summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--usr/src/Targetdirs2
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile25
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile.dist27
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppdump/CHANGES.top9
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppdump/INSTALL.top14
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppdump/LICENSE.top94
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile58
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.dist28
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.top22
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppdump/README.top32
-rw-r--r--usr/src/cmd/cmd-inet/usr.bin/pppdump/THIRDPARTYLICENSE (renamed from usr/src/cmd/cmd-inet/usr.bin/pppdump/COPYING.top)94
-rw-r--r--usr/src/cmd/sed/sed.1636
-rw-r--r--usr/src/cmd/sed/sed.txt391
-rw-r--r--usr/src/cmd/tcpd/BLURB36
-rw-r--r--usr/src/cmd/tcpd/Banners.Makefile70
-rw-r--r--usr/src/cmd/tcpd/CHANGES451
-rw-r--r--usr/src/cmd/tcpd/Makefile143
-rw-r--r--usr/src/cmd/tcpd/Makefile.dist903
-rw-r--r--usr/src/cmd/tcpd/Makefile.org889
-rw-r--r--usr/src/cmd/tcpd/Makefile.sfwsrc903
-rw-r--r--usr/src/cmd/tcpd/README1038
-rw-r--r--usr/src/cmd/tcpd/README.IRIX54
-rw-r--r--usr/src/cmd/tcpd/README.NIS207
-rw-r--r--usr/src/cmd/tcpd/README.ipv637
-rw-r--r--usr/src/cmd/tcpd/README.sfw29
-rw-r--r--usr/src/cmd/tcpd/THIRDPARTYLICENSE (renamed from usr/src/cmd/tcpd/DISCLAIMER)2
-rw-r--r--usr/src/cmd/tcpd/environ.c224
-rw-r--r--usr/src/cmd/tcpd/hosts.allow.42
-rw-r--r--usr/src/cmd/tcpd/hosts.deny.42
-rw-r--r--usr/src/cmd/tcpd/hosts_access.c.org331
-rw-r--r--usr/src/cmd/tcpd/libwrap.32
-rw-r--r--usr/src/cmd/tcpd/man.sed95
-rw-r--r--usr/src/cmd/tcpd/misc.c.org87
-rw-r--r--usr/src/cmd/tcpd/miscd.c120
-rw-r--r--usr/src/cmd/tcpd/myvsyslog.c33
-rw-r--r--usr/src/cmd/tcpd/ncr.c81
-rw-r--r--usr/src/cmd/tcpd/printf.ck3
-rw-r--r--usr/src/cmd/tcpd/ptx.c103
-rw-r--r--usr/src/cmd/tcpd/rfc931.c.org165
-rw-r--r--usr/src/cmd/tcpd/scaffold.c.org213
-rw-r--r--usr/src/cmd/tcpd/socket.c.diff289
-rw-r--r--usr/src/cmd/tcpd/socket.c.org235
-rw-r--r--usr/src/cmd/tcpd/strcasecmp.c94
-rw-r--r--usr/src/cmd/tcpd/tags149
-rw-r--r--usr/src/cmd/tcpd/tcpd.h.org219
-rw-r--r--usr/src/cmd/tcpd/tcpdchk.c.org462
-rw-r--r--usr/src/cmd/tcpd/tcpdmatch.c.org328
-rw-r--r--usr/src/cmd/tcpd/tli-sequent.c193
-rw-r--r--usr/src/cmd/tcpd/tli-sequent.h13
-rw-r--r--usr/src/cmd/tcpd/tli.c.org341
-rw-r--r--usr/src/cmd/tcpd/update.c.org119
-rw-r--r--usr/src/cmd/tcpd/vfprintf.c125
-rw-r--r--usr/src/lib/libwrap/DISCLAIMER16
-rw-r--r--usr/src/lib/libwrap/Makefile9
-rw-r--r--usr/src/lib/libwrap/Makefile.com20
-rw-r--r--usr/src/lib/libwrap/THIRDPARTYLICENSE.descrip1
-rw-r--r--usr/src/lib/libwrap/i386/Makefile4
-rw-r--r--usr/src/lib/libwrap/setenv.c44
-rw-r--r--usr/src/lib/libwrap/sparc/Makefile4
-rw-r--r--usr/src/man/man1/sed.11199
-rw-r--r--usr/src/man/man1m/Makefile9
-rw-r--r--usr/src/man/man1m/pppdump.1m (renamed from usr/src/cmd/cmd-inet/usr.bin/pppdump/pppdump.1m)5
-rw-r--r--usr/src/man/man1m/tcpd.1m (renamed from usr/src/cmd/tcpd/tcpd.8)99
-rw-r--r--usr/src/man/man1m/tcpdchk.1m (renamed from usr/src/cmd/tcpd/tcpdchk.8)38
-rw-r--r--usr/src/man/man1m/tcpdmatch.1m (renamed from usr/src/cmd/tcpd/tcpdmatch.8)38
-rw-r--r--usr/src/man/man3/Makefile14
-rw-r--r--usr/src/man/man3/hosts_access.3 (renamed from usr/src/cmd/tcpd/hosts_access.3)2
-rw-r--r--usr/src/man/man3c/Makefile7
-rw-r--r--usr/src/man/man3c/stdio.3c2
-rw-r--r--usr/src/man/man4/Makefile13
-rw-r--r--usr/src/man/man4/hosts_access.4 (renamed from usr/src/cmd/tcpd/hosts_access.5)33
-rw-r--r--usr/src/man/man4/hosts_options.4 (renamed from usr/src/cmd/tcpd/hosts_options.5)34
-rw-r--r--usr/src/man/man7fs/Makefile16
-rw-r--r--usr/src/man/man7fs/fd.7fs (renamed from usr/src/man/man4/fd.4)4
-rw-r--r--usr/src/pkg/manifests/SUNWcs.man4.inc4
-rw-r--r--usr/src/pkg/manifests/SUNWpppgS.mf7
-rw-r--r--usr/src/pkg/manifests/SUNWtcpdS.mf7
-rw-r--r--usr/src/pkg/manifests/source-network-pppdump.mf43
-rw-r--r--usr/src/pkg/manifests/source-security-tcp-wrapper.mf91
-rw-r--r--usr/src/pkg/manifests/system-kernel.man7fs.inc7
-rw-r--r--usr/src/pkg/manifests/system-library.man3c.inc6
-rw-r--r--usr/src/pkg/manifests/text-doctools.mf1
82 files changed, 1045 insertions, 10954 deletions
diff --git a/usr/src/Targetdirs b/usr/src/Targetdirs
index 6ce5f4d183..aacb5d905d 100644
--- a/usr/src/Targetdirs
+++ b/usr/src/Targetdirs
@@ -21,7 +21,7 @@
#
# Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
# Copyright 2011, Richard Lowe
-# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
#
#
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile b/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile
index 7be17b13aa..d577640c90 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile
+++ b/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile
@@ -22,6 +22,8 @@
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
MINCONN = minconn.so
PASSPROMPT = passprompt.so
@@ -68,13 +70,6 @@ $(LIBPPPPLUGIN):= FILEMODE = 0544
$(LIBPPPPLUGINDIR):= FILEMODE = 0755
-# This is needed because install doesn't handle -g well.
-UTILDIR= $(ROOT)/usr/share/src/ppputil
-ROOTSRC= $(UTILDIR)/plugins
-SRCFILES= Makefile minconn.c passprompt.c pppd.h
-ROOTSRCFILES= $(SRCFILES:%=$(ROOTSRC)/%)
-$(ROOTSRCFILES):= FILEMODE= 0444
-
.KEEP_STATE:
all: $(LIBRARIES)
@@ -91,7 +86,7 @@ $(PPPOE): pics .WAIT $$(PICS)
$(BUILD.SO)
$(POST_PROCESS_SO)
-install: all $(LIBPPPPLUGINDIR) $(LIBPPPPLUGIN) install_src
+install: all $(LIBPPPPLUGINDIR) $(LIBPPPPLUGIN)
$(LIBPPPPLUGINDIR):
$(INS.dir)
@@ -99,20 +94,6 @@ $(LIBPPPPLUGINDIR):
$(LIBPPPPLUGINDIR)/%: %
$(INS.file)
-$(UTILDIR) $(ROOTSRC):
- $(INS.dir)
-
-$(ROOTSRC)/Makefile%: Makefile%.dist
- $(INS.rename)
-
-$(ROOTSRC)/%.h: ../%.h
- $(INS.file)
-
-$(ROOTSRC)/%: %
- $(INS.file)
-
-install_src: $(UTILDIR) .WAIT $(ROOTSRC) .WAIT $(ROOTSRCFILES)
-
lint:
$(LINT.c) $(LINTSRCS) $(LDLIBS)
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile.dist b/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile.dist
deleted file mode 100644
index 972e8036fd..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile.dist
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-#ident "%Z%%M% %I% %E% SMI"
-#
-# Copyright (c) 2000 by Sun Microsystems, Inc.
-# All rights reserved.
-
-PLUGINS= minconn passprompt
-TARGETS= $(PLUGINS:%=%.so)
-OBJS= $(PLUGINS:%=%.o)
-PLUGINDIR= /usr/lib/inet/ppp/
-INSTALLED= $(TARGETS:%=$(PLUGINDIR)/%)
-CFLAGS= -DPPP_DEFS_IN_NET
-
-all: $(TARGETS)
-
-clean:
- $(RM) -f $(TARGETS) $(OBJS)
-
-%.so: %.o
- $(LD) -s -G -h $@ -o $@ $^
-
-install: $(TARGETS)
- @test -d $(PLUGINDIR) || mkdir -m 755 -p $(PLUGINDIR)
- @cp $(TARGETS) $(PLUGINDIR) && strip $(INSTALLED)
-
-clobber: clean
- $(RM) -f $(INSTALLED)
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/CHANGES.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/CHANGES.top
deleted file mode 100644
index c27c069b17..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/CHANGES.top
+++ /dev/null
@@ -1,9 +0,0 @@
-ident "%Z%%M% %I% %E% SMI"
-
-Copyright (c) 2000 by Sun Microsystems, Inc.
-All rights reserved.
-
-This code is extracted from the ANU ppp-2.4.0 package and modified to
-build in a Solaris environment. You can get the original source here:
-
- ftp://linuxcare.com.au/pub/ppp
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/INSTALL.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/INSTALL.top
deleted file mode 100644
index a532db765e..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/INSTALL.top
+++ /dev/null
@@ -1,14 +0,0 @@
-ident "%Z%%M% %I% %E% SMI"
-
-Copyright (c) 2000 by Sun Microsystems, Inc.
-All rights reserved.
-
-To install, run make:
-
- % make
-
-Then, as root, run "make install":
-
- # make install
-
-See README for more details.
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/LICENSE.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/LICENSE.top
deleted file mode 100644
index bc90bcf2f3..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/LICENSE.top
+++ /dev/null
@@ -1,94 +0,0 @@
-This file contains a summary of the licenses on the software in this
-package. Some of these source files are under GNU Public License.
-Those files may be redistributed under the terms of the GNU General
-Public License version 2 or (at your option) any later version. See
-the COPYING file for details or the GNU web site at
-http://www.gnu.org/.
-
-Copyright (C) 1999 Paul Mackerras. All rights reserved.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or (at
- your option) any later version.
-
-Copyright (c) 1985, 1986 The Regents of the University of California.
-All rights reserved.
-
- This code is derived from software contributed to Berkeley by
- James A. Woods, derived from original work by Spencer Thomas
- and Joseph Orost.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- 3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by the University of
- California, Berkeley and its contributors.
- 4. Neither the name of the University nor the names of its contributors
- may be used to endorse or promote products derived from this software
- without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- SUCH DAMAGE.
-
- This file is derived from zlib.h and zconf.h from the zlib-0.95
- distribution by Jean-loup Gailly and Mark Adler, with some additions
- by Paul Mackerras to aid in implementing Deflate compression and
- decompression for PPP packets.
-
- zlib.h -- interface of the 'zlib' general purpose compression library
- version 0.95, Aug 16th, 1995.
-
- Copyright (C) 1995 Jean-loup Gailly and Mark Adler
-
- This software is provided 'as-is', without any express or implied
- warranty. In no event will the authors be held liable for any damages
- arising from the use of this software.
-
- Permission is granted to anyone to use this software for any purpose,
- including commercial applications, and to alter it and redistribute it
- freely, subject to the following restrictions:
-
- 1. The origin of this software must not be misrepresented; you must not
- claim that you wrote the original software. If you use this software
- in a product, an acknowledgment in the product documentation would be
- appreciated but is not required.
- 2. Altered source versions must be plainly marked as such, and must not be
- misrepresented as being the original software.
- 3. This notice may not be removed or altered from any source distribution.
-
- Jean-loup Gailly Mark Adler
- gzip@prep.ai.mit.edu madler@alumni.caltech.edu
-
- Copyright (c) 1994 The Australian National University.
- All rights reserved.
-
- Permission to use, copy, modify, and distribute this software and its
- documentation is hereby granted, provided that the above copyright
- notice appears in all copies. This software is provided without any
- warranty, express or implied. The Australian National University
- makes no representations about the suitability of this software for
- any purpose.
-
- Copyright 1999 Paul Mackerras, Alan Curry.
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License
- as published by the Free Software Foundation; either version
- 2 of the License, or (at your option) any later version.
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile b/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile
index cfb5f36b65..2e7b195b37 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile
+++ b/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile
@@ -1,7 +1,6 @@
#
# Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
-#
-# cmd/cmd-inet/usr.bin/pppdump/Makefile
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
#
PROG= pppdump
@@ -14,59 +13,16 @@ CPPFLAGS += -DPPP_DEFS_IN_NET
.KEEP_STATE:
-.PARALLEL: $(OBJS)
-
-all: $(PROG)
-
-CLOBBERFILES += THIRDPARTYLICENSE
-
-all install: THIRDPARTYLICENSE
-
-THIRDPARTYLICENSE: LICENSE.top COPYING.top
- $(RM) $@
- $(CAT) LICENSE.top COPYING.top > $@
-
-$(PROG): $(OBJS)
- $(LINK.c) $(OBJS) -o $@ $(LDLIBS)
- $(POST_PROCESS)
-
-$(ROOTMAN1M)/pppdump.1m:= FILEMODE=0444
-$(ROOTMAN1M)/%: %
- $(INS.file)
-$(ROOTMAN1M):
- $(INS.dir)
-
-ROOTSRC= $(ROOT)/usr/share/src/ppputil
-TOPFILES= Makefile CHANGES COPYING INSTALL LICENSE README
-ROOTTOPFILES= $(TOPFILES:%=$(ROOTSRC)/%)
-$(ROOTTOPFILES) := FILEMODE= 0444
-ROOTDIST= $(ROOTSRC)/pppdump
-DISTFILES= Makefile bsd-comp.c deflate.c ppp-comp.h pppdump.1m pppdump.c \
- zlib.c zlib.h
-ROOTDISTFILES= $(DISTFILES:%=$(ROOTDIST)/%)
-$(ROOTDISTFILES) := FILEMODE= 0444
-
-install: all $(ROOTPROG) install_src install_man
-
-install_man: $(ROOTMAN1M) $(ROOTMAN1M)/pppdump.1m
-
-install_src: $(ROOTSRC) .WAIT $(ROOTTOPFILES) $(ROOTDIST) .WAIT \
- $(ROOTDISTFILES)
-
-$(ROOTSRC) $(ROOTDIST):
- $(INS.dir)
-
-$(ROOTSRC)/%: %.top
- $(INS.rename)
+all: $(PROG)
-$(ROOTDIST)/Makefile%: Makefile%.dist
- $(INS.rename)
+$(PROG): $(OBJS)
+ $(LINK.c) $(OBJS) -o $@ $(LDLIBS)
+ $(POST_PROCESS)
-$(ROOTDIST)/%: %
- $(INS.file)
+install: all $(ROOTPROG)
clean:
- $(RM) $(OBJS)
+ $(RM) $(OBJS)
lint:
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.dist b/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.dist
deleted file mode 100644
index 2876a13462..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.dist
+++ /dev/null
@@ -1,28 +0,0 @@
-#
-#ident "%Z%%M% %I% %E% SMI"
-#
-# Copyright (c) 2000 by Sun Microsystems, Inc.
-# All rights reserved.
-
-TARGET= pppdump
-OBJS= bsd-comp.o deflate.o pppdump.o zlib.o
-BINDIR= /usr/bin
-MANDIR= /usr/share/man/man1m
-MANFILES= pppdump.1m
-CFLAGS= -DPPP_DEFS_IN_NET
-
-all: $(TARGET)
-
-clean:
- $(RM) -f $(TARGET) $(OBJS)
-
-$(TARGET): $(OBJS)
- $(CC) -o $@ $(OBJS)
-
-install: $(TARGET)
- @cp $(TARGET) $(BINDIR) && strip $(BINDIR)/$(TARGET)
- @test -d $(MANDIR) || mkdir -m 755 -p $(MANDIR)
- @cp $(MANFILES) $(MANDIR)
-
-clobber: clean
- $(RM) -f $(BINDIR)/$(TARGET) $(MANDIR)/$(MANFILES)
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.top
deleted file mode 100644
index 4f6c491757..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.top
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-#pragma ident "%Z%%M% %I% %E% SMI"
-#
-# Copyright (c) 2000 by Sun Microsystems, Inc.
-# All rights reserved.
-
-DIRS= pppdump plugins
-
-all: $(DIRS)
-install: $(DIRS)
-clean: $(DIRS)
-clobber: $(DIRS)
-
-all:= TARGET=all
-install:= TARGET=install
-clean:= TARGET=clean
-clobber:= TARGET=clobber
-
-$(DIRS): FORCE
- @cd $@ && make $(TARGET)
-
-FORCE:
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/README.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/README.top
deleted file mode 100644
index 53291d6390..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/README.top
+++ /dev/null
@@ -1,32 +0,0 @@
-ident "%Z%%M% %I% %E% SMI"
-
-Copyright (c) 2000 by Sun Microsystems, Inc.
-All rights reserved.
-
-These are GNU utilities that can be used with the Solaris version of
-PPP. They provide optional features and are not needed for normal
-operation.
-
-The pppdump utility reads files produced by the pppd "record" option
-and produces human-readable output. This can be useful when debugging
-problems with the kernel data compression modules, but is otherwise
-generally not as useful as the debugging features already built into
-pppd.
-
-The minconn.so plugin sets a minimum initial connect time when the
-"idle" option is used.
-
-The passprompt.so plugin allows PAP to be used with external prompting
-programs, such as xprompt. This allows the password to be supplied
-interactively, in much the same manner as on PCs.
-
-To build, simply type "make". Depending on how your system is
-configured, you may need to specify the compiler to use, like this:
-
- % make CC=/usr/local/bin/gcc
-
-To install, you will need to be root (or at least have write
-permission to the /etc/ppp/plugins, /usr/bin, and /usr/share/man/man1m
-directories).
-
- # make install
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/COPYING.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/THIRDPARTYLICENSE
index d60c31a97a..35a01be714 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/COPYING.top
+++ b/usr/src/cmd/cmd-inet/usr.bin/pppdump/THIRDPARTYLICENSE
@@ -1,3 +1,97 @@
+This file contains a summary of the licenses on the software in this
+package. Some of these source files are under GNU Public License.
+Those files may be redistributed under the terms of the GNU General
+Public License version 2 or (at your option) any later version. See
+the COPYING file for details or the GNU web site at
+http://www.gnu.org/.
+
+Copyright (C) 1999 Paul Mackerras. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or (at
+ your option) any later version.
+
+Copyright (c) 1985, 1986 The Regents of the University of California.
+All rights reserved.
+
+ This code is derived from software contributed to Berkeley by
+ James A. Woods, derived from original work by Spencer Thomas
+ and Joseph Orost.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by the University of
+ California, Berkeley and its contributors.
+ 4. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+ This file is derived from zlib.h and zconf.h from the zlib-0.95
+ distribution by Jean-loup Gailly and Mark Adler, with some additions
+ by Paul Mackerras to aid in implementing Deflate compression and
+ decompression for PPP packets.
+
+ zlib.h -- interface of the 'zlib' general purpose compression library
+ version 0.95, Aug 16th, 1995.
+
+ Copyright (C) 1995 Jean-loup Gailly and Mark Adler
+
+ This software is provided 'as-is', without any express or implied
+ warranty. In no event will the authors be held liable for any damages
+ arising from the use of this software.
+
+ Permission is granted to anyone to use this software for any purpose,
+ including commercial applications, and to alter it and redistribute it
+ freely, subject to the following restrictions:
+
+ 1. The origin of this software must not be misrepresented; you must not
+ claim that you wrote the original software. If you use this software
+ in a product, an acknowledgment in the product documentation would be
+ appreciated but is not required.
+ 2. Altered source versions must be plainly marked as such, and must not be
+ misrepresented as being the original software.
+ 3. This notice may not be removed or altered from any source distribution.
+
+ Jean-loup Gailly Mark Adler
+ gzip@prep.ai.mit.edu madler@alumni.caltech.edu
+
+ Copyright (c) 1994 The Australian National University.
+ All rights reserved.
+
+ Permission to use, copy, modify, and distribute this software and its
+ documentation is hereby granted, provided that the above copyright
+ notice appears in all copies. This software is provided without any
+ warranty, express or implied. The Australian National University
+ makes no representations about the suitability of this software for
+ any purpose.
+
+ Copyright 1999 Paul Mackerras, Alan Curry.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version
+ 2 of the License, or (at your option) any later version.
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
diff --git a/usr/src/cmd/sed/sed.1 b/usr/src/cmd/sed/sed.1
deleted file mode 100644
index 0744630b57..0000000000
--- a/usr/src/cmd/sed/sed.1
+++ /dev/null
@@ -1,636 +0,0 @@
-.\" Copyright (c) 1992, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" This code is derived from software contributed to Berkeley by
-.\" the Institute of Electrical and Electronics Engineers, Inc.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" @(#)sed.1 8.2 (Berkeley) 12/30/93
-.\" $FreeBSD$
-.\"
-.Dd May 24, 2009
-.Dt SED 1
-.Os
-.Sh NAME
-.Nm sed
-.Nd stream editor
-.Sh SYNOPSIS
-.Nm
-.Op Fl Ealnr
-.Ar command
-.Op Ar
-.Nm
-.Op Fl Ealnr
-.Op Fl e Ar command
-.Op Fl f Ar command_file
-.Op Fl I Ar extension
-.Op Fl i Ar extension
-.Op Ar
-.Sh DESCRIPTION
-The
-.Nm
-utility reads the specified files, or the standard input if no files
-are specified, modifying the input as specified by a list of commands.
-The input is then written to the standard output.
-.Pp
-A single command may be specified as the first argument to
-.Nm .
-Multiple commands may be specified by using the
-.Fl e
-or
-.Fl f
-options.
-All commands are applied to the input in the order they are specified
-regardless of their origin.
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl E
-Interpret regular expressions as extended (modern) regular expressions
-rather than basic regular expressions (BRE's).
-The
-.Xr re_format 7
-manual page fully describes both formats.
-.It Fl a
-The files listed as parameters for the
-.Dq w
-functions are created (or truncated) before any processing begins,
-by default.
-The
-.Fl a
-option causes
-.Nm
-to delay opening each file until a command containing the related
-.Dq w
-function is applied to a line of input.
-.It Fl e Ar command
-Append the editing commands specified by the
-.Ar command
-argument
-to the list of commands.
-.It Fl f Ar command_file
-Append the editing commands found in the file
-.Ar command_file
-to the list of commands.
-The editing commands should each be listed on a separate line.
-.It Fl I Ar extension
-Edit files in-place, saving backups with the specified
-.Ar extension .
-If a zero-length
-.Ar extension
-is given, no backup will be saved.
-It is not recommended to give a zero-length
-.Ar extension
-when in-place editing files, as you risk corruption or partial content
-in situations where disk space is exhausted, etc.
-.Pp
-Note that in-place editing with
-.Fl I
-still takes place in a single continuous line address space covering
-all files, although each file preserves its individuality instead of
-forming one output stream.
-The line counter is never reset between files, address ranges can span
-file boundaries, and the
-.Dq $
-address matches only the last line of the last file.
-(See
-.Sx "Sed Addresses" . )
-That can lead to unexpected results in many cases of in-place editing,
-where using
-.Fl i
-is desired.
-.It Fl i Ar extension
-Edit files in-place similarly to
-.Fl I ,
-but treat each file independently from other files.
-In particular, line numbers in each file start at 1,
-the
-.Dq $
-address matches the last line of the current file,
-and address ranges are limited to the current file.
-(See
-.Sx "Sed Addresses" . )
-The net result is as though each file were edited by a separate
-.Nm
-instance.
-.It Fl l
-Make output line buffered.
-.It Fl n
-By default, each line of input is echoed to the standard output after
-all of the commands have been applied to it.
-The
-.Fl n
-option suppresses this behavior.
-.It Fl r
-Same as
-.Fl E
-for compatibility with GNU sed.
-.El
-.Pp
-The form of a
-.Nm
-command is as follows:
-.Pp
-.Dl [address[,address]]function[arguments]
-.Pp
-Whitespace may be inserted before the first address and the function
-portions of the command.
-.Pp
-Normally,
-.Nm
-cyclically copies a line of input, not including its terminating newline
-character, into a
-.Em "pattern space" ,
-(unless there is something left after a
-.Dq D
-function),
-applies all of the commands with addresses that select that pattern space,
-copies the pattern space to the standard output, appending a newline, and
-deletes the pattern space.
-.Pp
-Some of the functions use a
-.Em "hold space"
-to save all or part of the pattern space for subsequent retrieval.
-.Sh "Sed Addresses"
-An address is not required, but if specified must have one of the
-following formats:
-.Bl -bullet -offset indent
-.It
-a number that counts
-input lines
-cumulatively across input files (or in each file independently
-if a
-.Fl i
-option is in effect);
-.It
-a dollar
-.Pq Dq $
-character that addresses the last line of input (or the last line
-of the current file if a
-.Fl i
-option was specified);
-.It
-a context address
-that consists of a regular expression preceded and followed by a
-delimiter. The closing delimiter can also optionally be followed by the
-.Dq I
-character, to indicate that the regular expression is to be matched
-in a case-insensitive way.
-.El
-.Pp
-A command line with no addresses selects every pattern space.
-.Pp
-A command line with one address selects all of the pattern spaces
-that match the address.
-.Pp
-A command line with two addresses selects an inclusive range.
-This
-range starts with the first pattern space that matches the first
-address.
-The end of the range is the next following pattern space
-that matches the second address.
-If the second address is a number
-less than or equal to the line number first selected, only that
-line is selected.
-The number in the second address may be prefixed with a
-.Pq Dq \&+
-to specify the number of lines to match after the first pattern.
-In the case when the second address is a context
-address,
-.Nm
-does not re-match the second address against the
-pattern space that matched the first address.
-Starting at the
-first line following the selected range,
-.Nm
-starts looking again for the first address.
-.Pp
-Editing commands can be applied to non-selected pattern spaces by use
-of the exclamation character
-.Pq Dq \&!
-function.
-.Sh "Sed Regular Expressions"
-The regular expressions used in
-.Nm ,
-by default, are basic regular expressions (BREs, see
-.Xr re_format 7
-for more information), but extended (modern) regular expressions can be used
-instead if the
-.Fl E
-flag is given.
-In addition,
-.Nm
-has the following two additions to regular expressions:
-.Pp
-.Bl -enum -compact
-.It
-In a context address, any character other than a backslash
-.Pq Dq \e
-or newline character may be used to delimit the regular expression.
-The opening delimiter needs to be preceded by a backslash
-unless it is a slash.
-For example, the context address
-.Li \exabcx
-is equivalent to
-.Li /abc/ .
-Also, putting a backslash character before the delimiting character
-within the regular expression causes the character to be treated literally.
-For example, in the context address
-.Li \exabc\exdefx ,
-the RE delimiter is an
-.Dq x
-and the second
-.Dq x
-stands for itself, so that the regular expression is
-.Dq abcxdef .
-.Pp
-.It
-The escape sequence \en matches a newline character embedded in the
-pattern space.
-You cannot, however, use a literal newline character in an address or
-in the substitute command.
-.El
-.Pp
-One special feature of
-.Nm
-regular expressions is that they can default to the last regular
-expression used.
-If a regular expression is empty, i.e., just the delimiter characters
-are specified, the last regular expression encountered is used instead.
-The last regular expression is defined as the last regular expression
-used as part of an address or substitute command, and at run-time, not
-compile-time.
-For example, the command
-.Dq /abc/s//XXX/
-will substitute
-.Dq XXX
-for the pattern
-.Dq abc .
-.Sh "Sed Functions"
-In the following list of commands, the maximum number of permissible
-addresses for each command is indicated by [0addr], [1addr], or [2addr],
-representing zero, one, or two addresses.
-.Pp
-The argument
-.Em text
-consists of one or more lines.
-To embed a newline in the text, precede it with a backslash.
-Other backslashes in text are deleted and the following character
-taken literally.
-.Pp
-The
-.Dq r
-and
-.Dq w
-functions take an optional file parameter, which should be separated
-from the function letter by white space.
-Each file given as an argument to
-.Nm
-is created (or its contents truncated) before any input processing begins.
-.Pp
-The
-.Dq b ,
-.Dq r ,
-.Dq s ,
-.Dq t ,
-.Dq w ,
-.Dq y ,
-.Dq \&! ,
-and
-.Dq \&:
-functions all accept additional arguments.
-The following synopses indicate which arguments have to be separated from
-the function letters by white space characters.
-.Pp
-Two of the functions take a function-list.
-This is a list of
-.Nm
-functions separated by newlines, as follows:
-.Bd -literal -offset indent
-{ function
- function
- ...
- function
-}
-.Ed
-.Pp
-The
-.Dq {
-can be preceded by white space and can be followed by white space.
-The function can be preceded by white space.
-The terminating
-.Dq }
-must be preceded by a newline or optional white space.
-.Pp
-.Bl -tag -width "XXXXXX" -compact
-.It [2addr] function-list
-Execute function-list only when the pattern space is selected.
-.Pp
-.It [1addr]a\e
-.It text
-Write
-.Em text
-to standard output immediately before each attempt to read a line of input,
-whether by executing the
-.Dq N
-function or by beginning a new cycle.
-.Pp
-.It [2addr]b[label]
-Branch to the
-.Dq \&:
-function with the specified label.
-If the label is not specified, branch to the end of the script.
-.Pp
-.It [2addr]c\e
-.It text
-Delete the pattern space.
-With 0 or 1 address or at the end of a 2-address range,
-.Em text
-is written to the standard output.
-.Pp
-.It [2addr]d
-Delete the pattern space and start the next cycle.
-.Pp
-.It [2addr]D
-Delete the initial segment of the pattern space through the first
-newline character and start the next cycle.
-.Pp
-.It [2addr]g
-Replace the contents of the pattern space with the contents of the
-hold space.
-.Pp
-.It [2addr]G
-Append a newline character followed by the contents of the hold space
-to the pattern space.
-.Pp
-.It [2addr]h
-Replace the contents of the hold space with the contents of the
-pattern space.
-.Pp
-.It [2addr]H
-Append a newline character followed by the contents of the pattern space
-to the hold space.
-.Pp
-.It [1addr]i\e
-.It text
-Write
-.Em text
-to the standard output.
-.Pp
-.It [2addr]l
-(The letter ell.)
-Write the pattern space to the standard output in a visually unambiguous
-form.
-This form is as follows:
-.Pp
-.Bl -tag -width "carriage-returnXX" -offset indent -compact
-.It backslash
-\e\e
-.It alert
-\ea
-.It form-feed
-\ef
-.It carriage-return
-\er
-.It tab
-\et
-.It vertical tab
-\ev
-.El
-.Pp
-Nonprintable characters are written as three-digit octal numbers (with a
-preceding backslash) for each byte in the character (most significant byte
-first).
-Long lines are folded, with the point of folding indicated by displaying
-a backslash followed by a newline.
-The end of each line is marked with a
-.Dq $ .
-.Pp
-.It [2addr]n
-Write the pattern space to the standard output if the default output has
-not been suppressed, and replace the pattern space with the next line of
-input.
-.Pp
-.It [2addr]N
-Append the next line of input to the pattern space, using an embedded
-newline character to separate the appended material from the original
-contents.
-Note that the current line number changes.
-.Pp
-.It [2addr]p
-Write the pattern space to standard output.
-.Pp
-.It [2addr]P
-Write the pattern space, up to the first newline character to the
-standard output.
-.Pp
-.It [1addr]q
-Branch to the end of the script and quit without starting a new cycle.
-.Pp
-.It [1addr]r file
-Copy the contents of
-.Em file
-to the standard output immediately before the next attempt to read a
-line of input.
-If
-.Em file
-cannot be read for any reason, it is silently ignored and no error
-condition is set.
-.Pp
-.It [2addr]s/regular expression/replacement/flags
-Substitute the replacement string for the first instance of the regular
-expression in the pattern space.
-Any character other than backslash or newline can be used instead of
-a slash to delimit the RE and the replacement.
-Within the RE and the replacement, the RE delimiter itself can be used as
-a literal character if it is preceded by a backslash.
-.Pp
-An ampersand
-.Pq Dq &
-appearing in the replacement is replaced by the string matching the RE.
-The special meaning of
-.Dq &
-in this context can be suppressed by preceding it by a backslash.
-The string
-.Dq \e# ,
-where
-.Dq #
-is a digit, is replaced by the text matched
-by the corresponding backreference expression (see
-.Xr re_format 7 ) .
-.Pp
-A line can be split by substituting a newline character into it.
-To specify a newline character in the replacement string, precede it with
-a backslash.
-.Pp
-The value of
-.Em flags
-in the substitute function is zero or more of the following:
-.Bl -tag -width "XXXXXX" -offset indent
-.It Ar N
-Make the substitution only for the
-.Ar N Ns 'th
-occurrence of the regular expression in the pattern space.
-.It g
-Make the substitution for all non-overlapping matches of the
-regular expression, not just the first one.
-.It p
-Write the pattern space to standard output if a replacement was made.
-If the replacement string is identical to that which it replaces, it
-is still considered to have been a replacement.
-.It w Em file
-Append the pattern space to
-.Em file
-if a replacement was made.
-If the replacement string is identical to that which it replaces, it
-is still considered to have been a replacement.
-.It I
-Match the regular expression in a case-insensitive way.
-.El
-.Pp
-.It [2addr]t [label]
-Branch to the
-.Dq \&:
-function bearing the label if any substitutions have been made since the
-most recent reading of an input line or execution of a
-.Dq t
-function.
-If no label is specified, branch to the end of the script.
-.Pp
-.It [2addr]w Em file
-Append the pattern space to the
-.Em file .
-.Pp
-.It [2addr]x
-Swap the contents of the pattern and hold spaces.
-.Pp
-.It [2addr]y/string1/string2/
-Replace all occurrences of characters in
-.Em string1
-in the pattern space with the corresponding characters from
-.Em string2 .
-Any character other than a backslash or newline can be used instead of
-a slash to delimit the strings.
-Within
-.Em string1
-and
-.Em string2 ,
-a backslash followed by any character other than a newline is that literal
-character, and a backslash followed by an ``n'' is replaced by a newline
-character.
-.Pp
-.It [2addr]!function
-.It [2addr]!function-list
-Apply the function or function-list only to the lines that are
-.Em not
-selected by the address(es).
-.Pp
-.It [0addr]:label
-This function does nothing; it bears a label to which the
-.Dq b
-and
-.Dq t
-commands may branch.
-.Pp
-.It [1addr]=
-Write the line number to the standard output followed by a newline
-character.
-.Pp
-.It [0addr]
-Empty lines are ignored.
-.Pp
-.It [0addr]#
-The
-.Dq #
-and the remainder of the line are ignored (treated as a comment), with
-the single exception that if the first two characters in the file are
-.Dq #n ,
-the default output is suppressed.
-This is the same as specifying the
-.Fl n
-option on the command line.
-.El
-.Sh ENVIRONMENT
-The
-.Ev COLUMNS , LANG , LC_ALL , LC_CTYPE
-and
-.Ev LC_COLLATE
-environment variables affect the execution of
-.Nm
-as described in
-.Xr environ 7 .
-.Sh EXIT STATUS
-.Ex -std
-.Sh SEE ALSO
-.Xr awk 1 ,
-.Xr ed 1 ,
-.Xr grep 1 ,
-.Xr regex 3 ,
-.Xr re_format 7
-.Sh STANDARDS
-The
-.Nm
-utility is expected to be a superset of the
-.St -p1003.2
-specification.
-.Pp
-The
-.Fl E , I , a
-and
-.Fl i
-options, the prefixing
-.Dq \&+
-in the second member of an address range,
-as well as the
-.Dq I
-flag to the address regular expression and substitution command are
-non-standard
-.Fx
-extensions and may not be available on other operating systems.
-.Sh HISTORY
-A
-.Nm
-command, written by
-.An L. E. McMahon ,
-appeared in
-.At v7 .
-.Sh AUTHORS
-.An "Diomidis D. Spinellis" Aq dds@FreeBSD.org
-.Sh BUGS
-Multibyte characters containing a byte with value 0x5C
-.Tn ( ASCII
-.Ql \e )
-may be incorrectly treated as line continuation characters in arguments to the
-.Dq a ,
-.Dq c
-and
-.Dq i
-commands.
-Multibyte characters cannot be used as delimiters with the
-.Dq s
-and
-.Dq y
-commands.
diff --git a/usr/src/cmd/sed/sed.txt b/usr/src/cmd/sed/sed.txt
deleted file mode 100644
index 0845895cae..0000000000
--- a/usr/src/cmd/sed/sed.txt
+++ /dev/null
@@ -1,391 +0,0 @@
-SED(1) BSD General Commands Manual SED(1)
-
-NAME
- sed -- stream editor
-
-SYNOPSIS
- sed [-Ealnr] _c_o_m_m_a_n_d [_f_i_l_e _._._.]
- sed [-Ealnr] [-e _c_o_m_m_a_n_d] [-f _c_o_m_m_a_n_d___f_i_l_e] [-I _e_x_t_e_n_s_i_o_n] [-i _e_x_t_e_n_s_i_o_n]
- [_f_i_l_e _._._.]
-
-DESCRIPTION
- The sed utility reads the specified files, or the standard input if no
- files are specified, modifying the input as specified by a list of com-
- mands. The input is then written to the standard output.
-
- A single command may be specified as the first argument to sed. Multiple
- commands may be specified by using the -e or -f options. All commands
- are applied to the input in the order they are specified regardless of
- their origin.
-
- The following options are available:
-
- -E Interpret regular expressions as extended (modern) regular
- expressions rather than basic regular expressions (BRE's). The
- re_format(7) manual page fully describes both formats.
-
- -a The files listed as parameters for the ``w'' functions are cre-
- ated (or truncated) before any processing begins, by default.
- The -a option causes sed to delay opening each file until a com-
- mand containing the related ``w'' function is applied to a line
- of input.
-
- -e _c_o_m_m_a_n_d
- Append the editing commands specified by the _c_o_m_m_a_n_d argument to
- the list of commands.
-
- -f _c_o_m_m_a_n_d___f_i_l_e
- Append the editing commands found in the file _c_o_m_m_a_n_d___f_i_l_e to the
- list of commands. The editing commands should each be listed on
- a separate line.
-
- -I _e_x_t_e_n_s_i_o_n
- Edit files in-place, saving backups with the specified _e_x_t_e_n_s_i_o_n.
- If a zero-length _e_x_t_e_n_s_i_o_n is given, no backup will be saved. It
- is not recommended to give a zero-length _e_x_t_e_n_s_i_o_n when in-place
- editing files, as you risk corruption or partial content in situ-
- ations where disk space is exhausted, etc.
-
- Note that in-place editing with -I still takes place in a single
- continuous line address space covering all files, although each
- file preserves its individuality instead of forming one output
- stream. The line counter is never reset between files, address
- ranges can span file boundaries, and the ``$'' address matches
- only the last line of the last file. (See _S_e_d _A_d_d_r_e_s_s_e_s.) That
- can lead to unexpected results in many cases of in-place editing,
- where using -i is desired.
-
- -i _e_x_t_e_n_s_i_o_n
- Edit files in-place similarly to -I, but treat each file indepen-
- dently from other files. In particular, line numbers in each
- file start at 1, the ``$'' address matches the last line of the
- current file, and address ranges are limited to the current file.
- (See _S_e_d _A_d_d_r_e_s_s_e_s.) The net result is as though each file were
- edited by a separate sed instance.
-
- -l Make output line buffered.
-
- -n By default, each line of input is echoed to the standard output
- after all of the commands have been applied to it. The -n option
- suppresses this behavior.
-
- -r Same as -E for compatibility with GNU sed.
-
- The form of a sed command is as follows:
-
- [address[,address]]function[arguments]
-
- Whitespace may be inserted before the first address and the function por-
- tions of the command.
-
- Normally, sed cyclically copies a line of input, not including its termi-
- nating newline character, into a _p_a_t_t_e_r_n _s_p_a_c_e, (unless there is some-
- thing left after a ``D'' function), applies all of the commands with
- addresses that select that pattern space, copies the pattern space to the
- standard output, appending a newline, and deletes the pattern space.
-
- Some of the functions use a _h_o_l_d _s_p_a_c_e to save all or part of the pattern
- space for subsequent retrieval.
-
-Sed Addresses
- An address is not required, but if specified must have one of the follow-
- ing formats:
-
- +o a number that counts input lines cumulatively across input
- files (or in each file independently if a -i option is in
- effect);
-
- +o a dollar (``$'') character that addresses the last line of
- input (or the last line of the current file if a -i option was
- specified);
-
- +o a context address that consists of a regular expression pre-
- ceded and followed by a delimiter. The closing delimiter can
- also optionally be followed by the ``I'' character, to indicate
- that the regular expression is to be matched in a case-insensi-
- tive way.
-
- A command line with no addresses selects every pattern space.
-
- A command line with one address selects all of the pattern spaces that
- match the address.
-
- A command line with two addresses selects an inclusive range. This range
- starts with the first pattern space that matches the first address. The
- end of the range is the next following pattern space that matches the
- second address. If the second address is a number less than or equal to
- the line number first selected, only that line is selected. The number
- in the second address may be prefixed with a (``+'') to specify the num-
- ber of lines to match after the first pattern. In the case when the sec-
- ond address is a context address, sed does not re-match the second
- address against the pattern space that matched the first address. Start-
- ing at the first line following the selected range, sed starts looking
- again for the first address.
-
- Editing commands can be applied to non-selected pattern spaces by use of
- the exclamation character (``!'') function.
-
-Sed Regular Expressions
- The regular expressions used in sed, by default, are basic regular
- expressions (BREs, see re_format(7) for more information), but extended
- (modern) regular expressions can be used instead if the -E flag is given.
- In addition, sed has the following two additions to regular expressions:
-
- 1. In a context address, any character other than a backslash (``\'')
- or newline character may be used to delimit the regular expression.
- The opening delimiter needs to be preceded by a backslash unless it
- is a slash. For example, the context address \xabcx is equivalent
- to /abc/. Also, putting a backslash character before the delimiting
- character within the regular expression causes the character to be
- treated literally. For example, in the context address \xabc\xdefx,
- the RE delimiter is an ``x'' and the second ``x'' stands for itself,
- so that the regular expression is ``abcxdef''.
-
- 2. The escape sequence \n matches a newline character embedded in the
- pattern space. You cannot, however, use a literal newline character
- in an address or in the substitute command.
-
- One special feature of sed regular expressions is that they can default
- to the last regular expression used. If a regular expression is empty,
- i.e., just the delimiter characters are specified, the last regular
- expression encountered is used instead. The last regular expression is
- defined as the last regular expression used as part of an address or sub-
- stitute command, and at run-time, not compile-time. For example, the
- command ``/abc/s//XXX/'' will substitute ``XXX'' for the pattern ``abc''.
-
-Sed Functions
- In the following list of commands, the maximum number of permissible
- addresses for each command is indicated by [0addr], [1addr], or [2addr],
- representing zero, one, or two addresses.
-
- The argument _t_e_x_t consists of one or more lines. To embed a newline in
- the text, precede it with a backslash. Other backslashes in text are
- deleted and the following character taken literally.
-
- The ``r'' and ``w'' functions take an optional file parameter, which
- should be separated from the function letter by white space. Each file
- given as an argument to sed is created (or its contents truncated) before
- any input processing begins.
-
- The ``b'', ``r'', ``s'', ``t'', ``w'', ``y'', ``!'', and ``:'' functions
- all accept additional arguments. The following synopses indicate which
- arguments have to be separated from the function letters by white space
- characters.
-
- Two of the functions take a function-list. This is a list of sed func-
- tions separated by newlines, as follows:
-
- { function
- function
- ...
- function
- }
-
- The ``{'' can be preceded by white space and can be followed by white
- space. The function can be preceded by white space. The terminating
- ``}'' must be preceded by a newline or optional white space.
-
- [2addr] function-list
- Execute function-list only when the pattern space is selected.
-
- [1addr]a\
- text Write _t_e_x_t to standard output immediately before each attempt to
- read a line of input, whether by executing the ``N'' function or
- by beginning a new cycle.
-
- [2addr]b[label]
- Branch to the ``:'' function with the specified label. If the
- label is not specified, branch to the end of the script.
-
- [2addr]c\
- text Delete the pattern space. With 0 or 1 address or at the end of a
- 2-address range, _t_e_x_t is written to the standard output.
-
- [2addr]d
- Delete the pattern space and start the next cycle.
-
- [2addr]D
- Delete the initial segment of the pattern space through the first
- newline character and start the next cycle.
-
- [2addr]g
- Replace the contents of the pattern space with the contents of
- the hold space.
-
- [2addr]G
- Append a newline character followed by the contents of the hold
- space to the pattern space.
-
- [2addr]h
- Replace the contents of the hold space with the contents of the
- pattern space.
-
- [2addr]H
- Append a newline character followed by the contents of the pat-
- tern space to the hold space.
-
- [1addr]i\
- text Write _t_e_x_t to the standard output.
-
- [2addr]l
- (The letter ell.) Write the pattern space to the standard output
- in a visually unambiguous form. This form is as follows:
-
- backslash \\
- alert \a
- form-feed \f
- carriage-return \r
- tab \t
- vertical tab \v
-
- Nonprintable characters are written as three-digit octal numbers
- (with a preceding backslash) for each byte in the character (most
- significant byte first). Long lines are folded, with the point
- of folding indicated by displaying a backslash followed by a new-
- line. The end of each line is marked with a ``$''.
-
- [2addr]n
- Write the pattern space to the standard output if the default
- output has not been suppressed, and replace the pattern space
- with the next line of input.
-
- [2addr]N
- Append the next line of input to the pattern space, using an
- embedded newline character to separate the appended material from
- the original contents. Note that the current line number
- changes.
-
- [2addr]p
- Write the pattern space to standard output.
-
- [2addr]P
- Write the pattern space, up to the first newline character to the
- standard output.
-
- [1addr]q
- Branch to the end of the script and quit without starting a new
- cycle.
-
- [1addr]r file
- Copy the contents of _f_i_l_e to the standard output immediately
- before the next attempt to read a line of input. If _f_i_l_e cannot
- be read for any reason, it is silently ignored and no error con-
- dition is set.
-
- [2addr]s/regular expression/replacement/flags
- Substitute the replacement string for the first instance of the
- regular expression in the pattern space. Any character other
- than backslash or newline can be used instead of a slash to
- delimit the RE and the replacement. Within the RE and the
- replacement, the RE delimiter itself can be used as a literal
- character if it is preceded by a backslash.
-
- An ampersand (``&'') appearing in the replacement is replaced by
- the string matching the RE. The special meaning of ``&'' in this
- context can be suppressed by preceding it by a backslash. The
- string ``\#'', where ``#'' is a digit, is replaced by the text
- matched by the corresponding backreference expression (see
- re_format(7)).
-
- A line can be split by substituting a newline character into it.
- To specify a newline character in the replacement string, precede
- it with a backslash.
-
- The value of _f_l_a_g_s in the substitute function is zero or more of
- the following:
-
- _N Make the substitution only for the _N'th occurrence
- of the regular expression in the pattern space.
-
- g Make the substitution for all non-overlapping
- matches of the regular expression, not just the
- first one.
-
- p Write the pattern space to standard output if a
- replacement was made. If the replacement string is
- identical to that which it replaces, it is still
- considered to have been a replacement.
-
- w _f_i_l_e Append the pattern space to _f_i_l_e if a replacement
- was made. If the replacement string is identical
- to that which it replaces, it is still considered
- to have been a replacement.
-
- I Match the regular expression in a case-insensitive
- way.
-
- [2addr]t [label]
- Branch to the ``:'' function bearing the label if any substitu-
- tions have been made since the most recent reading of an input
- line or execution of a ``t'' function. If no label is specified,
- branch to the end of the script.
-
- [2addr]w _f_i_l_e
- Append the pattern space to the _f_i_l_e.
-
- [2addr]x
- Swap the contents of the pattern and hold spaces.
-
- [2addr]y/string1/string2/
- Replace all occurrences of characters in _s_t_r_i_n_g_1 in the pattern
- space with the corresponding characters from _s_t_r_i_n_g_2. Any char-
- acter other than a backslash or newline can be used instead of a
- slash to delimit the strings. Within _s_t_r_i_n_g_1 and _s_t_r_i_n_g_2, a
- backslash followed by any character other than a newline is that
- literal character, and a backslash followed by an ``n'' is
- replaced by a newline character.
-
- [2addr]!function
- [2addr]!function-list
- Apply the function or function-list only to the lines that are
- _n_o_t selected by the address(es).
-
- [0addr]:label
- This function does nothing; it bears a label to which the ``b''
- and ``t'' commands may branch.
-
- [1addr]=
- Write the line number to the standard output followed by a new-
- line character.
-
- [0addr]
- Empty lines are ignored.
-
- [0addr]#
- The ``#'' and the remainder of the line are ignored (treated as a
- comment), with the single exception that if the first two charac-
- ters in the file are ``#n'', the default output is suppressed.
- This is the same as specifying the -n option on the command line.
-
-ENVIRONMENT
- The COLUMNS, LANG, LC_ALL, LC_CTYPE and LC_COLLATE environment variables
- affect the execution of sed as described in environ(7).
-
-EXIT STATUS
- The sed utility exits 0 on success, and >0 if an error occurs.
-
-SEE ALSO
- awk(1), ed(1), grep(1), regex(3), re_format(7)
-
-STANDARDS
- The sed utility is expected to be a superset of the IEEE Std 1003.2
- (``POSIX.2'') specification.
-
- The -E, -I, -a and -i options, the prefixing ``+'' in the second member
- of an address range, as well as the ``I'' flag to the address regular
- expression and substitution command are non-standard FreeBSD extensions
- and may not be available on other operating systems.
-
-HISTORY
- A sed command, written by L. E. McMahon, appeared in Version 7 AT&T UNIX.
-
-AUTHORS
- Diomidis D. Spinellis <dds@FreeBSD.org>
-
-BUGS
- Multibyte characters containing a byte with value 0x5C (ASCII `\') may be
- incorrectly treated as line continuation characters in arguments to the
- ``a'', ``c'' and ``i'' commands. Multibyte characters cannot be used as
- delimiters with the ``s'' and ``y'' commands.
-
-BSD May 24, 2009 BSD
diff --git a/usr/src/cmd/tcpd/BLURB b/usr/src/cmd/tcpd/BLURB
deleted file mode 100644
index 69178c1ae2..0000000000
--- a/usr/src/cmd/tcpd/BLURB
+++ /dev/null
@@ -1,36 +0,0 @@
-@(#) BLURB 1.28 97/03/21 19:27:18
-
-With this package you can monitor and filter incoming requests for the
-SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other
-network services.
-
-The package provides tiny daemon wrapper programs that can be installed
-without any changes to existing software or to existing configuration
-files. The wrappers report the name of the client host and of the
-requested service; the wrappers do not exchange information with the
-client or server applications, and impose no overhead on the actual
-conversation between the client and server applications.
-
-This patch upgrades the tcp wrappers version 7.5 source code to
-version 7.6. The source-routing protection in version 7.5 was not
-as strong as it could be. And all this effort was not needed with
-modern UNIX systems that can already stop source-routed traffic in
-the kernel. Examples are 4.4BSD derivatives, Solaris 2.x, and Linux.
-
-This release does not introduce new features. Do not bother applying
-this patch when you built your version 7.x tcp wrapper without
-enabling the KILL_IP_OPTIONS compiler switch; when you can disable
-IP source routing options in the kernel; when you run a UNIX version
-that pre-dates 4.4BSD, such as SunOS 4. Such systems are unable to
-receive source-routed connections and are therefore not vulnerable
-to IP spoofing attacks with source-routed TCP connections.
-
-A complete change log is given in the CHANGES document. As always,
-problem reports and suggestions for improvement are welcome.
-
- Wietse Venema (wietse@wzv.win.tue.nl),
- Department of Mathematics and Computing Science,
- Eindhoven University of Technology,
- The Netherlands.
-
- Currently visiting IBM T.J. Watson Research, Hawthorne NY, USA.
diff --git a/usr/src/cmd/tcpd/Banners.Makefile b/usr/src/cmd/tcpd/Banners.Makefile
deleted file mode 100644
index 915e3dd967..0000000000
--- a/usr/src/cmd/tcpd/Banners.Makefile
+++ /dev/null
@@ -1,70 +0,0 @@
-# @(#) Banners.Makefile 1.3 97/02/12 02:13:18
-#
-# Install this file as the Makefile in your directory with banner files.
-# It will convert a prototype banner text to a form that is suitable for
-# the ftp, telnet, rlogin, and other services.
-#
-# You'll have to comment out the IN definition below if your daemon
-# names don't start with `in.'.
-#
-# The prototype text should live in the banners directory, as a file with
-# the name "prototype". In the prototype text you can use %<character>
-# sequences as described in the hosts_access.5 manual page (`nroff -man'
-# format). The sequences will be expanded while the banner message is
-# sent to the client. For example:
-#
-# Hello %u@%h, what brings you here?
-#
-# Expands to: Hello username@hostname, what brings you here? Note: the
-# use of %u forces a client username lookup.
-#
-# In order to use banners, build the tcp wrapper with -DPROCESS_OPTIONS
-# and use hosts.allow rules like this:
-#
-# daemons ... : clients ... : banners /some/directory ...
-#
-# Of course, nothing prevents you from using multiple banner directories.
-# For example, one banner directory for clients that are granted service,
-# one banner directory for rejected clients, and one banner directory for
-# clients with a hostname problem.
-#
-SHELL = /bin/sh
-IN = in.
-BANNERS = $(IN)telnetd $(IN)ftpd $(IN)rlogind # $(IN)fingerd $(IN)rshd
-
-all: $(BANNERS)
-
-$(IN)telnetd: prototype
- cp prototype $@
- chmod 644 $@
-
-$(IN)ftpd: prototype
- sed 's/^/220-/' prototype > $@
- chmod 644 $@
-
-$(IN)rlogind: prototype nul
- ( ./nul ; cat prototype ) > $@
- chmod 644 $@
-
-# Other services: banners may interfere with normal operation
-# so they should probably be used only when refusing service.
-# In particular, banners don't work with standard rsh daemons.
-# You would have to use an rshd that has built-in tcp wrapper
-# support, for example the rshd that is part of the logdaemon
-# utilities.
-
-$(IN)fingerd: prototype
- cp prototype $@
- chmod 644 $@
-
-$(IN)rshd: prototype nul
- ( ./nul ; cat prototype ) > $@
- chmod 644 $@
-
-# In case no /dev/zero available, let's hope they have at least
-# a C compiler of some sort.
-
-nul:
- echo 'main() { write(1,"",1); return(0); }' >nul.c
- $(CC) $(CFLAGS) -s -o nul nul.c
- rm -f nul.c
diff --git a/usr/src/cmd/tcpd/CHANGES b/usr/src/cmd/tcpd/CHANGES
deleted file mode 100644
index e68ee750e0..0000000000
--- a/usr/src/cmd/tcpd/CHANGES
+++ /dev/null
@@ -1,451 +0,0 @@
-Request: after building the programs, please run the `tcpdchk' wrapper
-configuration checker. See the `tcpdchk.8' manual page (`nroff -man'
-format) for instructions. `tcpdchk' automatically identifies the most
-common configuration problems, and will save you and me a lot of time.
-
-Changes per release 7.6 (Mar 1997)
-==================================
-
-- Improved the anti source-routing protection. The code in version
-7.5 was not as strong as it could be, because I tried to be compatible
-with Linux. That was a mistake. Sorry for the inconvenience.
-
-- The program no longer terminates case of a source-routed connection,
-making the IP-spoofing code more usable for long-running daemons.
-
-- When syslogging DNS hostname problems, always stop after a limited
-number of characters.
-
-Changes per release 7.5 (Feb 1997)
-==================================
-
-- Optionally refuse source-routed TCP connections requests altogether.
-Credits to Niels Provos of Universitaet Hamburg. File: fix_options.c.
-
-- Support for IRIX 6 (Lael Tucker).
-
-- Support for Amdahl UTS 2.1.5 (Richard E. Richmond).
-
-- Support for SINIX 5.42 (Klaus Nielsen).
-
-- SCO 5 now has vsyslog() (Bill Golden).
-
-- Hints and tips for dealing with IRIX inetd (Niko Makila, Aaron
-M Lee).
-
-- Support for BSD/OS (Paul Borman).
-
-- Support for Tandem (Emad Qawas).
-
-- Support for ISC (Frederick B. Cohen).
-
-- Workaround for UNICOS - it would choke on a setjmp() expression
-(Bruce Kelly). File: hosts_access.c, tcpdchk.c.
-
-- Increased the level of buffer overflow paranoia when printing
-unwanted IP options. File: fix_options.c.
-
-Changes per release 7.4 (Mar 1996)
-==================================
-
-- IRIX 5.3 (and possibly, earlier releases, too) library routines call
-the non-reentrant strtok() routine. The result is that hosts may slip
-through allow/deny filters. Workaround is to not rely on the vendor's
-strtok() routine (#ifdef LIBC_CALLS_STRTOK). Credits to Th. Eifert
-(Aachen University) for spotting this one. This fix supersedes the
-earlier workaround for a similar problem in FreeBSD 2.0.
-
-Changes per release 7.3 (Feb 1996)
-==================================
-
-- More tests added to tcpdchk and tcpdmatch: make sure that the
-REAL_DAEMON_DIR actually is a directory and not a regular file;
-detect if tcpd recursively calls itself.
-
-- Edwin Kremer found an amusing fencepost error in the xgets()
-routine: lines longer than BUFLEN characters would be garbled.
-
-- The access control routines now refuse to execute "dangerous" actions
-such as `twist' when they are called from within a resident process.
-This prevents you from shooting yourself into the foot with critical
-systems programs such as, e.g., portmap or rpcbind.
-
-- Support for Unicos 8.x (Bruce Kelly). The program now closes the
-syslog client socket before running the real daemon: Cray UNICOS
-refuses to checkpoint processes with open network ports.
-
-- Support for MachTen UNIX (Albert M.C Tam).
-
-- Support for Interactive UNIX R3.2 V4.0 (Bobby D. Wright).
-
-- Support for SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com)
-
-- Support for Unixware 1.x and Unixware 2.x. The old Unixware Makefile
-rule was broken. Sorry about that.
-
-- Some FreeBSD 2.0 libc routines call strtok() and severely mess up the
-allow/deny rule processing. This is very bad. Workaround: call our own
-strtok() clone (#ifdef USE_STRSEP).
-
-- The programs now log a warning when they detect that a non-existent
-banner directory is specified.
-
-- The hosts_access.3 manual page used obsolete names for the RQ_*
-constants.
-
-Changes per release 7.2 (Jan 1995)
-==================================
-
-- Added a note to the README and manpages on using the IDENT service to
-detect sequence number spoofing and other host impersonation attacks.
-
-- Portability: ConvexOS puts RPC version numbers before the daemon path
-name (Jukka Ukkonen).
-
-- Portability: the AIX compiler disliked the strchr() declaration
-in socket.c. I should have removed it when I included <string.h>.
-
-- Backwards compatibility: some people relied on the old leading dot or
-trailing dot magic in daemon process names.
-
-- Backwards compatibility: hostname lookup remains enabled when
--DPARANOID is turned off. In order to disable hostname lookups you
-must turn off -DALWAYS_HOSTNAME.
-
-- Eliminated false complaints from the tcpdmatch/tcpdchk configuration
-checking programs about process names not in inetd.conf or about KNOWN
-username patterns.
-
-Changes per release 7.1 (Jan 1995)
-==================================
-
-- Portability: HP-UX permits you to break inetd.conf entries with
-backslash-newline.
-
-- Portability: EP/IX has no putenv() and some inetd.conf entries are
-spread out over two lines.
-
-- Portability: SCO with NIS support has no *netgrent() routines.
-
-Changes per release 7.0 (Jan 1995)
-==================================
-
-- Added a last-minute workaround for a Solaris 2.4 gethostbyname()
-foulup with multi-homed hosts in DNS through NIS mode.
-
-- Added a last-minute defense against TLI weirdness: address lookups
-apparently succeed but the result netbuf is empty (ticlts transport).
-
-- Dropped several new solutions that were in need of a problem. Beta
-testers may recognize what new features were kicked out during the last
-weeks before release 7.0 came out. Such is life.
-
-- Got rid of out the environment replacement routines, at least for
-most architectures. One should not have to replace working system
-software when all that is needed is a 4.4BSD setenv() emulator.
-
-- By popular request I have added an option to send banner messages to
-clients. There is a Banners.Makefile that gives some aid for sites that
-are going to use this feature. John C. Wingenbach did some pioneering
-work here. I used to think that banners are frivolous. Now that I had
-a personal need for them I know that banners can be useful.
-
-- At last: an extensible functional interface to the pattern matching
-engine. request_init() and request_set() accept a variable-length
-name-value argument list. The result can be passed to hosts_access().
-
-- When PARANOID mode is disabled (compile time), the wrapper does no
-hostname lookup or hostname double checks unless required by %letter
-expansions, or by access control rules that match host names. This is
-useful for sites that don't care about internet hostnames anyway.
-Inspired by the authors of the firewalls and internet security book.
-
-- When PARANOID mode is disabled (compile time), hosts with a name/name
-or name/address conflict can be matched with the PARANOID host wildcard
-pattern, so that you can take some intelligent action instead of just
-dropping clients. Like showing a banner that explains the problem.
-
-- New percent escapes: %A expands to the server address; %H expands to
-the corresponding hostname (or address if no name is available); %n and
-%N expand to the client and server hostname (or "unknown"); %s expands
-to everything we know about the server endpoint (the opposite of the %c
-sequence for client information).
-
-- Symmetry: server and client host information is now treated on equal
-footing, so that we can reuse a lot of code.
-
-- Lazy evaluation of host names, host addresses, usernames, and so on,
-to avoid doing unnecessary work.
-
-- Dropping #ifdefs for some archaic systems made the code simpler.
-
-- Dropping the FAIL pattern made the pattern matcher much simpler. Run
-the "tcpdchk" program to scan your access control files for any uses of
-this obscure language feature.
-
-- Moving host-specific pattern matching from string_match() to the
-host_match() routine made the code more accurate. Run the "tcpdchk"
-program to scan your access control files for any dependencies on
-undocumented or obscure language features that are gone.
-
-- daemon@host patterns trigger on clients that connect to a specific
-internet address. This can be useful for service providers that offer
-multiple ftp or www archives on different internet addresses, all
-belonging to one and the same host (www.foo.com, ftp.bar.com, you get
-the idea). Inspired by a discussion with Rop Gonggrijp, Cor Bosman,
-and Casper Dik, and earlier discussions with Adrian van Bloois.
-
-- The new "tcpdchk" program critcizes all your access control rules and
-inetd.conf entries. Great for spotting obscure bugs in my own hosts.xxx
-files. This program also detects hosts with name/address conflicts and
-with other DNS-related problems. See the "tcpdchk.8" manual page.
-
-- The "tcpdmatch" program replaces the poor old "try" command. The new
-program looks in your inetd.conf file and therefore produces much more
-accurate predictions. In addition, it detects hosts with name/address
-conflicts and with other DNS-related problems. See the "tcpdmatch.8"
-manual page. The inetd.conf lookup was suggested by Everett F Batey.
-
-- In the access control tables, the `=' between option name and value
-is no longer required.
-
-- Added 60-second timeout to the safe_finger command, to cover another
-potential problem. Suggested by Peter Wemm.
-
-- Andrew Maffei provided code that works with WIN-TCP on NCR System V.4
-UNIX. It reportedly works with versions 02.02.01 and 02.03.00. The code
-pops off all streams modules above the device driver, pushes the timod
-module to get at the peer address, and then restores the streams stack
-to the initial state.
-
-Changes per release 6.3 (Mar 1994)
-==================================
-
-- Keepalives option, to get rid of stuck daemons when people turn off
-their PC while still connected. Files: options.c, hosts_options.5.
-
-- Nice option, to calm down network daemons that take away too much CPU
-time. Files: options.c, hosts_options.5.
-
-- Ultrix perversion: the environ global pointer may be null. The
-environment replacement routines now check for this. File: environ.c.
-
-- Fixed a few places that still assumed the socket is on standard
-input. Fixed some error messages that did not provide access control
-file name and line number. File: options.c.
-
-- Just when I was going to release 6.2 I received code for Dynix/PTX.
-That code is specific to PTX 2.x, so I'll keep around my generic
-PTX code just in case. The difference is in the handling of UDP
-services. Files: tli_sequent.[hc].
-
-Changes per release 6.2 (Feb 1994)
-==================================
-
-- Resurrected my year-old code to reduce DNS load by appending a dot to
-the gethostbyname() argument. This feature is still experimental and it
-may go away if it causes more problems than it solves. File: socket.c.
-
-- Auxiliary code for the Pyramid, BSD universe. Karl Vogel figured out
-what was missing: yp_get_default_domain() and vfprintf(). Files:
-workarounds.c, vfprintf.c.
-
-- Improved support for Dynix/PTX. The wrapper should now be able to
-deal with all TLI over IP services. File: ptx.c.
-
-- The try command now uses the hostname that gethostbyaddr() would
-return, instead of the hostname returned by gethostbyname(). This can
-be significant on systems with NIS that have short host names in the
-hosts map. For example, gethostbyname("wzv.win.tue.nl") returns
-"wzv.win.tue.nl"; gethostbyaddr(131.155.210.17) returns "wzv", and
-that is what we should test with. File: try.c.
-
-Changes per release 6.1 (Dec 1993)
-==================================
-
-- Re-implemented all environment access routines. Most systems have
-putenv() but no setenv(), some systems have setenv() but no putenv(),
-and there are even systems that have neither setenv() nor putenv(). The
-benefit of all this is that more systems can now be treated in the same
-way. File: environ.c.
-
-- Workaround for a weird problem with DG/UX when the wrapper is run as
-nobody (i.e. fingerd). For some reason the ioctl(fd, I_FIND, "sockmod")
-call fails even with socket-based applications. The "fix" is to always
-assume sockets when the ioctl(fd, I_FIND, "timod") call fails. File:
-fromhost.c. Thanks to Paul de Vries (vries@dutentb.et.tudelft.nl) for
-helping me to figure out this one.
-
-- Implemented a workaround for Dynix/PTX and other systems with TLI
-that lack some essential support routines. Thanks to Bugs Brouillard
-(brouill@hsuseq.humboldt.edu) for the hospitality to try things out.
-The trick is to temporarily switch to the socket API to identify the
-client, and to switch back to TLI when done. It still does not work
-right for basic network services such as telnet. File: fromhost.c.
-
-- Easy-to-build procedures for SCO UNIX, ConvexOS with UltraNet, EP/IX,
-Dynix 3.2, Dynix/PTX. File: Makefile.
-
-- Variable rfc931 timeout. Files: rfc931.c, options.c, log_tcp.h, try.c.
-
-- Further simplification of the rfc931 code. File: rfc931.c.
-
-- The fromhost() interface stinks: I cannot change that, but at least
-the from_sock() and from_tli() functions now accept a file descriptor
-argument.
-
-- Fixed a buglet: fromhost() would pass a garbage file descriptor to
-the isastream() call.
-
-- On some systems the finger client program lives in /usr/bsd. File:
-safe_finger.c.
-
-Changes per release 6.0 (Sept 1993)
-===================================
-
-- Easy build procedures for common platforms (sun, ultrix, aix, hpux
-and others).
-
-- TLI support, System V.4 style (Solaris, DG/UX).
-
-- Username lookup integrated with the access control language.
-Selective username lookups are now the default (was: no username
-lookups).
-
-- A safer finger command for booby traps. This one solves a host of
-possible problems with automatic reverse fingers. Thanks, Borja Marcos
-(borjam@we.lc.ehu.es) for some inspiring discussions.
-
-- KNOWN pattern that matches hosts whose name and address are known.
-
-- Cleanup of diagnostics. Errors in access-control files are now shown
-with file name and line number.
-
-- With AIX 3.2, hostnames longer than 32 would be truncated. This
-caused hostname verification failures, so that service would be refused
-when paranoid mode was enabled. Found by: Adrian van Bloois
-(A.vanBloois@info.nic.surfnet.nl).
-
-- With some IRIX versions, remote username lookups failed because the
-fgets() library function does not handle partial read()s from sockets.
-Found by: Daniel O'Callaghan (danny@austin.unimelb.edu.au).
-
-- Added a DISCLAIMER document to help you satisfy legal departments.
-
-The extension language module has undergone major revisions and
-extensions. Thanks, John P. Rouillard (rouilj@ra.cs.umb.edu) for
-discussions, experiments, and for being a good guinea pig. The
-extensions are documented in hosts_options.5, and are enabled by
-editing the Makefile STYLE macro definition.
-
-- (Extension language) The ":" separator may now occur within options
-as long as it is protected with a backslash. A warning is issued when
-a rule ends on ":".
-
-- (Extension language) Better verification mode. When the `try' command
-is run, each option function now explains what it would do.
-
-- (Extension language) New "allow" and "deny" keywords so you can now
-have all rules within a single file. See "nroff -man hosts_options.5"
-for examples.
-
-- (Extension language) "linger" keyword to set the socket linger time
-(SO_LINGER). From: Marc Boucher <marc@cam.org>.
-
-- (Extension language) "severity" keyword to turn the logging noise up
-or down. Many sites wanted a means to shut up the program; other sites
-wanted to emphasize specific events. Adapted from code contributed
-by Dave Mitchell <D.Mitchell@dcs.shef.ac.uk>.
-
-Changes per release 5.1 (Mar 1993)
-==================================
-
-- The additional protection against source-routing attacks from hosts
-that pretend to have someone elses network address has become optional
-because it causes kernel panics with SunOS <= 4.1.3.
-
-Changes per release 5.0 (Mar 1993)
-==================================
-
-- Additional protection against source-routing attacks from hosts that
-pretend to have someone elses network address. For example, the address
-of a trusted host within your own network.
-
-- The access control language has been extended with a simple but
-powerful operator that greatly simplifies the design of rule sets (ALL:
-.foo.edu EXCEPT dialup.foo.edu). Blank lines are permitted, and long
-lines can be continued with backslash-newline.
-
-- All configurable stuff, including path names, has been moved into the
-Makefile so that you no longer have to hack source code to just
-configure the programs.
-
-- Ported to Solaris 2. TLI-based applications not yet supported.
-Several workarounds for System V bugs.
-
-- A small loophole in the netgroup lookup code was closed, and the
-remote username lookup code was made more portable.
-
-- Still more documentation. The README file now provides tutorial
-sections with introductions to client, server, inetd and syslogd.
-
-Changes per release 4.3 (Aug 1992)
-==================================
-
-- Some sites reported that connections would be rejected because
-localhost != localhost.domain. The host name checking code now
-special-cases localhost (problem reported by several sites).
-
-- The programs now report an error if an existing access control file
-cannot be opened (e.g. due to lack of privileges). Until now, the
-programs would just pretend that the access control file does not exist
-(reported by Darren Reed, avalon@coombs.anu.edu.au).
-
-- The timeout period for remote userid lookups was upped to 30 seconds,
-in order to cope with slow hosts or networks. If this is too long for
-you, adjust the TIMEOUT definition in file rfc931.c (problem reported
-by several sites).
-
-- On hosts with more than one IP network interface, remote userid
-lookups could use the IP address of the "wrong" local interface. The
-problem and its solution were discussed on the rfc931-users mailing
-list. Scott Schwartz (schwartz@cs.psu.edu) folded the fix into the
-rfc931.c module.
-
-- The result of % expansion (in shell commands) is now checked for
-stuff that may confuse the shell; it is replaced by underscores
-(problem reported by Icarus Sparry, I.Sparry@gdr.bath.ac.uk).
-
-- A portability problem was fixed that caused compile-time problems
-on a CRAY (problem reported by Michael Barnett, mikeb@rmit.edu.au).
-
-Changes per release 4.0 (Jun 1992)
-==================================
-
-1 - network daemons no longer have to live within a common directory
-2 - the access control code now uses both the host address and name
-3 - an access control pattern that supports netmasks
-4 - additional protection against forged host names
-5 - a pattern that matches hosts whose name or address lookup fails
-6 - an operator that prevents hosts or services from being matched
-7 - optional remote username lookup with the RFC 931 protocol
-8 - an optional umask to prevent the creation of world-writable files
-9 - hooks for access control language extensions
-10 - last but not least, thoroughly revised documentation.
-
-Changes per release 3.0 (Oct 1991)
-==================================
-
-Enhancements over the previous release are: support for datagram (UDP
-and RPC) services, and execution of shell commands when a (remote host,
-requested service) pair matches a pattern in the access control tables.
-
-Changes per release 2.0 (May 1991)
-==================================
-
-Enhancements over the previous release are: protection against rlogin
-and rsh attacks through compromised domain name servers, optional
-netgroup support for systems with NIS (formerly YP), and an extension
-of the wild card patterns supported by the access control files.
-
-Release 1.0 (Jan 1991)
diff --git a/usr/src/cmd/tcpd/Makefile b/usr/src/cmd/tcpd/Makefile
index 2ab048cf6d..ab1318c55e 100644
--- a/usr/src/cmd/tcpd/Makefile
+++ b/usr/src/cmd/tcpd/Makefile
@@ -2,12 +2,14 @@
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
-PROG = safe_finger tcpd tcpdchk tcpdmatch try-from
+PROG= safe_finger tcpd tcpdchk tcpdmatch try-from
-include ../Makefile.cmd
+include ../Makefile.cmd
-ERROFF = -erroff=E_FUNC_HAS_NO_RETURN_STMT \
+ERROFF= -erroff=E_FUNC_HAS_NO_RETURN_STMT \
-erroff=E_IMPLICIT_DECL_FUNC_RETURN_INT \
-_gcc=-Wno-return-type -_gcc=-Wno-implicit
CFLAGS += $(CCVERBOSE) $(ERROFF)
@@ -18,126 +20,47 @@ CPPFLAGS += $(ACCESS) $(PARANOID) $(NETGROUP) $(TLI) \
-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-I../../lib/libwrap
tcpd tcpdmatch try-from := \
- LDLIBS += -lwrap
-tcpdchk := \
- LDLIBS += -lwrap -lnsl
+ LDLIBS += -lwrap
+tcpdchk := LDLIBS += -lwrap -lnsl
# Various components must export interfaces, but also contain name-space
# clashes with system libraries.
-MAPFILE.INT.D = $(MAPFILE.NGB) mapfile-intf-tcpdchk
-MAPFILE.INT.M = $(MAPFILE.NGB) mapfile-intf-tcpdmatch
-MAPFILE.INT.F = $(MAPFILE.NGB) mapfile-intf-tryfrom
+MAPFILE.INT.D= $(MAPFILE.NGB) mapfile-intf-tcpdchk
+MAPFILE.INT.M= $(MAPFILE.NGB) mapfile-intf-tcpdmatch
+MAPFILE.INT.F= $(MAPFILE.NGB) mapfile-intf-tryfrom
tcpdchk := LDFLAGS +=$(MAPFILE.INT.D:%=-M%)
tcpdmatch := LDFLAGS +=$(MAPFILE.INT.M:%=-M%)
try-from := LDFLAGS +=$(MAPFILE.INT.F:%=-M%)
-# SRCONLY files are not used for building but are included in the source code
-# package SUNWtcpdS for consistency and completeness with respect to the
-# public tcp_wrappers distribution.
-SRCONLY = BLURB Banners.Makefile CHANGES DISCLAIMER Makefile \
- Makefile.dist Makefile.org README README.IRIX README.NIS \
- README.ipv6 hosts_access.c.org misc.c.org miscd.c myvsyslog.c \
- ncr.c printf.ck ptx.c rfc931.c.org scaffold.c.org \
- socket.c.diff socket.c.org strcasecmp.c tags tcpd.h.org \
- tcpdchk.c.org tcpdmatch.c.org tli-sequent.c tli-sequent.h \
- tli.c.org update.c.org vfprintf.c
-
-MANDIRS = man3 man4 man1m
-MANPAGES = man3/hosts_access.3 man3/libwrap.3 man4/hosts_access.4 \
- man4/hosts_options.4 man4/hosts.allow.4 man4/hosts.deny.4 \
- man1m/tcpd.1m man1m/tcpdchk.1m man1m/tcpdmatch.1m
-DISTFILES = environ.c fakelog.c hosts_access.3 hosts_access.4 \
- hosts_options.4 inetcf.c inetcf.h safe_finger.c scaffold.c \
- scaffold.h tcpd.1m tcpd.c tcpdchk.1m tcpdchk.c tcpdmatch.1m \
- tcpdmatch.c try-from.c README.sfw $(SRCONLY)
-
-ROOTSRC = $(ROOT)/usr/share/src/tcp_wrappers
-ROOTMAN = $(ROOT)/usr/share/man
-ROOTMANPAGES = $(MANPAGES:%=$(ROOTMAN)/%)
-ROOTMANDIRS = $(MANDIRS:%=$(ROOTMAN)/%)
-ROOTSRCFILES = $(DISTFILES:%=$(ROOTSRC)/%)
-
.KEEP_STATE:
-all: $(PROG) THIRDPARTYLICENSE
+all: $(PROG)
-install: all $(ROOTUSRSBINPROG) $(ROOTMANPAGES) $(ROOTSRCFILES)
+install: all $(ROOTUSRSBINPROG)
clean:
- $(RM) *.o
- $(RM) -r sunman
-
-lint: lint_PROG
-
-# These Solaris-specific man page aliases are installed verbatim.
-sunman/libwrap.3: libwrap.3
- mkdir -p sunman; cat libwrap.3 > $@
-sunman/hosts.allow.4: hosts.allow.4
- mkdir -p sunman; cat hosts.allow.4 > $@
-sunman/hosts.deny.4: hosts.deny.4
- mkdir -p sunman; cat hosts.deny.4 > $@
-
-# The rest of the man pages are in the form provided in the original
-# distribution, but get edited and renamed to follow Solaris man page
-# conventions. E.g. tcpd.8 gets installed as /usr/share/man/man1m/tcpd.1m.
-# Create temporary copies in the sunman directory with modified names
-# and contents. The sed program man.sed contains the content edits.
-
-sunman/%.1m: %.8
- mkdir -p sunman; sed -f man.sed < $< > $@
-sunman/%.4: %.5
- mkdir -p sunman; sed -f man.sed < $< > $@
-sunman/%.3: %.3
- mkdir -p sunman; sed -f man.sed < $< > $@
-
-$(ROOTMANPAGES) := FILEMODE = 0444
-$(ROOTMANPAGES): $(ROOTMANDIRS) $(ROOT)/usr/share/man
-$(ROOTMANDIRS): $(ROOTMAN)
- $(INS.dir)
-$(ROOTMAN):
- $(INS.dir)
-$(ROOTMAN1M)/% $(ROOTMAN3)/% $(ROOTMAN)/man4/%: sunman/%
- $(INS.file)
-
-$(ROOTSRCFILES) := FILEMODE = 0444
-$(ROOTSRCFILES): $(ROOTSRC)
-$(ROOTSRC):
- $(INS.dir)
-$(ROOTSRC)/%: %.sfwsrc
- $(INS.rename)
-$(ROOTSRC)/%: sunman/%
- $(INS.file)
-$(ROOTSRC)/%: %
- $(INS.file)
-
-$(ROOT)/usr/share: $(ROOT)/usr
- $(INS.dir)
-$(ROOT)/usr: $(ROOT)
- $(INS.dir)
-
-TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
-
-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) $(MAPFILE.INTF.M)
- $(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS)
- $(POST_PROCESS)
-
-try-from: try-from.o fakelog.o $(LIB) $(MAPFILE.INTF.F)
- $(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS)
- $(POST_PROCESS)
-
-TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
-
-tcpdchk: $(TCPDCHK_OBJ) $(LIB) $(MAPFILE.INTF.C)
- $(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS)
- $(POST_PROCESS)
-
-THIRDPARTYLICENSE: DISCLAIMER
- $(GREP) -v '\*\*\*\*' DISCLAIMER > $@
-
-CLOBBERFILES += THIRDPARTYLICENSE
-
-include ../Makefile.targ
+ $(RM) *.o
+
+lint: lint_PROG
+
+TCPDMATCH_OBJ= tcpdmatch.o fakelog.o inetcf.o scaffold.o
+
+tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) $(MAPFILE.INTF.M)
+ $(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS)
+ $(POST_PROCESS)
+
+try-from: try-from.o fakelog.o $(LIB) $(MAPFILE.INTF.F)
+ $(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS)
+ $(POST_PROCESS)
+
+TCPDCHK_OBJ= tcpdchk.o fakelog.o inetcf.o scaffold.o
+
+tcpdchk: $(TCPDCHK_OBJ) $(LIB) $(MAPFILE.INTF.C)
+ $(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS)
+ $(POST_PROCESS)
+
+include ../Makefile.targ
# The rest of this file contains definitions more-or-less directly from the
# original Makefile of the tcp_wrappers distribution.
diff --git a/usr/src/cmd/tcpd/Makefile.dist b/usr/src/cmd/tcpd/Makefile.dist
deleted file mode 100644
index c9d38cebfd..0000000000
--- a/usr/src/cmd/tcpd/Makefile.dist
+++ /dev/null
@@ -1,903 +0,0 @@
-# @(#) Makefile 1.23 97/03/21 19:27:20
-
-what:
- @echo
- @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
- @echo
- @echo " make sys-type"
- @echo
- @echo "If you are in a hurry you can try instead:"
- @echo
- @echo " make REAL_DAEMON_DIR=/foo/bar sys-type"
- @echo
- @echo "And for a version with language extensions enabled:"
- @echo
- @echo " make REAL_DAEMON_DIR=/foo/bar STYLE=-DPROCESS_OPTIONS sys-type"
- @echo
- @echo "This Makefile knows about the following sys-types:"
- @echo
- @echo " generic (most bsd-ish systems with sys5 compatibility)"
- @echo " 386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543"
- @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
- @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
- @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
- @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
- @echo " uts215 uxp"
- @echo
- @echo "If none of these match your environment, edit the system"
- @echo "dependencies sections in the Makefile and do a 'make other'."
- @echo
-
-#######################################################
-# Choice between easy and advanced installation recipe.
-#
-# Advanced installation: vendor-provided daemons are left alone, and the
-# inetd configuration file is edited. In this case, the REAL_DAEMON_DIR
-# macro should reflect the actual directory with (most of) your
-# vendor-provided network daemons. These names can be found in the
-# inetd.conf file. Usually, the telnet, ftp and finger daemons all live
-# in the same directory.
-#
-# Uncomment the appropriate line if you are going to edit inetd.conf.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc
-
-# Easy installation: vendor-provided network daemons are moved to "some
-# other" directory, and the tcpd wrapper fills in the "holes". For this
-# mode of operation, the REAL_DAEMON_DIR macro should be set to the "some
-# other" directory. The "..." is here for historical reasons only; you
-# should probably use some other name.
-#
-# Uncomment the appropriate line if you are going to move your daemons.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc/...
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin/...
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec/...
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc/...
-
-# End of mandatory section
-##########################
-
-##########################################
-# Ready-to-use system-dependent templates.
-#
-# Ready-to-use templates are available for many systems (see the "echo"
-# commands at the start of this Makefile). The templates take care of
-# all system dependencies: after editing the REAL_DAEMON_DIR definition
-# above, do a "make sunos4" (or whatever system type is appropriate).
-#
-# If your system is not listed (or something that comes close enough), you
-# have to edit the system dependencies section below and do a "make other".
-#
-# Send templates for other UNIX versions to wietse@wzv.win.tue.nl.
-
-# This is good for many BSD+SYSV hybrids with NIS (formerly YP).
-generic aix osf alpha dynix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= IPV6="$(IPV6)" all
-
-# Ditto, with vsyslog
-sunos4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Generic with resolver library.
-generic-resolver:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lresolv RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# The NeXT loader needs "-m" or it barfs on redefined library functions.
-next:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-m RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# SunOS for the 386 was frozen at release 4.0.x.
-sunos40:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="setenv.o strcasecmp.o" \
- NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Ultrix is like aix, next, etc., but has miscd and setenv().
-ultrix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
- NETGROUP=-DNETGROUP TLI= all miscd
-
-# This works on EP/IX 1.4.3 and will likely work on Mips (reggers@julian.uwo.ca)
-epix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= SYSTYPE="-systype bsd43" all
-
-# Freebsd and linux by default have no NIS.
-386bsd netbsd bsdos:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
- EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-freebsd:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
- EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-linux:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
-
-# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
-hpux hpux8 hpux9 hpux10:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# ConvexOS-10.x with UltraNet support (ukkonen@csc.fi).
-convex-ultranet:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lulsock RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# Generic support for the Dynix/PTX version of TLI.
-ptx-generic:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o ptx.o" NETGROUP= TLI=-DPTX all
-
-# With UDP support optimized for PTX 2.x (timw@sequent.com).
-ptx-2.x:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o tli-sequent.o" NETGROUP= \
- TLI=-DTLI_SEQUENT all
-
-# IRIX 4.0.x has a special ar(1) flag.
-irix4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lc -lsun" RANLIB=echo ARFLAGS=rvs AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# IRIX 5.2 is SYSV4 with several broken things (such as -lsocket -lnsl).
-irix5:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lsun RANLIB=echo ARFLAGS=rv VSYSLOG= \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI= all
-
-# IRIX 6.2 (tucker@math.unc.edu). Must find a better value than 200000.
-irix6:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=echo ARFLAGS=rv VSYSLOG= \
- NETGROUP=-DNETGROUP EXTRA_CFLAGS="-DBSD=200000" TLI= all
-
-# SunOS 5.x is another SYSV4 variant.
-sunos5:
- @$(MAKE) REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
- BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" all
-
-# Generic SYSV40
-esix sysv4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# DG/UX 5.4.1 and 5.4.2 have an unusual inet_addr() interface.
-dgux:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
- BUGS="$(BUGS) -DINET_ADDR_BUG" all
-
-dgux543:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# NCR UNIX 02.02.01 and 02.03.00 (Alex Chircop, msu@unimt.mt)
-ncrsvr4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lresolv -lnsl -lsocket" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI=-DTLI \
- EXTRA_CFLAGS="" FROM_OBJ=ncr.o all
-
-# Tandem SYSV4 (eqawas@hedgehog.ac.cowan.edu.au)
-tandem:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
- NETGROUP= AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
-uts215:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket" RANLIB=echo \
- ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
-
-# UXP/DS System V.4 clone (vic@uida0.uida.es).
-uxp:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-L/usr/ucblib -lsocket -lnsl -lucb" \
- RANLIB=echo ARFLAGS=rv NETGROUP=-DNETGROUP \
- AUX_OBJ=setenv.o TLI="-DTLI -DDRS_XTI" all
-
-# DELL System V.4 Issue 2.2 using gcc (kim@tac.nyc.ny.us, jurban@norden1.com)
-dell-gcc:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=ranlib ARFLAGS=rv CC=gcc \
- AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# SCO 3.2v4.1 no frills (jedwards@sol1.solinet.net).
-sco:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl_s" RANLIB=echo ARFLAGS=rv \
- NETGROUP= AUX_OBJ=setenv.o TLI= all
-
-# SCO OpenDesktop 2.0, release 3.2 (peter@midnight.com). Please simplify.
-sco-od2:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lrpcsvc -lrpc -lyp -lrpc -lrpcsvc -lsocket" \
- RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# SCO 3.2v4.2 with TCP/IP 1.2.1 (Eduard.Vopicka@vse.cz). Please simplify.
-sco-nis:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lyp -lrpc -lsocket -lyp -lc_s -lc" \
- RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= EXTRA_CFLAGS="-nointl -DNO_NETGRENT" all
-
-# SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com, bill@razorlogic.com)
-sco-os5:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lrpcsvc -lsocket" RANLIB=echo ARFLAGS=rv VSYSLOG= \
- AUX_OBJ=setenv.o NETGROUP=-DNETGROUP TLI= all
-
-# sinix 5.42 setjmp workaround (szrzs023@ub3.ub.uni-kiel.de)
-sinix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl -L/usr/ccs/lib -lc -L/usr/ucblib -lucb" \
- RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o TLI=-DTLI all
-
-# Domain SR10.4. Build under bsd, run under either sysv3 or bsd43.
-apollo:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= SYSTYPE="-A run,any -A sys,any" all
-
-# Pyramid OSx 5.1, using the BSD universe.
-pyramid:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="environ.o vfprintf.o" \
- STRINGS="-Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy" \
- NETGROUP="-DNETGROUP -DUSE_GETDOMAIN" TLI= all
-
-# Untested.
-mips:
- @echo "Warning: some definitions may be wrong."
- make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= SYSTYPE="-sysname bsd43" all
-
-# Cray (tested with UNICOS 7.0.4).
-unicos7:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lnet RANLIB=echo ARFLAGS=rv \
- EXTRA_CFLAGS=-DINADDR_NONE="\"((unsigned long) -1)\"" \
- AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI= all
-
-# Unicos 8.x, Cray-YMP (Bruce Kelly).
-unicos8:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=echo AR=bld ARFLAGS=rv \
- AUX_OBJ= NETGROUP= TLI= all
-
-# Power_UNIX 2.1.1 (amantel@lerc.nasa.gov)
-power_unix_211:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lnsl -lsocket -lgen -lresolv" RANLIB=echo ARFLAGS=rv \
- NETGROUP= AUX_OBJ=setenv.o TLI=-DTLI BUGS="$(BUGS)" all
-
-# ISC (fc@all.net)
-isc:
- make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o" EXTRA_CFLAGS="-DENOTCONN=ENAVAIL" \
- NETGROUP= TLI= all
-
-# Interactive UNIX R3.2 version 4.0 (Bobby D. Wright).
-iunix:
- make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ=environ.o strcasecmp.o NETGROUP= TLI= all
-
-# RTU 6.0 on a Masscomp 5400 (ben@piglet.cr.usgs.gov). When using the
-# advanced installation, increment argv before actually looking at it.
-rtu:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP= TLI= all
-
-# Unixware sans NIS (mc@telebase.com). Compiler dislikes strcasecmp.c.
-unixware1:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl -lc -L/usr/ucblib -lucb" RANLIB=echo ARFLAGS=rv \
- NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-unixware2:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl -lgen -lc -L/usr/ucblib -lucb" RANLIB=echo \
- ARFLAGS=rv NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-u6000:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# MachTen
-machten:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP= TLI= all
-
-###############################################################
-# System dependencies: TLI (transport-level interface) support.
-#
-# Uncomment the following macro if your system has System V.4-style TLI
-# support (/usr/include/sys/timod.h, /etc/netconfig, and the netdir(3)
-# routines).
-#
-#TLI = -DTLI
-
-###############################################################################
-# System dependencies: differences between ranlib(1) and ar(1) implementations.
-#
-# Some C compilers (Ultrix 4.x) insist that ranlib(1) be run on an object
-# library; some don't care as long as the modules are in the right order;
-# some systems don't even have a ranlib(1) command. Make your choice.
-
-RANLIB = ranlib # have ranlib (BSD-ish UNIX)
-#RANLIB = echo # no ranlib (SYSV-ish UNIX)
-
-ARFLAGS = rv # most systems
-#ARFLAGS= rvs # IRIX 4.0.x
-
-AR = ar
-#AR = bld # Unicos 8.x
-
-#############################################################################
-# System dependencies: routines that are not present in the system libraries.
-#
-# If your system library does not have set/putenv() or strcasecmp(), use
-# the ones provided with this source distribution. The environ.c module
-# implements setenv(), getenv(), and putenv().
-
-AUX_OBJ= setenv.o
-#AUX_OBJ= environ.o
-#AUX_OBJ= environ.o strcasecmp.o
-
-# Uncomment the following if your C library does not provide the
-# strchr/strrchr/memcmp routines, but comes with index/rindex/bcmp.
-#
-#STRINGS= -Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy
-
-#################################################################
-# System dependencies: selection of non-default object libraries.
-#
-# Most System V implementations require that you explicitly specify the
-# networking libraries. There is no general consensus, though.
-#
-#LIBS = -lsocket -lnsl # SysV.4 Solaris 2.x
-#LIBS = -lsun # IRIX
-#LIBS = -lsocket -linet -lnsl -lnfs # PTX
-#LIBS = -linet -lnsl_s -ldbm # ISC
-#LIBS = -lnet # Unicos 7
-#LIBS = -linet -lsyslog -ldbm
-#LIBS = -lsyslog -lsocket -lnsl
-
-######################################################
-# System dependencies: system-specific compiler flags.
-#
-# Apollo Domain/OS offers both bsd and sys5 environments, sometimes
-# on the same machine. If your Apollo is primarily sys5.3 and also
-# has bsd4.3, uncomment the following to build under bsd and run under
-# either environment.
-#
-#SYSTYPE= -A run,any -A sys,any
-
-# For MIPS RISC/os 4_52.p3, uncomment the following definition.
-#
-#SYSTYPE= -sysname bsd43
-
-##################################################
-# System dependencies: working around system bugs.
-#
-# -DGETPEERNAME_BUG works around a getpeername(2) bug in some versions of
-# Apollo or SYSV.4 UNIX: the wrapper would report that all UDP requests
-# come from address 0.0.0.0. The workaround does no harm on other systems.
-#
-# -DBROKEN_FGETS works around an fgets(3) bug in some System V versions
-# (IRIX): fgets() gives up too fast when reading from a network socket.
-# The workaround does no harm on other systems.
-#
-# Some UNIX systems (IRIX) make the error of calling the strtok() library
-# routine from other library routines such as, e.g., gethostbyname/addr().
-# The result is that hosts can slip through the wrapper allow/deny filters.
-# Compile with -DLIBC_CALLS_STRTOK to avoid the vendor's strtok() routine.
-# The workaround does no harm on other systems.
-#
-# DG/UX 5.4.1 comes with an inet_ntoa() function that returns a structure
-# instead of a long integer. Compile with -DINET_ADDR_BUG to work around
-# this mutant behavour. Fixed in 5.4R3.
-#
-# Solaris 2.4 gethostbyname(), in DNS through NIS mode, puts only one
-# address in the host address list; all other addresses are treated as
-# host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
-# around this. The workaround does no harm on other Solaris versions.
-
-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
-
-##########################################################################
-# System dependencies: whether or not your system has NIS (or YP) support.
-#
-# If your system supports NIS or YP-style netgroups, enable the following
-# macro definition. Netgroups are used only for host access control.
-#
-#NETGROUP= -DNETGROUP
-
-###############################################################
-# System dependencies: whether or not your system has vsyslog()
-#
-# If your system supports vsyslog(), comment out the following definition.
-# If in doubt leave it in, it won't harm.
-
-VSYSLOG = -Dvsyslog=myvsyslog
-
-###############################################################
-# System dependencies: whether or not your system has IPV6
-#
-# If your system has IPv6 and supports getipnode* and inet_pton/inet_ntop
-# comment out the following (Solaris 8)
-
-# IPV6 = -DHAVE_IPV6
-
-# If your system does not have getipnodebyname() but uses the obsolete
-# gethostbyname2() instead, use this:
-# IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
-
-# End of the system dependencies.
-#################################
-
-##############################
-# Start of the optional stuff.
-
-###########################################
-# Optional: Turning on language extensions
-#
-# Instead of the default access control language that is documented in
-# the hosts_access.5 document, the wrappers can be configured to
-# implement an extensible language documented in the hosts_options.5
-# document. This language is implemented by the "options.c" source
-# module, which also gives hints on how to add your own extensions.
-# Uncomment the next definition to turn on the language extensions
-# (examples: allow, deny, banners, twist and spawn).
-#
-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
-
-################################################################
-# Optional: Changing the default disposition of logfile records
-#
-# By default, logfile entries are written to the same file as used for
-# sendmail transaction logs. See your /etc/syslog.conf file for actual
-# path names of logfiles. The tutorial section in the README file
-# gives a brief introduction to the syslog daemon.
-#
-# Change the FACILITY definition below if you disagree with the default
-# disposition. Some syslog versions (including Ultrix 4.x) do not provide
-# this flexibility.
-#
-# If nothing shows up on your system, it may be that the syslog records
-# are sent to a dedicated loghost. It may also be that no syslog daemon
-# is running at all. The README file gives pointers to surrogate syslog
-# implementations for systems that have no syslog library routines or
-# no syslog daemons. When changing the syslog.conf file, remember that
-# there must be TABs between fields.
-#
-# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
-
-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
-
-# The syslog priority at which successful connections are logged.
-
-SEVERITY= LOG_INFO # LOG_INFO is normally not logged to the console
-
-###########################
-# Optional: Reduce DNS load
-#
-# When looking up the address for a host.domain name, the typical DNS
-# code will first append substrings of your own domain, so it tries
-# host.domain.your.own.domain, then host.domain.own.domain, and then
-# host.domain. The APPEND_DOT feature stops this waste of cycles. It is
-# off by default because it causes problems on sites that don't use DNS
-# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
-# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
-#
-# DOT= -DAPPEND_DOT
-
-##################################################
-# Optional: Always attempt remote username lookups
-#
-# By default, the wrappers look up the remote username only when the
-# access control rules require them to do so.
-#
-# Username lookups require that the remote host runs a daemon that
-# supports an RFC 931 like protocol. Remote user name lookups are not
-# possible for UDP-based connections, and can cause noticeable delays
-# with connections from non-UNIX PCs. On some systems, remote username
-# lookups can trigger a kernel bug, causing loss of service. The README
-# file describes how to find out if your UNIX kernel has that problem.
-#
-# Uncomment the following definition if the wrappers should always
-# attempt to get the remote user name. If this is not enabled you can
-# still do selective username lookups as documented in the hosts_access.5
-# and hosts_options.5 manual pages (`nroff -man' format).
-#
-#AUTH = -DALWAYS_RFC931
-#
-# The default username lookup timeout is 10 seconds. This may not be long
-# enough for slow hosts or networks, but is enough to irritate PC users.
-
-RFC931_TIMEOUT = 10
-
-######################################################
-# Optional: Changing the default file protection mask
-#
-# On many systems, network daemons and other system processes are started
-# with a zero umask value, so that world-writable files may be produced.
-# It is a good idea to edit your /etc/rc* files so that they begin with
-# an explicit umask setting. On our site we use `umask 022' because it
-# does not break anything yet gives adequate protection against tampering.
-#
-# The following macro specifies the default umask for processes run under
-# control of the daemon wrappers. Comment it out only if you are certain
-# that inetd and its children are started with a safe umask value.
-
-UMASK = -DDAEMON_UMASK=022
-
-#######################################
-# Optional: Turning off access control
-#
-# By default, host access control is enabled. To disable host access
-# control, comment out the following definition. Host access control
-# can also be turned off at runtime by providing no or empty access
-# control tables.
-
-ACCESS = -DHOSTS_ACCESS
-
-########################################################
-# Optional: Changing the access control table pathnames
-#
-# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
-# look for access control information. Watch out for the quotes and
-# backslashes when you make changes.
-
-TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
-
-####################################################
-# Optional: dealing with host name/address conflicts
-#
-# By default, the software tries to protect against hosts that claim to
-# have someone elses host name. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin.
-#
-# With paranoid mode on, connections will be rejected when the host name
-# does not match the host address. Connections will also be rejected when
-# the host name is available but cannot be verified.
-#
-# Comment out the following definition if you want more control over such
-# requests. When paranoid mode is off and a host name double check fails,
-# the client can be matched with the PARANOID access control pattern.
-#
-# Paranoid mode implies hostname lookup. In order to disable hostname
-# lookups altogether, see the next section.
-
-PARANOID= -DPARANOID
-
-########################################
-# Optional: turning off hostname lookups
-#
-# By default, the software always attempts to look up the client
-# hostname. With selective hostname lookups, the client hostname
-# lookup is postponed until the name is required by an access control
-# rule or by a %letter expansion.
-#
-# In order to perform selective hostname lookups, disable paranoid
-# mode (see previous section) and comment out the following definition.
-
-HOSTNAME= -DALWAYS_HOSTNAME
-
-#############################################
-# Optional: Turning on host ADDRESS checking
-#
-# Optionally, the software tries to protect against hosts that pretend to
-# have someone elses host address. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin,
-# because the network address is used to look up the remote host name.
-#
-# The protection is to refuse TCP connections with IP source routing
-# options.
-#
-# This feature cannot be used with SunOS 4.x because of a kernel bug in
-# the implementation of the getsockopt() system call. Kernel panics have
-# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
-# fault" while executing the tcp_ctloutput() kernel function.
-#
-# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
-#
-# Uncomment the following macro definition if your getsockopt() is OK.
-#
-# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
-# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
-# Solaris 2.x, and Linux. See your system documentation for details.
-#
-# KILL_OPT= -DKILL_IP_OPTIONS
-
-## End configuration options
-############################
-
-# Protection against weird shells or weird make programs.
-
-SHELL = /bin/sh
-.c.o:; $(CC) $(CFLAGS) -c $*.c
-
-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
- $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
- -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
- $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
- $(VSYSLOG) $(HOSTNAME) $(IPV6)
-
-LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
- hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
- $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
- update.o misc.o diag.o percent_m.o myvsyslog.o
-
-FROM_OBJ= fromhost.o
-
-KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
- tcpd.h tcpdmatch.c Makefile hosts_access.5 strcasecmp.c BLURB rfc931.c \
- tcpd.8 eval.c hosts_access.3 hosts_ctl.c percent_x.c options.c \
- clean_exit.c environ.c patchlevel.h fix_options.c workarounds.c \
- socket.c tli.c DISCLAIMER fakelog.c safe_finger.c hosts_options.5 \
- CHANGES try-from.c update.c ptx.c vfprintf.c tli-sequent.c \
- tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \
- myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \
- refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
- scaffold.h tcpdmatch.8 README.NIS
-
-LIB = libwrap.a
-
-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
-
-# Invalidate all object files when the compiler options (CFLAGS) have changed.
-
-config-check:
- @set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; }
- @set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \
- if cmp cflags /tmp/cflags.$$$$ ; \
- then rm /tmp/cflags.$$$$ ; \
- else mv /tmp/cflags.$$$$ cflags ; \
- fi >/dev/null 2>/dev/null
-
-cflags: config-check
-
-$(LIB): $(LIB_OBJ)
- rm -f $(LIB)
- $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
- -$(RANLIB) $(LIB)
-
-tcpd: tcpd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
-
-miscd: miscd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
-
-safe_finger: safe_finger.o $(LIB)
- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
-
-TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
-
-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
-
-try-from: try-from.o fakelog.o $(LIB)
- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
-
-TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
-
-tcpdchk: $(TCPDCHK_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
-
-shar: $(KIT)
- @shar $(KIT)
-
-kit: $(KIT)
- @makekit $(KIT)
-
-files:
- @echo $(KIT)
-
-archive:
- $(ARCHIVE) $(KIT)
-
-clean:
- rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
- cflags
-
-tidy: clean
- chmod -R a+r .
- chmod 755 .
-
-# Enable all bells and whistles for linting.
-
-lint: tcpd_lint miscd_lint match_lint chk_lint
-
-tcpd_lint:
- lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
- -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
- $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
- -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- tcpd.c fromhost.c socket.c tli.c hosts_access.c \
- shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
- options.c setenv.c fix_options.c workarounds.c update.c misc.c \
- diag.c myvsyslog.c percent_m.c
-
-miscd_lint:
- lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
- -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
- $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
- -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- miscd.c fromhost.c socket.c tli.c hosts_access.c \
- shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
- options.c setenv.c fix_options.c workarounds.c update.c misc.c \
- diag.c myvsyslog.c percent_m.c
-
-match_lint:
- lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
- -DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- tcpdmatch.c hosts_access.c eval.c percent_x.c options.c workarounds.c \
- update.c socket.c misc.c diag.c myvsyslog.c percent_m.c setenv.c \
- inetcf.c scaffold.c
-
-chk_lint:
- lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
- -DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
- setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c
-
-printfck:
- printfck -f printf.ck \
- tcpd.c fromhost.c socket.c tli.c hosts_access.c \
- shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
- options.c setenv.c fix_options.c workarounds.c update.c misc.c \
- diag.c myvsyslog.c percent_m.c >aap.c
- lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
- -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
- $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
- -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" -Dvsyslog=myvsyslog aap.c
- printfck -f printf.ck \
- tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
- setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c \
- >aap.c
- lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
- -DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
- -Dvsyslog=myvsyslog -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\"
-
-# Internal compilation dependencies.
-
-clean_exit.o: cflags
-clean_exit.o: tcpd.h
-diag.o: cflags
-diag.o: mystdarg.h
-diag.o: tcpd.h
-environ.o: cflags
-eval.o: cflags
-eval.o: tcpd.h
-fakelog.o: cflags
-fakelog.o: mystdarg.h
-fix_options.o: cflags
-fix_options.o: tcpd.h
-fromhost.o: cflags
-fromhost.o: tcpd.h
-hosts_access.o: cflags
-hosts_access.o: tcpd.h
-hosts_ctl.o: cflags
-hosts_ctl.o: tcpd.h
-inetcf.o: cflags
-inetcf.o: inetcf.h
-inetcf.o: tcpd.h
-misc.o: cflags
-misc.o: tcpd.h
-miscd.o: cflags
-miscd.o: patchlevel.h
-miscd.o: tcpd.h
-myvsyslog.o: cflags
-myvsyslog.o: mystdarg.h
-myvsyslog.o: tcpd.h
-ncr.o: cflags
-ncr.o: tcpd.h
-options.o: cflags
-options.o: tcpd.h
-percent_m.o: cflags
-percent_m.o: mystdarg.h
-percent_x.o: cflags
-percent_x.o: tcpd.h
-ptx.o: cflags
-ptx.o: tcpd.h
-refuse.o: cflags
-refuse.o: tcpd.h
-rfc931.o: cflags
-rfc931.o: tcpd.h
-safe_finger.o: cflags
-scaffold.o: cflags
-scaffold.o: scaffold.h
-scaffold.o: tcpd.h
-setenv.o: cflags
-shell_cmd.o: cflags
-shell_cmd.o: tcpd.h
-socket.o: cflags
-socket.o: tcpd.h
-strcasecmp.o: cflags
-tcpd.o: cflags
-tcpd.o: patchlevel.h
-tcpd.o: tcpd.h
-tcpdchk.o: cflags
-tcpdchk.o: inetcf.h
-tcpdchk.o: scaffold.h
-tcpdchk.o: tcpd.h
-tcpdmatch.o: cflags
-tcpdmatch.o: scaffold.h
-tcpdmatch.o: tcpd.h
-tli-sequent.o: cflags
-tli-sequent.o: tcpd.h
-tli-sequent.o: tli-sequent.h
-tli.o: cflags
-tli.o: tcpd.h
-try-from.o: cflags
-try-from.o: tcpd.h
-update.o: cflags
-update.o: mystdarg.h
-update.o: tcpd.h
-vfprintf.o: cflags
-workarounds.o: cflags
-workarounds.o: tcpd.h
diff --git a/usr/src/cmd/tcpd/Makefile.org b/usr/src/cmd/tcpd/Makefile.org
deleted file mode 100644
index 2906c52ddf..0000000000
--- a/usr/src/cmd/tcpd/Makefile.org
+++ /dev/null
@@ -1,889 +0,0 @@
-# @(#) Makefile 1.23 97/03/21 19:27:20
-
-what:
- @echo
- @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
- @echo
- @echo " make sys-type"
- @echo
- @echo "If you are in a hurry you can try instead:"
- @echo
- @echo " make REAL_DAEMON_DIR=/foo/bar sys-type"
- @echo
- @echo "And for a version with language extensions enabled:"
- @echo
- @echo " make REAL_DAEMON_DIR=/foo/bar STYLE=-DPROCESS_OPTIONS sys-type"
- @echo
- @echo "This Makefile knows about the following sys-types:"
- @echo
- @echo " generic (most bsd-ish systems with sys5 compatibility)"
- @echo " 386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543"
- @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
- @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
- @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
- @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
- @echo " uts215 uxp"
- @echo
- @echo "If none of these match your environment, edit the system"
- @echo "dependencies sections in the Makefile and do a 'make other'."
- @echo
-
-#######################################################
-# Choice between easy and advanced installation recipe.
-#
-# Advanced installation: vendor-provided daemons are left alone, and the
-# inetd configuration file is edited. In this case, the REAL_DAEMON_DIR
-# macro should reflect the actual directory with (most of) your
-# vendor-provided network daemons. These names can be found in the
-# inetd.conf file. Usually, the telnet, ftp and finger daemons all live
-# in the same directory.
-#
-# Uncomment the appropriate line if you are going to edit inetd.conf.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc
-
-# Easy installation: vendor-provided network daemons are moved to "some
-# other" directory, and the tcpd wrapper fills in the "holes". For this
-# mode of operation, the REAL_DAEMON_DIR macro should be set to the "some
-# other" directory. The "..." is here for historical reasons only; you
-# should probably use some other name.
-#
-# Uncomment the appropriate line if you are going to move your daemons.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc/...
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin/...
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec/...
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc/...
-
-# End of mandatory section
-##########################
-
-##########################################
-# Ready-to-use system-dependent templates.
-#
-# Ready-to-use templates are available for many systems (see the "echo"
-# commands at the start of this Makefile). The templates take care of
-# all system dependencies: after editing the REAL_DAEMON_DIR definition
-# above, do a "make sunos4" (or whatever system type is appropriate).
-#
-# If your system is not listed (or something that comes close enough), you
-# have to edit the system dependencies section below and do a "make other".
-#
-# Send templates for other UNIX versions to wietse@wzv.win.tue.nl.
-
-# This is good for many BSD+SYSV hybrids with NIS (formerly YP).
-generic aix osf alpha dynix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# Ditto, with vsyslog
-sunos4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Generic with resolver library.
-generic-resolver:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lresolv RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# The NeXT loader needs "-m" or it barfs on redefined library functions.
-next:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-m RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# SunOS for the 386 was frozen at release 4.0.x.
-sunos40:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="setenv.o strcasecmp.o" \
- NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Ultrix is like aix, next, etc., but has miscd and setenv().
-ultrix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
- NETGROUP=-DNETGROUP TLI= all miscd
-
-# This works on EP/IX 1.4.3 and will likely work on Mips (reggers@julian.uwo.ca)
-epix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= SYSTYPE="-systype bsd43" all
-
-# Freebsd and linux by default have no NIS.
-386bsd netbsd bsdos:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
- EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-freebsd:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
- EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-linux:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
-
-# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
-hpux hpux8 hpux9 hpux10:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# ConvexOS-10.x with UltraNet support (ukkonen@csc.fi).
-convex-ultranet:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lulsock RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# Generic support for the Dynix/PTX version of TLI.
-ptx-generic:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o ptx.o" NETGROUP= TLI=-DPTX all
-
-# With UDP support optimized for PTX 2.x (timw@sequent.com).
-ptx-2.x:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o tli-sequent.o" NETGROUP= \
- TLI=-DTLI_SEQUENT all
-
-# IRIX 4.0.x has a special ar(1) flag.
-irix4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lc -lsun" RANLIB=echo ARFLAGS=rvs AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# IRIX 5.2 is SYSV4 with several broken things (such as -lsocket -lnsl).
-irix5:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lsun RANLIB=echo ARFLAGS=rv VSYSLOG= \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI= all
-
-# IRIX 6.2 (tucker@math.unc.edu). Must find a better value than 200000.
-irix6:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=echo ARFLAGS=rv VSYSLOG= \
- NETGROUP=-DNETGROUP EXTRA_CFLAGS="-DBSD=200000" TLI= all
-
-# SunOS 5.x is another SYSV4 variant.
-sunos5:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
- BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" all
-
-# Generic SYSV40
-esix sysv4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# DG/UX 5.4.1 and 5.4.2 have an unusual inet_addr() interface.
-dgux:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
- BUGS="$(BUGS) -DINET_ADDR_BUG" all
-
-dgux543:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# NCR UNIX 02.02.01 and 02.03.00 (Alex Chircop, msu@unimt.mt)
-ncrsvr4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lresolv -lnsl -lsocket" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI=-DTLI \
- EXTRA_CFLAGS="" FROM_OBJ=ncr.o all
-
-# Tandem SYSV4 (eqawas@hedgehog.ac.cowan.edu.au)
-tandem:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
- NETGROUP= AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
-uts215:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket" RANLIB=echo \
- ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
-
-# UXP/DS System V.4 clone (vic@uida0.uida.es).
-uxp:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-L/usr/ucblib -lsocket -lnsl -lucb" \
- RANLIB=echo ARFLAGS=rv NETGROUP=-DNETGROUP \
- AUX_OBJ=setenv.o TLI="-DTLI -DDRS_XTI" all
-
-# DELL System V.4 Issue 2.2 using gcc (kim@tac.nyc.ny.us, jurban@norden1.com)
-dell-gcc:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=ranlib ARFLAGS=rv CC=gcc \
- AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# SCO 3.2v4.1 no frills (jedwards@sol1.solinet.net).
-sco:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl_s" RANLIB=echo ARFLAGS=rv \
- NETGROUP= AUX_OBJ=setenv.o TLI= all
-
-# SCO OpenDesktop 2.0, release 3.2 (peter@midnight.com). Please simplify.
-sco-od2:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lrpcsvc -lrpc -lyp -lrpc -lrpcsvc -lsocket" \
- RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# SCO 3.2v4.2 with TCP/IP 1.2.1 (Eduard.Vopicka@vse.cz). Please simplify.
-sco-nis:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lyp -lrpc -lsocket -lyp -lc_s -lc" \
- RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= EXTRA_CFLAGS="-nointl -DNO_NETGRENT" all
-
-# SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com, bill@razorlogic.com)
-sco-os5:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lrpcsvc -lsocket" RANLIB=echo ARFLAGS=rv VSYSLOG= \
- AUX_OBJ=setenv.o NETGROUP=-DNETGROUP TLI= all
-
-# sinix 5.42 setjmp workaround (szrzs023@ub3.ub.uni-kiel.de)
-sinix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl -L/usr/ccs/lib -lc -L/usr/ucblib -lucb" \
- RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o TLI=-DTLI all
-
-# Domain SR10.4. Build under bsd, run under either sysv3 or bsd43.
-apollo:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= SYSTYPE="-A run,any -A sys,any" all
-
-# Pyramid OSx 5.1, using the BSD universe.
-pyramid:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="environ.o vfprintf.o" \
- STRINGS="-Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy" \
- NETGROUP="-DNETGROUP -DUSE_GETDOMAIN" TLI= all
-
-# Untested.
-mips:
- @echo "Warning: some definitions may be wrong."
- make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= SYSTYPE="-sysname bsd43" all
-
-# Cray (tested with UNICOS 7.0.4).
-unicos7:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lnet RANLIB=echo ARFLAGS=rv \
- EXTRA_CFLAGS=-DINADDR_NONE="\"((unsigned long) -1)\"" \
- AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI= all
-
-# Unicos 8.x, Cray-YMP (Bruce Kelly).
-unicos8:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=echo AR=bld ARFLAGS=rv \
- AUX_OBJ= NETGROUP= TLI= all
-
-# Power_UNIX 2.1.1 (amantel@lerc.nasa.gov)
-power_unix_211:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lnsl -lsocket -lgen -lresolv" RANLIB=echo ARFLAGS=rv \
- NETGROUP= AUX_OBJ=setenv.o TLI=-DTLI BUGS="$(BUGS)" all
-
-# ISC (fc@all.net)
-isc:
- make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o" EXTRA_CFLAGS="-DENOTCONN=ENAVAIL" \
- NETGROUP= TLI= all
-
-# Interactive UNIX R3.2 version 4.0 (Bobby D. Wright).
-iunix:
- make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ=environ.o strcasecmp.o NETGROUP= TLI= all
-
-# RTU 6.0 on a Masscomp 5400 (ben@piglet.cr.usgs.gov). When using the
-# advanced installation, increment argv before actually looking at it.
-rtu:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP= TLI= all
-
-# Unixware sans NIS (mc@telebase.com). Compiler dislikes strcasecmp.c.
-unixware1:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl -lc -L/usr/ucblib -lucb" RANLIB=echo ARFLAGS=rv \
- NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-unixware2:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl -lgen -lc -L/usr/ucblib -lucb" RANLIB=echo \
- ARFLAGS=rv NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-u6000:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# MachTen
-machten:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP= TLI= all
-
-###############################################################
-# System dependencies: TLI (transport-level interface) support.
-#
-# Uncomment the following macro if your system has System V.4-style TLI
-# support (/usr/include/sys/timod.h, /etc/netconfig, and the netdir(3)
-# routines).
-#
-#TLI = -DTLI
-
-###############################################################################
-# System dependencies: differences between ranlib(1) and ar(1) implementations.
-#
-# Some C compilers (Ultrix 4.x) insist that ranlib(1) be run on an object
-# library; some don't care as long as the modules are in the right order;
-# some systems don't even have a ranlib(1) command. Make your choice.
-
-RANLIB = ranlib # have ranlib (BSD-ish UNIX)
-#RANLIB = echo # no ranlib (SYSV-ish UNIX)
-
-ARFLAGS = rv # most systems
-#ARFLAGS= rvs # IRIX 4.0.x
-
-AR = ar
-#AR = bld # Unicos 8.x
-
-#############################################################################
-# System dependencies: routines that are not present in the system libraries.
-#
-# If your system library does not have set/putenv() or strcasecmp(), use
-# the ones provided with this source distribution. The environ.c module
-# implements setenv(), getenv(), and putenv().
-
-AUX_OBJ= setenv.o
-#AUX_OBJ= environ.o
-#AUX_OBJ= environ.o strcasecmp.o
-
-# Uncomment the following if your C library does not provide the
-# strchr/strrchr/memcmp routines, but comes with index/rindex/bcmp.
-#
-#STRINGS= -Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy
-
-#################################################################
-# System dependencies: selection of non-default object libraries.
-#
-# Most System V implementations require that you explicitly specify the
-# networking libraries. There is no general consensus, though.
-#
-#LIBS = -lsocket -lnsl # SysV.4 Solaris 2.x
-#LIBS = -lsun # IRIX
-#LIBS = -lsocket -linet -lnsl -lnfs # PTX
-#LIBS = -linet -lnsl_s -ldbm # ISC
-#LIBS = -lnet # Unicos 7
-#LIBS = -linet -lsyslog -ldbm
-#LIBS = -lsyslog -lsocket -lnsl
-
-######################################################
-# System dependencies: system-specific compiler flags.
-#
-# Apollo Domain/OS offers both bsd and sys5 environments, sometimes
-# on the same machine. If your Apollo is primarily sys5.3 and also
-# has bsd4.3, uncomment the following to build under bsd and run under
-# either environment.
-#
-#SYSTYPE= -A run,any -A sys,any
-
-# For MIPS RISC/os 4_52.p3, uncomment the following definition.
-#
-#SYSTYPE= -sysname bsd43
-
-##################################################
-# System dependencies: working around system bugs.
-#
-# -DGETPEERNAME_BUG works around a getpeername(2) bug in some versions of
-# Apollo or SYSV.4 UNIX: the wrapper would report that all UDP requests
-# come from address 0.0.0.0. The workaround does no harm on other systems.
-#
-# -DBROKEN_FGETS works around an fgets(3) bug in some System V versions
-# (IRIX): fgets() gives up too fast when reading from a network socket.
-# The workaround does no harm on other systems.
-#
-# Some UNIX systems (IRIX) make the error of calling the strtok() library
-# routine from other library routines such as, e.g., gethostbyname/addr().
-# The result is that hosts can slip through the wrapper allow/deny filters.
-# Compile with -DLIBC_CALLS_STRTOK to avoid the vendor's strtok() routine.
-# The workaround does no harm on other systems.
-#
-# DG/UX 5.4.1 comes with an inet_ntoa() function that returns a structure
-# instead of a long integer. Compile with -DINET_ADDR_BUG to work around
-# this mutant behavour. Fixed in 5.4R3.
-#
-# Solaris 2.4 gethostbyname(), in DNS through NIS mode, puts only one
-# address in the host address list; all other addresses are treated as
-# host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
-# around this. The workaround does no harm on other Solaris versions.
-
-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
-
-##########################################################################
-# System dependencies: whether or not your system has NIS (or YP) support.
-#
-# If your system supports NIS or YP-style netgroups, enable the following
-# macro definition. Netgroups are used only for host access control.
-#
-#NETGROUP= -DNETGROUP
-
-###############################################################
-# System dependencies: whether or not your system has vsyslog()
-#
-# If your system supports vsyslog(), comment out the following definition.
-# If in doubt leave it in, it won't harm.
-
-VSYSLOG = -Dvsyslog=myvsyslog
-
-# End of the system dependencies.
-#################################
-
-##############################
-# Start of the optional stuff.
-
-###########################################
-# Optional: Turning on language extensions
-#
-# Instead of the default access control language that is documented in
-# the hosts_access.5 document, the wrappers can be configured to
-# implement an extensible language documented in the hosts_options.5
-# document. This language is implemented by the "options.c" source
-# module, which also gives hints on how to add your own extensions.
-# Uncomment the next definition to turn on the language extensions
-# (examples: allow, deny, banners, twist and spawn).
-#
-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
-
-################################################################
-# Optional: Changing the default disposition of logfile records
-#
-# By default, logfile entries are written to the same file as used for
-# sendmail transaction logs. See your /etc/syslog.conf file for actual
-# path names of logfiles. The tutorial section in the README file
-# gives a brief introduction to the syslog daemon.
-#
-# Change the FACILITY definition below if you disagree with the default
-# disposition. Some syslog versions (including Ultrix 4.x) do not provide
-# this flexibility.
-#
-# If nothing shows up on your system, it may be that the syslog records
-# are sent to a dedicated loghost. It may also be that no syslog daemon
-# is running at all. The README file gives pointers to surrogate syslog
-# implementations for systems that have no syslog library routines or
-# no syslog daemons. When changing the syslog.conf file, remember that
-# there must be TABs between fields.
-#
-# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
-
-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
-
-# The syslog priority at which successful connections are logged.
-
-SEVERITY= LOG_INFO # LOG_INFO is normally not logged to the console
-
-###########################
-# Optional: Reduce DNS load
-#
-# When looking up the address for a host.domain name, the typical DNS
-# code will first append substrings of your own domain, so it tries
-# host.domain.your.own.domain, then host.domain.own.domain, and then
-# host.domain. The APPEND_DOT feature stops this waste of cycles. It is
-# off by default because it causes problems on sites that don't use DNS
-# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
-# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
-#
-# DOT= -DAPPEND_DOT
-
-##################################################
-# Optional: Always attempt remote username lookups
-#
-# By default, the wrappers look up the remote username only when the
-# access control rules require them to do so.
-#
-# Username lookups require that the remote host runs a daemon that
-# supports an RFC 931 like protocol. Remote user name lookups are not
-# possible for UDP-based connections, and can cause noticeable delays
-# with connections from non-UNIX PCs. On some systems, remote username
-# lookups can trigger a kernel bug, causing loss of service. The README
-# file describes how to find out if your UNIX kernel has that problem.
-#
-# Uncomment the following definition if the wrappers should always
-# attempt to get the remote user name. If this is not enabled you can
-# still do selective username lookups as documented in the hosts_access.5
-# and hosts_options.5 manual pages (`nroff -man' format).
-#
-#AUTH = -DALWAYS_RFC931
-#
-# The default username lookup timeout is 10 seconds. This may not be long
-# enough for slow hosts or networks, but is enough to irritate PC users.
-
-RFC931_TIMEOUT = 10
-
-######################################################
-# Optional: Changing the default file protection mask
-#
-# On many systems, network daemons and other system processes are started
-# with a zero umask value, so that world-writable files may be produced.
-# It is a good idea to edit your /etc/rc* files so that they begin with
-# an explicit umask setting. On our site we use `umask 022' because it
-# does not break anything yet gives adequate protection against tampering.
-#
-# The following macro specifies the default umask for processes run under
-# control of the daemon wrappers. Comment it out only if you are certain
-# that inetd and its children are started with a safe umask value.
-
-UMASK = -DDAEMON_UMASK=022
-
-#######################################
-# Optional: Turning off access control
-#
-# By default, host access control is enabled. To disable host access
-# control, comment out the following definition. Host access control
-# can also be turned off at runtime by providing no or empty access
-# control tables.
-
-ACCESS = -DHOSTS_ACCESS
-
-########################################################
-# Optional: Changing the access control table pathnames
-#
-# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
-# look for access control information. Watch out for the quotes and
-# backslashes when you make changes.
-
-TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
-
-####################################################
-# Optional: dealing with host name/address conflicts
-#
-# By default, the software tries to protect against hosts that claim to
-# have someone elses host name. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin.
-#
-# With paranoid mode on, connections will be rejected when the host name
-# does not match the host address. Connections will also be rejected when
-# the host name is available but cannot be verified.
-#
-# Comment out the following definition if you want more control over such
-# requests. When paranoid mode is off and a host name double check fails,
-# the client can be matched with the PARANOID access control pattern.
-#
-# Paranoid mode implies hostname lookup. In order to disable hostname
-# lookups altogether, see the next section.
-
-PARANOID= -DPARANOID
-
-########################################
-# Optional: turning off hostname lookups
-#
-# By default, the software always attempts to look up the client
-# hostname. With selective hostname lookups, the client hostname
-# lookup is postponed until the name is required by an access control
-# rule or by a %letter expansion.
-#
-# In order to perform selective hostname lookups, disable paranoid
-# mode (see previous section) and comment out the following definition.
-
-HOSTNAME= -DALWAYS_HOSTNAME
-
-#############################################
-# Optional: Turning on host ADDRESS checking
-#
-# Optionally, the software tries to protect against hosts that pretend to
-# have someone elses host address. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin,
-# because the network address is used to look up the remote host name.
-#
-# The protection is to refuse TCP connections with IP source routing
-# options.
-#
-# This feature cannot be used with SunOS 4.x because of a kernel bug in
-# the implementation of the getsockopt() system call. Kernel panics have
-# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
-# fault" while executing the tcp_ctloutput() kernel function.
-#
-# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
-#
-# Uncomment the following macro definition if your getsockopt() is OK.
-#
-# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
-# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
-# Solaris 2.x, and Linux. See your system documentation for details.
-#
-# KILL_OPT= -DKILL_IP_OPTIONS
-
-## End configuration options
-############################
-
-# Protection against weird shells or weird make programs.
-
-SHELL = /bin/sh
-.c.o:; $(CC) $(CFLAGS) -c $*.c
-
-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
- $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
- -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
- $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
- $(VSYSLOG) $(HOSTNAME)
-
-LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
- hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
- $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
- update.o misc.o diag.o percent_m.o myvsyslog.o
-
-FROM_OBJ= fromhost.o
-
-KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
- tcpd.h tcpdmatch.c Makefile hosts_access.5 strcasecmp.c BLURB rfc931.c \
- tcpd.8 eval.c hosts_access.3 hosts_ctl.c percent_x.c options.c \
- clean_exit.c environ.c patchlevel.h fix_options.c workarounds.c \
- socket.c tli.c DISCLAIMER fakelog.c safe_finger.c hosts_options.5 \
- CHANGES try-from.c update.c ptx.c vfprintf.c tli-sequent.c \
- tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \
- myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \
- refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
- scaffold.h tcpdmatch.8 README.NIS
-
-LIB = libwrap.a
-
-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
-
-# Invalidate all object files when the compiler options (CFLAGS) have changed.
-
-config-check:
- @set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; }
- @set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \
- if cmp cflags /tmp/cflags.$$$$ ; \
- then rm /tmp/cflags.$$$$ ; \
- else mv /tmp/cflags.$$$$ cflags ; \
- fi >/dev/null 2>/dev/null
-
-$(LIB): $(LIB_OBJ)
- rm -f $(LIB)
- $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
- -$(RANLIB) $(LIB)
-
-tcpd: tcpd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
-
-miscd: miscd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
-
-safe_finger: safe_finger.o $(LIB)
- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
-
-TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
-
-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
-
-try-from: try-from.o fakelog.o $(LIB)
- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
-
-TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
-
-tcpdchk: $(TCPDCHK_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
-
-shar: $(KIT)
- @shar $(KIT)
-
-kit: $(KIT)
- @makekit $(KIT)
-
-files:
- @echo $(KIT)
-
-archive:
- $(ARCHIVE) $(KIT)
-
-clean:
- rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
- cflags
-
-tidy: clean
- chmod -R a+r .
- chmod 755 .
-
-# Enable all bells and whistles for linting.
-
-lint: tcpd_lint miscd_lint match_lint chk_lint
-
-tcpd_lint:
- lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
- -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
- $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
- -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- tcpd.c fromhost.c socket.c tli.c hosts_access.c \
- shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
- options.c setenv.c fix_options.c workarounds.c update.c misc.c \
- diag.c myvsyslog.c percent_m.c
-
-miscd_lint:
- lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
- -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
- $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
- -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- miscd.c fromhost.c socket.c tli.c hosts_access.c \
- shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
- options.c setenv.c fix_options.c workarounds.c update.c misc.c \
- diag.c myvsyslog.c percent_m.c
-
-match_lint:
- lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
- -DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- tcpdmatch.c hosts_access.c eval.c percent_x.c options.c workarounds.c \
- update.c socket.c misc.c diag.c myvsyslog.c percent_m.c setenv.c \
- inetcf.c scaffold.c
-
-chk_lint:
- lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
- -DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
- setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c
-
-printfck:
- printfck -f printf.ck \
- tcpd.c fromhost.c socket.c tli.c hosts_access.c \
- shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
- options.c setenv.c fix_options.c workarounds.c update.c misc.c \
- diag.c myvsyslog.c percent_m.c >aap.c
- lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
- -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
- $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
- -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" -Dvsyslog=myvsyslog aap.c
- printfck -f printf.ck \
- tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
- setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c \
- >aap.c
- lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
- -DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
- -Dvsyslog=myvsyslog -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\"
-
-# Internal compilation dependencies.
-
-clean_exit.o: cflags
-clean_exit.o: tcpd.h
-diag.o: cflags
-diag.o: mystdarg.h
-diag.o: tcpd.h
-environ.o: cflags
-eval.o: cflags
-eval.o: tcpd.h
-fakelog.o: cflags
-fakelog.o: mystdarg.h
-fix_options.o: cflags
-fix_options.o: tcpd.h
-fromhost.o: cflags
-fromhost.o: tcpd.h
-hosts_access.o: cflags
-hosts_access.o: tcpd.h
-hosts_ctl.o: cflags
-hosts_ctl.o: tcpd.h
-inetcf.o: cflags
-inetcf.o: inetcf.h
-inetcf.o: tcpd.h
-misc.o: cflags
-misc.o: tcpd.h
-miscd.o: cflags
-miscd.o: patchlevel.h
-miscd.o: tcpd.h
-myvsyslog.o: cflags
-myvsyslog.o: mystdarg.h
-myvsyslog.o: tcpd.h
-ncr.o: cflags
-ncr.o: tcpd.h
-options.o: cflags
-options.o: tcpd.h
-percent_m.o: cflags
-percent_m.o: mystdarg.h
-percent_x.o: cflags
-percent_x.o: tcpd.h
-ptx.o: cflags
-ptx.o: tcpd.h
-refuse.o: cflags
-refuse.o: tcpd.h
-rfc931.o: cflags
-rfc931.o: tcpd.h
-safe_finger.o: cflags
-scaffold.o: cflags
-scaffold.o: scaffold.h
-scaffold.o: tcpd.h
-setenv.o: cflags
-shell_cmd.o: cflags
-shell_cmd.o: tcpd.h
-socket.o: cflags
-socket.o: tcpd.h
-strcasecmp.o: cflags
-tcpd.o: cflags
-tcpd.o: patchlevel.h
-tcpd.o: tcpd.h
-tcpdchk.o: cflags
-tcpdchk.o: inetcf.h
-tcpdchk.o: scaffold.h
-tcpdchk.o: tcpd.h
-tcpdmatch.o: cflags
-tcpdmatch.o: scaffold.h
-tcpdmatch.o: tcpd.h
-tli-sequent.o: cflags
-tli-sequent.o: tcpd.h
-tli-sequent.o: tli-sequent.h
-tli.o: cflags
-tli.o: tcpd.h
-try-from.o: cflags
-try-from.o: tcpd.h
-update.o: cflags
-update.o: mystdarg.h
-update.o: tcpd.h
-vfprintf.o: cflags
-workarounds.o: cflags
-workarounds.o: tcpd.h
diff --git a/usr/src/cmd/tcpd/Makefile.sfwsrc b/usr/src/cmd/tcpd/Makefile.sfwsrc
deleted file mode 100644
index 1e628d8c62..0000000000
--- a/usr/src/cmd/tcpd/Makefile.sfwsrc
+++ /dev/null
@@ -1,903 +0,0 @@
-# @(#) Makefile 1.23 97/03/21 19:27:20
-
-what:
- @echo
- @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
- @echo
- @echo " make sys-type"
- @echo
- @echo "If you are in a hurry you can try instead:"
- @echo
- @echo " make REAL_DAEMON_DIR=/foo/bar sys-type"
- @echo
- @echo "And for a version with language extensions enabled:"
- @echo
- @echo " make REAL_DAEMON_DIR=/foo/bar STYLE=-DPROCESS_OPTIONS sys-type"
- @echo
- @echo "This Makefile knows about the following sys-types:"
- @echo
- @echo " generic (most bsd-ish systems with sys5 compatibility)"
- @echo " 386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543"
- @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
- @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
- @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
- @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
- @echo " uts215 uxp"
- @echo
- @echo "If none of these match your environment, edit the system"
- @echo "dependencies sections in the Makefile and do a 'make other'."
- @echo
-
-#######################################################
-# Choice between easy and advanced installation recipe.
-#
-# Advanced installation: vendor-provided daemons are left alone, and the
-# inetd configuration file is edited. In this case, the REAL_DAEMON_DIR
-# macro should reflect the actual directory with (most of) your
-# vendor-provided network daemons. These names can be found in the
-# inetd.conf file. Usually, the telnet, ftp and finger daemons all live
-# in the same directory.
-#
-# Uncomment the appropriate line if you are going to edit inetd.conf.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc
-
-# Easy installation: vendor-provided network daemons are moved to "some
-# other" directory, and the tcpd wrapper fills in the "holes". For this
-# mode of operation, the REAL_DAEMON_DIR macro should be set to the "some
-# other" directory. The "..." is here for historical reasons only; you
-# should probably use some other name.
-#
-# Uncomment the appropriate line if you are going to move your daemons.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc/...
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin/...
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec/...
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc/...
-
-# End of mandatory section
-##########################
-
-##########################################
-# Ready-to-use system-dependent templates.
-#
-# Ready-to-use templates are available for many systems (see the "echo"
-# commands at the start of this Makefile). The templates take care of
-# all system dependencies: after editing the REAL_DAEMON_DIR definition
-# above, do a "make sunos4" (or whatever system type is appropriate).
-#
-# If your system is not listed (or something that comes close enough), you
-# have to edit the system dependencies section below and do a "make other".
-#
-# Send templates for other UNIX versions to wietse@wzv.win.tue.nl.
-
-# This is good for many BSD+SYSV hybrids with NIS (formerly YP).
-generic aix osf alpha dynix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= IPV6="$(IPV6)" all
-
-# Ditto, with vsyslog
-sunos4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Generic with resolver library.
-generic-resolver:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lresolv RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# The NeXT loader needs "-m" or it barfs on redefined library functions.
-next:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-m RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# SunOS for the 386 was frozen at release 4.0.x.
-sunos40:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="setenv.o strcasecmp.o" \
- NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Ultrix is like aix, next, etc., but has miscd and setenv().
-ultrix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
- NETGROUP=-DNETGROUP TLI= all miscd
-
-# This works on EP/IX 1.4.3 and will likely work on Mips (reggers@julian.uwo.ca)
-epix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= SYSTYPE="-systype bsd43" all
-
-# Freebsd and linux by default have no NIS.
-386bsd netbsd bsdos:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
- EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-freebsd:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
- EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-linux:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
-
-# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
-hpux hpux8 hpux9 hpux10:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# ConvexOS-10.x with UltraNet support (ukkonen@csc.fi).
-convex-ultranet:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lulsock RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# Generic support for the Dynix/PTX version of TLI.
-ptx-generic:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o ptx.o" NETGROUP= TLI=-DPTX all
-
-# With UDP support optimized for PTX 2.x (timw@sequent.com).
-ptx-2.x:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o tli-sequent.o" NETGROUP= \
- TLI=-DTLI_SEQUENT all
-
-# IRIX 4.0.x has a special ar(1) flag.
-irix4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lc -lsun" RANLIB=echo ARFLAGS=rvs AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# IRIX 5.2 is SYSV4 with several broken things (such as -lsocket -lnsl).
-irix5:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lsun RANLIB=echo ARFLAGS=rv VSYSLOG= \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI= all
-
-# IRIX 6.2 (tucker@math.unc.edu). Must find a better value than 200000.
-irix6:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=echo ARFLAGS=rv VSYSLOG= \
- NETGROUP=-DNETGROUP EXTRA_CFLAGS="-DBSD=200000" TLI= all
-
-# SunOS 5.x is another SYSV4 variant.
-sunos5:
- @$(MAKE) REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
- BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" all
-
-# Generic SYSV40
-esix sysv4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# DG/UX 5.4.1 and 5.4.2 have an unusual inet_addr() interface.
-dgux:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
- BUGS="$(BUGS) -DINET_ADDR_BUG" all
-
-dgux543:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# NCR UNIX 02.02.01 and 02.03.00 (Alex Chircop, msu@unimt.mt)
-ncrsvr4:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lresolv -lnsl -lsocket" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI=-DTLI \
- EXTRA_CFLAGS="" FROM_OBJ=ncr.o all
-
-# Tandem SYSV4 (eqawas@hedgehog.ac.cowan.edu.au)
-tandem:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
- NETGROUP= AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
-uts215:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket" RANLIB=echo \
- ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
-
-# UXP/DS System V.4 clone (vic@uida0.uida.es).
-uxp:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-L/usr/ucblib -lsocket -lnsl -lucb" \
- RANLIB=echo ARFLAGS=rv NETGROUP=-DNETGROUP \
- AUX_OBJ=setenv.o TLI="-DTLI -DDRS_XTI" all
-
-# DELL System V.4 Issue 2.2 using gcc (kim@tac.nyc.ny.us, jurban@norden1.com)
-dell-gcc:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=ranlib ARFLAGS=rv CC=gcc \
- AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# SCO 3.2v4.1 no frills (jedwards@sol1.solinet.net).
-sco:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl_s" RANLIB=echo ARFLAGS=rv \
- NETGROUP= AUX_OBJ=setenv.o TLI= all
-
-# SCO OpenDesktop 2.0, release 3.2 (peter@midnight.com). Please simplify.
-sco-od2:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lrpcsvc -lrpc -lyp -lrpc -lrpcsvc -lsocket" \
- RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= all
-
-# SCO 3.2v4.2 with TCP/IP 1.2.1 (Eduard.Vopicka@vse.cz). Please simplify.
-sco-nis:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lyp -lrpc -lsocket -lyp -lc_s -lc" \
- RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= EXTRA_CFLAGS="-nointl -DNO_NETGRENT" all
-
-# SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com, bill@razorlogic.com)
-sco-os5:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lrpcsvc -lsocket" RANLIB=echo ARFLAGS=rv VSYSLOG= \
- AUX_OBJ=setenv.o NETGROUP=-DNETGROUP TLI= all
-
-# sinix 5.42 setjmp workaround (szrzs023@ub3.ub.uni-kiel.de)
-sinix:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl -L/usr/ccs/lib -lc -L/usr/ucblib -lucb" \
- RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o TLI=-DTLI all
-
-# Domain SR10.4. Build under bsd, run under either sysv3 or bsd43.
-apollo:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP=-DNETGROUP TLI= SYSTYPE="-A run,any -A sys,any" all
-
-# Pyramid OSx 5.1, using the BSD universe.
-pyramid:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="environ.o vfprintf.o" \
- STRINGS="-Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy" \
- NETGROUP="-DNETGROUP -DUSE_GETDOMAIN" TLI= all
-
-# Untested.
-mips:
- @echo "Warning: some definitions may be wrong."
- make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP=-DNETGROUP TLI= SYSTYPE="-sysname bsd43" all
-
-# Cray (tested with UNICOS 7.0.4).
-unicos7:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS=-lnet RANLIB=echo ARFLAGS=rv \
- EXTRA_CFLAGS=-DINADDR_NONE="\"((unsigned long) -1)\"" \
- AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI= all
-
-# Unicos 8.x, Cray-YMP (Bruce Kelly).
-unicos8:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=echo AR=bld ARFLAGS=rv \
- AUX_OBJ= NETGROUP= TLI= all
-
-# Power_UNIX 2.1.1 (amantel@lerc.nasa.gov)
-power_unix_211:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lnsl -lsocket -lgen -lresolv" RANLIB=echo ARFLAGS=rv \
- NETGROUP= AUX_OBJ=setenv.o TLI=-DTLI BUGS="$(BUGS)" all
-
-# ISC (fc@all.net)
-isc:
- make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ="setenv.o strcasecmp.o" EXTRA_CFLAGS="-DENOTCONN=ENAVAIL" \
- NETGROUP= TLI= all
-
-# Interactive UNIX R3.2 version 4.0 (Bobby D. Wright).
-iunix:
- make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
- AUX_OBJ=environ.o strcasecmp.o NETGROUP= TLI= all
-
-# RTU 6.0 on a Masscomp 5400 (ben@piglet.cr.usgs.gov). When using the
-# advanced installation, increment argv before actually looking at it.
-rtu:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP= TLI= all
-
-# Unixware sans NIS (mc@telebase.com). Compiler dislikes strcasecmp.c.
-unixware1:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl -lc -L/usr/ucblib -lucb" RANLIB=echo ARFLAGS=rv \
- NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-unixware2:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl -lgen -lc -L/usr/ucblib -lucb" RANLIB=echo \
- ARFLAGS=rv NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-u6000:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
- NETGROUP=-DNETGROUP AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# MachTen
-machten:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
- NETGROUP= TLI= all
-
-###############################################################
-# System dependencies: TLI (transport-level interface) support.
-#
-# Uncomment the following macro if your system has System V.4-style TLI
-# support (/usr/include/sys/timod.h, /etc/netconfig, and the netdir(3)
-# routines).
-#
-#TLI = -DTLI
-
-###############################################################################
-# System dependencies: differences between ranlib(1) and ar(1) implementations.
-#
-# Some C compilers (Ultrix 4.x) insist that ranlib(1) be run on an object
-# library; some don't care as long as the modules are in the right order;
-# some systems don't even have a ranlib(1) command. Make your choice.
-
-RANLIB = ranlib # have ranlib (BSD-ish UNIX)
-#RANLIB = echo # no ranlib (SYSV-ish UNIX)
-
-ARFLAGS = rv # most systems
-#ARFLAGS= rvs # IRIX 4.0.x
-
-AR = ar
-#AR = bld # Unicos 8.x
-
-#############################################################################
-# System dependencies: routines that are not present in the system libraries.
-#
-# If your system library does not have set/putenv() or strcasecmp(), use
-# the ones provided with this source distribution. The environ.c module
-# implements setenv(), getenv(), and putenv().
-
-AUX_OBJ= setenv.o
-#AUX_OBJ= environ.o
-#AUX_OBJ= environ.o strcasecmp.o
-
-# Uncomment the following if your C library does not provide the
-# strchr/strrchr/memcmp routines, but comes with index/rindex/bcmp.
-#
-#STRINGS= -Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy
-
-#################################################################
-# System dependencies: selection of non-default object libraries.
-#
-# Most System V implementations require that you explicitly specify the
-# networking libraries. There is no general consensus, though.
-#
-#LIBS = -lsocket -lnsl # SysV.4 Solaris 2.x
-#LIBS = -lsun # IRIX
-#LIBS = -lsocket -linet -lnsl -lnfs # PTX
-#LIBS = -linet -lnsl_s -ldbm # ISC
-#LIBS = -lnet # Unicos 7
-#LIBS = -linet -lsyslog -ldbm
-#LIBS = -lsyslog -lsocket -lnsl
-
-######################################################
-# System dependencies: system-specific compiler flags.
-#
-# Apollo Domain/OS offers both bsd and sys5 environments, sometimes
-# on the same machine. If your Apollo is primarily sys5.3 and also
-# has bsd4.3, uncomment the following to build under bsd and run under
-# either environment.
-#
-#SYSTYPE= -A run,any -A sys,any
-
-# For MIPS RISC/os 4_52.p3, uncomment the following definition.
-#
-#SYSTYPE= -sysname bsd43
-
-##################################################
-# System dependencies: working around system bugs.
-#
-# -DGETPEERNAME_BUG works around a getpeername(2) bug in some versions of
-# Apollo or SYSV.4 UNIX: the wrapper would report that all UDP requests
-# come from address 0.0.0.0. The workaround does no harm on other systems.
-#
-# -DBROKEN_FGETS works around an fgets(3) bug in some System V versions
-# (IRIX): fgets() gives up too fast when reading from a network socket.
-# The workaround does no harm on other systems.
-#
-# Some UNIX systems (IRIX) make the error of calling the strtok() library
-# routine from other library routines such as, e.g., gethostbyname/addr().
-# The result is that hosts can slip through the wrapper allow/deny filters.
-# Compile with -DLIBC_CALLS_STRTOK to avoid the vendor's strtok() routine.
-# The workaround does no harm on other systems.
-#
-# DG/UX 5.4.1 comes with an inet_ntoa() function that returns a structure
-# instead of a long integer. Compile with -DINET_ADDR_BUG to work around
-# this mutant behavour. Fixed in 5.4R3.
-#
-# Solaris 2.4 gethostbyname(), in DNS through NIS mode, puts only one
-# address in the host address list; all other addresses are treated as
-# host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
-# around this. The workaround does no harm on other Solaris versions.
-
-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
-
-##########################################################################
-# System dependencies: whether or not your system has NIS (or YP) support.
-#
-# If your system supports NIS or YP-style netgroups, enable the following
-# macro definition. Netgroups are used only for host access control.
-#
-#NETGROUP= -DNETGROUP
-
-###############################################################
-# System dependencies: whether or not your system has vsyslog()
-#
-# If your system supports vsyslog(), comment out the following definition.
-# If in doubt leave it in, it won't harm.
-
-VSYSLOG = -Dvsyslog=myvsyslog
-
-###############################################################
-# System dependencies: whether or not your system has IPV6
-#
-# If your system has IPv6 and supports getipnode* and inet_pton/inet_ntop
-# uncomment the following (Solaris 8)
-
-# IPV6 = -DHAVE_IPV6
-
-# If your system does not have getipnodebyname() but uses the obsolete
-# gethostbyname2() instead, use this (AIX)
-# IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
-
-# End of the system dependencies.
-#################################
-
-##############################
-# Start of the optional stuff.
-
-###########################################
-# Optional: Turning on language extensions
-#
-# Instead of the default access control language that is documented in
-# the hosts_access.5 document, the wrappers can be configured to
-# implement an extensible language documented in the hosts_options.5
-# document. This language is implemented by the "options.c" source
-# module, which also gives hints on how to add your own extensions.
-# Uncomment the next definition to turn on the language extensions
-# (examples: allow, deny, banners, twist and spawn).
-#
-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
-
-################################################################
-# Optional: Changing the default disposition of logfile records
-#
-# By default, logfile entries are written to the same file as used for
-# sendmail transaction logs. See your /etc/syslog.conf file for actual
-# path names of logfiles. The tutorial section in the README file
-# gives a brief introduction to the syslog daemon.
-#
-# Change the FACILITY definition below if you disagree with the default
-# disposition. Some syslog versions (including Ultrix 4.x) do not provide
-# this flexibility.
-#
-# If nothing shows up on your system, it may be that the syslog records
-# are sent to a dedicated loghost. It may also be that no syslog daemon
-# is running at all. The README file gives pointers to surrogate syslog
-# implementations for systems that have no syslog library routines or
-# no syslog daemons. When changing the syslog.conf file, remember that
-# there must be TABs between fields.
-#
-# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
-
-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
-
-# The syslog priority at which successful connections are logged.
-
-SEVERITY= LOG_INFO # LOG_INFO is normally not logged to the console
-
-###########################
-# Optional: Reduce DNS load
-#
-# When looking up the address for a host.domain name, the typical DNS
-# code will first append substrings of your own domain, so it tries
-# host.domain.your.own.domain, then host.domain.own.domain, and then
-# host.domain. The APPEND_DOT feature stops this waste of cycles. It is
-# off by default because it causes problems on sites that don't use DNS
-# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
-# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
-#
-# DOT= -DAPPEND_DOT
-
-##################################################
-# Optional: Always attempt remote username lookups
-#
-# By default, the wrappers look up the remote username only when the
-# access control rules require them to do so.
-#
-# Username lookups require that the remote host runs a daemon that
-# supports an RFC 931 like protocol. Remote user name lookups are not
-# possible for UDP-based connections, and can cause noticeable delays
-# with connections from non-UNIX PCs. On some systems, remote username
-# lookups can trigger a kernel bug, causing loss of service. The README
-# file describes how to find out if your UNIX kernel has that problem.
-#
-# Uncomment the following definition if the wrappers should always
-# attempt to get the remote user name. If this is not enabled you can
-# still do selective username lookups as documented in the hosts_access.5
-# and hosts_options.5 manual pages (`nroff -man' format).
-#
-#AUTH = -DALWAYS_RFC931
-#
-# The default username lookup timeout is 10 seconds. This may not be long
-# enough for slow hosts or networks, but is enough to irritate PC users.
-
-RFC931_TIMEOUT = 10
-
-######################################################
-# Optional: Changing the default file protection mask
-#
-# On many systems, network daemons and other system processes are started
-# with a zero umask value, so that world-writable files may be produced.
-# It is a good idea to edit your /etc/rc* files so that they begin with
-# an explicit umask setting. On our site we use `umask 022' because it
-# does not break anything yet gives adequate protection against tampering.
-#
-# The following macro specifies the default umask for processes run under
-# control of the daemon wrappers. Comment it out only if you are certain
-# that inetd and its children are started with a safe umask value.
-
-UMASK = -DDAEMON_UMASK=022
-
-#######################################
-# Optional: Turning off access control
-#
-# By default, host access control is enabled. To disable host access
-# control, comment out the following definition. Host access control
-# can also be turned off at runtime by providing no or empty access
-# control tables.
-
-ACCESS = -DHOSTS_ACCESS
-
-########################################################
-# Optional: Changing the access control table pathnames
-#
-# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
-# look for access control information. Watch out for the quotes and
-# backslashes when you make changes.
-
-TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
-
-####################################################
-# Optional: dealing with host name/address conflicts
-#
-# By default, the software tries to protect against hosts that claim to
-# have someone elses host name. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin.
-#
-# With paranoid mode on, connections will be rejected when the host name
-# does not match the host address. Connections will also be rejected when
-# the host name is available but cannot be verified.
-#
-# Comment out the following definition if you want more control over such
-# requests. When paranoid mode is off and a host name double check fails,
-# the client can be matched with the PARANOID access control pattern.
-#
-# Paranoid mode implies hostname lookup. In order to disable hostname
-# lookups altogether, see the next section.
-
-PARANOID= -DPARANOID
-
-########################################
-# Optional: turning off hostname lookups
-#
-# By default, the software always attempts to look up the client
-# hostname. With selective hostname lookups, the client hostname
-# lookup is postponed until the name is required by an access control
-# rule or by a %letter expansion.
-#
-# In order to perform selective hostname lookups, disable paranoid
-# mode (see previous section) and comment out the following definition.
-
-HOSTNAME= -DALWAYS_HOSTNAME
-
-#############################################
-# Optional: Turning on host ADDRESS checking
-#
-# Optionally, the software tries to protect against hosts that pretend to
-# have someone elses host address. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin,
-# because the network address is used to look up the remote host name.
-#
-# The protection is to refuse TCP connections with IP source routing
-# options.
-#
-# This feature cannot be used with SunOS 4.x because of a kernel bug in
-# the implementation of the getsockopt() system call. Kernel panics have
-# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
-# fault" while executing the tcp_ctloutput() kernel function.
-#
-# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
-#
-# Uncomment the following macro definition if your getsockopt() is OK.
-#
-# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
-# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
-# Solaris 2.x, and Linux. See your system documentation for details.
-#
-# KILL_OPT= -DKILL_IP_OPTIONS
-
-## End configuration options
-############################
-
-# Protection against weird shells or weird make programs.
-
-SHELL = /bin/sh
-.c.o:; $(CC) $(CFLAGS) -c $*.c
-
-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
- $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
- -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
- $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
- $(VSYSLOG) $(HOSTNAME) $(IPV6)
-
-LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
- hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
- $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
- update.o misc.o diag.o percent_m.o myvsyslog.o
-
-FROM_OBJ= fromhost.o
-
-KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
- tcpd.h tcpdmatch.c Makefile hosts_access.5 strcasecmp.c BLURB rfc931.c \
- tcpd.8 eval.c hosts_access.3 hosts_ctl.c percent_x.c options.c \
- clean_exit.c environ.c patchlevel.h fix_options.c workarounds.c \
- socket.c tli.c DISCLAIMER fakelog.c safe_finger.c hosts_options.5 \
- CHANGES try-from.c update.c ptx.c vfprintf.c tli-sequent.c \
- tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \
- myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \
- refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
- scaffold.h tcpdmatch.8 README.NIS
-
-LIB = libwrap.a
-
-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
-
-# Invalidate all object files when the compiler options (CFLAGS) have changed.
-
-config-check:
- @set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; }
- @set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \
- if cmp cflags /tmp/cflags.$$$$ ; \
- then rm /tmp/cflags.$$$$ ; \
- else mv /tmp/cflags.$$$$ cflags ; \
- fi >/dev/null 2>/dev/null
-
-cflags: config-check
-
-$(LIB): $(LIB_OBJ)
- rm -f $(LIB)
- $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
- -$(RANLIB) $(LIB)
-
-tcpd: tcpd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
-
-miscd: miscd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
-
-safe_finger: safe_finger.o $(LIB)
- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
-
-TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
-
-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
-
-try-from: try-from.o fakelog.o $(LIB)
- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
-
-TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
-
-tcpdchk: $(TCPDCHK_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
-
-shar: $(KIT)
- @shar $(KIT)
-
-kit: $(KIT)
- @makekit $(KIT)
-
-files:
- @echo $(KIT)
-
-archive:
- $(ARCHIVE) $(KIT)
-
-clean:
- rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
- cflags
-
-tidy: clean
- chmod -R a+r .
- chmod 755 .
-
-# Enable all bells and whistles for linting.
-
-lint: tcpd_lint miscd_lint match_lint chk_lint
-
-tcpd_lint:
- lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
- -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
- $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
- -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- tcpd.c fromhost.c socket.c tli.c hosts_access.c \
- shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
- options.c setenv.c fix_options.c workarounds.c update.c misc.c \
- diag.c myvsyslog.c percent_m.c
-
-miscd_lint:
- lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
- -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
- $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
- -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- miscd.c fromhost.c socket.c tli.c hosts_access.c \
- shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
- options.c setenv.c fix_options.c workarounds.c update.c misc.c \
- diag.c myvsyslog.c percent_m.c
-
-match_lint:
- lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
- -DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- tcpdmatch.c hosts_access.c eval.c percent_x.c options.c workarounds.c \
- update.c socket.c misc.c diag.c myvsyslog.c percent_m.c setenv.c \
- inetcf.c scaffold.c
-
-chk_lint:
- lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
- -DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
- -Dvsyslog=myvsyslog \
- tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
- setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c
-
-printfck:
- printfck -f printf.ck \
- tcpd.c fromhost.c socket.c tli.c hosts_access.c \
- shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
- options.c setenv.c fix_options.c workarounds.c update.c misc.c \
- diag.c myvsyslog.c percent_m.c >aap.c
- lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
- -DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
- $(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
- -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
- -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" -Dvsyslog=myvsyslog aap.c
- printfck -f printf.ck \
- tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
- setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c \
- >aap.c
- lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
- -DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
- -Dvsyslog=myvsyslog -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\"
-
-# Internal compilation dependencies.
-
-clean_exit.o: cflags
-clean_exit.o: tcpd.h
-diag.o: cflags
-diag.o: mystdarg.h
-diag.o: tcpd.h
-environ.o: cflags
-eval.o: cflags
-eval.o: tcpd.h
-fakelog.o: cflags
-fakelog.o: mystdarg.h
-fix_options.o: cflags
-fix_options.o: tcpd.h
-fromhost.o: cflags
-fromhost.o: tcpd.h
-hosts_access.o: cflags
-hosts_access.o: tcpd.h
-hosts_ctl.o: cflags
-hosts_ctl.o: tcpd.h
-inetcf.o: cflags
-inetcf.o: inetcf.h
-inetcf.o: tcpd.h
-misc.o: cflags
-misc.o: tcpd.h
-miscd.o: cflags
-miscd.o: patchlevel.h
-miscd.o: tcpd.h
-myvsyslog.o: cflags
-myvsyslog.o: mystdarg.h
-myvsyslog.o: tcpd.h
-ncr.o: cflags
-ncr.o: tcpd.h
-options.o: cflags
-options.o: tcpd.h
-percent_m.o: cflags
-percent_m.o: mystdarg.h
-percent_x.o: cflags
-percent_x.o: tcpd.h
-ptx.o: cflags
-ptx.o: tcpd.h
-refuse.o: cflags
-refuse.o: tcpd.h
-rfc931.o: cflags
-rfc931.o: tcpd.h
-safe_finger.o: cflags
-scaffold.o: cflags
-scaffold.o: scaffold.h
-scaffold.o: tcpd.h
-setenv.o: cflags
-shell_cmd.o: cflags
-shell_cmd.o: tcpd.h
-socket.o: cflags
-socket.o: tcpd.h
-strcasecmp.o: cflags
-tcpd.o: cflags
-tcpd.o: patchlevel.h
-tcpd.o: tcpd.h
-tcpdchk.o: cflags
-tcpdchk.o: inetcf.h
-tcpdchk.o: scaffold.h
-tcpdchk.o: tcpd.h
-tcpdmatch.o: cflags
-tcpdmatch.o: scaffold.h
-tcpdmatch.o: tcpd.h
-tli-sequent.o: cflags
-tli-sequent.o: tcpd.h
-tli-sequent.o: tli-sequent.h
-tli.o: cflags
-tli.o: tcpd.h
-try-from.o: cflags
-try-from.o: tcpd.h
-update.o: cflags
-update.o: mystdarg.h
-update.o: tcpd.h
-vfprintf.o: cflags
-workarounds.o: cflags
-workarounds.o: tcpd.h
diff --git a/usr/src/cmd/tcpd/README b/usr/src/cmd/tcpd/README
deleted file mode 100644
index 98b6b472a4..0000000000
--- a/usr/src/cmd/tcpd/README
+++ /dev/null
@@ -1,1038 +0,0 @@
-@(#) README 1.30 97/03/21 19:27:21
-
-This is the 7.6 version of the TCP/IP daemon wrapper package.
-
-Thank you for using this program. If you like it, send me a postcard.
-My postal address is at the bottom of this file.
-
-Read the BLURB file for a brief summary of what is new. The CHANGES
-file gives a complete account of differences with respect to previous
-releases.
-
-Announcements of new releases of this software are posted to Usenet
-(comp.security.unix, comp.unix.admin), to the cert-tools mailing list,
-and to a dedicated mailing list. You can subscribe to the dedicated
-mailing list by sending an email message to majordomo@wzv.win.tue.nl
-with in the body (not subject): subscribe tcp-wrappers-announce.
-
-Table of contents
------------------
-
- 1 - Introduction
- 2 - Disclaimer
- 3 - Tutorials
- 3.1 - How it works
- 3.2 - Where the logging information goes
- 4 - Features
- 4.1 - Access control
- 4.2 - Host name spoofing
- 4.3 - Host address spoofing
- 4.4 - Client username lookups
- 4.5 - Language extensions
- 4.6 - Multiple ftp/gopher/www archives on one host
- 4.7 - Banner messages
- 4.8 - Sequence number guessing
- 5 - Other works
- 5.1 - Related documents
- 5.2 - Related software
- 6 - Limitations
- 6.1 - Known wrapper limitations
- 6.2 - Known system software bugs
- 7 - Configuration and installation
- 7.1 - Easy configuration and installation
- 7.2 - Advanced configuration and installation
- 7.3 - Daemons with arbitrary path names
- 7.4 - Building and testing the access control rules
- 7.5 - Other applications
- 8 - Acknowledgements
-
-1 - Introduction
-----------------
-
-With this package you can monitor and filter incoming requests for the
-SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other
-network services.
-
-It supports both 4.3BSD-style sockets and System V.4-style TLI. Praise
-yourself lucky if you don't know what that means.
-
-The package provides tiny daemon wrapper programs that can be installed
-without any changes to existing software or to existing configuration
-files. The wrappers report the name of the client host and of the
-requested service; the wrappers do not exchange information with the
-client or server applications, and impose no overhead on the actual
-conversation between the client and server applications.
-
-Optional features are: access control to restrict what systems can
-connect to what network daemons; client user name lookups with the RFC
-931 etc. protocol; additional protection against hosts that pretend to
-have someone elses host name; additional protection against hosts that
-pretend to have someone elses host address.
-
-The programs are very portable. Build procedures are provided for many
-common (and not so common) environments, and guidelines are provided in
-case your environment is not among them.
-
-Requirements are that network daemons are spawned by a super server
-such as the inetd; a 4.3BSD-style socket programming interface and/or
-System V.4-style TLI programming interface; and the availability of a
-syslog(3) library and of a syslogd(8) daemon. The wrappers should run
-without modification on any system that satisfies these requirements.
-Workarounds have been implemented for several common bugs in systems
-software.
-
-What to do if this is your first encounter with the wrapper programs:
-1) read the tutorial sections for an introduction to the relevant
-concepts and terminology; 2) glance over the security feature sections
-in this document; 3) follow the installation instructions (easy or
-advanced). I recommend that you first use the default security feature
-settings. Run the wrappers for a few days to become familiar with
-their logs, before doing anything drastic such as cutting off access or
-installing booby traps.
-
-2 - Disclaimer
---------------
-
-The wrapper programs rely on source address information obtained from
-network packets. This information is provided by the client host. It is
-not 100 percent reliable, although the wrappers do their best to expose
-forgeries.
-
-In the absence of cryptographic protection of message contents, and of
-cryptographic authentication of message originators, all data from the
-network should be treated with sound scepticism.
-
-THIS RESTRICTION IS BY NO MEANS SPECIFIC TO THE TCP/IP PROTOCOLS.
-
-3 - Tutorials
--------------
-
-The tutorial sections give a gentle introduction to the operation of
-the wrapper programs, and introduce some of the terminology that is
-used in the remainder of the document: client, server, the inetd and
-syslogd daemons, and their configuration files.
-
-3.1 - How it works
-------------------
-
-Almost every application of the TCP/IP protocols is based on a client-
-server model. For example, when a user invokes the telnet command to
-connect to one of your systems, a telnet server process is executed on
-the target host. The telnet server process connects the user to a login
-process. A few examples of client and server programs are shown in the
-table below:
-
- client server application
- --------------------------------
- telnet telnetd remote login
- ftp ftpd file transfer
- finger fingerd show users
-
-The usual approach is to run one single daemon process that waits for
-all kinds of incoming network connections. Whenever a connection is
-established, this daemon (usually called inetd) runs the appropriate
-server program and goes back to sleep, waiting for other connections.
-
-The wrapper programs rely on a simple, but powerful mechanism. Instead
-of directly running the desired server program, the inetd is tricked
-into running a small wrapper program. The wrapper logs the client host
-name or address and performs some additional checks. When all is well,
-the wrapper executes the desired server program and goes away.
-
-The wrapper programs have no interaction with the client user (or with
-the client process). Nor do the wrappers interact with the server
-application. This has two major advantages: 1) the wrappers are
-application-independent, so that the same program can protect many
-kinds of network services; 2) no interaction also means that the
-wrappers are invisible from outside (at least for authorized users).
-
-Another important property is that the wrapper programs are active only
-when the initial contact between client and server is established. Once
-a wrapper has done its work there is no overhead on the client-server
-conversation.
-
-The simple mechanism has one major drawback: the wrappers go away after
-the initial contact between client and server processes, so the
-wrappers are of little use with network daemons that service more than
-one client. The wrappers would only see the first client attempt to
-contact such a server. The NFS mount daemon is a typical example of a
-daemon that services requests from multiple clients. See the section on
-related software for ways to deal with such server programs.
-
-There are two ways to use the wrapper programs:
-
-1) The easy way: move network daemons to some other directory and fill
- the resulting holes with copies of the wrapper programs. This
- approach involves no changes to system configuration files, so there
- is very little risk of breaking things.
-
-2) The advanced way: leave the network daemons alone and modify the
- inetd configuration file. For example, an entry such as:
-
- tftp dgram udp wait root /usr/etc/tcpd in.tftpd -s /tftpboot
-
- When a tftp request arrives, inetd will run the wrapper program
- (tcpd) with a process name `in.tftpd'. This is the name that the
- wrapper will use when logging the request and when scanning the
- optional access control tables. `in.tftpd' is also the name of the
- server program that the wrapper will attempt to run when all is
- well. Any arguments (`-s /tftpboot' in this particular example) are
- transparently passed on to the server program.
-
-For an account of the history of the wrapper programs, with real-life
-examples, see the section below on related documents.
-
-3.2 - Where the logging information goes
-----------------------------------------
-
-The wrapper programs send their logging information to the syslog
-daemon (syslogd). The disposition of the wrapper logs is determined by
-the syslog configuration file (usually /etc/syslog.conf). Messages are
-written to files, to the console, or are forwarded to a @loghost. Some
-syslogd versions can even forward messages down a |pipeline.
-
-Older syslog implementations (still found on Ultrix systems) only
-support priority levels ranging from 9 (debug-level messages) to 0
-(alerts). All logging information of the specified priority level or
-more urgent is written to the same destination. In the syslog.conf
-file, priority levels are specified in numerical form. For example,
-
- 8/usr/spool/mqueue/syslog
-
-causes all messages with priority 8 (informational messages), and
-anything that is more urgent, to be appended to the file
-/usr/spool/mqueue/syslog.
-
-Newer syslog implementations support message classes in addition to
-priority levels. Examples of message classes are: mail, daemon, auth
-and news. In the syslog.conf file, priority levels are specified with
-symbolic names: debug, info, notice, ..., emerg. For example,
-
- mail.debug /var/log/syslog
-
-causes all messages of class mail with priority debug (or more urgent)
-to be appended to the /var/log/syslog file.
-
-By default, the wrapper logs go to the same place as the transaction
-logs of the sendmail daemon. The disposition can be changed by editing
-the Makefile and/or the syslog.conf file. Send a `kill -HUP' to the
-syslogd after changing its configuration file. Remember that syslogd,
-just like sendmail, insists on one or more TABs between the left-hand
-side and the right-hand side expressions in its configuration file.
-
-Solaris 2.x note: the syslog daemon depends on the m4 macro processor.
-The m4 program is installed as part of the software developer packages.
-
-Trouble shooting note: when the syslogging does not work as expected,
-run the program by hand (`syslogd -d') and see what really happens.
-
-4 - Features
-------------
-
-4.1 - Access control
---------------------
-
-When compiled with -DHOSTS_ACCESS, the wrapper programs support a
-simple form of access control. Access can be controlled per host, per
-service, or combinations thereof. The software provides hooks for the
-execution of shell commands when an access control rule fires; this
-feature may be used to install "booby traps". For details, see the
-hosts_access.5 manual page, which is in `nroff -man' format. A later
-section describes how you can test your access control rules.
-
-Access control can also be used to connect clients to the "right"
-service. What is right may depend on the requested service, the origin
-of the request, and what host address the client connects to. Examples:
-
-(1) A gopher or www database speaks native language when contacted from
- within the country, otherwise it speaks English.
-
-(2) A service provider offers different ftp, gopher or www services
- with different internet hostnames from one host (section 4.6).
-
-Access control is enabled by default. It can be turned off by editing
-the Makefile, or by providing no access control tables. The install
-instructions below describe the Makefile editing process.
-
-The hosts_options.5 manual page (`nroff -man' format) documents an
-extended version of the access control language. The extensions are
-disabled by default. See the section below on language extensions.
-
-Later System V implementations provide the Transport Level Interface
-(TLI), a network programming interface that performs functions similar
-to the Berkeley socket programming interface. Like Berkeley sockets,
-TLI was designed to cover multiple protocols, not just Internet.
-
-When the wrapper discovers that the TLI interface sits on top of a
-TCP/IP or UDP/IP conversation it uses this knowledge to provide the
-same functions as with traditional socket-based applications. When
-some other protocol is used underneath TLI, the host address will be
-some universal magic cookie that may not even be usable for access
-control purposes.
-
-4.2 - Host name spoofing
-------------------------
-
-With some network applications, such as RSH or RLOGIN, the client host
-name plays an important role in the authentication process. Host name
-information can be reliable when lookups are done from a _local_ hosts
-table, provided that the client IP address can be trusted.
-
-With _distributed_ name services, authentication schemes that rely on
-host names become more problematic. The security of your system now may
-depend on some far-away DNS (domain name server) outside your own
-control.
-
-The wrapper programs verify the client host name that is returned by
-the address->name DNS server, by asking for a second opinion. To this
-end, the programs look at the name and addresses that are returned by
-the name->address DNS server, which may be an entirely different host.
-
-If any name or address discrepancies are found, or if the second DNS
-opinion is not available, the wrappers assume that one of the two name
-servers is lying, and assume that the client host pretends to have
-someone elses host name.
-
-When compiled with -DPARANOID, the wrappers will always attempt to look
-up and double check the client host name, and will always refuse
-service in case of a host name/address discrepancy. This is a
-reasonable policy for most systems.
-
-When compiled without -DPARANOID, the wrappers by default still perform
-hostname lookup. You can match hosts with a name/address discrepancy
-with the PARANOID wildcard and decide whether or not to grant service.
-
-Automatic hostname verification is enabled by default. Automatic
-hostname lookups and verification can be turned off by editing the
-Makefile. The configuration and installation section below describes
-the Makefile editing process.
-
-4.3 - Host address spoofing
----------------------------
-
-While host name spoofing can be found out by asking a second opinion,
-it is much harder to find out that a host claims to have someone elses
-network address. And since host names are deduced from network
-addresses, address spoofing is at least as effective as name spoofing.
-
-The wrapper programs can give additional protection against hosts that
-claim to have an address that lies outside their own network. For
-example, some far-away host that claims to be a trusted host within
-your own network. Such things are possible even while the impersonated
-system is up and running.
-
-This additional protection is not an invention of my own; it has been
-present for at least five years in the BSD rsh and rlogin daemons.
-Unfortunately, that feature was added *after* 4.3 BSD came out, so that
-very few, if any, UNIX vendors have adopted it. Our site, and many
-other ones, has been running these enhanced daemons for several years,
-and without any ill effects.
-
-When the wrapper programs are compiled with -DKILL_IP_OPTIONS, the
-programs refuse to service TCP connections with IP source routing
-options. -DKILL_IP_OPTIONS is not needed on modern UNIX systems
-that can stop source-routed traffic in the kernel. Examples are
-4.4BSD derivatives, Solaris 2.x, and Linux. See your system manuals
-for details.
-
-If you are going to use this feature on SunOS 4.1.x you should apply
-patch 100804-03+ or 101790-something depending on your SunOS version.
-Otherwise you may experience "BAD TRAP" and "Data fault" panics when
-the getsockopt() system call is executed after a TCP RESET has been
-received. This is a kernel bug, it is not the fault of the wrappers.
-
-The feature is disabled by default. It can be turned on by editing the
-Makefile. The configuration and installation section below describes
-the Makefile editing process.
-
-UDP services do not benefit from this additional protection. With UDP,
-all you can be certain of is the network packet's destination address.
-
-4.4 - Client username lookups
------------------------------
-
-The protocol proposed in RFC 931 provides a means to obtain the client
-user name from the client host. The requirement is that the client
-host runs an RFC 931-compliant daemon. The information provided by such
-a daemon is not intended to be used for authentication purposes, but it
-can provide additional information about the owner of a TCP connection.
-
-The RFC 931 protocol has diverged into different directions (IDENT,
-TAP, RFC 1413). To add to the confusion, they all use the same network
-port. The daemon wrappers implement a common subset of the protocols.
-
-There are some limitations: the number of hosts that run an RFC 931 (or
-compatible) daemon is limited (but growing); client user name lookups
-do not work for datagram (UDP) services. More seriously, client user
-name lookups can cause noticeable delays with connections from non-UNIX
-PCs. Recent PC software seem to have fixed this (for example NCSA
-telnet). The wrappers use a 10-second timeout for RFC931 lookups, to
-accommodate slow networks and slow hosts.
-
-By default, the wrappers will do username lookup only when the access
-control rules require them to do so (via user@host client patterns, see
-the hosts_access.5 manual page) or when the username is needed for
-%<letter> expansions.
-
-You can configure the wrappers to always perform client username
-lookups, by editing the Makefile. The client username lookup timeout
-period (10 seconds default) can be changed by editing the Makefile. The
-installation sections below describe the Makefile editing process.
-
-On System V with TLI-based network services, client username lookups
-will be possible only when the underlying network protocol is TCP/IP.
-
-4.5 - Language extensions
--------------------------
-
-The wrappers sport only a limited number of features. This is for a
-good reason: programs that run at high privilege levels must be easy to
-verify. And the smaller a program, the easier to verify. There is,
-however, a provision to add features.
-
-The options.c module provides a framework for language extensions.
-Quite a few extensions have already been implemented; they are
-documented in the hosts_options.5 document, which is in `nroff -man'
-format. Examples: changing the severity level at which a request for
-service is logged; "allow" and "deny" keywords; running a customized
-server instead of the standard one; many others.
-
-The language extensions are not enabled by default because they
-introduce an incompatible change to the access control language
-syntax. Instructions to enable the extensions are given in the
-Makefile.
-
-4.6 - Multiple ftp/gopher/www archives on one host
---------------------------------------------------
-
-Imagine one host with multiple internet addresses. These addresses do
-not need to have the same internet hostname. Thus, it is possible to
-offer services with different internet hostnames from just one host.
-
-Service providers can use this to offer organizations a presence on the
-"net" with their own internet hostname, even when those organizations
-aren't connected to the Internet at all. To the end user it makes no
-difference, because applications use internet hostnames.
-
-There are several ways to assign multiple addresses to one machine.
-The nice way is to take an existing network interface and to assign
-additional internet addresses with the `ifconfig' command. Examples:
-
- Solaris 2: ifconfig le0:1 <address> netmask <mask> up
- 4.4 BSD: ifconfig en0 alias <address> netmask <mask>
-
-On other systems one has to increase the number of network interfaces:
-either with hardware interfaces, or with pseudo interfaces like SLIP or
-PPP. The interfaces do not need to be attached to anything. They just
-need to be up and to be assigned a suitable internet address and mask.
-
-With the wrapper software, `daemon@host' access control patterns can be
-used to distinguish requests by the network address that they are aimed
-at. Judicious use of the `twist' option (see the hosts_options.5 file,
-`nroff -man' format) can guide the requests to the right server. These
-can be servers that live in separate chroot areas, or servers modified
-to take additional context from the command line, or a combination.
-
-Another way is to modify gopher or www listeners so that they bind to
-only one specific network address. Multiple gopher or www servers can
-then be run side by side, each taking requests sent to its respective
-network address.
-
-4.7 - Banner messages
----------------------
-
-Some sites are required to present an informational message to users
-before they attempt to login. Banner messages can also be useful when
-denying service: instead of simply dropping the connection a polite
-explanation is given first. Finally, banners can be used to give your
-system a more personal touch.
-
-The wrapper software provides easy-to-use tools to generate pre-login
-banners for ftp, telnet, rlogin etc. from a single prototype banner
-textfile. Details on banners and on-the-fly %<letter> expansions are
-given in the hosts_options.5 manual page (`nroff -man' format). An
-example is given in the file Banners.Makefile.
-
-In order to support banner messages the wrappers have to be built with
-language extensions enabled. See the section on language extensions.
-
-4.8 - Sequence number guessing
-------------------------------
-
-Recently, systems came under attack from intruders that exploited a
-well-known weakness in TCP/IP sequence number generators. This
-weakness allows intruders to impersonate trusted hosts. Break-ins have
-been reported via the rsh service. In fact, any network service can be
-exploited that trusts the client host name or address.
-
-A long-term solution is to stop using network services that trust the
-client host name or address, and to use data encryption instead.
-
-A short-term solution, as outlined in in CERT advisory CA-95:01, is to
-configure network routers so that they discard datagrams from "outside"
-with an "inside" source address. This approach is most fruitful when
-you do not trust any hosts outside your local network.
-
-The IDENT (RFC931 etc.) client username lookup protocol can help to
-detect host impersonation attacks. Before accepting a client request,
-the wrappers can query the client's IDENT server and find out that the
-client never sent that request.
-
-When the client host provides IDENT service, a negative IDENT lookup
-result (the client matches `UNKNOWN@host') is strong evidence of a host
-impersonation attack.
-
-A positive IDENT lookup result (the client matches `KNOWN@host') is
-less trustworthy. It is possible for an attacker to spoof both the
-client request and the IDENT lookup connection, although doing so
-should be much harder than spoofing just a client request. Another
-possibility is that the client's IDENT server is lying.
-
-Client username lookups are described in more detail in a previous
-section. Pointers to IDENT daemon software are described in the section
-on related software.
-
-5 - Other works
----------------
-
-5.1 - Related documents
------------------------
-
-The war story behind the tcp wrapper tools is described in:
-
- W.Z. Venema, "TCP WRAPPER, network monitoring, access control and
- booby traps", UNIX Security Symposium III Proceedings (Baltimore),
- September 1992.
-
- ftp.win.tue.nl:/pub/security/tcp_wrapper.ps.Z (postscript)
- ftp.win.tue.nl:/pub/security/tcp_wrapper.txt.Z (flat text)
-
-The same cracker is also described in:
-
- W.R. Cheswick, "An Evening with Berferd, In Which a Cracker is
- Lured, Endured, and Studied", Proceedings of the Winter USENIX
- Conference (San Francisco), January 1992.
-
- research.att.com:/dist/internet_security/berferd.ps
-
-An updated version of the latter paper appeared in:
-
- W.R. Cheswick, S.M. Bellovin, "Firewalls and Internet Security",
- Addison-Wesley, 1994.
-
-Discussions on internet firewalls are archived on ftp.greatcircle.com.
-Subscribe to the mailing list by sending a message to
-
- majordomo@greatcircle.com
-
-With in the body (not subject): subscribe firewalls.
-
-5.2 - Related software
-----------------------
-
-Network daemons etc. with enhanced logging capabilities can generate
-massive amounts of information: our 150+ workstations generate several
-hundred kbytes each day. egrep-based filters can help to suppress some
-of the noise. A more powerful tool is the Swatch monitoring system by
-Stephen E. Hansen and E. Todd Atkins. Swatch can process log files in
-real time and can associate arbitrary actions with patterns; its
-applications are by no means restricted to security. Swatch is
-available ftp.stanford.edu, directory /general/security-tools/swatch.
-
-Socks, described in the UNIX Security III proceedings, can be used to
-control network traffic from hosts on an internal network, through a
-firewall host, to the outer world. Socks consists of a daemon that is
-run on the firewall host, and of a library with routines that redirect
-application socket calls through the firewall daemon. Socks is
-available from s1.gov in /pub/firewalls/socks.tar.Z.
-
-For a modified Socks version by Ying-Da Lee (ylee@syl.dl.nec.com) try
-ftp.nec.com, directory /pub/security/socks.cstc.
-
-Tcpr is a set of perl scripts by Paul Ziemba that enable you to run ftp
-and telnet commands across a firewall. Unlike socks it can be used with
-unmodified client software. Available from ftp.alantec.com, /pub/tcpr.
-
-The TIS firewall toolkit provides a multitude of tools to build your
-own internet firewall system. ftp.tis.com, directory /pub/firewalls.
-
-Versions of rshd and rlogind, modified to report the client user name
-in addition to the client host name, are available for anonymous ftp
-(ftp.win.tue.nl:/pub/security/logdaemon-XX.tar.Z). These programs are
-drop-in replacements for SunOS 4.x, Ultrix 4.x, SunOS 5.x and HP-UX
-9.x. This archive also contains ftpd/rexecd/login versions that support
-S/Key or SecureNet one-time passwords in addition to traditional UNIX
-reusable passwords.
-
-The securelib shared library by William LeFebvre can be used to control
-access to network daemons that are not run under control of the inetd
-or that serve more than one client, such as the NFS mount daemon that
-runs until the machine goes down. Available from eecs.nwu.edu, file
-/pub/securelib.tar.
-
-xinetd (posted to comp.sources.unix) is an inetd replacement that
-provides, among others, logging, username lookup and access control.
-However, it does not support the System V TLI services, and involves
-much more source code than the daemon wrapper programs. Available
-from ftp.uu.net, directory /usenet/comp.sources.unix.
-
-netlog from Texas A&M relies on the SunOS 4.x /dev/nit interface to
-passively watch all TCP and UDP network traffic on a network. The
-current version is on net.tamu.edu in /pub/security/TAMU.
-
-Where shared libraries or router-based packet filtering are not an
-option, an alternative portmap daemon can help to prevent hackers
-from mounting your NFS file systems using the proxy RPC facility.
-ftp.win.tue.nl:/pub/security/portmap-X.shar.Z was tested with SunOS
-4.1.X Ultrix 3.0 and Ultrix 4.x, HP-UX 8.x and some version of AIX. The
-protection is less effective than that of the securelib library because
-portmap is mostly a dictionary service.
-
-An rpcbind replacement (the Solaris 2.x moral equivalent of portmap)
-can be found on ftp.win.tue.nl in /pub/security. It prevents hackers
-from mounting your NFS file systems by using the proxy RPC facility.
-
-Source for a portable RFC 931 (TAP, IDENT, RFC 1413) daemon by Peter
-Eriksson is available from ftp.lysator.liu.se:/pub/ident/servers.
-
-Some TCP/IP implementations come without syslog library. Some come with
-the library but have no syslog daemon. A replacement can be found in
-ftp.win.tue.nl:/pub/security/surrogate-syslog.tar.Z. The fakesyslog
-library that comes with the nntp sources reportedly works well, too.
-
-6 - Limitations
----------------
-
-6.1 - Known wrapper limitations
--------------------------------
-
-Many UDP (and rpc/udp) daemons linger around for a while after they
-have serviced a request, just in case another request comes in. In the
-inetd configuration file these daemons are registered with the `wait'
-option. Only the request that started such a daemon will be seen by the
-wrappers. Such daemons are better protected with the securelib shared
-library (see: Related software).
-
-The wrappers do not work with RPC services over TCP. These services are
-registered as rpc/tcp in the inetd configuration file. The only non-
-trivial service that is affected by this limitation is rexd, which is
-used by the on(1) command. This is no great loss. On most systems,
-rexd is less secure than a wildcard in /etc/hosts.equiv.
-
-Some RPC requests (for example: rwall, rup, rusers) appear to come from
-the server host. What happens is that the client broadcasts its request
-to all portmap daemons on its network; each portmap daemon forwards the
-request to a daemon on its own system. As far as the rwall etc. daemons
-know, the request comes from the local host.
-
-Portmap and RPC (e.g. NIS and NFS) (in)security is a topic in itself.
-See the section in this document on related software.
-
-6.2 - Known system software bugs
---------------------------------
-
-Workarounds have been implemented for several bugs in system software.
-They are described in the Makefile. Unfortunately, some system software
-bugs cannot be worked around. The result is loss of functionality.
-
-IRIX has so many bugs that it has its own README.IRIX file.
-
-Older ConvexOS versions come with a broken recvfrom(2) implementation.
-This makes it impossible for the daemon wrappers to look up the
-client host address (and hence, the name) in case of UDP requests.
-A patch is available for ConvexOS 10.1; later releases should be OK.
-
-With early Solaris (SunOS 5) versions, the syslog daemon will leave
-behind zombie processes when writing to logged-in users. Workaround:
-increase the syslogd threshold for logging to users, or reduce the
-wrapper's logging severity.
-
-On some systems, the optional RFC 931 etc. client username lookups may
-trigger a kernel bug. When a client host connects to your system, and
-the RFC 931 connection from your system to that client is rejected by a
-router, your kernel may drop all connections with that client. This is
-not a bug in the wrapper programs: complain to your vendor, and don't
-enable client user name lookups until the bug has been fixed.
-
-Reportedly, SunOS 4.1.1, Next 2.0a, ISC 3.0 with TCP 1.3, and AIX 3.2.2
-and later are OK.
-
-Sony News/OS 4.51, HP-UX 8-something and Ultrix 4.3 still have the bug.
-Reportedly, a fix for Ultrix is available (CXO-8919).
-
-The following procedure can be used (from outside the tue.nl domain) to
-find out if your kernel has the bug. From the system under test, do:
-
- % ftp 131.155.70.19
-
-This command attempts to make an ftp connection to our anonymous ftp
-server (ftp.win.tue.nl). When the connection has been established, run
-the following command from the same system under test, while keeping
-the ftp connection open:
-
- % telnet 131.155.70.19 111
-
-Do not forget the `111' at the end of the command. This telnet command
-attempts to connect to our portmap process. The telnet command should
-fail with: "host not reachable", or with a timeout error. If your ftp
-connection gets messed up, you have the bug. If the telnet command does
-not fail, please let me know a.s.a.p.!
-
-For those who care, the bug is that the BSD kernel code was not careful
-enough with incoming ICMP UNREACHABLE control messages (it ignored the
-local and remote port numbers, and therefore zapped *all* connections
-with the remote system). The bug is still present in the BSD NET/1
-source release (1989) but apparently has been fixed in BSD NET/2 (1991).
-
-7 - Configuration and installation
-----------------------------------
-
-7.1 - Easy configuration and installation
------------------------------------------
-
-The "easy" recipe requires no changes to existing software or
-configuration files. Basically, you move the daemons that you want to
-protect to a different directory and plug the resulting holes with
-copies of the wrapper programs.
-
-If you don't run Ultrix, you won't need the miscd wrapper program. The
-miscd daemon implements among others the SYSTAT service, which produces
-the same output as the WHO command.
-
-Type `make' and follow the instructions. The Makefile comes with
-ready-to-use templates for many common UNIX implementations (sun,
-ultrix, hp-ux, aix, irix,...).
-
-IRIX has so many bugs that it has its own README.IRIX file.
-
-When the `make' succeeds the result is five executables (six in case of
-Ultrix).
-
-You can use the `tcpdchk' program to identify the most common problems
-in your wrapper and inetd configuration files.
-
-With the `tcpdmatch' program you can examine how the wrapper would
-react to specific requests for service.
-
-The `safe_finger' command should be used when you implement booby
-traps: it gives better protection against nasty stuff that remote
-hosts may do in response to your finger probes.
-
-The `try-from' program tests the host and username lookup code. Run it
-from a remote shell command (`rsh host /some/where/try-from') and it
-should be able to figure out from what system it is being called.
-
-The tcpd program can be used to monitor the telnet, finger, ftp, exec,
-rsh, rlogin, tftp, talk, comsat and other tcp or udp services that have
-a one-to-one mapping onto executable files.
-
-The tcpd program can also be used for services that are marked as
-rpc/udp in the inetd configuration file, but not for rpc/tcp services
-such as rexd. You probably do not want to run rexd anyway. On most
-systems it is even less secure than a wildcard in /etc/hosts.equiv.
-
-With System V.4-style systems, the tcpd program can also handle TLI
-services. When TCP/IP or UDP/IP is used underneath TLI, tcpd provides
-the same functions as with socket-based applications. When some other
-protocol is used underneath TLI, functionality will be limited (no
-client username lookups, weird network address formats).
-
-Decide which services you want to monitor. Move the corresponding
-vendor-provided daemon programs to the location specified by the
-REAL_DAEMON_DIR constant in the Makefile, and fill the holes with
-copies of the tcpd program. That is, one copy of (or link to) the tcpd
-program for each service that you want to monitor. For example, to
-monitor the use of your finger service:
-
- # mkdir REAL_DAEMON_DIR
- # mv /usr/etc/in.fingerd REAL_DAEMON_DIR
- # cp tcpd /usr/etc/in.fingerd
-
-The example applies to SunOS 4. With other UNIX implementations the
-network daemons live in /usr/libexec, /usr/sbin or in /etc, or have no
-"in." prefix to their names, but you get the idea.
-
-File protections: the wrapper, all files used by the wrapper, and all
-directories in the path leading to those files, should be accessible
-but not writable for unprivileged users (mode 755 or mode 555). Do not
-install the wrapper set-uid.
-
-Ultrix only: If you want to monitor the SYSTAT service, move the
-vendor-provided miscd daemon to the location specified by the
-REAL_DAEMON_DIR macro in the Makefile, and install the miscd wrapper
-at the original miscd location.
-
-In the absence of any access-control tables, the daemon wrappers
-will just maintain a record of network connections made to your system.
-
-7.2 - Advanced configuration and installation
----------------------------------------------
-
-The advanced recipe leaves your daemon executables alone, but involves
-simple modifications to the inetd configuration file.
-
-Type `make' and follow the instructions. The Makefile comes with
-ready-to-use templates for many common UNIX implementations (sun,
-ultrix, hp-ux, aix, irix, ...).
-
-IRIX users should read the warnings in the README.IRIX file first.
-
-When the `make' succeeds the result is five executables (six in case of
-Ultrix).
-
-You can use the `tcpdchk' program to identify the most common problems
-in your wrapper and inetd configuration files.
-
-With the `tcpdmatch' program you can examine how the wrapper would
-react to specific requests for service.
-
-The `try-from' program tests the host and username lookup code. Run it
-from a remote shell command (`rsh host /some/where/try-from') and it
-should be able to figure out from what system it is being called.
-
-The `safe_finger' command should be used when you implement a booby
-trap: it gives better protection against nasty stuff that remote hosts
-may do in response to your finger probes.
-
-The tcpd program can be used to monitor the telnet, finger, ftp, exec,
-rsh, rlogin, tftp, talk, comsat and other tcp or udp services that have
-a one-to-one mapping onto executable files.
-
-With System V.4-style systems, the tcpd program can also handle TLI
-services. When TCP/IP or UDP/IP is used underneath TLI, tcpd provides
-the same functions as with socket-based applications. When some other
-protocol is used underneath TLI, functionality will be limited (no
-client username lookups, weird network address formats).
-
-The tcpd program can also be used for services that are marked as
-rpc/udp in the inetd configuration file, but not for rpc/tcp services
-such as rexd. You probably do not want to run rexd anyway. On most
-systems it is even less secure than a wildcard in /etc/hosts.equiv.
-
-Install the tcpd command in a suitable place. Apollo UNIX users will
-want to install it under a different name because the name "tcpd" is
-already taken; a suitable name would be "frontd".
-
-File protections: the wrapper, all files used by the wrapper, and all
-directories in the path leading to those files, should be accessible
-but not writable for unprivileged users (mode 755 or mode 555). Do not
-install the wrapper set-uid.
-
-Then perform the following edits on the inetd configuration file
-(usually /etc/inetd.conf or /etc/inet/inetd.conf):
-
- finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd
- ^^^^^^^^^^^^^^^^^^^
-becomes:
-
- finger stream tcp nowait nobody /usr/etc/tcpd in.fingerd
- ^^^^^^^^^^^^^
-Send a `kill -HUP' to the inetd process to make the change effective.
-Some IRIX inetd implementations require that you first disable the
-finger service (comment out the finger service and `kill -HUP' the
-inetd) before you can turn on the modified version. Sending a HUP
-twice seems to work just as well for IRIX 5.3, 6.0, 6.0.1 and 6.1.
-
-AIX note: you may have to execute the `inetimp' command after changing
-the inetd configuration file.
-
-The example applies to SunOS 4. With other UNIX implementations the
-network daemons live in /usr/libexec, /usr/sbin, or /etc, the network
-daemons have no "in." prefix to their names, or the username field in
-the inetd configuration file may be missing.
-
-When the finger service works as expected you can perform similar
-changes for other network services. Do not forget the `kill -HUP'.
-
-The miscd daemon that comes with Ultrix implements several network
-services. It decides what to do by looking at its process name. One of
-the services is systat, which is a kind of limited finger service. If
-you want to monitor the systat service, install the miscd wrapper in a
-suitable place and update the inetd configuration file:
-
- systat stream tcp nowait /suitable/place/miscd systatd
-
-Ultrix 4.3 allows you to specify a user id under which the daemon will
-be executed. This feature is not documented in the manual pages. Thus,
-the example would become:
-
- systat stream tcp nowait nobody /suitable/place/miscd systatd
-
-Older Ultrix systems still run all their network daemons as root.
-
-In the absence of any access-control tables, the daemon wrappers
-will just maintain a record of network connections made to your system.
-
-7.3 - Daemons with arbitrary path names
----------------------------------------
-
-The above tcpd examples work fine with network daemons that live in a
-common directory, but sometimes that is not practical. Having soft
-links all over your file system is not a clean solution, either.
-
-Instead you can specify, in the inetd configuration file, an absolute
-path name for the daemon process name. For example,
-
- ntalk dgram udp wait root /usr/etc/tcpd /usr/local/lib/ntalkd
-
-When the daemon process name is an absolute path name, tcpd ignores the
-value of the REAL_DAEMON_DIR constant, and uses the last path component
-of the daemon process name for logging and for access control.
-
-7.4 - Building and testing the access control rules
----------------------------------------------------
-
-In order to support access control the wrappers must be compiled with
-the -DHOSTS_ACCESS option. The access control policy is given in the
-form of two tables (default: /etc/hosts.allow and /etc/hosts.deny).
-Access control is disabled when there are no access control tables, or
-when the tables are empty.
-
-If you haven't used the wrappers before I recommend that you first run
-them a couple of days without any access control restrictions. The
-logfile records should give you an idea of the process names and of the
-host names that you will have to build into your access control rules.
-
-The syntax of the access control rules is documented in the file
-hosts_access.5, which is in `nroff -man' format. This is a lengthy
-document, and no-one expects you to read it right away from beginning
-to end. Instead, after reading the introductory section, skip to the
-examples at the end so that you get a general idea of the language.
-Then you can appreciate the detailed reference sections near the
-beginning of the document.
-
-The examples in the hosts_access.5 document (`nroff -man' format) show
-two specific types of access control policy: 1) mostly closed (only
-permitting access from a limited number of systems) and 2) mostly open
-(permitting access from everyone except a limited number of trouble
-makers). You will have to choose what model suits your situation best.
-Implementing a mixed policy should not be overly difficult either.
-
-Optional extensions to the access control language are described in the
-hosts_options.5 document (`nroff -man' format).
-
-The `tcpdchk' program examines all rules in your access control files
-and reports any problems it can find. `tcpdchk -v' writes to standard
-output a pretty-printed list of all rules. `tcpdchk -d' examines the
-hosts.access and hosts.allow files in the current directory. This
-program is described in the tcpdchk.8 document (`nroff -man' format).
-
-The `tcpdmatch' command can be used to try out your local access
-control files. The command syntax is:
-
- tcpdmatch process_name hostname (e.g.: tcpdmatch in.tftpd localhost)
-
- tcpdmatch process_name address (e.g.: tcpdmatch in.tftpd 127.0.0.1)
-
-This way you can simulate what decisions will be made, and what actions
-will be taken, when hosts connect to your own system. The program is
-described in the tcpdmatch.8 document (`nroff -man' format).
-
-Note 1: `tcpdmatch -d' will look for hosts.{allow,deny} tables in the
-current working directory. This is useful for testing new rules without
-bothering your users.
-
-Note 2: you cannot use the `tcpdmatch' command to simulate what happens
-when the local system connects to other hosts.
-
-In order to find out what process name to use, just use the service and
-watch the process name that shows up in the logfile. Alternatively,
-you can look up the name from the inetd configuration file. Coming back
-to the tftp example in the tutorial section above:
-
- tftp dgram udp wait root /usr/etc/tcpd in.tftpd -s /tftpboot
-
-This entry causes the inetd to run the wrapper program (tcpd) with a
-process name `in.tftpd'. This is the name that the wrapper will use
-when scanning the access control tables. Therefore, `in.tftpd' is the
-process name that should be given to the `tcpdmatch' command. On your
-system the actual inetd.conf entry may differ (tftpd instead of
-in.tftpd, and no `root' field), but you get the idea.
-
-When you specify a host name, the `tcpdmatch' program will use both the
-host name and address. This way you can simulate the most common case
-where the wrappers know both the host address and the host name. The
-`tcpdmatch' program will iterate over all addresses that it can find
-for the given host name.
-
-When you specify a host address instead of a host name, the `tcpdmatch'
-program will pretend that the host name is unknown, so that you can
-simulate what happens when the wrapper is unable to look up the client
-host name.
-
-7.5 - Other applications
-------------------------
-
-The access control routines can easily be integrated with other
-programs. The hosts_access.3 manual page (`nroff -man' format)
-describes the external interface of the libwrap.a library.
-
-The tcpd program can even be used to control access to the mail
-service. This can be useful when you suspect that someone is trying
-out some obscure sendmail bug, or when a remote site is misconfigured
-and keeps hammering your mail daemon.
-
-In that case, sendmail should not be run as a stand-alone network
-listener, but it should be registered in the inetd configuration file.
-For example:
-
- smtp stream tcp nowait root /usr/etc/tcpd /usr/lib/sendmail -bs
-
-You will still need to run one sendmail background process to handle
-queued-up outgoing mail. A command like:
-
- /usr/lib/sendmail -q15m
-
-(no `-bd' flag) should take care of that. You cannot really prevent
-people from posting forged mail this way, because there are many
-unprotected smtp daemons on the network.
-
-8 - Acknowledgements
---------------------
-
-Many people contributed to the evolution of the programs, by asking
-inspiring questions, by suggesting features or bugfixes, or by
-submitting source code. Nevertheless, all mistakes and bugs in the
-wrappers are my own.
-
-Thanks to Brendan Kehoe (cs.widener.edu), Heimir Sverrisson (hafro.is)
-and Dan Bernstein (kramden.acf.nyu.edu) for feedback on an early
-release of this product. The host name/address check was suggested by
-John Kimball (src.honeywell.com). Apollo's UNIX environment has some
-peculiar quirks: Willem-Jan Withagen (eb.ele.tue.nl), Pieter
-Schoenmakers (es.ele.tue.nl) and Charles S. Fuller (wccs.psc.edu)
-provided assistance. Hal R. Brand (addvax.llnl.gov) told me how to
-get the client IP address in case of datagram-oriented services, and
-suggested the optional shell command feature. Shabbir Safdar
-(mentor.cc.purdue.edu) provided a first version of a much-needed manual
-page. Granville Boman Goza, IV (sei.cmu.edu) suggested to use the
-client IP address even when the host name is available. Casper H.S.
-Dik (fwi.uva.nl) provided additional insight into DNS spoofing
-techniques. The bogus daemon feature was inspired by code from Andrew
-Macpherson (BNR Europe Ltd). Steve Bellovin (research.att.com)
-confirmed some of my suspicions about the darker sides of TCP/IP
-insecurity. Risks of automated fingers were pointed out by Borja Marcos
-(we.lc.ehu.es). Brad Plecs (jhuspo.ca.jhu.edu) was kind enough to try
-my early TLI code and to work out how DG/UX differs from Solaris.
-
-John P. Rouillard (cs.umb.edu) deserves special mention for his
-persistent, but constructive, nagging about wrong or missing things,
-and for trying out and discussing embryonic code or ideas.
-
-Last but not least, Howard Chu (hanauma.jpl.nasa.gov), Darren Reed
-(coombs.anu.edu.au), Icarus Sparry (gdr.bath.ac.uk), Scott Schwartz
-(cs.psu.edu), John A. Kunze (violet.berkeley.edu), Daniel Len Schales
-(engr.latech.edu), Chris Turbeville (cse.uta.edu), Paul Kranenburg
-(cs.few.eur.nl), Marc Boucher (cam.org), Dave Mitchell
-(dcs.shef.ac.uk), Andrew Maffei, Adrian van Bloois, Rop Gonggrijp, John
-C. Wingenbach, Everett F. Batey and many, many others provided fixes,
-code fragments, or ideas for improvements.
-
- Wietse Venema (wietse@wzv.win.tue.nl)
- Department of Mathematics and Computing Science
- Eindhoven University of Technology
- P.O. Box 513
- 5600 MB Eindhoven
- The Netherlands
-
- Currently visiting IBM T.J. Watson Research, Hawthorne NY, USA.
diff --git a/usr/src/cmd/tcpd/README.IRIX b/usr/src/cmd/tcpd/README.IRIX
deleted file mode 100644
index 56d2beafaa..0000000000
--- a/usr/src/cmd/tcpd/README.IRIX
+++ /dev/null
@@ -1,54 +0,0 @@
-@(#) README.IRIX 1.2 94/12/28 18:45:58
-
-In the past few months I received several messages with questions from
-people that tried to use my tcp wrapper on IRIX 5.x. Some mysteries
-could be solved via email, and then some remained.
-
-Today I finally had a chance to do some tests on someones IRIX 5.2
-system. Here is my first-hand experience with wrapper release 6.3.
-
-(1) Inetd is broken. Normally one edits inetd.conf, sends a HUP signal
- to inetd and that's it. With IRIX evil things happen: inetd is too
- stupid to remember that it is already listening on a port.
-
- In order to modify an entry in inetd.conf, first comment it out
- with a # at the beginning of the line, kill -HUP the inetd, then
- uncomment the inetd.conf entry and kill -HUP again.
-
- Even with this amount of care I have seen inetd messing up, like
- calling rusersd when I make a talk connection. Even killing and
- restarting inetd does not solve all problems.
-
- I find it hard to believe, it but the best thing to do with IRIX is
- to reboot after changing inetd.conf.
-
-(2) When tcpd is built according to the irix4 Makefile rules, it
- appears to work as expected with TCP-based services such as
- fingerd, and with UDP-based services such as ntalk and tftp.
-
-(3) It does NOT work with RPC over UDP services such as rusersd and
- rstatd: the wrapper hangs in the recvfrom() system call, and I
- have spent several hours looking for ways to work around it. No
- way. After finding that none of the applicable socket primitives
- can be made to work (recvfrom recvmsg) I give up. So, the IRIX RPC
- services cannot be wrapped until SGI fixes their system so that it
- works like everyone elses code (HP Sun Dec AIX and so on).
-
-(4) I didn't even bother to try the RPC over TCP services.
-
-(5) When an IRIX 5.2 system is a NIS client, it can have problems with
- hosts that have more than one address: the wrapper will see only
- one address, and may complain when PARANOID mode is on. The fix is
- to change the name service lookup order in /etc/resolv.conf so that
- your system tries DNS before NIS (hostresorder bind nis local).
-
-(6) IRIX 5.2 is not System V.4, and it shows. Do not link with the
- -lsocket and -lnsl libraries. They are completely broken, and the
- wrapper will be unable to figure out the client internet address.
- So, TLI services cannot be wrapped until SGI fixes their system so
- that it works the way it is supposed to.
-
-I am not impressed by the quality of the IRIX system software. There
-are many things that work on almost every other system except with IRIX.
-
- Wietse
diff --git a/usr/src/cmd/tcpd/README.NIS b/usr/src/cmd/tcpd/README.NIS
deleted file mode 100644
index 34d39e27cf..0000000000
--- a/usr/src/cmd/tcpd/README.NIS
+++ /dev/null
@@ -1,207 +0,0 @@
-@(#) README.NIS 1.2 96/02/11 17:24:52
-
-> Problem: I have several [machines] with multiple IP addresses, and
-> when they try to connect to a daemon with tcp wrapper, they are often
-> rejected. I assume this is due to the -DPARANOID option, and depends
-> on which IP address is returned first from the nameserver for a given
-> name. This behavior seems to be random, may depend on ordering in
-> the YP host map?
-
-[Note: the situation described below no longer exists. Presently, my
-internet gateway uses the same IP address on all interfaces. To avoid
-confusion I have removed the old name wzv-gw.win.tue.nl from the DNS. I
-have kept the discussion below for educational reasons].
-
-NIS was not designed to handle multi-homed hosts. With NIS, each
-address should have its own hostname. For example, wzv-gw is my
-gateway. It has two interfaces: one connected to the local ethernet,
-the other to a serial link. In the NIS it is registered as:
-
- 131.155.210.23 wzv-gw-ether
- 131.155.12.78 wzv-gw-slip
-
-In principle, wzv-gw could be the official name of one of these
-interfaces, or it could be an alias for both.
-
-The DNS was designed to handle multi-homed hosts. In the DNS my gateway
-is registered in zone win.tue.nl, with one name that has two A records:
-
- wzv-gw IN A 131.155.210.23
- IN A 131.155.12.78
-
-And of course there are PTR records in zones 210.155.131.in-addr.arpa
-and 12.155.131.in-addr.arpa that point to wzv-gw.win.tue.nl.
-
-This setup does not cause any problems. You can test your name service
-with the two programs below. This is what they say on a local NIS client
-(both client and server running SunOS 4.1.3_U1):
-
- % gethostbyname wzv-gw
- Hostname: wzv-gw.win.tue.nl
- Aliases:
- Addresses: 131.155.210.23 131.155.12.78
-
- % gethostbyaddr 131.155.210.23
- Hostname: wzv-gw-ether
- Aliases:
- Addresses: 131.155.210.23
-
- % gethostbyaddr 131.155.12.78
- Hostname: wzv-gw-slip
- Aliases:
- Addresses: 131.155.12.78
-
-Things seem less confusing when seen by a NIS client in a different
-domain (both client and server running SunOS 4.1.3_U1):
-
- % gethostbyname wzv-gw.win.tue.nl
- Hostname: wzv-gw.win.tue.nl
- Aliases:
- Addresses: 131.155.210.23 131.155.12.78
-
- % gethostbyaddr 131.155.210.23
- Hostname: wzv-gw.win.tue.nl
- Aliases:
- Addresses: 131.155.12.78 131.155.210.23
-
- % gethostbyaddr 131.155.12.78
- Hostname: wzv-gw.win.tue.nl
- Aliases:
- Addresses: 131.155.210.23 131.155.12.78
-
-Alas, Solaris 2.4 still has problems. This is what I get on a Solaris
-2.4 NIS client, with a SunOS 4.1.3_U1 NIS server:
-
- % gethostbyname wzv-gw.win.tue.nl
- Hostname: wzv-gw.win.tue.nl
- Aliases: 131.155.210.23 wzv-gw.win.tue.nl
- Addresses: 131.155.12.78
-
-The tcpd source comes with a workaround for this problem. The
-workaround is ugly and is not part of the programs attached below.
-
-
-#! /bin/sh
-# This is a shell archive. Remove anything before this line, then unpack
-# it by saving it into a file and typing "sh file". To overwrite existing
-# files, type "sh file -c". You can also feed this as standard input via
-# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
-# will see the following message at the end:
-# "End of shell archive."
-# Contents: gethostbyaddr.c gethostbyname.c
-# Wrapped by wietse@wzv on Sun Jan 8 17:08:48 1995
-PATH=/bin:/usr/bin:/usr/ucb ; export PATH
-if test -f gethostbyaddr.c -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"gethostbyaddr.c\"
-else
-echo shar: Extracting \"gethostbyaddr.c\" \(1073 characters\)
-sed "s/^X//" >gethostbyaddr.c <<'END_OF_gethostbyaddr.c'
-X /*
-X * gethostbyaddr tester. compile with:
-X *
-X * cc -o gethostbyaddr gethostbyaddr.c (SunOS 4.x)
-X *
-X * cc -o gethostbyaddr gethostbyaddr.c -lnsl (SunOS 5.x)
-X *
-X * run as: gethostbyaddr address
-X *
-X * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-X */
-X
-X#include <sys/types.h>
-X#include <sys/socket.h>
-X#include <netinet/in.h>
-X#include <arpa/inet.h>
-X#include <netdb.h>
-X#include <stdio.h>
-X
-Xmain(argc, argv)
-Xint argc;
-Xchar **argv;
-X{
-X struct hostent *hp;
-X long addr;
-X
-X if (argc != 2) {
-X fprintf(stderr, "usage: %s i.p.addres\n", argv[0]);
-X exit(1);
-X }
-X addr = inet_addr(argv[1]);
-X if (hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET)) {
-X printf("Hostname:\t%s\n", hp->h_name);
-X printf("Aliases:\t");
-X while (hp->h_aliases[0])
-X printf("%s ", *hp->h_aliases++);
-X printf("\n");
-X printf("Addresses:\t");
-X while (hp->h_addr_list[0])
-X printf("%s ", inet_ntoa(*(struct in_addr *) * hp->h_addr_list++));
-X printf("\n");
-X exit(0);
-X }
-X fprintf(stderr, "host %s not found\n", argv[1]);
-X exit(1);
-X}
-END_OF_gethostbyaddr.c
-if test 1073 -ne `wc -c <gethostbyaddr.c`; then
- echo shar: \"gethostbyaddr.c\" unpacked with wrong size!
-fi
-# end of overwriting check
-fi
-if test -f gethostbyname.c -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"gethostbyname.c\"
-else
-echo shar: Extracting \"gethostbyname.c\" \(999 characters\)
-sed "s/^X//" >gethostbyname.c <<'END_OF_gethostbyname.c'
-X /*
-X * gethostbyname tester. compile with:
-X *
-X * cc -o gethostbyname gethostbyname.c (SunOS 4.x)
-X *
-X * cc -o gethostbyname gethostbyname.c -lnsl (SunOS 5.x)
-X *
-X * run as: gethostbyname hostname
-X *
-X * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-X */
-X#include <sys/types.h>
-X#include <sys/socket.h>
-X#include <netinet/in.h>
-X#include <arpa/inet.h>
-X#include <netdb.h>
-X#include <stdio.h>
-X
-Xmain(argc, argv)
-Xint argc;
-Xchar **argv;
-X{
-X struct hostent *hp;
-X
-X if (argc != 2) {
-X fprintf(stderr, "usage: %s hostname\n", argv[0]);
-X exit(1);
-X }
-X if (hp = gethostbyname(argv[1])) {
-X printf("Hostname:\t%s\n", hp->h_name);
-X printf("Aliases:\t");
-X while (hp->h_aliases[0])
-X printf("%s ", *hp->h_aliases++);
-X printf("\n");
-X printf("Addresses:\t");
-X while (hp->h_addr_list[0])
-X printf("%s ", inet_ntoa(*(struct in_addr *) * hp->h_addr_list++));
-X printf("\n");
-X exit(0);
-X } else {
-X fprintf(stderr, "host %s not found\n", argv[1]);
-X exit(1);
-X }
-X}
-END_OF_gethostbyname.c
-if test 999 -ne `wc -c <gethostbyname.c`; then
- echo shar: \"gethostbyname.c\" unpacked with wrong size!
-fi
-# end of overwriting check
-fi
-echo shar: End of shell archive.
-exit 0
diff --git a/usr/src/cmd/tcpd/README.ipv6 b/usr/src/cmd/tcpd/README.ipv6
deleted file mode 100644
index a13ecbfd43..0000000000
--- a/usr/src/cmd/tcpd/README.ipv6
+++ /dev/null
@@ -1,37 +0,0 @@
-The IPV6 code is enabled by uncommenting
-
-IPV6 = -DHAVE_IPV6
-
-Check your system specific make line for the entry IPV6="$(IPV6)"; it has not
-been added to most yet.
-
-The code was tested on Solaris 8 Beta. A single tcpd binary supports
-IPV6 and IPV4 sockets as well as TLI (v4/v6).
-
-The code successfully compiles on Solaris 7 + playground.sun.com IPV6 patch,
-but I have not tested the binary.
-
-The code also compiles on AIX using "-DHAVE_IPV6 -DUSE_GETHOSTBYNAME2"
-
-The KILL_IPOPTIONS option doesn't work. (Something to do with IPV4 addresses
-mapped inside IPV6 sockets)
-
-The code extends the hosts.{allow,deny} syntax in a minor way. You can
-now specify IPV6 address, like this:
-
- # Ipv6 numeric address
- someservice: [x:x:x::x]
- # Ipv6 network
- otherservice: [x:x:x::x/prefix]
-
-
-Note that the "[" and "]" are part of the syntax; no whitespace is allowed
-inside the [].
-
-The datastructures have been modified such that we hope that
-libwrap binary compatibility is maintained.
-
-The original tcp_wrappers-7.6 files have been renamed and have a .org
-extension; only this file (README.ipv6) was added.
-
-Casper Dik (Casper.Dik@Holland.Sun.COM)
diff --git a/usr/src/cmd/tcpd/README.sfw b/usr/src/cmd/tcpd/README.sfw
deleted file mode 100644
index bdaef58936..0000000000
--- a/usr/src/cmd/tcpd/README.sfw
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-#ident "%Z%%M% %I% %E% SMI"
-#
-# Copyright (c) 2001 by Sun Microsystems, Inc.
-# All rights reserved.
-#
-
-Built with the Sun Workshop Compilers.
-
-The Makefile has been edited to define the appropriate system parameters for
-Solaris 9 except for REAL_DAEMON_DIR which must be defined on the command
-line as below or by editing the Makefile. The sunos5 make target will build
-the Solaris compatible libwrap shared object and the executable programs
-including tcpd.
-
-There is no configure script. Instead unset the environment variable
-HOSTNAME and build using
-
- env \
- MAKE="/usr/ccs/bin/make -e" \
- /usr/ccs/bin/make -e \
- REAL_DAEMON_DIR=/usr/sbin \
- sunos5
-
-The header tcpd.h has been modified to define HAVE_IPV6, so that consumers of
-the file do not have to define HAVE_IPV6 and will always get data structures
-that are compatible with the libwrap.so.1 shipped with Solaris. HAVE_IPV6 is
-defined since this is the IPv6 version of tcp_wrappers and Solaris supports
-IPv6.
diff --git a/usr/src/cmd/tcpd/DISCLAIMER b/usr/src/cmd/tcpd/THIRDPARTYLICENSE
index 42d82ca775..aaf7be6528 100644
--- a/usr/src/cmd/tcpd/DISCLAIMER
+++ b/usr/src/cmd/tcpd/THIRDPARTYLICENSE
@@ -1,4 +1,3 @@
-/************************************************************************
* Copyright 1995 by Wietse Venema. All rights reserved. Some individual
* files may be covered by other copyrights.
*
@@ -13,4 +12,3 @@
* This software is provided "as is" and without any expressed or implied
* warranties, including, without limitation, the implied warranties of
* merchantibility and fitness for any particular purpose.
-************************************************************************/
diff --git a/usr/src/cmd/tcpd/environ.c b/usr/src/cmd/tcpd/environ.c
deleted file mode 100644
index e7f846ddd6..0000000000
--- a/usr/src/cmd/tcpd/environ.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Many systems have putenv() but no setenv(). Other systems have setenv()
- * but no putenv() (MIPS). Still other systems have neither (NeXT). This is a
- * re-implementation that hopefully ends all problems.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) environ.c 1.2 94/03/23 16:09:46";
-#endif
-
-/* System libraries. */
-
-extern char **environ;
-extern char *strchr();
-extern char *strcpy();
-extern char *strncpy();
-extern char *malloc();
-extern char *realloc();
-extern int strncmp();
-extern void free();
-
-#ifdef no_memcpy
-#define memcpy(d,s,l) bcopy(s,d,l)
-#else
-extern char *memcpy();
-#endif
-
-/* Local stuff. */
-
-static int addenv(); /* append entry to environment */
-
-static int allocated = 0; /* environ is, or is not, allocated */
-
-#define DO_CLOBBER 1
-
-/* namelength - determine length of name in "name=whatever" */
-
-static int namelength(name)
-char *name;
-{
- char *equal;
-
- equal = strchr(name, '=');
- return ((equal == 0) ? strlen(name) : (equal - name));
-}
-
-/* findenv - given name, locate name=value */
-
-static char **findenv(name, len)
-char *name;
-int len;
-{
- char **envp;
-
- for (envp = environ; envp && *envp; envp++)
- if (strncmp(name, *envp, len) == 0 && (*envp)[len] == '=')
- return (envp);
- return (0);
-}
-
-/* getenv - given name, locate value */
-
-char *getenv(name)
-char *name;
-{
- int len = namelength(name);
- char **envp = findenv(name, len);
-
- return (envp ? *envp + len + 1 : 0);
-}
-
-/* putenv - update or append environment (name,value) pair */
-
-int putenv(nameval)
-char *nameval;
-{
- char *equal = strchr(nameval, '=');
- char *value = (equal ? equal : "");
-
- return (setenv(nameval, value, DO_CLOBBER));
-}
-
-/* unsetenv - remove variable from environment */
-
-void unsetenv(name)
-char *name;
-{
- char **envp;
-
- if ((envp = findenv(name, namelength(name))) != 0)
- while (envp[0] = envp[1])
- envp++;
-}
-
-/* setenv - update or append environment (name,value) pair */
-
-int setenv(name, value, clobber)
-char *name;
-char *value;
-int clobber;
-{
- char *destination;
- char **envp;
- int l_name; /* length of name part */
- int l_nameval; /* length of name=value */
-
- /* Permit name= and =value. */
-
- l_name = namelength(name);
- envp = findenv(name, l_name);
- if (envp != 0 && clobber == 0)
- return (0);
- if (*value == '=')
- value++;
- l_nameval = l_name + strlen(value) + 1;
-
- /*
- * Use available memory if the old value is long enough. Never free an
- * old name=value entry because it may not be allocated.
- */
-
- destination = (envp != 0 && strlen(*envp) >= l_nameval) ?
- *envp : malloc(l_nameval + 1);
- if (destination == 0)
- return (-1);
- strncpy(destination, name, l_name);
- destination[l_name] = '=';
- strcpy(destination + l_name + 1, value);
- return ((envp == 0) ? addenv(destination) : (*envp = destination, 0));
-}
-
-/* cmalloc - malloc and copy block of memory */
-
-static char *cmalloc(new_len, old, old_len)
-char *old;
-int old_len;
-{
- char *new = malloc(new_len);
-
- if (new != 0)
- memcpy(new, old, old_len);
- return (new);
-}
-
-/* addenv - append environment entry */
-
-static int addenv(nameval)
-char *nameval;
-{
- char **envp;
- int n_used; /* number of environment entries */
- int l_used; /* bytes used excl. terminator */
- int l_need; /* bytes needed incl. terminator */
-
- for (envp = environ; envp && *envp; envp++)
- /* void */ ;
- n_used = envp - environ;
- l_used = n_used * sizeof(*envp);
- l_need = l_used + 2 * sizeof(*envp);
-
- envp = allocated ?
- (char **) realloc((char *) environ, l_need) :
- (char **) cmalloc(l_need, (char *) environ, l_used);
- if (envp == 0) {
- return (-1);
- } else {
- allocated = 1;
- environ = envp;
- environ[n_used++] = nameval; /* add new entry */
- environ[n_used] = 0; /* terminate list */
- return (0);
- }
-}
-
-#ifdef TEST
-
- /*
- * Stand-alone program for test purposes.
- */
-
-/* printenv - display environment */
-
-static void printenv()
-{
- char **envp;
-
- for (envp = environ; envp && *envp; envp++)
- printf("%s\n", *envp);
-}
-
-int main(argc, argv)
-int argc;
-char **argv;
-{
- char *cp;
- int changed = 0;
-
- if (argc < 2) {
- printf("usage: %s name[=value]...\n", argv[0]);
- return (1);
- }
- while (--argc && *++argv) {
- if (argv[0][0] == '-') { /* unsetenv() test */
- unsetenv(argv[0] + 1);
- changed = 1;
- } else if (strchr(argv[0], '=') == 0) { /* getenv() test */
- cp = getenv(argv[0]);
- printf("%s: %s\n", argv[0], cp ? cp : "not found");
- } else { /* putenv() test */
- if (putenv(argv[0])) {
- perror("putenv");
- return (1);
- }
- changed = 1;
- }
- }
- if (changed)
- printenv();
- return (0);
-}
-
-#endif /* TEST */
diff --git a/usr/src/cmd/tcpd/hosts.allow.4 b/usr/src/cmd/tcpd/hosts.allow.4
deleted file mode 100644
index dd1e93d78b..0000000000
--- a/usr/src/cmd/tcpd/hosts.allow.4
+++ /dev/null
@@ -1,2 +0,0 @@
-.so man4/hosts_access.4
-.\" "#ident "%Z%%M% %I% %E% SMI"
diff --git a/usr/src/cmd/tcpd/hosts.deny.4 b/usr/src/cmd/tcpd/hosts.deny.4
deleted file mode 100644
index dd1e93d78b..0000000000
--- a/usr/src/cmd/tcpd/hosts.deny.4
+++ /dev/null
@@ -1,2 +0,0 @@
-.so man4/hosts_access.4
-.\" "#ident "%Z%%M% %I% %E% SMI"
diff --git a/usr/src/cmd/tcpd/hosts_access.c.org b/usr/src/cmd/tcpd/hosts_access.c.org
deleted file mode 100644
index 9bdc7bcd66..0000000000
--- a/usr/src/cmd/tcpd/hosts_access.c.org
+++ /dev/null
@@ -1,331 +0,0 @@
- /*
- * This module implements a simple access control language that is based on
- * host (or domain) names, NIS (host) netgroup names, IP addresses (or
- * network numbers) and daemon process names. When a match is found the
- * search is terminated, and depending on whether PROCESS_OPTIONS is defined,
- * a list of options is executed or an optional shell command is executed.
- *
- * Host and user names are looked up on demand, provided that suitable endpoint
- * information is available as sockaddr_in structures or TLI netbufs. As a
- * side effect, the pattern matching process may change the contents of
- * request structure fields.
- *
- * Diagnostics are reported through syslog(3).
- *
- * Compile with -DNETGROUP if your library provides support for netgroups.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <ctype.h>
-#include <errno.h>
-#include <setjmp.h>
-#include <string.h>
-
-extern char *fgets();
-extern int errno;
-
-#ifndef INADDR_NONE
-#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
-#endif
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-/* Error handling. */
-
-extern jmp_buf tcpd_buf;
-
-/* Delimiters for lists of daemons or clients. */
-
-static char sep[] = ", \t\r\n";
-
-/* Constants to be used in assignments only, not in comparisons... */
-
-#define YES 1
-#define NO 0
-
- /*
- * These variables are globally visible so that they can be redirected in
- * verification mode.
- */
-
-char *hosts_allow_table = HOSTS_ALLOW;
-char *hosts_deny_table = HOSTS_DENY;
-int hosts_access_verbose = 0;
-
- /*
- * In a long-running process, we are not at liberty to just go away.
- */
-
-int resident = (-1); /* -1, 0: unknown; +1: yes */
-
-/* Forward declarations. */
-
-static int table_match();
-static int list_match();
-static int server_match();
-static int client_match();
-static int host_match();
-static int string_match();
-static int masked_match();
-
-/* Size of logical line buffer. */
-
-#define BUFLEN 2048
-
-/* hosts_access - host access control facility */
-
-int hosts_access(request)
-struct request_info *request;
-{
- int verdict;
-
- /*
- * If the (daemon, client) pair is matched by an entry in the file
- * /etc/hosts.allow, access is granted. Otherwise, if the (daemon,
- * client) pair is matched by an entry in the file /etc/hosts.deny,
- * access is denied. Otherwise, access is granted. A non-existent
- * access-control file is treated as an empty file.
- *
- * After a rule has been matched, the optional language extensions may
- * decide to grant or refuse service anyway. Or, while a rule is being
- * processed, a serious error is found, and it seems better to play safe
- * and deny service. All this is done by jumping back into the
- * hosts_access() routine, bypassing the regular return from the
- * table_match() function calls below.
- */
-
- if (resident <= 0)
- resident++;
- verdict = setjmp(tcpd_buf);
- if (verdict != 0)
- return (verdict == AC_PERMIT);
- if (table_match(hosts_allow_table, request))
- return (YES);
- if (table_match(hosts_deny_table, request))
- return (NO);
- return (YES);
-}
-
-/* table_match - match table entries with (daemon, client) pair */
-
-static int table_match(table, request)
-char *table;
-struct request_info *request;
-{
- FILE *fp;
- char sv_list[BUFLEN]; /* becomes list of daemons */
- char *cl_list; /* becomes list of clients */
- char *sh_cmd; /* becomes optional shell command */
- int match = NO;
- struct tcpd_context saved_context;
-
- saved_context = tcpd_context; /* stupid compilers */
-
- /*
- * Between the fopen() and fclose() calls, avoid jumps that may cause
- * file descriptor leaks.
- */
-
- if ((fp = fopen(table, "r")) != 0) {
- tcpd_context.file = table;
- tcpd_context.line = 0;
- while (match == NO && xgets(sv_list, sizeof(sv_list), fp) != 0) {
- if (sv_list[strlen(sv_list) - 1] != '\n') {
- tcpd_warn("missing newline or line too long");
- continue;
- }
- if (sv_list[0] == '#' || sv_list[strspn(sv_list, " \t\r\n")] == 0)
- continue;
- if ((cl_list = split_at(sv_list, ':')) == 0) {
- tcpd_warn("missing \":\" separator");
- continue;
- }
- sh_cmd = split_at(cl_list, ':');
- match = list_match(sv_list, request, server_match)
- && list_match(cl_list, request, client_match);
- }
- (void) fclose(fp);
- } else if (errno != ENOENT) {
- tcpd_warn("cannot open %s: %m", table);
- }
- if (match) {
- if (hosts_access_verbose > 1)
- syslog(LOG_DEBUG, "matched: %s line %d",
- tcpd_context.file, tcpd_context.line);
- if (sh_cmd) {
-#ifdef PROCESS_OPTIONS
- process_options(sh_cmd, request);
-#else
- char cmd[BUFSIZ];
- shell_cmd(percent_x(cmd, sizeof(cmd), sh_cmd, request));
-#endif
- }
- }
- tcpd_context = saved_context;
- return (match);
-}
-
-/* list_match - match a request against a list of patterns with exceptions */
-
-static int list_match(list, request, match_fn)
-char *list;
-struct request_info *request;
-int (*match_fn) ();
-{
- char *tok;
-
- /*
- * Process tokens one at a time. We have exhausted all possible matches
- * when we reach an "EXCEPT" token or the end of the list. If we do find
- * a match, look for an "EXCEPT" list and recurse to determine whether
- * the match is affected by any exceptions.
- */
-
- for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) {
- if (STR_EQ(tok, "EXCEPT")) /* EXCEPT: give up */
- return (NO);
- if (match_fn(tok, request)) { /* YES: look for exceptions */
- while ((tok = strtok((char *) 0, sep)) && STR_NE(tok, "EXCEPT"))
- /* VOID */ ;
- return (tok == 0 || list_match((char *) 0, request, match_fn) == 0);
- }
- }
- return (NO);
-}
-
-/* server_match - match server information */
-
-static int server_match(tok, request)
-char *tok;
-struct request_info *request;
-{
- char *host;
-
- if ((host = split_at(tok + 1, '@')) == 0) { /* plain daemon */
- return (string_match(tok, eval_daemon(request)));
- } else { /* daemon@host */
- return (string_match(tok, eval_daemon(request))
- && host_match(host, request->server));
- }
-}
-
-/* client_match - match client information */
-
-static int client_match(tok, request)
-char *tok;
-struct request_info *request;
-{
- char *host;
-
- if ((host = split_at(tok + 1, '@')) == 0) { /* plain host */
- return (host_match(tok, request->client));
- } else { /* user@host */
- return (host_match(host, request->client)
- && string_match(tok, eval_user(request)));
- }
-}
-
-/* host_match - match host name and/or address against pattern */
-
-static int host_match(tok, host)
-char *tok;
-struct host_info *host;
-{
- char *mask;
-
- /*
- * This code looks a little hairy because we want to avoid unnecessary
- * hostname lookups.
- *
- * The KNOWN pattern requires that both address AND name be known; some
- * patterns are specific to host names or to host addresses; all other
- * patterns are satisfied when either the address OR the name match.
- */
-
- if (tok[0] == '@') { /* netgroup: look it up */
-#ifdef NETGROUP
- static char *mydomain = 0;
- if (mydomain == 0)
- yp_get_default_domain(&mydomain);
- return (innetgr(tok + 1, eval_hostname(host), (char *) 0, mydomain));
-#else
- tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
- return (NO);
-#endif
- } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
- char *name = eval_hostname(host);
- return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
- } else if (STR_EQ(tok, "LOCAL")) { /* local: no dots in name */
- char *name = eval_hostname(host);
- return (strchr(name, '.') == 0 && HOSTNAME_KNOWN(name));
- } else if ((mask = split_at(tok, '/')) != 0) { /* net/mask */
- return (masked_match(tok, mask, eval_hostaddr(host)));
- } else { /* anything else */
- return (string_match(tok, eval_hostaddr(host))
- || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host))));
- }
-}
-
-/* string_match - match string against pattern */
-
-static int string_match(tok, string)
-char *tok;
-char *string;
-{
- int n;
-
- if (tok[0] == '.') { /* suffix */
- n = strlen(string) - strlen(tok);
- return (n > 0 && STR_EQ(tok, string + n));
- } else if (STR_EQ(tok, "ALL")) { /* all: match any */
- return (YES);
- } else if (STR_EQ(tok, "KNOWN")) { /* not unknown */
- return (STR_NE(string, unknown));
- } else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */
- return (STRN_EQ(tok, string, n));
- } else { /* exact match */
- return (STR_EQ(tok, string));
- }
-}
-
-/* masked_match - match address against netnumber/netmask */
-
-static int masked_match(net_tok, mask_tok, string)
-char *net_tok;
-char *mask_tok;
-char *string;
-{
- unsigned long net;
- unsigned long mask;
- unsigned long addr;
-
- /*
- * Disallow forms other than dotted quad: the treatment that inet_addr()
- * gives to forms with less than four components is inconsistent with the
- * access control language. John P. Rouillard <rouilj@cs.umb.edu>.
- */
-
- if ((addr = dot_quad_addr(string)) == INADDR_NONE)
- return (NO);
- if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) {
- tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
- return (NO); /* not tcpd_jump() */
- }
- return ((addr & mask) == net);
-}
diff --git a/usr/src/cmd/tcpd/libwrap.3 b/usr/src/cmd/tcpd/libwrap.3
deleted file mode 100644
index 625bed7b57..0000000000
--- a/usr/src/cmd/tcpd/libwrap.3
+++ /dev/null
@@ -1,2 +0,0 @@
-.so man3/hosts_access.3
-.\" "#ident "%Z%%M% %I% %E% SMI"
diff --git a/usr/src/cmd/tcpd/man.sed b/usr/src/cmd/tcpd/man.sed
deleted file mode 100644
index 59f4e832db..0000000000
--- a/usr/src/cmd/tcpd/man.sed
+++ /dev/null
@@ -1,95 +0,0 @@
-#
-# ident "%Z%%M% %I% %E% SMI"
-#
-# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-# This sed command script edits the man pages distrubuted with tcp_wrappers
-# into a format appropriate for Solaris. This mostly changes the section names
-# of these man pages and of references to Solaris man pages, but also tweaks
-# the body text in a few places to better describe the operation under Solaris.
-#
-
-1i\
-'\\" t\
-\.\\"\
-\.\\" Modified for Solaris to to add the Solaris stability classification,\
-\.\\" and to add a note about source availability.\
-\.\\"\
-s/#include "tcpd.h"/#include <tcpd.h>/
-
-/#include <tcpd.h>/a\
-\.\\" Begin Sun update\
-\
-cc [ flag ... ] file ... [ library ... ] \-lwrap\
-\.\\" End Sun update
-
-s/or \\fItlid\\fR//
-s/or \\fItlid.conf\\fR //
-s/tlid.conf(5), format of the tlid control file.//
-
-s/inetd.conf(5)/inetd.conf(4)/g
-s/hosts_access(5)/hosts_access(4)/g
-s/\\fIhosts_access\\fR(5)/\\fIhosts_access\\fR(4)/g
-s/hosts_options(5)/hosts_options(4)/g
-s/\\fIhosts_options\\fR(5)/\\fIhosts_options\\fR(4)/g
-s/syslog.conf(5)/syslog.conf(4)/g
-s/inetd(8)/inetd(1M)/g
-s/\\fIinetd\\fR(8)/\\fIinetd\\fR(1M)/g
-s/tcpd(8)/tcpd(1M)/g
-s/tcpdmatch(8)/tcpdmatch(1M)/g
-s/tcpdchk(8)/tcpdchk(1M)/g
-/^\.TH .* 8$/s/8$/1M/
-/^\.TH .* 5$/s/5$/4/
-s/\\fIlibwrap.a\\fR/\\fIlibwrap.so\\fR/g
-
-$a\
-\.\\" Begin Sun update\
-.SH ATTRIBUTES\
-See\
-.BR attributes (5)\
-for descriptions of the following attributes:\
-.sp\
-.TS\
-box;\
-cbp-1 | cbp-1\
-l | l .\
-ATTRIBUTE TYPE ATTRIBUTE VALUE\
-=\
-Availability SUNWtcpd\
-=\
-Interface Stability Committed\
-.TE \
-.PP\
-.SH NOTES\
-Source for tcp_wrappers is available in the SUNWtcpdS package.\
-\.\\" End Sun update
-
-/^that pretend to have someone elses network address./a\
-.SH LIBWRAP INTERFACE\
-The same monitoring and access control functionality provided by the\
-tcpd standalone program is also available through the libwrap shared\
-library interface. Some programs, including the Solaris inetd daemon,\
-have been modified to use the libwrap interface and thus do not\
-require replacing the real server programs with tcpd. The libwrap\
-interface is also more efficient and can be used for inetd internal\
-services. See\
-.BR inetd (1M)\
-for more information.
-
-/^from PCs./,/^\.SH EXAMPLES/c\
-from PCs.\
-.PP\
-Warning: If the local system runs an RFC 931 server it is important\
-that it be configured NOT to use TCP Wrappers, or that TCP Wrappers\
-be configured to avoid RFC 931-based access control for this service.\
-If you use usernames in the access control files, make sure that you\
-have a hosts.allow entry that allows the RFC 931 service (often called\
-"identd" or "auth") without any username restrictions. Failure to heed\
-this warning can result in two hosts getting in an endless loop of\
-consulting each other's identd services.\
-.SH EXAMPLES
-
-/format of the inetd control file./a\
-inetd(1M), how to invoke tcpd from inetd using the libwrap library.\
-inetadm(1M), managing inetd services in the Service Management Framework.
diff --git a/usr/src/cmd/tcpd/misc.c.org b/usr/src/cmd/tcpd/misc.c.org
deleted file mode 100644
index 87a765379f..0000000000
--- a/usr/src/cmd/tcpd/misc.c.org
+++ /dev/null
@@ -1,87 +0,0 @@
- /*
- * Misc routines that are used by tcpd and by tcpdchk.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsic[] = "@(#) misc.c 1.2 96/02/11 17:01:29";
-#endif
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "tcpd.h"
-
-extern char *fgets();
-
-#ifndef INADDR_NONE
-#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
-#endif
-
-/* xgets - fgets() with backslash-newline stripping */
-
-char *xgets(ptr, len, fp)
-char *ptr;
-int len;
-FILE *fp;
-{
- int got;
- char *start = ptr;
-
- while (fgets(ptr, len, fp)) {
- got = strlen(ptr);
- if (got >= 1 && ptr[got - 1] == '\n') {
- tcpd_context.line++;
- if (got >= 2 && ptr[got - 2] == '\\') {
- got -= 2;
- } else {
- return (start);
- }
- }
- ptr += got;
- len -= got;
- ptr[0] = 0;
- }
- return (ptr > start ? start : 0);
-}
-
-/* split_at - break string at delimiter or return NULL */
-
-char *split_at(string, delimiter)
-char *string;
-int delimiter;
-{
- char *cp;
-
- if ((cp = strchr(string, delimiter)) != 0)
- *cp++ = 0;
- return (cp);
-}
-
-/* dot_quad_addr - convert dotted quad to internal form */
-
-unsigned long dot_quad_addr(str)
-char *str;
-{
- int in_run = 0;
- int runs = 0;
- char *cp = str;
-
- /* Count the number of runs of non-dot characters. */
-
- while (*cp) {
- if (*cp == '.') {
- in_run = 0;
- } else if (in_run == 0) {
- in_run = 1;
- runs++;
- }
- cp++;
- }
- return (runs == 4 ? inet_addr(str) : INADDR_NONE);
-}
diff --git a/usr/src/cmd/tcpd/miscd.c b/usr/src/cmd/tcpd/miscd.c
deleted file mode 100644
index 1ab835c450..0000000000
--- a/usr/src/cmd/tcpd/miscd.c
+++ /dev/null
@@ -1,120 +0,0 @@
- /*
- * Front end to the ULTRIX miscd service. The front end logs the remote host
- * name and then invokes the real miscd daemon. Install as "/usr/etc/miscd",
- * after renaming the real miscd daemon to the name defined with the
- * REAL_MISCD macro.
- *
- * Connections and diagnostics are logged through syslog(3).
- *
- * The Ultrix miscd program implements (among others) the systat service, which
- * pipes the output from who(1) to stdout. This information is potentially
- * useful to systems crackers.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) miscd.c 1.10 96/02/11 17:01:30";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <stdio.h>
-#include <syslog.h>
-
-#ifndef MAXPATHNAMELEN
-#define MAXPATHNAMELEN BUFSIZ
-#endif
-
-#ifndef STDIN_FILENO
-#define STDIN_FILENO 0
-#endif
-
-/* Local stuff. */
-
-#include "patchlevel.h"
-#include "tcpd.h"
-
-int allow_severity = SEVERITY; /* run-time adjustable */
-int deny_severity = LOG_WARNING; /* ditto */
-
-main(argc, argv)
-int argc;
-char **argv;
-{
- struct request_info request;
- char path[MAXPATHNAMELEN];
-
- /* Attempt to prevent the creation of world-writable files. */
-
-#ifdef DAEMON_UMASK
- umask(DAEMON_UMASK);
-#endif
-
- /*
- * Open a channel to the syslog daemon. Older versions of openlog()
- * require only two arguments.
- */
-
-#ifdef LOG_MAIL
- (void) openlog(argv[0], LOG_PID, FACILITY);
-#else
- (void) openlog(argv[0], LOG_PID);
-#endif
-
- /*
- * Find out the endpoint addresses of this conversation. Host name
- * lookups and double checks will be done on demand.
- */
-
- request_init(&request, RQ_DAEMON, argv[0], RQ_FILE, STDIN_FILENO, 0);
- fromhost(&request);
-
- /*
- * Optionally look up and double check the remote host name. Sites
- * concerned with security may choose to refuse connections from hosts
- * that pretend to have someone elses host name.
- */
-
-#ifdef PARANOID
- if (STR_EQ(eval_hostname(request.client), paranoid))
- refuse(&request);
-#endif
-
- /*
- * The BSD rlogin and rsh daemons that came out after 4.3 BSD disallow
- * socket options at the IP level. They do so for a good reason.
- * Unfortunately, we cannot use this with SunOS 4.1.x because the
- * getsockopt() system call can panic the system.
- */
-
-#ifdef KILL_IP_OPTIONS
- fix_options(&request);
-#endif
-
- /*
- * Check whether this host can access the service in argv[0]. The
- * access-control code invokes optional shell commands as specified in
- * the access-control tables.
- */
-
-#ifdef HOSTS_ACCESS
- if (!hosts_access(&request))
- refuse(&request);
-#endif
-
- /* Report request and invoke the real daemon program. */
-
- syslog(allow_severity, "connect from %s", eval_client(&request));
- sprintf(path, "%s/miscd", REAL_DAEMON_DIR);
- closelog();
- (void) execv(path, argv);
- syslog(LOG_ERR, "error: cannot execute %s: %m", path);
- clean_exit(&request);
- /* NOTREACHED */
-}
diff --git a/usr/src/cmd/tcpd/myvsyslog.c b/usr/src/cmd/tcpd/myvsyslog.c
deleted file mode 100644
index 20401f1f37..0000000000
--- a/usr/src/cmd/tcpd/myvsyslog.c
+++ /dev/null
@@ -1,33 +0,0 @@
- /*
- * vsyslog() for sites without. In order to enable this code, build with
- * -Dvsyslog=myvsyslog. We use a different name so that no accidents will
- * happen when vsyslog() exists. On systems with vsyslog(), syslog() is
- * typically implemented in terms of vsyslog().
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) myvsyslog.c 1.1 94/12/28 17:42:33";
-#endif
-
-#ifdef vsyslog
-
-#include <stdio.h>
-
-#include "tcpd.h"
-#include "mystdarg.h"
-
-myvsyslog(severity, format, ap)
-int severity;
-char *format;
-va_list ap;
-{
- char fbuf[BUFSIZ];
- char obuf[3 * STRING_LENGTH];
-
- vsprintf(obuf, percent_m(fbuf, format), ap);
- syslog(severity, "%s", obuf);
-}
-
-#endif
diff --git a/usr/src/cmd/tcpd/ncr.c b/usr/src/cmd/tcpd/ncr.c
deleted file mode 100644
index b903fb85a5..0000000000
--- a/usr/src/cmd/tcpd/ncr.c
+++ /dev/null
@@ -1,81 +0,0 @@
- /*
- * This part for NCR UNIX with is from Andrew Maffei (arm@aqua.whoi.edu). It
- * assumes TLI throughout. In order to look up endpoint address information
- * we must talk to the "timod" streams module. For some reason "timod" wants
- * to sit directly on top of the device driver. Therefore we pop off all
- * streams modules except the driver, install the "timod" module so that we
- * can figure out network addresses, and then restore the original state.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) ncr.c 1.1 94/12/28 17:42:34";
-#endif
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <sys/tiuser.h>
-#include <stropts.h>
-#include <sys/conf.h>
-
-#include "tcpd.h"
-
-#define MAX_MODULE_COUNT 10 /* XXX */
-
-/* fromhost - tear down the streams stack then rebuild it */
-
-void fromhost(request)
-struct request_info *request;
-{
- int i;
- int num_mod;
- struct str_list str_list;
- struct str_mlist mod_buffer[MAX_MODULE_COUNT];
- int fd = request->fd;
-
- str_list.sl_nmods = MAX_MODULE_COUNT;
- str_list.sl_modlist = &mod_buffer[0];
-
- /*
- * On systems with WIN streams support we have to be careful about what
- * is on the stream we are passed. This code POPs off all modules above
- * the pseudo driver, pushes timod, gets the host address information,
- * pops timod and then pushes all modules back on the stream.
- *
- * Some state may be lost in this process. /usr/etc/tlid seems to do special
- * things to the stream depending on the TCP port being serviced. (not a
- * very nice thing to do!). It is unclear what to do if this code breaks
- * - the stream may be left in an unknown condition.
- */
- if ((num_mod = ioctl(fd, I_LIST, NULL)) < 0)
- tcpd_warn("fromhost: LIST failed: %m");
- if (ioctl(fd, I_LIST, &str_list) < 0)
- tcpd_warn("fromhost: LIST failed: %m");
-
- /*
- * POP stream modules except for the driver.
- */
- for (i = 0; i < num_mod - 1; i++)
- if (ioctl(fd, I_POP, 0) < 0)
- tcpd_warn("fromhost: POP %s: %m", mod_buffer[i].l_name);
-
- /*
- * PUSH timod so that host address ioctls can be executed.
- */
- if (ioctl(fd, I_PUSH, "timod") < 0)
- tcpd_warn("fromhost: PUSH timod: %m");
- tli_host(request);
-
- /*
- * POP timod, we're done with it now.
- */
- if (ioctl(fd, I_POP, 0) < 0)
- tcpd_warn("fromhost: POP timod: %m");
-
- /*
- * Restore stream modules.
- */
- for (i = num_mod - 2; i >= 0; i--)
- if (ioctl(fd, I_PUSH, mod_buffer[i].l_name) < 0)
- tcpd_warn("fromhost: PUSH %s: %m", mod_buffer[i].l_name);
-}
diff --git a/usr/src/cmd/tcpd/printf.ck b/usr/src/cmd/tcpd/printf.ck
deleted file mode 100644
index d53412b737..0000000000
--- a/usr/src/cmd/tcpd/printf.ck
+++ /dev/null
@@ -1,3 +0,0 @@
-syslog 1 0
-tcpd_warn 0 0
-tcpd_jump 0 0
diff --git a/usr/src/cmd/tcpd/ptx.c b/usr/src/cmd/tcpd/ptx.c
deleted file mode 100644
index b9c312b82c..0000000000
--- a/usr/src/cmd/tcpd/ptx.c
+++ /dev/null
@@ -1,103 +0,0 @@
- /*
- * The Dynix/PTX TLI implementation is not quite compatible with System V
- * Release 4. Some important functions are not present so we are limited to
- * IP-based services.
- *
- * Diagnostics are reported through syslog(3).
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) ptx.c 1.3 94/12/28 17:42:38";
-#endif
-
-#ifdef PTX
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/tiuser.h>
-#include <sys/socket.h>
-#include <stropts.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <syslog.h>
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-/* Forward declarations. */
-
-static void ptx_sink();
-
-/* tli_host - determine TLI endpoint info, PTX version */
-
-void tli_host(request)
-struct request_info *request;
-{
- static struct sockaddr_in client;
- static struct sockaddr_in server;
-
- /*
- * getpeerinaddr() was suggested by someone at Sequent. It seems to work
- * with connection-oriented (TCP) services such as rlogind and telnetd,
- * but it returns 0.0.0.0 with datagram (UDP) services. No problem: UDP
- * needs special treatment anyway, in case we must refuse service.
- */
-
- if (getpeerinaddr(request->fd, &client, sizeof(client)) == 0
- && client.sin_addr.s_addr != 0) {
- request->client->sin = &client;
- if (getmyinaddr(request->fd, &server, sizeof(server)) == 0) {
- request->server->sin = &server;
- } else {
- tcpd_warn("warning: getmyinaddr: %m");
- }
- sock_methods(request);
-
- } else {
-
- /*
- * Another suggestion was to temporarily switch to the socket
- * interface, identify the endpoint addresses with socket calls, then
- * to switch back to TLI. This seems to works OK with UDP services,
- * which is exactly what we should be looking at right now.
- */
-
-#define SWAP_MODULE(f, old, new) (ioctl(f, I_POP, old), ioctl(f, I_PUSH, new))
-
- if (SWAP_MODULE(request->fd, "timod", "sockmod") != 0)
- tcpd_warn("replace timod by sockmod: %m");
- sock_host(request);
- if (SWAP_MODULE(request->fd, "sockmod", "timod") != 0)
- tcpd_warn("replace sockmod by timod: %m");
- if (request->sink != 0)
- request->sink = ptx_sink;
- }
-}
-
-/* ptx_sink - absorb unreceived IP datagram */
-
-static void ptx_sink(fd)
-int fd;
-{
- char buf[BUFSIZ];
- struct sockaddr sa;
- int size = sizeof(sa);
-
- /*
- * Eat up the not-yet received datagram. Where needed, switch to the
- * socket programming interface.
- */
-
- if (ioctl(fd, I_FIND, "timod") != 0)
- ioctl(fd, I_POP, "timod");
- if (ioctl(fd, I_FIND, "sockmod") == 0)
- ioctl(fd, I_PUSH, "sockmod");
- (void) recvfrom(fd, buf, sizeof(buf), 0, &sa, &size);
-}
-
-#endif /* PTX */
diff --git a/usr/src/cmd/tcpd/rfc931.c.org b/usr/src/cmd/tcpd/rfc931.c.org
deleted file mode 100644
index 8176417b8f..0000000000
--- a/usr/src/cmd/tcpd/rfc931.c.org
+++ /dev/null
@@ -1,165 +0,0 @@
- /*
- * rfc931() speaks a common subset of the RFC 931, AUTH, TAP, IDENT and RFC
- * 1413 protocols. It queries an RFC 931 etc. compatible daemon on a remote
- * host to look up the owner of a connection. The information should not be
- * used for authentication purposes. This routine intercepts alarm signals.
- *
- * Diagnostics are reported through syslog(3).
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) rfc931.c 1.10 95/01/02 16:11:34";
-#endif
-
-/* System libraries. */
-
-#include <stdio.h>
-#include <syslog.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <setjmp.h>
-#include <signal.h>
-#include <string.h>
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-#define RFC931_PORT 113 /* Semi-well-known port */
-#define ANY_PORT 0 /* Any old port will do */
-
-int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */
-
-static jmp_buf timebuf;
-
-/* fsocket - open stdio stream on top of socket */
-
-static FILE *fsocket(domain, type, protocol)
-int domain;
-int type;
-int protocol;
-{
- int s;
- FILE *fp;
-
- if ((s = socket(domain, type, protocol)) < 0) {
- tcpd_warn("socket: %m");
- return (0);
- } else {
- if ((fp = fdopen(s, "r+")) == 0) {
- tcpd_warn("fdopen: %m");
- close(s);
- }
- return (fp);
- }
-}
-
-/* timeout - handle timeouts */
-
-static void timeout(sig)
-int sig;
-{
- longjmp(timebuf, sig);
-}
-
-/* rfc931 - return remote user name, given socket structures */
-
-void rfc931(rmt_sin, our_sin, dest)
-struct sockaddr_in *rmt_sin;
-struct sockaddr_in *our_sin;
-char *dest;
-{
- unsigned rmt_port;
- unsigned our_port;
- struct sockaddr_in rmt_query_sin;
- struct sockaddr_in our_query_sin;
- char user[256]; /* XXX */
- char buffer[512]; /* XXX */
- char *cp;
- char *result = unknown;
- FILE *fp;
-
- /*
- * Use one unbuffered stdio stream for writing to and for reading from
- * the RFC931 etc. server. This is done because of a bug in the SunOS
- * 4.1.x stdio library. The bug may live in other stdio implementations,
- * too. When we use a single, buffered, bidirectional stdio stream ("r+"
- * or "w+" mode) we read our own output. Such behaviour would make sense
- * with resources that support random-access operations, but not with
- * sockets.
- */
-
- if ((fp = fsocket(AF_INET, SOCK_STREAM, 0)) != 0) {
- setbuf(fp, (char *) 0);
-
- /*
- * Set up a timer so we won't get stuck while waiting for the server.
- */
-
- if (setjmp(timebuf) == 0) {
- signal(SIGALRM, timeout);
- alarm(rfc931_timeout);
-
- /*
- * Bind the local and remote ends of the query socket to the same
- * IP addresses as the connection under investigation. We go
- * through all this trouble because the local or remote system
- * might have more than one network address. The RFC931 etc.
- * client sends only port numbers; the server takes the IP
- * addresses from the query socket.
- */
-
- our_query_sin = *our_sin;
- our_query_sin.sin_port = htons(ANY_PORT);
- rmt_query_sin = *rmt_sin;
- rmt_query_sin.sin_port = htons(RFC931_PORT);
-
- if (bind(fileno(fp), (struct sockaddr *) & our_query_sin,
- sizeof(our_query_sin)) >= 0 &&
- connect(fileno(fp), (struct sockaddr *) & rmt_query_sin,
- sizeof(rmt_query_sin)) >= 0) {
-
- /*
- * Send query to server. Neglect the risk that a 13-byte
- * write would have to be fragmented by the local system and
- * cause trouble with buggy System V stdio libraries.
- */
-
- fprintf(fp, "%u,%u\r\n",
- ntohs(rmt_sin->sin_port),
- ntohs(our_sin->sin_port));
- fflush(fp);
-
- /*
- * Read response from server. Use fgets()/sscanf() so we can
- * work around System V stdio libraries that incorrectly
- * assume EOF when a read from a socket returns less than
- * requested.
- */
-
- if (fgets(buffer, sizeof(buffer), fp) != 0
- && ferror(fp) == 0 && feof(fp) == 0
- && sscanf(buffer, "%u , %u : USERID :%*[^:]:%255s",
- &rmt_port, &our_port, user) == 3
- && ntohs(rmt_sin->sin_port) == rmt_port
- && ntohs(our_sin->sin_port) == our_port) {
-
- /*
- * Strip trailing carriage return. It is part of the
- * protocol, not part of the data.
- */
-
- if (cp = strchr(user, '\r'))
- *cp = 0;
- result = user;
- }
- }
- alarm(0);
- }
- fclose(fp);
- }
- STRN_CPY(dest, result, STRING_LENGTH);
-}
diff --git a/usr/src/cmd/tcpd/scaffold.c.org b/usr/src/cmd/tcpd/scaffold.c.org
deleted file mode 100644
index afce15a64e..0000000000
--- a/usr/src/cmd/tcpd/scaffold.c.org
+++ /dev/null
@@ -1,213 +0,0 @@
- /*
- * Routines for testing only. Not really industrial strength.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccs_id[] = "@(#) scaffold.c 1.6 97/03/21 19:27:24";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <setjmp.h>
-#include <string.h>
-
-#ifndef INADDR_NONE
-#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
-#endif
-
-extern char *malloc();
-
-/* Application-specific. */
-
-#include "tcpd.h"
-#include "scaffold.h"
-
- /*
- * These are referenced by the options module and by rfc931.c.
- */
-int allow_severity = SEVERITY;
-int deny_severity = LOG_WARNING;
-int rfc931_timeout = RFC931_TIMEOUT;
-
-/* dup_hostent - create hostent in one memory block */
-
-static struct hostent *dup_hostent(hp)
-struct hostent *hp;
-{
- struct hostent_block {
- struct hostent host;
- char *addr_list[1];
- };
- struct hostent_block *hb;
- int count;
- char *data;
- char *addr;
-
- for (count = 0; hp->h_addr_list[count] != 0; count++)
- /* void */ ;
-
- if ((hb = (struct hostent_block *) malloc(sizeof(struct hostent_block)
- + (hp->h_length + sizeof(char *)) * count)) == 0) {
- fprintf(stderr, "Sorry, out of memory\n");
- exit(1);
- }
- memset((char *) &hb->host, 0, sizeof(hb->host));
- hb->host.h_length = hp->h_length;
- hb->host.h_addr_list = hb->addr_list;
- hb->host.h_addr_list[count] = 0;
- data = (char *) (hb->host.h_addr_list + count + 1);
-
- for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
- hb->host.h_addr_list[count] = data + hp->h_length * count;
- memcpy(hb->host.h_addr_list[count], addr, hp->h_length);
- }
- return (&hb->host);
-}
-
-/* find_inet_addr - find all addresses for this host, result to free() */
-
-struct hostent *find_inet_addr(host)
-char *host;
-{
- struct in_addr addr;
- struct hostent *hp;
- static struct hostent h;
- static char *addr_list[2];
-
- /*
- * Host address: translate it to internal form.
- */
- if ((addr.s_addr = dot_quad_addr(host)) != INADDR_NONE) {
- h.h_addr_list = addr_list;
- h.h_addr_list[0] = (char *) &addr;
- h.h_length = sizeof(addr);
- return (dup_hostent(&h));
- }
-
- /*
- * Map host name to a series of addresses. Watch out for non-internet
- * forms or aliases. The NOT_INADDR() is here in case gethostbyname() has
- * been "enhanced" to accept numeric addresses. Make a copy of the
- * address list so that later gethostbyXXX() calls will not clobber it.
- */
- if (NOT_INADDR(host) == 0) {
- tcpd_warn("%s: not an internet address", host);
- return (0);
- }
- if ((hp = gethostbyname(host)) == 0) {
- tcpd_warn("%s: host not found", host);
- return (0);
- }
- if (hp->h_addrtype != AF_INET) {
- tcpd_warn("%d: not an internet host", hp->h_addrtype);
- return (0);
- }
- if (STR_NE(host, hp->h_name)) {
- tcpd_warn("%s: hostname alias", host);
- tcpd_warn("(official name: %.*s)", STRING_LENGTH, hp->h_name);
- }
- return (dup_hostent(hp));
-}
-
-/* check_dns - give each address thorough workout, return address count */
-
-int check_dns(host)
-char *host;
-{
- struct request_info request;
- struct sockaddr_in sin;
- struct hostent *hp;
- int count;
- char *addr;
-
- if ((hp = find_inet_addr(host)) == 0)
- return (0);
- request_init(&request, RQ_CLIENT_SIN, &sin, 0);
- sock_methods(&request);
- memset((char *) &sin, 0, sizeof(sin));
- sin.sin_family = AF_INET;
-
- for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
- memcpy((char *) &sin.sin_addr, addr, sizeof(sin.sin_addr));
-
- /*
- * Force host name and address conversions. Use the request structure
- * as a cache. Detect hostname lookup problems. Any name/name or
- * name/address conflicts will be reported while eval_hostname() does
- * its job.
- */
- request_set(&request, RQ_CLIENT_ADDR, "", RQ_CLIENT_NAME, "", 0);
- if (STR_EQ(eval_hostname(request.client), unknown))
- tcpd_warn("host address %s->name lookup failed",
- eval_hostaddr(request.client));
- }
- free((char *) hp);
- return (count);
-}
-
-/* dummy function to intercept the real shell_cmd() */
-
-/* ARGSUSED */
-
-void shell_cmd(command)
-char *command;
-{
- if (hosts_access_verbose)
- printf("command: %s", command);
-}
-
-/* dummy function to intercept the real clean_exit() */
-
-/* ARGSUSED */
-
-void clean_exit(request)
-struct request_info *request;
-{
- exit(0);
-}
-
-/* dummy function to intercept the real rfc931() */
-
-/* ARGSUSED */
-
-void rfc931(request)
-struct request_info *request;
-{
- strcpy(request->user, unknown);
-}
-
-/* check_path - examine accessibility */
-
-int check_path(path, st)
-char *path;
-struct stat *st;
-{
- struct stat stbuf;
- char buf[BUFSIZ];
-
- if (stat(path, st) < 0)
- return (-1);
-#ifdef notdef
- if (st->st_uid != 0)
- tcpd_warn("%s: not owned by root", path);
- if (st->st_mode & 020)
- tcpd_warn("%s: group writable", path);
-#endif
- if (st->st_mode & 002)
- tcpd_warn("%s: world writable", path);
- if (path[0] == '/' && path[1] != 0) {
- strrchr(strcpy(buf, path), '/')[0] = 0;
- (void) check_path(buf[0] ? buf : "/", &stbuf);
- }
- return (0);
-}
diff --git a/usr/src/cmd/tcpd/socket.c.diff b/usr/src/cmd/tcpd/socket.c.diff
deleted file mode 100644
index e6602074fb..0000000000
--- a/usr/src/cmd/tcpd/socket.c.diff
+++ /dev/null
@@ -1,289 +0,0 @@
-*** socket.c.org Fri Mar 21 19:27:25 1997
---- socket.c Mon Sep 27 17:21:46 1999
-***************
-*** 74,82 ****
- void sock_host(request)
- struct request_info *request;
- {
-! static struct sockaddr_in client;
-! static struct sockaddr_in server;
-! int len;
- char buf[BUFSIZ];
- int fd = request->fd;
-
---- 74,81 ----
- void sock_host(request)
- struct request_info *request;
- {
-! static struct sockaddr_gen client;
-! static struct sockaddr_gen server;
- char buf[BUFSIZ];
- int fd = request->fd;
-
-***************
-*** 91,102 ****
- * broken library code.
- */
-
-! len = sizeof(client);
-! if (getpeername(fd, (struct sockaddr *) & client, &len) < 0) {
- request->sink = sock_sink;
-! len = sizeof(client);
- if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK,
-! (struct sockaddr *) & client, &len) < 0) {
- tcpd_warn("can't get client address: %m");
- return; /* give up */
- }
---- 90,102 ----
- * broken library code.
- */
-
-! client.sg_len = sizeof(client.sg_addr);
-! if (getpeername(fd, (struct sockaddr *) ADDRP(client),
-! &client.sg_len) < 0) {
- request->sink = sock_sink;
-! client.sg_len = sizeof(client.sg_addr);
- if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK,
-! (struct sockaddr *) ADDRP(client), &client.sg_len) < 0) {
- tcpd_warn("can't get client address: %m");
- return; /* give up */
- }
-***************
-*** 104,110 ****
- memset(buf, 0 sizeof(buf));
- #endif
- }
-! request->client->sin = &client;
-
- /*
- * Determine the server binding. This is used for client username
---- 104,111 ----
- memset(buf, 0 sizeof(buf));
- #endif
- }
-! sockgen_simplify(&client);
-! request->client->sag = &client;
-
- /*
- * Determine the server binding. This is used for client username
-***************
-*** 112,123 ****
- * address or name.
- */
-
-! len = sizeof(server);
-! if (getsockname(fd, (struct sockaddr *) & server, &len) < 0) {
- tcpd_warn("getsockname: %m");
- return;
- }
-! request->server->sin = &server;
- }
-
- /* sock_hostaddr - map endpoint address to printable form */
---- 113,126 ----
- * address or name.
- */
-
-! server.sg_len = sizeof(server.sg_addr);
-! if (getsockname(fd, (struct sockaddr *) ADDRP(server),
-! &server.sg_len) < 0) {
- tcpd_warn("getsockname: %m");
- return;
- }
-! sockgen_simplify(&server);
-! request->server->sag = &server;
- }
-
- /* sock_hostaddr - map endpoint address to printable form */
-***************
-*** 125,134 ****
- void sock_hostaddr(host)
- struct host_info *host;
- {
-! struct sockaddr_in *sin = host->sin;
-
-! if (sin != 0)
-! STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr));
- }
-
- /* sock_hostname - map endpoint address to host name */
---- 128,142 ----
- void sock_hostaddr(host)
- struct host_info *host;
- {
-! struct sockaddr_gen *sag = host->sag;
-
-! if (sag != 0)
-! #ifdef HAVE_IPV6
-!
-! (void) inet_ntop(FAMILY(*sag), FADDRP(*sag), host->addr, sizeof(host->addr));
-! #else
-! STRN_CPY(host->addr, inet_ntoa(sag->sg_sin.sin_addr), sizeof(host->addr));
-! #endif
- }
-
- /* sock_hostname - map endpoint address to host name */
-***************
-*** 136,142 ****
- void sock_hostname(host)
- struct host_info *host;
- {
-! struct sockaddr_in *sin = host->sin;
- struct hostent *hp;
- int i;
-
---- 144,150 ----
- void sock_hostname(host)
- struct host_info *host;
- {
-! struct sockaddr_gen *sag = host->sag;
- struct hostent *hp;
- int i;
-
-***************
-*** 146,155 ****
- * not work the other way around: gethostbyname("INADDR_ANY") fails. We
- * have to special-case 0.0.0.0, in order to avoid false alerts from the
- * host name/address checking code below.
- */
-! if (sin != 0 && sin->sin_addr.s_addr != 0
-! && (hp = gethostbyaddr((char *) &(sin->sin_addr),
-! sizeof(sin->sin_addr), AF_INET)) != 0) {
-
- STRN_CPY(host->name, hp->h_name, sizeof(host->name));
-
---- 154,165 ----
- * not work the other way around: gethostbyname("INADDR_ANY") fails. We
- * have to special-case 0.0.0.0, in order to avoid false alerts from the
- * host name/address checking code below.
-+ *
-+ * We assume this works correctly in the INET6 case.
- */
-! if (sag != 0
-! && (FAMILY(*sag) != AF_INET || sag->sg_sin.sin_addr.s_addr != 0)
-! && (hp = gethostbyaddr(FADDRP(*sag), FSIZE(*sag), FAMILY(*sag))) != 0) {
-
- STRN_CPY(host->name, hp->h_name, sizeof(host->name));
-
-***************
-*** 166,172 ****
- * we're in big trouble anyway.
- */
-
-! if ((hp = gethostbyname(host->name)) == 0) {
-
- /*
- * Unable to verify that the host name matches the address. This
---- 176,188 ----
- * we're in big trouble anyway.
- */
-
-! #ifdef HAVE_IPV6
-! if (FAMILY(*sag) != AF_INET)
-! hp = getipnodebyname(host->name, FAMILY(*sag), AI_DEFAULT, 0);
-! else
-! #endif
-! hp = gethostbyname(host->name);
-! if (hp == 0) {
-
- /*
- * Unable to verify that the host name matches the address. This
-***************
-*** 189,194 ****
---- 205,213 ----
- host->name, STRING_LENGTH, hp->h_name);
-
- } else {
-+ #ifdef HAVE_IPV6
-+ char buf[INET6_ADDRSTRLEN];
-+ #endif
-
- /*
- * The address should be a member of the address list returned by
-***************
-*** 199,207 ****
-
- for (i = 0; hp->h_addr_list[i]; i++) {
- if (memcmp(hp->h_addr_list[i],
-! (char *) &sin->sin_addr,
-! sizeof(sin->sin_addr)) == 0)
- return; /* name is good, keep it */
- }
-
- /*
---- 218,231 ----
-
- for (i = 0; hp->h_addr_list[i]; i++) {
- if (memcmp(hp->h_addr_list[i],
-! (char *) FADDRP(*sag),
-! FSIZE(*sag)) == 0) {
-! #ifdef HAVE_IPV6
-! if (hp != 0 && FAMILY(*sag) != AF_INET)
-! freehostent(hp);
-! #endif
- return; /* name is good, keep it */
-+ }
- }
-
- /*
-***************
-*** 209,218 ****
- * someone has messed up. Perhaps someone compromised a name
- * server.
- */
--
- tcpd_warn("host name/address mismatch: %s != %.*s",
-! inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
- }
- strcpy(host->name, paranoid); /* name is bad, clobber it */
- }
- }
---- 233,250 ----
- * someone has messed up. Perhaps someone compromised a name
- * server.
- */
- tcpd_warn("host name/address mismatch: %s != %.*s",
-! #ifdef HAVE_IPV6
-! inet_ntop(FAMILY(*sag), FADDRP(*sag), buf, sizeof(buf)),
-! #else
-! inet_ntoa(sag->sg_sin.sin_addr),
-! #endif
-! STRING_LENGTH, hp->h_name);
- }
-+ #ifdef HAVE_IPV6
-+ if (hp != 0 && FAMILY(*sag) != AF_INET)
-+ freehostent(hp);
-+ #endif
- strcpy(host->name, paranoid); /* name is bad, clobber it */
- }
- }
-***************
-*** 232,235 ****
---- 264,290 ----
- */
-
- (void) recvfrom(fd, buf, sizeof(buf), 0, (struct sockaddr *) & sin, &size);
-+ }
-+
-+ void sockgen_simplify(sg)
-+ sockaddr_gen *sg;
-+ {
-+ #ifdef HAVE_IPV6
-+ if (sg->sg_family == AF_INET6 &&
-+ IN6_IS_ADDR_V4MAPPED(&sg->sg_sin6.sin6_addr)) {
-+ struct sockaddr_in v4_addr;
-+
-+ #ifdef IN6_V4MAPPED_TO_INADDR
-+ IN6_V4MAPPED_TO_INADDR(&sg->sg_sin6.sin6_addr, &v4_addr.sin_addr);
-+ #else
-+ IN6_MAPPED_TO_V4(&sg->sg_sin6.sin6_addr, &v4_addr.sin_addr);
-+ #endif
-+ v4_addr.sin_port = sg->sg_sin6.sin6_port;
-+ v4_addr.sin_family = AF_INET;
-+ memcpy(&sg->sg_sin,&v4_addr, sizeof(v4_addr));
-+ sg->sg_len = sizeof(struct in_addr);
-+ }
-+ #else
-+ return;
-+ #endif
- }
diff --git a/usr/src/cmd/tcpd/socket.c.org b/usr/src/cmd/tcpd/socket.c.org
deleted file mode 100644
index c659b16669..0000000000
--- a/usr/src/cmd/tcpd/socket.c.org
+++ /dev/null
@@ -1,235 +0,0 @@
- /*
- * This module determines the type of socket (datagram, stream), the client
- * socket address and port, the server socket address and port. In addition,
- * it provides methods to map a transport address to a printable host name
- * or address. Socket address information results are in static memory.
- *
- * The result from the hostname lookup method is STRING_PARANOID when a host
- * pretends to have someone elses name, or when a host name is available but
- * could not be verified.
- *
- * When lookup or conversion fails the result is set to STRING_UNKNOWN.
- *
- * Diagnostics are reported through syslog(3).
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) socket.c 1.15 97/03/21 19:27:24";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <string.h>
-
-extern char *inet_ntoa();
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-/* Forward declarations. */
-
-static void sock_sink();
-
-#ifdef APPEND_DOT
-
- /*
- * Speed up DNS lookups by terminating the host name with a dot. Should be
- * done with care. The speedup can give problems with lookups from sources
- * that lack DNS-style trailing dot magic, such as local files or NIS maps.
- */
-
-static struct hostent *gethostbyname_dot(name)
-char *name;
-{
- char dot_name[MAXHOSTNAMELEN + 1];
-
- /*
- * Don't append dots to unqualified names. Such names are likely to come
- * from local hosts files or from NIS.
- */
-
- if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
- return (gethostbyname(name));
- } else {
- sprintf(dot_name, "%s.", name);
- return (gethostbyname(dot_name));
- }
-}
-
-#define gethostbyname gethostbyname_dot
-#endif
-
-/* sock_host - look up endpoint addresses and install conversion methods */
-
-void sock_host(request)
-struct request_info *request;
-{
- static struct sockaddr_in client;
- static struct sockaddr_in server;
- int len;
- char buf[BUFSIZ];
- int fd = request->fd;
-
- sock_methods(request);
-
- /*
- * Look up the client host address. Hal R. Brand <BRAND@addvax.llnl.gov>
- * suggested how to get the client host info in case of UDP connections:
- * peek at the first message without actually looking at its contents. We
- * really should verify that client.sin_family gets the value AF_INET,
- * but this program has already caused too much grief on systems with
- * broken library code.
- */
-
- len = sizeof(client);
- if (getpeername(fd, (struct sockaddr *) & client, &len) < 0) {
- request->sink = sock_sink;
- len = sizeof(client);
- if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK,
- (struct sockaddr *) & client, &len) < 0) {
- tcpd_warn("can't get client address: %m");
- return; /* give up */
- }
-#ifdef really_paranoid
- memset(buf, 0 sizeof(buf));
-#endif
- }
- request->client->sin = &client;
-
- /*
- * Determine the server binding. This is used for client username
- * lookups, and for access control rules that trigger on the server
- * address or name.
- */
-
- len = sizeof(server);
- if (getsockname(fd, (struct sockaddr *) & server, &len) < 0) {
- tcpd_warn("getsockname: %m");
- return;
- }
- request->server->sin = &server;
-}
-
-/* sock_hostaddr - map endpoint address to printable form */
-
-void sock_hostaddr(host)
-struct host_info *host;
-{
- struct sockaddr_in *sin = host->sin;
-
- if (sin != 0)
- STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr));
-}
-
-/* sock_hostname - map endpoint address to host name */
-
-void sock_hostname(host)
-struct host_info *host;
-{
- struct sockaddr_in *sin = host->sin;
- struct hostent *hp;
- int i;
-
- /*
- * On some systems, for example Solaris 2.3, gethostbyaddr(0.0.0.0) does
- * not fail. Instead it returns "INADDR_ANY". Unfortunately, this does
- * not work the other way around: gethostbyname("INADDR_ANY") fails. We
- * have to special-case 0.0.0.0, in order to avoid false alerts from the
- * host name/address checking code below.
- */
- if (sin != 0 && sin->sin_addr.s_addr != 0
- && (hp = gethostbyaddr((char *) &(sin->sin_addr),
- sizeof(sin->sin_addr), AF_INET)) != 0) {
-
- STRN_CPY(host->name, hp->h_name, sizeof(host->name));
-
- /*
- * Verify that the address is a member of the address list returned
- * by gethostbyname(hostname).
- *
- * Verify also that gethostbyaddr() and gethostbyname() return the same
- * hostname, or rshd and rlogind may still end up being spoofed.
- *
- * On some sites, gethostbyname("localhost") returns "localhost.domain".
- * This is a DNS artefact. We treat it as a special case. When we
- * can't believe the address list from gethostbyname("localhost")
- * we're in big trouble anyway.
- */
-
- if ((hp = gethostbyname(host->name)) == 0) {
-
- /*
- * Unable to verify that the host name matches the address. This
- * may be a transient problem or a botched name server setup.
- */
-
- tcpd_warn("can't verify hostname: gethostbyname(%s) failed",
- host->name);
-
- } else if (STR_NE(host->name, hp->h_name)
- && STR_NE(host->name, "localhost")) {
-
- /*
- * The gethostbyaddr() and gethostbyname() calls did not return
- * the same hostname. This could be a nameserver configuration
- * problem. It could also be that someone is trying to spoof us.
- */
-
- tcpd_warn("host name/name mismatch: %s != %.*s",
- host->name, STRING_LENGTH, hp->h_name);
-
- } else {
-
- /*
- * The address should be a member of the address list returned by
- * gethostbyname(). We should first verify that the h_addrtype
- * field is AF_INET, but this program has already caused too much
- * grief on systems with broken library code.
- */
-
- for (i = 0; hp->h_addr_list[i]; i++) {
- if (memcmp(hp->h_addr_list[i],
- (char *) &sin->sin_addr,
- sizeof(sin->sin_addr)) == 0)
- return; /* name is good, keep it */
- }
-
- /*
- * The host name does not map to the initial address. Perhaps
- * someone has messed up. Perhaps someone compromised a name
- * server.
- */
-
- tcpd_warn("host name/address mismatch: %s != %.*s",
- inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
- }
- strcpy(host->name, paranoid); /* name is bad, clobber it */
- }
-}
-
-/* sock_sink - absorb unreceived IP datagram */
-
-static void sock_sink(fd)
-int fd;
-{
- char buf[BUFSIZ];
- struct sockaddr_in sin;
- int size = sizeof(sin);
-
- /*
- * Eat up the not-yet received datagram. Some systems insist on a
- * non-zero source address argument in the recvfrom() call below.
- */
-
- (void) recvfrom(fd, buf, sizeof(buf), 0, (struct sockaddr *) & sin, &size);
-}
diff --git a/usr/src/cmd/tcpd/strcasecmp.c b/usr/src/cmd/tcpd/strcasecmp.c
deleted file mode 100644
index a54e828161..0000000000
--- a/usr/src/cmd/tcpd/strcasecmp.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley. The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)strcasecmp.c 5.6 (Berkeley) 6/27/88";
-#endif /* LIBC_SCCS and not lint */
-
-/* Some environments don't define u_char -- WZV */
-#if 0
-#include <sys/types.h>
-#else
-typedef unsigned char u_char;
-#endif
-
-/*
- * This array is designed for mapping upper and lower case letter
- * together for a case independent comparison. The mappings are
- * based upon ascii character sequences.
- */
-static u_char charmap[] = {
- '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
- '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
- '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
- '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
- '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
- '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
- '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
- '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
- '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
- '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
- '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
- '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
- '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
- '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
- '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
- '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
- '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
- '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
- '\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
- '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- '\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337',
- '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
- '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
-};
-
-strcasecmp(s1, s2)
- char *s1, *s2;
-{
- register u_char *cm = charmap,
- *us1 = (u_char *)s1,
- *us2 = (u_char *)s2;
-
- while (cm[*us1] == cm[*us2++])
- if (*us1++ == '\0')
- return(0);
- return(cm[*us1] - cm[*--us2]);
-}
-
-strncasecmp(s1, s2, n)
- char *s1, *s2;
- register int n;
-{
- register u_char *cm = charmap,
- *us1 = (u_char *)s1,
- *us2 = (u_char *)s2;
-
- while (--n >= 0 && cm[*us1] == cm[*us2++])
- if (*us1++ == '\0')
- return(0);
- return(n < 0 ? 0 : cm[*us1] - cm[*--us2]);
-}
diff --git a/usr/src/cmd/tcpd/tags b/usr/src/cmd/tcpd/tags
deleted file mode 100644
index f4fecf6eac..0000000000
--- a/usr/src/cmd/tcpd/tags
+++ /dev/null
@@ -1,149 +0,0 @@
-HOSTNAME_KNOWN tcpd.h /^#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && /
-Menviron environ.c /^int main(argc, argv)$/
-Mmiscd miscd.c /^main(argc, argv)$/
-Msafe_finger safe_finger.c /^main(argc, argv)$/
-Mtcpd tcpd.c /^main(argc, argv)$/
-Mtcpdchk tcpdchk.c /^int main(argc, argv)$/
-Mtcpdmatch tcpdmatch.c /^int main(argc, argv)$/
-Mtry-from try-from.c /^main(argc, argv)$/
-NOT_INADDR tcpd.h /^#define NOT_INADDR(s) (s[strspn(s,"0123456789abcde/
-SGADDRP tcpd.h /^#define SGADDRP(sag) (((sag)->sg_family == AF_INE/
-SGADDRSZ tcpd.h /^#define SGADDRSZ(sag) ((sag)->sg_family == AF_INE/
-SGFAM tcpd.h /^#define SGFAM(sag) ((sag)->sg_family == AF_INET6 /
-SGPORT tcpd.h /^#define SGPORT(sag) (*((sag)->sg_family == AF_INE/
-SGSOCKADDRSZ tcpd.h /^#define SGSOCKADDRSZ(sag) ((sag)->sg_family == AF_/
-SG_IS_UNSPECIFIED tcpd.h /^#define SG_IS_UNSPECIFIED(sag) \\$/
-STRN_CPY tcpd.h /^#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d/
-STRN_EQ tcpd.h /^#define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) =/
-STRN_NE tcpd.h /^#define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) !/
-STR_EQ tcpd.h /^#define STR_EQ(x,y) (strcasecmp((x),(y)) == 0)$/
-STR_NE tcpd.h /^#define STR_NE(x,y) (strcasecmp((x),(y)) != 0)$/
-S_ISDIR tcpdchk.c /^#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)$/
-VAEND mystdarg.h /^#define VAEND(ap) va_end(ap)$/
-VARARGS diag.c /^void VARARGS(tcpd_warn, char *, format)$/
-VASTART mystdarg.h /^#define VASTART(ap,type,name) va_start(ap,name)$/
-__P tli-sequent.h /^#define __P(X) X$/
-addenv environ.c /^static int addenv(nameval)$/
-allow_option options.c /^static void allow_option(value, request)$/
-banners_option options.c /^static void banners_option(value, request)$/
-base_name inetcf.c /^static char *base_name(path)$/
-check_client_list tcpdchk.c /^static void check_client_list(list)$/
-check_daemon tcpdchk.c /^static void check_daemon(pat)$/
-check_daemon_list tcpdchk.c /^static void check_daemon_list(list)$/
-check_dns scaffold.c /^int check_dns(host)$/
-check_host tcpdchk.c /^static int check_host(pat)$/
-check_path scaffold.c /^int check_path(path, st)$/
-check_user tcpdchk.c /^static void check_user(pat)$/
-chop_string options.c /^static char *chop_string(string)$/
-clean_exit clean_exit.c /^void clean_exit(request)$/
-cleanup safe_finger.c /^void cleanup(sig)$/
-client_match hosts_access.c /^static int client_match(tok, request)$/
-closelog fakelog.c /^closelog()$/
-cmalloc environ.c /^static char *cmalloc(new_len, old, old_len)$/
-deny_option options.c /^static void deny_option(value, request)$/
-do_child shell_cmd.c /^static void do_child(command)$/
-dot_quad_addr misc.c /^unsigned long dot_quad_addr(str)$/
-dup_hostent scaffold.c /^static struct hostent *dup_hostent(hp)$/
-eval_client eval.c /^char *eval_client(request)$/
-eval_daemon tcpd.h /^#define eval_daemon(r) ((r)->daemon) \/* daemon pro/
-eval_hostaddr eval.c /^char *eval_hostaddr(host)$/
-eval_hostinfo eval.c /^char *eval_hostinfo(host)$/
-eval_hostname eval.c /^char *eval_hostname(host)$/
-eval_pid tcpd.h /^#define eval_pid(r) ((r)->pid) \/* process id *\/$/
-eval_server eval.c /^char *eval_server(request)$/
-eval_user eval.c /^char *eval_user(request)$/
-expand tcpdmatch.c /^static void expand(text, pattern, request)$/
-expand_arg options.c /^#define expand_arg(o) ((o)->flags & EXPAND_ARG)$/
-find_inet_addr scaffold.c /^struct hostent *find_inet_addr(host)$/
-findenv environ.c /^static char **findenv(name, len)$/
-fix_fgets workarounds.c /^char *fix_fgets(buf, len, fp)$/
-fix_gethostbyname workarounds.c /^struct hostent *fix_gethostbyname(name)$/
-fix_getpeername workarounds.c /^int fix_getpeername(sock, sa, len)$/
-fix_inet_addr workarounds.c /^long fix_inet_addr(string)$/
-fix_options fix_options.c /^fix_options(request)$/
-fix_recvfrom workarounds.c /^int fix_recvfrom(sock, buf, buflen, flags, fro/
-fix_strtok workarounds.c /^char *fix_strtok(buf, sep)$/
-fromhost fromhost.c /^void fromhost(request)$/
-fsocket rfc931.c /^static FILE *fsocket(domain, type, protocol)$/
-get_field options.c /^static char *get_field(string)$/
-getenv environ.c /^char *getenv(name)$/
-gethostbyname_dot socket.c /^static struct hostent *gethostbyname_dot(name)$/
-group_option options.c /^static void group_option(value, request)$/
-host_match hosts_access.c /^static int host_match(tok, host)$/
-hosts_access hosts_access.c /^int hosts_access(request)$/
-hosts_ctl hosts_ctl.c /^int hosts_ctl(daemon, name, addr, user)$/
-inet_cfg inetcf.c /^char *inet_cfg(conf)$/
-inet_chk inetcf.c /^static void inet_chk(protocol, path, arg0, arg1)$/
-inet_get inetcf.c /^int inet_get(name)$/
-inet_set inetcf.c /^void inet_set(name, type)$/
-ipv6_mask hosts_access.c /^static void ipv6_mask(in6p, maskbits)$/
-keepalive_option options.c /^static void keepalive_option(value, request)$/
-linger_option options.c /^static void linger_option(value, request)$/
-list_match hosts_access.c /^static int list_match(list, request, match_fn)$/
-masked_match hosts_access.c /^static int masked_match(net_tok, mask_tok, string)/
-memcpy environ.c /^#define memcpy(d,s,l) bcopy(s,d,l)$/
-my_strtok workarounds.c /^char *my_strtok(buf, sep)$/
-myvsyslog myvsyslog.c /^myvsyslog(severity, format, ap)$/
-namelength environ.c /^static int namelength(name)$/
-need_arg options.c /^#define need_arg(o) ((o)->flags & NEED_ARG)$/
-nice_option options.c /^static void nice_option(value, request)$/
-numeric_addr misc.c /^int numeric_addr(str, addr, af, len)$/
-openlog fakelog.c /^openlog(name, logopt, facility)$/
-opt_arg options.c /^#define opt_arg(o) ((o)->flags & OPT_ARG)$/
-parse_table tcpdchk.c /^static void parse_table(table, request)$/
-percent_m percent_m.c /^char *percent_m(obuf, ibuf)$/
-percent_x percent_x.c /^char *percent_x(result, result_len, string, requ/
-permit_arg options.c /^#define permit_arg(o) ((o)->flags & (NEED_ARG | OP/
-perror_exit safe_finger.c /^void perror_exit(text)$/
-pipe_stdin safe_finger.c /^int pipe_stdin(argv)$/
-print_list tcpdchk.c /^static void print_list(title, list)$/
-printenv environ.c /^static void printenv()$/
-process_options options.c /^void process_options(options, request)$/
-ptx_sink ptx.c /^static void ptx_sink(fd)$/
-putenv environ.c /^int putenv(nameval)$/
-refuse refuse.c /^void refuse(request)$/
-request_fill update.c /^static struct request_info *request_fill(request, /
-reserved_name tcpdchk.c /^static int reserved_name(pat)$/
-rfc931 rfc931.c /^void rfc931(rmt_sin, our_sin, dest)$/
-rfc931_option options.c /^static void rfc931_option(value, request)$/
-server_match hosts_access.c /^static int server_match(tok, request)$/
-setenv environ.c /^int setenv(name, value, clobber)$/
-setenv_option options.c /^static void setenv_option(value, request)$/
-severity_map options.c /^static int severity_map(table, name)$/
-severity_option options.c /^static void severity_option(value, request)$/
-shell_cmd scaffold.c /^void shell_cmd(command)$/
-skip_ipv6_addrs misc.c /^char *skip_ipv6_addrs(str)$/
-sock_host socket.c /^void sock_host(request)$/
-sock_hostaddr socket.c /^void sock_hostaddr(host)$/
-sock_hostname socket.c /^void sock_hostname(host)$/
-sock_methods tcpd.h /^#define sock_methods(r) \\$/
-sock_sink socket.c /^static void sock_sink(fd)$/
-sockgen_simplify socket.c /^void sockgen_simplify(sg)$/
-spawn_option options.c /^static void spawn_option(value, request)$/
-split_at misc.c /^char *split_at(string, delimiter)$/
-strcasecmp strcasecmp.c /^strcasecmp(s1, s2)$/
-string_match hosts_access.c /^static int string_match(tok, string)$/
-strncasecmp strcasecmp.c /^strncasecmp(s1, s2, n)$/
-table_match hosts_access.c /^static int table_match(table, request)$/
-tcpd_diag diag.c /^static void tcpd_diag(severity, tag, format, ap)$/
-tcpdmatch tcpdmatch.c /^static void tcpdmatch(request)$/
-timeout rfc931.c /^static void timeout(sig)$/
-tli_cleanup tli.c /^static void tli_cleanup(request)$/
-tli_endpoints tli.c /^static void tli_endpoints(request)$/
-tli_error tli-sequent.c /^static char *tli_error()$/
-tli_host ptx.c /^void tli_host(request)$/
-tli_hostaddr tli.c /^static void tli_hostaddr(host)$/
-tli_hostname tli.c /^static void tli_hostname(host)$/
-tli_sink tli-sequent.c /^static void tli_sink(fd)$/
-tli_transport tli.c /^static struct netconfig *tli_transport(fd)$/
-twist_option options.c /^static void twist_option(value, request)$/
-umask_option options.c /^static void umask_option(value, request)$/
-unsetenv environ.c /^void unsetenv(name)$/
-usage tcpdchk.c /^static void usage()$/
-use_last options.c /^#define use_last(o) ((o)->flags & USE_LAST)$/
-user_option options.c /^static void user_option(value, request)$/
-vfprintf vfprintf.c /^int vfprintf(fp, format, ap)$/
-vprintf vfprintf.c /^vprintf(format, ap)$/
-vsyslog fakelog.c /^vsyslog(severity, fmt, ap)$/
-xgets misc.c /^char *xgets(ptr, len, fp)$/
-yp_get_default_domain workarounds.c /^int yp_get_default_domain(ptr)$/
diff --git a/usr/src/cmd/tcpd/tcpd.h.org b/usr/src/cmd/tcpd/tcpd.h.org
deleted file mode 100644
index 3eecc91159..0000000000
--- a/usr/src/cmd/tcpd/tcpd.h.org
+++ /dev/null
@@ -1,219 +0,0 @@
- /*
- * @(#) tcpd.h 1.5 96/03/19 16:22:24
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-/* Structure to describe one communications endpoint. */
-
-#define STRING_LENGTH 128 /* hosts, users, processes */
-
-struct host_info {
- char name[STRING_LENGTH]; /* access via eval_hostname(host) */
- char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */
- struct sockaddr_in *sin; /* socket address or 0 */
- struct t_unitdata *unit; /* TLI transport address or 0 */
- struct request_info *request; /* for shared information */
-};
-
-/* Structure to describe what we know about a service request. */
-
-struct request_info {
- int fd; /* socket handle */
- char user[STRING_LENGTH]; /* access via eval_user(request) */
- char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */
- char pid[10]; /* access via eval_pid(request) */
- struct host_info client[1]; /* client endpoint info */
- struct host_info server[1]; /* server endpoint info */
- void (*sink) (); /* datagram sink function or 0 */
- void (*hostname) (); /* address to printable hostname */
- void (*hostaddr) (); /* address to printable address */
- void (*cleanup) (); /* cleanup function or 0 */
- struct netconfig *config; /* netdir handle */
-};
-
-/* Common string operations. Less clutter should be more readable. */
-
-#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
-
-#define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0)
-#define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0)
-#define STR_EQ(x,y) (strcasecmp((x),(y)) == 0)
-#define STR_NE(x,y) (strcasecmp((x),(y)) != 0)
-
- /*
- * Initially, all above strings have the empty value. Information that
- * cannot be determined at runtime is set to "unknown", so that we can
- * distinguish between `unavailable' and `not yet looked up'. A hostname
- * that we do not believe in is set to "paranoid".
- */
-
-#define STRING_UNKNOWN "unknown" /* lookup failed */
-#define STRING_PARANOID "paranoid" /* hostname conflict */
-
-extern char unknown[];
-extern char paranoid[];
-
-#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
-
-#define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
-
-/* Global functions. */
-
-#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
-extern void fromhost(); /* get/validate client host info */
-#else
-#define fromhost sock_host /* no TLI support needed */
-#endif
-
-extern int hosts_access(); /* access control */
-extern void shell_cmd(); /* execute shell command */
-extern char *percent_x(); /* do %<char> expansion */
-extern void rfc931(); /* client name from RFC 931 daemon */
-extern void clean_exit(); /* clean up and exit */
-extern void refuse(); /* clean up and exit */
-extern char *xgets(); /* fgets() on steroids */
-extern char *split_at(); /* strchr() and split */
-extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
-
-/* Global variables. */
-
-extern int allow_severity; /* for connection logging */
-extern int deny_severity; /* for connection logging */
-extern char *hosts_allow_table; /* for verification mode redirection */
-extern char *hosts_deny_table; /* for verification mode redirection */
-extern int hosts_access_verbose; /* for verbose matching mode */
-extern int rfc931_timeout; /* user lookup timeout */
-extern int resident; /* > 0 if resident process */
-
- /*
- * Routines for controlled initialization and update of request structure
- * attributes. Each attribute has its own key.
- */
-
-#ifdef __STDC__
-extern struct request_info *request_init(struct request_info *,...);
-extern struct request_info *request_set(struct request_info *,...);
-#else
-extern struct request_info *request_init(); /* initialize request */
-extern struct request_info *request_set(); /* update request structure */
-#endif
-
-#define RQ_FILE 1 /* file descriptor */
-#define RQ_DAEMON 2 /* server process (argv[0]) */
-#define RQ_USER 3 /* client user name */
-#define RQ_CLIENT_NAME 4 /* client host name */
-#define RQ_CLIENT_ADDR 5 /* client host address */
-#define RQ_CLIENT_SIN 6 /* client endpoint (internal) */
-#define RQ_SERVER_NAME 7 /* server host name */
-#define RQ_SERVER_ADDR 8 /* server host address */
-#define RQ_SERVER_SIN 9 /* server endpoint (internal) */
-
- /*
- * Routines for delayed evaluation of request attributes. Each attribute
- * type has its own access method. The trivial ones are implemented by
- * macros. The other ones are wrappers around the transport-specific host
- * name, address, and client user lookup methods. The request_info and
- * host_info structures serve as caches for the lookup results.
- */
-
-extern char *eval_user(); /* client user */
-extern char *eval_hostname(); /* printable hostname */
-extern char *eval_hostaddr(); /* printable host address */
-extern char *eval_hostinfo(); /* host name or address */
-extern char *eval_client(); /* whatever is available */
-extern char *eval_server(); /* whatever is available */
-#define eval_daemon(r) ((r)->daemon) /* daemon process name */
-#define eval_pid(r) ((r)->pid) /* process id */
-
-/* Socket-specific methods, including DNS hostname lookups. */
-
-extern void sock_host(); /* look up endpoint addresses */
-extern void sock_hostname(); /* translate address to hostname */
-extern void sock_hostaddr(); /* address to printable address */
-#define sock_methods(r) \
- { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
-
-/* The System V Transport-Level Interface (TLI) interface. */
-
-#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
-extern void tli_host(); /* look up endpoint addresses etc. */
-#endif
-
- /*
- * Problem reporting interface. Additional file/line context is reported
- * when available. The jump buffer (tcpd_buf) is not declared here, or
- * everyone would have to include <setjmp.h>.
- */
-
-#ifdef __STDC__
-extern void tcpd_warn(char *, ...); /* report problem and proceed */
-extern void tcpd_jump(char *, ...); /* report problem and jump */
-#else
-extern void tcpd_warn();
-extern void tcpd_jump();
-#endif
-
-struct tcpd_context {
- char *file; /* current file */
- int line; /* current line */
-};
-extern struct tcpd_context tcpd_context;
-
- /*
- * While processing access control rules, error conditions are handled by
- * jumping back into the hosts_access() routine. This is cleaner than
- * checking the return value of each and every silly little function. The
- * (-1) returns are here because zero is already taken by longjmp().
- */
-
-#define AC_PERMIT 1 /* permit access */
-#define AC_DENY (-1) /* deny_access */
-#define AC_ERROR AC_DENY /* XXX */
-
- /*
- * In verification mode an option function should just say what it would do,
- * instead of really doing it. An option function that would not return
- * should clear the dry_run flag to inform the caller of this unusual
- * behavior.
- */
-
-extern void process_options(); /* execute options */
-extern int dry_run; /* verification flag */
-
-/* Bug workarounds. */
-
-#ifdef INET_ADDR_BUG /* inet_addr() returns struct */
-#define inet_addr fix_inet_addr
-extern long fix_inet_addr();
-#endif
-
-#ifdef BROKEN_FGETS /* partial reads from sockets */
-#define fgets fix_fgets
-extern char *fix_fgets();
-#endif
-
-#ifdef RECVFROM_BUG /* no address family info */
-#define recvfrom fix_recvfrom
-extern int fix_recvfrom();
-#endif
-
-#ifdef GETPEERNAME_BUG /* claims success with UDP */
-#define getpeername fix_getpeername
-extern int fix_getpeername();
-#endif
-
-#ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */
-#define gethostbyname fix_gethostbyname
-extern struct hostent *fix_gethostbyname();
-#endif
-
-#ifdef USE_STRSEP /* libc calls strtok() */
-#define strtok fix_strtok
-extern char *fix_strtok();
-#endif
-
-#ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */
-#define strtok my_strtok
-extern char *my_strtok();
-#endif
diff --git a/usr/src/cmd/tcpd/tcpdchk.c.org b/usr/src/cmd/tcpd/tcpdchk.c.org
deleted file mode 100644
index 49c5c82c1b..0000000000
--- a/usr/src/cmd/tcpd/tcpdchk.c.org
+++ /dev/null
@@ -1,462 +0,0 @@
- /*
- * tcpdchk - examine all tcpd access control rules and inetd.conf entries
- *
- * Usage: tcpdchk [-a] [-d] [-i inet_conf] [-v]
- *
- * -a: complain about implicit "allow" at end of rule.
- *
- * -d: rules in current directory.
- *
- * -i: location of inetd.conf file.
- *
- * -v: show all rules.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <setjmp.h>
-#include <errno.h>
-#include <netdb.h>
-#include <string.h>
-
-extern int errno;
-extern void exit();
-extern int optind;
-extern char *optarg;
-
-#ifndef INADDR_NONE
-#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
-#endif
-
-#ifndef S_ISDIR
-#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
-#endif
-
-/* Application-specific. */
-
-#include "tcpd.h"
-#include "inetcf.h"
-#include "scaffold.h"
-
- /*
- * Stolen from hosts_access.c...
- */
-static char sep[] = ", \t\n";
-
-#define BUFLEN 2048
-
-int resident = 0;
-int hosts_access_verbose = 0;
-char *hosts_allow_table = HOSTS_ALLOW;
-char *hosts_deny_table = HOSTS_DENY;
-extern jmp_buf tcpd_buf;
-
- /*
- * Local stuff.
- */
-static void usage();
-static void parse_table();
-static void print_list();
-static void check_daemon_list();
-static void check_client_list();
-static void check_daemon();
-static void check_user();
-static int check_host();
-static int reserved_name();
-
-#define PERMIT 1
-#define DENY 0
-
-#define YES 1
-#define NO 0
-
-static int defl_verdict;
-static char *myname;
-static int allow_check;
-static char *inetcf;
-
-int main(argc, argv)
-int argc;
-char **argv;
-{
- struct request_info request;
- struct stat st;
- int c;
-
- myname = argv[0];
-
- /*
- * Parse the JCL.
- */
- while ((c = getopt(argc, argv, "adi:v")) != EOF) {
- switch (c) {
- case 'a':
- allow_check = 1;
- break;
- case 'd':
- hosts_allow_table = "hosts.allow";
- hosts_deny_table = "hosts.deny";
- break;
- case 'i':
- inetcf = optarg;
- break;
- case 'v':
- hosts_access_verbose++;
- break;
- default:
- usage();
- /* NOTREACHED */
- }
- }
- if (argc != optind)
- usage();
-
- /*
- * When confusion really strikes...
- */
- if (check_path(REAL_DAEMON_DIR, &st) < 0) {
- tcpd_warn("REAL_DAEMON_DIR %s: %m", REAL_DAEMON_DIR);
- } else if (!S_ISDIR(st.st_mode)) {
- tcpd_warn("REAL_DAEMON_DIR %s is not a directory", REAL_DAEMON_DIR);
- }
-
- /*
- * Process the inet configuration file (or its moral equivalent). This
- * information is used later to find references in hosts.allow/deny to
- * unwrapped services, and other possible problems.
- */
- inetcf = inet_cfg(inetcf);
- if (hosts_access_verbose)
- printf("Using network configuration file: %s\n", inetcf);
-
- /*
- * These are not run from inetd but may have built-in access control.
- */
- inet_set("portmap", WR_NOT);
- inet_set("rpcbind", WR_NOT);
-
- /*
- * Check accessibility of access control files.
- */
- (void) check_path(hosts_allow_table, &st);
- (void) check_path(hosts_deny_table, &st);
-
- /*
- * Fake up an arbitrary service request.
- */
- request_init(&request,
- RQ_DAEMON, "daemon_name",
- RQ_SERVER_NAME, "server_hostname",
- RQ_SERVER_ADDR, "server_addr",
- RQ_USER, "user_name",
- RQ_CLIENT_NAME, "client_hostname",
- RQ_CLIENT_ADDR, "client_addr",
- RQ_FILE, 1,
- 0);
-
- /*
- * Examine all access-control rules.
- */
- defl_verdict = PERMIT;
- parse_table(hosts_allow_table, &request);
- defl_verdict = DENY;
- parse_table(hosts_deny_table, &request);
- return (0);
-}
-
-/* usage - explain */
-
-static void usage()
-{
- fprintf(stderr, "usage: %s [-a] [-d] [-i inet_conf] [-v]\n", myname);
- fprintf(stderr, " -a: report rules with implicit \"ALLOW\" at end\n");
- fprintf(stderr, " -d: use allow/deny files in current directory\n");
- fprintf(stderr, " -i: location of inetd.conf file\n");
- fprintf(stderr, " -v: list all rules\n");
- exit(1);
-}
-
-/* parse_table - like table_match(), but examines _all_ entries */
-
-static void parse_table(table, request)
-char *table;
-struct request_info *request;
-{
- FILE *fp;
- int real_verdict;
- char sv_list[BUFLEN]; /* becomes list of daemons */
- char *cl_list; /* becomes list of requests */
- char *sh_cmd; /* becomes optional shell command */
- char buf[BUFSIZ];
- int verdict;
- struct tcpd_context saved_context;
-
- saved_context = tcpd_context; /* stupid compilers */
-
- if (fp = fopen(table, "r")) {
- tcpd_context.file = table;
- tcpd_context.line = 0;
- while (xgets(sv_list, sizeof(sv_list), fp)) {
- if (sv_list[strlen(sv_list) - 1] != '\n') {
- tcpd_warn("missing newline or line too long");
- continue;
- }
- if (sv_list[0] == '#' || sv_list[strspn(sv_list, " \t\r\n")] == 0)
- continue;
- if ((cl_list = split_at(sv_list, ':')) == 0) {
- tcpd_warn("missing \":\" separator");
- continue;
- }
- sh_cmd = split_at(cl_list, ':');
-
- if (hosts_access_verbose)
- printf("\n>>> Rule %s line %d:\n",
- tcpd_context.file, tcpd_context.line);
-
- if (hosts_access_verbose)
- print_list("daemons: ", sv_list);
- check_daemon_list(sv_list);
-
- if (hosts_access_verbose)
- print_list("clients: ", cl_list);
- check_client_list(cl_list);
-
-#ifdef PROCESS_OPTIONS
- real_verdict = defl_verdict;
- if (sh_cmd) {
- verdict = setjmp(tcpd_buf);
- if (verdict != 0) {
- real_verdict = (verdict == AC_PERMIT);
- } else {
- dry_run = 1;
- process_options(sh_cmd, request);
- if (dry_run == 1 && real_verdict && allow_check)
- tcpd_warn("implicit \"allow\" at end of rule");
- }
- } else if (defl_verdict && allow_check) {
- tcpd_warn("implicit \"allow\" at end of rule");
- }
- if (hosts_access_verbose)
- printf("access: %s\n", real_verdict ? "granted" : "denied");
-#else
- if (sh_cmd)
- shell_cmd(percent_x(buf, sizeof(buf), sh_cmd, request));
- if (hosts_access_verbose)
- printf("access: %s\n", defl_verdict ? "granted" : "denied");
-#endif
- }
- (void) fclose(fp);
- } else if (errno != ENOENT) {
- tcpd_warn("cannot open %s: %m", table);
- }
- tcpd_context = saved_context;
-}
-
-/* print_list - pretty-print a list */
-
-static void print_list(title, list)
-char *title;
-char *list;
-{
- char buf[BUFLEN];
- char *cp;
- char *next;
-
- fputs(title, stdout);
- strcpy(buf, list);
-
- for (cp = strtok(buf, sep); cp != 0; cp = next) {
- fputs(cp, stdout);
- next = strtok((char *) 0, sep);
- if (next != 0)
- fputs(" ", stdout);
- }
- fputs("\n", stdout);
-}
-
-/* check_daemon_list - criticize daemon list */
-
-static void check_daemon_list(list)
-char *list;
-{
- char buf[BUFLEN];
- char *cp;
- char *host;
- int daemons = 0;
-
- strcpy(buf, list);
-
- for (cp = strtok(buf, sep); cp != 0; cp = strtok((char *) 0, sep)) {
- if (STR_EQ(cp, "EXCEPT")) {
- daemons = 0;
- } else {
- daemons++;
- if ((host = split_at(cp + 1, '@')) != 0 && check_host(host) > 1) {
- tcpd_warn("host %s has more than one address", host);
- tcpd_warn("(consider using an address instead)");
- }
- check_daemon(cp);
- }
- }
- if (daemons == 0)
- tcpd_warn("daemon list is empty or ends in EXCEPT");
-}
-
-/* check_client_list - criticize client list */
-
-static void check_client_list(list)
-char *list;
-{
- char buf[BUFLEN];
- char *cp;
- char *host;
- int clients = 0;
-
- strcpy(buf, list);
-
- for (cp = strtok(buf, sep); cp != 0; cp = strtok((char *) 0, sep)) {
- if (STR_EQ(cp, "EXCEPT")) {
- clients = 0;
- } else {
- clients++;
- if (host = split_at(cp + 1, '@')) { /* user@host */
- check_user(cp);
- check_host(host);
- } else {
- check_host(cp);
- }
- }
- }
- if (clients == 0)
- tcpd_warn("client list is empty or ends in EXCEPT");
-}
-
-/* check_daemon - criticize daemon pattern */
-
-static void check_daemon(pat)
-char *pat;
-{
- if (pat[0] == '@') {
- tcpd_warn("%s: daemon name begins with \"@\"", pat);
- } else if (pat[0] == '.') {
- tcpd_warn("%s: daemon name begins with dot", pat);
- } else if (pat[strlen(pat) - 1] == '.') {
- tcpd_warn("%s: daemon name ends in dot", pat);
- } else if (STR_EQ(pat, "ALL") || STR_EQ(pat, unknown)) {
- /* void */ ;
- } else if (STR_EQ(pat, "FAIL")) { /* obsolete */
- tcpd_warn("FAIL is no longer recognized");
- tcpd_warn("(use EXCEPT or DENY instead)");
- } else if (reserved_name(pat)) {
- tcpd_warn("%s: daemon name may be reserved word", pat);
- } else {
- switch (inet_get(pat)) {
- case WR_UNKNOWN:
- tcpd_warn("%s: no such process name in %s", pat, inetcf);
- inet_set(pat, WR_YES); /* shut up next time */
- break;
- case WR_NOT:
- tcpd_warn("%s: service possibly not wrapped", pat);
- inet_set(pat, WR_YES);
- break;
- }
- }
-}
-
-/* check_user - criticize user pattern */
-
-static void check_user(pat)
-char *pat;
-{
- if (pat[0] == '@') { /* @netgroup */
- tcpd_warn("%s: user name begins with \"@\"", pat);
- } else if (pat[0] == '.') {
- tcpd_warn("%s: user name begins with dot", pat);
- } else if (pat[strlen(pat) - 1] == '.') {
- tcpd_warn("%s: user name ends in dot", pat);
- } else if (STR_EQ(pat, "ALL") || STR_EQ(pat, unknown)
- || STR_EQ(pat, "KNOWN")) {
- /* void */ ;
- } else if (STR_EQ(pat, "FAIL")) { /* obsolete */
- tcpd_warn("FAIL is no longer recognized");
- tcpd_warn("(use EXCEPT or DENY instead)");
- } else if (reserved_name(pat)) {
- tcpd_warn("%s: user name may be reserved word", pat);
- }
-}
-
-/* check_host - criticize host pattern */
-
-static int check_host(pat)
-char *pat;
-{
- char *mask;
- int addr_count = 1;
-
- if (pat[0] == '@') { /* @netgroup */
-#ifdef NO_NETGRENT
- /* SCO has no *netgrent() support */
-#else
-#ifdef NETGROUP
- char *machinep;
- char *userp;
- char *domainp;
-
- setnetgrent(pat + 1);
- if (getnetgrent(&machinep, &userp, &domainp) == 0)
- tcpd_warn("%s: unknown or empty netgroup", pat + 1);
- endnetgrent();
-#else
- tcpd_warn("netgroup support disabled");
-#endif
-#endif
- } else if (mask = split_at(pat, '/')) { /* network/netmask */
- if (dot_quad_addr(pat) == INADDR_NONE
- || dot_quad_addr(mask) == INADDR_NONE)
- tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
- } else if (STR_EQ(pat, "FAIL")) { /* obsolete */
- tcpd_warn("FAIL is no longer recognized");
- tcpd_warn("(use EXCEPT or DENY instead)");
- } else if (reserved_name(pat)) { /* other reserved */
- /* void */ ;
- } else if (NOT_INADDR(pat)) { /* internet name */
- if (pat[strlen(pat) - 1] == '.') {
- tcpd_warn("%s: domain or host name ends in dot", pat);
- } else if (pat[0] != '.') {
- addr_count = check_dns(pat);
- }
- } else { /* numeric form */
- if (STR_EQ(pat, "0.0.0.0") || STR_EQ(pat, "255.255.255.255")) {
- /* void */ ;
- } else if (pat[0] == '.') {
- tcpd_warn("%s: network number begins with dot", pat);
- } else if (pat[strlen(pat) - 1] != '.') {
- check_dns(pat);
- }
- }
- return (addr_count);
-}
-
-/* reserved_name - determine if name is reserved */
-
-static int reserved_name(pat)
-char *pat;
-{
- return (STR_EQ(pat, unknown)
- || STR_EQ(pat, "KNOWN")
- || STR_EQ(pat, paranoid)
- || STR_EQ(pat, "ALL")
- || STR_EQ(pat, "LOCAL"));
-}
diff --git a/usr/src/cmd/tcpd/tcpdmatch.c.org b/usr/src/cmd/tcpd/tcpdmatch.c.org
deleted file mode 100644
index b1cf75f25c..0000000000
--- a/usr/src/cmd/tcpd/tcpdmatch.c.org
+++ /dev/null
@@ -1,328 +0,0 @@
- /*
- * tcpdmatch - explain what tcpd would do in a specific case
- *
- * usage: tcpdmatch [-d] [-i inet_conf] daemon[@host] [user@]host
- *
- * -d: use the access control tables in the current directory.
- *
- * -i: location of inetd.conf file.
- *
- * All errors are reported to the standard error stream, including the errors
- * that would normally be reported via the syslog daemon.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) tcpdmatch.c 1.5 96/02/11 17:01:36";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <setjmp.h>
-#include <string.h>
-
-extern void exit();
-extern int optind;
-extern char *optarg;
-
-#ifndef INADDR_NONE
-#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
-#endif
-
-#ifndef S_ISDIR
-#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
-#endif
-
-/* Application-specific. */
-
-#include "tcpd.h"
-#include "inetcf.h"
-#include "scaffold.h"
-
-static void usage();
-static void tcpdmatch();
-
-/* The main program */
-
-int main(argc, argv)
-int argc;
-char **argv;
-{
- struct hostent *hp;
- char *myname = argv[0];
- char *client;
- char *server;
- char *addr;
- char *user;
- char *daemon;
- struct request_info request;
- int ch;
- char *inetcf = 0;
- int count;
- struct sockaddr_in server_sin;
- struct sockaddr_in client_sin;
- struct stat st;
-
- /*
- * Show what rule actually matched.
- */
- hosts_access_verbose = 2;
-
- /*
- * Parse the JCL.
- */
- while ((ch = getopt(argc, argv, "di:")) != EOF) {
- switch (ch) {
- case 'd':
- hosts_allow_table = "hosts.allow";
- hosts_deny_table = "hosts.deny";
- break;
- case 'i':
- inetcf = optarg;
- break;
- default:
- usage(myname);
- /* NOTREACHED */
- }
- }
- if (argc != optind + 2)
- usage(myname);
-
- /*
- * When confusion really strikes...
- */
- if (check_path(REAL_DAEMON_DIR, &st) < 0) {
- tcpd_warn("REAL_DAEMON_DIR %s: %m", REAL_DAEMON_DIR);
- } else if (!S_ISDIR(st.st_mode)) {
- tcpd_warn("REAL_DAEMON_DIR %s is not a directory", REAL_DAEMON_DIR);
- }
-
- /*
- * Default is to specify a daemon process name. When daemon@host is
- * specified, separate the two parts.
- */
- if ((server = split_at(argv[optind], '@')) == 0)
- server = unknown;
- if (argv[optind][0] == '/') {
- daemon = strrchr(argv[optind], '/') + 1;
- tcpd_warn("%s: daemon name normalized to: %s", argv[optind], daemon);
- } else {
- daemon = argv[optind];
- }
-
- /*
- * Default is to specify a client hostname or address. When user@host is
- * specified, separate the two parts.
- */
- if ((client = split_at(argv[optind + 1], '@')) != 0) {
- user = argv[optind + 1];
- } else {
- client = argv[optind + 1];
- user = unknown;
- }
-
- /*
- * Analyze the inetd (or tlid) configuration file, so that we can warn
- * the user about services that may not be wrapped, services that are not
- * configured, or services that are wrapped in an incorrect manner. Allow
- * for services that are not run from inetd, or that have tcpd access
- * control built into them.
- */
- inetcf = inet_cfg(inetcf);
- inet_set("portmap", WR_NOT);
- inet_set("rpcbind", WR_NOT);
- switch (inet_get(daemon)) {
- case WR_UNKNOWN:
- tcpd_warn("%s: no such process name in %s", daemon, inetcf);
- break;
- case WR_NOT:
- tcpd_warn("%s: service possibly not wrapped", daemon);
- break;
- }
-
- /*
- * Check accessibility of access control files.
- */
- (void) check_path(hosts_allow_table, &st);
- (void) check_path(hosts_deny_table, &st);
-
- /*
- * Fill in what we have figured out sofar. Use socket and DNS routines
- * for address and name conversions. We attach stdout to the request so
- * that banner messages will become visible.
- */
- request_init(&request, RQ_DAEMON, daemon, RQ_USER, user, RQ_FILE, 1, 0);
- sock_methods(&request);
-
- /*
- * If a server hostname is specified, insist that the name maps to at
- * most one address. eval_hostname() warns the user about name server
- * problems, while using the request.server structure as a cache for host
- * address and name conversion results.
- */
- if (NOT_INADDR(server) == 0 || HOSTNAME_KNOWN(server)) {
- if ((hp = find_inet_addr(server)) == 0)
- exit(1);
- memset((char *) &server_sin, 0, sizeof(server_sin));
- server_sin.sin_family = AF_INET;
- request_set(&request, RQ_SERVER_SIN, &server_sin, 0);
-
- for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
- memcpy((char *) &server_sin.sin_addr, addr,
- sizeof(server_sin.sin_addr));
-
- /*
- * Force evaluation of server host name and address. Host name
- * conflicts will be reported while eval_hostname() does its job.
- */
- request_set(&request, RQ_SERVER_NAME, "", RQ_SERVER_ADDR, "", 0);
- if (STR_EQ(eval_hostname(request.server), unknown))
- tcpd_warn("host address %s->name lookup failed",
- eval_hostaddr(request.server));
- }
- if (count > 1) {
- fprintf(stderr, "Error: %s has more than one address\n", server);
- fprintf(stderr, "Please specify an address instead\n");
- exit(1);
- }
- free((char *) hp);
- } else {
- request_set(&request, RQ_SERVER_NAME, server, 0);
- }
-
- /*
- * If a client address is specified, we simulate the effect of client
- * hostname lookup failure.
- */
- if (dot_quad_addr(client) != INADDR_NONE) {
- request_set(&request, RQ_CLIENT_ADDR, client, 0);
- tcpdmatch(&request);
- exit(0);
- }
-
- /*
- * Perhaps they are testing special client hostname patterns that aren't
- * really host names at all.
- */
- if (NOT_INADDR(client) && HOSTNAME_KNOWN(client) == 0) {
- request_set(&request, RQ_CLIENT_NAME, client, 0);
- tcpdmatch(&request);
- exit(0);
- }
-
- /*
- * Otherwise, assume that a client hostname is specified, and insist that
- * the address can be looked up. The reason for this requirement is that
- * in real life the client address is available (at least with IP). Let
- * eval_hostname() figure out if this host is properly registered, while
- * using the request.client structure as a cache for host name and
- * address conversion results.
- */
- if ((hp = find_inet_addr(client)) == 0)
- exit(1);
- memset((char *) &client_sin, 0, sizeof(client_sin));
- client_sin.sin_family = AF_INET;
- request_set(&request, RQ_CLIENT_SIN, &client_sin, 0);
-
- for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
- memcpy((char *) &client_sin.sin_addr, addr,
- sizeof(client_sin.sin_addr));
-
- /*
- * Force evaluation of client host name and address. Host name
- * conflicts will be reported while eval_hostname() does its job.
- */
- request_set(&request, RQ_CLIENT_NAME, "", RQ_CLIENT_ADDR, "", 0);
- if (STR_EQ(eval_hostname(request.client), unknown))
- tcpd_warn("host address %s->name lookup failed",
- eval_hostaddr(request.client));
- tcpdmatch(&request);
- if (hp->h_addr_list[count + 1])
- printf("\n");
- }
- free((char *) hp);
- exit(0);
-}
-
-/* Explain how to use this program */
-
-static void usage(myname)
-char *myname;
-{
- fprintf(stderr, "usage: %s [-d] [-i inet_conf] daemon[@host] [user@]host\n",
- myname);
- fprintf(stderr, " -d: use allow/deny files in current directory\n");
- fprintf(stderr, " -i: location of inetd.conf file\n");
- exit(1);
-}
-
-/* Print interesting expansions */
-
-static void expand(text, pattern, request)
-char *text;
-char *pattern;
-struct request_info *request;
-{
- char buf[BUFSIZ];
-
- if (STR_NE(percent_x(buf, sizeof(buf), pattern, request), unknown))
- printf("%s %s\n", text, buf);
-}
-
-/* Try out a (server,client) pair */
-
-static void tcpdmatch(request)
-struct request_info *request;
-{
- int verdict;
-
- /*
- * Show what we really know. Suppress uninteresting noise.
- */
- expand("client: hostname", "%n", request);
- expand("client: address ", "%a", request);
- expand("client: username", "%u", request);
- expand("server: hostname", "%N", request);
- expand("server: address ", "%A", request);
- expand("server: process ", "%d", request);
-
- /*
- * Reset stuff that might be changed by options handlers. In dry-run
- * mode, extension language routines that would not return should inform
- * us of their plan, by clearing the dry_run flag. This is a bit clumsy
- * but we must be able to verify hosts with more than one network
- * address.
- */
- rfc931_timeout = RFC931_TIMEOUT;
- allow_severity = SEVERITY;
- deny_severity = LOG_WARNING;
- dry_run = 1;
-
- /*
- * When paranoid mode is enabled, access is rejected no matter what the
- * access control rules say.
- */
-#ifdef PARANOID
- if (STR_EQ(eval_hostname(request->client), paranoid)) {
- printf("access: denied (PARANOID mode)\n\n");
- return;
- }
-#endif
-
- /*
- * Report the access control verdict.
- */
- verdict = hosts_access(request);
- printf("access: %s\n",
- dry_run == 0 ? "delegated" :
- verdict ? "granted" : "denied");
-}
diff --git a/usr/src/cmd/tcpd/tli-sequent.c b/usr/src/cmd/tcpd/tli-sequent.c
deleted file mode 100644
index 8858966876..0000000000
--- a/usr/src/cmd/tcpd/tli-sequent.c
+++ /dev/null
@@ -1,193 +0,0 @@
- /*
- * Warning - this relies heavily on the TLI implementation in PTX 2.X and will
- * probably not work under PTX 4.
- *
- * Author: Tim Wright, Sequent Computer Systems Ltd., UK.
- *
- * Modified slightly to conform to the new internal interfaces - Wietse
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) tli-sequent.c 1.1 94/12/28 17:42:51";
-#endif
-
-#ifdef TLI_SEQUENT
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/tiuser.h>
-#include <sys/stream.h>
-#include <sys/stropts.h>
-#include <sys/tihdr.h>
-#include <sys/timod.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-
-extern int errno;
-extern char *sys_errlist[];
-extern int sys_nerr;
-extern int t_errno;
-extern char *t_errlist[];
-extern int t_nerr;
-
-/* Local stuff. */
-
-#include "tcpd.h"
-#include "tli-sequent.h"
-
-/* Forward declarations. */
-
-static char *tli_error();
-static void tli_sink();
-
-/* tli_host - determine endpoint info */
-
-int tli_host(request)
-struct request_info *request;
-{
- static struct sockaddr_in client;
- static struct sockaddr_in server;
- struct _ti_user *tli_state_ptr;
- union T_primitives *TSI_prim_ptr;
- struct strpeek peek;
- int len;
-
- /*
- * Use DNS and socket routines for name and address conversions.
- */
-
- sock_methods(request);
-
- /*
- * Find out the client address using getpeerinaddr(). This call is the
- * TLI equivalent to getpeername() under Dynix/ptx.
- */
-
- len = sizeof(client);
- t_sync(request->fd);
- if (getpeerinaddr(request->fd, &client, len) < 0) {
- tcpd_warn("can't get client address: %s", tli_error());
- return;
- }
- request->client->sin = &client;
-
- /* Call TLI utility routine to get information on endpoint */
- if ((tli_state_ptr = _t_checkfd(request->fd)) == NULL)
- return;
-
- if (tli_state_ptr->ti_servtype == T_CLTS) {
- /* UDP - may need to get address the hard way */
- if (client.sin_addr.s_addr == 0) {
- /* The UDP endpoint is not connected so we didn't get the */
- /* remote address - get it the hard way ! */
-
- /* Look at the control part of the top message on the stream */
- /* we don't want to remove it from the stream so we use I_PEEK */
- peek.ctlbuf.maxlen = tli_state_ptr->ti_ctlsize;
- peek.ctlbuf.len = 0;
- peek.ctlbuf.buf = tli_state_ptr->ti_ctlbuf;
- /* Don't even look at the data */
- peek.databuf.maxlen = -1;
- peek.databuf.len = 0;
- peek.databuf.buf = 0;
- peek.flags = 0;
-
- switch (ioctl(request->fd, I_PEEK, &peek)) {
- case -1:
- tcpd_warn("can't peek at endpoint: %s", tli_error());
- return;
- case 0:
- /* No control part - we're hosed */
- tcpd_warn("can't get UDP info: %s", tli_error());
- return;
- default:
- /* FALL THROUGH */
- ;
- }
- /* Can we even check the PRIM_type ? */
- if (peek.ctlbuf.len < sizeof(long)) {
- tcpd_warn("UDP control info garbage");
- return;
- }
- TSI_prim_ptr = (union T_primitives *) peek.ctlbuf.buf;
- if (TSI_prim_ptr->type != T_UNITDATA_IND) {
- tcpd_warn("wrong type for UDP control info");
- return;
- }
- /* Validate returned unitdata indication packet */
- if ((peek.ctlbuf.len < sizeof(struct T_unitdata_ind)) ||
- ((TSI_prim_ptr->unitdata_ind.OPT_length != 0) &&
- (peek.ctlbuf.len <
- TSI_prim_ptr->unitdata_ind.OPT_length +
- TSI_prim_ptr->unitdata_ind.OPT_offset))) {
- tcpd_warn("UDP control info garbaged");
- return;
- }
- /* Extract the address */
- memcpy(&client,
- peek.ctlbuf.buf + TSI_prim_ptr->unitdata_ind.SRC_offset,
- TSI_prim_ptr->unitdata_ind.SRC_length);
- }
- request->sink = tli_sink;
- }
- if (getmyinaddr(request->fd, &server, len) < 0)
- tcpd_warn("can't get local address: %s", tli_error());
- else
- request->server->sin = &server;
-}
-
-/* tli_error - convert tli error number to text */
-
-static char *tli_error()
-{
- static char buf[40];
-
- if (t_errno != TSYSERR) {
- if (t_errno < 0 || t_errno >= t_nerr) {
- sprintf(buf, "Unknown TLI error %d", t_errno);
- return (buf);
- } else {
- return (t_errlist[t_errno]);
- }
- } else {
- if (errno < 0 || errno >= sys_nerr) {
- sprintf(buf, "Unknown UNIX error %d", errno);
- return (buf);
- } else {
- return (sys_errlist[errno]);
- }
- }
-}
-
-/* tli_sink - absorb unreceived datagram */
-
-static void tli_sink(fd)
-int fd;
-{
- struct t_unitdata *unit;
- int flags;
-
- /*
- * Something went wrong. Absorb the datagram to keep inetd from looping.
- * Allocate storage for address, control and data. If that fails, sleep
- * for a couple of seconds in an attempt to keep inetd from looping too
- * fast.
- */
-
- if ((unit = (struct t_unitdata *) t_alloc(fd, T_UNITDATA, T_ALL)) == 0) {
- tcpd_warn("t_alloc: %s", tli_error());
- sleep(5);
- } else {
- (void) t_rcvudata(fd, unit, &flags);
- t_free((void *) unit, T_UNITDATA);
- }
-}
-
-#endif /* TLI_SEQUENT */
diff --git a/usr/src/cmd/tcpd/tli-sequent.h b/usr/src/cmd/tcpd/tli-sequent.h
deleted file mode 100644
index 4474d3cdb6..0000000000
--- a/usr/src/cmd/tcpd/tli-sequent.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifdef __STDC__
-#define __P(X) X
-#else
-#define __P(X) ()
-#endif
-
-extern int t_sync __P((int));
-extern char *t_alloc __P((int, int, int));
-extern int t_free __P((char *, int));
-extern int t_rcvudata __P((int, struct t_unitdata *, int *));
-extern int getpeerinaddr __P((int, struct sockaddr_in *, int));
-extern int getmyinaddr __P((int, struct sockaddr_in *, int));
-extern struct _ti_user *_t_checkfd __P((int));
diff --git a/usr/src/cmd/tcpd/tli.c.org b/usr/src/cmd/tcpd/tli.c.org
deleted file mode 100644
index 14579d1cba..0000000000
--- a/usr/src/cmd/tcpd/tli.c.org
+++ /dev/null
@@ -1,341 +0,0 @@
- /*
- * tli_host() determines the type of transport (connected, connectionless),
- * the transport address of a client host, and the transport address of a
- * server endpoint. In addition, it provides methods to map a transport
- * address to a printable host name or address. Socket address results are
- * in static memory; tli structures are allocated from the heap.
- *
- * The result from the hostname lookup method is STRING_PARANOID when a host
- * pretends to have someone elses name, or when a host name is available but
- * could not be verified.
- *
- * Diagnostics are reported through syslog(3).
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) tli.c 1.15 97/03/21 19:27:25";
-#endif
-
-#ifdef TLI
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stream.h>
-#include <sys/stat.h>
-#include <sys/mkdev.h>
-#include <sys/tiuser.h>
-#include <sys/timod.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <errno.h>
-#include <netconfig.h>
-#include <netdir.h>
-#include <string.h>
-
-extern char *nc_sperror();
-extern int errno;
-extern char *sys_errlist[];
-extern int sys_nerr;
-extern int t_errno;
-extern char *t_errlist[];
-extern int t_nerr;
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-/* Forward declarations. */
-
-static void tli_endpoints();
-static struct netconfig *tli_transport();
-static void tli_hostname();
-static void tli_hostaddr();
-static void tli_cleanup();
-static char *tli_error();
-static void tli_sink();
-
-/* tli_host - look up endpoint addresses and install conversion methods */
-
-void tli_host(request)
-struct request_info *request;
-{
- static struct sockaddr_in client;
- static struct sockaddr_in server;
-
- /*
- * If we discover that we are using an IP transport, pretend we never
- * were here. Otherwise, use the transport-independent method and stick
- * to generic network addresses. XXX hard-coded protocol family name.
- */
-
- tli_endpoints(request);
- if ((request->config = tli_transport(request->fd)) != 0
- && STR_EQ(request->config->nc_protofmly, "inet")) {
- if (request->client->unit != 0) {
- client = *(struct sockaddr_in *) request->client->unit->addr.buf;
- request->client->sin = &client;
- }
- if (request->server->unit != 0) {
- server = *(struct sockaddr_in *) request->server->unit->addr.buf;
- request->server->sin = &server;
- }
- tli_cleanup(request);
- sock_methods(request);
- } else {
- request->hostname = tli_hostname;
- request->hostaddr = tli_hostaddr;
- request->cleanup = tli_cleanup;
- }
-}
-
-/* tli_cleanup - cleanup some dynamically-allocated data structures */
-
-static void tli_cleanup(request)
-struct request_info *request;
-{
- if (request->config != 0)
- freenetconfigent(request->config);
- if (request->client->unit != 0)
- t_free((char *) request->client->unit, T_UNITDATA);
- if (request->server->unit != 0)
- t_free((char *) request->server->unit, T_UNITDATA);
-}
-
-/* tli_endpoints - determine TLI client and server endpoint information */
-
-static void tli_endpoints(request)
-struct request_info *request;
-{
- struct t_unitdata *server;
- struct t_unitdata *client;
- int fd = request->fd;
- int flags;
-
- /*
- * Determine the client endpoint address. With unconnected services, peek
- * at the sender address of the pending protocol data unit without
- * popping it off the receive queue. This trick works because only the
- * address member of the unitdata structure has been allocated.
- *
- * Beware of successful returns with zero-length netbufs (for example,
- * Solaris 2.3 with ticlts transport). The netdir(3) routines can't
- * handle that. Assume connection-less transport when TI_GETPEERNAME
- * produces no usable result, even when t_rcvudata() is unable to figure
- * out the peer address. Better to hang than to loop.
- */
-
- if ((client = (struct t_unitdata *) t_alloc(fd, T_UNITDATA, T_ADDR)) == 0) {
- tcpd_warn("t_alloc: %s", tli_error());
- return;
- }
- if (ioctl(fd, TI_GETPEERNAME, &client->addr) < 0 || client->addr.len == 0) {
- request->sink = tli_sink;
- if (t_rcvudata(fd, client, &flags) < 0 || client->addr.len == 0) {
- tcpd_warn("can't get client address: %s", tli_error());
- t_free((void *) client, T_UNITDATA);
- return;
- }
- }
- request->client->unit = client;
-
- /*
- * Look up the server endpoint address. This can be used for filtering on
- * server address or name, or to look up the client user.
- */
-
- if ((server = (struct t_unitdata *) t_alloc(fd, T_UNITDATA, T_ADDR)) == 0) {
- tcpd_warn("t_alloc: %s", tli_error());
- return;
- }
- if (ioctl(fd, TI_GETMYNAME, &server->addr) < 0) {
- tcpd_warn("TI_GETMYNAME: %m");
- t_free((void *) server, T_UNITDATA);
- return;
- }
- request->server->unit = server;
-}
-
-/* tli_transport - find out TLI transport type */
-
-static struct netconfig *tli_transport(fd)
-int fd;
-{
- struct stat from_client;
- struct stat from_config;
- void *handlep;
- struct netconfig *config;
-
- /*
- * Assuming that the network device is a clone device, we must compare
- * the major device number of stdin to the minor device number of the
- * devices listed in the netconfig table.
- */
-
- if (fstat(fd, &from_client) != 0) {
- tcpd_warn("fstat(fd %d): %m", fd);
- return (0);
- }
- if ((handlep = setnetconfig()) == 0) {
- tcpd_warn("setnetconfig: %m");
- return (0);
- }
- while (config = getnetconfig(handlep)) {
- if (stat(config->nc_device, &from_config) == 0) {
- if (minor(from_config.st_rdev) == major(from_client.st_rdev))
- break;
- }
- }
- if (config == 0) {
- tcpd_warn("unable to identify transport protocol");
- return (0);
- }
-
- /*
- * Something else may clobber our getnetconfig() result, so we'd better
- * acquire our private copy.
- */
-
- if ((config = getnetconfigent(config->nc_netid)) == 0) {
- tcpd_warn("getnetconfigent(%s): %s", config->nc_netid, nc_sperror());
- return (0);
- }
- return (config);
-}
-
-/* tli_hostaddr - map TLI transport address to printable address */
-
-static void tli_hostaddr(host)
-struct host_info *host;
-{
- struct request_info *request = host->request;
- struct netconfig *config = request->config;
- struct t_unitdata *unit = host->unit;
- char *uaddr;
-
- if (config != 0 && unit != 0
- && (uaddr = taddr2uaddr(config, &unit->addr)) != 0) {
- STRN_CPY(host->addr, uaddr, sizeof(host->addr));
- free(uaddr);
- }
-}
-
-/* tli_hostname - map TLI transport address to hostname */
-
-static void tli_hostname(host)
-struct host_info *host;
-{
- struct request_info *request = host->request;
- struct netconfig *config = request->config;
- struct t_unitdata *unit = host->unit;
- struct nd_hostservlist *servlist;
-
- if (config != 0 && unit != 0
- && netdir_getbyaddr(config, &servlist, &unit->addr) == ND_OK) {
-
- struct nd_hostserv *service = servlist->h_hostservs;
- struct nd_addrlist *addr_list;
- int found = 0;
-
- if (netdir_getbyname(config, service, &addr_list) != ND_OK) {
-
- /*
- * Unable to verify that the name matches the address. This may
- * be a transient problem or a botched name server setup. We
- * decide to play safe.
- */
-
- tcpd_warn("can't verify hostname: netdir_getbyname(%.*s) failed",
- STRING_LENGTH, service->h_host);
-
- } else {
-
- /*
- * Look up the host address in the address list we just got. The
- * comparison is done on the textual representation, because the
- * transport address is an opaque structure that may have holes
- * with uninitialized garbage. This approach obviously loses when
- * the address does not have a textual representation.
- */
-
- char *uaddr = eval_hostaddr(host);
- char *ua;
- int i;
-
- for (i = 0; found == 0 && i < addr_list->n_cnt; i++) {
- if ((ua = taddr2uaddr(config, &(addr_list->n_addrs[i]))) != 0) {
- found = !strcmp(ua, uaddr);
- free(ua);
- }
- }
- netdir_free((void *) addr_list, ND_ADDRLIST);
-
- /*
- * When the host name does not map to the initial address, assume
- * someone has compromised a name server. More likely someone
- * botched it, but that could be dangerous, too.
- */
-
- if (found == 0)
- tcpd_warn("host name/address mismatch: %s != %.*s",
- host->addr, STRING_LENGTH, service->h_host);
- }
- STRN_CPY(host->name, found ? service->h_host : paranoid,
- sizeof(host->name));
- netdir_free((void *) servlist, ND_HOSTSERVLIST);
- }
-}
-
-/* tli_error - convert tli error number to text */
-
-static char *tli_error()
-{
- static char buf[40];
-
- if (t_errno != TSYSERR) {
- if (t_errno < 0 || t_errno >= t_nerr) {
- sprintf(buf, "Unknown TLI error %d", t_errno);
- return (buf);
- } else {
- return (t_errlist[t_errno]);
- }
- } else {
- if (errno < 0 || errno >= sys_nerr) {
- sprintf(buf, "Unknown UNIX error %d", errno);
- return (buf);
- } else {
- return (sys_errlist[errno]);
- }
- }
-}
-
-/* tli_sink - absorb unreceived datagram */
-
-static void tli_sink(fd)
-int fd;
-{
- struct t_unitdata *unit;
- int flags;
-
- /*
- * Something went wrong. Absorb the datagram to keep inetd from looping.
- * Allocate storage for address, control and data. If that fails, sleep
- * for a couple of seconds in an attempt to keep inetd from looping too
- * fast.
- */
-
- if ((unit = (struct t_unitdata *) t_alloc(fd, T_UNITDATA, T_ALL)) == 0) {
- tcpd_warn("t_alloc: %s", tli_error());
- sleep(5);
- } else {
- (void) t_rcvudata(fd, unit, &flags);
- t_free((void *) unit, T_UNITDATA);
- }
-}
-
-#endif /* TLI */
diff --git a/usr/src/cmd/tcpd/update.c.org b/usr/src/cmd/tcpd/update.c.org
deleted file mode 100644
index a76cf2bb23..0000000000
--- a/usr/src/cmd/tcpd/update.c.org
+++ /dev/null
@@ -1,119 +0,0 @@
- /*
- * Routines for controlled update/initialization of request structures.
- *
- * request_init() initializes its argument. Pointers and string-valued members
- * are initialized to zero, to indicate that no lookup has been attempted.
- *
- * request_set() adds information to an already initialized request structure.
- *
- * Both functions take a variable-length name-value list.
- *
- * Diagnostics are reported through syslog(3).
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) update.c 1.1 94/12/28 17:42:56";
-#endif
-
-/* System libraries */
-
-#include <stdio.h>
-#include <syslog.h>
-#include <string.h>
-
-/* Local stuff. */
-
-#include "mystdarg.h"
-#include "tcpd.h"
-
-/* request_fill - request update engine */
-
-static struct request_info *request_fill(request, ap)
-struct request_info *request;
-va_list ap;
-{
- int key;
- char *ptr;
-
- while ((key = va_arg(ap, int)) > 0) {
- switch (key) {
- default:
- tcpd_warn("request_fill: invalid key: %d", key);
- return (request);
- case RQ_FILE:
- request->fd = va_arg(ap, int);
- continue;
- case RQ_CLIENT_SIN:
- request->client->sin = va_arg(ap, struct sockaddr_in *);
- continue;
- case RQ_SERVER_SIN:
- request->server->sin = va_arg(ap, struct sockaddr_in *);
- continue;
-
- /*
- * All other fields are strings with the same maximal length.
- */
-
- case RQ_DAEMON:
- ptr = request->daemon;
- break;
- case RQ_USER:
- ptr = request->user;
- break;
- case RQ_CLIENT_NAME:
- ptr = request->client->name;
- break;
- case RQ_CLIENT_ADDR:
- ptr = request->client->addr;
- break;
- case RQ_SERVER_NAME:
- ptr = request->server->name;
- break;
- case RQ_SERVER_ADDR:
- ptr = request->server->addr;
- break;
- }
- STRN_CPY(ptr, va_arg(ap, char *), STRING_LENGTH);
- }
- return (request);
-}
-
-/* request_init - initialize request structure */
-
-struct request_info *VARARGS(request_init, struct request_info *, request)
-{
- static struct request_info default_info;
- struct request_info *r;
- va_list ap;
-
- /*
- * Initialize data members. We do not assign default function pointer
- * members, to avoid pulling in the whole socket module when it is not
- * really needed.
- */
- VASTART(ap, struct request_info *, request);
- *request = default_info;
- request->fd = -1;
- strcpy(request->daemon, unknown);
- sprintf(request->pid, "%d", getpid());
- request->client->request = request;
- request->server->request = request;
- r = request_fill(request, ap);
- VAEND(ap);
- return (r);
-}
-
-/* request_set - update request structure */
-
-struct request_info *VARARGS(request_set, struct request_info *, request)
-{
- struct request_info *r;
- va_list ap;
-
- VASTART(ap, struct request_info *, request);
- r = request_fill(request, ap);
- VAEND(ap);
- return (r);
-}
diff --git a/usr/src/cmd/tcpd/vfprintf.c b/usr/src/cmd/tcpd/vfprintf.c
deleted file mode 100644
index d6f37d59bf..0000000000
--- a/usr/src/cmd/tcpd/vfprintf.c
+++ /dev/null
@@ -1,125 +0,0 @@
- /*
- * vfprintf() and vprintf() clones. They will produce unexpected results
- * when excessive dynamic ("*") field widths are specified. To be used for
- * testing purposes only.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) vfprintf.c 1.2 94/03/23 17:44:46";
-#endif
-
-#include <stdio.h>
-#include <ctype.h>
-#ifdef __STDC__
-#include <stdarg.h>
-#else
-#include <varargs.h>
-#endif
-
-/* vfprintf - print variable-length argument list to stream */
-
-int vfprintf(fp, format, ap)
-FILE *fp;
-char *format;
-va_list ap;
-{
- char fmt[BUFSIZ]; /* format specifier */
- register char *fmtp;
- register char *cp;
- int count = 0;
-
- /*
- * Iterate over characters in the format string, picking up arguments
- * when format specifiers are found.
- */
-
- for (cp = format; *cp; cp++) {
- if (*cp != '%') {
- putc(*cp, fp); /* ordinary character */
- count++;
- } else {
-
- /*
- * Format specifiers are handled one at a time, since we can only
- * deal with arguments one at a time. Try to determine the end of
- * the format specifier. We do not attempt to fully parse format
- * strings, since we are ging to let fprintf() do the hard work.
- * In regular expression notation, we recognize:
- *
- * %-?0?([0-9]+|\*)?\.?([0-9]+|\*)?l?[a-z]
- *
- * which includes some combinations that do not make sense.
- */
-
- fmtp = fmt;
- *fmtp++ = *cp++;
- if (*cp == '-') /* left-adjusted field? */
- *fmtp++ = *cp++;
- if (*cp == '0') /* zero-padded field? */
- *fmtp++ = *cp++;
- if (*cp == '*') { /* dynamic field witdh */
- sprintf(fmtp, "%d", va_arg(ap, int));
- fmtp += strlen(fmtp);
- cp++;
- } else {
- while (isdigit(*cp)) /* hard-coded field width */
- *fmtp++ = *cp++;
- }
- if (*cp == '.') /* width/precision separator */
- *fmtp++ = *cp++;
- if (*cp == '*') { /* dynamic precision */
- sprintf(fmtp, "%d", va_arg(ap, int));
- fmtp += strlen(fmtp);
- cp++;
- } else {
- while (isdigit(*cp)) /* hard-coded precision */
- *fmtp++ = *cp++;
- }
- if (*cp == 'l') /* long whatever */
- *fmtp++ = *cp++;
- if (*cp == 0) /* premature end, punt */
- break;
- *fmtp++ = *cp; /* type (checked below) */
- *fmtp = 0;
-
- /* Execute the format string - let fprintf() do the hard work. */
-
- switch (fmtp[-1]) {
- case 's': /* string-valued argument */
- count += fprintf(fp, fmt, va_arg(ap, char *));
- break;
- case 'c': /* integral-valued argument */
- case 'd':
- case 'u':
- case 'o':
- case 'x':
- if (fmtp[-2] == 'l')
- count += fprintf(fp, fmt, va_arg(ap, long));
- else
- count += fprintf(fp, fmt, va_arg(ap, int));
- break;
- case 'e': /* float-valued argument */
- case 'f':
- case 'g':
- count += fprintf(fp, fmt, va_arg(ap, double));
- break;
- default: /* anything else */
- putc(fmtp[-1], fp);
- count++;
- break;
- }
- }
- }
- return (count);
-}
-
-/* vprintf - print variable-length argument list to stdout */
-
-vprintf(format, ap)
-char *format;
-va_list ap;
-{
- return (vfprintf(stdout, format, ap));
-}
diff --git a/usr/src/lib/libwrap/DISCLAIMER b/usr/src/lib/libwrap/DISCLAIMER
deleted file mode 100644
index 42d82ca775..0000000000
--- a/usr/src/lib/libwrap/DISCLAIMER
+++ /dev/null
@@ -1,16 +0,0 @@
-/************************************************************************
-* Copyright 1995 by Wietse Venema. All rights reserved. Some individual
-* files may be covered by other copyrights.
-*
-* This material was originally written and compiled by Wietse Venema at
-* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
-* 1992, 1993, 1994 and 1995.
-*
-* Redistribution and use in source and binary forms are permitted
-* provided that this entire copyright notice is duplicated in all such
-* copies.
-*
-* This software is provided "as is" and without any expressed or implied
-* warranties, including, without limitation, the implied warranties of
-* merchantibility and fitness for any particular purpose.
-************************************************************************/
diff --git a/usr/src/lib/libwrap/Makefile b/usr/src/lib/libwrap/Makefile
index d50ef1981c..17bab3142f 100644
--- a/usr/src/lib/libwrap/Makefile
+++ b/usr/src/lib/libwrap/Makefile
@@ -2,7 +2,7 @@
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
-# ident "%Z%%M% %I% %E% SMI"
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
#
include ../Makefile.lib
@@ -22,8 +22,6 @@ lint := TARGET = lint
all clean clobber install lint: $(SUBDIRS)
-all install: THIRDPARTYLICENSE
-
install_h: $(ROOTHDRS)
check: $(CHECKHDRS)
@@ -33,9 +31,4 @@ $(SUBDIRS): FRC
FRC:
-THIRDPARTYLICENSE: DISCLAIMER
- $(GREP) -v '\*\*\*\*' DISCLAIMER > $@
-
-CLOBBERFILES += THIRDPARTYLICENSE
-
include ../Makefile.targ
diff --git a/usr/src/lib/libwrap/Makefile.com b/usr/src/lib/libwrap/Makefile.com
index e205f8ec2c..9187bc24bc 100644
--- a/usr/src/lib/libwrap/Makefile.com
+++ b/usr/src/lib/libwrap/Makefile.com
@@ -21,6 +21,8 @@
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
LIBRARY = libwrap.a
MAJOR = .1
@@ -51,15 +53,6 @@ CFLAGS += $(CCVERBOSE) -erroff=E_FUNC_EXPECTS_TO_RETURN_VALUE \
-erroff=E_OLD_STYLE_DECL_HIDES_PROTO \
-_gcc=-Wno-return-type
-DISTFILES = clean_exit.c diag.c eval.c fix_options.c fromhost.c \
- hosts_access.c hosts_ctl.c misc.c mystdarg.h options.c \
- patchlevel.h percent_m.c percent_x.c refuse.c rfc931.c \
- setenv.c shell_cmd.c socket.c tcpd.h tli.c update.c \
- workarounds.c
-
-ROOTSRC = $(ROOT)/usr/share/src/tcp_wrappers
-ROOTSRCFILES = $(DISTFILES:%=$(ROOTSRC)/%)
-
.KEEP_STATE:
all: $(LIBS)
@@ -69,15 +62,6 @@ lint: lintcheck
$(ROOTLIBDIR)/$(LIBLINKS)$(MAJOR): $(ROOTLIBDIR)/$(LIBLINKS)$(VERS)
$(INS.liblink)
-$(ROOTSRCFILES) := FILEMODE = 0444
-$(ROOTSRCFILES): $(ROOTSRC)
-
-$(ROOTSRC):
- $(INS.dir)
-
-$(ROOTSRC)/%: $(SRCDIR)/%
- $(INS.file)
-
include ../../Makefile.targ
diff --git a/usr/src/lib/libwrap/THIRDPARTYLICENSE.descrip b/usr/src/lib/libwrap/THIRDPARTYLICENSE.descrip
deleted file mode 100644
index 63e8502e32..0000000000
--- a/usr/src/lib/libwrap/THIRDPARTYLICENSE.descrip
+++ /dev/null
@@ -1 +0,0 @@
-TCP WRAPPER SOFTWARE
diff --git a/usr/src/lib/libwrap/i386/Makefile b/usr/src/lib/libwrap/i386/Makefile
index 0e11da5547..37ad17a2e4 100644
--- a/usr/src/lib/libwrap/i386/Makefile
+++ b/usr/src/lib/libwrap/i386/Makefile
@@ -2,9 +2,9 @@
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
-# ident "%Z%%M% %I% %E% SMI"
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
#
include ../Makefile.com
-install: all $(ROOTLIBS) .WAIT $(ROOTLINKS) $(ROOTLINT) $(ROOTSRCFILES)
+install: all $(ROOTLIBS) .WAIT $(ROOTLINKS) $(ROOTLINT)
diff --git a/usr/src/lib/libwrap/setenv.c b/usr/src/lib/libwrap/setenv.c
deleted file mode 100644
index d4a53d2845..0000000000
--- a/usr/src/lib/libwrap/setenv.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
-
-#pragma ident "%Z%%M% %I% %E% SMI"
-
- /*
- * Some systems do not have setenv(). This one is modeled after 4.4 BSD, but
- * is implemented in terms of portable primitives only: getenv(), putenv()
- * and malloc(). It should therefore be safe to use on every UNIX system.
- *
- * If clobber == 0, do not overwrite an existing variable.
- *
- * Returns nonzero if memory allocation fails.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) setenv.c 1.1 93/03/07 22:47:58";
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-
-/* setenv - update or insert environment (name,value) pair */
-
-int setenv(name, value, clobber)
-char *name;
-char *value;
-int clobber;
-{
- char *cp;
-
- if (clobber == 0 && getenv(name) != 0)
- return (0);
- if ((cp = malloc(strlen(name) + strlen(value) + 2)) == 0)
- return (1);
- sprintf(cp, "%s=%s", name, value);
- return (putenv(cp));
-}
diff --git a/usr/src/lib/libwrap/sparc/Makefile b/usr/src/lib/libwrap/sparc/Makefile
index 0e11da5547..37ad17a2e4 100644
--- a/usr/src/lib/libwrap/sparc/Makefile
+++ b/usr/src/lib/libwrap/sparc/Makefile
@@ -2,9 +2,9 @@
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
-# ident "%Z%%M% %I% %E% SMI"
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
#
include ../Makefile.com
-install: all $(ROOTLIBS) .WAIT $(ROOTLINKS) $(ROOTLINT) $(ROOTSRCFILES)
+install: all $(ROOTLIBS) .WAIT $(ROOTLINKS) $(ROOTLINT)
diff --git a/usr/src/man/man1/sed.1 b/usr/src/man/man1/sed.1
index 3b69a70403..465225cc33 100644
--- a/usr/src/man/man1/sed.1
+++ b/usr/src/man/man1/sed.1
@@ -1,545 +1,670 @@
-'\" te
-.\" Copyright 1989 AT&T
-.\" Copyright (c) 1998, Sun Microsystems, Inc. All Rights Reserved
-.\" Portions Copyright (c) 1992, X/Open Company Limited All Rights Reserved
-.\" Sun Microsystems, Inc. gratefully acknowledges The Open Group for permission to reproduce portions of its copyrighted documentation. Original documentation from The Open Group can be obtained online at
-.\" http://www.opengroup.org/bookstore/.
-.\" The Institute of Electrical and Electronics Engineers and The Open Group, have given us permission to reprint portions of their documentation. In the following statement, the phrase "this text" refers to portions of the system documentation. Portions of this text are reprinted and reproduced in electronic form in the Sun OS Reference Manual, from IEEE Std 1003.1, 2004 Edition, Standard for Information Technology -- Portable Operating System Interface (POSIX), The Open Group Base Specifications Issue 6, Copyright (C) 2001-2004 by the Institute of Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between these versions and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at http://www.opengroup.org/unix/online.html.
-.\" This notice shall appear on any product containing this material.
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH sed 1 "23 Jul 1998" "SunOS 5.11" "User Commands"
+.\" Copyright (c) 1992, 1993
+.\" The Regents of the University of California. All rights reserved.
+.\"
+.\" This code is derived from software contributed to Berkeley by
+.\" the Institute of Electrical and Electronics Engineers, Inc.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.TH SED 1 "May 24, 2009" ""
.SH NAME
-sed \- stream editor
+\fBsed\fP
+\- stream editor
.SH SYNOPSIS
-.LP
-.nf
-\fB/usr/bin/sed\fR [\fB-n\fR] \fIscript\fR [\fIfile\fR]...
-.fi
-
-.LP
-.nf
-\fB/usr/bin/sed\fR [\fB-n\fR] [\fB-e\fR \fIscript\fR]... [\fB-f\fR \fIscript_file\fR]...
- [\fIfile\fR]...
-.fi
-
-.LP
-.nf
-\fB/usr/xpg4/bin/sed\fR [\fB-n\fR] \fIscript\fR [\fIfile\fR]...
-.fi
-
-.LP
-.nf
-\fB/usr/xpg4/bin/sed\fR [\fB-n\fR] [\fB-e\fR \fIscript\fR]... [\fB-f\fR \fIscript_file\fR]...
- [\fIfile\fR]...
-.fi
-
+.br
+\fBsed\fP
+[\fB\-Ealnr\fP]
+\fIcommand\fP
+[\fIfile ...\fP]
+.br
+\fBsed\fP
+[\fB\-Ealnr\fP]
+[\fB\-e\fP \fIcommand\fP]
+[\fB\-f\fP \fIcommand_file\fP]
+[\fB\-I\fP \fIextension\fP]
+[\fB\-i\fP \fIextension\fP]
+[\fIfile ...\fP]
.SH DESCRIPTION
-.sp
-.LP
-The \fBsed\fR utility is a stream editor that reads one or more text files,
-makes editing changes according to a script of editing commands, and writes the
-results to standard output. The script is obtained from either the \fIscript\fR
-operand string, or a combination of the option-arguments from the \fB-e\fR
-\fIscript\fR and \fB-f\fR \fIscript_file\fR options.
-.sp
-.LP
-The \fBsed\fR utility is a text editor. It cannot edit binary files or files
-containing ASCII NUL (\e0) characters or very long lines.
-.SH OPTIONS
-.sp
-.LP
-The following options are supported:
-.sp
-.ne 2
-.mk
-.na
-\fB\fB-e\fR \fIscript\fR \fR
-.ad
-.RS 19n
-.rt
-\fIscript\fR is an edit command for \fBsed\fR. See USAGE below for more
-information on the format of \fIscript\fR. If there is just one \fB-e\fR option
-and no \fB-f\fR options, the flag \fB-e\fR may be omitted.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB-f\fR \fIscript_file\fR \fR
-.ad
-.RS 19n
-.rt
-Takes the script from \fIscript_file\fR. \fIscript_file\fR consists of editing
-commands, one per line.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB-n\fR \fR
-.ad
-.RS 19n
-.rt
-Suppresses the default output.
-.RE
-
-.sp
-.LP
-Multiple \fB-e\fR and \fB-f\fR options may be specified. All commands are added
-to the script in the order specified, regardless of their origin.
-.SH OPERANDS
-.sp
-.LP
-The following operands are supported:
-.sp
-.ne 2
-.mk
-.na
-\fB\fIfile\fR \fR
-.ad
-.RS 11n
-.rt
-A path name of a file whose contents will be read and edited. If multiple
-\fIfile\fR operands are specified, the named files will be read in the order
-specified and the concatenation will be edited. If no \fIfile\fR operands are
-specified, the standard input will be used.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fIscript\fR \fR
-.ad
-.RS 11n
-.rt
-A string to be used as the script of editing commands. The application must not
-present a \fIscript\fR that violates the restrictions of a text file except
-that the final character need not be a \fBNEWLINE\fR character.
-.RE
-
-.SH USAGE
-.sp
-.LP
-A script consists of editing commands, one per line, of the following form:
-.sp
-.LP
-[ \|\fIaddress\fR \|[ \|, \|\fIaddress\fR \|] \|] \|\fIcommand\fR \|[
-\|\fIarguments\fR \|]
-.sp
-.LP
-Zero or more blank characters are accepted before the first address and before
-\fIcommand\fR. Any number of semicolons are accepted before the first address.
-.sp
-.LP
-In normal operation, \fBsed\fR cyclically copies a line of input (less its
-terminating \fBNEWLINE\fR character) into a \fIpattern space\fR (unless there
-is something left after a \fBD\fR command), applies in sequence all commands
-whose \fIaddresses\fR select that pattern space, and copies the resulting
-pattern space to the standard output (except under \fB-n\fR) and deletes the
-pattern space. Whenever the pattern space is written to standard output or a
-named file, \fBsed\fR will immediately follow it with a \fINEWLINE\fR
-character.
-.sp
-.LP
-Some of the commands use a \fIhold space\fR to save all or part of the
-\fIpattern space\fR for subsequent retrieval. The \fIpattern\fR and \fIhold
-spaces\fR will each be able to hold at least \fB8192\fR bytes.
-.SS "sed Addresses"
-.sp
-.LP
-An \fIaddress\fR is either empty, a decimal number that counts input lines
-cumulatively across files, a \fB$\fR that addresses the last line of input, or
-a context address, which consists of a \fB/\fR\fIregular expression\fR\fB/\fR
-as described on the \fBregexp\fR(5) manual page.
-.sp
-.LP
+The
+\fBsed\fP
+utility reads the specified files, or the standard input if no files
+are specified, modifying the input as specified by a list of commands.
+The input is then written to the standard output.
+
+A single command may be specified as the first argument to
+\fB.\fP
+Multiple commands may be specified by using the
+\fB\-e\fP
+or
+\fB\-f\fP
+options.
+All commands are applied to the input in the order they are specified
+regardless of their origin.
+
+The following options are available:
+.TP
+\fB\-E\fP
+Interpret regular expressions as extended (modern) regular expressions
+rather than basic regular expressions (BRE's).
+The
+\fBre_format\fP(7)
+manual page fully describes both formats.
+.TP
+\fB\-a\fP
+The files listed as parameters for the
+``w''
+functions are created (or truncated) before any processing begins,
+by default.
+The
+\fB\-a\fP
+option causes
+\fBsed\fP
+to delay opening each file until a command containing the related
+``w''
+function is applied to a line of input.
+.TP
+\fB\-e\fP \fIcommand\fP
+Append the editing commands specified by the
+\fIcommand\fP
+argument
+to the list of commands.
+.TP
+\fB\-f\fP \fIcommand_file\fP
+Append the editing commands found in the file
+\fIcommand_file\fP
+to the list of commands.
+The editing commands should each be listed on a separate line.
+.TP
+\fB\-I\fP \fIextension\fP
+Edit files in-place, saving backups with the specified
+\fIextension\fP.
+If a zero-length
+\fIextension\fP
+is given, no backup will be saved.
+It is not recommended to give a zero-length
+\fIextension\fP
+when in-place editing files, as you risk corruption or partial content
+in situations where disk space is exhausted, etc.
+
+Note that in-place editing with
+\fB\-I\fP
+still takes place in a single continuous line address space covering
+all files, although each file preserves its individuality instead of
+forming one output stream.
+The line counter is never reset between files, address ranges can span
+file boundaries, and the
+``$''
+address matches only the last line of the last file.
+(See
+.B "Sed Addresses" . )
+That can lead to unexpected results in many cases of in-place editing,
+where using
+\fB\-i\fP
+is desired.
+.TP
+\fB\-i\fP \fIextension\fP
+Edit files in-place similarly to
+\fB\-I\fP,
+but treat each file independently from other files.
+In particular, line numbers in each file start at 1,
+the
+``$''
+address matches the last line of the current file,
+and address ranges are limited to the current file.
+(See
+.B "Sed Addresses" . )
+The net result is as though each file were edited by a separate
+\fBsed\fP
+instance.
+.TP
+\fB\-l\fP
+Make output line buffered.
+.TP
+\fB\-n\fP
+By default, each line of input is echoed to the standard output after
+all of the commands have been applied to it.
+The
+\fB\-n\fP
+option suppresses this behavior.
+.TP
+\fB\-r\fP
+Same as
+\fB\-E\fP
+for compatibility with GNU sed.
+
+The form of a
+\fBsed\fP
+command is as follows:
+
+[address[,address]]function[arguments]
+
+Whitespace may be inserted before the first address and the function
+portions of the command.
+
+Normally,
+\fBsed\fP
+cyclically copies a line of input, not including its terminating newline
+character, into a
+.IR "pattern space" ,
+(unless there is something left after a
+``D''
+function),
+applies all of the commands with addresses that select that pattern space,
+copies the pattern space to the standard output, appending a newline, and
+deletes the pattern space.
+
+Some of the functions use a
+.IR "hold space"
+to save all or part of the pattern space for subsequent retrieval.
+.SH "Sed Addresses"
+An address is not required, but if specified must have one of the
+following formats:
+.IP \(bu
+a number that counts
+input lines
+cumulatively across input files (or in each file independently
+if a
+\fB\-i\fP
+option is in effect);
+.IP \(bu
+a dollar
+(``$'')
+character that addresses the last line of input (or the last line
+of the current file if a
+\fB\-i\fP
+option was specified);
+.IP \(bu
+a context address
+that consists of a regular expression preceded and followed by a
+delimiter. The closing delimiter can also optionally be followed by the
+``I''
+character, to indicate that the regular expression is to be matched
+in a case-insensitive way.
+
A command line with no addresses selects every pattern space.
-.sp
-.LP
-A command line with one address selects each pattern space that matches the
+
+A command line with one address selects all of the pattern spaces
+that match the address.
+
+A command line with two addresses selects an inclusive range.
+This
+range starts with the first pattern space that matches the first
address.
-.sp
-.LP
-A command line with two addresses selects the inclusive range from the first
-pattern space that matches the first address through the next pattern space
-that matches the second address. Thereafter the process is repeated, looking
-again for the first address. (If the second address is a number less than or
-equal to the line number selected by the first address, only the line
-corresponding to the first address is selected.)
-.sp
-.LP
-Typically, address are separated from each other by a comma (,). They may also
-be separated by a semicolon (;).
-.SS "sed Regular Expressions"
-.sp
-.LP
-\fBsed\fR supports the basic regular expressions described on the
-\fBregexp\fR(5) manual page, with the following additions:
-.sp
-.ne 2
-.mk
-.na
-\fB\fI\ecREc\fR \fR
-.ad
-.RS 11n
-.rt
-In a context address, the construction \fI\ecREc\fR, where \fIc\fR is any
-character other than a backslash or \fBNEWLINE\fR character, is identical to
-/\fIRE\fR/. If the character designated by \fIc\fR appears following a
-backslash, then it is considered to be that literal character, which does not
-terminate the RE. For example, in the context address \fB\exabc\exdefx\fR, the
-second \fBx\fR stands for itself, so that the regular expression is
-\fBabcxdef\fR.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB\en\fR \fR
-.ad
-.RS 11n
-.rt
-The escape sequence \fB\en\fR matches a \fINEWLINE\fR character embedded in the
-pattern space. A literal \fBNEWLINE\fR character must not be used in the
-regular expression of a context address or in the substitute command.
-.RE
-
-.sp
-.LP
-Editing commands can be applied only to non-selected pattern spaces by use of
-the negation command \fB!\fR (described below).
-.SS "sed Editing Commands"
-.sp
-.LP
-In the following list of functions the maximum number of permissible addresses
-for each function is indicated.
-.sp
-.LP
-The \fBr\fR and \fBw\fR commands take an optional \fIrfile\fR (or \fIwfile\fR)
-parameter, separated from the command letter by one or more blank characters.
-.sp
-.LP
-Multiple commands can be specified by separating them with a semicolon
-(\fB;\fR) on the same command line.
-.sp
-.LP
-The \fItext\fR argument consists of one or more lines, all but the last of
-which end with \fB\e\fR to hide the \fBNEWLINE\fR. Each embedded \fBNEWLINE\fR
-character in the text must be preceded by a backslash. Other backslashes in
-text are removed and the following character is treated literally. Backslashes
-in text are treated like backslashes in the replacement string of an \fBs\fR
-command, and may be used to protect initial blanks and tabs against the
-stripping that is done on every script line. The \fIrfile\fR or \fIwfile\fR
-argument must terminate the command line and must be preceded by exactly one
-blank. The use of the \fIwfile\fR parameter causes that file to be initially
-created, if it does not exist, or will replace the contents of an existing
-file. There can be at most 10 distinct \fIwfile\fR arguments.
-.sp
-.LP
-Regular expressions match entire strings, not just individual lines, but a
-\fBNEWLINE\fR character is matched by \fB\en\fR in a \fBsed\fR RE. A
-\fBNEWLINE\fR character is not allowed in an RE. Also notice that \fB\en\fR
-cannot be used to match a \fBNEWLINE\fR character at the end of an input line;
-\fBNEWLINE\fR characters appear in the pattern space as a result of the \fBN\fR
-editing command.
-.sp
-.LP
-Two of the commands take a \fIcommand-list\fR, which is a list of \fBsed\fR
-commands separated by \fBNEWLINE\fR characters, as follows:
-.sp
-.in +2
-.nf
-{ \fIcommand\fR
-\fIcommand\fR
+The end of the range is the next following pattern space
+that matches the second address.
+If the second address is a number
+less than or equal to the line number first selected, only that
+line is selected.
+The number in the second address may be prefixed with a
+(``\&+'')
+to specify the number of lines to match after the first pattern.
+In the case when the second address is a context
+address,
+\fBsed\fP
+does not re-match the second address against the
+pattern space that matched the first address.
+Starting at the
+first line following the selected range,
+\fBsed\fP
+starts looking again for the first address.
+
+Editing commands can be applied to non-selected pattern spaces by use
+of the exclamation character
+(``\&!'')
+function.
+.SH "Sed Regular Expressions"
+The regular expressions used in
+\fB,\fP
+by default, are basic regular expressions (BREs, see
+\fBre_format\fP(7)
+for more information), but extended (modern) regular expressions can be used
+instead if the
+\fB\-E\fP
+flag is given.
+In addition,
+\fBsed\fP
+has the following two additions to regular expressions:
+
+.IP 1.
+In a context address, any character other than a backslash
+(``\e'')
+or newline character may be used to delimit the regular expression.
+The opening delimiter needs to be preceded by a backslash
+unless it is a slash.
+For example, the context address
+\exabcx
+is equivalent to
+/abc/ .
+Also, putting a backslash character before the delimiting character
+within the regular expression causes the character to be treated literally.
+For example, in the context address
+\exabc\exdefx ,
+the RE delimiter is an
+``x''
+and the second
+``x''
+stands for itself, so that the regular expression is
+``abcxdef''.
+
+.IP 2.
+The escape sequence \en matches a newline character embedded in the
+pattern space.
+You cannot, however, use a literal newline character in an address or
+in the substitute command.
+
+One special feature of
+\fBsed\fP
+regular expressions is that they can default to the last regular
+expression used.
+If a regular expression is empty, i.e., just the delimiter characters
+are specified, the last regular expression encountered is used instead.
+The last regular expression is defined as the last regular expression
+used as part of an address or substitute command, and at run-time, not
+compile-time.
+For example, the command
+``/abc/s//XXX/''
+will substitute
+``XXX''
+for the pattern
+``abc''.
+.SH "Sed Functions"
+In the following list of commands, the maximum number of permissible
+addresses for each command is indicated by [0addr], [1addr], or [2addr],
+representing zero, one, or two addresses.
+
+The argument
+.IR text
+consists of one or more lines.
+To embed a newline in the text, precede it with a backslash.
+Other backslashes in text are deleted and the following character
+taken literally.
+
+The
+``r''
+and
+``w''
+functions take an optional file parameter, which should be separated
+from the function letter by white space.
+Each file given as an argument to
+\fBsed\fP
+is created (or its contents truncated) before any input processing begins.
+
+The
+``b'',
+``r'',
+``s'',
+``t'',
+``w'',
+``y'',
+``\&!'',
+and
+``\&:''
+functions all accept additional arguments.
+The following synopses indicate which arguments have to be separated from
+the function letters by white space characters.
+
+Two of the functions take a function-list.
+This is a list of
+\fBsed\fP
+functions separated by newlines, as follows:
+
+{ function
+.br
+ function
+.br
+ ...
+.br
+ function
+.br
}
-.fi
-.in -2
-
-.sp
-.LP
-The \fB{\fR can be preceded with blank characters and can be followed with
-white space. The \fIcommands\fR can be preceded by white space. The terminating
-\fB}\fR must be preceded by a \fBNEWLINE\fR character and can be preceded or
-followed by <blank>s. The braces may be preceded or followed by <blank>s. The
-command may be preceded by <blank>s, but may not be followed by <blank>s.
-.sp
-.LP
-The following table lists the functions, with the maximum number of permissible
-addresses.
-.sp
-
-.sp
-.TS
-tab() box;
-cw(.92i) |cw(1.38i) |cw(3.21i)
-lw(.92i) |lw(1.38i) |lw(3.21i)
-.
-Max AddressCommandDescription
-_
-1\fBa\e\fR \fItext\fRT{
-Append by executing \fBN\fR command or beginning a new cycle. Place \fItext\fR on the output before reading the next input line.
-T}
-_
-2\fBb\fR \fIlabel\fRT{
-Branch to the \fB:\fR command bearing the \fIlabel \fR. If \fIlabel\fR is empty, branch to the end of the script. Labels are recognized unique up to eight characters.
-T}
-_
-2\fBc\e\fR \fItext\fRT{
-Change. Delete the pattern space. Place \fItext\fR on the output. Start the next cycle.
-T}
-2\fBd\fRT{
-Delete the pattern space. Start the next cycle.
-T}
-_
-2\fBD\fRT{
-Delete the initial segment of the pattern space through the first new-line. Start the next cycle. (See the \fBN\fR command below.)
-T}
-_
-2\fBg\fRT{
-Replace the contents of the pattern space by the contents of the hold space.
-T}
-_
-2\fBG\fRT{
-Append the contents of the hold space to the pattern space.
-T}
-_
-2\fBh\fRT{
-Replace the contents of the hold space by the contents of the pattern space.
-T}
-_
-2\fBH\fRT{
-Append the contents of the pattern space to the hold space.
-T}
-_
-1\fBi\e\fR \fItext\fRT{
-Insert. Place \fItext\fR on the standard output.
-T}
-_
-2\fBl\fRT{
-\fB/usr/bin/sed\fR: List the pattern space on the standard output in an unambiguous form. Non-printable characters are displayed in octal notation and long lines are folded.
-T}
-_
-T{
-\fB/usr/xpg4/bin/sed\fR: List the pattern space on the standard output in an unambiguous form. Non-printable characters are displayed in octal notation and long lines are folded. The characters (\fB\e\e\fR, \fB\ea\fR, \fB\eb\fR, \fB\ef\fR, \fB\er\fR, \fB\et\fR, and \fB\ev\fR) are written as the corresponding escape sequences. Non-printable characters not in that table will be written as one three-digit octal number (with a preceding backslash character) for each byte in the character (most significant byte first). If the size of a byte on the system is greater than nine bits, the format used for non-printable characters is implementation dependent.
-T}
-T{
-Long lines are folded, with the point of folding indicated by writing a backslash followed by a \fBNEWLINE\fR; the length at which folding occurs is unspecified, but should be appropriate for the output device. The end of each line is marked with a \fB$\fR.
-T}
-_
-2\fBn\fRT{
-Copy the pattern space to the standard output if default output is not suppressed. Replace the pattern space with the next line of input.
-T}
-_
-2\fBN\fRT{
-Append the next line of input to the pattern space with an embedded new-line. (The current line number changes.) If no next line of input is available, the \fBN\fR command verb shall branch to the end of the script and quit without starting a new cycle and without writing the pattern space.
-T}
-_
-2\fBp\fRT{
-Print. Copy the pattern space to the standard output.
-T}
-_
-2\fBP\fRT{
-Copy the initial segment of the pattern space through the first new-line to the standard output.
-T}
-_
-1\fBq\fRT{
-Quit. Branch to the end of the script. Do not start a new cycle.
-T}
-_
-2\fBr\fR \fIrfile\fRT{
-Read the contents of \fI rfile\fR. Place them on the output before reading the next input line. If \fIrfile\fR does not exist or cannot be read, it is treated as if it were an empty file, causing no error condition.
-T}
-_
-2\fBt\fR \fIlabel\fRT{
-Test. Branch to the \fB:\fR command bearing the \fIlabel\fR if any substitutions have been made since the most recent reading of an input line or execution of a \fBt\fR. If \fIlabel\fR is empty, branch to the end of the script.
-T}
-_
-2\fBw\fR \fIwfile\fRT{
-Write. Append the pattern space to \fIwfile\fR. The first occurrence of \fBw\fR will cause \fIwfile\fR to be cleared. Subsequent invocations of \fBw\fR will append. Each time the \fBsed\fR command is used, \fIwfile\fR is overwritten.
-T}
-_
-2\fBx\fRT{
-Exchange the contents of the pattern and hold spaces.
-T}
-_
-2\fB!\fR \fIcommand\fRT{
-Don't. Apply the \fIcommand\fR (or group, if \fIcommand\fR is \fB{\|\fR) only to lines \fInot\fR selected by the address(es).
-T}
-_
-0\fB:\fR \fIlabel\fRT{
-This command does nothing; it bears a \fIlabel\fR for \fBb\fR and \fBt\fR commands to branch to.
-T}
-_
-1\fB=\fRT{
-Place the current line number on the standard output as a line.
-T}
-_
-2\fB{\fR\fIcommand-list\fR\fB}\fRT{
-Execute \fIcommand-list\fR only when the pattern space is selected.
-T}
-0An empty command is ignored.
-_
-0\fB#\fRT{
-If a \fB#\fR appears as the first character on a line of a script file, then that entire line is treated as a comment, with one exception: if a \fB#\fR appears on the first line and the character after the \fB#\fR is an \fBn\fR, then the default output will be suppressed. The rest of the line after \fB#n\fR is also ignored. A script file must contain at least one non-comment line.
-T}
-.TE
-
-.sp
-
-.sp
-.TS
-tab() box;
-cw(.92i) |cw(4.58i)
-lw(.92i) |lw(4.58i)
-.
-Max AddrCommand (Using \fIstrings\fR) and Description
-_
-2\fBs\fR/\fIregular expression\fR/\fIreplacement\fR/\fIflags\fR
-T{
-Substitute the \fIreplacement\fR string for instances of the \fIregular expression\fR in the pattern space. Any character other than backslash or newline can be used instead of a slash to delimit the RE and the replacement. Within the RE and the replacement, the RE delimiter itself can be used as a literal character if it is preceded by a backslash.
-T}
-T{
-An ampersand (\fB&\fR) appearing in the \fIreplacement\fR will be replaced by the string matching the RE. The special meaning of \fB&\fR in this context can be suppressed by preceding it by backslash. The characters \fB\e\fR\fIn\fR, where \fIn\fR is a digit, will be replaced by the text matched by the corresponding backreference expression. For each backslash (\e) encountered in scanning \fIreplacement\fR from beginning to end, the following character loses its special meaning (if any). It is unspecified what special meaning is given to any character other than &, \e or digits.
-T}
-T{
-A line can be split by substituting a \fBNEWLINE \fRcharacter into it. The application must escape the \fBNEWLINE \fRcharacter in the \fIreplacement\fR by preceding it with backslash. A substitution is considered to have been performed even if the replacement string is identical to the string that it replaces.
-T}
-\fIflags\fR is zero or more of:
-T{
-\fIn\fR \fIn\fR= 1 - 512. Substitute for just the \fI n\fRth occurrence of the \fIregular expression.\fR
-T}
-T{
-\fBg\fR Global. Substitute for all nonoverlapping instances of the \fIregular expression\fR rather than just the first one. If both \fIg\fR and \fIn\fR are specified, the results are unspecified.
-T}
-_
-T{
-\fBp\fR Print the pattern space if a replacement was made.
-T}
-T{
-\fBP\fR Copy the initial segment of the pattern space through the first new-line to the standard output.
-T}
-T{
-\fBw\fR \fIwfile\fR Write. Append the pattern space to \fIwfile\fR if a replacement was made. The first occurrence of \fBw\fR will cause \fIwfile\fR to be cleared. Subsequent invocations of \fBw\fR will append. Each time the \fBsed\fR command is used, \fIwfile\fR is overwritten.
-T}
-_
-2\fBy\fR/ \fIstring1\fR / \fIstring2\fR /
-T{
-Transform. Replace all occurrences of characters in \fI string1\fR with the corresponding characters in \fIstring2\fR. \fIstring1\fR and \fIstring2\fR must have the same number of characters, or if any of the characters in \fIstring1 \fR appear more than once, the results are undefined. Any character other than backslash or \fBNEWLINE\fR can be used instead of slash to delimit the strings. Within \fIstring1\fR and \fIstring2\fR, the delimiter itself can be used as a literal character if it is preceded by a backslash. For example, \fBy\fR/abc/ABC/ replaces a with A, b with B, and c with C.
-T}
-.TE
-
-.sp
-.LP
-See \fBlargefile\fR(5) for the description of the behavior of \fBsed\fR when
-encountering files greater than or equal to 2 Gbyte ( 2^31 bytes).
-.SH EXAMPLES
-.LP
-\fBExample 1 \fRAn example sed script
-.sp
-.LP
-This \fBsed\fR script simulates the \fBBSD \fR\fBcat\fR \fB-s\fR command,
-squeezing excess blank lines from standard input.
-
-.sp
-.in +2
-.nf
-sed \(min '
-# Write non-empty lines.
-/./ {
- p
- d
- }
-# Write a single empty line, then look for more empty lines.
-/^$/ p
-# Get next line, discard the held <newline> (empty line),
-# and look for more empty lines.
-:Empty
-/^$/ {
- N
- s/.//
- b Empty
- }
-# Write the non-empty line before going back to search
-# for the first in a set of empty lines.
- p
-\&'
-.fi
-.in -2
-
-.SH ENVIRONMENT VARIABLES
-.sp
-.LP
-See \fBenviron\fR(5) for descriptions of the following environment variables
-that affect the execution of \fBsed\fR: \fBLANG\fR, \fBLC_ALL\fR,
-\fBLC_COLLATE\fR, \fBLC_CTYPE\fR, \fBLC_MESSAGES\fR, and \fBNLSPATH\fR.
-.SH EXIT STATUS
-.sp
-.LP
-The following exit values are returned:
-.sp
-.ne 2
-.mk
-.na
-\fB\fB0\fR \fR
-.ad
-.RS 7n
-.rt
-Successful completion.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB>0\fR \fR
-.ad
-.RS 7n
-.rt
-An error occurred.
-.RE
-
-.SH ATTRIBUTES
-.sp
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.SS "/usr/bin/sed"
-.sp
-
-.sp
-.TS
-tab() box;
-cw(2.75i) |cw(2.75i)
-lw(2.75i) |lw(2.75i)
-.
-ATTRIBUTE TYPEATTRIBUTE VALUE
-_
-CSINot enabled
-.TE
-
-.SS "/usr/xpg4/bin/sed"
-.sp
-
-.sp
-.TS
-tab() box;
-cw(2.75i) |cw(2.75i)
-lw(2.75i) |lw(2.75i)
-.
-ATTRIBUTE TYPEATTRIBUTE VALUE
-_
-CSIEnabled
-_
-Interface StabilityStandard
-.TE
+.br
+
+The
+``{''
+can be preceded by white space and can be followed by white space.
+The function can be preceded by white space.
+The terminating
+``}''
+must be preceded by a newline or optional white space.
+
+.TP
+[2addr] function-list
+Execute function-list only when the pattern space is selected.
+
+.TP
+[1addr]a\e
+.TP
+text
+Write
+.IR text
+to standard output immediately before each attempt to read a line of input,
+whether by executing the
+``N''
+function or by beginning a new cycle.
+
+.TP
+[2addr]b[label]
+Branch to the
+``\&:''
+function with the specified label.
+If the label is not specified, branch to the end of the script.
+
+.TP
+[2addr]c\e
+.TP
+text
+Delete the pattern space.
+With 0 or 1 address or at the end of a 2-address range,
+.IR text
+is written to the standard output.
+
+.TP
+[2addr]d
+Delete the pattern space and start the next cycle.
+
+.TP
+[2addr]D
+Delete the initial segment of the pattern space through the first
+newline character and start the next cycle.
+
+.TP
+[2addr]g
+Replace the contents of the pattern space with the contents of the
+hold space.
+.TP
+[2addr]G
+Append a newline character followed by the contents of the hold space
+to the pattern space.
+
+.TP
+[2addr]h
+Replace the contents of the hold space with the contents of the
+pattern space.
+
+.TP
+[2addr]H
+Append a newline character followed by the contents of the pattern space
+to the hold space.
+
+.TP
+[1addr]i\e
+.TP
+text
+Write
+.IR text
+to the standard output.
+
+.TP
+[2addr]l
+(The letter ell.)
+Write the pattern space to the standard output in a visually unambiguous
+form.
+This form is as follows:
+
+.TP
+backslash
+\e\e
+.TP
+alert
+\ea
+.TP
+form-feed
+\ef
+.TP
+carriage-return
+\er
+.TP
+tab
+\et
+.TP
+vertical tab
+\ev
+
+Nonprintable characters are written as three-digit octal numbers (with a
+preceding backslash) for each byte in the character (most significant byte
+first).
+Long lines are folded, with the point of folding indicated by displaying
+a backslash followed by a newline.
+The end of each line is marked with a
+``$''.
+
+.TP
+[2addr]n
+Write the pattern space to the standard output if the default output has
+not been suppressed, and replace the pattern space with the next line of
+input.
+
+.TP
+[2addr]N
+Append the next line of input to the pattern space, using an embedded
+newline character to separate the appended material from the original
+contents.
+Note that the current line number changes.
+
+.TP
+[2addr]p
+Write the pattern space to standard output.
+
+.TP
+[2addr]P
+Write the pattern space, up to the first newline character to the
+standard output.
+
+.TP
+[1addr]q
+Branch to the end of the script and quit without starting a new cycle.
+
+.TP
+[1addr]r file
+Copy the contents of
+.IR file
+to the standard output immediately before the next attempt to read a
+line of input.
+If
+.IR file
+cannot be read for any reason, it is silently ignored and no error
+condition is set.
+
+.TP
+[2addr]s/regular expression/replacement/flags
+Substitute the replacement string for the first instance of the regular
+expression in the pattern space.
+Any character other than backslash or newline can be used instead of
+a slash to delimit the RE and the replacement.
+Within the RE and the replacement, the RE delimiter itself can be used as
+a literal character if it is preceded by a backslash.
+
+An ampersand
+(``&'')
+appearing in the replacement is replaced by the string matching the RE.
+The special meaning of
+``&''
+in this context can be suppressed by preceding it by a backslash.
+The string
+``\e#'',
+where
+``#''
+is a digit, is replaced by the text matched
+by the corresponding backreference expression (see
+\fBre_format\fP(7)) .
+
+A line can be split by substituting a newline character into it.
+To specify a newline character in the replacement string, precede it with
+a backslash.
+
+The value of
+.IR flags
+in the substitute function is zero or more of the following:
+.TP
+\fIN\fP
+Make the substitution only for the
+\fIN\fP'th
+occurrence of the regular expression in the pattern space.
+.TP
+g
+Make the substitution for all non-overlapping matches of the
+regular expression, not just the first one.
+.TP
+p
+Write the pattern space to standard output if a replacement was made.
+If the replacement string is identical to that which it replaces, it
+is still considered to have been a replacement.
+.TP
+w file
+Append the pattern space to
+.IR file
+if a replacement was made.
+If the replacement string is identical to that which it replaces, it
+is still considered to have been a replacement.
+.TP
+I
+Match the regular expression in a case-insensitive way.
+
+.TP
+[2addr]t [label]
+Branch to the
+``\&:''
+function bearing the label if any substitutions have been made since the
+most recent reading of an input line or execution of a
+``t''
+function.
+If no label is specified, branch to the end of the script.
+
+.TP
+[2addr]w file
+Append the pattern space to the
+.IR file .
+
+.TP
+[2addr]x
+Swap the contents of the pattern and hold spaces.
+
+.TP
+[2addr]y/string1/string2/
+Replace all occurrences of characters in
+.IR string1
+in the pattern space with the corresponding characters from
+.IR string2 .
+Any character other than a backslash or newline can be used instead of
+a slash to delimit the strings.
+Within
+.IR string1
+and
+.IR string2 ,
+a backslash followed by any character other than a newline is that literal
+character, and a backslash followed by an ``n'' is replaced by a newline
+character.
+
+.TP
+[2addr]!function
+.TP
+[2addr]!function-list
+Apply the function or function-list only to the lines that are
+.IR not
+selected by the address(es).
+
+.TP
+[0addr]:label
+This function does nothing; it bears a label to which the
+``b''
+and
+``t''
+commands may branch.
+
+.TP
+[1addr]=
+Write the line number to the standard output followed by a newline
+character.
+
+.TP
+[0addr]
+Empty lines are ignored.
+
+.TP
+[0addr]#
+The
+``#''
+and the remainder of the line are ignored (treated as a comment), with
+the single exception that if the first two characters in the file are
+``#n'',
+the default output is suppressed.
+This is the same as specifying the
+\fB\-n\fP
+option on the command line.
+.SH ENVIRONMENT
+The
+.IR COLUMNS , LANG , LC_ALL , LC_CTYPE
+and
+.IR LC_COLLATE
+environment variables affect the execution of
+\fBsed\fP
+as described in
+\fBenviron\fP(5).
+.SH EXIT STATUS
+The \fBsed\fP utility exits 0 on success, and >0 if an error occurs.
.SH SEE ALSO
-.sp
-.LP
-\fBawk\fR(1), \fBed\fR(1), \fBgrep\fR(1), \fBattributes\fR(5),
-\fBenviron\fR(5), \fBlargefile\fR(5), \fBregexp\fR(5), \fBstandards\fR(5)
+\fBawk\fP(1),
+\fBed\fP(1),
+\fBgrep\fP(1),
+\fBregex\fP(3),
+\fBre_format\fP(5)
+.SH STANDARDS
+The
+\fBsed\fP
+utility is expected to be a superset of the IEEE Std 1003.2 (``POSIX.2'')
+specification.
+
+The
+\fB\-E\fP, I , a
+and
+\fB\-i\fP
+options, the prefixing
+``\&+''
+in the second member of an address range,
+as well as the
+``I''
+flag to the address regular expression and substitution command are
+non-standard extensions and may not be available on other operating systems.
+.SH HISTORY
+A
+\fBsed\fP
+command, written by L. E. McMahon, appeared in Version 7 AT&T UNIX.
+.SH AUTHORS
+
+"Diomidis D. Spinellis" <dds@FreeBSD.org>
+.SH BUGS
+Multibyte characters containing a byte with value 0x5C (ASCII `\e')
+may be incorrectly treated as line continuation characters in arguments to the
+``a'',
+``c''
+and
+``i''
+commands.
+Multibyte characters cannot be used as delimiters with the
+``s''
+and
+``y''
+commands.
diff --git a/usr/src/man/man1m/Makefile b/usr/src/man/man1m/Makefile
index 9080c85755..abe1aeaede 100644
--- a/usr/src/man/man1m/Makefile
+++ b/usr/src/man/man1m/Makefile
@@ -9,7 +9,10 @@
# at http://www.illumos.org/license/CDDL.
#
+#
# Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
include ../../Makefile.master
@@ -392,6 +395,7 @@ COMMON_MANFILES = 6to4relay.1m \
powertop.1m \
ppdmgr.1m \
pppd.1m \
+ pppdump.1m \
pppoec.1m \
pppoed.1m \
pppstats.1m \
@@ -524,6 +528,9 @@ COMMON_MANFILES = 6to4relay.1m \
syseventd.1m \
syslogd.1m \
tapes.1m \
+ tcpd.1m \
+ tcpdchk.1m \
+ tcpdmatch.1m \
th_define.1m \
th_manage.1m \
tic.1m \
@@ -590,7 +597,7 @@ COMMON_MANFILES = 6to4relay.1m \
zoneadmd.1m \
zonecfg.1m \
zpool.1m \
- zstreamdump.1m \
+ zstreamdump.1m
i386_MANFILES = lms.1m \
parted.1m \
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/pppdump.1m b/usr/src/man/man1m/pppdump.1m
index c438e55be0..73234001de 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/pppdump.1m
+++ b/usr/src/man/man1m/pppdump.1m
@@ -1,7 +1,6 @@
.\" -*- nroff -*-
.\" manual page for pppdump
.\" Copyright (c) 2000 by Sun Microsystems, Inc.
-.\" ident "%Z%%M% %I% %E% SMI"
.\" All rights reserved.
.\" @(#) $Id: pppdump.8,v 1.1 1999/04/01 11:44:55 paulus Exp $
.TH PPPDUMP 1M "1 April 1999"
@@ -65,7 +64,3 @@ the link when checking for over-length PPP packets (with the \fB-p\fR
option).
.SH SEE ALSO
pppd(1m)
-.SH NOTES
-The modified source for this package is available in the SUNWpppgS
-package. You can get the original source from
-ftp://linuxcare.com.au/pub/ppp.
diff --git a/usr/src/cmd/tcpd/tcpd.8 b/usr/src/man/man1m/tcpd.1m
index b33320f5cf..5bf56a4889 100644
--- a/usr/src/cmd/tcpd/tcpd.8
+++ b/usr/src/man/man1m/tcpd.1m
@@ -1,4 +1,9 @@
-.TH TCPD 8
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\"
+.TH TCPD 1M
.SH NAME
tcpd \- access control facility for internet services
.SH DESCRIPTION
@@ -22,6 +27,16 @@ Optional features are: pattern-based access control, client username
lookups with the RFC 931 etc. protocol, protection against hosts that
pretend to have someone elses host name, and protection against hosts
that pretend to have someone elses network address.
+.SH LIBWRAP INTERFACE
+The same monitoring and access control functionality provided by the
+tcpd standalone program is also available through the libwrap shared
+library interface. Some programs, including the Solaris inetd daemon,
+have been modified to use the libwrap interface and thus do not
+require replacing the real server programs with tcpd. The libwrap
+interface is also more efficient and can be used for inetd internal
+services. See
+.BR inetd (1M)
+for more information.
.SH LOGGING
Connections that are monitored by
.I tcpd
@@ -38,7 +53,7 @@ Optionally,
supports a simple form of access control that is based on pattern
matching. The access-control software provides hooks for the execution
of shell commands when a pattern fires. For details, see the
-\fIhosts_access\fR(5) manual page.
+\fIhosts_access\fR(4) manual page.
.SH HOST NAME VERIFICATION
The authentication scheme of some protocols (\fIrlogin, rsh\fR) relies
on host names. Some implementations believe the host name that they get
@@ -73,60 +88,28 @@ succeed only if the client host runs an RFC 931-compliant daemon.
Client user name lookups will not work for datagram-oriented
connections, and may cause noticeable delays in the case of connections
from PCs.
-
-.SH EXAMPLE
-In order to monitor access to the \fIfinger\fR service, run the following
-command to enable the tcp_wrapper :
-.nf
-.sp
-.ti +5
-inetadm -m network/finger tcp_wrapper=TRUE
-.sp
-.fi
-.PP
-The example assumes that the network/finger service hasn't been removed from
-your system.
-.PP
-Similar changes will be needed for the other services that are to be
-covered by \fItcpd\fR. In case a (non-standard) daemon does not exist as a
-service already, use \fIsmf(5)\fR to make it a service by creating a manifest,
-and then enable tcp_wrappers for that service as shown in the example.
-
-.SH BUGS
-Some UDP (and RPC) daemons linger around for a while after they have
-finished their work, in case another request comes in.
.PP
-The program does not work with RPC services over TCP. The
-only non-trivial service that is affected by this limitation is
-\fIrexd\fR, which is used by the \fIon(1)\fR command. This is no great
-loss. On most systems, \fIrexd\fR is less secure than a wildcard in
-/etc/hosts.equiv.
-.PP
-RPC broadcast requests (for example: \fIrwall, rup, rusers\fR) always
-appear to come from the responding host. What happens is that the
-client broadcasts the request to all \fIportmap\fR daemons on its
-network; each \fIportmap\fR daemon forwards the request to a local
-daemon. As far as the \fIrwall\fR etc. daemons know, the request comes
-from the local host.
-.SH FILES
-.PP
-The default locations of the host access control tables are:
-.PP
-/etc/hosts.allow
-.br
-/etc/hosts.deny
-.SH SEE ALSO
-.na
-.nf
-hosts_access(5), format of the tcpd access control tables.
-syslog.conf(5), format of the syslogd control file.
-smf(5), service management facility.
-.SH AUTHORS
-.na
-.nf
-Wietse Venema (wietse@wzv.win.tue.nl),
-Department of Mathematics and Computing Science,
-Eindhoven University of Technology
-Den Dolech 2, P.O. Box 513,
-5600 MB Eindhoven, The Netherlands
-\" @(#) tcpd.8 1.5 96/02/21 16:39:16
+Warning: If the local system runs an RFC 931 server it is important
+that it be configured NOT to use TCP Wrappers, or that TCP Wrappers
+be configured to avoid RFC 931-based access control for this service.
+If you use usernames in the access control files, make sure that you
+have a hosts.allow entry that allows the RFC 931 service (often called
+"identd" or "auth") without any username restrictions. Failure to heed
+this warning can result in two hosts getting in an endless loop of
+consulting each other's identd services.
+.SH EXAMPLES
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE ATTRIBUTE VALUE
+=
+Interface Stability Committed
+.TE
+.\" End Sun update
diff --git a/usr/src/cmd/tcpd/tcpdchk.8 b/usr/src/man/man1m/tcpdchk.1m
index acc65e6441..ff6940ce1c 100644
--- a/usr/src/cmd/tcpd/tcpdchk.8
+++ b/usr/src/man/man1m/tcpdchk.1m
@@ -1,4 +1,9 @@
-.TH TCPDCHK 8
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\"
+.TH TCPDCHK 1M
.SH NAME
tcpdchk \- tcp wrapper configuration checker
.SH SYNOPSYS
@@ -9,7 +14,7 @@ tcpdchk [-a] [-d] [-i inet_conf] [-v]
potential and real problems it can find. The program examines the
\fItcpd\fR access control files (by default, these are
\fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR), and compares the
-entries in these files against entries in the \fIinetd\fR or \fItlid\fR
+entries in these files against entries in the \fIinetd\fR
network configuration files.
.PP
\fItcpdchk\fR reports problems such as non-existent pathnames; services
@@ -33,7 +38,7 @@ Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
directory instead of the default ones.
.IP "-i inet_conf"
Specify this option when \fItcpdchk\fR is unable to find your
-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
+\fIinetd.conf\fR network configuration file, or when
you suspect that the program uses the wrong one.
.IP -v
Display the contents of each access control rule. Daemon lists, client
@@ -50,11 +55,13 @@ The default locations of the \fItcpd\fR access control tables are:
.SH SEE ALSO
.na
.nf
-tcpdmatch(8), explain what tcpd would do in specific cases.
-hosts_access(5), format of the tcpd access control tables.
-hosts_options(5), format of the language extensions.
-inetd.conf(5), format of the inetd control file.
-tlid.conf(5), format of the tlid control file.
+tcpdmatch(1M), explain what tcpd would do in specific cases.
+hosts_access(4), format of the tcpd access control tables.
+hosts_options(4), format of the language extensions.
+inetd.conf(4), format of the inetd control file.
+inetd(1M), how to invoke tcpd from inetd using the libwrap library.
+inetadm(1M), managing inetd services in the Service Management Framework.
+
.SH AUTHORS
.na
.nf
@@ -64,3 +71,18 @@ Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
\" @(#) tcpdchk.8 1.3 95/01/08 17:00:30
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE ATTRIBUTE VALUE
+=
+Interface Stability Committed
+.TE
+.\" End Sun update
diff --git a/usr/src/cmd/tcpd/tcpdmatch.8 b/usr/src/man/man1m/tcpdmatch.1m
index ebd8c7874c..2599717b2c 100644
--- a/usr/src/cmd/tcpd/tcpdmatch.8
+++ b/usr/src/man/man1m/tcpdmatch.1m
@@ -1,4 +1,9 @@
-.TH TCPDMATCH 8
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\"
+.TH TCPDMATCH 1M
.SH NAME
tcpdmatch \- tcp wrapper oracle
.SH SYNOPSYS
@@ -13,7 +18,7 @@ request for service. Examples are given below.
The program examines the \fItcpd\fR access control tables (default
\fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its
conclusion. For maximal accuracy, it extracts additional information
-from your \fIinetd\fR or \fItlid\fR network configuration file.
+from your \fIinetd\fR network configuration file.
.PP
When \fItcpdmatch\fR finds a match in the access control tables, it
identifies the matched rule. In addition, it displays the optional
@@ -50,7 +55,7 @@ Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
directory instead of the default ones.
.IP "-i inet_conf"
Specify this option when \fItcpdmatch\fR is unable to find your
-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
+\fIinetd.conf\fR network configuration file, or when
you suspect that the program uses the wrong one.
.SH EXAMPLES
To predict how \fItcpd\fR would handle a telnet request from the local
@@ -82,11 +87,13 @@ The default locations of the \fItcpd\fR access control tables are:
.SH SEE ALSO
.na
.nf
-tcpdchk(8), tcpd configuration checker
-hosts_access(5), format of the tcpd access control tables.
-hosts_options(5), format of the language extensions.
-inetd.conf(5), format of the inetd control file.
-tlid.conf(5), format of the tlid control file.
+tcpdchk(1M), tcpd configuration checker
+hosts_access(4), format of the tcpd access control tables.
+hosts_options(4), format of the language extensions.
+inetd.conf(4), format of the inetd control file.
+inetd(1M), how to invoke tcpd from inetd using the libwrap library.
+inetadm(1M), managing inetd services in the Service Management Framework.
+
.SH AUTHORS
.na
.nf
@@ -96,3 +103,18 @@ Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
\" @(#) tcpdmatch.8 1.5 96/02/11 17:01:35
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE ATTRIBUTE VALUE
+=
+Interface Stability Committed
+.TE
+.\" End Sun update
diff --git a/usr/src/man/man3/Makefile b/usr/src/man/man3/Makefile
index 5d73a0b0e5..0ac3a03cd8 100644
--- a/usr/src/man/man3/Makefile
+++ b/usr/src/man/man3/Makefile
@@ -9,22 +9,28 @@
# at http://www.illumos.org/license/CDDL.
#
+#
# Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
include ../../Makefile.master
MANSECT = 3
-MANSOFILES = intro.3
+MANSOFILES = intro.3 \
+ libwrap.3
+
MANFILES = Intro.3 \
+ hosts_access.3 \
$(MANSOFILES)
-intro.3 := SOSRC = man3/Intro.3
+intro.3 := SOSRC = man3/Intro.3
+
+libwrap.3 := SOSRC = man3/hosts_access.3
.KEEP_STATE:
include ../Makefile.man
install: $(ROOTMANFILES)
-
-
diff --git a/usr/src/cmd/tcpd/hosts_access.3 b/usr/src/man/man3/hosts_access.3
index 1485337ff6..ba0a7c5a01 100644
--- a/usr/src/cmd/tcpd/hosts_access.3
+++ b/usr/src/man/man3/hosts_access.3
@@ -1,6 +1,6 @@
.TH HOSTS_ACCESS 3
.SH NAME
-hosts_access, hosts_ctl, request_init, request_set \- access control library
+hosts_access, hosts_ctl, libwrap, request_init, request_set \- access control library
.SH SYNOPSIS
.nf
#include "tcpd.h"
diff --git a/usr/src/man/man3c/Makefile b/usr/src/man/man3c/Makefile
index 4b2660a1ff..e81e80e5ea 100644
--- a/usr/src/man/man3c/Makefile
+++ b/usr/src/man/man3c/Makefile
@@ -1043,6 +1043,9 @@ MANSOFILES = FD_CLR.3c \
srand48.3c \
srandom.3c \
sscanf.3c \
+ stderr.3c \
+ stdin.3c \
+ stdout.3c \
strcasecmp.3c \
strcat.3c \
strchr.3c \
@@ -1915,6 +1918,10 @@ sigtimedwait.3c := SOSRC = man3c/sigwaitinfo.3c
gsignal.3c := SOSRC = man3c/ssignal.3c
+stderr.3c := SOSRC = man3c/stdio.3c
+stdin.3c := SOSRC = man3c/stdio.3c
+stdout.3c := SOSRC = man3c/stdio.3c
+
sig2str.3c := SOSRC = man3c/str2sig.3c
strerror_r.3c := SOSRC = man3c/strerror.3c
diff --git a/usr/src/man/man3c/stdio.3c b/usr/src/man/man3c/stdio.3c
index 4c9b951627..d75bc0dc28 100644
--- a/usr/src/man/man3c/stdio.3c
+++ b/usr/src/man/man3c/stdio.3c
@@ -5,7 +5,7 @@
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH stdio 3C "18 May 2005" "SunOS 5.11" "Standard C Library Functions"
.SH NAME
-stdio \- standard buffered input/output package
+stdio, stdin, stdout, stderr \- standard buffered input/output package
.SH SYNOPSIS
.LP
.nf
diff --git a/usr/src/man/man4/Makefile b/usr/src/man/man4/Makefile
index 6c753abffe..fce9cb3a00 100644
--- a/usr/src/man/man4/Makefile
+++ b/usr/src/man/man4/Makefile
@@ -9,7 +9,10 @@
# at http://www.illumos.org/license/CDDL.
#
+#
# Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
include ../../Makefile.master
@@ -63,7 +66,6 @@ COMMON_MANFILES = Intro.4 \
ds.log.4 \
ethers.4 \
exec_attr.4 \
- fd.4 \
fdi.4 \
format.dat.4 \
fspec.4 \
@@ -83,6 +85,8 @@ COMMON_MANFILES = Intro.4 \
holidays.4 \
hosts.4 \
hosts.equiv.4 \
+ hosts_access.4 \
+ hosts_options.4 \
ib.4 \
ike.config.4 \
ike.preshared.4 \
@@ -226,6 +230,8 @@ MANSOFILES = addresses.4 \
fbtab.4 \
forward.4 \
fs.4 \
+ hosts.allow.4 \
+ hosts.deny.4 \
intro.4 \
md.cf.4 \
mdi_ib_cache.4 \
@@ -262,6 +268,9 @@ dir.4 := SOSRC = man4/dir_ufs.4
rhosts.4 := SOSRC = man4/hosts.equiv.4
+hosts.allow.4 := SOSRC = man4/hosts_access.4
+hosts.deny.4 := SOSRC = man4/hosts_access.4
+
fbtab.4 := SOSRC = man4/logindevperm.4
md.cf.4 := SOSRC = man4/md.tab.4
@@ -288,5 +297,3 @@ volume-defaults.4 := SOSRC = man4/volume-request.4
include ../Makefile.man
install: $(ROOTMANFILES)
-
-
diff --git a/usr/src/cmd/tcpd/hosts_access.5 b/usr/src/man/man4/hosts_access.4
index 9ea58ab61a..20f0a6ef40 100644
--- a/usr/src/cmd/tcpd/hosts_access.5
+++ b/usr/src/man/man4/hosts_access.4
@@ -1,4 +1,9 @@
-.TH HOSTS_ACCESS 5
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\"
+.TH HOSTS_ACCESS 4
.SH NAME
hosts_access \- format of host access control files
.SH DESCRIPTION
@@ -9,7 +14,7 @@ impatient reader is encouraged to skip to the EXAMPLES section for a
quick introduction.
.PP
An extended version of the access control language is described in the
-\fIhosts_options\fR(5) document. The extensions are turned on at
+\fIhosts_options\fR(4) document. The extensions are turned on at
program build time by building with -DPROCESS_OPTIONS.
.PP
In the following text, \fIdaemon\fR is the the process name of a
@@ -141,7 +146,7 @@ Shell commands should not rely on the PATH setting of the inetd.
Instead, they should use absolute path names, or they should begin with
an explicit PATH=whatever statement.
.PP
-The \fIhosts_options\fR(5) document describes an alternative language
+The \fIhosts_options\fR(4) document describes an alternative language
that uses the shell command field in a different and incompatible way.
.SH % EXPANSIONS
The following expansions are available within shell commands:
@@ -180,7 +185,7 @@ Patterns like these can be used when the machine has different internet
addresses with different internet hostnames. Service providers can use
this facility to offer FTP, GOPHER or WWW archives with internet names
that may even belong to different organizations. See also the `twist'
-option in the hosts_options(5) document. Some systems (Solaris,
+option in the hosts_options(4) document. Some systems (Solaris,
FreeBSD) can have more than one internet address on one physical
interface; with other systems you may have to resort to SLIP or PPP
pseudo interfaces that live in a dedicated network address space.
@@ -365,8 +370,8 @@ that shouldn\'t. All problems are reported via the syslog daemon.
.fi
.SH SEE ALSO
.nf
-tcpd(8) tcp/ip daemon wrapper program.
-tcpdchk(8), tcpdmatch(8), test programs.
+tcpd(1M) tcp/ip daemon wrapper program.
+tcpdchk(1M), tcpdmatch(1M), test programs.
.SH BUGS
If a name server lookup times out, the host name will not be available
to the access control software, even though the host is registered.
@@ -382,3 +387,19 @@ Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
\" @(#) hosts_access.5 1.20 95/01/30 19:51:46
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE ATTRIBUTE VALUE
+=
+Interface Stability Committed
+.TE
+Source for tcp_wrappers is available in the SUNWtcpdS package.
+.\" End Sun update
diff --git a/usr/src/cmd/tcpd/hosts_options.5 b/usr/src/man/man4/hosts_options.4
index 3bd189ee05..3126505b8b 100644
--- a/usr/src/cmd/tcpd/hosts_options.5
+++ b/usr/src/man/man4/hosts_options.4
@@ -1,9 +1,14 @@
-.TH HOSTS_OPTIONS 5
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\"
+.TH HOSTS_OPTIONS 4
.SH NAME
hosts_options \- host access control language extensions
.SH DESCRIPTION
This document describes optional extensions to the language described
-in the hosts_access(5) document. The extensions are enabled at program
+in the hosts_access(4) document. The extensions are enabled at program
build time. For example, by editing the Makefile and turning on the
PROCESS_OPTIONS compile-time option.
.PP
@@ -12,7 +17,7 @@ The extensible language uses the following format:
.ti +3
daemon_list : client_list : option : option ...
.PP
-The first two fields are described in the hosts_access(5) manual page.
+The first two fields are described in the hosts_access(4) manual page.
The remainder of the rules is a list of zero or more options. Any ":"
characters within options should be protected with a backslash.
.PP
@@ -56,7 +61,7 @@ Notice the leading dot on the domain name patterns.
.SH RUNNING OTHER COMMANDS
.IP "spawn shell_command"
Execute, in a child process, the specified shell command, after
-performing the %<letter> expansions described in the hosts_access(5)
+performing the %<letter> expansions described in the hosts_access(4)
manual page. The command is executed with stdin, stdout and stderr
connected to the null device, so that it won\'t mess up the
conversation with the client host. Example:
@@ -78,7 +83,7 @@ the data sent by the remote host.
.IP "twist shell_command"
Replace the current process by an instance of the specified shell
command, after performing the %<letter> expansions described in the
-hosts_access(5) manual page. Stdin, stdout and stderr are connected to
+hosts_access(4) manual page. Stdin, stdout and stderr are connected to
the client process. This option must appear at the end of a rule.
.sp
To send a customized bounce message to the client instead of
@@ -128,7 +133,7 @@ Look for a file in `/some/directory' with the same name as the daemon
process (for example in.telnetd for the telnet service), and copy its
contents to the client. Newline characters are replaced by
carriage-return newline, and %<letter> sequences are expanded (see
-the hosts_access(5) manual page).
+the hosts_access(4) manual page).
.sp
The tcp wrappers source code distribution provides a sample makefile
(Banners.Makefile) for convenient banner maintenance.
@@ -160,7 +165,7 @@ When a syntax error is found in an access control rule, the error
is reported to the syslog daemon; further options will be ignored,
and service is denied.
.SH SEE ALSO
-hosts_access(5), the default access control language
+hosts_access(4), the default access control language
.SH AUTHOR
.na
.nf
@@ -170,3 +175,18 @@ Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
\" @(#) hosts_options.5 1.10 94/12/28 17:42:28
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE ATTRIBUTE VALUE
+=
+Interface Stability Committed
+.TE
+.\" End Sun update
diff --git a/usr/src/man/man7fs/Makefile b/usr/src/man/man7fs/Makefile
index e17aca0d0a..dc3755ed0d 100644
--- a/usr/src/man/man7fs/Makefile
+++ b/usr/src/man/man7fs/Makefile
@@ -9,7 +9,10 @@
# at http://www.illumos.org/license/CDDL.
#
+#
# Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
include ../../Makefile.master
@@ -19,6 +22,7 @@ MANFILES = ctfs.7fs \
dcfs.7fs \
dev.7fs \
devfs.7fs \
+ fd.7fs \
hsfs.7fs \
lofs.7fs \
objfs.7fs \
@@ -29,10 +33,18 @@ MANFILES = ctfs.7fs \
udfs.7fs \
ufs.7fs
+MANSOFILES = stderr.7fs \
+ stdin.7fs \
+ stdout.7fs
+
+MANFILES += $(MANSOFILES)
+
+stderr.7fs := SOSRC = man7fs/fd.7fs
+stdin.7fs := SOSRC = man7fs/fd.7fs
+stdout.7fs := SOSRC = man7fs/fd.7fs
+
.KEEP_STATE:
include ../Makefile.man
install: $(ROOTMANFILES)
-
-
diff --git a/usr/src/man/man4/fd.4 b/usr/src/man/man7fs/fd.7fs
index e7137fed3a..8a9c044c0f 100644
--- a/usr/src/man/man4/fd.4
+++ b/usr/src/man/man7fs/fd.7fs
@@ -4,9 +4,9 @@
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH fd 4 "3 Jul 1990" "SunOS 5.11" "File Formats"
+.TH fd 7fs "3 Jul 1990" "SunOS 5.11" "File Systems"
.SH NAME
-fd \- file descriptor files
+fd, stdin, stdout, stderr \- file descriptor files
.SH DESCRIPTION
.sp
.LP
diff --git a/usr/src/pkg/manifests/SUNWcs.man4.inc b/usr/src/pkg/manifests/SUNWcs.man4.inc
index 61e9a4d9e2..8e2708ab24 100644
--- a/usr/src/pkg/manifests/SUNWcs.man4.inc
+++ b/usr/src/pkg/manifests/SUNWcs.man4.inc
@@ -9,7 +9,10 @@
# at http://www.illumos.org/license/CDDL.
#
+#
# Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
file path=usr/share/man/man4/Intro.4
file path=usr/share/man/man4/TIMEZONE.4
@@ -40,7 +43,6 @@ file path=usr/share/man/man4/dumpdates.4
file path=usr/share/man/man4/ethers.4
file path=usr/share/man/man4/exec_attr.4
file path=usr/share/man/man4/fbtab.4
-file path=usr/share/man/man4/fd.4
file path=usr/share/man/man4/format.dat.4
file path=usr/share/man/man4/fs.4
file path=usr/share/man/man4/fspec.4
diff --git a/usr/src/pkg/manifests/SUNWpppgS.mf b/usr/src/pkg/manifests/SUNWpppgS.mf
index 5d35d24da5..d317186cc9 100644
--- a/usr/src/pkg/manifests/SUNWpppgS.mf
+++ b/usr/src/pkg/manifests/SUNWpppgS.mf
@@ -21,9 +21,10 @@
#
# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
#
-set name=pkg.fmri value=pkg:/SUNWpppgS@0.5.11,5.11-0.133
-set name=pkg.renamed value=true
+# Was renamed to source/network/pppdump, both now obsolete.
+set name=pkg.fmri value=pkg:/SUNWpppgS@0.5.11,5.11-0.148
+set name=pkg.obsolete value=true
set name=variant.arch value=$(ARCH)
-depend fmri=pkg:/source/network/pppdump@0.5.11,5.11-0.133 type=require
diff --git a/usr/src/pkg/manifests/SUNWtcpdS.mf b/usr/src/pkg/manifests/SUNWtcpdS.mf
index 5712b74111..3c8b6e4e04 100644
--- a/usr/src/pkg/manifests/SUNWtcpdS.mf
+++ b/usr/src/pkg/manifests/SUNWtcpdS.mf
@@ -21,9 +21,10 @@
#
# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
#
-set name=pkg.fmri value=pkg:/SUNWtcpdS@7.6,5.11-0.133
-set name=pkg.renamed value=true
+# Was renamed to source/security/tcp-wrapper, both now obsolete.
+set name=pkg.fmri value=pkg:/SUNWtcpdS@7.6,5.11-0.148
+set name=pkg.obsolete value=true
set name=variant.arch value=$(ARCH)
-depend fmri=pkg:/source/security/tcp-wrapper@7.6,5.11-0.133 type=require
diff --git a/usr/src/pkg/manifests/source-network-pppdump.mf b/usr/src/pkg/manifests/source-network-pppdump.mf
index dd194f773b..79255e4f1e 100644
--- a/usr/src/pkg/manifests/source-network-pppdump.mf
+++ b/usr/src/pkg/manifests/source-network-pppdump.mf
@@ -21,46 +21,9 @@
#
# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
#
-set name=pkg.fmri value=pkg:/source/network/pppdump@$(PKGVERS)
-set name=pkg.description \
- value="Source for the optional GNU utilities for use with PPP"
-set name=pkg.summary value="Source for the GNU utilities for PPP"
-set name=info.classification \
- value=org.opensolaris.category.2008:Development/GNU
+set name=pkg.fmri value=pkg:/source/network/pppdump@0.5.11,5.11-0.148
+set name=pkg.obsolete value=true
set name=variant.arch value=$(ARCH)
-dir path=usr group=sys
-dir path=usr/share
-dir path=usr/share/src group=sys
-dir path=usr/share/src/ppputil
-dir path=usr/share/src/ppputil/plugins
-dir path=usr/share/src/ppputil/pppdump
-file path=usr/share/src/ppputil/CHANGES
-file path=usr/share/src/ppputil/COPYING
-file path=usr/share/src/ppputil/INSTALL
-file path=usr/share/src/ppputil/LICENSE
-file path=usr/share/src/ppputil/Makefile
-file path=usr/share/src/ppputil/README
-file path=usr/share/src/ppputil/plugins/Makefile
-file path=usr/share/src/ppputil/plugins/minconn.c
-file path=usr/share/src/ppputil/plugins/passprompt.c
-file path=usr/share/src/ppputil/plugins/pppd.h
-file path=usr/share/src/ppputil/pppdump/Makefile
-file path=usr/share/src/ppputil/pppdump/bsd-comp.c
-file path=usr/share/src/ppputil/pppdump/deflate.c
-file path=usr/share/src/ppputil/pppdump/ppp-comp.h
-file path=usr/share/src/ppputil/pppdump/pppdump.1m
-file path=usr/share/src/ppputil/pppdump/pppdump.c
-file path=usr/share/src/ppputil/pppdump/zlib.c
-file path=usr/share/src/ppputil/pppdump/zlib.h
-legacy pkg=SUNWpppgS \
- desc="Source for the optional GNU utilities for use with PPP" \
- name="Source for the GNU utilities for PPP"
-license cr_Sun license=cr_Sun
-license usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/THIRDPARTYLICENSE.minconnect \
- license=usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/THIRDPARTYLICENSE.minconnect
-license usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/THIRDPARTYLICENSE.passwd \
- license=usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/THIRDPARTYLICENSE.passwd
-license usr/src/cmd/cmd-inet/usr.bin/pppdump/THIRDPARTYLICENSE \
- license=usr/src/cmd/cmd-inet/usr.bin/pppdump/THIRDPARTYLICENSE
diff --git a/usr/src/pkg/manifests/source-security-tcp-wrapper.mf b/usr/src/pkg/manifests/source-security-tcp-wrapper.mf
index a197e5148a..9fa05189a1 100644
--- a/usr/src/pkg/manifests/source-security-tcp-wrapper.mf
+++ b/usr/src/pkg/manifests/source-security-tcp-wrapper.mf
@@ -21,94 +21,9 @@
#
# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
#
-set name=pkg.fmri \
- value=pkg:/source/security/tcp-wrapper@7.6,$(PKGVERS_BUILTON)-$(PKGVERS_BRANCH)
-set name=pkg.description \
- value="tcpd - access control facility for internet services (Source)"
-set name=pkg.summary \
- value="tcpd - access control facility for internet services (Source)"
-set name=info.classification value=org.opensolaris.category.2008:System/Core
+set name=pkg.fmri value=pkg:/source/security/tcp-wrapper@7.6,5.11-0.148
+set name=pkg.obsolete value=true
set name=variant.arch value=$(ARCH)
-dir path=usr group=sys
-dir path=usr/share
-dir path=usr/share/src group=sys
-dir path=usr/share/src/tcp_wrappers
-file path=usr/share/src/tcp_wrappers/BLURB
-file path=usr/share/src/tcp_wrappers/Banners.Makefile
-file path=usr/share/src/tcp_wrappers/CHANGES
-file path=usr/share/src/tcp_wrappers/DISCLAIMER
-file path=usr/share/src/tcp_wrappers/Makefile
-file path=usr/share/src/tcp_wrappers/Makefile.dist
-file path=usr/share/src/tcp_wrappers/Makefile.org
-file path=usr/share/src/tcp_wrappers/README
-file path=usr/share/src/tcp_wrappers/README.IRIX
-file path=usr/share/src/tcp_wrappers/README.NIS
-file path=usr/share/src/tcp_wrappers/README.ipv6
-file path=usr/share/src/tcp_wrappers/README.sfw
-file path=usr/share/src/tcp_wrappers/clean_exit.c
-file path=usr/share/src/tcp_wrappers/diag.c
-file path=usr/share/src/tcp_wrappers/environ.c
-file path=usr/share/src/tcp_wrappers/eval.c
-file path=usr/share/src/tcp_wrappers/fakelog.c
-file path=usr/share/src/tcp_wrappers/fix_options.c
-file path=usr/share/src/tcp_wrappers/fromhost.c
-file path=usr/share/src/tcp_wrappers/hosts_access.3
-file path=usr/share/src/tcp_wrappers/hosts_access.4
-file path=usr/share/src/tcp_wrappers/hosts_access.c
-file path=usr/share/src/tcp_wrappers/hosts_access.c.org
-file path=usr/share/src/tcp_wrappers/hosts_ctl.c
-file path=usr/share/src/tcp_wrappers/hosts_options.4
-file path=usr/share/src/tcp_wrappers/inetcf.c
-file path=usr/share/src/tcp_wrappers/inetcf.h
-file path=usr/share/src/tcp_wrappers/misc.c
-file path=usr/share/src/tcp_wrappers/misc.c.org
-file path=usr/share/src/tcp_wrappers/miscd.c
-file path=usr/share/src/tcp_wrappers/mystdarg.h
-file path=usr/share/src/tcp_wrappers/myvsyslog.c
-file path=usr/share/src/tcp_wrappers/ncr.c
-file path=usr/share/src/tcp_wrappers/options.c
-file path=usr/share/src/tcp_wrappers/patchlevel.h
-file path=usr/share/src/tcp_wrappers/percent_m.c
-file path=usr/share/src/tcp_wrappers/percent_x.c
-file path=usr/share/src/tcp_wrappers/printf.ck
-file path=usr/share/src/tcp_wrappers/ptx.c
-file path=usr/share/src/tcp_wrappers/refuse.c
-file path=usr/share/src/tcp_wrappers/rfc931.c
-file path=usr/share/src/tcp_wrappers/rfc931.c.org
-file path=usr/share/src/tcp_wrappers/safe_finger.c
-file path=usr/share/src/tcp_wrappers/scaffold.c
-file path=usr/share/src/tcp_wrappers/scaffold.c.org
-file path=usr/share/src/tcp_wrappers/scaffold.h
-file path=usr/share/src/tcp_wrappers/setenv.c
-file path=usr/share/src/tcp_wrappers/shell_cmd.c
-file path=usr/share/src/tcp_wrappers/socket.c
-file path=usr/share/src/tcp_wrappers/socket.c.diff
-file path=usr/share/src/tcp_wrappers/socket.c.org
-file path=usr/share/src/tcp_wrappers/strcasecmp.c
-file path=usr/share/src/tcp_wrappers/tags
-file path=usr/share/src/tcp_wrappers/tcpd.1m
-file path=usr/share/src/tcp_wrappers/tcpd.c
-file path=usr/share/src/tcp_wrappers/tcpd.h
-file path=usr/share/src/tcp_wrappers/tcpd.h.org
-file path=usr/share/src/tcp_wrappers/tcpdchk.1m
-file path=usr/share/src/tcp_wrappers/tcpdchk.c
-file path=usr/share/src/tcp_wrappers/tcpdchk.c.org
-file path=usr/share/src/tcp_wrappers/tcpdmatch.1m
-file path=usr/share/src/tcp_wrappers/tcpdmatch.c
-file path=usr/share/src/tcp_wrappers/tcpdmatch.c.org
-file path=usr/share/src/tcp_wrappers/tli-sequent.c
-file path=usr/share/src/tcp_wrappers/tli-sequent.h
-file path=usr/share/src/tcp_wrappers/tli.c
-file path=usr/share/src/tcp_wrappers/tli.c.org
-file path=usr/share/src/tcp_wrappers/try-from.c
-file path=usr/share/src/tcp_wrappers/update.c
-file path=usr/share/src/tcp_wrappers/update.c.org
-file path=usr/share/src/tcp_wrappers/vfprintf.c
-file path=usr/share/src/tcp_wrappers/workarounds.c
-legacy pkg=SUNWtcpdS \
- desc="tcpd - access control facility for internet services (Source)" \
- name="tcpd - access control facility for internet services (Source)"
-license usr/src/cmd/tcpd/THIRDPARTYLICENSE \
- license=usr/src/cmd/tcpd/THIRDPARTYLICENSE
diff --git a/usr/src/pkg/manifests/system-kernel.man7fs.inc b/usr/src/pkg/manifests/system-kernel.man7fs.inc
index f81495168d..a4823bd1f2 100644
--- a/usr/src/pkg/manifests/system-kernel.man7fs.inc
+++ b/usr/src/pkg/manifests/system-kernel.man7fs.inc
@@ -9,15 +9,22 @@
# at http://www.illumos.org/license/CDDL.
#
+#
# Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
file path=usr/share/man/man7fs/ctfs.7fs
file path=usr/share/man/man7fs/dcfs.7fs
file path=usr/share/man/man7fs/dev.7fs
file path=usr/share/man/man7fs/devfs.7fs
+file path=usr/share/man/man7fs/fd.7fs
file path=usr/share/man/man7fs/hsfs.7fs
file path=usr/share/man/man7fs/lofs.7fs
file path=usr/share/man/man7fs/objfs.7fs
file path=usr/share/man/man7fs/sharefs.7fs
+file path=usr/share/man/man7fs/stderr.7fs
+file path=usr/share/man/man7fs/stdin.7fs
+file path=usr/share/man/man7fs/stdout.7fs
file path=usr/share/man/man7fs/tmpfs.7fs
file path=usr/share/man/man7fs/ufs.7fs
diff --git a/usr/src/pkg/manifests/system-library.man3c.inc b/usr/src/pkg/manifests/system-library.man3c.inc
index 16e72d8e37..e9a45d273b 100644
--- a/usr/src/pkg/manifests/system-library.man3c.inc
+++ b/usr/src/pkg/manifests/system-library.man3c.inc
@@ -9,7 +9,10 @@
# at http://www.illumos.org/license/CDDL.
#
+#
# Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
file path=usr/share/man/man3c/FD_CLR.3c
file path=usr/share/man/man3c/FD_ISSET.3c
@@ -934,7 +937,10 @@ file path=usr/share/man/man3c/stack_getbounds.3c
file path=usr/share/man/man3c/stack_inbounds.3c
file path=usr/share/man/man3c/stack_setbounds.3c
file path=usr/share/man/man3c/stack_violation.3c
+file path=usr/share/man/man3c/stderr.3c
+file path=usr/share/man/man3c/stdin.3c
file path=usr/share/man/man3c/stdio.3c
+file path=usr/share/man/man3c/stdout.3c
file path=usr/share/man/man3c/str2sig.3c
file path=usr/share/man/man3c/strcasecmp.3c
file path=usr/share/man/man3c/strcat.3c
diff --git a/usr/src/pkg/manifests/text-doctools.mf b/usr/src/pkg/manifests/text-doctools.mf
index 231a279bbd..9e7f9d2704 100644
--- a/usr/src/pkg/manifests/text-doctools.mf
+++ b/usr/src/pkg/manifests/text-doctools.mf
@@ -54,7 +54,6 @@ dir path=usr/share/lib/tmac
dir path=usr/share/man
dir path=usr/share/man/man1
dir path=usr/share/man/man1m
-dir path=usr/share/man/man4b
dir path=usr/share/man/man5
file path=usr/bin/addbib mode=0555
file path=usr/bin/apropos mode=0555
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-18 16:03:59 +0000