summaryrefslogtreecommitdiff
path: root/recipes/tcp-wrappers/tcp-wrappers-7.6/01_man_portability
blob: 4963f82eb827ea1d54c74bfba203ee8065d912b9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
diff -ruNp tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3
--- tcp_wrappers_7.6.orig/hosts_access.3	2005-03-09 18:30:25.000000000 +0100
+++ tcp_wrappers_7.6/hosts_access.3	2005-03-09 18:27:03.000000000 +0100
@@ -3,7 +3,7 @@
 hosts_access, hosts_ctl, request_init, request_set \- access control library
 .SH SYNOPSIS
 .nf
-#include "tcpd.h"
+#include <tcpd.h>
 
 extern int allow_severity;
 extern int deny_severity;
diff -ruNp tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5
--- tcp_wrappers_7.6.orig/hosts_access.5	2005-03-09 18:30:25.000000000 +0100
+++ tcp_wrappers_7.6/hosts_access.5	2005-03-09 18:30:18.000000000 +0100
@@ -8,9 +8,9 @@ name, host name/address) patterns.  Exam
 impatient reader is encouraged to skip to the EXAMPLES section for a
 quick introduction.
 .PP
-An extended version of the access control language is described in the
-\fIhosts_options\fR(5) document. The extensions are turned on at
-program build time by building with -DPROCESS_OPTIONS.
+The extended version of the access control language is described in the
+\fIhosts_options\fR(5) document. \fBNote that this language supersedes
+the meaning of \fIshell_command\fB as documented below.\fR
 .PP
 In the following text, \fIdaemon\fR is the the process name of a
 network daemon process, and \fIclient\fR is the name and/or address of
@@ -346,8 +346,8 @@ in.tftpd: LOCAL, .my.domain
 /etc/hosts.deny:
 .in +3
 .nf
-in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\
-	/usr/ucb/mail -s %d-%h root) &
+in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h | \\
+	/usr/bin/mail -s %d-%h root) &
 .fi
 .PP
 The safe_finger command comes with the tcpd wrapper and should be
@@ -383,6 +383,7 @@ that shouldn\'t.  All problems are repor
 .fi
 .SH SEE ALSO
 .nf
+hosts_options(5) extended syntax.
 tcpd(8) tcp/ip daemon wrapper program.
 tcpdchk(8), tcpdmatch(8), test programs.
 .SH BUGS
diff -ruNp tcp_wrappers_7.6.orig/hosts_options.5 tcp_wrappers_7.6/hosts_options.5
--- tcp_wrappers_7.6.orig/hosts_options.5	2005-03-09 18:30:24.000000000 +0100
+++ tcp_wrappers_7.6/hosts_options.5	2005-03-09 18:27:03.000000000 +0100
@@ -2,10 +2,8 @@
 .SH NAME
 hosts_options \- host access control language extensions
 .SH DESCRIPTION
-This document describes optional extensions to the language described
-in the hosts_access(5) document. The extensions are enabled at program
-build time. For example, by editing the Makefile and turning on the 
-PROCESS_OPTIONS compile-time option.
+This document describes extensions to the language described
+in the hosts_access(5) document.
 .PP
 The extensible language uses the following format:
 .sp
@@ -58,12 +56,12 @@ Notice the leading dot on the domain nam
 Execute, in a child process, the specified shell command, after
 performing the %<letter> expansions described in the hosts_access(5)
 manual page.  The command is executed with stdin, stdout and stderr
-connected to the null device, so that it won\'t mess up the
+connected to the null device, so that it won't mess up the
 conversation with the client host. Example:
 .sp
 .nf
 .ti +3
-spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) &
+spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) &
 .fi
 .sp
 executes, in a background child process, the shell command "safe_finger
diff -ruNp tcp_wrappers_7.6.orig/inetcf.c tcp_wrappers_7.6/inetcf.c
--- tcp_wrappers_7.6.orig/inetcf.c	1997-02-12 02:13:24.000000000 +0100
+++ tcp_wrappers_7.6/inetcf.c	2005-03-09 18:27:03.000000000 +0100
@@ -26,13 +26,17 @@ extern void exit();
   * guesses. Shorter names follow longer ones.
   */
 char   *inet_files[] = {
+#if 0
     "/private/etc/inetd.conf",		/* NEXT */
     "/etc/inet/inetd.conf",		/* SYSV4 */
     "/usr/etc/inetd.conf",		/* IRIX?? */
+#endif
     "/etc/inetd.conf",			/* BSD */
+#if 0
     "/etc/net/tlid.conf",		/* SYSV4?? */
     "/etc/saf/tlid.conf",		/* SYSV4?? */
     "/etc/tlid.conf",			/* SYSV4?? */
+#endif
     0,
 };
 
diff -ruNp tcp_wrappers_7.6.orig/tcpd.8 tcp_wrappers_7.6/tcpd.8
--- tcp_wrappers_7.6.orig/tcpd.8	1996-02-21 16:39:16.000000000 +0100
+++ tcp_wrappers_7.6/tcpd.8	2005-03-09 18:27:03.000000000 +0100
@@ -12,7 +12,11 @@ The program supports both 4.3BSD-style s
 TLI.  Functionality may be limited when the protocol underneath TLI is
 not an internet protocol.
 .PP
-Operation is as follows: whenever a request for service arrives, the
+There are two possible modes of operation: execution of \fItcpd\fP
+before a service started by \fIinetd\fP, or linking a daemon with
+the \fIlibwrap\fP shared library as documented in the \fIhosts_access\fR(3)
+manual page. Operation when started by \fIinetd\fP
+is as follows: whenever a request for service arrives, the
 \fIinetd\fP daemon is tricked into running the \fItcpd\fP program
 instead of the desired server. \fItcpd\fP logs the request and does
 some additional checks. When all is well, \fItcpd\fP runs the
@@ -88,11 +92,11 @@ configuration files.
 .sp
 .in +5
 # mkdir /other/place
-# mv /usr/etc/in.fingerd /other/place
-# cp tcpd /usr/etc/in.fingerd
+# mv /usr/sbin/in.fingerd /other/place
+# cp tcpd /usr/sbin/in.fingerd
 .fi
 .PP
-The example assumes that the network daemons live in /usr/etc. On some
+The example assumes that the network daemons live in /usr/sbin. On some
 systems, network daemons live in /usr/sbin or in /usr/libexec, or have
 no `in.\' prefix to their name.
 .SH EXAMPLE 2
@@ -101,35 +105,34 @@ are left in their original place.
 .PP
 In order to monitor access to the \fIfinger\fR service, perform the
 following edits on the \fIinetd\fR configuration file (usually 
-\fI/etc/inetd.conf\fR or \fI/etc/inet/inetd.conf\fR):
+\fI/etc/inetd.conf\fR):
 .nf
 .sp
 .ti +5
-finger  stream  tcp  nowait  nobody  /usr/etc/in.fingerd  in.fingerd
+finger  stream  tcp  nowait  nobody  /usr/sbin/in.fingerd  in.fingerd
 .sp
 becomes:
 .sp
 .ti +5
-finger  stream  tcp  nowait  nobody  /some/where/tcpd     in.fingerd
+finger  stream  tcp  nowait  nobody  /usr/sbin/tcpd     in.fingerd
 .sp
 .fi
 .PP
-The example assumes that the network daemons live in /usr/etc. On some
+The example assumes that the network daemons live in /usr/sbin. On some
 systems, network daemons live in /usr/sbin or in /usr/libexec, the
 daemons have no `in.\' prefix to their name, or there is no userid
 field in the inetd configuration file.
 .PP
 Similar changes will be needed for the other services that are to be
 covered by \fItcpd\fR.  Send a `kill -HUP\' to the \fIinetd\fR(8)
-process to make the changes effective. AIX users may also have to
-execute the `inetimp\' command.
+process to make the changes effective.
 .SH EXAMPLE 3
 In the case of daemons that do not live in a common directory ("secret"
 or otherwise), edit the \fIinetd\fR configuration file so that it
 specifies an absolute path name for the process name field. For example:
 .nf
 .sp
-    ntalk  dgram  udp  wait  root  /some/where/tcpd  /usr/local/lib/ntalkd
+    ntalk  dgram  udp  wait  root  /usr/sbin/tcpd  /usr/local/lib/ntalkd
 .sp
 .fi
 .PP
@@ -164,6 +167,7 @@ The default locations of the host access
 .SH SEE ALSO
 .na
 .nf
+hosts_access(3), functions provided by the libwrap library.
 hosts_access(5), format of the tcpd access control tables.
 syslog.conf(5), format of the syslogd control file.
 inetd.conf(5), format of the inetd control file.
diff -ruNp tcp_wrappers_7.6.orig/tcpdchk.8 tcp_wrappers_7.6/tcpdchk.8
--- tcp_wrappers_7.6.orig/tcpdchk.8	1995-01-08 17:00:31.000000000 +0100
+++ tcp_wrappers_7.6/tcpdchk.8	2005-03-09 18:27:03.000000000 +0100
@@ -9,8 +9,8 @@ tcpdchk [-a] [-d] [-i inet_conf] [-v]
 potential and real problems it can find. The program examines the
 \fItcpd\fR access control files (by default, these are
 \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR), and compares the
-entries in these files against entries in the \fIinetd\fR or \fItlid\fR
-network configuration files.
+entries in these files against entries in the \fIinetd\fR
+network configuration file.
 .PP
 \fItcpdchk\fR reports problems such as non-existent pathnames; services
 that appear in \fItcpd\fR access control rules, but are not controlled
@@ -26,14 +26,13 @@ problem.
 .SH OPTIONS
 .IP -a
 Report access control rules that permit access without an explicit
-ALLOW keyword. This applies only when the extended access control
-language is enabled (build with -DPROCESS_OPTIONS).
+ALLOW keyword.
 .IP -d
 Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
 directory instead of the default ones.
 .IP "-i inet_conf"
 Specify this option when \fItcpdchk\fR is unable to find your
-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
+\fIinetd.conf\fR network configuration file, or when
 you suspect that the program uses the wrong one.
 .IP -v
 Display the contents of each access control rule.  Daemon lists, client
@@ -54,7 +53,6 @@ tcpdmatch(8), explain what tcpd would do
 hosts_access(5), format of the tcpd access control tables.
 hosts_options(5), format of the language extensions.
 inetd.conf(5), format of the inetd control file.
-tlid.conf(5), format of the tlid control file.
 .SH AUTHORS
 .na
 .nf
diff -ruNp tcp_wrappers_7.6.orig/tcpdmatch.8 tcp_wrappers_7.6/tcpdmatch.8
--- tcp_wrappers_7.6.orig/tcpdmatch.8	2005-03-09 18:30:24.000000000 +0100
+++ tcp_wrappers_7.6/tcpdmatch.8	2005-03-09 18:27:03.000000000 +0100
@@ -13,7 +13,7 @@ request for service.  Examples are given
 The program examines the \fItcpd\fR access control tables (default
 \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its
 conclusion.  For maximal accuracy, it extracts additional information
-from your \fIinetd\fR or \fItlid\fR network configuration file.
+from your \fIinetd\fR network configuration file.
 .PP
 When \fItcpdmatch\fR finds a match in the access control tables, it
 identifies the matched rule. In addition, it displays the optional
@@ -50,7 +50,7 @@ Examine \fIhosts.allow\fR and \fIhosts.d
 directory instead of the default ones.
 .IP "-i inet_conf"
 Specify this option when \fItcpdmatch\fR is unable to find your
-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
+\fIinetd.conf\fR network configuration file, or when
 you suspect that the program uses the wrong one.
 .SH EXAMPLES
 To predict how \fItcpd\fR would handle a telnet request from the local
@@ -86,7 +86,6 @@ tcpdchk(8), tcpd configuration checker
 hosts_access(5), format of the tcpd access control tables.
 hosts_options(5), format of the language extensions.
 inetd.conf(5), format of the inetd control file.
-tlid.conf(5), format of the tlid control file.
 .SH AUTHORS
 .na
 .nf