rpm/tcpd
SHA256
1
0
Fork 0
forked from pool/tcpd
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tcpd?expand=0&rev=4

Browse Source
This commit is contained in:
OBS User unknown 2008-10-13 16:39:38 +00:00 committed by Git OBS Bridge
parent b5d8ec1b79
commit 06278882d5
23 changed files with 2146 additions and 366 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
tcp_wrappers_7.6-fedora-bug11881.diff Normal file
View File

@ -0,0 +1,35 @@
--- eval.c
+++ eval.c
@@ -111,7 +111,7 @@
return (hostinfo);
#endif
if (STR_NE(eval_user(request), unknown)) {
- sprintf(both, "%s@%s", request->user, hostinfo);
+ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo);
return (both);
} else {
return (hostinfo);
@@ -128,7 +128,7 @@
char *daemon = eval_daemon(request);
if (STR_NE(host, unknown)) {
- sprintf(both, "%s@%s", daemon, host);
+ snprintf(both, sizeof(both), "%s@%s", daemon, host);
return (both);
} else {
return (daemon);
--- tcpd.c
+++ tcpd.c
@@ -61,10 +61,10 @@
*/
if (argv[0][0] == '/') {
- strcpy(path, argv[0]);
+ strncpy(path, argv[0], sizeof(path));
argv[0] = strrchr(argv[0], '/') + 1;
} else {
- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
+ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]);
}
/*

20
tcp_wrappers_7.6-fedora-bug141110.diff Normal file
View File

@ -0,0 +1,20 @@
--- hosts_access.c
+++ hosts_access.c
@@ -146,7 +146,7 @@
verdict = setjmp(tcpd_buf);
if (verdict != 0)
return (verdict == AC_PERMIT);
- if (table_match(hosts_allow_table, request))
+ if (table_match(hosts_allow_table, request) == YES)
return (YES);
if (table_match(hosts_deny_table, request))
return (NO);
@@ -195,7 +195,7 @@
} else if (errno != ENOENT) {
tcpd_warn("cannot open %s: %m", table);
}
- if (match) {
+ if (match == YES) {
if (hosts_access_verbose > 1)
syslog(LOG_DEBUG, "matched: %s line %d",
tcpd_context.file, tcpd_context.line);

54
tcp_wrappers_7.6-fedora-bug17795.diff Normal file
View File

@ -0,0 +1,54 @@
--- hosts_access.5
+++ hosts_access.5
@@ -90,6 +90,13 @@
pattern `131.155.72.0/255.255.254.0\' matches every address in the
range `131.155.72.0\' through `131.155.73.255\'.
.IP \(bu
+A string that begins with a `/\' character is treated as a file
+name. A host name or address is matched if it matches any host name
+or address pattern listed in the named file. The file format is
+zero or more lines with zero or more host name or address patterns
+separated by whitespace. A file name pattern can be used anywhere
+a host name or address pattern can be used.
+.IP \(bu
An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a
`[net]/prefixlen\' pair. A IPv6 host address is matched if
`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
--- hosts_access.c
+++ hosts_access.c
@@ -273,6 +273,26 @@
}
}
+/* hostfile_match - look up host patterns from file */
+
+static int hostfile_match(path, host)
+char *path;
+struct hosts_info *host;
+{
+ char tok[BUFSIZ];
+ int match = NO;
+ FILE *fp;
+
+ if ((fp = fopen(path, "r")) != 0) {
+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
+ /* void */ ;
+ fclose(fp);
+ } else if (errno != ENOENT) {
+ tcpd_warn("open %s: %m", path);
+ }
+ return (match);
+}
+
/* host_match - match host name and/or address against pattern */
static int host_match(tok, host)
@@ -300,6 +320,8 @@
tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
return (NO);
#endif
+ } else if (tok[0] == '/') { /* /file hack */
+ return (hostfile_match(tok, host));
} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
char *name = eval_hostname(host);
return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));

100
tcp_wrappers_7.6-fedora-bug17847.diff Normal file
View File

@ -0,0 +1,100 @@
--- hosts_access.5
+++ hosts_access.5
@@ -103,6 +103,10 @@
address. For example, the [net]/prefixlen pattern
`[3ffe:505:2:1::]/64\' matches every address in the range
`3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'.
+.IP \(bu
+Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
+method of matching cannot be used in conjunction with `net/mask\' matching,
+hostname matching beginning with `.\' or IP address matching ending with `.\'.
.SH WILDCARDS
The access control language supports explicit wildcards:
.IP ALL
--- hosts_access.c
+++ hosts_access.c
@@ -346,6 +346,12 @@
{
int n;
+#ifndef DISABLE_WILDCARD_MATCHING
+ if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */
+ return (match_pattern_ylo(string,tok));
+ } else
+#endif
+
if (tok[0] == '.') { /* suffix */
n = strlen(string) - strlen(tok);
return (n > 0 && STR_EQ(tok, string + n));
@@ -454,3 +460,71 @@
}
#endif
}
+
+#ifndef DISABLE_WILDCARD_MATCHING
+/* Note: this feature has been adapted in a pretty straightforward way
+ from Tatu Ylonen's last SSH version under free license by
+ Pekka Savola <pekkas@netcore.fi>.
+
+ Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+*/
+
+/* Returns true if the given string matches the pattern (which may contain
+ ? and * as wildcards), and zero if it does not match. */
+
+int match_pattern_ylo(const char *s, const char *pattern)
+{
+ while (1)
+ {
+ /* If at end of pattern, accept if also at end of string. */
+ if (!*pattern)
+ return !*s;
+
+ /* Process '*'. */
+ if (*pattern == '*')
+ {
+ /* Skip the asterisk. */
+ pattern++;
+
+ /* If at end of pattern, accept immediately. */
+ if (!*pattern)
+ return 1;
+
+ /* If next character in pattern is known, optimize. */
+ if (*pattern != '?' && *pattern != '*')
+ {
+ /* Look instances of the next character in pattern, and try
+ to match starting from those. */
+ for (; *s; s++)
+ if (*s == *pattern &&
+ match_pattern_ylo(s + 1, pattern + 1))
+ return 1;
+ /* Failed. */
+ return 0;
+ }
+
+ /* Move ahead one character at a time and try to match at each
+ position. */
+ for (; *s; s++)
+ if (match_pattern_ylo(s, pattern))
+ return 1;
+ /* Failed. */
+ return 0;
+ }
+
+ /* There must be at least one more character in the string. If we are
+ at the end, fail. */
+ if (!*s)
+ return 0;
+
+ /* Check if the next character of the string is acceptable. */
+ if (*pattern != '?' && *pattern != *s)
+ return 0;
+
+ /* Move to the next character, both in string and in pattern. */
+ s++;
+ pattern++;
+ }
+ /*NOTREACHED*/
+}
+#endif /* DISABLE_WILDCARD_MATCHING */

92
tcp_wrappers_7.6-fedora-bug220015.diff Normal file
View File

@ -0,0 +1,92 @@
--- hosts_ctl.c
+++ hosts_ctl.c
@@ -29,10 +29,12 @@
{
struct request_info request;
- return (hosts_access(request_init(&request,
- RQ_DAEMON, daemon,
- RQ_CLIENT_NAME, name,
- RQ_CLIENT_ADDR, addr,
- RQ_USER, user,
- 0)));
+ request_init(&request, RQ_DAEMON, daemon,
+ RQ_CLIENT_NAME, name,
+ RQ_CLIENT_ADDR, addr,
+ RQ_USER, user,
+ 0);
+ sock_hostnofd(&request);
+
+ return (hosts_access(&request));
}
--- socket.c
+++ socket.c
@@ -140,6 +140,53 @@
#endif
}
+
+
+/* sock_hostnofd - look up endpoint addresses and install conversion methods */
+
+void sock_hostnofd(request)
+struct request_info *request;
+{
+ static struct sockaddr_storage client;
+ struct addrinfo hints, *res;
+ int ret;
+ char *host;
+
+ /* If the address field is non-empty and non-unknown and if the hostname
+ * field is empty or unknown, use the address field to get the sockaddr
+ * and hostname. */
+ if (strlen(request->client->addr) &&
+ HOSTNAME_KNOWN(request->client->addr) &&
+ (!strlen(request->client->addr) ||
+ !HOSTNAME_KNOWN(request->client->name)))
+ host = request->client->addr;
+ else
+ return;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = AF_INET6;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
+
+ ret = getaddrinfo(host, NULL, &hints, &res);
+ if (ret != 0) {
+ hints.ai_family = AF_INET;
+ ret = getaddrinfo(host, NULL, &hints, &res);
+ }
+
+ if (ret != 0) {
+ tcpd_warn("can't resolve hostname (%s): %s", host, gai_strerror(ret));
+ } else {
+ sock_methods(request);
+
+ memcpy(&client, res->ai_addr, res->ai_addrlen);
+ request->client->sin = (struct sockaddr *)&client;
+ freeaddrinfo(res);
+
+ request->client->name[0] = 0;
+ }
+}
+
/* sock_hostaddr - map endpoint address to printable form */
void sock_hostaddr(host)
--- tcpd.h
+++ tcpd.h
@@ -174,10 +174,12 @@
#ifdef __STDC__
extern void sock_host(struct request_info *);
+extern void sock_hostnofd(struct request_info *);
extern void sock_hostname(struct host_info *);
extern void sock_hostaddr(struct host_info *);
#else
extern void sock_host(); /* look up endpoint addresses */
+extern void sock_hostnofd();
extern void sock_hostname(); /* translate address to hostname */
extern void sock_hostaddr(); /* address to printable address */
#endif

11
tcp_wrappers_7.6-fedora-docu.diff Normal file
View File

@ -0,0 +1,11 @@
--- hosts_access.5
+++ hosts_access.5
@@ -329,7 +329,7 @@
/etc/hosts.deny:
.in +3
.nf
-in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\
+in.tftpd: ALL: spawn (/some/where/safe_finger -l @%h | \\
/usr/ucb/mail -s %d-%h root) &
.fi
.PP

25
tcp_wrappers_7.6-fedora-fixgethostbyname.diff Normal file
View File

@ -0,0 +1,25 @@
--- socket.c
+++ socket.c
@@ -54,6 +54,7 @@
char *name;
{
char dot_name[MAXHOSTNAMELEN + 1];
+ struct hostent *hp;
/*
* Don't append dots to unqualified names. Such names are likely to come
@@ -63,8 +64,12 @@
if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
return (gethostbyname(name));
} else {
- sprintf(dot_name, "%s.", name);
- return (gethostbyname(dot_name));
+ sprintf(dot_name, "%s.", name);
+ hp = gethostbyname(dot_name);
+ if (hp)
+ return hp;
+ else
+ return (gethostbyname(name));
}
}

39
tcp_wrappers_7.6-fedora-sig.diff Normal file
View File

@ -0,0 +1,39 @@
--- hosts_access.c
+++ hosts_access.c
@@ -63,6 +63,7 @@
#define YES 1
#define NO 0
+#define ERR -1
/*
* These variables are globally visible so that they can be redirected in
@@ -125,7 +126,6 @@
struct request_info *request;
{
int verdict;
-
/*
* If the (daemon, client) pair is matched by an entry in the file
* /etc/hosts.allow, access is granted. Otherwise, if the (daemon,
@@ -148,9 +148,9 @@
return (verdict == AC_PERMIT);
if (table_match(hosts_allow_table, request) == YES)
return (YES);
- if (table_match(hosts_deny_table, request))
- return (NO);
- return (YES);
+ if (table_match(hosts_deny_table, request) == NO)
+ return (YES);
+ return (NO);
}
/* table_match - match table entries with (daemon, client) pair */
@@ -194,6 +194,7 @@
(void) fclose(fp);
} else if (errno != ENOENT) {
tcpd_warn("cannot open %s: %m", table);
+ match = ERR;
}
if (match == YES) {
if (hosts_access_verbose > 1)

36
tcp_wrappers_7.6-fedora-sigalarm.diff Normal file
View File

@ -0,0 +1,36 @@
--- rfc931.c
+++ rfc931.c
@@ -92,6 +92,8 @@
char *cp;
char *result = unknown;
FILE *fp;
+ unsigned saved_timeout;
+ struct sigaction nact, oact;
#ifdef INET6
/* address family must be the same */
@@ -134,7 +136,12 @@
*/
if (sigsetjmp(timebuf, 1) == 0) {
- signal(SIGALRM, timeout);
+ /* Save SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */
+ saved_timeout = alarm(0);
+ nact.sa_handler = timeout;
+ nact.sa_flags = 0;
+ (void) sigemptyset(&nact.sa_mask);
+ (void) sigaction(SIGALRM, &nact, &oact);
alarm(rfc931_timeout);
/*
@@ -223,6 +230,10 @@
}
alarm(0);
}
+ /* Restore SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */
+ (void) sigaction(SIGALRM, &oact, NULL);
+ if (saved_timeout > 0)
+ alarm(saved_timeout);
fclose(fp);
}
STRN_CPY(dest, result, STRING_LENGTH);

87
tcp_wrappers_7.6-fedora-sigchld.diff Normal file
View File

@ -0,0 +1,87 @@
--- shell_cmd.c
+++ shell_cmd.c
@@ -24,6 +24,11 @@
#include <unistd.h>
#include <syslog.h>
#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <fcntl.h>
extern void exit();
@@ -35,13 +40,42 @@
static void do_child();
+/*
+ * The sigchld handler. If there is a SIGCHLD caused by a child other than
+ * ours, we set a flag and raise the signal later.
+ */
+volatile static int foreign_sigchld;
+volatile static int our_child_pid;
+static void sigchld(int sig, siginfo_t *si, void *unused)
+{
+ if (si && si->si_pid != our_child_pid)
+ foreign_sigchld = 1;
+}
+
/* shell_cmd - execute shell command */
void shell_cmd(command)
char *command;
{
int child_pid;
- int wait_pid;
+
+ struct sigaction new_action, old_action;
+ sigset_t new_mask, old_mask, empty_mask;
+
+ new_action.sa_sigaction = &sigchld;
+ new_action.sa_flags = SA_SIGINFO;
+ sigemptyset(&new_action.sa_mask);
+ sigemptyset(&new_mask);
+ sigemptyset(&empty_mask);
+ sigaddset(&new_mask, SIGCHLD);
+
+ /*
+ * Set the variables for handler, set the handler and block the signal
+ * until we have the pid.
+ */
+ foreign_sigchld = 0; our_child_pid = 0;
+ sigprocmask(SIG_BLOCK, &new_mask, &old_mask);
+ sigaction(SIGCHLD, &new_action, &old_action);
/*
* Most of the work is done within the child process, to minimize the
@@ -53,12 +87,26 @@
tcpd_warn("cannot fork: %m");
break;
case 00: /* child */
+ /* Clear the blocked mask for the child not to be surprised. */
+ sigprocmask(SIG_SETMASK, &empty_mask, 0);
do_child(command);
/* NOTREACHED */
default: /* parent */
- while ((wait_pid = wait((int *) 0)) != -1 && wait_pid != child_pid)
- /* void */ ;
+ our_child_pid = child_pid;
+ sigprocmask(SIG_UNBLOCK, &new_mask, 0);
+ while (waitpid(child_pid, (int *) 0, 0) == -1 && errno == EINTR);
}
+
+ /*
+ * Revert the signal mask and the SIGCHLD handler.
+ */
+ sigprocmask(SIG_SETMASK, &old_mask, 0);
+ sigaction(SIGCHLD, &old_action, 0);
+
+ /* If there was a foreign SIGCHLD, raise it after we have restored the old
+ * mask and handler. */
+ if (foreign_sigchld)
+ raise(SIGCHLD);
}
/* do_child - exec command with { stdin, stdout, stderr } to /dev/null */

29
tcp_wrappers_7.6-fedora-sigjmp.diff Normal file
View File

@ -0,0 +1,29 @@
--- rfc931.c
+++ rfc931.c
@@ -33,7 +33,7 @@
int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */
-static jmp_buf timebuf;
+static sigjmp_buf timebuf;
/* fsocket - open stdio stream on top of socket */
@@ -62,7 +62,7 @@
static void timeout(sig)
int sig;
{
- longjmp(timebuf, sig);
+ siglongjmp(timebuf, sig);
}
/* rfc931 - return remote user name, given socket structures */
@@ -133,7 +133,7 @@
* Set up a timer so we won't get stuck while waiting for the server.
*/
- if (setjmp(timebuf) == 0) {
+ if (sigsetjmp(timebuf, 1) == 0) {
signal(SIGALRM, timeout);
alarm(rfc931_timeout);

27
tcp_wrappers_7.6-fedora-strerror.diff Normal file
View File

@ -0,0 +1,27 @@
--- percent_m.c
+++ percent_m.c
@@ -13,7 +13,7 @@
#include <string.h>
extern int errno;
-#ifndef SYS_ERRLIST_DEFINED
+#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
extern char *sys_errlist[];
extern int sys_nerr;
#endif
@@ -29,11 +29,15 @@
while (*bp = *cp)
if (*cp == '%' && cp[1] == 'm') {
+#ifdef HAVE_STRERROR
+ strcpy(bp, strerror(errno));
+#else
if (errno < sys_nerr && errno > 0) {
strcpy(bp, sys_errlist[errno]);
} else {
sprintf(bp, "Unknown error %d", errno);
}
+#endif
bp += strlen(bp);
cp += 2;
} else {

1146
tcp_wrappers_7.6-ipv6-1.6.diff Normal file
View File

File diff suppressed because it is too large Load Diff

3
tcp_wrappers_7.6-ipv6-1.6.diff.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4cc4bdc5a86f2b7aaa8257507e19de5cc36fc8f128e815f44c33da017048971f
size 8070

493
tcp_wrappers_7.6-ipv6-fix.diff
View File

@ -12,10 +12,45 @@
# Made by Michal Ludvig <mludvig@suse.cz>, <michal@logix.cz>
# November , 2002
#
diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access.c
--- tcp_wrappers_7.6/hosts_access.c 2002-11-29 16:09:02.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/hosts_access.c 2002-11-29 12:52:15.000000000 +0100
@@ -85,11 +85,6 @@ static int server_match();
================================================================================
--- Makefile
+++ Makefile
@@ -1,5 +1,7 @@
# @(#) Makefile 1.23 97/03/21 19:27:20
+really-all: linux
+
what:
@echo
@echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
@@ -670,7 +672,7 @@
LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
$(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
- update.o misc.o diag.o percent_m.o myvsyslog.o
+ update.o misc.o diag.o percent_m.o myvsyslog.o ip6utils.o
FROM_OBJ= fromhost.o
@@ -683,6 +685,7 @@
tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \
myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \
refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
+ ip6utils.c ip6utils.h \
scaffold.h tcpdmatch.8 README.NIS
LIB = libwrap.a
@@ -812,6 +815,7 @@
# Internal compilation dependencies.
+tcpd.h: ip6utils.h
clean_exit.o: cflags
clean_exit.o: tcpd.h
diag.o: cflags
--- hosts_access.c
+++ hosts_access.c
@@ -85,11 +85,6 @@
static int client_match();
static int host_match();
static int string_match();
@ -27,7 +62,7 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
/* Size of logical line buffer. */
@@ -308,15 +303,17 @@ struct host_info *host;
@@ -308,15 +303,17 @@
} else if (STR_EQ(tok, "LOCAL")) { /* local: no dots in name */
char *name = eval_hostname(host);
return (strchr(name, '.') == 0 && HOSTNAME_KNOWN(name));
@ -48,7 +83,7 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
static int string_match(tok, string)
char *tok;
@@ -324,13 +321,6 @@ char *string;
@@ -324,13 +321,6 @@
{
int n;
@ -62,7 +97,7 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
if (tok[0] == '.') { /* suffix */
n = strlen(string) - strlen(tok);
return (n > 0 && STR_EQ(tok, string + n));
@@ -340,122 +330,65 @@ char *string;
@@ -340,122 +330,65 @@
return (STR_NE(string, unknown));
} else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */
return (STRN_EQ(tok, string, n));
@ -239,9 +274,200 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
+#endif
}
-#endif /* INET6 */
--- tcp_wrappers_7.6/socket.c 2002-11-29 16:08:40.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/socket.c 2002-11-29 16:16:56.000000000 +0100
@@ -25,16 +25,12 @@ static char sccsid[] = "@(#) socket.c 1.
--- ip6utils.c
+++ ip6utils.c
@@ -0,0 +1,152 @@
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <stdio.h>
+#include <errno.h>
+
+#include "ip6utils.h"
+
+/* inet_pton_mapped()
+ - works like inet_pton(3) but always returns IPv6 address
+ in dst - either "real" or v4mapped (::ffff:1.2.3.4) in
+ the case, when src points to IPv4 address (eg. to 1.2.3.4). */
+int
+inet_pton_mapped (int af, const char *src, void *dst)
+{
+ int ret;
+
+ /* Mapped address is v6. */
+ if (af != AF_INET6)
+ {
+ errno = EAFNOSUPPORT;
+ return -1;
+ }
+
+ /* We must put the result somewhere. */
+ if (!dst)
+ {
+ errno = EFAULT;
+ return -1;
+ }
+
+ /* First try whether the address IPv6. */
+ ret = inet_pton (AF_INET6, src, dst);
+ if (ret > 0)
+ return ret;
+
+ /* Because we're here, it apparently wasn't IPv6. Try IPv4 now. */
+ ret = inet_pton (AF_INET, src, &((struct in6_addr *)dst)->s6_addr32[3]);
+ if (ret > 0)
+ {
+ /* Good, it was IPv4, map it now. */
+ ((struct in6_addr *)dst)->s6_addr32[0] = 0;
+ ((struct in6_addr *)dst)->s6_addr32[1] = 0;
+ ((struct in6_addr *)dst)->s6_addr32[2] = htonl(0x0000ffffL);
+ }
+ return ret;
+}
+
+/* inet_ntop2()
+ - works like inet_ntop(3) but doesn't need an external
+ buffer. Usefull eg. for printing addresses via printf(). */
+const char *
+inet_ntop2 (int af, const void *src)
+{
+ static char address[INET6_ADDRSTRLEN];
+
+ return inet_ntop(af, src, address, sizeof(address));
+}
+
+/* sa_map_v4_to_v6()
+ - Take an IPv4 address in first argument and map it to
+ IPv4-mapped (::ffff:1.2.3.4) IPv6 address. */
+struct sockaddr_in6 *
+sa_map_v4_to_v6 (struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
+{
+ /* Both pointers must be not-NULL or we'll segfault. */
+ if (!sin || !sin6)
+ {
+ errno = EFAULT;
+ return NULL;
+ }
+
+ /* We can map only IPv4 addresses. */
+ if (sin->sin_family != AF_INET)
+ return NULL;
+
+ /* Map it now... */
+ memset(sin6, 0, sizeof(*sin6));
+
+ sin6->sin6_family = AF_INET6;
+ sin6->sin6_port = sin->sin_port;
+ sin6->sin6_addr.s6_addr16[5] = 0xffff;
+ sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
+
+ return sin6;
+}
+
+/* is_v4_string(), is_v6_string()
+ - Return 1 when src is a string representing a valid
+ IPv4, resp. IPv6 address. Return 0 otherwise. */
+int
+is_v4_string (const char *src)
+{
+ struct in_addr result;
+
+ return (inet_pton (AF_INET, src, &result) > 0);
+}
+
+int
+is_v6_string (const char *src)
+{
+ struct in6_addr result;
+
+ return (inet_pton (AF_INET6, src, &result) > 0);
+}
+
+/* apply_v6_prefix()
+ - mask the address given in 'src' with 'prefixlen' netmask. Clear
+ all bits not covered by prefixlen. */
+int
+apply_v6_prefix (struct in6_addr *src, int prefixlen)
+{
+ int i;
+
+ /* Check prefix for a valid length. */
+ if (prefixlen < 0 || prefixlen > 128)
+ return -1;
+
+ /* Prefixes will quite often end up on 16b boundary,
+ so we'll walk thorugh 16b blocks and possibly avoid
+ creating bitmasks. */
+ for (i=0; i<8; i++)
+ {
+ /* Prefix fully covers this block -> leave as is. */
+ if (prefixlen >= (i+1)*16)
+ continue;
+ /* Prefix doesn't cover this block -> zero it. */
+ if (prefixlen <= i*16)
+ {
+ src->s6_addr16[i] = 0;
+ continue;
+ }
+ /* Prefix ends somewhere inside in this block. Let's
+ build and apply a bitmask for this block. */
+ {
+ uint16_t mask=0;
+ int bits;
+
+ bits = prefixlen - i*16;
+
+ while (bits)
+ {
+ mask |= (1 << (16-bits));
+ bits --;
+ }
+
+ src->s6_addr16[i] &= htons(mask);
+ }
+ }
+
+ return 0;
+}
--- ip6utils.h
+++ ip6utils.h
@@ -0,0 +1,33 @@
+#ifndef IP6UTILS_H
+#define IP6UTILS_H
+
+/* inet_pton_mapped()
+ - works like inet_pton(3) but always returns IPv6 address
+ in dst - either "real" or v4mapped (::ffff:1.2.3.4) in
+ the case, when src points to IPv4 address (eg. to 1.2.3.4).
+ Return value is as with inet_pton(), dst remains untouched on
+ an address translation failure. */
+int inet_pton_mapped (int af, const char *src, void *dst);
+
+/* inet_ntop2()
+ - works like inet_ntop(3) but doesn't need an external
+ buffer. Usefull eg. for printing addresses via printf(). */
+const char *inet_ntop2 (int af, const void *src);
+
+/* sa_map_v4_to_v6()
+ - Take an IPv4 address in form 1.2.3.4 and map it to
+ IPv4-mapped form ::ffff:1.2.3.4 */
+struct sockaddr_in6 *sa_map_v4_to_v6 (struct sockaddr_in *sin, struct sockaddr_in6 *sin6);
+
+/* is_v4_string(), is_v6_string()
+ - Return 1 when src is a string representing a valid
+ IPv4, resp. IPv6 address. Return 0 otherwise. */
+int is_v4_string (const char *src);
+int is_v6_string (const char *src);
+
+/* apply_v6_prefix()
+ - mask the address given in 'src' with 'prefixlen' netmask. Clear
+ all bits not covered by prefixlen. Return -1 on a failure, else 0. */
+int apply_v6_prefix (struct in6_addr *src, int prefixlen);
+
+#endif /* IP6UTILS_H */
--- socket.c
+++ socket.c
@@ -25,16 +25,12 @@
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
@ -260,7 +486,7 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
extern char *inet_ntoa();
@@ -65,10 +61,10 @@ char *name;
@@ -65,10 +61,10 @@
*/
if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
@ -274,7 +500,7 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
}
}
@@ -104,15 +100,15 @@ struct request_info *request;
@@ -104,15 +100,15 @@
len = sizeof(client);
if (getpeername(fd, (struct sockaddr *) & client, &len) < 0) {
@ -298,7 +524,7 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
#endif
}
#ifdef INET6
@@ -129,8 +125,8 @@ struct request_info *request;
@@ -129,8 +125,8 @@
len = sizeof(server);
if (getsockname(fd, (struct sockaddr *) & server, &len) < 0) {
@ -309,7 +535,7 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
}
#ifdef INET6
request->server->sin = (struct sockaddr *)&server;
@@ -150,18 +146,18 @@ struct host_info *host;
@@ -150,18 +146,18 @@
int alen;
if (!sin)
@ -339,7 +565,7 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
}
host->addr[0] = '\0';
inet_ntop(sin->sa_family, ap, host->addr, sizeof(host->addr));
@@ -169,30 +165,139 @@ struct host_info *host;
@@ -169,30 +165,139 @@
struct sockaddr_in *sin = host->sin;
if (sin != 0)
@ -494,7 +720,7 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
int i;
/*
@@ -202,163 +307,76 @@ struct host_info *host;
@@ -202,163 +307,76 @@
* have to special-case 0.0.0.0, in order to avoid false alerts from the
* host name/address checking code below.
*/
@ -717,202 +943,8 @@ diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access
/* sock_sink - absorb unreceived IP datagram */
diff -upNr tcp_wrappers_7.6/ip6utils.c tcp_wrappers_7.6.mludvig/ip6utils.c
--- tcp_wrappers_7.6/ip6utils.c 1970-01-01 01:00:00.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/ip6utils.c 2002-11-29 14:31:52.000000000 +0100
@@ -0,0 +1,152 @@
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <stdio.h>
+#include <errno.h>
+
+#include "ip6utils.h"
+
+/* inet_pton_mapped()
+ - works like inet_pton(3) but always returns IPv6 address
+ in dst - either "real" or v4mapped (::ffff:1.2.3.4) in
+ the case, when src points to IPv4 address (eg. to 1.2.3.4). */
+int
+inet_pton_mapped (int af, const char *src, void *dst)
+{
+ int ret;
+
+ /* Mapped address is v6. */
+ if (af != AF_INET6)
+ {
+ errno = EAFNOSUPPORT;
+ return -1;
+ }
+
+ /* We must put the result somewhere. */
+ if (!dst)
+ {
+ errno = EFAULT;
+ return -1;
+ }
+
+ /* First try whether the address IPv6. */
+ ret = inet_pton (AF_INET6, src, dst);
+ if (ret > 0)
+ return ret;
+
+ /* Because we're here, it apparently wasn't IPv6. Try IPv4 now. */
+ ret = inet_pton (AF_INET, src, &((struct in6_addr *)dst)->s6_addr32[3]);
+ if (ret > 0)
+ {
+ /* Good, it was IPv4, map it now. */
+ ((struct in6_addr *)dst)->s6_addr32[0] = 0;
+ ((struct in6_addr *)dst)->s6_addr32[1] = 0;
+ ((struct in6_addr *)dst)->s6_addr32[2] = htonl(0x0000ffffL);
+ }
+ return ret;
+}
+
+/* inet_ntop2()
+ - works like inet_ntop(3) but doesn't need an external
+ buffer. Usefull eg. for printing addresses via printf(). */
+const char *
+inet_ntop2 (int af, const void *src)
+{
+ static char address[INET6_ADDRSTRLEN];
+
+ return inet_ntop(af, src, address, sizeof(address));
+}
+
+/* sa_map_v4_to_v6()
+ - Take an IPv4 address in first argument and map it to
+ IPv4-mapped (::ffff:1.2.3.4) IPv6 address. */
+struct sockaddr_in6 *
+sa_map_v4_to_v6 (struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
+{
+ /* Both pointers must be not-NULL or we'll segfault. */
+ if (!sin || !sin6)
+ {
+ errno = EFAULT;
+ return NULL;
+ }
+
+ /* We can map only IPv4 addresses. */
+ if (sin->sin_family != AF_INET)
+ return NULL;
+
+ /* Map it now... */
+ memset(sin6, 0, sizeof(*sin6));
+
+ sin6->sin6_family = AF_INET6;
+ sin6->sin6_port = sin->sin_port;
+ sin6->sin6_addr.s6_addr16[5] = 0xffff;
+ sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
+
+ return sin6;
+}
+
+/* is_v4_string(), is_v6_string()
+ - Return 1 when src is a string representing a valid
+ IPv4, resp. IPv6 address. Return 0 otherwise. */
+int
+is_v4_string (const char *src)
+{
+ struct in_addr result;
+
+ return (inet_pton (AF_INET, src, &result) > 0);
+}
+
+int
+is_v6_string (const char *src)
+{
+ struct in6_addr result;
+
+ return (inet_pton (AF_INET6, src, &result) > 0);
+}
+
+/* apply_v6_prefix()
+ - mask the address given in 'src' with 'prefixlen' netmask. Clear
+ all bits not covered by prefixlen. */
+int
+apply_v6_prefix (struct in6_addr *src, int prefixlen)
+{
+ int i;
+
+ /* Check prefix for a valid length. */
+ if (prefixlen < 0 || prefixlen > 128)
+ return -1;
+
+ /* Prefixes will quite often end up on 16b boundary,
+ so we'll walk thorugh 16b blocks and possibly avoid
+ creating bitmasks. */
+ for (i=0; i<8; i++)
+ {
+ /* Prefix fully covers this block -> leave as is. */
+ if (prefixlen >= (i+1)*16)
+ continue;
+ /* Prefix doesn't cover this block -> zero it. */
+ if (prefixlen <= i*16)
+ {
+ src->s6_addr16[i] = 0;
+ continue;
+ }
+ /* Prefix ends somewhere inside in this block. Let's
+ build and apply a bitmask for this block. */
+ {
+ uint16_t mask=0;
+ int bits;
+
+ bits = prefixlen - i*16;
+
+ while (bits)
+ {
+ mask |= (1 << (16-bits));
+ bits --;
+ }
+
+ src->s6_addr16[i] &= htons(mask);
+ }
+ }
+
+ return 0;
+}
diff -upNr tcp_wrappers_7.6/ip6utils.h tcp_wrappers_7.6.mludvig/ip6utils.h
--- tcp_wrappers_7.6/ip6utils.h 1970-01-01 01:00:00.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/ip6utils.h 2002-11-29 12:53:06.000000000 +0100
@@ -0,0 +1,33 @@
+#ifndef IP6UTILS_H
+#define IP6UTILS_H
+
+/* inet_pton_mapped()
+ - works like inet_pton(3) but always returns IPv6 address
+ in dst - either "real" or v4mapped (::ffff:1.2.3.4) in
+ the case, when src points to IPv4 address (eg. to 1.2.3.4).
+ Return value is as with inet_pton(), dst remains untouched on
+ an address translation failure. */
+int inet_pton_mapped (int af, const char *src, void *dst);
+
+/* inet_ntop2()
+ - works like inet_ntop(3) but doesn't need an external
+ buffer. Usefull eg. for printing addresses via printf(). */
+const char *inet_ntop2 (int af, const void *src);
+
+/* sa_map_v4_to_v6()
+ - Take an IPv4 address in form 1.2.3.4 and map it to
+ IPv4-mapped form ::ffff:1.2.3.4 */
+struct sockaddr_in6 *sa_map_v4_to_v6 (struct sockaddr_in *sin, struct sockaddr_in6 *sin6);
+
+/* is_v4_string(), is_v6_string()
+ - Return 1 when src is a string representing a valid
+ IPv4, resp. IPv6 address. Return 0 otherwise. */
+int is_v4_string (const char *src);
+int is_v6_string (const char *src);
+
+/* apply_v6_prefix()
+ - mask the address given in 'src' with 'prefixlen' netmask. Clear
+ all bits not covered by prefixlen. Return -1 on a failure, else 0. */
+int apply_v6_prefix (struct in6_addr *src, int prefixlen);
+
+#endif /* IP6UTILS_H */
diff -upNr tcp_wrappers_7.6/tcpd.h tcp_wrappers_7.6.mludvig/tcpd.h
--- tcp_wrappers_7.6/tcpd.h 2002-11-29 16:09:02.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/tcpd.h 2002-11-29 12:54:16.000000000 +0100
--- tcpd.h
+++ tcpd.h
@@ -10,6 +10,8 @@
#include <sys/socket.h>
#endif
@ -922,40 +954,3 @@ diff -upNr tcp_wrappers_7.6/tcpd.h tcp_wrappers_7.6.mludvig/tcpd.h
/* Structure to describe one communications endpoint. */
#define STRING_LENGTH 128 /* hosts, users, processes */
diff -upNr tcp_wrappers_7.6/Makefile tcp_wrappers_7.6.mludvig/Makefile
--- tcp_wrappers_7.6/Makefile 2002-11-29 16:09:02.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/Makefile 2002-11-29 12:54:04.000000000 +0100
@@ -1,5 +1,7 @@
# @(#) Makefile 1.23 97/03/21 19:27:20
+really-all: linux
+
what:
@echo
@echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
@@ -670,7 +672,7 @@ CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY
LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
$(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
- update.o misc.o diag.o percent_m.o myvsyslog.o
+ update.o misc.o diag.o percent_m.o myvsyslog.o ip6utils.o
FROM_OBJ= fromhost.o
@@ -683,6 +685,7 @@ KIT = README miscd.c tcpd.c fromhost.c h
tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \
myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \
refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
+ ip6utils.c ip6utils.h \
scaffold.h tcpdmatch.8 README.NIS
LIB = libwrap.a
@@ -812,6 +815,7 @@ printfck:
# Internal compilation dependencies.
+tcpd.h: ip6utils.h
clean_exit.o: cflags
clean_exit.o: tcpd.h
diag.o: cflags

4
tcp_wrappers_7.6-ipv6.fix.fix.diff
View File

@ -1,5 +1,5 @@
--- hosts_access.c 2003/03/15 15:12:36 1.1
+++ hosts_access.c 2003/03/15 15:47:18
--- hosts_access.c
+++ hosts_access.c
@@ -354,7 +354,26 @@
/* If prefix was given, handle it */
if ((mask = split_at(token, '/')) != 0)

2
tcp_wrappers_7.6-nonvoid.diff
View File

@ -59,7 +59,7 @@
/* severity_option - change logging severity for this event (Dave Mitchell) */
--- tcpd.c
+++ tcpd.c
@@ -131,4 +131,5 @@
@@ -132,4 +132,5 @@
syslog(LOG_ERR, "error: cannot execute %s: %m", path);
clean_exit(&request);
/* NOTREACHED */

120
tcp_wrappers_7.6-prototypes.diff
View File

@ -1,37 +1,5 @@
--- tcp_wrappers_7.6/inetcf.c.xx 2005-09-16 22:00:05.000000000 +0200
+++ tcp_wrappers_7.6/inetcf.c 2005-09-16 22:13:38.000000000 +0200
@@ -88,7 +88,7 @@
} else {
for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "r")) == 0; i++)
/* void */ ;
- if (fp == 0) {
+ if (!fp) {
fprintf(stderr, "Cannot find your inetd.conf or tlid.conf file.\n");
fprintf(stderr, "Please specify its location.\n");
exit(1);
--- tcp_wrappers_7.6/ip6utils.c.xx 2005-09-16 22:00:35.000000000 +0200
+++ tcp_wrappers_7.6/ip6utils.c 2005-09-16 22:13:38.000000000 +0200
@@ -2,6 +2,7 @@
#include <sys/socket.h>
#include <arpa/inet.h>
#include <stdio.h>
+#include <string.h>
#include <errno.h>
#include "ip6utils.h"
--- tcp_wrappers_7.6/options.c.xx 2005-09-16 22:05:35.000000000 +0200
+++ tcp_wrappers_7.6/options.c 2005-09-16 22:13:38.000000000 +0200
@@ -41,6 +41,8 @@
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
#include <syslog.h>
#include <pwd.h>
#include <grp.h>
--- tcp_wrappers_7.6/clean_exit.c.xx 2005-09-16 22:09:34.000000000 +0200
+++ tcp_wrappers_7.6/clean_exit.c 2005-09-16 22:13:38.000000000 +0200
--- clean_exit.c
+++ clean_exit.c
@@ -13,6 +13,8 @@
#endif
@ -41,8 +9,62 @@
extern void exit();
--- tcp_wrappers_7.6/shell_cmd.c.xx 2005-09-16 22:06:55.000000000 +0200
+++ tcp_wrappers_7.6/shell_cmd.c 2005-09-16 22:13:38.000000000 +0200
--- hosts_access.c
+++ hosts_access.c
@@ -31,6 +31,8 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
+#include <unistd.h>
+#include <netdb.h>
#include <syslog.h>
#include <ctype.h>
#include <errno.h>
--- inetcf.c
+++ inetcf.c
@@ -88,7 +88,7 @@
} else {
for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "r")) == 0; i++)
/* void */ ;
- if (fp == 0) {
+ if (!fp) {
fprintf(stderr, "Cannot find your inetd.conf or tlid.conf file.\n");
fprintf(stderr, "Please specify its location.\n");
exit(1);
--- ip6utils.c
+++ ip6utils.c
@@ -2,6 +2,7 @@
#include <sys/socket.h>
#include <arpa/inet.h>
#include <stdio.h>
+#include <string.h>
#include <errno.h>
#include "ip6utils.h"
--- options.c
+++ options.c
@@ -41,6 +41,8 @@
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
#include <syslog.h>
#include <pwd.h>
#include <grp.h>
--- percent_x.c
+++ percent_x.c
@@ -18,6 +18,8 @@
#include <stdio.h>
#include <syslog.h>
+#include <stdlib.h>
+#include <unistd.h>
#include <string.h>
extern void exit();
--- shell_cmd.c
+++ shell_cmd.c
@@ -15,9 +15,13 @@
/* System libraries. */
@ -57,19 +79,8 @@
#include <syslog.h>
#include <string.h>
--- tcp_wrappers_7.6/percent_x.c.xx 2005-09-16 22:09:19.000000000 +0200
+++ tcp_wrappers_7.6/percent_x.c 2005-09-16 22:13:38.000000000 +0200
@@ -18,6 +18,8 @@
#include <stdio.h>
#include <syslog.h>
+#include <stdlib.h>
+#include <unistd.h>
#include <string.h>
extern void exit();
--- tcp_wrappers_7.6/update.c.xx 2005-09-16 22:10:09.000000000 +0200
+++ tcp_wrappers_7.6/update.c 2005-09-16 22:13:38.000000000 +0200
--- update.c
+++ update.c
@@ -21,6 +21,7 @@
#include <stdio.h>
@ -78,14 +89,3 @@
#include <string.h>
/* Local stuff. */
--- tcp_wrappers_7.6/hosts_access.c.xx 2005-09-16 22:12:08.000000000 +0200
+++ tcp_wrappers_7.6/hosts_access.c 2005-09-16 22:13:38.000000000 +0200
@@ -31,6 +31,8 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
+#include <unistd.h>
+#include <netdb.h>
#include <syslog.h>
#include <ctype.h>
#include <errno.h>

2
tcp_wrappers_7.6-shared-lib.diff
View File

@ -159,5 +159,5 @@
+#ifdef HAVE_WEAKSYMS
+#include <syslog.h>
+int deny_severity = LOG_WARNING;
+int allow_severity = SEVERITY;
+int allow_severity = SEVERITY;
+#endif

18
tcp_wrappers_7.6-shared-lib2.diff Normal file
View File

@ -0,0 +1,18 @@
--- tcpd.h
+++ tcpd.h
@@ -126,10 +126,15 @@
*/
#ifdef __STDC__
+extern int hosts_access(struct request_info *request);
+extern int hosts_ctl(char *daemon, char *client_name, char *client_addr,
+ char *client_user);
extern struct request_info *request_init(struct request_info *,...);
extern struct request_info *request_set(struct request_info *,...);
extern int hosts_ctl(char *daemon, char *client_name, char *client_addr, char *client_user);
#else
+extern int hosts_access();
+extern int hosts_ctl();
extern struct request_info *request_init(); /* initialize request */
extern struct request_info *request_set(); /* update request structure */
#endif

36
tcp_wrappers_7.6.dif → tcp_wrappers_7.6.diff
View File

@ -121,7 +121,7 @@
+
--- hosts_access.c
+++ hosts_access.c
@@ -36,6 +36,7 @@
@@ -33,6 +33,7 @@
#include <errno.h>
#include <setjmp.h>
#include <string.h>
@ -129,11 +129,10 @@
extern char *fgets();
extern int errno;
@@ -95,6 +96,33 @@
#define BUFLEN 2048
@@ -89,6 +90,33 @@
/* hosts_access - host access control facility */
+
+int
+yp_get_default_domain (char **outdomain)
+{
@ -160,9 +159,10 @@
+ return result;
+}
+
+
int hosts_access(request)
struct request_info *request;
{
--- safe_finger.c
+++ safe_finger.c
@@ -31,7 +31,7 @@
@ -176,18 +176,24 @@
#define INPUT_LENGTH 100000 /* Do not keep listinging forever */
--- scaffold.c
+++ scaffold.c
@@ -334,10 +334,11 @@
@@ -180,10 +180,17 @@
/* ARGSUSED */
-void rfc931(request)
-struct request_info *request;
+void rfc931(request, dummy1, dummy2)
+struct sockaddr *request, *dummy1;
+char *dummy2;
+void rfc931(rmt_sin, our_sin, dest)
+#ifndef INET6
+struct sockaddr_in *rmt_sin;
+struct sockaddr_in *our_sin;
+#else
+struct sockaddr *rmt_sin;
+struct sockaddr *our_sin;
+#endif
+char *dest;
{
- strcpy(request->user, unknown);
+ strcpy(((struct request_info *)request)->user, unknown);
+ strcpy(dest, unknown);
}
/* check_path - examine accessibility */
@ -206,7 +212,7 @@
/* Structure to describe one communications endpoint. */
#define STRING_LENGTH 128 /* hosts, users, processes */
@@ -65,11 +71,26 @@
@@ -61,11 +67,26 @@
/* Global functions. */
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
@ -233,7 +239,7 @@
extern int hosts_access(); /* access control */
extern void shell_cmd(); /* execute shell command */
extern char *percent_x(); /* do %<char> expansion */
@@ -79,6 +100,7 @@
@@ -75,6 +96,7 @@
extern char *xgets(); /* fgets() on steroids */
extern char *split_at(); /* strchr() and split */
extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
@ -241,7 +247,7 @@
/* Global variables. */
@@ -121,28 +143,47 @@
@@ -117,28 +139,47 @@
* host_info structures serve as caches for the lookup results.
*/
@ -289,7 +295,7 @@
/*
* Problem reporting interface. Additional file/line context is reported
@@ -182,42 +223,74 @@
@@ -178,42 +219,74 @@
* behavior.
*/
@ -362,5 +368,5 @@
+extern char *my_strtok(char *, char *);
+#else
extern char *my_strtok();
+#endif
#endif
+#endif

17
tcpd.changes
View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Mon Oct 13 18:29:57 CEST 2008 - prusnak@suse.cz
- applied patches from Fedora package
* fedora-bug11881.diff - replace sprintf with snprintf
* fedora-bug17795.diff - add hostfile matching
* fedora-bug17847.diff - add wildcard matching
* fedora-bug141110.diff - fix table_match usage
* fedora-bug220015.diff - add sock_hostnofd function
* fedora-docu.diff - fix manpage
* fedora-fixgethostbyname.diff - fix gethostbyname usage
* fedora-sig.diff - fix signal usage
* fedora-sigalarm.diff - fix signal usage
* fedora-sigchld.diff - fix signal usage
* fedora-sigjmp.diff - fix signal usage
* fedora-strerror.diff - fix strerror usage
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de

116
tcpd.spec
View File

@ -2,9 +2,16 @@
# spec file for package tcpd (Version 7.6)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@ -16,13 +23,14 @@ Url: ftp://ftp.porcupine.org/pub/security/index.html
License: BSD 3-Clause
Group: Productivity/Networking/System
Provides: nkitb:/usr/sbin/tcpd
BuildRequires: linux-kernel-headers
AutoReqProv: on
Version: 7.6
Release: 820
Release: 854
Summary: A security wrapper for TCP daemons
Source: tcp_wrappers_%{version}.tar.bz2
Patch: tcp_wrappers_%{version}.dif
Patch1: tcp_wrappers_%{version}-ipv6-1.6.diff.gz
Patch0: tcp_wrappers_%{version}.diff
Patch1: tcp_wrappers_%{version}-ipv6-1.6.diff
Patch2: tcp_wrappers_%{version}-ipv6-fix.diff
Patch3: tcp_wrappers_%{version}-ipv6.fix.fix.diff
Patch4: tcp_wrappers_%{version}-ipv6.fix.fix2.diff
@ -31,11 +39,24 @@ Patch6: tcp_wrappers_%{version}-fix_options-fix.diff
Patch7: tcp_wrappers_%{version}-shared-lib.diff
Patch8: tcp_wrappers_%{version}-builtin.diff
Patch9: tcp_wrappers_%{version}-multi_local_interfaces-fix.diff
Patch10: tcp_wrappers_7.6-optflags.diff
Patch11: tcp_wrappers_7.6-nonvoid.diff
Patch12: tcp_wrappers_7.6-prototypes.diff
Patch13: tcp_wrappers_7.6-hosts_ctl.diff
Patch14: tcp_wrappers_7.6-uninitialized.diff
Patch10: tcp_wrappers_%{version}-optflags.diff
Patch11: tcp_wrappers_%{version}-nonvoid.diff
Patch12: tcp_wrappers_%{version}-prototypes.diff
Patch13: tcp_wrappers_%{version}-hosts_ctl.diff
Patch14: tcp_wrappers_%{version}-uninitialized.diff
Patch15: tcp_wrappers_%{version}-fedora-bug11881.diff
Patch16: tcp_wrappers_%{version}-fedora-bug141110.diff
Patch17: tcp_wrappers_%{version}-fedora-docu.diff
Patch18: tcp_wrappers_%{version}-fedora-sig.diff
Patch19: tcp_wrappers_%{version}-fedora-sigchld.diff
Patch20: tcp_wrappers_%{version}-fedora-sigjmp.diff
Patch21: tcp_wrappers_%{version}-fedora-sigalarm.diff
Patch22: tcp_wrappers_%{version}-fedora-strerror.diff
Patch23: tcp_wrappers_%{version}-fedora-fixgethostbyname.diff
Patch24: tcp_wrappers_%{version}-fedora-bug220015.diff
Patch25: tcp_wrappers_%{version}-shared-lib2.diff
Patch26: tcp_wrappers_%{version}-fedora-bug17795.diff
Patch27: tcp_wrappers_%{version}-fedora-bug17847.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -53,7 +74,6 @@ Authors:
License: BSD 3-Clause
Summary: Include Files and Libraries for the TCP wrapper library
Group: Productivity/Networking/System
Prefix: %{_prefix}
Requires: %{name} = %{version}
Requires: glibc-devel
@ -64,10 +84,10 @@ to compile and link programs against the TCP wrapper library.
%prep
%setup -n tcp_wrappers_%{version}
%patch1 -p2
%patch
%patch2 -p1
%setup -q -n tcp_wrappers_%{version}
%patch0
%patch1
%patch2
%patch3
%patch4
%patch5
@ -77,55 +97,81 @@ to compile and link programs against the TCP wrapper library.
%patch9
%patch10
%patch11
%patch12 -p1
%patch12
%patch13
%patch14
%patch15
%patch16
%patch17
%patch18
%patch19
%patch20
%patch21
%patch22
%patch23
%patch24
%patch25
%patch26
%patch27
%build
#RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIE -Wformat=2"
# make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
make linux
%install
install -d -m 755 $RPM_BUILD_ROOT/usr/{%{_lib},include,sbin}
install -d -m 755 $RPM_BUILD_ROOT%{_includedir}
install -d -m 755 $RPM_BUILD_ROOT%{_libdir}
install -d -m 755 $RPM_BUILD_ROOT%{_sbindir}
install -d -m 755 $RPM_BUILD_ROOT%{_mandir}/man{1,3,5,8}
install -m 755 tcpd tcpdchk tcpdmatch safe_finger try-from $RPM_BUILD_ROOT/usr/sbin/
install -m 644 tcpd.8 tcpdchk.8 tcpdmatch.8 $RPM_BUILD_ROOT%{_mandir}/man8/
install -m 644 hosts_access.3 $RPM_BUILD_ROOT%{_mandir}/man3/
install -m 644 hosts_access.5 hosts_options.5 $RPM_BUILD_ROOT%{_mandir}/man5/
install -m 644 libwrap.a $RPM_BUILD_ROOT/%{_libdir}
install -m 644 tcpd.h $RPM_BUILD_ROOT/usr/include/
install -m 644 ip6utils.h $RPM_BUILD_ROOT/usr/include/
install -d -m 755 $RPM_BUILD_ROOT/%{_lib}
install -m 644 ip6utils.h tcpd.h $RPM_BUILD_ROOT%{_includedir}
install -m 644 libwrap.a $RPM_BUILD_ROOT/%{_libdir}
install -m 755 safe_finger tcpd tcpdchk tcpdmatch try-from $RPM_BUILD_ROOT%{_sbindir}
install -m 644 hosts_access.3 $RPM_BUILD_ROOT%{_mandir}/man3
install -m 644 hosts_access.5 hosts_options.5 $RPM_BUILD_ROOT%{_mandir}/man5
install -m 644 tcpd.8 tcpdchk.8 tcpdmatch.8 $RPM_BUILD_ROOT%{_mandir}/man8
install -m 644 shared/libwrap.so.0.%{version} $RPM_BUILD_ROOT/%{_lib}
cd $RPM_BUILD_ROOT/%{_lib}
ln -sf libwrap.so.0.%{version} libwrap.so.0
cd $RPM_BUILD_ROOT/%{_libdir}
cd $RPM_BUILD_ROOT%{_libdir}
ln -sf /%{_lib}/libwrap.so.0.%{version} libwrap.so
%clean
[ -d %{buildroot} -a "%{buildroot}" != "" ] && rm -rf %{buildroot}
[ -d $RPM_BUILD_ROOT -a "$RPM_BUILD_ROOT" != "" ] && rm -rf $RPM_BUILD_ROOT
%post
%run_ldconfig
%post -p /sbin/ldconfig
%postun
%run_ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(644,root,root,755)
%doc BLURB CHANGES DISCLAIMER README README.ipv6 README.NIS
%attr(755,root,root) /%{_lib}/libwrap.so.*
%doc %{_mandir}/man?/*
%attr(755,root,root) /usr/sbin/*
%attr(755,root,root) /%{_lib}/libwrap.so.*
%attr(755,root,root) %{_sbindir}/*
%files devel
%defattr(644,root,root,755)
/usr/include/tcpd.h
/usr/include/ip6utils.h
%{_includedir}/tcpd.h
%{_includedir}/ip6utils.h
%{_libdir}/libwrap.a
%{_libdir}/libwrap.so
%changelog
* Mon Oct 13 2008 prusnak@suse.cz
- applied patches from Fedora package
* fedora-bug11881.diff - replace sprintf with snprintf
* fedora-bug17795.diff - add hostfile matching
* fedora-bug17847.diff - add wildcard matching
* fedora-bug141110.diff - fix table_match usage
* fedora-bug220015.diff - add sock_hostnofd function
* fedora-docu.diff - fix manpage
* fedora-fixgethostbyname.diff - fix gethostbyname usage
* fedora-sig.diff - fix signal usage
* fedora-sigalarm.diff - fix signal usage
* fedora-sigchld.diff - fix signal usage
* fedora-sigjmp.diff - fix signal usage
* fedora-strerror.diff - fix strerror usage
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support