Usenet 1994 October

home *** CD-ROM | disk | FTP | other *** search

/ Usenet 1994 October / usenetsourcesnewsgroupsinfomagicoctober1994disk2.iso / misc / volume41 / tcp_wrappers / patch01 next >

Wrap

Text File | 1994-01-25 | 55.7 KB | 1,808 lines

Newsgroups: comp.sources.misc From: wietse@wzv.win.tue.nl (Wietse Venema) Subject: v41i108: tcp_wrappers - TCP/IP daemon wrappers v6.0, Patch01 Message-ID: <1994Jan25.213939.5513@sparky.sterling.com> X-Md4-Signature: 171188239b2fc5a648179492e789a730 Sender: kent@sparky.sterling.com (Kent Landfield) Organization: Eindhoven University of Technology, The Netherlands Date: Tue, 25 Jan 1994 21:39:39 GMT Approved: kent@sparky.sterling.com Submitted-by: wietse@wzv.win.tue.nl (Wietse Venema) Posting-number: Volume 41, Issue 108 Archive-name: tcp_wrappers/patch01 Environment: UNIX, INET Patch-To: tcp_wrappers: Volume 39, Issue 110-113 This is a patch to the 6.0 version of the TCP/IP daemon wrapper package that appeared in comp.sources.misc Volume 39, Issue 110. A fully-patched source kit can be found in the usual places: ftp.win.tue.nl:/pub/security/tcp_wrappers_6.1.shar.Z cert.org:/pub/tools/tcp_wrappers With these programs you can monitor and control who connects to your TFTP, EXEC, FTP, RSH, TELNET, RLOGIN, FINGER, and SYSTAT network services, and many others. The programs can be installed without any changes to existing software or configuration files. By default, they just log the remote host name and do some sanity checks on the origin of the request. No information is exchanged with the remote client process. Release 6.1 deals with portability issues: new ready-to-build Makefile rule sets for Dynix, Convex, SCO, EP/IX and others; workarounds for strangeness in NeXT, Dynix/PTX (still incomplete), and DG/UX. If the 6.0 release works for you, there is no need to install 6.1. There is a small change in internal interfaces; older applications must be recompiled before they can be linked to the new wrapper library. Wietse Venema (wietse@wzv.win.tue.nl), Department of Mathematics and Computing Science, Eindhoven University of Technology, The Netherlands. diff -c ../6.0/BLURB ./BLURB *** ../6.0/BLURB Tue Dec 21 21:37:57 1993 --- ./BLURB Tue Dec 21 21:37:16 1993 *************** *** 1,6 **** ! @(#) BLURB 1.14 93/09/28 23:03:27 ! This is the 6.0 version of the TCP/IP daemon wrapper package. With these programs you can monitor and control who connects to your TFTP, EXEC, FTP, RSH, TELNET, RLOGIN, FINGER, and SYSTAT network --- 1,6 ---- ! @(#) BLURB 1.15 93/12/13 22:22:51 ! This is the 6.1 version of the TCP/IP daemon wrapper package. With these programs you can monitor and control who connects to your TFTP, EXEC, FTP, RSH, TELNET, RLOGIN, FINGER, and SYSTAT network *************** *** 11,41 **** and do some sanity checks on the origin of the request. No information is exchanged with the remote client process. ! Significant differences with respect to the previous release: ! - Easier to install: ready-to-use build procedures for many common ! UNIX implementations (sun, ultrix, hp-ux, irix, aix, ...). ! ! - Support for the System V.4 TLI network programming interface ! (Solaris, DG/UX etc.). In case of TLI applications on top of ! TCP/IP, the wrappers provide the same functionality as with ! socket-based applications. ! ! - A more secure finger tool for automatic reverse finger probes. ! ! - New extension language keywords: "severity", to adjust the log ! noise level; "allow" and "deny", to keep all access-control rules ! within a single file. ! ! - More support for selective remote username lookups. ! ! - More workarounds for System V bugs: IRIX username lookups, and ! SCO problems with UDP. ! ! The default mode of operation (no TLI support) should be backwards ! compatible with earlier versions. The library interface has changed, ! though, and programs that depend on the libwrap.a library will have to ! be recompiled before they can be relinked. Wietse Venema (wietse@wzv.win.tue.nl), Department of Mathematics and Computing Science, --- 11,23 ---- and do some sanity checks on the origin of the request. No information is exchanged with the remote client process. ! Release 6.1 deals with portability issues: new ready-to-build Makefile ! rule sets for Dynix, Convex, SCO, EP/IX and others; workarounds for ! strangeness in NeXT, Dynix/PTX (still incomplete), and DG/UX. If the ! 6.0 release works for you, there is no need to install 6.1. ! There is a small change in internal interfaces; older applications must ! be recompiled before they can be linked to the new wrapper library. Wietse Venema (wietse@wzv.win.tue.nl), Department of Mathematics and Computing Science, diff -c ../6.0/CHANGES ./CHANGES *** ../6.0/CHANGES Tue Dec 21 21:38:06 1993 --- ./CHANGES Tue Dec 21 21:37:25 1993 *************** *** 1,3 **** --- 1,43 ---- + Changes per release 6.1. + ======================== + + - Re-implemented all environment access routines. Most systems have + putenv() but no setenv(), some systems have setenv() but no putenv(), + and there are even systems that have neither setenv() nor putenv(). The + benefit of all this is that more systems can now be treated in the same + way. File: environ.c. + + - Workaround for a weird problem with DG/UX when the wrapper is run as + nobody (i.e. fingerd). For some reason the ioctl(fd, I_FIND, "sockmod") + call fails even with socket-based applications. The "fix" is to always + assume sockets when the ioctl(fd, I_FIND, "timod") call fails. File: + fromhost.c. Thanks to Paul de Vries (vries@dutentb.et.tudelft.nl) for + helping me to figure out this one. + + - Implemented a workaround for Dynix/PTX and other systems with TLI + that lack some essential support routines. Thanks to Bugs Brouillard + (brouill@hsuseq.humboldt.edu) for the hospitality to try things out. + The trick is to temporarily switch to the socket API to identify the + client, and to switch back to TLI when done. It still does not work + right for basic network services such as telnet. File: fromhost.c. + + - Easy-to-build procedures for SCO UNIX, ConvexOS with UltraNet, EP/IX, + Dynix 3.2, Dynix/PTX. File: Makefile. + + - Variable rfc931 timeout. Files: rfc931.c, options.c, log_tcp.h, try.c. + + - Further simplification of the rfc931 code. File: rfc931.c. + + - The fromhost() interface stinks: I cannot change that, but at least + the from_sock() and from_tli() functions now accept a file descriptor + argument. + + - Fixed a buglet: fromhost() would pass a garbage file descriptor to + the isastream() call. + + - On some systems the finger client program lives in /usr/bsd. File: + safe_finger.c. + Changes per release 6.0. ======================== diff -c ../6.0/Makefile ./Makefile *** ../6.0/Makefile Tue Dec 21 21:37:56 1993 --- ./Makefile Tue Dec 21 21:37:14 1993 *************** *** 1,22 **** ! # @(#) Makefile 1.9 93/09/28 23:39:55 what: @echo @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:" @echo ! @echo " make type-of-system" @echo @echo "If you are in a hurry you can try instead:" @echo ! @echo " make REAL_DAEMON_DIR=/some/where type-of-system" @echo ! @echo "This Makefile knows about the following types of systems:" @echo ! @echo " sunos4 sunos5 next irix hpux ultrix aix alpha osf" ! @echo " sunos40 {386,net,free}bsd linux sysv4 esix dgux" @echo @echo "If none of these match your environment, edit the system" ! @echo "dependencies section in the Makefile and do a 'make other'." @echo ####################################################### --- 1,29 ---- ! # @(#) Makefile 1.10 93/12/13 22:22:56 what: @echo @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:" @echo ! @echo " make sys-type" @echo @echo "If you are in a hurry you can try instead:" @echo ! @echo " make REAL_DAEMON_DIR=/foo/bar sys-type" @echo ! @echo "And for a version with language extensions enabled:" @echo ! @echo " make REAL_DAEMON_DIR=/foo/bar STYLE=-DPROCESS_OPTIONS sys-type" @echo + @echo "This Makefile knows about the following sys-types:" + @echo + @echo " generic (most bsd-ish systems with sys5 compatibility)" + @echo " 386bsd aix alpha apollo convex-ultranet dgux dynix" + @echo " dynix-ptx epix esix freebsd hpux irix isc(untested)" + @echo " linux mips(untested) netbsd next osf sco-nis sco-od2" + @echo " sunos4 sunos40 sunos5 sysv4 ultrix unicos(untested)" + @echo @echo "If none of these match your environment, edit the system" ! @echo "dependencies sections in the Makefile and do a 'make other'." @echo ####################################################### *************** *** 31,37 **** # # Uncomment the appropriate line if you are going to edit inetd.conf. # ! # Ultrix 4.x SunOS 4.x #REAL_DAEMON_DIR=/usr/etc # # SysV.4 Solaris 2.x OSF AIX --- 38,44 ---- # # Uncomment the appropriate line if you are going to edit inetd.conf. # ! # Ultrix 4.x SunOS 4.x ConvexOS 10.x #REAL_DAEMON_DIR=/usr/etc # # SysV.4 Solaris 2.x OSF AIX *************** *** 40,46 **** # BSD 4.4 #REAL_DAEMON_DIR=/usr/libexec # ! # HP-UX #REAL_DAEMON_DIR=/etc # Easy installation: vendor-provided network daemons are moved to "some --- 47,53 ---- # BSD 4.4 #REAL_DAEMON_DIR=/usr/libexec # ! # HP-UX SCO #REAL_DAEMON_DIR=/etc # Easy installation: vendor-provided network daemons are moved to "some *************** *** 51,57 **** # # Uncomment the appropriate line if you are going to move your daemons. # ! # Ultrix 4.x SunOS 4.x #REAL_DAEMON_DIR=/usr/etc/... # # SysV.4 Solaris 2.x OSF AIX --- 58,64 ---- # # Uncomment the appropriate line if you are going to move your daemons. # ! # Ultrix 4.x SunOS 4.x ConvexOS 10.x #REAL_DAEMON_DIR=/usr/etc/... # # SysV.4 Solaris 2.x OSF AIX *************** *** 60,78 **** # BSD 4.4 #REAL_DAEMON_DIR=/usr/libexec/... # ! # HP-UX #REAL_DAEMON_DIR=/etc/... # End of mandatory section ########################## ! ############################################## ! # System dependencies: ready-to-use templates. # ! # Ready-to-use templates are available for sunos 4.x, sunos 5.x (sysv4), ! # ultrix, hp-ux, irix 4.x and others. These templates take care of all system ! # dependencies: after editing the REAL_DAEMON_DIR definition above, just do ! # a "make sunos4" (or whatever system type is appropriate). # # If your system is not listed (or something that comes close enough), you # will have to edit the system depencies section below and do a "make other". --- 67,85 ---- # BSD 4.4 #REAL_DAEMON_DIR=/usr/libexec/... # ! # HP-UX SCO #REAL_DAEMON_DIR=/etc/... # End of mandatory section ########################## ! ########################################## ! # Ready-to-use system-dependent templates. # ! # Ready-to-use templates are available for many systems (see the "echo" ! # commands at the start of this Makefile). The templates take care of ! # all system dependencies: after editing the REAL_DAEMON_DIR definition ! # above, do a "make sunos4" (or whatever system type is appropriate). # # If your system is not listed (or something that comes close enough), you # will have to edit the system depencies section below and do a "make other". *************** *** 80,145 **** # Send templates for other UNIX versions to wietse@wzv.win.tue.nl. # This is good for many BSD+SYSV hybrids with NIS (formerly YP). ! sunos4 next aix osf alpha: ! @make LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ NETGROUP=-DNETGROUP TLI= all ! # SunOS stopped at release 4.0.x for the 386. sunos40: ! @make LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="setenv.o strcasecmp.o" \ NETGROUP=-DNETGROUP TLI= all ! # Ultrix is like sunos4, next, etc., but has miscd, too. ultrix: ! @make LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ NETGROUP=-DNETGROUP TLI= all miscd ! # Free bsd and linux have no NIS. 386bsd netbsd freebsd: ! @make LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= all linux: ! @make LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. hpux hpux8 hpux9: ! @make LIBS= RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \ NETGROUP=-DNETGROUP TLI= all # IRIX 4.0.x has a special ar(1) flag. irix: ! @make LIBS=-lsun RANLIB=echo ARFLAGS=rvs AUX_OBJ=setenv.o \ NETGROUP=-DNETGROUP TLI= all # SunOS 5.x is close enough to generic System V.4 sunos5 esix sysv4: ! @make LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \ ! NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all # DG/UX 5.4.1 is like SYSV.4 but slightly different. dgux: ! @make LIBS=-lnsl RANLIB=echo ARFLAGS=rv \ ! NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \ BUGS="$(BUGS) -DINET_ADDR_BUG" all ! # Untested templates. The wrapper is known to run on these systems, I just ! # don't have sufficient time+details to prepare complete makefile templates. ! ptx: ! @echo "Warning: the AUX_OBJ and/or NETGROUP definitions may be wrong." ! make LIBS="-lsocket -linet -lnsl -lnfs" RANLIB=echo ARFLAGS=rv \ ! AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI=-DTLI all isc: ! @echo "Warning: the AUX_OBJ and/or NETGROUP definitions may be wrong." ! make LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \ ! AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI= all unicos: @echo "Warning: some definitions may be wrong." ! make LIBS=-lnet RANLIB=echo ARFLAGS=rv \ ! AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI= all ############################################################### # System dependencies: TLI (transport-level interface) support. --- 87,209 ---- # Send templates for other UNIX versions to wietse@wzv.win.tue.nl. # This is good for many BSD+SYSV hybrids with NIS (formerly YP). ! generic sunos4 aix osf alpha dynix: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ NETGROUP=-DNETGROUP TLI= all ! # The NeXT loader needs "-m" or it barfs on redefined library functions. ! next: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS=-m RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ ! NETGROUP=-DNETGROUP TLI= all ! ! # SunOS for the 386 was frozen at release 4.0.x. sunos40: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="environ.o strcasecmp.o" \ NETGROUP=-DNETGROUP TLI= all ! # Ultrix is like sunos4, aix, next, etc., but has miscd, too. ultrix: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ NETGROUP=-DNETGROUP TLI= all miscd ! # This works on EP/IX 1.4.3 and will likely work on Mips (reggers@julian.uwo.ca) ! epix: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ ! NETGROUP=-DNETGROUP TLI= SYSTYPE="-systype bsd43" all ! ! # Free bsd and linux by default have no NIS. 386bsd netbsd freebsd: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= all linux: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. hpux hpux8 hpux9: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS= RANLIB=echo ARFLAGS=rv AUX_OBJ=environ.o \ NETGROUP=-DNETGROUP TLI= all + # ConvexOS-10.x with UltraNet support (ukkonen@csc.fi). + convex-ultranet: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS=-lulsock RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ + NETGROUP=-DNETGROUP TLI= all + + # Dynix/PTX has TLI, but the support is not as complete as with SYSV4. + + dynix-ptx: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \ + AUX_OBJ="environ.o strcasecmp.o" NETGROUP= TLI=-DTLI_SOCKETS all + # IRIX 4.0.x has a special ar(1) flag. irix: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS=-lsun RANLIB=echo ARFLAGS=rvs AUX_OBJ=environ.o \ NETGROUP=-DNETGROUP TLI= all # SunOS 5.x is close enough to generic System V.4 sunos5 esix sysv4: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \ ! NETGROUP=-DNETGROUP AUX_OBJ=environ.o TLI=-DTLI all # DG/UX 5.4.1 is like SYSV.4 but slightly different. dgux: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS=-lnsl RANLIB=echo ARFLAGS=rv \ ! NETGROUP=-DNETGROUP AUX_OBJ=environ.o TLI=-DTLI \ BUGS="$(BUGS) -DINET_ADDR_BUG" all ! # SCO OpenDesktop 2.0, release 3.2 (peter@midnight.com). ! sco-od2: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS="-lrpcsvc -lrpc -lyp -lrpc -lrpcsvc -lsocket" \ ! RANLIB=echo ARFLAGS=rv AUX_OBJ=environ.o \ ! NETGROUP=-DNETGROUP TLI="" all ! # SCO 3.2v4.2 with TCP/IP 1.2.1 (Eduard.Vopicka@vse.cz) ! sco-nis: ! @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS="-lyp -lrpc -lsocket -lyp -lc_s -lc" \ ! RANLIB=echo ARFLAGS=rv AUX_OBJ=environ.o \ ! NETGROUP=-DNETGROUP TLI= EXTRA_CFLAGS="-nointl" all + # Domain SR10.4. Build under bsd, run under either sysv3 or bsd43. + apollo: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ + NETGROUP=-DNETGROUP TLI= SYSTYPE="-A run,any -A sys,any" all + + # Untested. + mips: + @echo "Warning: some definitions may be wrong." + make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ + NETGROUP=-DNETGROUP TLI= SYSTYPE="-sysname bsd43" all + + # Untested. isc: ! @echo "Warning: some definitions may be wrong." ! make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \ ! AUX_OBJ="environ.o strcasecmp.o" NETGROUP= TLI= all + # Untested. Borrow me a Cray? unicos: @echo "Warning: some definitions may be wrong." ! make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ! LIBS=-lnet RANLIB=echo ARFLAGS=rv \ ! AUX_OBJ="environ.o strcasecmp.o" NETGROUP= TLI= all ############################################################### # System dependencies: TLI (transport-level interface) support. *************** *** 166,183 **** ############################################################################# # System dependencies: routines that are not present in the system libraries. # ! # If your system library does not have setenv(), strcasecmp() or strtok(), ! # use the ones provided with this source distribution. ! AUX_OBJ= setenv.o ! #AUX_OBJ= setenv.o strcasecmp.o ! #AUX_OBJ= setenv.o strcasecmp.o strtok.o # Uncomment the following if your C library does not provide the # strchr/strrchr/memcmp routines, but comes with index/rindex/bcmp. If # that is the case, you probably also do not have strtok() (see above). # ! #STRINGS= -Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp ################################################################# # System dependencies: selection of non-default object libraries. --- 230,248 ---- ############################################################################# # System dependencies: routines that are not present in the system libraries. # ! # If your system library does not have set/putenv(), strcasecmp() or strtok(), ! # use the ones provided with this source distribution. The environ.c module ! # implements setenv(), getenv(), and putenv(). ! AUX_OBJ= environ.o ! #AUX_OBJ= environ.o strcasecmp.o ! #AUX_OBJ= environ.o strcasecmp.o strtok.o # Uncomment the following if your C library does not provide the # strchr/strrchr/memcmp routines, but comes with index/rindex/bcmp. If # that is the case, you probably also do not have strtok() (see above). # ! #STRINGS= -Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy ################################################################# # System dependencies: selection of non-default object libraries. *************** *** 400,406 **** KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \ log_tcp.h try.c refuse.c Makefile hosts_access.5 strcasecmp.c \ BLURB rfc931.c tcpd.8 hosts_info.c hosts_access.3 hosts_ctl.c \ ! percent_x.c options.c clean_exit.c setenv.c patchlevel.h strtok.c \ fix_options.c workarounds.c socket.c tli.c DISCLAIMER \ fakelog.c safe_finger.c hosts_options.5 options.h CHANGES \ try-from.c init_client.c 6compat.c --- 465,471 ---- KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \ log_tcp.h try.c refuse.c Makefile hosts_access.5 strcasecmp.c \ BLURB rfc931.c tcpd.8 hosts_info.c hosts_access.3 hosts_ctl.c \ ! percent_x.c options.c clean_exit.c environ.c patchlevel.h strtok.c \ fix_options.c workarounds.c socket.c tli.c DISCLAIMER \ fakelog.c safe_finger.c hosts_options.5 options.h CHANGES \ try-from.c init_client.c 6compat.c *************** *** 410,422 **** all other: config-check tcpd try try-from safe_finger config-check: ! @set +e; test -n "$(REAL_DAEMON_DIR)" || { \ ! echo "" ; \ ! echo "Please edit the Makefile to define the REAL_DAEMON_DIR macro,";\ ! echo "or build with \`make REAL_DAEMON_DIR=/some/where ....'";\ ! echo "" ; \ ! exit 1; \ ! } $(LIB): $(LIB_OBJ) rm -f $(LIB) --- 475,481 ---- all other: config-check tcpd try try-from safe_finger config-check: ! @set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; } $(LIB): $(LIB_OBJ) rm -f $(LIB) *************** *** 430,436 **** $(CC) $(CFLAGS) -o $@ miscd.o fromhost.o $(LIB) $(LIBS) safe_finger: ! $(CC) $(CFLAGS) -o $@ safe_finger.c try: try.o fakelog.o $(LIB) $(CC) $(CFLAGS) -o $@ try.o fakelog.o $(LIB) $(LIBS) --- 489,495 ---- $(CC) $(CFLAGS) -o $@ miscd.o fromhost.o $(LIB) $(LIBS) safe_finger: ! $(CC) $(CFLAGS) -o $@ safe_finger.c $(LIB) $(LIBS) try: try.o fakelog.o $(LIB) $(CC) $(CFLAGS) -o $@ try.o fakelog.o $(LIB) $(LIBS) *************** *** 462,468 **** -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \ tcpd.c fromhost.c socket.c tli.c hosts_access.c shell_cmd.c \ refuse.c rfc931.c hosts_info.c percent_x.c clean_exit.c options.c \ ! setenv.c fix_options.c workarounds.c init_client.c miscd_lint: lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \ --- 521,527 ---- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \ tcpd.c fromhost.c socket.c tli.c hosts_access.c shell_cmd.c \ refuse.c rfc931.c hosts_info.c percent_x.c clean_exit.c options.c \ ! environ.c fix_options.c workarounds.c init_client.c miscd_lint: lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \ *************** *** 472,482 **** -DREAL_MISCD=\"$(REAL_DAEMON_DIR)/miscd\" \ miscd.c fromhost.c socket.c tli.c hosts_access.c shell_cmd.c \ refuse.c rfc931.c hosts_info.c percent_x.c clean_exit.c options.c \ ! setenv.c fix_options.c workarounds.c init_client.c try_lint: lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \ ! $(TABLES) -DNETGROUP -DPROCESS_OPTIONS \ try.c hosts_ctl.c hosts_access.c hosts_info.c percent_x.c options.c \ workarounds.c init_client.c --- 531,541 ---- -DREAL_MISCD=\"$(REAL_DAEMON_DIR)/miscd\" \ miscd.c fromhost.c socket.c tli.c hosts_access.c shell_cmd.c \ refuse.c rfc931.c hosts_info.c percent_x.c clean_exit.c options.c \ ! environ.c fix_options.c workarounds.c init_client.c try_lint: lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \ ! $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \ try.c hosts_ctl.c hosts_access.c hosts_info.c percent_x.c options.c \ workarounds.c init_client.c *************** *** 483,489 **** printfck: printfck -f printf.ck tcpd.c fromhost.c socket.c tli.c hosts_access.c shell_cmd.c \ refuse.c rfc931.c hosts_info.c percent_x.c clean_exit.c options.c \ ! setenv.c fix_options.c workarounds.c init_client.c >aap.c lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \ -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \ $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \ --- 542,548 ---- printfck: printfck -f printf.ck tcpd.c fromhost.c socket.c tli.c hosts_access.c shell_cmd.c \ refuse.c rfc931.c hosts_info.c percent_x.c clean_exit.c options.c \ ! environ.c fix_options.c workarounds.c init_client.c >aap.c lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \ -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \ $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \ *************** *** 494,499 **** --- 553,559 ---- # Compilation dependencies. clean_exit.o: log_tcp.h Makefile + environ.o: Makefile fix_options.o: log_tcp.h Makefile fromhost.o: log_tcp.h Makefile hosts_access.o: options.h log_tcp.h Makefile diff -c ../6.0/README ./README *** ../6.0/README Tue Dec 21 21:37:51 1993 --- ./README Tue Dec 21 21:37:09 1993 *************** *** 1,6 **** ! @(#) README 1.17 93/09/28 23:03:22 ! This is the 6.0 version of the TCP/IP daemon wrapper package. Table of contents ----------------- --- 1,6 ---- ! @(#) README 1.18 93/12/13 22:22:59 ! This is the 6.1 version of the TCP/IP daemon wrapper package. Table of contents ----------------- *************** *** 57,63 **** SunOS >= 3.4 and ISC 2.2. Later versions have been installed on a wide variety of platforms such as SunOS 4.x and 5.x, Ultrix 3.x and 4.x, DEC OSF/1 T1.2-2, HP-UX 8.x, AIX 3.1.5 up to 3.2.4, Apollo SR10.3.5, Sony, ! NeXT, SCO UNIX, DG/UX, Cray, and an unknown number of other ones. Requirements are that the network daemons are spawned by a super server such as the inetd; a 4.3BSD-style socket programming interface and/or --- 57,63 ---- SunOS >= 3.4 and ISC 2.2. Later versions have been installed on a wide variety of platforms such as SunOS 4.x and 5.x, Ultrix 3.x and 4.x, DEC OSF/1 T1.2-2, HP-UX 8.x, AIX 3.1.5 up to 3.2.4, Apollo SR10.3.5, Sony, ! NeXT, SCO UNIX, DG/UX, Cray, Dynix, and an unknown number of other ones. Requirements are that the network daemons are spawned by a super server such as the inetd; a 4.3BSD-style socket programming interface and/or *************** *** 469,474 **** --- 469,479 ---- remote host address (and hence, the name) in case of UDP requests. A patch is available for ConvexOS 10.1; later releases should be OK. + With early Solaris (SunOS 5) versions, the syslog daemon will leave + behind zombie process when writing to logged-in users. Workaround: + increase the syslogd threshold for logging to users, or reduce the + wrapper's logging severity. + On some systems, the optional RFC 931 remote username lookups may trigger a kernel bug. When a client host connects to your system, and the RFC 931 connection from your system to that client is rejected by a *************** *** 569,574 **** --- 574,584 ---- network daemons live in /usr/libexec, /usr/sbin or in /etc, or have no "in." prefix to their names, but you get the idea. + File protections: the wrapper, all files used by the wrapper, and all + directories in the path leading to those files, should be accessible + but not writable for unprivileged users (mode 755 or mode 555). Do not + install the wrapper set-uid. + Ultrix only: If you want to monitor the SYSTAT service, move the vendor-provided miscd daemon to the location specified by the REAL_DAEMON_DIR macro in the Makefile, and install the miscd wrapper *************** *** 618,626 **** Install the tcpd command in a suitable place. Apollo UNIX users will want to install it under a different name because the name "tcpd" is ! already taken; a suitable name for the wrapper program would be ! "frontd". Then perform the following edits on the inetd configuration ! file (usually /etc/inetd.conf or /etc/inet/inetd.conf): finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd ^^^^^^^^^^^^^^^^^^^ --- 628,642 ---- Install the tcpd command in a suitable place. Apollo UNIX users will want to install it under a different name because the name "tcpd" is ! already taken; a suitable name would be "frontd". ! ! File protections: the wrapper, all files used by the wrapper, and all ! directories in the path leading to those files, should be accessible ! but not writable for unprivileged users (mode 755 or mode 555). Do not ! install the wrapper set-uid. ! ! Then perform the following edits on the inetd configuration file ! (usually /etc/inetd.conf or /etc/inet/inetd.conf): finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd ^^^^^^^^^^^^^^^^^^^ diff -c ../6.0/environ.c ./environ.c *** ../6.0/environ.c Tue Dec 21 21:39:12 1993 --- ./environ.c Tue Dec 21 21:37:20 1993 *************** *** 0 **** --- 1,224 ---- + /* + * Many systems have putenv() but no setenv(). Other systems have setenv() + * but no putenv() (MIPS). Still other systems have neither (NeXT). This is a + * re-implementation that hopefully ends all problems. + * + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + + #ifndef lint + static char sccsid[] = "@(#) environ.c 1.3 93/10/30 15:38:58"; + #endif + + /* System libraries. */ + + extern char **environ; + extern char *strchr(); + extern char *strcpy(); + extern char *strncpy(); + extern char *malloc(); + extern char *realloc(); + extern int strncmp(); + extern void free(); + + #ifdef no_memcpy + #define memcpy(d,s,l) bcopy(s,d,l) + #else + extern char *memcpy(); + #endif + + /* Local stuff. */ + + static int addenv(); /* append entry to environment */ + + static int allocated = 0; /* environ is, or is not, allocated */ + + #define DO_CLOBBER 1 + + /* namelength - determine length of name in "name=whatever" */ + + static int namelength(name) + char *name; + { + char *equal; + + equal = strchr(name, '='); + return ((equal == 0) ? strlen(name) : (equal - name)); + } + + /* findenv - given name, locate name=value */ + + static char **findenv(name, len) + char *name; + int len; + { + char **envp; + + for (envp = environ; *envp; envp++) + if (strncmp(name, *envp, len) == 0 && (*envp)[len] == '=') + return (envp); + return (0); + } + + /* getenv - given name, locate value */ + + char *getenv(name) + char *name; + { + int len = namelength(name); + char **envp = findenv(name, len); + + return (envp ? *envp + len + 1 : 0); + } + + /* putenv - update or append environment (name,value) pair */ + + int putenv(nameval) + char *nameval; + { + char *equal = strchr(nameval, '='); + char *value = (equal ? equal : ""); + + return (setenv(nameval, value, DO_CLOBBER)); + } + + /* unsetenv - remove variable from environment */ + + void unsetenv(name) + char *name; + { + char **envp; + + if ((envp = findenv(name, namelength(name))) != 0) + while (envp[0] = envp[1]) + envp++; + } + + /* setenv - update or append environment (name,value) pair */ + + int setenv(name, value, clobber) + char *name; + char *value; + int clobber; + { + char *destination; + char **envp; + int l_name; /* length of name part */ + int l_nameval; /* length of name=value */ + + /* Permit name= and =value. */ + + l_name = namelength(name); + envp = findenv(name, l_name); + if (envp != 0 && clobber == 0) + return (0); + if (*value == '=') + value++; + l_nameval = l_name + strlen(value) + 1; + + /* + * Use available memory if the old value is long enough. Never free an + * old name=value entry because it may not be allocated. + */ + + destination = (envp != 0 && strlen(*envp) >= l_nameval) ? + *envp : malloc(l_nameval + 1); + if (destination == 0) + return (-1); + strncpy(destination, name, l_name); + destination[l_name] = '='; + strcpy(destination + l_name + 1, value); + return ((envp == 0) ? addenv(destination) : (*envp = destination, 0)); + } + + /* cmalloc - malloc and copy block of memory */ + + static char *cmalloc(new_len, old, old_len) + char *old; + int old_len; + { + char *new = malloc(new_len); + + if (new != 0) + memcpy(new, old, old_len); + return (new); + } + + /* addenv - append environment entry */ + + static int addenv(nameval) + char *nameval; + { + char **envp; + int n_used; /* number of environment entries */ + int l_used; /* bytes used excl. terminator */ + int l_need; /* bytes needed incl. terminator */ + + for (envp = environ; *envp; envp++) + /* void */ ; + n_used = envp - environ; + l_used = n_used * sizeof(*envp); + l_need = l_used + 2 * sizeof(*envp); + + envp = allocated ? + (char **) realloc((char *) environ, l_need) : + (char **) cmalloc(l_need, (char *) environ, l_used); + if (envp == 0) { + return (-1); + } else { + allocated = 1; + environ = envp; + environ[n_used++] = nameval; /* add new entry */ + environ[n_used] = 0; /* terminate list */ + return (0); + } + } + + #ifdef TEST + + /* + * Stand-alone program for test purposes. + */ + + /* printenv - display environment */ + + static void printenv() + { + char **envp; + + for (envp = environ; *envp; envp++) + printf("%s\n", *envp); + } + + int main(argc, argv) + int argc; + char **argv; + { + char *cp; + int changed = 0; + + if (argc < 2) { + printf("usage: %s name[=value]...\n", argv[0]); + return (1); + } + while (--argc && *++argv) { + if (argv[0][0] == '-') { /* unsetenv() test */ + unsetenv(argv[0] + 1); + changed = 1; + } else if (strchr(argv[0], '=') == 0) { /* getenv() test */ + cp = getenv(argv[0]); + printf("%s: %s\n", argv[0], cp ? cp : "not found"); + } else { /* putenv() test */ + if (putenv(argv[0])) { + perror("putenv"); + return (1); + } + changed = 1; + } + } + if (changed) + printenv(); + return (0); + } + + #endif /* TEST */ diff -c ../6.0/fromhost.c ./fromhost.c *** ../6.0/fromhost.c Tue Dec 21 21:37:53 1993 --- ./fromhost.c Tue Dec 21 21:37:11 1993 *************** *** 23,29 **** */ #ifndef lint ! static char sccsid[] = "@(#) fromhost.c 1.13 93/09/24 19:16:08"; #endif /* System libraries. */ --- 23,29 ---- */ #ifndef lint ! static char sccsid[] = "@(#) fromhost.c 1.14 93/12/13 22:23:05"; #endif /* System libraries. */ *************** *** 32,38 **** #include <stdio.h> #include <syslog.h> ! #ifdef TLI #include <sys/tiuser.h> #include <stropts.h> #endif --- 32,38 ---- #include <stdio.h> #include <syslog.h> ! #if defined(TLI) || defined(TLI_SOCKETS) #include <sys/tiuser.h> #include <stropts.h> #endif *************** *** 41,46 **** --- 41,60 ---- #include "log_tcp.h" + #if !defined(TLI) && !defined(TLI_SOCKETS) + + /* fromhost - compatibility wrapper for socket-only systems */ + + int fromhost(client) + struct client_info *client; + { + int client_fd = 0; /* XXX compatibility */ + + return (sock_host(client, client_fd)); + } + + #endif /* !defined(TLI) && !defined(TLI_SOCKETS) */ + #ifdef TLI /* fromhost - find out what network API we should use */ *************** *** 48,53 **** --- 62,68 ---- int fromhost(client) struct client_info *client; { + int client_fd = 0; /* XXX compatibility */ /* * On systems with streams support the IP network protocol family may *************** *** 58,71 **** * so if stdin is not a stream we assume sockets. */ ! if (!isastream(client->fd)) ! return (sock_host(client)); ! if (ioctl(0, I_FIND, "timod") > 0) ! return (tli_host(client)); ! if (ioctl(0, I_FIND, "sockmod") > 0) ! return (sock_host(client)); ! syslog(LOG_ERR, "wrapper: cannot establish type of transport interface"); ! return (0); } #endif /* TLI */ --- 73,116 ---- * so if stdin is not a stream we assume sockets. */ ! if (ioctl(client_fd, I_FIND, "timod") > 0) { ! return (tli_host(client, client_fd)); ! } else { ! return (sock_host(client, client_fd)); ! } } #endif /* TLI */ + + #ifdef TLI_SOCKETS + + /* fromhost - use socket primitives even with TLI */ + + int fromhost(client) + struct client_info *client; + { + int client_fd = 0; /* XXX compatibility */ + int ret; + + /* + * Some System V.3 based systems have TLI but the supporting libraries + * are not as complete as with System V.4. Dynix/PTX is an example. The + * workaround is to temporarily switch to the socket interface, identify + * the client name/address with socket calls, then to switch back to TLI. + */ + + #define SWAP_MODULE(f, old, new) (ioctl(f, I_POP, old), ioctl(f, I_PUSH, new)) + + if (ioctl(client_fd, I_FIND, "timod") > 0) { + if (SWAP_MODULE(client_fd, "timod", "sockmod") != 0) + syslog(LOG_ERR, "swap timod for sockmod: %m"); + ret = sock_host(client, client_fd); + if (SWAP_MODULE(client_fd, "sockmod", "timod") != 0) + syslog(LOG_ERR, "swap sockmod for timod: %m"); + return (ret); + } else { + return (sock_host(client, client_fd)); + } + } + + #endif /* TLI_SOCKETS */ diff -c ../6.0/hosts_access.3 ./hosts_access.3 *** ../6.0/hosts_access.3 Tue Dec 21 21:37:59 1993 --- ./hosts_access.3 Tue Dec 21 21:37:17 1993 *************** *** 1,5 **** .TH HOSTS_ACCESS 3 ! .SH hosts_access, hosts_ctl \- access control library .SH SYNOPSIS .nf --- 1,5 ---- .TH HOSTS_ACCESS 3 ! .SH NAME hosts_access, hosts_ctl \- access control library .SH SYNOPSIS .nf *************** *** 63,66 **** Department of Mathematics and Computing Science Eindhoven University of Technology Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands ! \" @(#) hosts_access.3 1.4 93/09/27 18:59:08 --- 63,66 ---- Department of Mathematics and Computing Science Eindhoven University of Technology Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands ! \" @(#) hosts_access.3 1.5 93/12/13 22:23:07 diff -c ../6.0/hosts_options.5 ./hosts_options.5 *** ../6.0/hosts_options.5 Tue Dec 21 21:38:05 1993 --- ./hosts_options.5 Tue Dec 21 21:37:24 1993 *************** *** 117,127 **** .sp Warning: many network daemons reset their environment before spawning a login or shell process. ! .IP rfc931 Look up the remote user name with the RFC 931 protocol. This option is silently ignored in case of services based on transports other than TCP. Requires that the remote system runs an RFC 931-compliant daemon, and may cause noticeable delays with connections from non-UNIX hosts. .SH DIAGNOSTICS An error is reported when a syntax error is found in a host access control rule; further options will be ignored, and service is denied. --- 117,129 ---- .sp Warning: many network daemons reset their environment before spawning a login or shell process. ! .IP "rfc931 [= timeout]" Look up the remote user name with the RFC 931 protocol. This option is silently ignored in case of services based on transports other than TCP. Requires that the remote system runs an RFC 931-compliant daemon, and may cause noticeable delays with connections from non-UNIX hosts. + The timeout period (in seconds) is optional. If no timeout is specified + a default value is taken. .SH DIAGNOSTICS An error is reported when a syntax error is found in a host access control rule; further options will be ignored, and service is denied. *************** *** 134,137 **** Department of Mathematics and Computing Science Eindhoven University of Technology Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands ! \" @(#) hosts_options.5 1.7 93/09/27 23:42:15 --- 136,139 ---- Department of Mathematics and Computing Science Eindhoven University of Technology Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands ! \" @(#) hosts_options.5 1.8 93/12/13 22:23:09 diff -c ../6.0/log_tcp.h ./log_tcp.h *** ../6.0/log_tcp.h Tue Dec 21 21:37:54 1993 --- ./log_tcp.h Tue Dec 21 21:37:13 1993 *************** *** 1,4 **** ! /* @(#) log_tcp.h 1.10 93/09/27 18:59:13 */ /* Structure filled in by the fromhost() routine. */ --- 1,4 ---- ! /* @(#) log_tcp.h 1.11 93/12/13 22:23:12 */ /* Structure filled in by the fromhost() routine. */ *************** *** 26,35 **** /* Global functions. */ - #ifndef TLI - #define fromhost sock_host - #endif - extern int fromhost(); /* get/validate remote host info */ extern int hosts_access(); /* access control */ extern void refuse(); /* refuse request */ --- 26,31 ---- *************** *** 50,55 **** --- 46,52 ---- extern char *hosts_deny_table; /* for verification mode redirection */ extern char *hosts_access_file; /* for diagnostics */ extern int hosts_access_line; /* for diagnostics */ + extern int rfc931_timeout; /* username lookup period */ /* Bug workarounds. */ diff -c ../6.0/options.c ./options.c *** ../6.0/options.c Tue Dec 21 21:38:00 1993 --- ./options.c Tue Dec 21 21:37:19 1993 *************** *** 78,85 **** --- 78,87 ---- #define NEED_ARG (1<<1) /* option requires argument */ #define USE_LAST (1<<2) /* option must be last */ + #define OPT_ARG (1<<3) /* option has optional argument */ #define need_arg(o) ((o)->flags & NEED_ARG) + #define opt_arg(o) ((o)->flags & OPT_ARG) #define use_last(o) ((o)->flags & USE_LAST) /* List of known keywords. Add yours here. */ *************** *** 91,97 **** "linger", linger_option, NEED_ARG, /* change socket linger time */ "spawn", spawn_option, NEED_ARG, /* spawn shell command */ "twist", twist_option, NEED_ARG | USE_LAST, /* replace current process */ ! "rfc931", rfc931_option, 0, /* do RFC 931 lookup */ "setenv", setenv_option, NEED_ARG, /* update environment */ "severity", severity_option, NEED_ARG, /* adjust logging level */ "allow", allow_option, USE_LAST, /* grant access */ --- 93,99 ---- "linger", linger_option, NEED_ARG, /* change socket linger time */ "spawn", spawn_option, NEED_ARG, /* spawn shell command */ "twist", twist_option, NEED_ARG | USE_LAST, /* replace current process */ ! "rfc931", rfc931_option, OPT_ARG, /* do RFC 931 lookup */ "setenv", setenv_option, NEED_ARG, /* update environment */ "severity", severity_option, NEED_ARG, /* adjust logging level */ "allow", allow_option, USE_LAST, /* grant access */ *************** *** 160,166 **** syslog(LOG_ERR, "error: %s, line %d: option \"%s\" requires value", hosts_access_file, hosts_access_line, key); longjmp(options_buf, OPT_DENY); ! } else if (value && !need_arg(op)) { syslog(LOG_ERR, "error: %s, line %d: option \"%s\" cannot have value", hosts_access_file, hosts_access_line, key); longjmp(options_buf, OPT_DENY); --- 162,168 ---- syslog(LOG_ERR, "error: %s, line %d: option \"%s\" requires value", hosts_access_file, hosts_access_line, key); longjmp(options_buf, OPT_DENY); ! } else if (value && !need_arg(op) && !opt_arg(op)) { syslog(LOG_ERR, "error: %s, line %d: option \"%s\" cannot have value", hosts_access_file, hosts_access_line, key); longjmp(options_buf, OPT_DENY); *************** *** 399,406 **** char *daemon; struct client_info *client; { if (dry_run) { ! syslog(LOG_DEBUG, "option: rfc931"); return; } if (client->user[0] == 0 && RFC931_POSSIBLE(client)) --- 401,418 ---- char *daemon; struct client_info *client; { + int timeout; + char junk; + + if (value) { + if (sscanf(value, "%d%c", &timeout, &junk) != 1 || timeout <= 0) { + syslog(LOG_ERR, "error: rfc931_option: bad timeout: \"%s\"", value); + longjmp(options_buf, OPT_DENY); + } + rfc931_timeout = timeout; + } if (dry_run) { ! syslog(LOG_DEBUG, "option: rfc931 = %d", rfc931_timeout); return; } if (client->user[0] == 0 && RFC931_POSSIBLE(client)) diff -c ../6.0/patchlevel.h ./patchlevel.h *** ../6.0/patchlevel.h Tue Dec 21 21:38:01 1993 --- ./patchlevel.h Tue Dec 21 21:37:20 1993 *************** *** 1,3 **** #ifndef lint ! static char patchlevel[] = "@(#) patchlevel 6.0"; #endif --- 1,3 ---- #ifndef lint ! static char patchlevel[] = "@(#) patchlevel 6.1"; #endif diff -c ../6.0/rfc931.c ./rfc931.c *** ../6.0/rfc931.c Tue Dec 21 21:37:58 1993 --- ./rfc931.c Tue Dec 21 21:37:16 1993 *************** *** 10,16 **** */ #ifndef lint ! static char sccsid[] = "@(#) rfc931.c 1.7 93/09/11 20:45:30"; #endif /* System libraries. */ --- 10,16 ---- */ #ifndef lint ! static char sccsid[] = "@(#) rfc931.c 1.8 93/12/13 22:23:20"; #endif /* System libraries. */ *************** *** 33,111 **** #define RFC931_PORT 113 /* Semi-well-known port */ #define ANY_PORT 0 /* Any old port will do */ static jmp_buf timebuf; - typedef struct { - FILE *ifp; - FILE *ofp; - } FILE_PAIR; - - /* fdup - duplicate a stdio stream */ - - static FILE *fdup(stream, mode) - FILE *stream; - char *mode; - { - int fd; - FILE *fp = 0; - - if ((fd = dup(fileno(stream))) < 0) { - syslog(LOG_ERR, "dup: %m"); - } else if ((fp = fdopen(fd, mode)) == 0) { - syslog(LOG_ERR, "fdopen: %m"); - close(fd); - } - return (fp); - } - /* fsocket - open stdio stream on top of socket */ ! static FILE *fsocket(domain, type, protocol, mode) int domain; int type; int protocol; - char *mode; { int s; ! FILE *fp = 0; if ((s = socket(domain, type, protocol)) < 0) { syslog(LOG_ERR, "socket: %m"); ! } else if ((fp = fdopen(s, mode)) == 0) { ! syslog(LOG_ERR, "fdopen: %m"); ! close(s); } - return (fp); } - /* ffsocket - open stdio stream pair on top of socket */ - - static FILE_PAIR *ffsocket(domain, type, protocol) - int domain; - int type; - int protocol; - { - static FILE_PAIR ffp; - - if ((ffp.ifp = fsocket(domain, type, protocol, "r")) != 0) { - if ((ffp.ofp = fdup(ffp.ifp, "w")) != 0) - return (&ffp); - fclose(ffp.ifp); - } - return (0); - } - - /* ffclose - close stdio stream pair */ - - static int ffclose(ffp) - FILE_PAIR *ffp; - { - int ret; - - ret = fclose(ffp->ifp); - return (fclose(ffp->ofp) || ret); - } - /* bind_connect - bind both ends of a socket */ int bind_connect(s, local, remote, length) --- 33,64 ---- #define RFC931_PORT 113 /* Semi-well-known port */ #define ANY_PORT 0 /* Any old port will do */ + int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */ + static jmp_buf timebuf; /* fsocket - open stdio stream on top of socket */ ! static FILE *fsocket(domain, type, protocol) int domain; int type; int protocol; { int s; ! FILE *fp; if ((s = socket(domain, type, protocol)) < 0) { syslog(LOG_ERR, "socket: %m"); ! return (0); ! } else { ! if ((fp = fdopen(s, "r+")) == 0) { ! syslog(LOG_ERR, "fdopen: %m"); ! close(s); ! } ! return (fp); } } /* bind_connect - bind both ends of a socket */ int bind_connect(s, local, remote, length) *************** *** 144,161 **** char buffer[512]; /* XXX */ char *cp; char *result = FROM_UNKNOWN; /* XXX */ ! FILE_PAIR *ffp; /* ! * Use separate stdio streams for writing to and for reading from the ! * RFC931 etc. server. This is done because of a bug in the SunOS 4.1.x ! * stdio library. The bug may live in other stdio implementations, too. ! * When we use a single bidirectional stdio stream ("r+" or "w+" mode) we ! * read our own output. Such behaviour would make sense with resources ! * that support random-access operations, but not with sockets. */ ! if ((ffp = ffsocket(AF_INET, SOCK_STREAM, 0)) != 0) { /* * Set up a timer so we won't get stuck while waiting for the server. --- 97,116 ---- char buffer[512]; /* XXX */ char *cp; char *result = FROM_UNKNOWN; /* XXX */ ! FILE *fp; /* ! * Use one unbuffered stdio stream for writing to and for reading from ! * the RFC931 etc. server. This is done because of a bug in the SunOS ! * 4.1.x stdio library. The bug may live in other stdio implementations, ! * too. When we use a single, buffered, bidirectional stdio stream ("r+" ! * or "w+" mode) we read our own output. Such behaviour would make sense ! * with resources that support random-access operations, but not with ! * sockets. */ ! if ((fp = fsocket(AF_INET, SOCK_STREAM, 0)) != 0) { ! setbuf(fp, (char *) 0); /* * Set up a timer so we won't get stuck while waiting for the server. *************** *** 163,169 **** if (setjmp(timebuf) == 0) { signal(SIGALRM, timeout); ! alarm(RFC931_TIMEOUT); /* * Bind the local and remote ends of the query socket to the same --- 118,124 ---- if (setjmp(timebuf) == 0) { signal(SIGALRM, timeout); ! alarm(rfc931_timeout); /* * Bind the local and remote ends of the query socket to the same *************** *** 179,185 **** rmt_query_sin = *rmt_sin; rmt_query_sin.sin_port = htons(RFC931_PORT); ! if (bind_connect(fileno(ffp->ifp), (struct sockaddr *) & our_query_sin, (struct sockaddr *) & rmt_query_sin, sizeof(our_query_sin)) >= 0) { --- 134,140 ---- rmt_query_sin = *rmt_sin; rmt_query_sin.sin_port = htons(RFC931_PORT); ! if (bind_connect(fileno(fp), (struct sockaddr *) & our_query_sin, (struct sockaddr *) & rmt_query_sin, sizeof(our_query_sin)) >= 0) { *************** *** 190,199 **** * cause trouble with buggy System V stdio libraries. */ ! fprintf(ffp->ofp, "%u,%u\r\n", ntohs(rmt_sin->sin_port), ntohs(our_sin->sin_port)); ! fflush(ffp->ofp); /* * Read response from server. Use fgets()/sscanf() so we can --- 145,154 ---- * cause trouble with buggy System V stdio libraries. */ ! fprintf(fp, "%u,%u\r\n", ntohs(rmt_sin->sin_port), ntohs(our_sin->sin_port)); ! fflush(fp); /* * Read response from server. Use fgets()/sscanf() so we can *************** *** 202,209 **** * requested. */ ! if (fgets(buffer, sizeof(buffer), ffp->ifp) != 0 ! && ferror(ffp->ifp) == 0 && feof(ffp->ifp) == 0 && sscanf(buffer, "%u , %u : USERID :%*[^:]:%255s", &rmt_port, &our_port, user) == 3 && ntohs(rmt_sin->sin_port) == rmt_port --- 157,164 ---- * requested. */ ! if (fgets(buffer, sizeof(buffer), fp) != 0 ! && ferror(fp) == 0 && feof(fp) == 0 && sscanf(buffer, "%u , %u : USERID :%*[^:]:%255s", &rmt_port, &our_port, user) == 3 && ntohs(rmt_sin->sin_port) == rmt_port *************** *** 221,227 **** } alarm(0); } ! ffclose(ffp); } return (result); } --- 176,182 ---- } alarm(0); } ! fclose(fp); } return (result); } diff -c ../6.0/safe_finger.c ./safe_finger.c *** ../6.0/safe_finger.c Tue Dec 21 21:38:05 1993 --- ./safe_finger.c Tue Dec 21 21:37:24 1993 *************** *** 15,21 **** */ #ifndef lint ! static char sccsid[] = "@(#) safe_finger.c 1.2 93/08/26 23:49:40"; #endif /* System libraries */ --- 15,21 ---- */ #ifndef lint ! static char sccsid[] = "@(#) safe_finger.c 1.3 93/12/13 22:23:23"; #endif /* System libraries */ *************** *** 30,36 **** /* Local stuff */ ! char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/etc:/usr/etc:/usr/sbin"; #define INPUT_LENGTH 100000 /* Do not keep listinging forever */ #define LINE_LENGTH 128 /* Editors can choke on long lines */ --- 30,36 ---- /* Local stuff */ ! char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin"; #define INPUT_LENGTH 100000 /* Do not keep listinging forever */ #define LINE_LENGTH 128 /* Editors can choke on long lines */ *************** *** 67,73 **** * Redirect our standard input through the raw finger command. */ if (putenv(path)) { ! fprintf(stderr, "putenv: out of memory"); exit(1); } argv[0] = FINGER_PROGRAM; --- 67,73 ---- * Redirect our standard input through the raw finger command. */ if (putenv(path)) { ! fprintf(stderr, "%s: putenv: out of memory", argv[0]); exit(1); } argv[0] = FINGER_PROGRAM; diff -c ../6.0/socket.c ./socket.c *** ../6.0/socket.c Tue Dec 21 21:38:03 1993 --- ./socket.c Tue Dec 21 21:37:22 1993 *************** *** 17,23 **** */ #ifndef lint ! static char sccsid[] = "@(#) socket.c 1.7 93/09/27 18:59:20"; #endif /* System libraries. */ --- 17,23 ---- */ #ifndef lint ! static char sccsid[] = "@(#) socket.c 1.8 93/12/13 22:23:25"; #endif /* System libraries. */ *************** *** 63,70 **** /* sock_host - determine endpoint info */ ! int sock_host(client) struct client_info *client; { static struct sockaddr rmt_sa; static struct sockaddr our_sa; --- 63,71 ---- /* sock_host - determine endpoint info */ ! int sock_host(client, fd) struct client_info *client; + int fd; { static struct sockaddr rmt_sa; static struct sockaddr our_sa; *************** *** 76,81 **** --- 77,83 ---- */ init_client(client); + client->fd = fd; /* * Look up the remote host address. Hal R. Brand <BRAND@addvax.llnl.gov> diff -c ../6.0/tli.c ./tli.c *** ../6.0/tli.c Tue Dec 21 21:38:04 1993 --- ./tli.c Tue Dec 21 21:37:22 1993 *************** *** 17,23 **** */ #ifndef lint ! static char sccsid[] = "@(#) tli.c 1.7 93/09/27 18:59:25"; #endif #ifdef TLI --- 17,23 ---- */ #ifndef lint ! static char sccsid[] = "@(#) tli.c 1.8 93/12/13 22:23:27"; #endif #ifdef TLI *************** *** 75,82 **** /* tli_host - determine endpoint info */ ! int tli_host(client) struct client_info *client; { struct netconfig *config; struct t_unitdata *rmt_unit; --- 75,83 ---- /* tli_host - determine endpoint info */ ! int tli_host(client, fd) struct client_info *client; + int fd; { struct netconfig *config; struct t_unitdata *rmt_unit; *************** *** 90,95 **** --- 91,97 ---- */ init_client(client); + client->fd = fd; /* * Find out the client address, find out what type of transport is hidden diff -c ../6.0/try.c ./try.c *** ../6.0/try.c Tue Dec 21 21:37:55 1993 --- ./try.c Tue Dec 21 21:37:13 1993 *************** *** 17,23 **** */ #ifndef lint ! static char sccsid[] = "@(#) try.c 1.8 93/09/27 18:59:28"; #endif #include <sys/types.h> --- 17,23 ---- */ #ifndef lint ! static char sccsid[] = "@(#) try.c 1.9 93/12/13 22:23:29"; #endif #include <sys/types.h> *************** *** 50,55 **** --- 50,56 ---- int allow_severity = SEVERITY; /* run-time adjustable */ int deny_severity = LOG_WARNING; /* ditto */ + int rfc931_timeout = RFC931_TIMEOUT;/* ditto */ /* usage - explain */ *************** *** 84,89 **** --- 85,96 ---- dry_run = 1; + /* Reset other stuff that might be changed by options handlers. */ + + rfc931_timeout = RFC931_TIMEOUT; + allow_severity = SEVERITY; + deny_severity = LOG_WARNING; + printf(" Daemon: %s\n", daemon); printf(" Hostname: %s\n", name); printf(" Address: %s\n", addr); *************** *** 174,183 **** * if different addresses for the same host have different permissions, * something that we probably do not want. */ ! while (hp->h_addr_list[0]) try(server, hp->h_name, inet_ntoa(*(struct in_addr *) * hp->h_addr_list++), user); ! return (0); } --- 181,192 ---- * if different addresses for the same host have different permissions, * something that we probably do not want. */ ! while (hp->h_addr_list[0]) { try(server, hp->h_name, inet_ntoa(*(struct in_addr *) * hp->h_addr_list++), user); ! if (hp->h_addr_list[0]) ! putchar('\n'); ! } return (0); } exit 0 # Just in case...