Usenet 1994 October

home *** CD-ROM | disk | FTP | other *** search

/ Usenet 1994 October / usenetsourcesnewsgroupsinfomagicoctober1994disk2.iso / misc / volume42 / tcp_wrappers / patch03 < prev next >

Wrap

Internet Message Format | 1994-03-30 | 47.8 KB

From: wietse@wzv.win.tue.nl (Wietse Venema) Newsgroups: comp.sources.misc Subject: v42i037: tcp_wrappers - TCP/IP daemon wrappers v6.0, Patch03 Date: 30 Mar 1994 15:27:32 -0600 Organization: Eindhoven University of Technology, The Netherlands Sender: kent@sparky.sterling.com Approved: kent@sparky.sterling.com Message-ID: <2ncqs4$f9o@sparky.sterling.com> X-Md4-Signature: 4552bee8eebd294be84d5e5c6d761f03 Submitted-by: wietse@wzv.win.tue.nl (Wietse Venema) Posting-number: Volume 42, Issue 37 Archive-name: tcp_wrappers/patch03 Environment: UNIX, INET Patch-To: tcp_wrappers: Volume 39, Issue 110-113 diff -c ../6.2/BLURB ./BLURB *** ../6.2/BLURB Wed Mar 23 18:14:55 1994 --- ./BLURB Wed Mar 23 18:15:40 1994 *************** *** 1,6 **** ! @(#) BLURB 1.17 94/02/05 15:22:01 ! This is the 6.2 version of the TCP/IP daemon wrapper package. With these programs you can monitor and control who connects to your TFTP, EXEC, FTP, RSH, TELNET, RLOGIN, FINGER, and SYSTAT network --- 1,8 ---- ! @(#) BLURB 1.18 94/03/23 16:50:25 ! This is the 6.3 version of the TCP/IP daemon wrapper package. Release ! 6.2 was cancelled because of a significant source code contribution ! from Sequent. With these programs you can monitor and control who connects to your TFTP, EXEC, FTP, RSH, TELNET, RLOGIN, FINGER, and SYSTAT network *************** *** 11,28 **** and do some sanity checks on the origin of the request. No information is exchanged with the remote client process. ! Changes with this release: ! - Portability: new Makefile rule sets for SCO and Pyramid OSx 5.1. ! - Portability: improved TLI support for Dynix/PTX. ! - Feature: a compile-time option (APPEND_DOT) to keep the hostname ! lookup routines from trying to append your own domain name to ! already fully-qualified hostnames. This may reduce the load on ! your name servers somewhat. ! Other than that, the code should be binary compatible with release 6.1. Wietse Venema (wietse@wzv.win.tue.nl), Department of Mathematics and Computing Science, --- 13,32 ---- and do some sanity checks on the origin of the request. No information is exchanged with the remote client process. ! Changes since release 6.1; ! - Portability: new Makefile rule sets for SCO and Pyramid OSx 5.1; ! improved TLI support for Dynix/PTX; fix for Ultrix core dumps. ! - Features: compile-time option (APPEND_DOT) for faster DNS lookup ! of already fully-qualified hostnames; a run-time option to enable ! keepalives (useful when users reset or turn off the PC while ! still connected), and an option to change the process nice value. ! Good news: Sun patch 100804-03 for SunOS 4.1.x fixes the problem with ! the anti source-routing attack feature. ! The libwrap.a code should be binary compatible with release 6.1. Wietse Venema (wietse@wzv.win.tue.nl), Department of Mathematics and Computing Science, diff -c ../6.2/CHANGES ./CHANGES *** ../6.2/CHANGES Wed Mar 23 18:15:04 1994 --- ./CHANGES Wed Mar 23 18:15:49 1994 *************** *** 1,15 **** Changes per release 6.2 (Feb 1994) ================================== - Resurrected my year-old code to reduce DNS load by appending a dot to the gethostbyname() argument. This feature is still experimental and it ! may go away if it causes more problems than it solves. - Auxiliary code for the Pyramid, BSD universe. Karl Vogel figured out ! what was missing: yp_get_default_domain() and vfprintf(). - Improved support for Dynix/PTX. The wrapper should now be able to ! deal with all TLI over IP services. - The try command now uses the hostname that gethostbyaddr() would return, instead of the hostname returned by gethostbyname(). This can --- 1,37 ---- + Changes per release 6.3 (Mar 1994) + ================================== + + - Keepalives option, to get rid of stuck daemons when people turn off + their PC while still connected. Files: options.c, hosts_options.5. + + - Nice option, to calm down network daemons that take away too much CPU + time. Files: options.c, hosts_options.5. + + - Ultrix perversion: the environ global pointer may be null. The + environment replacement routines now check for this. File: environ.c. + + - Fixed a few places that still assumed the socket is on standard + input. Fixed some error messages that did not provide access control + file name and line number. File: options.c. + + - Just when I was going to release 6.2 I received code for Dynix/PTX. + That code is specific to PTX 2.x, so I'll keep around my generic + PTX code just in case. The difference is in the handling of UDP + services. Files: tli_sequent.[hc]. + Changes per release 6.2 (Feb 1994) ================================== - Resurrected my year-old code to reduce DNS load by appending a dot to the gethostbyname() argument. This feature is still experimental and it ! may go away if it causes more problems than it solves. File: socket.c. - Auxiliary code for the Pyramid, BSD universe. Karl Vogel figured out ! what was missing: yp_get_default_domain() and vfprintf(). Files: ! workarounds.c, vfprintf.c. - Improved support for Dynix/PTX. The wrapper should now be able to ! deal with all TLI over IP services. File: ptx.c. - The try command now uses the hostname that gethostbyaddr() would return, instead of the hostname returned by gethostbyname(). This can *************** *** 16,22 **** be significant on systems with NIS that have short host names in the hosts map. For example, gethostbyname("wzv.win.tue.nl") returns "wzv.win.tue.nl"; gethostbyaddr(131.155.210.17) returns "wzv", and ! so does gethostbyname("wzv"). Changes per release 6.1 (Dec 1993) ================================== --- 38,44 ---- be significant on systems with NIS that have short host names in the hosts map. For example, gethostbyname("wzv.win.tue.nl") returns "wzv.win.tue.nl"; gethostbyaddr(131.155.210.17) returns "wzv", and ! that is what we should test with. File: try.c. Changes per release 6.1 (Dec 1993) ================================== diff -c ../6.2/Makefile ./Makefile *** ../6.2/Makefile Wed Mar 23 18:14:54 1994 --- ./Makefile Wed Mar 23 18:15:38 1994 *************** *** 1,4 **** ! # @(#) Makefile 1.11 94/02/01 22:11:56 what: @echo --- 1,4 ---- ! # @(#) Makefile 1.12 94/03/23 16:51:32 what: @echo *************** *** 17,26 **** @echo "This Makefile knows about the following sys-types:" @echo @echo " generic (most bsd-ish systems with sys5 compatibility)" ! @echo " 386bsd aix alpha apollo convex-ultranet dgux dynix" ! @echo " dynix-ptx epix esix freebsd hpux irix isc(untested)" ! @echo " linux mips(untested) netbsd next osf pyramid sco sco-nis" ! @echo " sco-od2 sunos4 sunos40 sunos5 sysv4 ultrix unicos(untested)" @echo @echo "If none of these match your environment, edit the system" @echo "dependencies sections in the Makefile and do a 'make other'." --- 17,27 ---- @echo "This Makefile knows about the following sys-types:" @echo @echo " generic (most bsd-ish systems with sys5 compatibility)" ! @echo " 386bsd aix alpha apollo convex-ultranet dell-gcc dgux dynix" ! @echo " epix esix freebsd hpux irix4 isc(untested) linux" ! @echo " mips(untested) netbsd next osf ptx-2.x ptx-generic pyramid" ! @echo " sco sco-nis sco-od2 sunos4 sunos40 sunos5 sysv4 ultrix" ! @echo " unicos(untested) uxp" @echo @echo "If none of these match your environment, edit the system" @echo "dependencies sections in the Makefile and do a 'make other'." *************** *** 38,44 **** # # Uncomment the appropriate line if you are going to edit inetd.conf. # ! # Ultrix 4.x SunOS 4.x ConvexOS 10.x #REAL_DAEMON_DIR=/usr/etc # # SysV.4 Solaris 2.x OSF AIX --- 39,45 ---- # # Uncomment the appropriate line if you are going to edit inetd.conf. # ! # Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx #REAL_DAEMON_DIR=/usr/etc # # SysV.4 Solaris 2.x OSF AIX *************** *** 58,64 **** # # Uncomment the appropriate line if you are going to move your daemons. # ! # Ultrix 4.x SunOS 4.x ConvexOS 10.x #REAL_DAEMON_DIR=/usr/etc/... # # SysV.4 Solaris 2.x OSF AIX --- 59,65 ---- # # Uncomment the appropriate line if you are going to move your daemons. # ! # Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx #REAL_DAEMON_DIR=/usr/etc/... # # SysV.4 Solaris 2.x OSF AIX *************** *** 138,152 **** LIBS=-lulsock RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ NETGROUP=-DNETGROUP TLI= all ! # Dynix/PTX has TLI, but the support is not as complete as with SYSV4. ! ! dynix-ptx: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \ AUX_OBJ="environ.o strcasecmp.o ptx.o" NETGROUP= TLI=-DPTX all # IRIX 4.0.x has a special ar(1) flag. ! irix: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS=-lsun RANLIB=echo ARFLAGS=rvs AUX_OBJ=environ.o \ NETGROUP=-DNETGROUP TLI= all --- 139,159 ---- LIBS=-lulsock RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \ NETGROUP=-DNETGROUP TLI= all ! # Generic support for the Dynix/PTX version of TLI. ! ptx-generic: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \ AUX_OBJ="environ.o strcasecmp.o ptx.o" NETGROUP= TLI=-DPTX all + # With UDP support optimized for PTX 2.x (timw@sequent.com). + ptx-2.x: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \ + AUX_OBJ="environ.o strcasecmp.o tli-sequent.o" NETGROUP= \ + TLI=-DTLI_SEQUENT all + # IRIX 4.0.x has a special ar(1) flag. ! irix4: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS=-lsun RANLIB=echo ARFLAGS=rvs AUX_OBJ=environ.o \ NETGROUP=-DNETGROUP TLI= all *************** *** 164,169 **** --- 171,187 ---- NETGROUP=-DNETGROUP AUX_OBJ=environ.o TLI=-DTLI \ BUGS="$(BUGS) -DINET_ADDR_BUG" all + # UXP/DS System V.4 clone (vic@uida0.uida.es). + uxp: + @make LIBS="-L/usr/ucblib -lsocket -lnsl -lucb" \ + RANLIB=echo ARFLAGS=rv NETGROUP=-DNETGROUP \ + AUX_OBJ=environ.o TLI="-DTLI -DDRS_XTI" all + + # DELL System V.4 Issue 2.2 using gcc (kim@grendel.lut.fi, jurban@norden1.com) + dell-gcc: + @make LIBS="-lsocket -lnsl" RANLIB=ranlib ARFLAGS=rv CC=gcc \ + AUX_OBJ="environ.o strcasecmp.o" TLI=-DTLI all + # SCO 3.2v4.1 no frills (jedwards@sol1.solinet.net). sco: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ *************** *** 463,471 **** # # This feature cannot be used with SunOS 4.x because of a kernel bug in # the implementation of the getsockopt() system call. Kernel panics have ! # been reported for SunOS 4.1.1 and SunOS 4.1.2. Symptoms are "BAD TRAP" ! # and "Data fault" while executing the tcp_ctloutput() kernel function. # # Uncomment the following macro definition if your getsockopt() is OK. # # KILL_OPT= -DKILL_IP_OPTIONS --- 481,491 ---- # # This feature cannot be used with SunOS 4.x because of a kernel bug in # the implementation of the getsockopt() system call. Kernel panics have ! # been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data ! # fault" while executing the tcp_ctloutput() kernel function. # + # Reportedly, Sun patch 100804-03 fixes the problem for SunOS 4.1.x. + # # Uncomment the following macro definition if your getsockopt() is OK. # # KILL_OPT= -DKILL_IP_OPTIONS *************** *** 496,502 **** percent_x.c options.c clean_exit.c environ.c patchlevel.h strtok.c \ fix_options.c workarounds.c socket.c tli.c DISCLAIMER \ fakelog.c safe_finger.c hosts_options.5 options.h CHANGES \ ! try-from.c init_client.c 6compat.c ptx.c vfprintf.c LIB = libwrap.a --- 516,523 ---- percent_x.c options.c clean_exit.c environ.c patchlevel.h strtok.c \ fix_options.c workarounds.c socket.c tli.c DISCLAIMER \ fakelog.c safe_finger.c hosts_options.5 options.h CHANGES \ ! try-from.c init_client.c 6compat.c ptx.c vfprintf.c tli-sequent.c \ ! tli-sequent.h LIB = libwrap.a *************** *** 597,602 **** --- 618,624 ---- socket.o: log_tcp.h Makefile tcpd.o: patchlevel.h log_tcp.h Makefile tli.o: log_tcp.h Makefile + tli-sequent.o: tli-sequent.h log_tcp.h Makefile try-from: log_tcp.h Makefile try.o: log_tcp.h Makefile workarounds.o: log_tcp.h Makefile diff -c ../6.2/README ./README *** ../6.2/README Wed Mar 23 18:14:48 1994 --- ./README Wed Mar 23 18:15:33 1994 *************** *** 1,6 **** ! @(#) README 1.20 94/02/05 15:21:57 ! This is the 6.2 version of the TCP/IP daemon wrapper package. Table of contents ----------------- --- 1,6 ---- ! @(#) README 1.21 94/03/23 17:47:16 ! This is the 6.3 version of the TCP/IP daemon wrapper package. Table of contents ----------------- *************** *** 287,296 **** will be disabled for all TCP connections that are handled by the wrapper programs. ! All this cannot be used with SunOS 4.x because of a kernel bug in the ! implementation of the getsockopt() system call. Kernel panics have been ! observed for SunOS 4.1.1 up to SunOS 4.1.3. The symptoms are "BAD TRAP" ! and "Data fault" while executing the tcp_ctloutput() kernel function. The feature is disabled by default. It can be turned on by editing the Makefile. The configuration and installation section below describes --- 287,296 ---- will be disabled for all TCP connections that are handled by the wrapper programs. ! If you are going to use this feature on SunOS 4.1.x you should apply ! patch 100804-03 or later. Otherwise you may experience "BAD TRAP" and ! "Data fault" panics when the getsockopt() system call is executed after ! a TCP RESET has been received. The feature is disabled by default. It can be turned on by editing the Makefile. The configuration and installation section below describes *************** *** 372,377 **** --- 372,384 ---- research.att.com:/dist/internet_security/berferd.ps + Discussions on internet firewalls are archived on ftp.greatcircle.com. + Subscribe to the mailing list by sending a message to + + majordomo@greatcircle.com + + With in the body (not subject): subscribe firewalls. + 5.2 - Related software ---------------------- *************** *** 389,404 **** firewall host, to the outer world. Socks consists of a daemon that is run on the firewall host, and of a library with routines that redirect application socket calls through the firewall daemon. Socks is ! available from s1.gov in /pub/socks.tar.Z. Tcpr is a set of perl scripts by Paul Ziemba that enable you to run ftp and telnet commands across a firewall. Unlike socks it can be used with ! unmodified client software. Available from ftp.alantec.com, pub/tcpr. Versions of rshd and rlogind, modified to report the remote user name in addition to the remote host name, are available for anonymous ftp ! (ftp.win.tue.nl:/pub/security/logdaemon-3.tar.Z). These programs are ! drop-in replacements for SunOS 4.x, Ultrix 4.x, and SunOS 5.x. The securelib shared library by William LeFebvre can be used to control access to network daemons that are not run under control of the inetd --- 396,416 ---- firewall host, to the outer world. Socks consists of a daemon that is run on the firewall host, and of a library with routines that redirect application socket calls through the firewall daemon. Socks is ! available from s1.gov in /pub/firewalls/socks.tar.Z. + For a modified Socks version by Ying-Da Lee (ylee@syl.dl.nec.com) try + ftp.nec.com, directory /pub/security/socks.cstc. + Tcpr is a set of perl scripts by Paul Ziemba that enable you to run ftp and telnet commands across a firewall. Unlike socks it can be used with ! unmodified client software. Available from ftp.alantec.com, /pub/tcpr. Versions of rshd and rlogind, modified to report the remote user name in addition to the remote host name, are available for anonymous ftp ! (ftp.win.tue.nl:/pub/security/logdaemon-XX.tar.Z). These programs are ! drop-in replacements for SunOS 4.x, Ultrix 4.x, and SunOS 5.x. This ! archive also contains ftpd/rexecd/login versions that support S/Key ! one-time passwords (tested with SunOS [45] and 44BSD). The securelib shared library by William LeFebvre can be used to control access to network daemons that are not run under control of the inetd *************** *** 413,419 **** netlog from Texas A&M relies on the SunOS 4.x /dev/nit interface to passively watch all TCP and UDP network traffic on a network. The ! current version is net.tamu.edu:/pub/security/TAMU/netlog-1.03.tar.gz. Where shared libraries or router-based packet filtering are not an option, an alternative portmap daemon can help to improve RPC security, --- 425,431 ---- netlog from Texas A&M relies on the SunOS 4.x /dev/nit interface to passively watch all TCP and UDP network traffic on a network. The ! current version is net.tamu.edu:/pub/security/TAMU/netlog-1.2.tar.gz. Where shared libraries or router-based packet filtering are not an option, an alternative portmap daemon can help to improve RPC security, *************** *** 422,429 **** ... 4.1.3, Ultrix 3.0 and Ultrix 4.x, HP-UX 8.x and AIX. The protection is less effective than that of the securelib library because portmap is mostly a dictionary service. SunOS 4.x users should install the latest ! revision of the portmap and NIS daemons instead, or adopt NIS+ which ! has access control built in. Source for a portable RFC 931 (TAP, IDENT)-compatible daemon by Peter Eriksson is available from ftp.lysator.liu.se:/pub/ident/servers. --- 434,441 ---- ... 4.1.3, Ultrix 3.0 and Ultrix 4.x, HP-UX 8.x and AIX. The protection is less effective than that of the securelib library because portmap is mostly a dictionary service. SunOS 4.x users should install the latest ! revision of the portmap and NIS daemons instead (patch 100482) or adopt ! NIS+ which has access control built in. Source for a portable RFC 931 (TAP, IDENT)-compatible daemon by Peter Eriksson is available from ftp.lysator.liu.se:/pub/ident/servers. diff -c ../6.2/environ.c ./environ.c *** ../6.2/environ.c Wed Mar 23 18:14:59 1994 --- ./environ.c Wed Mar 23 18:15:44 1994 *************** *** 7,13 **** */ #ifndef lint ! static char sccsid[] = "@(#) environ.c 1.3 93/10/30 15:38:58"; #endif /* System libraries. */ --- 7,13 ---- */ #ifndef lint ! static char sccsid[] = "@(#) environ.c 1.2 94/03/23 16:09:46"; #endif /* System libraries. */ *************** *** 54,60 **** { char **envp; ! for (envp = environ; *envp; envp++) if (strncmp(name, *envp, len) == 0 && (*envp)[len] == '=') return (envp); return (0); --- 54,60 ---- { char **envp; ! for (envp = environ; envp && *envp; envp++) if (strncmp(name, *envp, len) == 0 && (*envp)[len] == '=') return (envp); return (0); *************** *** 154,160 **** int l_used; /* bytes used excl. terminator */ int l_need; /* bytes needed incl. terminator */ ! for (envp = environ; *envp; envp++) /* void */ ; n_used = envp - environ; l_used = n_used * sizeof(*envp); --- 154,160 ---- int l_used; /* bytes used excl. terminator */ int l_need; /* bytes needed incl. terminator */ ! for (envp = environ; envp && *envp; envp++) /* void */ ; n_used = envp - environ; l_used = n_used * sizeof(*envp); *************** *** 186,192 **** { char **envp; ! for (envp = environ; *envp; envp++) printf("%s\n", *envp); } --- 186,192 ---- { char **envp; ! for (envp = environ; envp && *envp; envp++) printf("%s\n", *envp); } diff -c ../6.2/fromhost.c ./fromhost.c *** ../6.2/fromhost.c Wed Mar 23 18:14:50 1994 --- ./fromhost.c Wed Mar 23 18:15:35 1994 *************** *** 23,29 **** */ #ifndef lint ! static char sccsid[] = "@(#) fromhost.c 1.15 94/02/01 22:12:03"; #endif /* System libraries. */ --- 23,29 ---- */ #ifndef lint ! static char sccsid[] = "@(#) fromhost.c 1.16 94/03/23 16:23:45"; #endif /* System libraries. */ *************** *** 32,38 **** #include <stdio.h> #include <syslog.h> ! #if defined(TLI) || defined(PTX) #include <sys/tiuser.h> #include <stropts.h> #endif --- 32,38 ---- #include <stdio.h> #include <syslog.h> ! #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) #include <sys/tiuser.h> #include <stropts.h> #endif *************** *** 41,47 **** #include "log_tcp.h" ! #if !defined(TLI) && !defined(PTX) /* fromhost - compatibility wrapper for socket-only systems */ --- 41,47 ---- #include "log_tcp.h" ! #if !defined(TLI) && !defined(PTX) && !defined(TLI_SEQUENT) /* fromhost - compatibility wrapper for socket-only systems */ *************** *** 53,61 **** return (sock_host(client, client_fd)); } ! #endif /* !defined(TLI) && !defined(PTX) */ ! #if defined(TLI) || defined(PTX) /* fromhost - find out what network API we should use */ --- 53,61 ---- return (sock_host(client, client_fd)); } ! #endif /* !TLI && !PTX && !TLI_SEQUENT */ ! #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) /* fromhost - find out what network API we should use */ *************** *** 80,83 **** } } ! #endif /* TLI || PTX */ --- 80,83 ---- } } ! #endif /* TLI || PTX || TLI_SEQUENT */ diff -c ../6.2/hosts_options.5 ./hosts_options.5 *** ../6.2/hosts_options.5 Wed Mar 23 18:15:03 1994 --- ./hosts_options.5 Wed Mar 23 18:15:48 1994 *************** *** 22,29 **** .IP "severity = mail.info" Change the severity level at which the event will be logged. Facility names (such as mail) are optional, and are not supported on systems ! with older syslog implementations. This option is useful to emphasize ! or to completely ignore specific events. .IP "allow (deny)" Grant (deny) service, even when the matched rule was found in the \fIhosts.deny (hosts.allow)\fR file. These options must appear at the --- 22,29 ---- .IP "severity = mail.info" Change the severity level at which the event will be logged. Facility names (such as mail) are optional, and are not supported on systems ! with older syslog implementations. The severity option can be used ! to emphasize or to completely ignore specific events. .IP "allow (deny)" Grant (deny) service, even when the matched rule was found in the \fIhosts.deny (hosts.allow)\fR file. These options must appear at the *************** *** 54,62 **** hosts_access(5) manual page. Stdin, stdout and stderr are connected to the remote client process. This option must appear at the end of a rule. .sp .nf .ti +3 ! in.ftpd : clients : twist = /bin/echo 421 Some bounce message .fi .sp sends a customized bounce message to the remote client instead of --- 54,64 ---- hosts_access(5) manual page. Stdin, stdout and stderr are connected to the remote client process. This option must appear at the end of a rule. .sp + Examples: + .sp .nf .ti +3 ! in.ftpd : ... : twist = /bin/echo 421 Some bounce message .fi .sp sends a customized bounce message to the remote client instead of *************** *** 64,70 **** .sp .nf .ti +3 ! in.telnetd : clients : twist = PATH=/some/other; exec in.telnetd .fi .sp would run /some/other/in.telnetd without polluting its command-line --- 66,72 ---- .sp .nf .ti +3 ! in.telnetd : ... : twist = PATH=/some/other; exec in.telnetd .fi .sp would run /some/other/in.telnetd without polluting its command-line *************** *** 98,106 **** Like the umask command that is built into the shell. An umask of 022 prevents the creation of files with group and world write permission. The umask argument should be an octal number. .IP "linger = number_of_seconds" Specifies how long the kernel will try to deliver not-yet delivered ! data after the server process terminates. .IP "user = nobody" Assume the privileges of the "nobody" account. This is useful with inetd implementations that run all services with root privilege. It is --- 100,118 ---- Like the umask command that is built into the shell. An umask of 022 prevents the creation of files with group and world write permission. The umask argument should be an octal number. + .IP "keepalive" + Causes the server to periodically send a message to the client. The + connection is considered broken when the client does not respond. The + keepalive option can be useful when users turn off their machine while + it is still connected to a server. The keepalive option is not useful + for datagram (UDP) services. .IP "linger = number_of_seconds" Specifies how long the kernel will try to deliver not-yet delivered ! data after the server process closes a connection. ! .IP "nice = niceval" ! .IP "nice (no argument)" ! Change the nice value of the process (default 10). Specify a positive ! value to spend more CPU resources on other processes. .IP "user = nobody" Assume the privileges of the "nobody" account. This is useful with inetd implementations that run all services with root privilege. It is *************** *** 117,132 **** .sp Warning: many network daemons reset their environment before spawning a login or shell process. ! .IP "rfc931 [= timeout]" ! Look up the remote user name with the RFC 931 protocol. This option is ! silently ignored in case of services based on transports other than ! TCP. Requires that the remote system runs an RFC 931-compliant daemon, ! and may cause noticeable delays with connections from non-UNIX hosts. ! The timeout period (in seconds) is optional. If no timeout is specified ! a default value is taken. .SH DIAGNOSTICS ! An error is reported when a syntax error is found in a host access ! control rule; further options will be ignored, and service is denied. .SH SEE ALSO hosts_access(5), the default access control language .SH AUTHOR --- 129,146 ---- .sp Warning: many network daemons reset their environment before spawning a login or shell process. ! .IP "rfc931 = timeout_in_seconds" ! .IP "rfc931 (no argument)" ! Look up the remote user name with the RFC 931 (IDENT, etc.) protocol. ! This option is silently ignored in case of services based on transports ! other than TCP. It requires that the client system runs an RFC 931 ! (IDENT, etc.) -compliant daemon, and may cause noticeable delays with ! connections from non-UNIX hosts. The timeout period is optional. If no ! timeout is specified a default value is taken. .SH DIAGNOSTICS ! When a syntax error is found in an access control rule, the error ! is reported to the syslog daemon; further options will be ignored, ! and service is denied. .SH SEE ALSO hosts_access(5), the default access control language .SH AUTHOR *************** *** 136,139 **** Department of Mathematics and Computing Science Eindhoven University of Technology Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands ! \" @(#) hosts_options.5 1.8 93/12/13 22:23:09 --- 150,153 ---- Department of Mathematics and Computing Science Eindhoven University of Technology Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands ! \" @(#) hosts_options.5 1.9 94/03/23 16:52:32 diff -c ../6.2/options.c ./options.c *** ../6.2/options.c Wed Mar 23 18:14:58 1994 --- ./options.c Wed Mar 23 18:15:43 1994 *************** *** 25,30 **** --- 25,34 ---- * course of action. */ + #ifndef lint + static char sccsid[] = "@(#) options.c 1.13 94/03/23 16:15:59"; + #endif + /* System libraries. */ #include <sys/types.h> *************** *** 57,66 **** --- 61,72 ---- static void group_option(); /* execute "group=name" option */ static void umask_option(); /* execute "umask=mask" option */ static void linger_option(); /* execute "linger=time" option */ + static void keepalive_option(); /* execute "keepalive" option */ static void spawn_option(); /* execute "spawn=command" option */ static void twist_option(); /* execute "twist=command" option */ static void rfc931_option(); /* execute "rfc931" option */ static void setenv_option(); /* execute "setenv=name value" */ + static void nice_option(); /* execute "nice" option */ static void severity_option(); /* execute "severity=value" */ static void allow_option(); /* execute "allow" option */ static void deny_option(); /* execute "deny" option */ *************** *** 91,100 **** --- 97,108 ---- "group", group_option, NEED_ARG, /* switch group id */ "umask", umask_option, NEED_ARG, /* change umask */ "linger", linger_option, NEED_ARG, /* change socket linger time */ + "keepalive", keepalive_option, 0, /* set socket keepalive option */ "spawn", spawn_option, NEED_ARG, /* spawn shell command */ "twist", twist_option, NEED_ARG | USE_LAST, /* replace current process */ "rfc931", rfc931_option, OPT_ARG, /* do RFC 931 lookup */ "setenv", setenv_option, NEED_ARG, /* update environment */ + "nice", nice_option, OPT_ARG, /* change nice value */ "severity", severity_option, NEED_ARG, /* adjust logging level */ "allow", allow_option, USE_LAST, /* grant access */ "deny", deny_option, USE_LAST, /* deny access */ *************** *** 330,337 **** return; } linger.l_onoff = (linger.l_linger != 0); ! if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *) &linger, sizeof(linger)) ! < 0) { syslog(LOG_ERR, "error: %s, line %d: setsockopt SO_LINGER %d: %m", hosts_access_file, hosts_access_line, linger.l_linger); longjmp(options_buf, OPT_DENY); --- 338,345 ---- return; } linger.l_onoff = (linger.l_linger != 0); ! if (setsockopt(client->fd, SOL_SOCKET, SO_LINGER, (char *) &linger, ! sizeof(linger)) < 0) { syslog(LOG_ERR, "error: %s, line %d: setsockopt SO_LINGER %d: %m", hosts_access_file, hosts_access_line, linger.l_linger); longjmp(options_buf, OPT_DENY); *************** *** 343,348 **** --- 351,423 ---- #endif } + /* keepalive_option - set the socket keepalive option */ + + /* ARGSUSED */ + + static void keepalive_option(value, daemon, client) + char *value; + char *daemon; + struct client_info *client; + { + #if defined(SO_KEEPALIVE) && !defined(BROKEN_SO_KEEPALIVE) + int on = 1; + + if (dry_run) { + syslog(LOG_DEBUG, "option: keepalive"); + return; + } + if (setsockopt(client->fd, SOL_SOCKET, SO_KEEPALIVE, (char *) &on, + sizeof(on)) < 0) + syslog(LOG_WARNING, "warning: %s, line %d: setsockopt SO_KEEPALIVE: %m", + hosts_access_file, hosts_access_line); + #else + syslog(LOG_WARNING, "warning: %s, line %d: SO_KEEPALIVE not supported", + hosts_access_file, hosts_access_line); + #endif + } + + /* nice_option - set nice value */ + + /* ARGSUSED */ + + static void nice_option(value, daemon, client) + char *value; + char *daemon; + struct client_info *client; + { + int niceval = 10; + char junk; + + if (value != 0 && sscanf(value, "%d%c", &niceval, &junk) != 1) { + syslog(LOG_ERR, "error: %s, line %d: bad nice value: \"%s\"", + hosts_access_file, hosts_access_line, value); + longjmp(options_buf, OPT_DENY); + } + if (dry_run) { + syslog(LOG_DEBUG, "option: nice = %d", niceval); + return; + } + if (nice(niceval) < 0) { + syslog(LOG_WARNING, "warning: %s, line %d: nice(%d): %m", + hosts_access_file, hosts_access_line, niceval); + } + } + + /* maybe_dup2 - conditional dup2 */ + + static int maybe_dup2(fd1, fd2) + int fd1; + int fd2; + { + if (fd1 == fd2) { /* already OK */ + return (fd2); + } else { /* dup new to old */ + close(fd2); + return (dup(fd1)); + } + } + /* twist_option - replace process by shell command */ static void twist_option(value, daemon, client) *************** *** 364,379 **** syslog(deny_severity, "twist %s to %s", hosts_info(client), buf); closelog(); ! /* ! * Before switching to the shell, set up stdout and stderr in case the ! * Ultrix inetd didn't. ! */ ! (void) close(1); ! (void) close(2); ! if (dup(0) != 1 || dup(0) != 2) { error = "twist_option: dup: %m"; } else { (void) execl("/bin/sh", "sh", "-c", buf, (char *) 0); error = "twist_option: /bin/sh: %m"; } --- 439,453 ---- syslog(deny_severity, "twist %s to %s", hosts_info(client), buf); closelog(); ! /* Before switching to the shell, set up stdin, stdout and stderr. */ ! if (maybe_dup2(client->fd, 0) != 0 || ! maybe_dup2(client->fd, 1) != 1 || ! maybe_dup2(client->fd, 2) != 2) { error = "twist_option: dup: %m"; } else { + if (client->fd > 2) + close(client->fd); (void) execl("/bin/sh", "sh", "-c", buf, (char *) 0); error = "twist_option: /bin/sh: %m"; } *************** *** 406,412 **** if (value) { if (sscanf(value, "%d%c", &timeout, &junk) != 1 || timeout <= 0) { ! syslog(LOG_ERR, "error: rfc931_option: bad timeout: \"%s\"", value); longjmp(options_buf, OPT_DENY); } rfc931_timeout = timeout; --- 480,487 ---- if (value) { if (sscanf(value, "%d%c", &timeout, &junk) != 1 || timeout <= 0) { ! syslog(LOG_ERR, "error: %s, line %d: bad rfc931 timeout: \"%s\"", ! hosts_access_file, hosts_access_line, value); longjmp(options_buf, OPT_DENY); } rfc931_timeout = timeout; *************** *** 453,459 **** return; } if (setenv(var_name, var_value, 1)) { ! syslog(LOG_ERR, "setenv_option: memory allocation failure"); longjmp(options_buf, OPT_DENY); } } --- 528,535 ---- return; } if (setenv(var_name, var_value, 1)) { ! syslog(LOG_ERR, "error: %s, line %d: memory allocation failure", ! hosts_access_file, hosts_access_line); longjmp(options_buf, OPT_DENY); } } diff -c ../6.2/patchlevel.h ./patchlevel.h *** ../6.2/patchlevel.h Wed Mar 23 18:14:59 1994 --- ./patchlevel.h Wed Mar 23 18:15:44 1994 *************** *** 1,3 **** #ifndef lint ! static char patchlevel[] = "@(#) patchlevel 6.2"; #endif --- 1,3 ---- #ifndef lint ! static char patchlevel[] = "@(#) patchlevel 6.3 94/03/23 17:59:52"; #endif diff -c ../6.2/ptx.c ./ptx.c *** ../6.2/ptx.c Wed Mar 23 18:15:06 1994 --- ./ptx.c Wed Mar 23 18:15:50 1994 *************** *** 20,26 **** */ #ifndef lint ! static char sccsid[] = "@(#) ptx.c 1.1 94/02/01 22:12:15"; #endif #ifdef PTX --- 20,26 ---- */ #ifndef lint ! static char sccsid[] = "@(#) ptx.c 1.2 94/03/23 16:51:56"; #endif #ifdef PTX *************** *** 83,89 **** * Another suggestion was to temporarily switch to the socket interface, * identify the client name/address with socket calls, then to switch * back to TLI. This seems to works OK with UDP services, but utterly ! * messes up rlogind and telnetd. */ #define SWAP_MODULE(f, old, new) (ioctl(f, I_POP, old), ioctl(f, I_PUSH, new)) --- 83,90 ---- * Another suggestion was to temporarily switch to the socket interface, * identify the client name/address with socket calls, then to switch * back to TLI. This seems to works OK with UDP services, but utterly ! * messes up rlogind and telnetd. No problem, rlogind and telnetd are ! * taken care of by the code above. */ #define SWAP_MODULE(f, old, new) (ioctl(f, I_POP, old), ioctl(f, I_PUSH, new)) *** /dev/null Wed Mar 23 17:59:02 1994 --- ./tli-sequent.c Wed Mar 23 18:15:51 1994 *************** *** 0 **** --- 1,222 ---- + /* + * tli_host() determines the type of transport (connected, connectionless), + * the name and address of the host at the other end of a network link. In + * case of an IP service, tli_host() also determines the local address and + * port, and the remote username if username lookups are done irrespective + * of client. All results are in static memory. + * + * The return status is (-1) if the remote host pretends to have someone elses + * name, or if the remote host name is available but could not be verified; + * in either case the hostname will be ignored. The return status is zero in + * all other cases (the hostname is unavailable, or the host name double + * check succeeds). + * + * Diagnostics are reported through syslog(3). + * + * Warning - this relies heavily on the TLI implementation in PTX 2.X + * and will probably not work under PTX 4. + * + * Author: Tim Wright, Sequent Computer Systems Ltd., UK. + */ + + #ifndef lint + static char sccsid[] = "@(#) tli-sequent.c 1.0 94/02/11 10:20:30"; + #endif + + #ifdef TLI_SEQUENT + + /* System libraries. */ + + #include <sys/types.h> + #include <sys/param.h> + #include <sys/stat.h> + #include <sys/tiuser.h> + #include <sys/stream.h> + #include <sys/stropts.h> + #include <sys/tihdr.h> + #include <sys/timod.h> + #include <sys/socket.h> + #include <netinet/in.h> + #include <stdio.h> + #include <syslog.h> + #include <errno.h> + + extern char *strncpy(); + + /* Some systems versions advertise a too small MAXHOSTNAMELEN value. */ + + #if (MAXHOSTNAMELEN < 64) + #undef MAXHOSTNAMELEN + #endif + + /* In case not defined in <sys/param.h>. */ + + #ifndef MAXHOSTNAMELEN + #define MAXHOSTNAMELEN 256 /* storage for host name */ + #endif + + extern int errno; + extern char *sys_errlist[]; + extern int sys_nerr; + extern int t_errno; + extern char *t_errlist[]; + extern int t_nerr; + + /* Local stuff. */ + + #include "log_tcp.h" + #include "tli-sequent.h" + + /* Forward declarations. */ + + static char *tli_error(); + static void tli_sink(); + + /* tli_host - determine endpoint info */ + + int tli_host(client, fd) + struct client_info *client; + int fd; + { + static struct sockaddr_in rmt_sin; + static struct sockaddr_in our_sin; + struct _ti_user *tli_state_ptr; + union T_primitives *TSI_prim_ptr; + struct strpeek peek; + int len; + + /* + * Initialize the result with suitable defaults. + */ + + init_client(client); + client->fd = fd; + + /* + * Find out the client address using getpeerinaddr(). This call is the + * TLI equivalent to getpeername() under Dynix/ptx. + */ + + len = sizeof(rmt_sin); + t_sync(client->fd); + if (getpeerinaddr(client->fd, &rmt_sin, len) < 0) { + syslog(LOG_ERR, "error: can't get client address: %s", tli_error()); + return (0); /* address and name unknown */ + } + client->rmt_sin = &rmt_sin; + + /* Call TLI utility routine to get information on endpoint */ + if ((tli_state_ptr = _t_checkfd(fd)) == NULL) + return(0); + + if (tli_state_ptr->ti_servtype == T_CLTS) { + /* UDP - may need to get address the hard way */ + if (rmt_sin.sin_addr.s_addr == 0) { + /* The UDP endpoint is not connected so we didn't get the */ + /* remote address - get it the hard way ! */ + + /* Look at the control part of the top message on the stream */ + /* we don't want to remove it from the stream so we use I_PEEK */ + peek.ctlbuf.maxlen = tli_state_ptr->ti_ctlsize; + peek.ctlbuf.len = 0; + peek.ctlbuf.buf = tli_state_ptr->ti_ctlbuf; + /* Don't even look at the data */ + peek.databuf.maxlen = -1; + peek.databuf.len = 0; + peek.databuf.buf = 0; + peek.flags = 0; + + switch (ioctl(client->fd, I_PEEK, &peek)) { + case -1: + syslog(LOG_ERR, "error: can't peek at endpoint: %s", tli_error()); + return(0); + case 0: + /* No control part - we're hosed */ + syslog(LOG_ERR, "error: can't get UDP info: %s", tli_error()); + return(0); + default: + /* FALL THROUGH */ + ; + } + /* Can we even check the PRIM_type ? */ + if (peek.ctlbuf.len < sizeof(long)) { + syslog(LOG_ERR, "error: UDP control info garbage"); + return(0); + } + TSI_prim_ptr = (union T_primitives *) peek.ctlbuf.buf; + if (TSI_prim_ptr->type != T_UNITDATA_IND) { + syslog(LOG_ERR, "error: wrong type for UDP control info"); + return(0); + } + /* Validate returned unitdata indication packet */ + if ((peek.ctlbuf.len < sizeof(struct T_unitdata_ind)) || + ((TSI_prim_ptr->unitdata_ind.OPT_length != 0) && + (peek.ctlbuf.len < + TSI_prim_ptr->unitdata_ind.OPT_length + + TSI_prim_ptr->unitdata_ind.OPT_offset))) { + syslog(LOG_ERR, "error: UDP control info garbaged"); + return(0); + } + /* Extract the address */ + memcpy(&rmt_sin, + peek.ctlbuf.buf + TSI_prim_ptr->unitdata_ind.SRC_offset, + TSI_prim_ptr->unitdata_ind.SRC_length); + } + client->sink = tli_sink; + } + + if (getmyinaddr(client->fd, &our_sin, len) < 0) + syslog(LOG_ERR, "error: can't get local address: %s", tli_error()); + else + client->our_sin = &our_sin; + return (sock_names(client)); + } + + /* tli_error - convert tli error number to text */ + + static char *tli_error() + { + static char buf[40]; + + if (t_errno != TSYSERR) { + if (t_errno < 0 || t_errno >= t_nerr) { + sprintf(buf, "Unknown TLI error %d", t_errno); + return (buf); + } else { + return (t_errlist[t_errno]); + } + } else { + if (errno < 0 || errno >= sys_nerr) { + sprintf(buf, "Unknown UNIX error %d", errno); + return (buf); + } else { + return (sys_errlist[errno]); + } + } + } + + /* tli_sink - absorb unreceived datagram */ + + static void tli_sink(fd) + int fd; + { + struct t_unitdata *unit; + int flags; + + /* + * Something went wrong. Absorb the datagram to keep inetd from looping. + * Allocate storage for address, control and data. If that fails, sleep + * for a couple of seconds in an attempt to keep inetd from looping too + * fast. + */ + + if ((unit = (struct t_unitdata *) t_alloc(fd, T_UNITDATA, T_ALL)) == 0) { + syslog(LOG_ERR, "error: t_alloc: %s", tli_error()); + sleep(5); + } else { + (void) t_rcvudata(fd, unit, &flags); + t_free((void *) unit, T_UNITDATA); + } + } + + #endif /* TLI_SEQUENT */ *** /dev/null Wed Mar 23 17:59:02 1994 --- ./tli-sequent.h Wed Mar 23 18:15:51 1994 *************** *** 0 **** --- 1,13 ---- + #ifdef __STDC__ + #define __P(X) X + #else + #define __P(X) () + #endif + + extern int t_sync __P((int)); + extern char *t_alloc __P((int, int, int)); + extern int t_free __P((char *, int)); + extern int t_rcvudata __P((int, struct t_unitdata *, int *)); + extern int getpeerinaddr __P((int, struct sockaddr_in *, int)); + extern int getmyinaddr __P((int, struct sockaddr_in *, int)); + extern struct _ti_user *_t_checkfd __P((int)); diff -c ../6.2/tli.c ./tli.c *** ../6.2/tli.c Wed Mar 23 18:15:02 1994 --- ./tli.c Wed Mar 23 18:15:46 1994 *************** *** 17,23 **** */ #ifndef lint ! static char sccsid[] = "@(#) tli.c 1.8 93/12/13 22:23:27"; #endif #ifdef TLI --- 17,23 ---- */ #ifndef lint ! static char sccsid[] = "@(#) tli.c 1.9 94/03/23 16:24:47"; #endif #ifdef TLI *************** *** 26,31 **** --- 26,32 ---- #include <sys/types.h> #include <sys/param.h> + #include <sys/stream.h> #include <sys/stat.h> #include <sys/mkdev.h> #include <sys/tiuser.h> *************** *** 52,57 **** --- 53,59 ---- #define MAXHOSTNAMELEN 256 /* storage for host name */ #endif + extern char *nc_sperror(); extern int errno; extern char *sys_errlist[]; extern int sys_nerr; diff -c ../6.2/try.c ./try.c *** ../6.2/try.c Wed Mar 23 18:14:52 1994 --- ./try.c Wed Mar 23 18:15:37 1994 *************** *** 17,23 **** */ #ifndef lint ! static char sccsid[] = "@(#) try.c 1.10 94/02/01 22:12:19"; #endif #include <sys/types.h> --- 17,23 ---- */ #ifndef lint ! static char sccsid[] = "@(#) try.c 1.11 94/03/23 17:03:14"; #endif #include <sys/types.h> *************** *** 31,36 **** --- 31,37 ---- extern void exit(); extern char *strchr(); + extern char *strcpy(); #ifndef HOSTS_ACCESS *************** *** 117,122 **** --- 118,125 ---- char *at; char *user; char *host; + char reverse_name[BUFSIZ]; + struct in_addr addr; /* * Parse the JCL. *************** *** 170,200 **** /* * Otherwise, assume that a host name is specified, and insist that the * address is known. The reason is that in real life, the host address is ! * always available. */ if ((hp = gethostbyname(host)) == 0) { fprintf(stderr, "host %s: address lookup failed\n", host); return (1); } /* * Use the hostname that gethostbyaddr() would give us. On systems with ! * NIS this may be an unqualified name. We should use that even though a ! * FQDN was given on the command line. */ ! if ((hp = gethostbyaddr((char *) hp->h_addr_list[0], ! sizeof(struct in_addr), AF_INET)) == 0) { fprintf(stderr, "host %s: address->name lookup failed\n", host); return (1); } /* * Iterate over all known addresses for this host. This way we find out * if different addresses for the same host have different permissions, ! * something that we probably do not want. */ while (hp->h_addr_list[0]) { ! try(server, hp->h_name, inet_ntoa(*(struct in_addr *) * hp->h_addr_list++), user); if (hp->h_addr_list[0]) putchar('\n'); --- 173,212 ---- /* * Otherwise, assume that a host name is specified, and insist that the * address is known. The reason is that in real life, the host address is ! * always available (at least with IP). */ if ((hp = gethostbyname(host)) == 0) { fprintf(stderr, "host %s: address lookup failed\n", host); return (1); } + if (hp->h_addrtype != 0 && hp->h_addrtype != AF_INET) { + fprintf(stderr, + "Sorry, this test program cannot handle address family %d\n", + hp->h_addrtype); + return (1); + } + memcpy((char *) &addr, hp->h_addr_list[0], sizeof(addr)); /* * Use the hostname that gethostbyaddr() would give us. On systems with ! * NIS this may be an unqualified name, even when an FQDN was given on ! * the command line. */ ! if ((hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET)) == 0) { fprintf(stderr, "host %s: address->name lookup failed\n", host); return (1); } + strcpy(reverse_name, hp->h_name); + while ((hp = gethostbyname(reverse_name)) == 0) /* XXX */ + /* void */ ; /* * Iterate over all known addresses for this host. This way we find out * if different addresses for the same host have different permissions, ! * something that we may not want. */ while (hp->h_addr_list[0]) { ! try(server, reverse_name, inet_ntoa(*(struct in_addr *) * hp->h_addr_list++), user); if (hp->h_addr_list[0]) putchar('\n'); diff -c ../6.2/vfprintf.c ./vfprintf.c *** ../6.2/vfprintf.c Wed Mar 23 18:15:06 1994 --- ./vfprintf.c Wed Mar 23 18:15:51 1994 *************** *** 1,13 **** /* * vfprintf() and vprintf() clones. They will produce unexpected results ! * when excessive dynamic ("*") field widths are specified. This code was ! * adapted from my EXP programming language runtime system. * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. */ #ifndef lint ! static char sccsid[] = "@(#) vfprintf.c 1.1 94/02/01 22:12:21"; #endif #include <stdio.h> --- 1,13 ---- /* * vfprintf() and vprintf() clones. They will produce unexpected results ! * when excessive dynamic ("*") field widths are specified. To be used for ! * testing purposes only. * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. */ #ifndef lint ! static char sccsid[] = "@(#) vfprintf.c 1.2 94/03/23 17:44:46"; #endif #include <stdio.h> *************** *** 48,54 **** * strings, since we are ging to let fprintf() do the hard work. * In regular expression notation, we recognize: * ! * %-?0?([0-9]*|\*)\.?([0-9]*|\*)l?[a-z] * * which includes some combinations that do not make sense. */ --- 48,54 ---- * strings, since we are ging to let fprintf() do the hard work. * In regular expression notation, we recognize: * ! * %-?0?([0-9]+|\*)?\.?([0-9]+|\*)?l?[a-z] * * which includes some combinations that do not make sense. */ exit 0 # Just in case...