| diff -ruNp tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 |
| --- tcp_wrappers_7.6.orig/hosts_access.3 2005-03-09 18:30:25.000000000 +0100 |
| +++ tcp_wrappers_7.6/hosts_access.3 2005-03-09 18:27:03.000000000 +0100 |
| @@ -3,7 +3,7 @@ |
| hosts_access, hosts_ctl, request_init, request_set \- access control library |
| .SH SYNOPSIS |
| .nf |
| -#include "tcpd.h" |
| +#include <tcpd.h> |
| |
| extern int allow_severity; |
| extern int deny_severity; |
| diff -ruNp tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 |
| --- tcp_wrappers_7.6.orig/hosts_access.5 2005-03-09 18:30:25.000000000 +0100 |
| +++ tcp_wrappers_7.6/hosts_access.5 2005-03-09 18:30:18.000000000 +0100 |
| @@ -8,9 +8,9 @@ name, host name/address) patterns. Exam |
| impatient reader is encouraged to skip to the EXAMPLES section for a |
| quick introduction. |
| .PP |
| -An extended version of the access control language is described in the |
| -\fIhosts_options\fR(5) document. The extensions are turned on at |
| -program build time by building with -DPROCESS_OPTIONS. |
| +The extended version of the access control language is described in the |
| +\fIhosts_options\fR(5) document. \fBNote that this language supersedes |
| +the meaning of \fIshell_command\fB as documented below.\fR |
| .PP |
| In the following text, \fIdaemon\fR is the process name of a |
| network daemon process, and \fIclient\fR is the name and/or address of |
| @@ -346,8 +346,8 @@ in.tftpd: LOCAL, .my.domain |
| /etc/hosts.deny: |
| .in +3 |
| .nf |
| -in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\ |
| - /usr/ucb/mail -s %d-%h root) & |
| +in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h | \\ |
| + /usr/bin/mail -s %d-%h root) & |
| .fi |
| .PP |
| The safe_finger command comes with the tcpd wrapper and should be |
| @@ -383,6 +383,7 @@ that shouldn\'t. All problems are repor |
| .fi |
| .SH SEE ALSO |
| .nf |
| +hosts_options(5) extended syntax. |
| tcpd(8) tcp/ip daemon wrapper program. |
| tcpdchk(8), tcpdmatch(8), test programs. |
| .SH BUGS |
| diff -ruNp tcp_wrappers_7.6.orig/hosts_options.5 tcp_wrappers_7.6/hosts_options.5 |
| --- tcp_wrappers_7.6.orig/hosts_options.5 2005-03-09 18:30:24.000000000 +0100 |
| +++ tcp_wrappers_7.6/hosts_options.5 2005-03-09 18:27:03.000000000 +0100 |
| @@ -2,10 +2,8 @@ |
| .SH NAME |
| hosts_options \- host access control language extensions |
| .SH DESCRIPTION |
| -This document describes optional extensions to the language described |
| -in the hosts_access(5) document. The extensions are enabled at program |
| -build time. For example, by editing the Makefile and turning on the |
| -PROCESS_OPTIONS compile-time option. |
| +This document describes extensions to the language described |
| +in the hosts_access(5) document. |
| .PP |
| The extensible language uses the following format: |
| .sp |
| @@ -58,12 +56,12 @@ Notice the leading dot on the domain nam |
| Execute, in a child process, the specified shell command, after |
| performing the %<letter> expansions described in the hosts_access(5) |
| manual page. The command is executed with stdin, stdout and stderr |
| -connected to the null device, so that it won\'t mess up the |
| +connected to the null device, so that it won't mess up the |
| conversation with the client host. Example: |
| .sp |
| .nf |
| .ti +3 |
| -spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) & |
| +spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) & |
| .fi |
| .sp |
| executes, in a background child process, the shell command "safe_finger |
| diff -ruNp tcp_wrappers_7.6.orig/inetcf.c tcp_wrappers_7.6/inetcf.c |
| --- tcp_wrappers_7.6.orig/inetcf.c 1997-02-12 02:13:24.000000000 +0100 |
| +++ tcp_wrappers_7.6/inetcf.c 2005-03-09 18:27:03.000000000 +0100 |
| @@ -26,13 +26,17 @@ extern void exit(); |
| * guesses. Shorter names follow longer ones. |
| */ |
| char *inet_files[] = { |
| +#if 0 |
| "/private/etc/inetd.conf", /* NEXT */ |
| "/etc/inet/inetd.conf", /* SYSV4 */ |
| "/usr/etc/inetd.conf", /* IRIX?? */ |
| +#endif |
| "/etc/inetd.conf", /* BSD */ |
| +#if 0 |
| "/etc/net/tlid.conf", /* SYSV4?? */ |
| "/etc/saf/tlid.conf", /* SYSV4?? */ |
| "/etc/tlid.conf", /* SYSV4?? */ |
| +#endif |
| 0, |
| }; |
| |
| diff -ruNp tcp_wrappers_7.6.orig/tcpd.8 tcp_wrappers_7.6/tcpd.8 |
| --- tcp_wrappers_7.6.orig/tcpd.8 1996-02-21 16:39:16.000000000 +0100 |
| +++ tcp_wrappers_7.6/tcpd.8 2005-03-09 18:27:03.000000000 +0100 |
| @@ -12,7 +12,11 @@ The program supports both 4.3BSD-style s |
| TLI. Functionality may be limited when the protocol underneath TLI is |
| not an internet protocol. |
| .PP |
| -Operation is as follows: whenever a request for service arrives, the |
| +There are two possible modes of operation: execution of \fItcpd\fP |
| +before a service started by \fIinetd\fP, or linking a daemon with |
| +the \fIlibwrap\fP shared library as documented in the \fIhosts_access\fR(3) |
| +manual page. Operation when started by \fIinetd\fP |
| +is as follows: whenever a request for service arrives, the |
| \fIinetd\fP daemon is tricked into running the \fItcpd\fP program |
| instead of the desired server. \fItcpd\fP logs the request and does |
| some additional checks. When all is well, \fItcpd\fP runs the |
| @@ -88,11 +92,11 @@ configuration files. |
| .sp |
| .in +5 |
| # mkdir /other/place |
| -# mv /usr/etc/in.fingerd /other/place |
| -# cp tcpd /usr/etc/in.fingerd |
| +# mv /usr/sbin/in.fingerd /other/place |
| +# cp tcpd /usr/sbin/in.fingerd |
| .fi |
| .PP |
| -The example assumes that the network daemons live in /usr/etc. On some |
| +The example assumes that the network daemons live in /usr/sbin. On some |
| systems, network daemons live in /usr/sbin or in /usr/libexec, or have |
| no `in.\' prefix to their name. |
| .SH EXAMPLE 2 |
| @@ -101,35 +105,34 @@ are left in their original place. |
| .PP |
| In order to monitor access to the \fIfinger\fR service, perform the |
| following edits on the \fIinetd\fR configuration file (usually |
| -\fI/etc/inetd.conf\fR or \fI/etc/inet/inetd.conf\fR): |
| +\fI/etc/inetd.conf\fR): |
| .nf |
| .sp |
| .ti +5 |
| -finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd |
| +finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd |
| .sp |
| becomes: |
| .sp |
| .ti +5 |
| -finger stream tcp nowait nobody /some/where/tcpd in.fingerd |
| +finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd |
| .sp |
| .fi |
| .PP |
| -The example assumes that the network daemons live in /usr/etc. On some |
| +The example assumes that the network daemons live in /usr/sbin. On some |
| systems, network daemons live in /usr/sbin or in /usr/libexec, the |
| daemons have no `in.\' prefix to their name, or there is no userid |
| field in the inetd configuration file. |
| .PP |
| Similar changes will be needed for the other services that are to be |
| covered by \fItcpd\fR. Send a `kill -HUP\' to the \fIinetd\fR(8) |
| -process to make the changes effective. AIX users may also have to |
| -execute the `inetimp\' command. |
| +process to make the changes effective. |
| .SH EXAMPLE 3 |
| In the case of daemons that do not live in a common directory ("secret" |
| or otherwise), edit the \fIinetd\fR configuration file so that it |
| specifies an absolute path name for the process name field. For example: |
| .nf |
| .sp |
| - ntalk dgram udp wait root /some/where/tcpd /usr/local/lib/ntalkd |
| + ntalk dgram udp wait root /usr/sbin/tcpd /usr/local/lib/ntalkd |
| .sp |
| .fi |
| .PP |
| @@ -164,6 +167,7 @@ The default locations of the host access |
| .SH SEE ALSO |
| .na |
| .nf |
| +hosts_access(3), functions provided by the libwrap library. |
| hosts_access(5), format of the tcpd access control tables. |
| syslog.conf(5), format of the syslogd control file. |
| inetd.conf(5), format of the inetd control file. |
| diff -ruNp tcp_wrappers_7.6.orig/tcpdchk.8 tcp_wrappers_7.6/tcpdchk.8 |
| --- tcp_wrappers_7.6.orig/tcpdchk.8 1995-01-08 17:00:31.000000000 +0100 |
| +++ tcp_wrappers_7.6/tcpdchk.8 2005-03-09 18:27:03.000000000 +0100 |
| @@ -9,8 +9,8 @@ tcpdchk [-a] [-d] [-i inet_conf] [-v] |
| potential and real problems it can find. The program examines the |
| \fItcpd\fR access control files (by default, these are |
| \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR), and compares the |
| -entries in these files against entries in the \fIinetd\fR or \fItlid\fR |
| -network configuration files. |
| +entries in these files against entries in the \fIinetd\fR |
| +network configuration file. |
| .PP |
| \fItcpdchk\fR reports problems such as non-existent pathnames; services |
| that appear in \fItcpd\fR access control rules, but are not controlled |
| @@ -26,14 +26,13 @@ problem. |
| .SH OPTIONS |
| .IP -a |
| Report access control rules that permit access without an explicit |
| -ALLOW keyword. This applies only when the extended access control |
| -language is enabled (build with -DPROCESS_OPTIONS). |
| +ALLOW keyword. |
| .IP -d |
| Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current |
| directory instead of the default ones. |
| .IP "-i inet_conf" |
| Specify this option when \fItcpdchk\fR is unable to find your |
| -\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when |
| +\fIinetd.conf\fR network configuration file, or when |
| you suspect that the program uses the wrong one. |
| .IP -v |
| Display the contents of each access control rule. Daemon lists, client |
| @@ -54,7 +53,6 @@ tcpdmatch(8), explain what tcpd would do |
| hosts_access(5), format of the tcpd access control tables. |
| hosts_options(5), format of the language extensions. |
| inetd.conf(5), format of the inetd control file. |
| -tlid.conf(5), format of the tlid control file. |
| .SH AUTHORS |
| .na |
| .nf |
| diff -ruNp tcp_wrappers_7.6.orig/tcpdmatch.8 tcp_wrappers_7.6/tcpdmatch.8 |
| --- tcp_wrappers_7.6.orig/tcpdmatch.8 2005-03-09 18:30:24.000000000 +0100 |
| +++ tcp_wrappers_7.6/tcpdmatch.8 2005-03-09 18:27:03.000000000 +0100 |
| @@ -13,7 +13,7 @@ request for service. Examples are given |
| The program examines the \fItcpd\fR access control tables (default |
| \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its |
| conclusion. For maximal accuracy, it extracts additional information |
| -from your \fIinetd\fR or \fItlid\fR network configuration file. |
| +from your \fIinetd\fR network configuration file. |
| .PP |
| When \fItcpdmatch\fR finds a match in the access control tables, it |
| identifies the matched rule. In addition, it displays the optional |
| @@ -50,7 +50,7 @@ Examine \fIhosts.allow\fR and \fIhosts.d |
| directory instead of the default ones. |
| .IP "-i inet_conf" |
| Specify this option when \fItcpdmatch\fR is unable to find your |
| -\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when |
| +\fIinetd.conf\fR network configuration file, or when |
| you suspect that the program uses the wrong one. |
| .SH EXAMPLES |
| To predict how \fItcpd\fR would handle a telnet request from the local |
| @@ -86,7 +86,6 @@ tcpdchk(8), tcpd configuration checker |
| hosts_access(5), format of the tcpd access control tables. |
| hosts_options(5), format of the language extensions. |
| inetd.conf(5), format of the inetd control file. |
| -tlid.conf(5), format of the tlid control file. |
| .SH AUTHORS |
| .na |
| .nf |