--- Makefile.orig +++ Makefile @@ -44,7 +44,7 @@ what: #REAL_DAEMON_DIR=/usr/etc # # SysV.4 Solaris 2.x OSF AIX -#REAL_DAEMON_DIR=/usr/sbin +REAL_DAEMON_DIR=/usr/sbin # # BSD 4.4 #REAL_DAEMON_DIR=/usr/libexec @@ -143,8 +143,9 @@ freebsd: linux: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ - LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ - NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ + NETGROUP=-DNETGROUP TLI= \ + EXTRA_CFLAGS="-fPIC -DSYS_ERRLIST_DEFINED -DINET6=1 -Dss_family=__ss_family" all # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. hpux hpux8 hpux9 hpux10: @@ -229,7 +230,7 @@ tandem: # Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com) uts215: - @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS="-lsocket" RANLIB=echo \ ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all @@ -472,7 +473,7 @@ BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS # If your system supports vsyslog(), comment out the following definition. # If in doubt leave it in, it won't harm. -VSYSLOG = -Dvsyslog=myvsyslog +#VSYSLOG = -Dvsyslog=myvsyslog # End of the system dependencies. ################################# @@ -491,7 +492,7 @@ VSYSLOG = -Dvsyslog=myvsyslog # Uncomment the next definition to turn on the language extensions # (examples: allow, deny, banners, twist and spawn). # -#STYLE = -DPROCESS_OPTIONS # Enable language extensions. +STYLE = -DPROCESS_OPTIONS # Enable language extensions. ################################################################ # Optional: Changing the default disposition of logfile records @@ -514,7 +515,7 @@ VSYSLOG = -Dvsyslog=myvsyslog # # The LOG_XXX names below are taken from the /usr/include/syslog.h file. -FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use +FACILITY= LOG_AUTHPRIV # LOG_MAIL is what most sendmail daemons use # The syslog priority at which successful connections are logged. @@ -531,7 +532,7 @@ SEVERITY= LOG_INFO # LOG_INFO is normall # and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken # from /etc/hosts or from NIS maps. It does work with DNS through NIS. # -# DOT= -DAPPEND_DOT +DOT= -DAPPEND_DOT ################################################## # Optional: Always attempt remote username lookups @@ -610,7 +611,7 @@ TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\ # Paranoid mode implies hostname lookup. In order to disable hostname # lookups altogether, see the next section. -PARANOID= -DPARANOID +#PARANOID= -DPARANOID ######################################## # Optional: turning off hostname lookups @@ -649,7 +650,7 @@ HOSTNAME= -DALWAYS_HOSTNAME # source-routed traffic in the kernel. Examples: 4.4BSD derivatives, # Solaris 2.x, and Linux. See your system documentation for details. # -# KILL_OPT= -DKILL_IP_OPTIONS +#KILL_OPT= -DKILL_IP_OPTIONS ## End configuration options ############################ @@ -659,12 +660,12 @@ HOSTNAME= -DALWAYS_HOSTNAME SHELL = /bin/sh .c.o:; $(CC) $(CFLAGS) -c $*.c -CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ +CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \ -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \ -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \ - $(VSYSLOG) $(HOSTNAME) + $(VSYSLOG) LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \ hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \ --- /dev/null +++ README.ipv6 @@ -0,0 +1,17 @@ +;; IPv6 patch for tcp_wrappers_7.6 1.6 +;; Aug 23, 1999 by Hajimu UMEMOTO +;; +;; This patch supports IPv4/IPv6 dual stack and IPv4-mapped IPv6 address. +;; You can replace stock tcpd or libwrap.a with this. +;; IPv6 address pattern is as a `[net]/prefixlen' pair. +;; This patch was tested on KAME/FreeBSD, KAME/FreeBSD3, KAME/NetBSD, +;; RedHat 5.1 with kernel 2.1.126, and RedHat 6.0 with kernel 2.2.10. +;; +;; CAUTION: +;; Back out change for field separater. Now, field separater is `:' +;; not `|'. To specify IPv6 address, enclose IPv6 address with `[' +;; and `]'. +;; +;; For Linux users: +;; If your libc doesn't have sockaddr_storage, try target `linux-old'. + --- hosts_access.c.orig +++ hosts_access.c @@ -33,6 +33,7 @@ static char sccsid[] = "@(#) hosts_acces #include #include #include +#include extern char *fgets(); extern int errno; @@ -89,6 +90,33 @@ static int masked_match(); /* hosts_access - host access control facility */ +int +yp_get_default_domain (char **outdomain) +{ + static char __ypdomainname[1025] = "\0"; + int result = YPERR_SUCCESS;; + *outdomain = NULL; + + if (__ypdomainname[0] == '\0') + { + if (getdomainname (__ypdomainname, 1024)) + result = YPERR_NODOM; + else if (strcmp (__ypdomainname, "(none)") == 0) + { + /* If domainname is not set, some Systems will return "(none)" */ + __ypdomainname[0] = '\0'; + result = YPERR_NODOM; + } + else + *outdomain = __ypdomainname; + } + else + *outdomain = __ypdomainname; + + return result; +} + + int hosts_access(request) struct request_info *request; { --- safe_finger.c.orig +++ safe_finger.c @@ -31,7 +31,7 @@ extern void exit(); /* Local stuff */ -char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin"; +char path[] = "PATH=/bin:/usr/bin:/usr/sbin"; #define TIME_LIMIT 60 /* Do not keep listinging forever */ #define INPUT_LENGTH 100000 /* Do not keep listinging forever */ --- scaffold.c.orig +++ scaffold.c @@ -180,10 +180,17 @@ struct request_info *request; /* ARGSUSED */ -void rfc931(request) -struct request_info *request; +void rfc931(rmt_sin, our_sin, dest) +#ifndef INET6 +struct sockaddr_in *rmt_sin; +struct sockaddr_in *our_sin; +#else +struct sockaddr *rmt_sin; +struct sockaddr *our_sin; +#endif +char *dest; { - strcpy(request->user, unknown); + strcpy(dest, unknown); } /* check_path - examine accessibility */ --- tcpd.h.orig +++ tcpd.h @@ -4,6 +4,12 @@ * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. */ +#ifdef __STDC__ +#include +#include +#include +#endif + /* Structure to describe one communications endpoint. */ #define STRING_LENGTH 128 /* hosts, users, processes */ @@ -61,11 +67,26 @@ extern char paranoid[]; /* Global functions. */ #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) +#ifdef __STDC__ +extern void fromhost(struct request_info *); +#else extern void fromhost(); /* get/validate client host info */ +#endif #else #define fromhost sock_host /* no TLI support needed */ #endif +#ifdef __STDC__ +extern int hosts_access(struct request_info *); +extern void shell_cmd(char *); +extern char *percent_x(char *, int, char *, struct request_info *); +extern void rfc931(struct sockaddr *, struct sockaddr *, char *); +extern void clean_exit(struct request_info *); +extern void refuse(struct request_info *); +extern char *xgets(char *, int, FILE *); +extern char *split_at(char *, int); +extern unsigned long dot_quad_addr(char *); +#else extern int hosts_access(); /* access control */ extern void shell_cmd(); /* execute shell command */ extern char *percent_x(); /* do % expansion */ @@ -75,6 +96,7 @@ extern void refuse(); /* clean up and extern char *xgets(); /* fgets() on steroids */ extern char *split_at(); /* strchr() and split */ extern unsigned long dot_quad_addr(); /* restricted inet_addr() */ +#endif /* Global variables. */ @@ -117,28 +139,47 @@ extern struct request_info *request_set( * host_info structures serve as caches for the lookup results. */ +#ifdef __STDC__ +extern char *eval_user(struct request_info *); +extern char *eval_hostname(struct host_info *); +extern char *eval_hostaddr(struct host_info *); +extern char *eval_hostinfo(struct host_info *); +extern char *eval_client(struct request_info *); +extern char *eval_server(struct request_info *); +#else extern char *eval_user(); /* client user */ extern char *eval_hostname(); /* printable hostname */ extern char *eval_hostaddr(); /* printable host address */ extern char *eval_hostinfo(); /* host name or address */ extern char *eval_client(); /* whatever is available */ extern char *eval_server(); /* whatever is available */ +#endif #define eval_daemon(r) ((r)->daemon) /* daemon process name */ #define eval_pid(r) ((r)->pid) /* process id */ /* Socket-specific methods, including DNS hostname lookups. */ +#ifdef __STDC__ +extern void sock_host(struct request_info *); +extern void sock_hostname(struct host_info *); +extern void sock_hostaddr(struct host_info *); +#else extern void sock_host(); /* look up endpoint addresses */ extern void sock_hostname(); /* translate address to hostname */ extern void sock_hostaddr(); /* address to printable address */ +#endif #define sock_methods(r) \ { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } /* The System V Transport-Level Interface (TLI) interface. */ #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) +#ifdef __STDC__ +extern void tli_host(struct request_info *); +#else extern void tli_host(); /* look up endpoint addresses etc. */ #endif +#endif /* * Problem reporting interface. Additional file/line context is reported @@ -178,42 +219,74 @@ extern struct tcpd_context tcpd_context; * behavior. */ +#ifdef __STDC__ +extern void process_options(char *, struct request_info *); +#else extern void process_options(); /* execute options */ +#endif extern int dry_run; /* verification flag */ /* Bug workarounds. */ #ifdef INET_ADDR_BUG /* inet_addr() returns struct */ #define inet_addr fix_inet_addr +#ifdef __STDC__ +extern long fix_inet_addr(char *); +#else extern long fix_inet_addr(); #endif +#endif #ifdef BROKEN_FGETS /* partial reads from sockets */ #define fgets fix_fgets +#ifdef __STDC__ +extern char *fix_fgets(char *, int, FILE *); +#else extern char *fix_fgets(); #endif +#endif #ifdef RECVFROM_BUG /* no address family info */ #define recvfrom fix_recvfrom +#ifdef __STDC__ +extern int fix_recvfrom(int, char *, int, int, struct sockaddr *, int *); +#else extern int fix_recvfrom(); #endif +#endif #ifdef GETPEERNAME_BUG /* claims success with UDP */ #define getpeername fix_getpeername +#ifdef __STDC__ +extern int fix_getpeername(int, struct sockaddr *, int *); +#else extern int fix_getpeername(); #endif +#endif #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ #define gethostbyname fix_gethostbyname +#ifdef __STDC__ +extern struct hostent *fix_gethostbyname(char *); +#else extern struct hostent *fix_gethostbyname(); #endif +#endif #ifdef USE_STRSEP /* libc calls strtok() */ #define strtok fix_strtok +#ifdef __STDC__ +extern char *fix_strtok(char *, char *); +#else extern char *fix_strtok(); #endif +#endif #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ #define strtok my_strtok +#ifdef __STDC__ +extern char *my_strtok(char *, char *); +#else extern char *my_strtok(); #endif +#endif