1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-15 10:17:20 +00:00
Commit Graph

24 Commits

Author SHA1 Message Date
Pedro F. Giffuni
eb4e1f8059 tcpd.h: add prototype for hosts_ctl
According the hosts_access(3) man page the hosts_ctl() prototype
should be in tcpd.h. For now, follow other declarations and don't
add the arguments in the prototype.

Reference:
https://www.illumos.org/issues/4385

PR:		32808
MFC after:	2 weeks
2014-10-11 18:54:37 +00:00
Pedro F. Giffuni
b1f8be4004 tcpd: complete function prototypes.
This clears up at least a build issues on mysql-server
ports. While here also replace some spaces with tabs
in our headers.

PR:		42336
MFC after:	2 weeks
2014-10-11 18:34:10 +00:00
Sean Bruno
707dd2b1d7 Queisce warning about undeclared function usage.
yp_get_default_domain is defined in workaround.c but is not declared
in any header file.  Tie the declaration to the same #define conditional
used when the function is called, NETGROUP
2013-10-30 22:45:35 +00:00
Sean Bruno
5375e4f833 Quiesce warning, which could be a bug IMO, by correctly defining the host_info
structure name
2013-10-30 22:43:40 +00:00
Sean Bruno
bbaadbd796 Quiesce two warnings:
1.  define the CODE * as const
2.  restructure function to eliminate warning about exiting with no return.
    severity_map() never returns when it can't find an appropriate sysylog
    facility, and it longjmp()'s away into error code handling.  Keep this
    behavior by stashing the facility value found during our search and
    checking for -1 if found.
2013-10-30 22:41:18 +00:00
Sean Bruno
46bcf11d50 Quiesce warnings by updating headerfile includes 2013-10-30 21:18:14 +00:00
Eitan Adler
37a6031461 Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in
share/mk/sys.mk instead.

This is part of a medium term project to permit deterministic builds of
FreeBSD.

Submitted by:	Erik Cederstrand <erik@cederstrand.dk>
Reviewed by:	imp, toolchain@
Approved by:	cperciva
MFC after:	2 weeks
2012-12-06 01:31:25 +00:00
Rui Paulo
247cd15268 Make these files compile with clang.
Submitted by:	Dimitry Andric <dimitry at andric.com>
2010-07-22 18:52:29 +00:00
Maxim Sobolev
d594463f1b Allow comment (#) to be placed anywhere in the line, not only at the
beginning, so it's consistent with other configuration files.

MFC after:	3 weeks
2010-01-08 10:54:15 +00:00
Hajimu UMEMOTO
4f10131848 NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.
2005-05-13 16:31:11 +00:00
Ceri Davies
c0b3834d3c Correct compilation with "#define really_paranoid".
PR:		bin/59674
Submitted by:	Vaclav Rehak <vasek@zoom-int.cz>
2003-12-27 14:58:00 +00:00
Peter Wemm
cf67b27ecc Add a declaration that malloc() returns a pointer, not an int. Otherwise
this segfaults on ia64.  (Cannot cast an int to a pointer).
The rest of the code does it this way rather than use system includes....
2003-01-08 07:02:07 +00:00
Kris Kennaway
50fdf20002 This commit was generated by cvs2svn to compensate for changes in r80260,
which included commits to RCS files with non-trunk default branches.
2001-07-24 09:05:00 +00:00
Kris Kennaway
7c79d50ee7 Import updated/clarified license for tcp_wrappers.
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that this entire copyright notice
+* is duplicated in all such copies.

Obtained from:	ftp://ftp.porcupine.org/pub/security/tcp_wrappers_license
2001-07-24 09:05:00 +00:00
Kris Kennaway
c16e19ce77 Unbreak "paranoid" host checking, which was broken with the IPv6 code
import.

Submitted by:	Tony Finch <dot@dotat.at>
2001-07-04 20:16:18 +00:00
David Malone
b8980b2773 Make tcpwrappers use the magic in syslog.h for getting syslog facility
and level names.

Add FreeBSD tag.

PR:		24218
Approved by:	markm
2001-01-14 23:00:59 +00:00
Hajimu UMEMOTO
6568848868 - reject numeric address
- validate scope in sockaddr comparison logic

patch was originally submitted by itojun and slightly modified by me.

Reviewed by:	itojun, kris
2000-09-25 00:41:55 +00:00
Hajimu UMEMOTO
2f0cc2fd05 Don't touch ai_canonname without checking NULL. Current
implementation of getaddrinfo() may return NULL ai_canonname.
There is no consensus how getaddrinfo() should fill ai_canonname
when numeric hostname is given.

Reported by:	kris
2000-09-23 15:40:12 +00:00
Hajimu UMEMOTO
b208ff84c1 Add IPv6 scoped address support.
It enables us to control link-local connections by interface like
this:

    ALL : [fe80::%ed0]/10 : allow
    ALL : [fe80::]/10 : deny
2000-07-14 17:15:34 +00:00
David Malone
c268f6e47c Stop the tcp_wrappers ident code sending a request which is split
across several packets. This is done by not turning off buffering
on the stdio stream for the ident connection. Originally this was
done to avoid reading back what you'd just written into the buffer.
However ANSI C gives a list of functions which should allow you to
safely change direction on a stdio stream, and Wietse found that
fseek seemed to be the most portable.

The original patch used a different workaround, but this should be
a real fix.

PR:		16086
Reviewed by:	wietse@porcupine.org
(Original version) Approved by:	markm
2000-07-14 15:07:37 +00:00
Yoshinobu Inoue
8053080cbc Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it.
Now when tcp_wrapper is enabled by inetd -wW,
  several accesses which should be permitted are refused only for IPv6,
  if hostname is used to decide the host to be allowed.
  IPv6 users will be just upset.

  About security related concern.
    -All extensions are wrapped by #ifdef INET6, so people can completely
     disable the extension by recompile libwrap without INET6 option.
    -Access via IPv6 is not enabled by default.
     People need to enable IPv6 access by changing /etc/inetd.conf at first,
     by adding tcp6 and/or tcp46 entries.
    -The base of patches are from KAME package and are actually daily used
     for more than a year in several Japanese IPv6 environments.
    -Patches are reviewed by markm.

Approved by: jkh

Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: markm
Obtained from: KAME project
2000-02-03 10:27:03 +00:00
Sheldon Hearn
99abb2876d Add the ``blacklist'' feature, which allows a path to a filename to
be used as a valid pattern in the access control language.

Patch obtained from ftp://ftp.porcupine.org/pub/security/ .

Requested by:	markm
1999-09-21 09:09:57 +00:00
Andrey A. Chernov
d8094070f9 Since our inetd wrapped now, treat all its services as tcpd-prefixed
for tcpdchk
1999-04-03 04:02:29 +00:00
Mark Murray
2aef693010 Clean import of TCP-wrappers by Wietse Venema.
Rest of build to follow.
1999-03-14 17:13:19 +00:00