch @ rev 18065
ppp.cgi: use 'vpn' and 'modem' icons.
author | Aleksej Bobylev <al.bobylev@gmail.com> |
---|---|
date | Mon May 18 17:24:41 2015 +0300 (2015-05-18) |
parents | |
children |
line source
1 Submitted By: Tushar Teredesai <tushar@linuxfromscratch.org>
2 Date: 2003-10-04
3 Initial Package Version: 7.6
4 Origin: http://archives.linuxfromscratch.org/mail-archives/blfs-dev/2003-January/001960.html
5 Description: The patch was created from the tcp_wrappers modified package by Mark Heerdink.
6 This patch provides the following improvements:
7 * Install libwrap.so along with libwrap.a.
8 * Create an install target for tcp_wrappers.
9 * Compilation and security fixes.
10 * Documentation fixes.
11 diff -Naur tcp_wrappers_7.6/Makefile tcp_wrappers_7.6.gimli/Makefile
12 --- tcp_wrappers_7.6/Makefile 1997-03-21 12:27:21.000000000 -0600
13 +++ tcp_wrappers_7.6.gimli/Makefile 2002-07-15 16:07:21.000000000 -0500
14 @@ -1,5 +1,10 @@
15 +GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h)
16 +
17 # @(#) Makefile 1.23 97/03/21 19:27:20
19 +# unset the HOSTNAME environment variable
20 +HOSTNAME =
21 +
22 what:
23 @echo
24 @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
25 @@ -19,7 +24,7 @@
26 @echo " generic (most bsd-ish systems with sys5 compatibility)"
27 @echo " 386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543"
28 @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
29 - @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
30 + @echo " linux gnu machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
31 @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
32 @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
33 @echo " uts215 uxp"
34 @@ -43,8 +48,8 @@
35 # Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
36 #REAL_DAEMON_DIR=/usr/etc
37 #
38 -# SysV.4 Solaris 2.x OSF AIX
39 -#REAL_DAEMON_DIR=/usr/sbin
40 +# SysV.4 Solaris 2.x OSF AIX Linux
41 +REAL_DAEMON_DIR=/usr/sbin
42 #
43 # BSD 4.4
44 #REAL_DAEMON_DIR=/usr/libexec
45 @@ -141,10 +146,21 @@
46 LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
47 EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
49 +ifneq ($(GLIBC),0)
50 +MYLIB=-lnsl
51 +endif
52 +
53 linux:
54 @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
55 - LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
56 - NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
57 + LIBS=$(MYLIB) RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
58 + NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= all \
59 + EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_WEAKSYMS -D_REENTRANT"
60 +
61 +gnu:
62 + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
63 + LIBS=$(MYLIB) RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
64 + NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= all \
65 + EXTRA_CFLAGS="-DHAVE_STRERROR -DHAVE_WEAKSYMS -D_REENTRANT"
67 # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
68 hpux hpux8 hpux9 hpux10:
69 @@ -391,7 +407,7 @@
70 # the ones provided with this source distribution. The environ.c module
71 # implements setenv(), getenv(), and putenv().
73 -AUX_OBJ= setenv.o
74 +#AUX_OBJ= setenv.o
75 #AUX_OBJ= environ.o
76 #AUX_OBJ= environ.o strcasecmp.o
78 @@ -454,7 +470,8 @@
79 # host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
80 # around this. The workaround does no harm on other Solaris versions.
82 -BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
83 +BUGS =
84 +#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
85 #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
86 #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
88 @@ -464,7 +481,7 @@
89 # If your system supports NIS or YP-style netgroups, enable the following
90 # macro definition. Netgroups are used only for host access control.
91 #
92 -#NETGROUP= -DNETGROUP
93 +NETGROUP= -DNETGROUP
95 ###############################################################
96 # System dependencies: whether or not your system has vsyslog()
97 @@ -491,7 +508,7 @@
98 # Uncomment the next definition to turn on the language extensions
99 # (examples: allow, deny, banners, twist and spawn).
100 #
101 -#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
102 +STYLE = -DPROCESS_OPTIONS # Enable language extensions.
104 ################################################################
105 # Optional: Changing the default disposition of logfile records
106 @@ -514,7 +531,7 @@
107 #
108 # The LOG_XXX names below are taken from the /usr/include/syslog.h file.
110 -FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
111 +FACILITY= LOG_DAEMON # LOG_MAIL is what most sendmail daemons use
113 # The syslog priority at which successful connections are logged.
115 @@ -610,7 +627,7 @@
116 # Paranoid mode implies hostname lookup. In order to disable hostname
117 # lookups altogether, see the next section.
119 -PARANOID= -DPARANOID
120 +#PARANOID= -DPARANOID
122 ########################################
123 # Optional: turning off hostname lookups
124 @@ -623,7 +640,7 @@
125 # In order to perform selective hostname lookups, disable paranoid
126 # mode (see previous section) and comment out the following definition.
128 -HOSTNAME= -DALWAYS_HOSTNAME
129 +#HOSTNAME= -DALWAYS_HOSTNAME
131 #############################################
132 # Optional: Turning on host ADDRESS checking
133 @@ -649,28 +666,46 @@
134 # source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
135 # Solaris 2.x, and Linux. See your system documentation for details.
136 #
137 -# KILL_OPT= -DKILL_IP_OPTIONS
138 +KILL_OPT= -DKILL_IP_OPTIONS
140 ## End configuration options
141 ############################
143 # Protection against weird shells or weird make programs.
145 +CC = gcc
146 SHELL = /bin/sh
147 -.c.o:; $(CC) $(CFLAGS) -c $*.c
148 +.c.o:; $(CC) $(CFLAGS) -o $*.o -c $*.c
149 +
150 +SOMAJOR = 0
151 +SOMINOR = 7.6
152 +
153 +LIB = libwrap.a
154 +SHLIB = shared/libwrap.so.$(SOMAJOR).$(SOMINOR)
155 +SHLIBSOMAJ= shared/libwrap.so.$(SOMAJOR)
156 +SHLIBSO = shared/libwrap.so
157 +SHLIBFLAGS = -Lshared -lwrap
159 -CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
160 +shared/%.o: %.c
161 + $(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@
162 +
163 +CFLAGS = -O2 -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
164 $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
165 -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
166 -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
167 $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
168 $(VSYSLOG) $(HOSTNAME)
170 +SHLINKFLAGS = -shared -Xlinker -soname -Xlinker libwrap.so.$(SOMAJOR) -lc $(LIBS)
171 +SHCFLAGS = -fPIC -shared -D_REENTRANT
172 +
173 LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
174 hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
175 $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
176 update.o misc.o diag.o percent_m.o myvsyslog.o
178 +SHLIB_OBJ= $(addprefix shared/, $(LIB_OBJ));
179 +
180 FROM_OBJ= fromhost.o
182 KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
183 @@ -684,46 +719,80 @@
184 refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
185 scaffold.h tcpdmatch.8 README.NIS
187 -LIB = libwrap.a
188 -
189 -all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
190 +all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(LIB)
192 # Invalidate all object files when the compiler options (CFLAGS) have changed.
194 config-check:
195 @set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; }
196 - @set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \
197 - if cmp cflags /tmp/cflags.$$$$ ; \
198 - then rm /tmp/cflags.$$$$ ; \
199 - else mv /tmp/cflags.$$$$ cflags ; \
200 + @set +e; echo $(CFLAGS) >cflags.new ; \
201 + if cmp cflags cflags.new ; \
202 + then rm cflags.new ; \
203 + else mv cflags.new cflags ; \
204 fi >/dev/null 2>/dev/null
205 + @if [ ! -d shared ]; then mkdir shared; fi
207 $(LIB): $(LIB_OBJ)
208 rm -f $(LIB)
209 $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
210 -$(RANLIB) $(LIB)
212 -tcpd: tcpd.o $(LIB)
213 - $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
214 +$(SHLIB): $(SHLIB_OBJ)
215 + rm -f $(SHLIB)
216 + $(CC) -o $(SHLIB) $(SHLINKFLAGS) $(SHLIB_OBJ)
217 + ln -s $(notdir $(SHLIB)) $(SHLIBSOMAJ)
218 + ln -s $(notdir $(SHLIBSOMAJ)) $(SHLIBSO)
219 +
220 +tcpd: tcpd.o $(SHLIB)
221 + $(CC) $(CFLAGS) -o $@ tcpd.o $(SHLIBFLAGS)
223 -miscd: miscd.o $(LIB)
224 - $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
225 +miscd: miscd.o $(SHLIB)
226 + $(CC) $(CFLAGS) -o $@ miscd.o $(SHLIBFLAGS)
228 -safe_finger: safe_finger.o $(LIB)
229 - $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
230 +safe_finger: safe_finger.o $(SHLIB)
231 + $(CC) $(CFLAGS) -o $@ safe_finger.o $(SHLIBFLAGS)
233 TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
235 -tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
236 - $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
237 +tcpdmatch: $(TCPDMATCH_OBJ) $(SHLIB)
238 + $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS)
240 -try-from: try-from.o fakelog.o $(LIB)
241 - $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
242 +try-from: try-from.o fakelog.o $(SHLIB)
243 + $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS)
245 TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
247 -tcpdchk: $(TCPDCHK_OBJ) $(LIB)
248 - $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
249 +tcpdchk: $(TCPDCHK_OBJ) $(SHLIB)
250 + $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(SHLIBFLAGS)
251 +
252 +install: install-lib install-bin install-dev
253 +
254 +install-lib:
255 + install -o root -g root -m 0755 $(SHLIB) ${DESTDIR}/usr/lib/
256 + ln -sf $(notdir $(SHLIB)) ${DESTDIR}/usr/lib/$(notdir $(SHLIBSOMAJ))
257 + ln -sf $(notdir $(SHLIBSOMAJ)) ${DESTDIR}/usr/lib/$(notdir $(SHLIBSO))
258 +
259 +install-bin:
260 + install -o root -g root -m 0755 tcpd ${DESTDIR}/usr/sbin/
261 + install -o root -g root -m 0755 tcpdchk ${DESTDIR}/usr/sbin/
262 + install -o root -g root -m 0755 tcpdmatch ${DESTDIR}/usr/sbin/
263 + install -o root -g root -m 0755 try-from ${DESTDIR}/usr/sbin/
264 + install -o root -g root -m 0755 safe_finger ${DESTDIR}/usr/sbin/
265 + install -o root -g root -m 0644 tcpd.8 ${DESTDIR}/usr/share/man/man8/
266 + install -o root -g root -m 0644 tcpdchk.8 ${DESTDIR}/usr/share/man/man8/
267 + install -o root -g root -m 0644 try-from.8 ${DESTDIR}/usr/share/man/man8/
268 + install -o root -g root -m 0644 tcpdmatch.8 ${DESTDIR}/usr/share/man/man8/
269 + install -o root -g root -m 0644 safe_finger.8 ${DESTDIR}/usr/share/man/man8/
270 + install -o root -g root -m 0644 hosts_access.5 ${DESTDIR}/usr/share/man/man5/
271 + install -o root -g root -m 0644 hosts_options.5 ${DESTDIR}/usr/share/man/man5/
272 +
273 +install-dev:
274 + install -o root -g root -m 0644 hosts_access.3 ${DESTDIR}/usr/share/man/man3/
275 + install -o root -g root -m 0644 tcpd.h ${DESTDIR}/usr/include/
276 + install -o root -g root -m 0644 $(LIB) ${DESTDIR}/usr/lib/
277 + ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/hosts_ctl.3
278 + ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/request_init.3
279 + ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/request_set.3
281 shar: $(KIT)
282 @shar $(KIT)
283 @@ -739,7 +808,8 @@
285 clean:
286 rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
287 - cflags
288 + cflags libwrap*.so*
289 + rm -rf shared
291 tidy: clean
292 chmod -R a+r .
293 @@ -885,5 +955,6 @@
294 update.o: mystdarg.h
295 update.o: tcpd.h
296 vfprintf.o: cflags
297 +weak_symbols.o: tcpd.h
298 workarounds.o: cflags
299 workarounds.o: tcpd.h
300 diff -Naur tcp_wrappers_7.6/fix_options.c tcp_wrappers_7.6.gimli/fix_options.c
301 --- tcp_wrappers_7.6/fix_options.c 1997-04-07 19:29:19.000000000 -0500
302 +++ tcp_wrappers_7.6.gimli/fix_options.c 2002-01-07 08:50:19.000000000 -0600
303 @@ -35,7 +35,12 @@
304 #ifdef IP_OPTIONS
305 unsigned char optbuf[BUFFER_SIZE / 3], *cp;
306 char lbuf[BUFFER_SIZE], *lp;
307 +#if !defined(__GLIBC__)
308 int optsize = sizeof(optbuf), ipproto;
309 +#else /* __GLIBC__ */
310 + size_t optsize = sizeof(optbuf);
311 + int ipproto;
312 +#endif /* __GLIBC__ */
313 struct protoent *ip;
314 int fd = request->fd;
315 unsigned int opt;
316 diff -Naur tcp_wrappers_7.6/hosts_access.3 tcp_wrappers_7.6.gimli/hosts_access.3
317 --- tcp_wrappers_7.6/hosts_access.3 1996-02-11 10:01:27.000000000 -0600
318 +++ tcp_wrappers_7.6.gimli/hosts_access.3 2002-01-07 08:50:19.000000000 -0600
319 @@ -3,7 +3,7 @@
320 hosts_access, hosts_ctl, request_init, request_set \- access control library
321 .SH SYNOPSIS
322 .nf
323 -#include "tcpd.h"
324 +#include <tcpd.h>
326 extern int allow_severity;
327 extern int deny_severity;
328 diff -Naur tcp_wrappers_7.6/hosts_access.5 tcp_wrappers_7.6.gimli/hosts_access.5
329 --- tcp_wrappers_7.6/hosts_access.5 1995-01-30 12:51:47.000000000 -0600
330 +++ tcp_wrappers_7.6.gimli/hosts_access.5 2002-01-07 08:50:19.000000000 -0600
331 @@ -8,9 +8,9 @@
332 impatient reader is encouraged to skip to the EXAMPLES section for a
333 quick introduction.
334 .PP
335 -An extended version of the access control language is described in the
336 -\fIhosts_options\fR(5) document. The extensions are turned on at
337 -program build time by building with -DPROCESS_OPTIONS.
338 +The extended version of the access control language is described in the
339 +\fIhosts_options\fR(5) document. \fBNote that this language supersedes
340 +the meaning of \fIshell_command\fB as documented below.\fR
341 .PP
342 In the following text, \fIdaemon\fR is the the process name of a
343 network daemon process, and \fIclient\fR is the name and/or address of
344 @@ -40,7 +40,7 @@
345 character. This permits you to break up long lines so that they are
346 easier to edit.
347 .IP \(bu
348 -Blank lines or lines that begin with a `#\' character are ignored.
349 +Blank lines or lines that begin with a `#' character are ignored.
350 This permits you to insert comments and whitespace so that the tables
351 are easier to read.
352 .IP \(bu
353 @@ -69,26 +69,33 @@
354 .SH PATTERNS
355 The access control language implements the following patterns:
356 .IP \(bu
357 -A string that begins with a `.\' character. A host name is matched if
358 +A string that begins with a `.' character. A host name is matched if
359 the last components of its name match the specified pattern. For
360 -example, the pattern `.tue.nl\' matches the host name
361 -`wzv.win.tue.nl\'.
362 +example, the pattern `.tue.nl' matches the host name
363 +`wzv.win.tue.nl'.
364 .IP \(bu
365 -A string that ends with a `.\' character. A host address is matched if
366 +A string that ends with a `.' character. A host address is matched if
367 its first numeric fields match the given string. For example, the
368 -pattern `131.155.\' matches the address of (almost) every host on the
369 +pattern `131.155.' matches the address of (almost) every host on the
370 Eind\%hoven University network (131.155.x.x).
371 .IP \(bu
372 -A string that begins with an `@\' character is treated as an NIS
373 +A string that begins with an `@' character is treated as an NIS
374 (formerly YP) netgroup name. A host name is matched if it is a host
375 member of the specified netgroup. Netgroup matches are not supported
376 for daemon process names or for client user names.
377 .IP \(bu
378 -An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a
379 -`net/mask\' pair. A host address is matched if `net\' is equal to the
380 -bitwise AND of the address and the `mask\'. For example, the net/mask
381 -pattern `131.155.72.0/255.255.254.0\' matches every address in the
382 -range `131.155.72.0\' through `131.155.73.255\'.
383 +An expression of the form `n.n.n.n/m.m.m.m' is interpreted as a
384 +`net/mask' pair. A host address is matched if `net' is equal to the
385 +bitwise AND of the address and the `mask'. For example, the net/mask
386 +pattern `131.155.72.0/255.255.254.0' matches every address in the
387 +range `131.155.72.0' through `131.155.73.255'.
388 +.IP \(bu
389 +A string that begins with a `/' character is treated as a file
390 +name. A host name or address is matched if it matches any host name
391 +or address pattern listed in the named file. The file format is
392 +zero or more lines with zero or more host name or address patterns
393 +separated by whitespace. A file name pattern can be used anywhere
394 +a host name or address pattern can be used.
395 .SH WILDCARDS
396 The access control language supports explicit wildcards:
397 .IP ALL
398 @@ -115,19 +122,19 @@
399 .ne 6
400 .SH OPERATORS
401 .IP EXCEPT
402 -Intended use is of the form: `list_1 EXCEPT list_2\'; this construct
403 +Intended use is of the form: `list_1 EXCEPT list_2'; this construct
404 matches anything that matches \fIlist_1\fR unless it matches
405 \fIlist_2\fR. The EXCEPT operator can be used in daemon_lists and in
406 client_lists. The EXCEPT operator can be nested: if the control
407 -language would permit the use of parentheses, `a EXCEPT b EXCEPT c\'
408 -would parse as `(a EXCEPT (b EXCEPT c))\'.
409 +language would permit the use of parentheses, `a EXCEPT b EXCEPT c'
410 +would parse as `(a EXCEPT (b EXCEPT c))'.
411 .br
412 .ne 6
413 .SH SHELL COMMANDS
414 If the first-matched access control rule contains a shell command, that
415 command is subjected to %<letter> substitutions (see next section).
416 The result is executed by a \fI/bin/sh\fR child process with standard
417 -input, output and error connected to \fI/dev/null\fR. Specify an `&\'
418 +input, output and error connected to \fI/dev/null\fR. Specify an `&'
419 at the end of the command if you do not want to wait until it has
420 completed.
421 .PP
422 @@ -159,7 +166,7 @@
423 .IP %u
424 The client user name (or "unknown").
425 .IP %%
426 -Expands to a single `%\' character.
427 +Expands to a single `%' character.
428 .PP
429 Characters in % expansions that may confuse the shell are replaced by
430 underscores.
431 @@ -243,9 +250,9 @@
432 less trustworthy. It is possible for an intruder to spoof both the
433 client connection and the IDENT lookup, although doing so is much
434 harder than spoofing just a client connection. It may also be that
435 -the client\'s IDENT server is lying.
436 +the client's IDENT server is lying.
437 .PP
438 -Note: IDENT lookups don\'t work with UDP services.
439 +Note: IDENT lookups don't work with UDP services.
440 .SH EXAMPLES
441 The language is flexible enough that different types of access control
442 policy can be expressed with a minimum of fuss. Although the language
443 @@ -285,7 +292,7 @@
444 .br
445 ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
446 .PP
447 -The first rule permits access from hosts in the local domain (no `.\'
448 +The first rule permits access from hosts in the local domain (no `.'
449 in the host name) and from members of the \fIsome_netgroup\fP
450 netgroup. The second rule permits access from all hosts in the
451 \fIfoobar.edu\fP domain (notice the leading dot), with the exception of
452 @@ -322,8 +329,8 @@
453 /etc/hosts.deny:
454 .in +3
455 .nf
456 -in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\
457 - /usr/ucb/mail -s %d-%h root) &
458 +in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h | \\
459 + /usr/bin/mail -s %d-%h root) &
460 .fi
461 .PP
462 The safe_finger command comes with the tcpd wrapper and should be
463 @@ -349,7 +356,7 @@
464 capacity of an internal buffer; when an access control rule is not
465 terminated by a newline character; when the result of %<letter>
466 expansion would overflow an internal buffer; when a system call fails
467 -that shouldn\'t. All problems are reported via the syslog daemon.
468 +that shouldn't. All problems are reported via the syslog daemon.
469 .SH FILES
470 .na
471 .nf
472 diff -Naur tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.gimli/hosts_access.c
473 --- tcp_wrappers_7.6/hosts_access.c 1997-02-11 19:13:23.000000000 -0600
474 +++ tcp_wrappers_7.6.gimli/hosts_access.c 2002-01-07 08:50:19.000000000 -0600
475 @@ -240,6 +240,26 @@
476 }
477 }
479 +/* hostfile_match - look up host patterns from file */
480 +
481 +static int hostfile_match(path, host)
482 +char *path;
483 +struct hosts_info *host;
484 +{
485 + char tok[BUFSIZ];
486 + int match = NO;
487 + FILE *fp;
488 +
489 + if ((fp = fopen(path, "r")) != 0) {
490 + while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
491 + /* void */ ;
492 + fclose(fp);
493 + } else if (errno != ENOENT) {
494 + tcpd_warn("open %s: %m", path);
495 + }
496 + return (match);
497 +}
498 +
499 /* host_match - match host name and/or address against pattern */
501 static int host_match(tok, host)
502 @@ -267,6 +287,8 @@
503 tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
504 return (NO);
505 #endif
506 + } else if (tok[0] == '/') { /* /file hack */
507 + return (hostfile_match(tok, host));
508 } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
509 char *name = eval_hostname(host);
510 return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
511 diff -Naur tcp_wrappers_7.6/hosts_options.5 tcp_wrappers_7.6.gimli/hosts_options.5
512 --- tcp_wrappers_7.6/hosts_options.5 1994-12-28 10:42:29.000000000 -0600
513 +++ tcp_wrappers_7.6.gimli/hosts_options.5 2002-01-07 08:50:19.000000000 -0600
514 @@ -58,12 +58,12 @@
515 Execute, in a child process, the specified shell command, after
516 performing the %<letter> expansions described in the hosts_access(5)
517 manual page. The command is executed with stdin, stdout and stderr
518 -connected to the null device, so that it won\'t mess up the
519 +connected to the null device, so that it won't mess up the
520 conversation with the client host. Example:
521 .sp
522 .nf
523 .ti +3
524 -spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) &
525 +spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) &
526 .fi
527 .sp
528 executes, in a background child process, the shell command "safe_finger
529 diff -Naur tcp_wrappers_7.6/options.c tcp_wrappers_7.6.gimli/options.c
530 --- tcp_wrappers_7.6/options.c 1996-02-11 10:01:32.000000000 -0600
531 +++ tcp_wrappers_7.6.gimli/options.c 2002-01-07 08:50:19.000000000 -0600
532 @@ -473,6 +473,9 @@
533 #ifdef LOG_CRON
534 "cron", LOG_CRON,
535 #endif
536 +#ifdef LOG_FTP
537 + "ftp", LOG_FTP,
538 +#endif
539 #ifdef LOG_LOCAL0
540 "local0", LOG_LOCAL0,
541 #endif
542 diff -Naur tcp_wrappers_7.6/percent_m.c tcp_wrappers_7.6.gimli/percent_m.c
543 --- tcp_wrappers_7.6/percent_m.c 1994-12-28 10:42:37.000000000 -0600
544 +++ tcp_wrappers_7.6.gimli/percent_m.c 2002-01-07 08:50:19.000000000 -0600
545 @@ -13,7 +13,7 @@
546 #include <string.h>
548 extern int errno;
549 -#ifndef SYS_ERRLIST_DEFINED
550 +#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
551 extern char *sys_errlist[];
552 extern int sys_nerr;
553 #endif
554 @@ -29,11 +29,15 @@
556 while (*bp = *cp)
557 if (*cp == '%' && cp[1] == 'm') {
558 +#ifdef HAVE_STRERROR
559 + strcpy(bp, strerror(errno));
560 +#else
561 if (errno < sys_nerr && errno > 0) {
562 strcpy(bp, sys_errlist[errno]);
563 } else {
564 sprintf(bp, "Unknown error %d", errno);
565 }
566 +#endif
567 bp += strlen(bp);
568 cp += 2;
569 } else {
570 diff -Naur tcp_wrappers_7.6/rfc931.c tcp_wrappers_7.6.gimli/rfc931.c
571 --- tcp_wrappers_7.6/rfc931.c 1995-01-02 09:11:34.000000000 -0600
572 +++ tcp_wrappers_7.6.gimli/rfc931.c 2002-01-07 08:50:19.000000000 -0600
573 @@ -33,7 +33,7 @@
575 int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */
577 -static jmp_buf timebuf;
578 +static sigjmp_buf timebuf;
580 /* fsocket - open stdio stream on top of socket */
582 @@ -62,7 +62,7 @@
583 static void timeout(sig)
584 int sig;
585 {
586 - longjmp(timebuf, sig);
587 + siglongjmp(timebuf, sig);
588 }
590 /* rfc931 - return remote user name, given socket structures */
591 @@ -99,7 +99,7 @@
592 * Set up a timer so we won't get stuck while waiting for the server.
593 */
595 - if (setjmp(timebuf) == 0) {
596 + if (sigsetjmp(timebuf,1) == 0) {
597 signal(SIGALRM, timeout);
598 alarm(rfc931_timeout);
600 diff -Naur tcp_wrappers_7.6/safe_finger.8 tcp_wrappers_7.6.gimli/safe_finger.8
601 --- tcp_wrappers_7.6/safe_finger.8 1969-12-31 18:00:00.000000000 -0600
602 +++ tcp_wrappers_7.6.gimli/safe_finger.8 2002-01-07 08:50:19.000000000 -0600
603 @@ -0,0 +1,34 @@
604 +.TH SAFE_FINGER 8 "21th June 1997" Linux "Linux Programmer's Manual"
605 +.SH NAME
606 +safe_finger \- finger client wrapper that protects against nasty stuff
607 +from finger servers
608 +.SH SYNOPSIS
609 +.B safe_finger [finger_options]
610 +.SH DESCRIPTION
611 +The
612 +.B safe_finger
613 +command protects against nasty stuff from finger servers. Use this
614 +program for automatic reverse finger probes from the
615 +.B tcp_wrapper
616 +.B (tcpd)
617 +, not the raw finger command. The
618 +.B safe_finger
619 +command makes sure that the finger client is not run with root
620 +privileges. It also runs the finger client with a defined PATH
621 +environment.
622 +.B safe_finger
623 +will also protect you from problems caused by the output of some
624 +finger servers. The problem: some programs may react to stuff in
625 +the first column. Other programs may get upset by thrash anywhere
626 +on a line. File systems may fill up as the finger server keeps
627 +sending data. Text editors may bomb out on extremely long lines.
628 +The finger server may take forever because it is somehow wedged.
629 +.B safe_finger
630 +takes care of all this badness.
631 +.SH SEE ALSO
632 +.BR hosts_access (5),
633 +.BR hosts_options (5),
634 +.BR tcpd (8)
635 +.SH AUTHOR
636 +Wietse Venema, Eindhoven University of Technology, The Netherlands.
637 +
638 diff -Naur tcp_wrappers_7.6/safe_finger.c tcp_wrappers_7.6.gimli/safe_finger.c
639 --- tcp_wrappers_7.6/safe_finger.c 1994-12-28 10:42:42.000000000 -0600
640 +++ tcp_wrappers_7.6.gimli/safe_finger.c 2002-01-07 08:50:19.000000000 -0600
641 @@ -26,21 +26,24 @@
642 #include <stdio.h>
643 #include <ctype.h>
644 #include <pwd.h>
645 +#include <syslog.h>
647 extern void exit();
649 /* Local stuff */
651 -char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
652 +char path[] = "PATH=/bin:/usr/bin:/sbin:/usr/sbin";
654 #define TIME_LIMIT 60 /* Do not keep listinging forever */
655 #define INPUT_LENGTH 100000 /* Do not keep listinging forever */
656 #define LINE_LENGTH 128 /* Editors can choke on long lines */
657 #define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */
658 #define UNPRIV_NAME "nobody" /* Preferred privilege level */
659 -#define UNPRIV_UGID 32767 /* Default uid and gid */
660 +#define UNPRIV_UGID 65534 /* Default uid and gid */
662 int finger_pid;
663 +int allow_severity = SEVERITY;
664 +int deny_severity = LOG_WARNING;
666 void cleanup(sig)
667 int sig;
668 diff -Naur tcp_wrappers_7.6/scaffold.c tcp_wrappers_7.6.gimli/scaffold.c
669 --- tcp_wrappers_7.6/scaffold.c 1997-03-21 12:27:24.000000000 -0600
670 +++ tcp_wrappers_7.6.gimli/scaffold.c 2002-01-07 08:50:19.000000000 -0600
671 @@ -180,10 +180,12 @@
673 /* ARGSUSED */
675 -void rfc931(request)
676 -struct request_info *request;
677 +void rfc931(rmt_sin, our_sin, dest)
678 +struct sockaddr_in *rmt_sin;
679 +struct sockaddr_in *our_sin;
680 +char *dest;
681 {
682 - strcpy(request->user, unknown);
683 + strcpy(dest, unknown);
684 }
686 /* check_path - examine accessibility */
687 diff -Naur tcp_wrappers_7.6/socket.c tcp_wrappers_7.6.gimli/socket.c
688 --- tcp_wrappers_7.6/socket.c 1997-03-21 12:27:25.000000000 -0600
689 +++ tcp_wrappers_7.6.gimli/socket.c 2002-01-07 08:50:19.000000000 -0600
690 @@ -76,7 +76,11 @@
691 {
692 static struct sockaddr_in client;
693 static struct sockaddr_in server;
694 +#if !defined (__GLIBC__)
695 int len;
696 +#else /* __GLIBC__ */
697 + size_t len;
698 +#endif /* __GLIBC__ */
699 char buf[BUFSIZ];
700 int fd = request->fd;
702 @@ -224,7 +228,11 @@
703 {
704 char buf[BUFSIZ];
705 struct sockaddr_in sin;
706 +#if !defined(__GLIBC__)
707 int size = sizeof(sin);
708 +#else /* __GLIBC__ */
709 + size_t size = sizeof(sin);
710 +#endif /* __GLIBC__ */
712 /*
713 * Eat up the not-yet received datagram. Some systems insist on a
714 diff -Naur tcp_wrappers_7.6/tcpd.8 tcp_wrappers_7.6.gimli/tcpd.8
715 --- tcp_wrappers_7.6/tcpd.8 1996-02-21 09:39:16.000000000 -0600
716 +++ tcp_wrappers_7.6.gimli/tcpd.8 2002-01-07 08:50:19.000000000 -0600
717 @@ -94,7 +94,7 @@
718 .PP
719 The example assumes that the network daemons live in /usr/etc. On some
720 systems, network daemons live in /usr/sbin or in /usr/libexec, or have
721 -no `in.\' prefix to their name.
722 +no `in.' prefix to their name.
723 .SH EXAMPLE 2
724 This example applies when \fItcpd\fR expects that the network daemons
725 are left in their original place.
726 @@ -110,26 +110,26 @@
727 becomes:
728 .sp
729 .ti +5
730 -finger stream tcp nowait nobody /some/where/tcpd in.fingerd
731 +finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
732 .sp
733 .fi
734 .PP
735 The example assumes that the network daemons live in /usr/etc. On some
736 systems, network daemons live in /usr/sbin or in /usr/libexec, the
737 -daemons have no `in.\' prefix to their name, or there is no userid
738 +daemons have no `in.' prefix to their name, or there is no userid
739 field in the inetd configuration file.
740 .PP
741 Similar changes will be needed for the other services that are to be
742 -covered by \fItcpd\fR. Send a `kill -HUP\' to the \fIinetd\fR(8)
743 +covered by \fItcpd\fR. Send a `kill -HUP' to the \fIinetd\fR(8)
744 process to make the changes effective. AIX users may also have to
745 -execute the `inetimp\' command.
746 +execute the `inetimp' command.
747 .SH EXAMPLE 3
748 In the case of daemons that do not live in a common directory ("secret"
749 or otherwise), edit the \fIinetd\fR configuration file so that it
750 specifies an absolute path name for the process name field. For example:
751 .nf
752 .sp
753 - ntalk dgram udp wait root /some/where/tcpd /usr/local/lib/ntalkd
754 + ntalk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.ntalkd
755 .sp
756 .fi
757 .PP
758 diff -Naur tcp_wrappers_7.6/tcpd.h tcp_wrappers_7.6.gimli/tcpd.h
759 --- tcp_wrappers_7.6/tcpd.h 1996-03-19 09:22:25.000000000 -0600
760 +++ tcp_wrappers_7.6.gimli/tcpd.h 2002-01-07 08:50:19.000000000 -0600
761 @@ -4,6 +4,25 @@
762 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
763 */
765 +#ifndef _TCPWRAPPERS_TCPD_H
766 +#define _TCPWRAPPERS_TCPD_H
767 +
768 +/* someone else may have defined this */
769 +#undef __P
770 +
771 +/* use prototypes if we have an ANSI C compiler or are using C++ */
772 +#if defined(__STDC__) || defined(__cplusplus)
773 +#define __P(args) args
774 +#else
775 +#define __P(args) ()
776 +#endif
777 +
778 +/* Need definitions of struct sockaddr_in and FILE. */
779 +#include <netinet/in.h>
780 +#include <stdio.h>
781 +
782 +__BEGIN_DECLS
783 +
784 /* Structure to describe one communications endpoint. */
786 #define STRING_LENGTH 128 /* hosts, users, processes */
787 @@ -25,10 +44,10 @@
788 char pid[10]; /* access via eval_pid(request) */
789 struct host_info client[1]; /* client endpoint info */
790 struct host_info server[1]; /* server endpoint info */
791 - void (*sink) (); /* datagram sink function or 0 */
792 - void (*hostname) (); /* address to printable hostname */
793 - void (*hostaddr) (); /* address to printable address */
794 - void (*cleanup) (); /* cleanup function or 0 */
795 + void (*sink) __P((int)); /* datagram sink function or 0 */
796 + void (*hostname) __P((struct host_info *)); /* address to printable hostname */
797 + void (*hostaddr) __P((struct host_info *)); /* address to printable address */
798 + void (*cleanup) __P((struct request_info *)); /* cleanup function or 0 */
799 struct netconfig *config; /* netdir handle */
800 };
802 @@ -61,25 +80,30 @@
803 /* Global functions. */
805 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
806 -extern void fromhost(); /* get/validate client host info */
807 +extern void fromhost __P((struct request_info *)); /* get/validate client host info */
808 #else
809 #define fromhost sock_host /* no TLI support needed */
810 #endif
812 -extern int hosts_access(); /* access control */
813 -extern void shell_cmd(); /* execute shell command */
814 -extern char *percent_x(); /* do %<char> expansion */
815 -extern void rfc931(); /* client name from RFC 931 daemon */
816 -extern void clean_exit(); /* clean up and exit */
817 -extern void refuse(); /* clean up and exit */
818 -extern char *xgets(); /* fgets() on steroids */
819 -extern char *split_at(); /* strchr() and split */
820 -extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
821 +extern void shell_cmd __P((char *)); /* execute shell command */
822 +extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
823 +extern void rfc931 __P((struct sockaddr_in *, struct sockaddr_in *, char *)); /* client name from RFC 931 daemon */
824 +extern void clean_exit __P((struct request_info *)); /* clean up and exit */
825 +extern void refuse __P((struct request_info *)); /* clean up and exit */
826 +extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
827 +extern char *split_at __P((char *, int)); /* strchr() and split */
828 +extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
830 /* Global variables. */
832 +#ifdef HAVE_WEAKSYMS
833 +extern int allow_severity __attribute__ ((weak)); /* for connection logging */
834 +extern int deny_severity __attribute__ ((weak)); /* for connection logging */
835 +#else
836 extern int allow_severity; /* for connection logging */
837 extern int deny_severity; /* for connection logging */
838 +#endif
839 +
840 extern char *hosts_allow_table; /* for verification mode redirection */
841 extern char *hosts_deny_table; /* for verification mode redirection */
842 extern int hosts_access_verbose; /* for verbose matching mode */
843 @@ -92,9 +116,14 @@
844 */
846 #ifdef __STDC__
847 +extern int hosts_access(struct request_info *request);
848 +extern int hosts_ctl(char *daemon, char *client_name, char *client_addr,
849 + char *client_user);
850 extern struct request_info *request_init(struct request_info *,...);
851 extern struct request_info *request_set(struct request_info *,...);
852 #else
853 +extern int hosts_access();
854 +extern int hosts_ctl();
855 extern struct request_info *request_init(); /* initialize request */
856 extern struct request_info *request_set(); /* update request structure */
857 #endif
858 @@ -117,27 +146,31 @@
859 * host_info structures serve as caches for the lookup results.
860 */
862 -extern char *eval_user(); /* client user */
863 -extern char *eval_hostname(); /* printable hostname */
864 -extern char *eval_hostaddr(); /* printable host address */
865 -extern char *eval_hostinfo(); /* host name or address */
866 -extern char *eval_client(); /* whatever is available */
867 -extern char *eval_server(); /* whatever is available */
868 +extern char *eval_user __P((struct request_info *)); /* client user */
869 +extern char *eval_hostname __P((struct host_info *)); /* printable hostname */
870 +extern char *eval_hostaddr __P((struct host_info *)); /* printable host address */
871 +extern char *eval_hostinfo __P((struct host_info *)); /* host name or address */
872 +extern char *eval_client __P((struct request_info *)); /* whatever is available */
873 +extern char *eval_server __P((struct request_info *)); /* whatever is available */
874 #define eval_daemon(r) ((r)->daemon) /* daemon process name */
875 #define eval_pid(r) ((r)->pid) /* process id */
877 /* Socket-specific methods, including DNS hostname lookups. */
879 -extern void sock_host(); /* look up endpoint addresses */
880 -extern void sock_hostname(); /* translate address to hostname */
881 -extern void sock_hostaddr(); /* address to printable address */
882 +/* look up endpoint addresses */
883 +extern void sock_host __P((struct request_info *));
884 +/* translate address to hostname */
885 +extern void sock_hostname __P((struct host_info *));
886 +/* address to printable address */
887 +extern void sock_hostaddr __P((struct host_info *));
888 +
889 #define sock_methods(r) \
890 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
892 /* The System V Transport-Level Interface (TLI) interface. */
894 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
895 -extern void tli_host(); /* look up endpoint addresses etc. */
896 +extern void tli_host __P((struct request_info *)); /* look up endpoint addresses etc. */
897 #endif
899 /*
900 @@ -178,7 +211,7 @@
901 * behavior.
902 */
904 -extern void process_options(); /* execute options */
905 +extern void process_options __P((char *, struct request_info *)); /* execute options */
906 extern int dry_run; /* verification flag */
908 /* Bug workarounds. */
909 @@ -217,3 +250,7 @@
910 #define strtok my_strtok
911 extern char *my_strtok();
912 #endif
913 +
914 +__END_DECLS
915 +
916 +#endif /* tcpd.h */
917 diff -Naur tcp_wrappers_7.6/tcpdchk.c tcp_wrappers_7.6.gimli/tcpdchk.c
918 --- tcp_wrappers_7.6/tcpdchk.c 1997-02-11 19:13:25.000000000 -0600
919 +++ tcp_wrappers_7.6.gimli/tcpdchk.c 2002-01-07 08:50:19.000000000 -0600
920 @@ -350,6 +350,8 @@
921 {
922 if (pat[0] == '@') {
923 tcpd_warn("%s: daemon name begins with \"@\"", pat);
924 + } else if (pat[0] == '/') {
925 + tcpd_warn("%s: daemon name begins with \"/\"", pat);
926 } else if (pat[0] == '.') {
927 tcpd_warn("%s: daemon name begins with dot", pat);
928 } else if (pat[strlen(pat) - 1] == '.') {
929 @@ -382,6 +384,8 @@
930 {
931 if (pat[0] == '@') { /* @netgroup */
932 tcpd_warn("%s: user name begins with \"@\"", pat);
933 + } else if (pat[0] == '/') {
934 + tcpd_warn("%s: user name begins with \"/\"", pat);
935 } else if (pat[0] == '.') {
936 tcpd_warn("%s: user name begins with dot", pat);
937 } else if (pat[strlen(pat) - 1] == '.') {
938 @@ -402,8 +406,13 @@
939 static int check_host(pat)
940 char *pat;
941 {
942 + char buf[BUFSIZ];
943 char *mask;
944 int addr_count = 1;
945 + FILE *fp;
946 + struct tcpd_context saved_context;
947 + char *cp;
948 + char *wsp = " \t\r\n";
950 if (pat[0] == '@') { /* @netgroup */
951 #ifdef NO_NETGRENT
952 @@ -422,6 +431,21 @@
953 tcpd_warn("netgroup support disabled");
954 #endif
955 #endif
956 + } else if (pat[0] == '/') { /* /path/name */
957 + if ((fp = fopen(pat, "r")) != 0) {
958 + saved_context = tcpd_context;
959 + tcpd_context.file = pat;
960 + tcpd_context.line = 0;
961 + while (fgets(buf, sizeof(buf), fp)) {
962 + tcpd_context.line++;
963 + for (cp = strtok(buf, wsp); cp; cp = strtok((char *) 0, wsp))
964 + check_host(cp);
965 + }
966 + tcpd_context = saved_context;
967 + fclose(fp);
968 + } else if (errno != ENOENT) {
969 + tcpd_warn("open %s: %m", pat);
970 + }
971 } else if (mask = split_at(pat, '/')) { /* network/netmask */
972 if (dot_quad_addr(pat) == INADDR_NONE
973 || dot_quad_addr(mask) == INADDR_NONE)
974 diff -Naur tcp_wrappers_7.6/try-from.8 tcp_wrappers_7.6.gimli/try-from.8
975 --- tcp_wrappers_7.6/try-from.8 1969-12-31 18:00:00.000000000 -0600
976 +++ tcp_wrappers_7.6.gimli/try-from.8 2002-01-07 08:50:19.000000000 -0600
977 @@ -0,0 +1,28 @@
978 +.TH TRY-FROM 8 "21th June 1997" Linux "Linux Programmer's Manual"
979 +.SH NAME
980 +try-from \- test program for the tcp_wrapper
981 +.SH SYNOPSIS
982 +.B try-from
983 +.SH DESCRIPTION
984 +The
985 +.B try-from
986 +command can be called via a remote shell command to find out
987 +if the hostname and address are properly recognized
988 +by the
989 +.B tcp_wrapper
990 +library, if username lookup works, and (SysV only) if the TLI
991 +on top of IP heuristics work. Diagnostics are reported through
992 +.BR syslog (3)
993 +and redirected to stderr.
994 +
995 +Example:
996 +
997 +rsh host /some/where/try-from
998 +
999 +.SH SEE ALSO
1000 +.BR hosts_access (5),
1001 +.BR hosts_options (5),
1002 +.BR tcpd (8)
1003 +.SH AUTHOR
1004 +Wietse Venema, Eindhoven University of Technology, The Netherlands.
1005 +
1006 diff -Naur tcp_wrappers_7.6/weak_symbols.c tcp_wrappers_7.6.gimli/weak_symbols.c
1007 --- tcp_wrappers_7.6/weak_symbols.c 1969-12-31 18:00:00.000000000 -0600
1008 +++ tcp_wrappers_7.6.gimli/weak_symbols.c 2002-01-07 08:50:19.000000000 -0600
1009 @@ -0,0 +1,11 @@
1010 + /*
1011 + * @(#) weak_symbols.h 1.5 99/12/29 23:50
1012 + *
1013 + * Author: Anthony Towns <ajt@debian.org>
1014 + */
1015 +
1016 +#ifdef HAVE_WEAKSYMS
1017 +#include <syslog.h>
1018 +int deny_severity = LOG_WARNING;
1019 +int allow_severity = SEVERITY;
1020 +#endif
1021 diff -Naur tcp_wrappers_7.6/workarounds.c tcp_wrappers_7.6.gimli/workarounds.c
1022 --- tcp_wrappers_7.6/workarounds.c 1996-03-19 09:22:26.000000000 -0600
1023 +++ tcp_wrappers_7.6.gimli/workarounds.c 2002-01-07 08:50:19.000000000 -0600
1024 @@ -163,7 +163,11 @@
1025 int fix_getpeername(sock, sa, len)
1026 int sock;
1027 struct sockaddr *sa;
1028 +#if !defined(__GLIBC__)
1029 int *len;
1030 +#else /* __GLIBC__ */
1031 +size_t *len;
1032 +#endif /* __GLIBC__ */
1033 {
1034 int ret;
1035 struct sockaddr_in *sin = (struct sockaddr_in *) sa;