Usenet 1994 October

home *** CD-ROM | disk | FTP | other *** search

/ Usenet 1994 October / usenetsourcesnewsgroupsinfomagicoctober1994disk2.iso / misc / volume42 / tcp_wrappers / patch02 next >

Wrap

Internet Message Format | 1994-03-30 | 40.9 KB

From: wietse@wzv.win.tue.nl (Wietse Venema) Newsgroups: comp.sources.misc Subject: v42i036: tcp_wrappers - TCP/IP daemon wrappers v6.0, Patch02 Date: 30 Mar 1994 15:27:04 -0600 Organization: Eindhoven University of Technology, The Netherlands Sender: kent@sparky.sterling.com Approved: kent@sparky.sterling.com Message-ID: <2ncqr8$f8u@sparky.sterling.com> X-Md4-Signature: 35809842629fc95c3de6e2d8c4af8691 Submitted-by: wietse@wzv.win.tue.nl (Wietse Venema) Posting-number: Volume 42, Issue 36 Archive-name: tcp_wrappers/patch02 Environment: UNIX, INET Patch-To: tcp_wrappers: Volume 39, Issue 110-113 With these programs you can monitor and control who connects to your TFTP, EXEC, FTP, RSH, TELNET, RLOGIN, FINGER, and SYSTAT network daemons, and many others. The programs run on a wide variety of BSD and System-V systems, and can be installed without change to system software or configuration files. This is a two-part update to the 6.1 version of last December. After application of patch02 (this article) and patch03 (separate posting) the source will be at patchlevel 6.3. A complete 6.3 source kit can be found on the primary archive site: ftp.win.tue.nl:/pub/security/tcp_wrappers_6.3.shar.Z A copy is to appear soon in: cert.org:/pub/tools Changes since release 6.1: - Portability: new Makefile rule sets for SCO and Pyramid OSx 5.1; improved TLI support for Dynix/PTX; fix for Ultrix core dumps. - Features: compile-time option (APPEND_DOT) for faster DNS lookup of already fully-qualified hostnames; a run-time option to enable keepalives (useful when users reset or turn off the PC while still connected), and an option to change the process nice value. Good news: Sun patch 100804-03 for SunOS 4.1.x fixes the problem with the anti source-routing attack feature. The libwrap.a library code should be binary compatible with release 6.1. Wietse Venema (wietse@wzv.win.tue.nl), Department of Mathematics and Computing Science, Eindhoven University of Technology, The Netherlands. *** ./BLURB- Mon Dec 13 22:22:53 1993 --- ./BLURB Sat Feb 5 15:22:03 1994 *************** *** 1,6 **** ! @(#) BLURB 1.15 93/12/13 22:22:51 ! This is the 6.1 version of the TCP/IP daemon wrapper package. With these programs you can monitor and control who connects to your TFTP, EXEC, FTP, RSH, TELNET, RLOGIN, FINGER, and SYSTAT network --- 1,6 ---- ! @(#) BLURB 1.17 94/02/05 15:22:01 ! This is the 6.2 version of the TCP/IP daemon wrapper package. With these programs you can monitor and control who connects to your TFTP, EXEC, FTP, RSH, TELNET, RLOGIN, FINGER, and SYSTAT network *************** *** 11,23 **** and do some sanity checks on the origin of the request. No information is exchanged with the remote client process. ! Release 6.1 deals with portability issues: new ready-to-build Makefile ! rule sets for Dynix, Convex, SCO, EP/IX and others; workarounds for ! strangeness in NeXT, Dynix/PTX (still incomplete), and DG/UX. If the ! 6.0 release works for you, there is no need to install 6.1. ! There is a small change in internal interfaces; older applications must ! be recompiled before they can be linked to the new wrapper library. Wietse Venema (wietse@wzv.win.tue.nl), Department of Mathematics and Computing Science, --- 11,28 ---- and do some sanity checks on the origin of the request. No information is exchanged with the remote client process. ! Changes with this release: ! - Portability: new Makefile rule sets for SCO and Pyramid OSx 5.1. ! ! - Portability: improved TLI support for Dynix/PTX. ! ! - Feature: a compile-time option (APPEND_DOT) to keep the hostname ! lookup routines from trying to append your own domain name to ! already fully-qualified hostnames. This may reduce the load on ! your name servers somewhat. ! ! Other than that, the code should be binary compatible with release 6.1. Wietse Venema (wietse@wzv.win.tue.nl), Department of Mathematics and Computing Science, *** ./CHANGES- Mon Dec 13 22:22:55 1993 --- ./CHANGES Tue Feb 1 22:11:55 1994 *************** *** 1,6 **** ! Changes per release 6.1. ! ======================== - Re-implemented all environment access routines. Most systems have putenv() but no setenv(), some systems have setenv() but no putenv(), and there are even systems that have neither setenv() nor putenv(). The --- 1,26 ---- ! Changes per release 6.2 (Feb 1994) ! ================================== + - Resurrected my year-old code to reduce DNS load by appending a dot to + the gethostbyname() argument. This feature is still experimental and it + may go away if it causes more problems than it solves. + + - Auxiliary code for the Pyramid, BSD universe. Karl Vogel figured out + what was missing: yp_get_default_domain() and vfprintf(). + + - Improved support for Dynix/PTX. The wrapper should now be able to + deal with all TLI over IP services. + + - The try command now uses the hostname that gethostbyaddr() would + return, instead of the hostname returned by gethostbyname(). This can + be significant on systems with NIS that have short host names in the + hosts map. For example, gethostbyname("wzv.win.tue.nl") returns + "wzv.win.tue.nl"; gethostbyaddr(131.155.210.17) returns "wzv", and + so does gethostbyname("wzv"). + + Changes per release 6.1 (Dec 1993) + ================================== + - Re-implemented all environment access routines. Most systems have putenv() but no setenv(), some systems have setenv() but no putenv(), and there are even systems that have neither setenv() nor putenv(). The *************** *** 38,45 **** - On some systems the finger client program lives in /usr/bsd. File: safe_finger.c. ! Changes per release 6.0. ! ======================== - Easy build procedures for common platforms (sun, ultrix, aix, hpux and others). --- 58,65 ---- - On some systems the finger client program lives in /usr/bsd. File: safe_finger.c. ! Changes per release 6.0 (Sept 1993) ! =================================== - Easy build procedures for common platforms (sun, ultrix, aix, hpux and others). *************** *** 94,96 **** --- 114,209 ---- or down. Many sites wanted a means to shut up the program; other sites wanted to to emphasize specific events. Adapted from code contributed by Dave Mitchell <D.Mitchell@dcs.shef.ac.uk>. + + Changes per release 5.1 (Mar 1993) + ================================== + + - The additional protection against source-routing attacks from hosts + that pretend to have someone elses network address has become optional + because it causes kernel panics with SunOS <= 4.1.3. + + Changes per release 5.0 (Mar 1993) + ================================== + + - Additional protection against source-routing attacks from hosts that + pretend to have someone elses network address. For example, the address + of a trusted host within your own network. + + - The access control language has been extended with a simple but + powerful operator that greatly simplifies the design of rule sets (ALL: + .foo.edu EXCEPT dialup.foo.edu). Blank lines are permitted, and long + lines can be continued with backslash-newline. + + - All configurable stuff, including path names, has been moved into the + Makefile so that you no longer have to hack source code to just + configure the programs. + + - Ported to Solaris 2. TLI-based applications not yet supported. + Several workarounds for System V bugs. + + - A small loophole in the netgroup lookup code was closed, and the + remote username lookup code was made more portable. + + - Still more documentation. The README file now provides tutorial + sections with introductions to client, server, inetd and syslogd. + + Changes per release 4.3 (Aug 1992) + ================================== + + - Some sites reported that connections would be rejected because + localhost != localhost.domain. The host name checking code now + special-cases localhost (problem reported by several sites). + + - The programs now report an error if an existing access control file + cannot be opened (e.g. due to lack of privileges). Until now, the + programs would just pretend that the access control file does not exist + (reported by Darren Reed, avalon@coombs.anu.edu.au). + + - The timeout period for remote userid lookups was upped to 30 seconds, + in order to cope with slow hosts or networks. If this is too long for + you, adjust the TIMEOUT definition in file rfc931.c (problem reported + by several sites). + + - On hosts with more than one IP network interface, remote userid + lookups could use the IP address of the "wrong" local interface. The + problem and its solution were discussed on the rfc931-users mailing + list. Scott Schwartz (schwartz@cs.psu.edu) folded the fix into the + rfc931.c module. + + - The result of % expansion (in shell commands) is now checked for + stuff that may confuse the shell; it is replaced by underscores + (problem reported by Icarus Sparry, I.Sparry@gdr.bath.ac.uk). + + - A portability problem was fixed that caused compile-time problems + on a CRAY (problem reported by Michael Barnett, mikeb@rmit.edu.au). + + Changes per release 4.0 (Jun 1992) + ================================== + + 1 - network daemons no longer have to live within a common directory + 2 - the access control code now uses both the host address and name + 3 - an access control pattern that supports netmasks + 4 - additional protection against forged host names + 5 - a pattern that matches hosts whose name or address lookup fails + 6 - an operator that prevents hosts or services from being matched + 7 - optional remote username lookup with the RFC 931 protocol + 8 - an optional umask to prevent the creation of world-writable files + 9 - hooks for access control language extensions + 10 - last but not least, thoroughly revised documentation. + + Changes per release 3.0 (Oct 1991) + ================================== + + Enhancements over the previous release are: support for datagram (UDP + and RPC) services, and execution of shell commands when a (remote host, + requested service) pair matches a pattern in the access control tables. + + Changes per release 2.0 (May 1991) + ================================== + + Enhancements over the previous release are: protection against rlogin + and rsh attacks through compromised domain name servers, optional + netgroup support for systems with NIS (formerly YP), and an extension + of the wild card patterns supported by the access control files. + + Release 1.0 (Jan 1991) *** ./Makefile- Mon Dec 13 22:22:58 1993 --- ./Makefile Tue Feb 1 22:11:58 1994 *************** *** 1,4 **** ! # @(#) Makefile 1.10 93/12/13 22:22:56 what: @echo --- 1,4 ---- ! # @(#) Makefile 1.11 94/02/01 22:11:56 what: @echo *************** *** 19,26 **** @echo " generic (most bsd-ish systems with sys5 compatibility)" @echo " 386bsd aix alpha apollo convex-ultranet dgux dynix" @echo " dynix-ptx epix esix freebsd hpux irix isc(untested)" ! @echo " linux mips(untested) netbsd next osf sco-nis sco-od2" ! @echo " sunos4 sunos40 sunos5 sysv4 ultrix unicos(untested)" @echo @echo "If none of these match your environment, edit the system" @echo "dependencies sections in the Makefile and do a 'make other'." --- 19,26 ---- @echo " generic (most bsd-ish systems with sys5 compatibility)" @echo " 386bsd aix alpha apollo convex-ultranet dgux dynix" @echo " dynix-ptx epix esix freebsd hpux irix isc(untested)" ! @echo " linux mips(untested) netbsd next osf pyramid sco sco-nis" ! @echo " sco-od2 sunos4 sunos40 sunos5 sysv4 ultrix unicos(untested)" @echo @echo "If none of these match your environment, edit the system" @echo "dependencies sections in the Makefile and do a 'make other'." *************** *** 143,149 **** dynix-ptx: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \ ! AUX_OBJ="environ.o strcasecmp.o" NETGROUP= TLI=-DTLI_SOCKETS all # IRIX 4.0.x has a special ar(1) flag. irix: --- 143,149 ---- dynix-ptx: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \ ! AUX_OBJ="environ.o strcasecmp.o ptx.o" NETGROUP= TLI=-DPTX all # IRIX 4.0.x has a special ar(1) flag. irix: *************** *** 164,175 **** NETGROUP=-DNETGROUP AUX_OBJ=environ.o TLI=-DTLI \ BUGS="$(BUGS) -DINET_ADDR_BUG" all # SCO OpenDesktop 2.0, release 3.2 (peter@midnight.com). sco-od2: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS="-lrpcsvc -lrpc -lyp -lrpc -lrpcsvc -lsocket" \ RANLIB=echo ARFLAGS=rv AUX_OBJ=environ.o \ ! NETGROUP=-DNETGROUP TLI="" all # SCO 3.2v4.2 with TCP/IP 1.2.1 (Eduard.Vopicka@vse.cz) sco-nis: --- 164,181 ---- NETGROUP=-DNETGROUP AUX_OBJ=environ.o TLI=-DTLI \ BUGS="$(BUGS) -DINET_ADDR_BUG" all + # SCO 3.2v4.1 no frills (jedwards@sol1.solinet.net). + sco: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="-lsocket -lnsl_s" RANLIB=echo ARFLAGS=rv \ + NETGROUP= AUX_OBJ=environ.o TLI= all + # SCO OpenDesktop 2.0, release 3.2 (peter@midnight.com). sco-od2: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS="-lrpcsvc -lrpc -lyp -lrpc -lrpcsvc -lsocket" \ RANLIB=echo ARFLAGS=rv AUX_OBJ=environ.o \ ! NETGROUP=-DNETGROUP TLI= all # SCO 3.2v4.2 with TCP/IP 1.2.1 (Eduard.Vopicka@vse.cz) sco-nis: *************** *** 184,189 **** --- 190,202 ---- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ NETGROUP=-DNETGROUP TLI= SYSTYPE="-A run,any -A sys,any" all + # Pyramid OSx 5.1, using the BSD universe. + pyramid: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="environ.o vfprintf.o" \ + STRINGS="-Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy" \ + NETGROUP="-DNETGROUP -DUSE_GETDOMAIN" TLI= all + # Untested. mips: @echo "Warning: some definitions may be wrong." *************** *** 332,338 **** # are sent to a dedicated loghost. It may also be that no syslog daemon # is running at all. The README file gives pointers to surrogate syslog # implementations for systems that have no syslog library routines or ! # no syslog daemons. # # The LOG_XXX names below are taken from the /usr/include/syslog.h file. --- 345,352 ---- # are sent to a dedicated loghost. It may also be that no syslog daemon # is running at all. The README file gives pointers to surrogate syslog # implementations for systems that have no syslog library routines or ! # no syslog daemons. When changing the syslog.conf file, remember that ! # there must be TABs between fields. # # The LOG_XXX names below are taken from the /usr/include/syslog.h file. *************** *** 342,347 **** --- 356,375 ---- SEVERITY= LOG_INFO # LOG_INFO is normally not logged to the console + ########################### + # Optional: Reduce DNS load + # + # When looking up the address for a host.domain name, the typical DNS + # server will first append substrings of your own domain, so it tries + # host.domain.your.own.domain, then host.domain.own.domain, and then + # host.domain. The APPEND_DOT feature stops this waste of cycles. It is + # off by default because it causes problems on sites that don't use DNS. + # + # This feature has undergone light testing and it may go away if there + # are problems with it. If you enable it let me know if it helps. + # + # DOT= -DAPPEND_DOT + ################################################## # Optional: Always attempt remote username lookups # *************** *** 455,461 **** -DREAL_MISCD=\"$(REAL_DAEMON_DIR)/miscd\" \ -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \ -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ ! $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o hosts_info.o \ hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \ --- 483,489 ---- -DREAL_MISCD=\"$(REAL_DAEMON_DIR)/miscd\" \ -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \ -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ ! $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o hosts_info.o \ hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \ *************** *** 468,474 **** percent_x.c options.c clean_exit.c environ.c patchlevel.h strtok.c \ fix_options.c workarounds.c socket.c tli.c DISCLAIMER \ fakelog.c safe_finger.c hosts_options.5 options.h CHANGES \ ! try-from.c init_client.c 6compat.c LIB = libwrap.a --- 496,502 ---- percent_x.c options.c clean_exit.c environ.c patchlevel.h strtok.c \ fix_options.c workarounds.c socket.c tli.c DISCLAIMER \ fakelog.c safe_finger.c hosts_options.5 options.h CHANGES \ ! try-from.c init_client.c 6compat.c ptx.c vfprintf.c LIB = libwrap.a *** ./README- Tue Feb 1 22:05:46 1994 --- ./README Sat Feb 5 15:22:00 1994 *************** *** 1,6 **** ! @(#) README 1.18 93/12/14 20:53:13 ! This is the 6.1 version of the TCP/IP daemon wrapper package. Table of contents ----------------- --- 1,6 ---- ! @(#) README 1.20 94/02/05 15:21:57 ! This is the 6.2 version of the TCP/IP daemon wrapper package. Table of contents ----------------- *************** *** 223,233 **** the Makefile, or by providing no access control tables. The install instructions below describe the Makefile editing process. ! When TCP/IP or UDP/IP is used underneath TLI, the wrapper programs ! provide the same functions as with socket-based applications. When some ! other protocol is used underneath TLI, the host address will be some ! universal magic cookie that may not be usable for access control ! purposes. 4.2 - Host name spoofing ------------------------ --- 223,233 ---- the Makefile, or by providing no access control tables. The install instructions below describe the Makefile editing process. ! On System V when TCP/IP or UDP/IP is used underneath TLI, the wrapper ! programs provide the same functions as with socket-based applications. ! When some other protocol is used underneath TLI, the host address will ! be some universal magic cookie that may not be usable for access ! control purposes. 4.2 - Host name spoofing ------------------------ *************** *** 326,333 **** TAP). To add to the confusion, both protocols use the same network port. The daemon wrappers implement a common subset of the protocols. ! With TLI-based network services, remote username lookups will be ! possible only when TCP/IP is the underlying network protocol. 4.5 - Language extensions ------------------------- --- 326,333 ---- TAP). To add to the confusion, both protocols use the same network port. The daemon wrappers implement a common subset of the protocols. ! On System V with TLI-based network services, remote username lookups ! will be possible only when the underlying network protocol is TCP/IP. 4.5 - Language extensions ------------------------- *************** *** 406,416 **** runs until the machine goes down. Available from eecs.nwu.edu, file /pub/securelib.tar. ! xinetd (posted to comp.sources.unix) is an inetd replacement program ! that provides, among others, logging, username lookup and access ! control. However, it does not support TLI services, and it is only six ! times as much source code as the daemon wrapper programs. Where shared libraries or router-based packet filtering are not an option, an alternative portmap daemon can help to improve RPC security, in particular that of NFS and of the NIS (YP) information service. --- 406,420 ---- runs until the machine goes down. Available from eecs.nwu.edu, file /pub/securelib.tar. ! xinetd (posted to comp.sources.unix) is an inetd replacement that ! provides, among others, logging, username lookup and access control. ! However, it does not support the System V TLI services, and it is only ! six times as much source code as the daemon wrapper programs. + netlog from Texas A&M relies on the SunOS 4.x /dev/nit interface to + passively watch all TCP and UDP network traffic on a network. The + current version is net.tamu.edu:/pub/security/TAMU/netlog-1.03.tar.gz. + Where shared libraries or router-based packet filtering are not an option, an alternative portmap daemon can help to improve RPC security, in particular that of NFS and of the NIS (YP) information service. *************** *** 777,782 **** --- 781,790 ---- describes the external interface of the libwrap.a library. The tcpd wrapper can even be used to control access to the smtp port. + This can be useful when you suspect that someone is trying out some + obscure sendmail bug, or when a remote site is misconfigured and keeps + hammering your mail daemon. + In that case, sendmail should not be run as a stand-alone daemon, but it should be registered in the inetd configuration file. For example: *************** *** 787,795 **** 0,15,30,45 * * * * /usr/lib/sendmail -q ! should take care of that. When you are going to "protect" your sendmail ! daemon this way, you should realize that there are many "unprotected" ! sendmail daemons all over the network that can still be abused. 8 - Acknowledgements -------------------- --- 795,803 ---- 0,15,30,45 * * * * /usr/lib/sendmail -q ! should take care of that. You cannot really prevent people from posting ! forged mail this way, because there are many unprotected smtp daemons ! on the network. 8 - Acknowledgements -------------------- *** ./fromhost.c- Mon Dec 13 22:23:07 1993 --- ./fromhost.c Tue Feb 1 22:12:05 1994 *************** *** 23,29 **** */ #ifndef lint ! static char sccsid[] = "@(#) fromhost.c 1.14 93/12/13 22:23:05"; #endif /* System libraries. */ --- 23,29 ---- */ #ifndef lint ! static char sccsid[] = "@(#) fromhost.c 1.15 94/02/01 22:12:03"; #endif /* System libraries. */ *************** *** 32,38 **** #include <stdio.h> #include <syslog.h> ! #if defined(TLI) || defined(TLI_SOCKETS) #include <sys/tiuser.h> #include <stropts.h> #endif --- 32,38 ---- #include <stdio.h> #include <syslog.h> ! #if defined(TLI) || defined(PTX) #include <sys/tiuser.h> #include <stropts.h> #endif *************** *** 41,47 **** #include "log_tcp.h" ! #if !defined(TLI) && !defined(TLI_SOCKETS) /* fromhost - compatibility wrapper for socket-only systems */ --- 41,47 ---- #include "log_tcp.h" ! #if !defined(TLI) && !defined(PTX) /* fromhost - compatibility wrapper for socket-only systems */ *************** *** 53,61 **** return (sock_host(client, client_fd)); } ! #endif /* !defined(TLI) && !defined(TLI_SOCKETS) */ ! #ifdef TLI /* fromhost - find out what network API we should use */ --- 53,61 ---- return (sock_host(client, client_fd)); } ! #endif /* !defined(TLI) && !defined(PTX) */ ! #if defined(TLI) || defined(PTX) /* fromhost - find out what network API we should use */ *************** *** 80,116 **** } } ! #endif /* TLI */ ! ! #ifdef TLI_SOCKETS ! ! /* fromhost - use socket primitives even with TLI */ ! ! int fromhost(client) ! struct client_info *client; ! { ! int client_fd = 0; /* XXX compatibility */ ! int ret; ! ! /* ! * Some System V.3 based systems have TLI but the supporting libraries ! * are not as complete as with System V.4. Dynix/PTX is an example. The ! * workaround is to temporarily switch to the socket interface, identify ! * the client name/address with socket calls, then to switch back to TLI. ! */ ! ! #define SWAP_MODULE(f, old, new) (ioctl(f, I_POP, old), ioctl(f, I_PUSH, new)) ! ! if (ioctl(client_fd, I_FIND, "timod") > 0) { ! if (SWAP_MODULE(client_fd, "timod", "sockmod") != 0) ! syslog(LOG_ERR, "swap timod for sockmod: %m"); ! ret = sock_host(client, client_fd); ! if (SWAP_MODULE(client_fd, "sockmod", "timod") != 0) ! syslog(LOG_ERR, "swap sockmod for timod: %m"); ! return (ret); ! } else { ! return (sock_host(client, client_fd)); ! } ! } ! ! #endif /* TLI_SOCKETS */ --- 80,83 ---- } } ! #endif /* TLI || PTX */ *** ./options.c- Mon Dec 13 22:23:18 1993 --- ./options.c Tue Feb 1 22:12:13 1994 *************** *** 186,192 **** struct client_info *client; { if (dry_run) ! syslog(LOG_DEBUG, "option: allow"); longjmp(options_buf, OPT_ALLOW); } --- 186,192 ---- struct client_info *client; { if (dry_run) ! syslog(LOG_DEBUG, "option: allow"); longjmp(options_buf, OPT_ALLOW); } *************** *** 200,206 **** struct client_info *client; { if (dry_run) ! syslog(LOG_DEBUG, "option: deny"); longjmp(options_buf, OPT_DENY); } --- 200,206 ---- struct client_info *client; { if (dry_run) ! syslog(LOG_DEBUG, "option: deny"); longjmp(options_buf, OPT_DENY); } *************** *** 224,230 **** endpwent(); if (dry_run) { ! syslog(LOG_DEBUG, "option: user = %s", value); return; } if (setuid(pwd->pw_uid)) { --- 224,230 ---- endpwent(); if (dry_run) { ! syslog(LOG_DEBUG, "option: user = %s", value); return; } if (setuid(pwd->pw_uid)) { *************** *** 254,260 **** endgrent(); if (dry_run) { ! syslog(LOG_DEBUG, "option: group = %s", value); return; } if (setgid(grp->gr_gid)) { --- 254,260 ---- endgrent(); if (dry_run) { ! syslog(LOG_DEBUG, "option: group = %s", value); return; } if (setgid(grp->gr_gid)) { *************** *** 282,288 **** longjmp(options_buf, OPT_DENY); } if (dry_run) { ! syslog(LOG_DEBUG, "option: umask = %o", mask); return; } (void) umask(mask); --- 282,288 ---- longjmp(options_buf, OPT_DENY); } if (dry_run) { ! syslog(LOG_DEBUG, "option: umask = %o", mask); return; } (void) umask(mask); *************** *** 300,306 **** if (dry_run) { percent_x(buf, sizeof(buf), value, daemon, client, pid); ! syslog(LOG_DEBUG, "option: spawn = %s", buf); return; } shell_cmd(value, daemon, client); --- 300,306 ---- if (dry_run) { percent_x(buf, sizeof(buf), value, daemon, client, pid); ! syslog(LOG_DEBUG, "option: spawn = %s", buf); return; } shell_cmd(value, daemon, client); *************** *** 326,332 **** longjmp(options_buf, OPT_DENY); } if (dry_run) { ! syslog(LOG_DEBUG, "option: linger = %d", linger.l_linger); return; } linger.l_onoff = (linger.l_linger != 0); --- 326,332 ---- longjmp(options_buf, OPT_DENY); } if (dry_run) { ! syslog(LOG_DEBUG, "option: linger = %d", linger.l_linger); return; } linger.l_onoff = (linger.l_linger != 0); *************** *** 357,363 **** percent_x(buf, sizeof(buf), value, daemon, client, pid); if (dry_run) { ! syslog(LOG_DEBUG, "option: twist = %s", buf); dry_run = 0; return; } --- 357,363 ---- percent_x(buf, sizeof(buf), value, daemon, client, pid); if (dry_run) { ! syslog(LOG_DEBUG, "option: twist = %s", buf); dry_run = 0; return; } *************** *** 412,418 **** rfc931_timeout = timeout; } if (dry_run) { ! syslog(LOG_DEBUG, "option: rfc931 = %d", rfc931_timeout); return; } if (client->user[0] == 0 && RFC931_POSSIBLE(client)) --- 412,418 ---- rfc931_timeout = timeout; } if (dry_run) { ! syslog(LOG_DEBUG, "option: rfc931 = %d", rfc931_timeout); return; } if (client->user[0] == 0 && RFC931_POSSIBLE(client)) *************** *** 449,455 **** var_value = chop_string(buf); } if (dry_run) { ! syslog(LOG_DEBUG, "option: setenv = %s %s", var_name, var_value); return; } if (setenv(var_name, var_value, 1)) { --- 449,455 ---- var_value = chop_string(buf); } if (dry_run) { ! syslog(LOG_DEBUG, "option: setenv = %s %s", var_name, var_value); return; } if (setenv(var_name, var_value, 1)) { *************** *** 675,681 **** new_severity = severity_map(log_severities, chop_string(value)); } if (dry_run) { ! syslog(LOG_DEBUG, "option: severity = %s", value); return; } allow_severity = deny_severity = new_severity; --- 675,681 ---- new_severity = severity_map(log_severities, chop_string(value)); } if (dry_run) { ! syslog(LOG_DEBUG, "option: severity = %s", value); return; } allow_severity = deny_severity = new_severity; *** ./hosts_access.c- Mon Sep 27 20:59:51 1993 --- ./hosts_access.c Tue Feb 1 22:12:09 1994 *************** *** 17,23 **** */ #ifndef lint ! static char sccsid[] = "@(#) hosts_access.c 1.15 93/09/27 20:59:49"; #endif /* System libraries. */ --- 17,23 ---- */ #ifndef lint ! static char sccsid[] = "@(#) hosts_access.c 1.16 94/02/01 22:12:05"; #endif /* System libraries. */ *************** *** 34,39 **** --- 34,40 ---- extern char *fgets(); extern char *strchr(); extern char *strtok(); + extern int errno; #ifndef INADDR_NONE #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ *** ./patchlevel.h- Mon Dec 13 22:23:20 1993 --- ./patchlevel.h Tue Feb 1 22:12:15 1994 *************** *** 1,3 **** #ifndef lint ! static char patchlevel[] = "@(#) patchlevel 6.1"; #endif --- 1,3 ---- #ifndef lint ! static char patchlevel[] = "@(#) patchlevel 6.2"; #endif *** ./ptx.c- Tue Feb 1 21:54:49 1994 --- ./ptx.c Tue Feb 1 22:12:16 1994 *************** *** 0 **** --- 1,122 ---- + /* + * The Dynix/PTX TLI implementation is not quite compatible with System V + * Release 4. Some important functions are not present so we are limited to + * IP-based services. + * + * This module takes a TLI endpoint, and tries to determine the local IP + * address, the client IP address, and the remote username if username + * lookups are done irrespective of client. All results are in static memory + * and will be overwritten upon the next call. + * + * The return status is (-1) if the remote host pretends to have someone elses + * name, or if the remote host name is available but could not be verified; + * in either case the hostname will be ignored. The return status is zero in + * all other cases (the hostname is unavailable, or the host name double + * check succeeds). + * + * Diagnostics are reported through syslog(3). + * + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + + #ifndef lint + static char sccsid[] = "@(#) ptx.c 1.1 94/02/01 22:12:15"; + #endif + + #ifdef PTX + + /* System libraries. */ + + #include <sys/types.h> + #include <sys/tiuser.h> + #include <sys/socket.h> + #include <stropts.h> + #include <netinet/in.h> + #include <netdb.h> + #include <stdio.h> + #include <syslog.h> + + /* Local stuff. */ + + #include "log_tcp.h" + + /* Forward declarations. */ + + static void ptx_sink(); + + /* tli_host - determine TLI endpoint info, PTX version */ + + int tli_host(client, fd) + struct client_info *client; + int fd; + { + static struct sockaddr_in rmt_sin; + static struct sockaddr_in our_sin; + int ret; + + /* + * Initialize the result with suitable defaults. + */ + + init_client(client); + client->fd = fd; + + /* + * getpeerinaddr() was suggested by someone at Sequent. It seems to work + * with connection-oriented (TCP) services such as rlogind and telnetd, + * but it returns 0.0.0.0 with datagram (UDP) services. No problem: UDP + * needs special treatment anyway, in case we must refuse service. + */ + + if (getpeerinaddr(client->fd, &rmt_sin, sizeof(rmt_sin)) == 0 + && rmt_sin.sin_addr.s_addr != 0) { + client->rmt_sin = &rmt_sin; + if (getmyinaddr(client->fd, &our_sin, sizeof(our_sin)) == 0) { + client->our_sin = &our_sin; + } else { + syslog(LOG_ERR, "getmyinaddr: %m"); + } + return (sock_names(client)); + } + + /* + * Another suggestion was to temporarily switch to the socket interface, + * identify the client name/address with socket calls, then to switch + * back to TLI. This seems to works OK with UDP services, but utterly + * messes up rlogind and telnetd. + */ + + #define SWAP_MODULE(f, old, new) (ioctl(f, I_POP, old), ioctl(f, I_PUSH, new)) + + if (SWAP_MODULE(client->fd, "timod", "sockmod") != 0) + syslog(LOG_ERR, "replace timod by sockmod: %m"); + ret = sock_host(client, client->fd); + if (SWAP_MODULE(client->fd, "sockmod", "timod") != 0) + syslog(LOG_ERR, "replace sockmod by timod: %m"); + if (client->sink != 0) + client->sink = ptx_sink; + return (ret); + } + + /* ptx_sink - absorb unreceived IP datagram */ + + static void ptx_sink(fd) + int fd; + { + char buf[BUFSIZ]; + struct sockaddr sa; + int size = sizeof(sa); + + /* + * Eat up the not-yet received datagram. Where needed, switch to the + * socket programming interface. + */ + + if (ioctl(fd, I_FIND, "timod") != 0) + ioctl(fd, I_POP, "timod"); + if (ioctl(fd, I_FIND, "sockmod") == 0) + ioctl(fd, I_PUSH, "sockmod"); + (void) recvfrom(fd, buf, sizeof(buf), 0, &sa, &size); + } + + #endif /* PTX */ *** ./socket.c- Mon Dec 13 22:23:27 1993 --- ./socket.c Tue Feb 1 22:12:18 1994 *************** *** 17,23 **** */ #ifndef lint ! static char sccsid[] = "@(#) socket.c 1.8 93/12/13 22:23:25"; #endif /* System libraries. */ --- 17,23 ---- */ #ifndef lint ! static char sccsid[] = "@(#) socket.c 1.9 94/02/01 22:12:16"; #endif /* System libraries. */ *************** *** 29,35 **** #include <netdb.h> #include <stdio.h> #include <syslog.h> - #include <errno.h> extern char *inet_ntoa(); extern char *strncpy(); --- 29,34 ---- *************** *** 60,65 **** --- 59,94 ---- static int sock_match_hostname(); static void sock_sink(); + + #ifdef APPEND_DOT + + /* + * Speed up DNS lookups by terminating the host name with a dot. Should be + * done with care. The speedup can give problems with lookups from sources + * that lack DNS-style trailing dot magic, such as local files or NIS maps. + */ + + static struct hostent *gethostbyname_dot(name) + char *name; + { + char dot_name[MAXHOSTNAMELEN + 1]; + char *strchr(); + + /* + * Don't append dots to unqualified names. Such names are likely to come + * from local hosts files or from NIS. + */ + + if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) { + return (gethostbyname(name)); + } else { + sprintf(dot_name, "%s.", name); + return (gethostbyname(dot_name)); + } + } + + #define gethostbyname gethostbyname_dot + #endif /* sock_host - determine endpoint info */ *** ./try.c- Mon Dec 13 22:23:31 1993 --- ./try.c Tue Feb 1 22:12:21 1994 *************** *** 17,26 **** */ #ifndef lint ! static char sccsid[] = "@(#) try.c 1.9 93/12/13 22:23:29"; #endif #include <sys/types.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> --- 17,27 ---- */ #ifndef lint ! static char sccsid[] = "@(#) try.c 1.10 94/02/01 22:12:19"; #endif #include <sys/types.h> + #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> *************** *** 173,178 **** --- 174,190 ---- */ if ((hp = gethostbyname(host)) == 0) { fprintf(stderr, "host %s: address lookup failed\n", host); + return (1); + } + + /* + * Use the hostname that gethostbyaddr() would give us. On systems with + * NIS this may be an unqualified name. We should use that even though a + * FQDN was given on the command line. + */ + if ((hp = gethostbyaddr((char *) hp->h_addr_list[0], + sizeof(struct in_addr), AF_INET)) == 0) { + fprintf(stderr, "host %s: address->name lookup failed\n", host); return (1); } *** ./vfprintf.c- Tue Feb 1 21:54:52 1994 --- ./vfprintf.c Tue Feb 1 22:12:22 1994 *************** *** 0 **** --- 1,125 ---- + /* + * vfprintf() and vprintf() clones. They will produce unexpected results + * when excessive dynamic ("*") field widths are specified. This code was + * adapted from my EXP programming language runtime system. + * + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + + #ifndef lint + static char sccsid[] = "@(#) vfprintf.c 1.1 94/02/01 22:12:21"; + #endif + + #include <stdio.h> + #include <ctype.h> + #ifdef __STDC__ + #include <stdarg.h> + #else + #include <varargs.h> + #endif + + /* vfprintf - print variable-length argument list to stream */ + + int vfprintf(fp, format, ap) + FILE *fp; + char *format; + va_list ap; + { + char fmt[BUFSIZ]; /* format specifier */ + register char *fmtp; + register char *cp; + int count = 0; + + /* + * Iterate over characters in the format string, picking up arguments + * when format specifiers are found. + */ + + for (cp = format; *cp; cp++) { + if (*cp != '%') { + putc(*cp, fp); /* ordinary character */ + count++; + } else { + + /* + * Format specifiers are handled one at a time, since we can only + * deal with arguments one at a time. Try to determine the end of + * the format specifier. We do not attempt to fully parse format + * strings, since we are ging to let fprintf() do the hard work. + * In regular expression notation, we recognize: + * + * %-?0?([0-9]*|\*)\.?([0-9]*|\*)l?[a-z] + * + * which includes some combinations that do not make sense. + */ + + fmtp = fmt; + *fmtp++ = *cp++; + if (*cp == '-') /* left-adjusted field? */ + *fmtp++ = *cp++; + if (*cp == '0') /* zero-padded field? */ + *fmtp++ = *cp++; + if (*cp == '*') { /* dynamic field witdh */ + sprintf(fmtp, "%d", va_arg(ap, int)); + fmtp += strlen(fmtp); + cp++; + } else { + while (isdigit(*cp)) /* hard-coded field width */ + *fmtp++ = *cp++; + } + if (*cp == '.') /* width/precision separator */ + *fmtp++ = *cp++; + if (*cp == '*') { /* dynamic precision */ + sprintf(fmtp, "%d", va_arg(ap, int)); + fmtp += strlen(fmtp); + cp++; + } else { + while (isdigit(*cp)) /* hard-coded precision */ + *fmtp++ = *cp++; + } + if (*cp == 'l') /* long whatever */ + *fmtp++ = *cp++; + if (*cp == 0) /* premature end, punt */ + break; + *fmtp++ = *cp; /* type (checked below) */ + *fmtp = 0; + + /* Execute the format string - let fprintf() do the hard work. */ + + switch (fmtp[-1]) { + case 's': /* string-valued argument */ + count += fprintf(fp, fmt, va_arg(ap, char *)); + break; + case 'c': /* integral-valued argument */ + case 'd': + case 'u': + case 'o': + case 'x': + if (fmtp[-2] == 'l') + count += fprintf(fp, fmt, va_arg(ap, long)); + else + count += fprintf(fp, fmt, va_arg(ap, int)); + break; + case 'e': /* float-valued argument */ + case 'f': + case 'g': + count += fprintf(fp, fmt, va_arg(ap, double)); + break; + default: /* anything else */ + putc(fmtp[-1], fp); + count++; + break; + } + } + } + return (count); + } + + /* vprintf - print variable-length argument list to stdout */ + + vprintf(format, ap) + char *format; + va_list ap; + { + return (vfprintf(stdout, format, ap)); + } *** ./workarounds.c- Tue Sep 21 23:16:39 1993 --- ./workarounds.c Tue Feb 1 22:12:24 1994 *************** *** 8,14 **** */ #ifndef lint ! char sccsid[] = "@(#) workarounds.c 1.1 93/09/21 23:16:38"; #endif #include <sys/types.h> --- 8,14 ---- */ #ifndef lint ! char sccsid[] = "@(#) workarounds.c 1.2 94/02/01 22:12:23"; #endif #include <sys/types.h> *************** *** 20,28 **** --- 20,47 ---- #include <stdio.h> #include <syslog.h> + extern int errno; + #include "log_tcp.h" /* + * Some AIX versions advertise a too small MAXHOSTNAMELEN value (32). + * Result: long hostnames would be truncated, and connections would be + * dropped because of host name verification failures. Adrian van Bloois + * (A.vanBloois@info.nic.surfnet.nl) figured out what was the problem. + */ + + #if (MAXHOSTNAMELEN < 64) + #undef MAXHOSTNAMELEN + #endif + + /* In case not defined in <sys/param.h>. */ + + #ifndef MAXHOSTNAMELEN + #define MAXHOSTNAMELEN 256 /* storage for host name */ + #endif + + /* * Some DG/UX inet_addr() versions return a struct/union instead of a long. * You have this problem when the compiler complains about illegal lvalues * or something like that. The following code fixes this mutant behaviour. *************** *** 158,160 **** --- 177,198 ---- } #endif /* GETPEERNAME_BUG */ + + /* + * According to Karl Vogel (vogelke@c-17igp.wpafb.af.mil) some Pyramid + * versions have no yp_default_domain() function. We use getdomainname() + * instead. + */ + + #ifdef USE_GETDOMAIN + + int yp_get_default_domain(ptr) + char **ptr; + { + static char mydomain[MAXHOSTNAMELEN]; + + *ptr = mydomain; + return (getdomainname(mydomain, MAXHOSTNAMELEN)); + } + + #endif /* USE_GETDOMAIN */ exit 0 # Just in case...