Home Explore Help
Sign In
dustdfg
/
dragora
forked from dragora/dragora
Watch 1
Star 0
Fork 0
Files
Branch: cmake-recipe
Branches Tags
dragora
/
patches
/
tcp_wrappers
/
01_man_portability

01_man_portability 10 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249 
  1. diff -ruNp tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3
    2. 

  2. --- tcp_wrappers_7.6.orig/hosts_access.3	2005-03-09 18:30:25.000000000 +0100
    3. 

  3. +++ tcp_wrappers_7.6/hosts_access.3	2005-03-09 18:27:03.000000000 +0100
    4. 

  4. @@ -3,7 +3,7 @@
    5. 

  5.  hosts_access, hosts_ctl, request_init, request_set \- access control library
    6. 

  6.  .SH SYNOPSIS
    7. 

  7.  .nf
    8. 

  8. -#include "tcpd.h"
    9. 

  9. +#include <tcpd.h>
    10. 

  10.  
    11. 

  11.  extern int allow_severity;
    12. 

  12.  extern int deny_severity;
    13. 

  13. diff -ruNp tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5
    14. 

  14. --- tcp_wrappers_7.6.orig/hosts_access.5	2005-03-09 18:30:25.000000000 +0100
    15. 

  15. +++ tcp_wrappers_7.6/hosts_access.5	2005-03-09 18:30:18.000000000 +0100
    16. 

  16. @@ -8,9 +8,9 @@ name, host name/address) patterns.  Exam
    17. 

  17.  impatient reader is encouraged to skip to the EXAMPLES section for a
    18. 

  18.  quick introduction.
    19. 

  19.  .PP
    20. 

  20. -An extended version of the access control language is described in the
    21. 

  21. -\fIhosts_options\fR(5) document. The extensions are turned on at
    22. 

  22. -program build time by building with -DPROCESS_OPTIONS.
    23. 

  23. +The extended version of the access control language is described in the
    24. 

  24. +\fIhosts_options\fR(5) document. \fBNote that this language supersedes
    25. 

  25. +the meaning of \fIshell_command\fB as documented below.\fR
    26. 

  26.  .PP
    27. 

  27.  In the following text, \fIdaemon\fR is the process name of a
    28. 

  28.  network daemon process, and \fIclient\fR is the name and/or address of
    29. 

  29. @@ -346,8 +346,8 @@ in.tftpd: LOCAL, .my.domain
    30. 

  30.  /etc/hosts.deny:
    31. 

  31.  .in +3
    32. 

  32.  .nf
    33. 

  33. -in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\
    34. 

  34. -	/usr/ucb/mail -s %d-%h root) &
    35. 

  35. +in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h | \\
    36. 

  36. +	/usr/bin/mail -s %d-%h root) &
    37. 

  37.  .fi
    38. 

  38.  .PP
    39. 

  39.  The safe_finger command comes with the tcpd wrapper and should be
    40. 

  40. @@ -383,6 +383,7 @@ that shouldn\'t.  All problems are repor
    41. 

  41.  .fi
    42. 

  42.  .SH SEE ALSO
    43. 

  43.  .nf
    44. 

  44. +hosts_options(5) extended syntax.
    45. 

  45.  tcpd(8) tcp/ip daemon wrapper program.
    46. 

  46.  tcpdchk(8), tcpdmatch(8), test programs.
    47. 

  47.  .SH BUGS
    48. 

  48. diff -ruNp tcp_wrappers_7.6.orig/hosts_options.5 tcp_wrappers_7.6/hosts_options.5
    49. 

  49. --- tcp_wrappers_7.6.orig/hosts_options.5	2005-03-09 18:30:24.000000000 +0100
    50. 

  50. +++ tcp_wrappers_7.6/hosts_options.5	2005-03-09 18:27:03.000000000 +0100
    51. 

  51. @@ -2,10 +2,8 @@
    52. 

  52.  .SH NAME
    53. 

  53.  hosts_options \- host access control language extensions
    54. 

  54.  .SH DESCRIPTION
    55. 

  55. -This document describes optional extensions to the language described
    56. 

  56. -in the hosts_access(5) document. The extensions are enabled at program
    57. 

  57. -build time. For example, by editing the Makefile and turning on the 
    58. 

  58. -PROCESS_OPTIONS compile-time option.
    59. 

  59. +This document describes extensions to the language described
    60. 

  60. +in the hosts_access(5) document.
    61. 

  61.  .PP
    62. 

  62.  The extensible language uses the following format:
    63. 

  63.  .sp
    64. 

  64. @@ -58,12 +56,12 @@ Notice the leading dot on the domain nam
    65. 

  65.  Execute, in a child process, the specified shell command, after
    66. 

  66.  performing the %<letter> expansions described in the hosts_access(5)
    67. 

  67.  manual page.  The command is executed with stdin, stdout and stderr
    68. 

  68. -connected to the null device, so that it won\'t mess up the
    69. 

  69. +connected to the null device, so that it won't mess up the
    70. 

  70.  conversation with the client host. Example:
    71. 

  71.  .sp
    72. 

  72.  .nf
    73. 

  73.  .ti +3
    74. 

  74. -spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) &
    75. 

  75. +spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) &
    76. 

  76.  .fi
    77. 

  77.  .sp
    78. 

  78.  executes, in a background child process, the shell command "safe_finger
    79. 

  79. diff -ruNp tcp_wrappers_7.6.orig/inetcf.c tcp_wrappers_7.6/inetcf.c
    80. 

  80. --- tcp_wrappers_7.6.orig/inetcf.c	1997-02-12 02:13:24.000000000 +0100
    81. 

  81. +++ tcp_wrappers_7.6/inetcf.c	2005-03-09 18:27:03.000000000 +0100
    82. 

  82. @@ -26,13 +26,17 @@ extern void exit();
    83. 

  83.    * guesses. Shorter names follow longer ones.
    84. 

  84.    */
    85. 

  85.  char   *inet_files[] = {
    86. 

  86. +#if 0
    87. 

  87.      "/private/etc/inetd.conf",		/* NEXT */
    88. 

  88.      "/etc/inet/inetd.conf",		/* SYSV4 */
    89. 

  89.      "/usr/etc/inetd.conf",		/* IRIX?? */
    90. 

  90. +#endif
    91. 

  91.      "/etc/inetd.conf",			/* BSD */
    92. 

  92. +#if 0
    93. 

  93.      "/etc/net/tlid.conf",		/* SYSV4?? */
    94. 

  94.      "/etc/saf/tlid.conf",		/* SYSV4?? */
    95. 

  95.      "/etc/tlid.conf",			/* SYSV4?? */
    96. 

  96. +#endif
    97. 

  97.      0,
    98. 

  98.  };
    99. 

  99.  
    100. 

  100. diff -ruNp tcp_wrappers_7.6.orig/tcpd.8 tcp_wrappers_7.6/tcpd.8
    101. 

  101. --- tcp_wrappers_7.6.orig/tcpd.8	1996-02-21 16:39:16.000000000 +0100
    102. 

  102. +++ tcp_wrappers_7.6/tcpd.8	2005-03-09 18:27:03.000000000 +0100
    103. 

  103. @@ -12,7 +12,11 @@ The program supports both 4.3BSD-style s
    104. 

  104.  TLI.  Functionality may be limited when the protocol underneath TLI is
    105. 

  105.  not an internet protocol.
    106. 

  106.  .PP
    107. 

  107. -Operation is as follows: whenever a request for service arrives, the
    108. 

  108. +There are two possible modes of operation: execution of \fItcpd\fP
    109. 

  109. +before a service started by \fIinetd\fP, or linking a daemon with
    110. 

  110. +the \fIlibwrap\fP shared library as documented in the \fIhosts_access\fR(3)
    111. 

  111. +manual page. Operation when started by \fIinetd\fP
    112. 

  112. +is as follows: whenever a request for service arrives, the
    113. 

  113.  \fIinetd\fP daemon is tricked into running the \fItcpd\fP program
    114. 

  114.  instead of the desired server. \fItcpd\fP logs the request and does
    115. 

  115.  some additional checks. When all is well, \fItcpd\fP runs the
    116. 

  116. @@ -88,11 +92,11 @@ configuration files.
    117. 

  117.  .sp
    118. 

  118.  .in +5
    119. 

  119.  # mkdir /other/place
    120. 

  120. -# mv /usr/etc/in.fingerd /other/place
    121. 

  121. -# cp tcpd /usr/etc/in.fingerd
    122. 

  122. +# mv /usr/sbin/in.fingerd /other/place
    123. 

  123. +# cp tcpd /usr/sbin/in.fingerd
    124. 

  124.  .fi
    125. 

  125.  .PP
    126. 

  126. -The example assumes that the network daemons live in /usr/etc. On some
    127. 

  127. +The example assumes that the network daemons live in /usr/sbin. On some
    128. 

  128.  systems, network daemons live in /usr/sbin or in /usr/libexec, or have
    129. 

  129.  no `in.\' prefix to their name.
    130. 

  130.  .SH EXAMPLE 2
    131. 

  131. @@ -101,35 +105,34 @@ are left in their original place.
    132. 

  132.  .PP
    133. 

  133.  In order to monitor access to the \fIfinger\fR service, perform the
    134. 

  134.  following edits on the \fIinetd\fR configuration file (usually 
    135. 

  135. -\fI/etc/inetd.conf\fR or \fI/etc/inet/inetd.conf\fR):
    136. 

  136. +\fI/etc/inetd.conf\fR):
    137. 

  137.  .nf
    138. 

  138.  .sp
    139. 

  139.  .ti +5
    140. 

  140. -finger  stream  tcp  nowait  nobody  /usr/etc/in.fingerd  in.fingerd
    141. 

  141. +finger  stream  tcp  nowait  nobody  /usr/sbin/in.fingerd  in.fingerd
    142. 

  142.  .sp
    143. 

  143.  becomes:
    144. 

  144.  .sp
    145. 

  145.  .ti +5
    146. 

  146. -finger  stream  tcp  nowait  nobody  /some/where/tcpd     in.fingerd
    147. 

  147. +finger  stream  tcp  nowait  nobody  /usr/sbin/tcpd     in.fingerd
    148. 

  148.  .sp
    149. 

  149.  .fi
    150. 

  150.  .PP
    151. 

  151. -The example assumes that the network daemons live in /usr/etc. On some
    152. 

  152. +The example assumes that the network daemons live in /usr/sbin. On some
    153. 

  153.  systems, network daemons live in /usr/sbin or in /usr/libexec, the
    154. 

  154.  daemons have no `in.\' prefix to their name, or there is no userid
    155. 

  155.  field in the inetd configuration file.
    156. 

  156.  .PP
    157. 

  157.  Similar changes will be needed for the other services that are to be
    158. 

  158.  covered by \fItcpd\fR.  Send a `kill -HUP\' to the \fIinetd\fR(8)
    159. 

  159. -process to make the changes effective. AIX users may also have to
    160. 

  160. -execute the `inetimp\' command.
    161. 

  161. +process to make the changes effective.
    162. 

  162.  .SH EXAMPLE 3
    163. 

  163.  In the case of daemons that do not live in a common directory ("secret"
    164. 

  164.  or otherwise), edit the \fIinetd\fR configuration file so that it
    165. 

  165.  specifies an absolute path name for the process name field. For example:
    166. 

  166.  .nf
    167. 

  167.  .sp
    168. 

  168. -    ntalk  dgram  udp  wait  root  /some/where/tcpd  /usr/local/lib/ntalkd
    169. 

  169. +    ntalk  dgram  udp  wait  root  /usr/sbin/tcpd  /usr/local/lib/ntalkd
    170. 

  170.  .sp
    171. 

  171.  .fi
    172. 

  172.  .PP
    173. 

  173. @@ -164,6 +167,7 @@ The default locations of the host access
    174. 

  174.  .SH SEE ALSO
    175. 

  175.  .na
    176. 

  176.  .nf
    177. 

  177. +hosts_access(3), functions provided by the libwrap library.
    178. 

  178.  hosts_access(5), format of the tcpd access control tables.
    179. 

  179.  syslog.conf(5), format of the syslogd control file.
    180. 

  180.  inetd.conf(5), format of the inetd control file.
    181. 

  181. diff -ruNp tcp_wrappers_7.6.orig/tcpdchk.8 tcp_wrappers_7.6/tcpdchk.8
    182. 

  182. --- tcp_wrappers_7.6.orig/tcpdchk.8	1995-01-08 17:00:31.000000000 +0100
    183. 

  183. +++ tcp_wrappers_7.6/tcpdchk.8	2005-03-09 18:27:03.000000000 +0100
    184. 

  184. @@ -9,8 +9,8 @@ tcpdchk [-a] [-d] [-i inet_conf] [-v]
    185. 

  185.  potential and real problems it can find. The program examines the
    186. 

  186.  \fItcpd\fR access control files (by default, these are
    187. 

  187.  \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR), and compares the
    188. 

  188. -entries in these files against entries in the \fIinetd\fR or \fItlid\fR
    189. 

  189. -network configuration files.
    190. 

  190. +entries in these files against entries in the \fIinetd\fR
    191. 

  191. +network configuration file.
    192. 

  192.  .PP
    193. 

  193.  \fItcpdchk\fR reports problems such as non-existent pathnames; services
    194. 

  194.  that appear in \fItcpd\fR access control rules, but are not controlled
    195. 

  195. @@ -26,14 +26,13 @@ problem.
    196. 

  196.  .SH OPTIONS
    197. 

  197.  .IP -a
    198. 

  198.  Report access control rules that permit access without an explicit
    199. 

  199. -ALLOW keyword. This applies only when the extended access control
    200. 

  200. -language is enabled (build with -DPROCESS_OPTIONS).
    201. 

  201. +ALLOW keyword.
    202. 

  202.  .IP -d
    203. 

  203.  Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
    204. 

  204.  directory instead of the default ones.
    205. 

  205.  .IP "-i inet_conf"
    206. 

  206.  Specify this option when \fItcpdchk\fR is unable to find your
    207. 

  207. -\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
    208. 

  208. +\fIinetd.conf\fR network configuration file, or when
    209. 

  209.  you suspect that the program uses the wrong one.
    210. 

  210.  .IP -v
    211. 

  211.  Display the contents of each access control rule.  Daemon lists, client
    212. 

  212. @@ -54,7 +53,6 @@ tcpdmatch(8), explain what tcpd would do
    213. 

  213.  hosts_access(5), format of the tcpd access control tables.
    214. 

  214.  hosts_options(5), format of the language extensions.
    215. 

  215.  inetd.conf(5), format of the inetd control file.
    216. 

  216. -tlid.conf(5), format of the tlid control file.
    217. 

  217.  .SH AUTHORS
    218. 

  218.  .na
    219. 

  219.  .nf
    220. 

  220. diff -ruNp tcp_wrappers_7.6.orig/tcpdmatch.8 tcp_wrappers_7.6/tcpdmatch.8
    221. 

  221. --- tcp_wrappers_7.6.orig/tcpdmatch.8	2005-03-09 18:30:24.000000000 +0100
    222. 

  222. +++ tcp_wrappers_7.6/tcpdmatch.8	2005-03-09 18:27:03.000000000 +0100
    223. 

  223. @@ -13,7 +13,7 @@ request for service.  Examples are given
    224. 

  224.  The program examines the \fItcpd\fR access control tables (default
    225. 

  225.  \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its
    226. 

  226.  conclusion.  For maximal accuracy, it extracts additional information
    227. 

  227. -from your \fIinetd\fR or \fItlid\fR network configuration file.
    228. 

  228. +from your \fIinetd\fR network configuration file.
    229. 

  229.  .PP
    230. 

  230.  When \fItcpdmatch\fR finds a match in the access control tables, it
    231. 

  231.  identifies the matched rule. In addition, it displays the optional
    232. 

  232. @@ -50,7 +50,7 @@ Examine \fIhosts.allow\fR and \fIhosts.d
    233. 

  233.  directory instead of the default ones.
    234. 

  234.  .IP "-i inet_conf"
    235. 

  235.  Specify this option when \fItcpdmatch\fR is unable to find your
    236. 

  236. -\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
    237. 

  237. +\fIinetd.conf\fR network configuration file, or when
    238. 

  238.  you suspect that the program uses the wrong one.
    239. 

  239.  .SH EXAMPLES
    240. 

  240.  To predict how \fItcpd\fR would handle a telnet request from the local
    241. 

  241. @@ -86,7 +86,6 @@ tcpdchk(8), tcpd configuration checker
    242. 

  242.  hosts_access(5), format of the tcpd access control tables.
    243. 

  243.  hosts_options(5), format of the language extensions.
    244. 

  244.  inetd.conf(5), format of the inetd control file.
    245. 

  245. -tlid.conf(5), format of the tlid control file.
    246. 

  246.  .SH AUTHORS
    247. 

  247.  .na
    248. 

  248.  .nf
    249. 

  249.