3 @@ -150,15 +150,15 @@ netbsd:
6 @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
7 - LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
8 + LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
9 NETGROUP="-DNETGROUP" TLI= VSYSLOG= BUGS= \
10 - EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all
11 + EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DHAVE_WEAKSYMS -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all
14 @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
15 - LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
16 + LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
17 NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= \
18 - EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DINET6=1" all
19 + EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DINET6=1 -DHAVE_WEAKSYMS -D_REENTRANT" all
21 # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
22 hpux hpux8 hpux9 hpux10:
23 @@ -692,6 +692,7 @@ CFLAGS = $(COPTS) -DFACILITY=$(FACILITY)
24 -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
25 $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
26 $(VSYSLOG) $(HOSTNAME)
29 LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
30 hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
31 @@ -713,7 +714,22 @@ KIT = README miscd.c tcpd.c fromhost.c h
35 -all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
37 + $(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@
42 +SHLIB = shared/libwrap.so.$(SOMAJOR).$(SOMINOR)
43 +SHLIBSOMAJ = shared/libwrap.so.$(SOMAJOR)
44 +SHLIBSO = shared/libwrap.so
45 +SHLIBFLAGS = -Lshared -lwrap
47 +SHLINKFLAGS = -Bsymbolic-functions -shared -Wl,-soname=libwrap.so.$(SOMAJOR) -Wl,--version-script=libwrap.lds
49 +SHLIB_OBJ= $(addprefix shared/, $(LIB_OBJ))
51 +all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(LIB)
53 # Invalidate all object files when the compiler options (CFLAGS) have changed.
55 @@ -731,27 +747,33 @@ $(LIB): $(LIB_OBJ)
56 $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
60 - $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
61 +$(SHLIB): libwrap.lds $(SHLIB_OBJ)
63 + $(CC) $(CFLAGS) $(LDFLAGS) -o $(SHLIB) $(SHLINKFLAGS) $(SHLIB_OBJ) $(LIBS)
64 + ln -sf $(notdir $(SHLIB)) $(SHLIBSOMAJ)
65 + ln -sf $(notdir $(SHLIBSOMAJ)) $(SHLIBSO)
67 +tcpd: tcpd.o $(SHLIB)
68 + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ tcpd.o $(SHLIBFLAGS)
71 - $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
72 + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
74 -safe_finger: safe_finger.o $(LIB)
75 - $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
76 +safe_finger: safe_finger.o
77 + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ safe_finger.o
79 TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
81 -tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
82 - $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
83 +tcpdmatch: $(TCPDMATCH_OBJ) $(SHLIB)
84 + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS)
86 -try-from: try-from.o fakelog.o $(LIB)
87 - $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
88 +try-from: try-from.o fakelog.o $(SHLIB)
89 + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS)
91 TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
93 -tcpdchk: $(TCPDCHK_OBJ) $(LIB)
94 - $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
95 +tcpdchk: $(TCPDCHK_OBJ) $(SHLIB)
96 + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(TCPDCHK_OBJ) $(SHLIBFLAGS)
100 @@ -767,7 +789,9 @@ archive:
103 rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
110 @@ -913,5 +937,6 @@ update.o: cflags
114 +weak_symbols.o: tcpd.h
115 workarounds.o: cflags
116 workarounds.o: tcpd.h
120 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
123 +#ifndef _TCPWRAPPERS_TCPD_H
124 +#define _TCPWRAPPERS_TCPD_H
126 +/* Need definitions of struct sockaddr_in and FILE. */
127 +#include <netinet/in.h>
132 /* Structure to describe one communications endpoint. */
134 #define STRING_LENGTH 128 /* hosts, users, processes */
135 @@ -29,10 +38,10 @@ struct request_info {
136 char pid[10]; /* access via eval_pid(request) */
137 struct host_info client[1]; /* client endpoint info */
138 struct host_info server[1]; /* server endpoint info */
139 - void (*sink) (); /* datagram sink function or 0 */
140 - void (*hostname) (); /* address to printable hostname */
141 - void (*hostaddr) (); /* address to printable address */
142 - void (*cleanup) (); /* cleanup function or 0 */
143 + void (*sink) (int); /* datagram sink function or 0 */
144 + void (*hostname) (struct host_info *); /* address to printable hostname */
145 + void (*hostaddr) (struct host_info *); /* address to printable address */
146 + void (*cleanup) (struct request_info *); /* cleanup function or 0 */
147 struct netconfig *config; /* netdir handle */
150 @@ -70,20 +79,27 @@ extern void fromhost(); /* get/validat
151 #define fromhost sock_host /* no TLI support needed */
154 -extern int hosts_access(); /* access control */
155 -extern void shell_cmd(); /* execute shell command */
156 -extern char *percent_x(); /* do %<char> expansion */
157 -extern void rfc931(); /* client name from RFC 931 daemon */
158 -extern void clean_exit(); /* clean up and exit */
159 -extern void refuse(); /* clean up and exit */
160 -extern char *xgets(); /* fgets() on steroids */
161 -extern char *split_at(); /* strchr() and split */
162 -extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
163 +extern int hosts_access(struct request_info *request); /* access control */
164 +extern void shell_cmd(char *); /* execute shell command */
165 +extern char *percent_x(char *, int, char *, struct request_info *);
166 + /* do %<char> expansion */
167 +extern void rfc931(struct sockaddr *, struct sockaddr *, char *);
168 + /* client name from RFC 931 daemon */
169 +extern void clean_exit(struct request_info *); /* clean up and exit */
170 +extern void refuse(struct request_info *); /* clean up and exit */
171 +extern char *xgets(char *, int, FILE *); /* fgets() on steroids */
172 +extern char *split_at(char *, int); /* strchr() and split */
173 +extern unsigned long dot_quad_addr(char *); /* restricted inet_addr() */
175 /* Global variables. */
177 +#ifdef HAVE_WEAKSYMS
178 +extern int allow_severity __attribute__ ((weak)); /* for connection logging */
179 +extern int deny_severity __attribute__ ((weak)); /* for connection logging */
181 extern int allow_severity; /* for connection logging */
182 extern int deny_severity; /* for connection logging */
184 extern char *hosts_allow_table; /* for verification mode redirection */
185 extern char *hosts_deny_table; /* for verification mode redirection */
186 extern int hosts_access_verbose; /* for verbose matching mode */
187 @@ -98,6 +114,8 @@ extern int resident; /* > 0 if residen
189 extern struct request_info *request_init(struct request_info *,...);
190 extern struct request_info *request_set(struct request_info *,...);
191 +extern int hosts_ctl(char *daemon, char *client_name, char *client_addr,
192 + char *client_user);
194 extern struct request_info *request_init(); /* initialize request */
195 extern struct request_info *request_set(); /* update request structure */
196 @@ -121,20 +139,23 @@ extern struct request_info *request_set(
197 * host_info structures serve as caches for the lookup results.
200 -extern char *eval_user(); /* client user */
201 -extern char *eval_hostname(); /* printable hostname */
202 -extern char *eval_hostaddr(); /* printable host address */
203 -extern char *eval_hostinfo(); /* host name or address */
204 -extern char *eval_client(); /* whatever is available */
205 -extern char *eval_server(); /* whatever is available */
206 +extern char *eval_user(struct request_info *); /* client user */
207 +extern char *eval_hostname(struct host_info *); /* printable hostname */
208 +extern char *eval_hostaddr(struct host_info *); /* printable host address */
209 +extern char *eval_hostinfo(struct host_info *); /* host name or address */
210 +extern char *eval_client(struct request_info *);/* whatever is available */
211 +extern char *eval_server(struct request_info *);/* whatever is available */
212 #define eval_daemon(r) ((r)->daemon) /* daemon process name */
213 #define eval_pid(r) ((r)->pid) /* process id */
215 /* Socket-specific methods, including DNS hostname lookups. */
217 -extern void sock_host(); /* look up endpoint addresses */
218 -extern void sock_hostname(); /* translate address to hostname */
219 -extern void sock_hostaddr(); /* address to printable address */
220 +/* look up endpoint addresses */
221 +extern void sock_host(struct request_info *);
222 +/* translate address to hostname */
223 +extern void sock_hostname(struct host_info *);
224 +/* address to printable address */
225 +extern void sock_hostaddr(struct host_info *);
226 #define sock_methods(r) \
227 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
229 @@ -182,7 +203,7 @@ extern struct tcpd_context tcpd_context;
233 -extern void process_options(); /* execute options */
234 +extern void process_options(char *, struct request_info *);/* execute options */
235 extern int dry_run; /* verification flag */
237 /* Bug workarounds. */
238 @@ -221,3 +242,7 @@ extern char *fix_strtok();
239 #define strtok my_strtok
240 extern char *my_strtok();
250 + * Author: Anthony Towns <ajt@debian.org>
253 +#ifdef HAVE_WEAKSYMS
256 +int deny_severity = LOG_WARNING;
257 +int allow_severity = SEVERITY;