xref: /illumos-gate/usr/src/cmd/tcpd/Makefile (revision 1a220b56b93ff1dc80855691548503117af4cc10)
1#
2# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
3# Use is subject to license terms.
4#
5# ident	"%Z%%M%	%I%	%E% SMI"
6#
7
8PROG =		safe_finger tcpd tcpdchk tcpdmatch try-from
9
10include ../Makefile.cmd
11
12ERROFF =	-erroff=E_FUNC_HAS_NO_RETURN_STMT \
13		-erroff=E_IMPLICIT_DECL_FUNC_RETURN_INT \
14		-_gcc=-Wno-return-type -_gcc=-Wno-implicit
15CFLAGS +=	$(CCVERBOSE) $(ERROFF)
16CPPFLAGS +=	$(ACCESS) $(PARANOID) $(NETGROUP) $(TLI) \
17		$(UMASK) $(STYLE) $(TABLES) $(KILL_OPT) $(BUGS) \
18		-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
19		-DFACILITY=$(FACILITY) -DSEVERITY=$(SEVERITY) \
20		-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
21		-I$(ROOTSFWINCLUDE) -I../../lib/libwrap
22tcpd tcpdmatch try-from := \
23	LDLIBS += -R$(SFW_ROOT)/lib -L$(ROOTSFWLIB) -lwrap
24tcpdchk := \
25	LDLIBS += -R$(SFW_ROOT)/lib -L$(ROOTSFWLIB) -lwrap -lnsl
26
27# SRCONLY files are not used for building but are included in the source code
28# package SUNWtcpdS for consistency and completeness with respect to the
29# public tcp_wrappers distribution.
30SRCONLY =	BLURB Banners.Makefile CHANGES DISCLAIMER Makefile \
31		Makefile.dist Makefile.org README README.IRIX README.NIS \
32		README.ipv6 hosts_access.c.org misc.c.org miscd.c myvsyslog.c \
33		ncr.c printf.ck ptx.c rfc931.c.org scaffold.c.org \
34		socket.c.diff socket.c.org strcasecmp.c tags tcpd.h.org \
35		tcpdchk.c.org tcpdmatch.c.org tli-sequent.c tli-sequent.h \
36		tli.c.org update.c.org vfprintf.c
37
38MANDIRS =	man3 man4 man1m
39MANPAGES =	man3/hosts_access.3 man3/libwrap.3 man4/hosts_access.4 \
40		man4/hosts_options.4 man4/hosts.allow.4 man4/hosts.deny.4 \
41		man1m/tcpd.1m man1m/tcpdchk.1m man1m/tcpdmatch.1m
42DISTFILES =	environ.c fakelog.c hosts_access.3 hosts_access.4 \
43		hosts_options.4 inetcf.c inetcf.h safe_finger.c scaffold.c \
44		scaffold.h tcpd.1m tcpd.c tcpdchk.1m tcpdchk.c tcpdmatch.1m \
45		tcpdmatch.c try-from.c README.sfw $(SRCONLY)
46
47ROOTSFWSRC =	$(ROOTSFWSHSRC)/tcp_wrappers
48ROOTSFWSBINPROG = $(PROG:%=$(ROOTSFWSBIN)/%)
49ROOTSFWMANPAGES = $(MANPAGES:%=$(ROOTSFWMAN)/%)
50ROOTSFWMANDIRS = $(MANDIRS:%=$(ROOTSFWMAN)/%)
51ROOTSFWSRCFILES = $(DISTFILES:%=$(ROOTSFWSRC)/%)
52
53.KEEP_STATE:
54
55all: $(PROG)
56
57install: all $(ROOTSFWSBINPROG) $(ROOTSFWMANPAGES) $(ROOTSFWSRCFILES)
58
59clean:
60	$(RM) *.o
61	$(RM) -r sunman
62
63lint:	lint_PROG
64
65$(ROOTSFWSBINPROG): $(ROOTSFWSBIN)
66$(ROOTSFWSBIN): $(ROOTSFW)
67	$(INS.dir)
68$(ROOTSFWSBIN)/% : %
69	$(INS.file)
70
71# These Solaris-specific man page aliases are installed verbatim.
72sunman/libwrap.3: libwrap.3
73	mkdir -p sunman; cat libwrap.3 > $@
74sunman/hosts.allow.4: hosts.allow.4
75	mkdir -p sunman; cat hosts.allow.4 > $@
76sunman/hosts.deny.4: hosts.deny.4
77	mkdir -p sunman; cat hosts.deny.4 > $@
78
79# The rest of the man pages are in the form provided in the original
80# distribution, but get edited and renamed to follow Solaris man page
81# conventions.  E.g. tcpd.8 gets installed as /usr/sfw/man/man1m/tcpd.1m.
82# Create temporary copies in the sunman directory with modified names
83# and contents.  The sed program man.sed contains the content edits.
84
85sunman/%.1m: %.8
86	mkdir -p sunman; sed -f man.sed < $< > $@
87sunman/%.4: %.5
88	mkdir -p sunman; sed -f man.sed < $< > $@
89sunman/%.3: %.3
90	mkdir -p sunman; sed -f man.sed < $< > $@
91
92$(ROOTSFWMANPAGES) := FILEMODE = 0444
93$(ROOTSFWMANPAGES): $(ROOTSFWMANDIRS) $(ROOTSFW)/man
94$(ROOTSFWMANDIRS): $(ROOTSFWMAN)
95	$(INS.dir)
96$(ROOTSFWMAN): $(ROOTSFW)/share
97	$(INS.dir)
98$(ROOTSFW)/man: $(ROOTSFW)
99	$(RM) $@
100	$(SYMLINK) share/man $@ $(CHOWNLINK) $(CHGRPLINK)
101$(ROOTSFWMAN)/man1m/% $(ROOTSFWMAN)/man3/% $(ROOTSFWMAN)/man4/%: sunman/%
102	$(INS.file)
103
104$(ROOTSFWSRCFILES) := FILEMODE = 0444
105$(ROOTSFWSRCFILES): $(ROOTSFWSRC)
106$(ROOTSFWSRC): $(ROOTSFWSHSRC)
107	$(INS.dir)
108$(ROOTSFWSHSRC): $(ROOTSFW)/share
109	$(INS.dir)
110$(ROOTSFWSRC)/%: %.sfwsrc
111	$(INS.rename)
112$(ROOTSFWSRC)/%: sunman/%
113	$(INS.file)
114$(ROOTSFWSRC)/%: %
115	$(INS.file)
116
117$(ROOTSFW)/share: $(ROOTSFW)
118	$(INS.dir)
119$(ROOTSFW):
120	$(INS.dir)
121
122TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
123
124tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
125	$(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS)
126	$(POST_PROCESS)
127
128try-from: try-from.o fakelog.o $(LIB)
129	$(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS)
130	$(POST_PROCESS)
131
132TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
133
134tcpdchk: $(TCPDCHK_OBJ) $(LIB)
135	$(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS)
136	$(POST_PROCESS)
137
138include ../Makefile.targ
139
140
141# The rest of this file contains definitions more-or-less directly from the
142# original Makefile of the tcp_wrappers distribution.
143
144##############################
145# System parameters appropriate for Solaris 9
146
147REAL_DAEMON_DIR	= /usr/sbin
148TLI		= -DTLI
149NETGROUP	= -DNETGROUP
150
151##############################
152# Start of the optional stuff.
153
154###########################################
155# Optional: Turning on language extensions
156#
157# Instead of the default access control language that is documented in
158# the hosts_access.5 document, the wrappers can be configured to
159# implement an extensible language documented in the hosts_options.5
160# document.  This language is implemented by the "options.c" source
161# module, which also gives hints on how to add your own extensions.
162# Uncomment the next definition to turn on the language extensions
163# (examples: allow, deny, banners, twist and spawn).
164#
165STYLE	= -DPROCESS_OPTIONS	# Enable language extensions.
166
167################################################################
168# Optional: Changing the default disposition of logfile records
169#
170# By default, logfile entries are written to the same file as used for
171# sendmail transaction logs. See your /etc/syslog.conf file for actual
172# path names of logfiles. The tutorial section in the README file
173# gives a brief introduction to the syslog daemon.
174#
175# Change the FACILITY definition below if you disagree with the default
176# disposition. Some syslog versions (including Ultrix 4.x) do not provide
177# this flexibility.
178#
179# If nothing shows up on your system, it may be that the syslog records
180# are sent to a dedicated loghost. It may also be that no syslog daemon
181# is running at all. The README file gives pointers to surrogate syslog
182# implementations for systems that have no syslog library routines or
183# no syslog daemons. When changing the syslog.conf file, remember that
184# there must be TABs between fields.
185#
186# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
187
188FACILITY= LOG_MAIL	# LOG_MAIL is what most sendmail daemons use
189
190# The syslog priority at which successful connections are logged.
191
192SEVERITY= LOG_INFO	# LOG_INFO is normally not logged to the console
193
194######################################################
195# Optional: Changing the default file protection mask
196#
197# On many systems, network daemons and other system processes are started
198# with a zero umask value, so that world-writable files may be produced.
199# It is a good idea to edit your /etc/rc* files so that they begin with
200# an explicit umask setting.  On our site we use `umask 022' because it
201# does not break anything yet gives adequate protection against tampering.
202#
203# The following macro specifies the default umask for processes run under
204# control of the daemon wrappers. Comment it out only if you are certain
205# that inetd and its children are started with a safe umask value.
206
207UMASK	= -DDAEMON_UMASK=022
208
209#######################################
210# Optional: Turning off access control
211#
212# By default, host access control is enabled.  To disable host access
213# control, comment out the following definition.  Host access control
214# can also be turned off at runtime by providing no or empty access
215# control tables.
216
217ACCESS	= -DHOSTS_ACCESS
218
219####################################################
220# Optional: dealing with host name/address conflicts
221#
222# By default, the software tries to protect against hosts that claim to
223# have someone elses host name. This is relevant for network services
224# whose authentication depends on host names, such as rsh and rlogin.
225#
226# With paranoid mode on, connections will be rejected when the host name
227# does not match the host address. Connections will also be rejected when
228# the host name is available but cannot be verified.
229#
230# Comment out the following definition if you want more control over such
231# requests. When paranoid mode is off and a host name double check fails,
232# the client can be matched with the PARANOID access control pattern.
233#
234# Paranoid mode implies hostname lookup. In order to disable hostname
235# lookups altogether, see the next section.
236
237PARANOID= -DPARANOID
238
239# The default username lookup timeout is 10 seconds. This may not be long
240# enough for slow hosts or networks, but is enough to irritate PC users.
241
242RFC931_TIMEOUT = 10
243
244########################################################
245# Optional: Changing the access control table pathnames
246#
247# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
248# look for access control information. Watch out for the quotes and
249# backslashes when you make changes.
250
251TABLES	= -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
252
253#############################################
254# Optional: Turning on host ADDRESS checking
255#
256# Optionally, the software tries to protect against hosts that pretend to
257# have someone elses host address. This is relevant for network services
258# whose authentication depends on host names, such as rsh and rlogin,
259# because the network address is used to look up the remote host name.
260#
261# The protection is to refuse TCP connections with IP source routing
262# options.
263#
264# This feature cannot be used with SunOS 4.x because of a kernel bug in
265# the implementation of the getsockopt() system call. Kernel panics have
266# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
267# fault" while executing the tcp_ctloutput() kernel function.
268#
269# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
270#
271# Uncomment the following macro definition if your getsockopt() is OK.
272#
273# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
274# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
275# Solaris 2.x, and Linux. See your system documentation for details.
276#
277# KILL_OPT= -DKILL_IP_OPTIONS
278
279## End configuration options
280############################
281