1Upstream-Status: Backport 2 3diff -ruNp tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 4--- tcp_wrappers_7.6.orig/hosts_access.3 2005-03-09 18:30:25.000000000 +0100 5+++ tcp_wrappers_7.6/hosts_access.3 2005-03-09 18:27:03.000000000 +0100 6@@ -3,7 +3,7 @@ 7 hosts_access, hosts_ctl, request_init, request_set \- access control library 8 .SH SYNOPSIS 9 .nf 10-#include "tcpd.h" 11+#include <tcpd.h> 12 13 extern int allow_severity; 14 extern int deny_severity; 15diff -ruNp tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 16--- tcp_wrappers_7.6.orig/hosts_access.5 2005-03-09 18:30:25.000000000 +0100 17+++ tcp_wrappers_7.6/hosts_access.5 2005-03-09 18:30:18.000000000 +0100 18@@ -8,9 +8,9 @@ name, host name/address) patterns. Exam 19 impatient reader is encouraged to skip to the EXAMPLES section for a 20 quick introduction. 21 .PP 22-An extended version of the access control language is described in the 23-\fIhosts_options\fR(5) document. The extensions are turned on at 24-program build time by building with -DPROCESS_OPTIONS. 25+The extended version of the access control language is described in the 26+\fIhosts_options\fR(5) document. \fBNote that this language supersedes 27+the meaning of \fIshell_command\fB as documented below.\fR 28 .PP 29 In the following text, \fIdaemon\fR is the the process name of a 30 network daemon process, and \fIclient\fR is the name and/or address of 31@@ -346,8 +346,8 @@ in.tftpd: LOCAL, .my.domain 32 /etc/hosts.deny: 33 .in +3 34 .nf 35-in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\ 36- /usr/ucb/mail -s %d-%h root) & 37+in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h | \\ 38+ /usr/bin/mail -s %d-%h root) & 39 .fi 40 .PP 41 The safe_finger command comes with the tcpd wrapper and should be 42@@ -383,6 +383,7 @@ that shouldn\'t. All problems are repor 43 .fi 44 .SH SEE ALSO 45 .nf 46+hosts_options(5) extended syntax. 47 tcpd(8) tcp/ip daemon wrapper program. 48 tcpdchk(8), tcpdmatch(8), test programs. 49 .SH BUGS 50diff -ruNp tcp_wrappers_7.6.orig/hosts_options.5 tcp_wrappers_7.6/hosts_options.5 51--- tcp_wrappers_7.6.orig/hosts_options.5 2005-03-09 18:30:24.000000000 +0100 52+++ tcp_wrappers_7.6/hosts_options.5 2005-03-09 18:27:03.000000000 +0100 53@@ -2,10 +2,8 @@ 54 .SH NAME 55 hosts_options \- host access control language extensions 56 .SH DESCRIPTION 57-This document describes optional extensions to the language described 58-in the hosts_access(5) document. The extensions are enabled at program 59-build time. For example, by editing the Makefile and turning on the 60-PROCESS_OPTIONS compile-time option. 61+This document describes extensions to the language described 62+in the hosts_access(5) document. 63 .PP 64 The extensible language uses the following format: 65 .sp 66@@ -58,12 +56,12 @@ Notice the leading dot on the domain nam 67 Execute, in a child process, the specified shell command, after 68 performing the %<letter> expansions described in the hosts_access(5) 69 manual page. The command is executed with stdin, stdout and stderr 70-connected to the null device, so that it won\'t mess up the 71+connected to the null device, so that it won't mess up the 72 conversation with the client host. Example: 73 .sp 74 .nf 75 .ti +3 76-spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) & 77+spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) & 78 .fi 79 .sp 80 executes, in a background child process, the shell command "safe_finger 81diff -ruNp tcp_wrappers_7.6.orig/inetcf.c tcp_wrappers_7.6/inetcf.c 82--- tcp_wrappers_7.6.orig/inetcf.c 1997-02-12 02:13:24.000000000 +0100 83+++ tcp_wrappers_7.6/inetcf.c 2005-03-09 18:27:03.000000000 +0100 84@@ -26,13 +26,17 @@ extern void exit(); 85 * guesses. Shorter names follow longer ones. 86 */ 87 char *inet_files[] = { 88+#if 0 89 "/private/etc/inetd.conf", /* NEXT */ 90 "/etc/inet/inetd.conf", /* SYSV4 */ 91 "/usr/etc/inetd.conf", /* IRIX?? */ 92+#endif 93 "/etc/inetd.conf", /* BSD */ 94+#if 0 95 "/etc/net/tlid.conf", /* SYSV4?? */ 96 "/etc/saf/tlid.conf", /* SYSV4?? */ 97 "/etc/tlid.conf", /* SYSV4?? */ 98+#endif 99 0, 100 }; 101 102diff -ruNp tcp_wrappers_7.6.orig/tcpd.8 tcp_wrappers_7.6/tcpd.8 103--- tcp_wrappers_7.6.orig/tcpd.8 1996-02-21 16:39:16.000000000 +0100 104+++ tcp_wrappers_7.6/tcpd.8 2005-03-09 18:27:03.000000000 +0100 105@@ -12,7 +12,11 @@ The program supports both 4.3BSD-style s 106 TLI. Functionality may be limited when the protocol underneath TLI is 107 not an internet protocol. 108 .PP 109-Operation is as follows: whenever a request for service arrives, the 110+There are two possible modes of operation: execution of \fItcpd\fP 111+before a service started by \fIinetd\fP, or linking a daemon with 112+the \fIlibwrap\fP shared library as documented in the \fIhosts_access\fR(3) 113+manual page. Operation when started by \fIinetd\fP 114+is as follows: whenever a request for service arrives, the 115 \fIinetd\fP daemon is tricked into running the \fItcpd\fP program 116 instead of the desired server. \fItcpd\fP logs the request and does 117 some additional checks. When all is well, \fItcpd\fP runs the 118@@ -88,11 +92,11 @@ configuration files. 119 .sp 120 .in +5 121 # mkdir /other/place 122-# mv /usr/etc/in.fingerd /other/place 123-# cp tcpd /usr/etc/in.fingerd 124+# mv /usr/sbin/in.fingerd /other/place 125+# cp tcpd /usr/sbin/in.fingerd 126 .fi 127 .PP 128-The example assumes that the network daemons live in /usr/etc. On some 129+The example assumes that the network daemons live in /usr/sbin. On some 130 systems, network daemons live in /usr/sbin or in /usr/libexec, or have 131 no `in.\' prefix to their name. 132 .SH EXAMPLE 2 133@@ -101,35 +105,34 @@ are left in their original place. 134 .PP 135 In order to monitor access to the \fIfinger\fR service, perform the 136 following edits on the \fIinetd\fR configuration file (usually 137-\fI/etc/inetd.conf\fR or \fI/etc/inet/inetd.conf\fR): 138+\fI/etc/inetd.conf\fR): 139 .nf 140 .sp 141 .ti +5 142-finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd 143+finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd 144 .sp 145 becomes: 146 .sp 147 .ti +5 148-finger stream tcp nowait nobody /some/where/tcpd in.fingerd 149+finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd 150 .sp 151 .fi 152 .PP 153-The example assumes that the network daemons live in /usr/etc. On some 154+The example assumes that the network daemons live in /usr/sbin. On some 155 systems, network daemons live in /usr/sbin or in /usr/libexec, the 156 daemons have no `in.\' prefix to their name, or there is no userid 157 field in the inetd configuration file. 158 .PP 159 Similar changes will be needed for the other services that are to be 160 covered by \fItcpd\fR. Send a `kill -HUP\' to the \fIinetd\fR(8) 161-process to make the changes effective. AIX users may also have to 162-execute the `inetimp\' command. 163+process to make the changes effective. 164 .SH EXAMPLE 3 165 In the case of daemons that do not live in a common directory ("secret" 166 or otherwise), edit the \fIinetd\fR configuration file so that it 167 specifies an absolute path name for the process name field. For example: 168 .nf 169 .sp 170- ntalk dgram udp wait root /some/where/tcpd /usr/local/lib/ntalkd 171+ ntalk dgram udp wait root /usr/sbin/tcpd /usr/local/lib/ntalkd 172 .sp 173 .fi 174 .PP 175@@ -164,6 +167,7 @@ The default locations of the host access 176 .SH SEE ALSO 177 .na 178 .nf 179+hosts_access(3), functions provided by the libwrap library. 180 hosts_access(5), format of the tcpd access control tables. 181 syslog.conf(5), format of the syslogd control file. 182 inetd.conf(5), format of the inetd control file. 183diff -ruNp tcp_wrappers_7.6.orig/tcpdchk.8 tcp_wrappers_7.6/tcpdchk.8 184--- tcp_wrappers_7.6.orig/tcpdchk.8 1995-01-08 17:00:31.000000000 +0100 185+++ tcp_wrappers_7.6/tcpdchk.8 2005-03-09 18:27:03.000000000 +0100 186@@ -9,8 +9,8 @@ tcpdchk [-a] [-d] [-i inet_conf] [-v] 187 potential and real problems it can find. The program examines the 188 \fItcpd\fR access control files (by default, these are 189 \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR), and compares the 190-entries in these files against entries in the \fIinetd\fR or \fItlid\fR 191-network configuration files. 192+entries in these files against entries in the \fIinetd\fR 193+network configuration file. 194 .PP 195 \fItcpdchk\fR reports problems such as non-existent pathnames; services 196 that appear in \fItcpd\fR access control rules, but are not controlled 197@@ -26,14 +26,13 @@ problem. 198 .SH OPTIONS 199 .IP -a 200 Report access control rules that permit access without an explicit 201-ALLOW keyword. This applies only when the extended access control 202-language is enabled (build with -DPROCESS_OPTIONS). 203+ALLOW keyword. 204 .IP -d 205 Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current 206 directory instead of the default ones. 207 .IP "-i inet_conf" 208 Specify this option when \fItcpdchk\fR is unable to find your 209-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when 210+\fIinetd.conf\fR network configuration file, or when 211 you suspect that the program uses the wrong one. 212 .IP -v 213 Display the contents of each access control rule. Daemon lists, client 214@@ -54,7 +53,6 @@ tcpdmatch(8), explain what tcpd would do 215 hosts_access(5), format of the tcpd access control tables. 216 hosts_options(5), format of the language extensions. 217 inetd.conf(5), format of the inetd control file. 218-tlid.conf(5), format of the tlid control file. 219 .SH AUTHORS 220 .na 221 .nf 222diff -ruNp tcp_wrappers_7.6.orig/tcpdmatch.8 tcp_wrappers_7.6/tcpdmatch.8 223--- tcp_wrappers_7.6.orig/tcpdmatch.8 2005-03-09 18:30:24.000000000 +0100 224+++ tcp_wrappers_7.6/tcpdmatch.8 2005-03-09 18:27:03.000000000 +0100 225@@ -13,7 +13,7 @@ request for service. Examples are given 226 The program examines the \fItcpd\fR access control tables (default 227 \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its 228 conclusion. For maximal accuracy, it extracts additional information 229-from your \fIinetd\fR or \fItlid\fR network configuration file. 230+from your \fIinetd\fR network configuration file. 231 .PP 232 When \fItcpdmatch\fR finds a match in the access control tables, it 233 identifies the matched rule. In addition, it displays the optional 234@@ -50,7 +50,7 @@ Examine \fIhosts.allow\fR and \fIhosts.d 235 directory instead of the default ones. 236 .IP "-i inet_conf" 237 Specify this option when \fItcpdmatch\fR is unable to find your 238-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when 239+\fIinetd.conf\fR network configuration file, or when 240 you suspect that the program uses the wrong one. 241 .SH EXAMPLES 242 To predict how \fItcpd\fR would handle a telnet request from the local 243@@ -86,7 +86,6 @@ tcpdchk(8), tcpd configuration checker 244 hosts_access(5), format of the tcpd access control tables. 245 hosts_options(5), format of the language extensions. 246 inetd.conf(5), format of the inetd control file. 247-tlid.conf(5), format of the tlid control file. 248 .SH AUTHORS 249 .na 250 .nf 251