xref: /illumos-gate/usr/src/cmd/tcpd/Makefile (revision a93a1f58a8763fa69172980b98e3d24720c1136e)
1#
2# CDDL HEADER START
3#
4# The contents of this file are subject to the terms of the
5# Common Development and Distribution License (the "License").
6# You may not use this file except in compliance with the License.
7#
8# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9# or http://www.opensolaris.org/os/licensing.
10# See the License for the specific language governing permissions
11# and limitations under the License.
12#
13# When distributing Covered Code, include this CDDL HEADER in each
14# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15# If applicable, add the following below this CDDL HEADER, with the
16# fields enclosed by brackets "[]" replaced with your own identifying
17# information: Portions Copyright [yyyy] [name of copyright owner]
18#
19# CDDL HEADER END
20#
21
22#
23# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26# ident	"%Z%%M%	%I%	%E% SMI"
27#
28
29PROG =		safe_finger tcpd tcpdchk tcpdmatch try-from
30
31include ../Makefile.cmd
32
33ERROFF =	-erroff=E_FUNC_HAS_NO_RETURN_STMT \
34		-erroff=E_IMPLICIT_DECL_FUNC_RETURN_INT \
35		-_gcc=-Wno-return-type -_gcc=-Wno-implicit
36CFLAGS +=	$(CCVERBOSE) $(ERROFF)
37CPPFLAGS +=	$(ACCESS) $(PARANOID) $(NETGROUP) $(TLI) \
38		$(UMASK) $(STYLE) $(TABLES) $(KILL_OPT) $(BUGS) \
39		-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
40		-DFACILITY=$(FACILITY) -DSEVERITY=$(SEVERITY) \
41		-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
42		-I$(ROOTSFWINCLUDE) -I../../lib/libwrap
43tcpd tcpdmatch try-from := \
44	LDLIBS += -R$(SFW_ROOT)/lib -L$(ROOTSFWLIB) -lwrap
45tcpdchk := \
46	LDLIBS += -R$(SFW_ROOT)/lib -L$(ROOTSFWLIB) -lwrap -lnsl
47
48# Various components must export interfaces, but also contain name-space
49# clashes with system libraries.
50MAPFILE.INT.D =	$(MAPFILE.NGB) mapfile-intf-tcpdchk
51MAPFILE.INT.M =	$(MAPFILE.NGB) mapfile-intf-tcpdmatch
52MAPFILE.INT.F =	$(MAPFILE.NGB) mapfile-intf-tryfrom
53
54tcpdchk :=	LDFLAGS +=$(MAPFILE.INT.D:%=-M%)
55tcpdmatch :=	LDFLAGS +=$(MAPFILE.INT.M:%=-M%)
56try-from :=	LDFLAGS +=$(MAPFILE.INT.F:%=-M%)
57
58# SRCONLY files are not used for building but are included in the source code
59# package SUNWtcpdS for consistency and completeness with respect to the
60# public tcp_wrappers distribution.
61SRCONLY =	BLURB Banners.Makefile CHANGES DISCLAIMER Makefile \
62		Makefile.dist Makefile.org README README.IRIX README.NIS \
63		README.ipv6 hosts_access.c.org misc.c.org miscd.c myvsyslog.c \
64		ncr.c printf.ck ptx.c rfc931.c.org scaffold.c.org \
65		socket.c.diff socket.c.org strcasecmp.c tags tcpd.h.org \
66		tcpdchk.c.org tcpdmatch.c.org tli-sequent.c tli-sequent.h \
67		tli.c.org update.c.org vfprintf.c
68
69MANDIRS =	man3 man4 man1m
70MANPAGES =	man3/hosts_access.3 man3/libwrap.3 man4/hosts_access.4 \
71		man4/hosts_options.4 man4/hosts.allow.4 man4/hosts.deny.4 \
72		man1m/tcpd.1m man1m/tcpdchk.1m man1m/tcpdmatch.1m
73DISTFILES =	environ.c fakelog.c hosts_access.3 hosts_access.4 \
74		hosts_options.4 inetcf.c inetcf.h safe_finger.c scaffold.c \
75		scaffold.h tcpd.1m tcpd.c tcpdchk.1m tcpdchk.c tcpdmatch.1m \
76		tcpdmatch.c try-from.c README.sfw $(SRCONLY)
77
78ROOTSFWSRC =	$(ROOTSFWSHSRC)/tcp_wrappers
79ROOTSFWSBINPROG = $(PROG:%=$(ROOTSFWSBIN)/%)
80ROOTSFWMANPAGES = $(MANPAGES:%=$(ROOTSFWMAN)/%)
81ROOTSFWMANDIRS = $(MANDIRS:%=$(ROOTSFWMAN)/%)
82ROOTSFWSRCFILES = $(DISTFILES:%=$(ROOTSFWSRC)/%)
83
84.KEEP_STATE:
85
86all: $(PROG) THIRDPARTYLICENSE
87
88install: all $(ROOTSFWSBINPROG) $(ROOTSFWMANPAGES) $(ROOTSFWSRCFILES)
89
90clean:
91	$(RM) *.o
92	$(RM) -r sunman
93
94lint:	lint_PROG
95
96$(ROOTSFWSBINPROG): $(ROOTSFWSBIN)
97$(ROOTSFWSBIN): $(ROOTSFW)
98	$(INS.dir)
99$(ROOTSFWSBIN)/% : %
100	$(INS.file)
101
102# These Solaris-specific man page aliases are installed verbatim.
103sunman/libwrap.3: libwrap.3
104	mkdir -p sunman; cat libwrap.3 > $@
105sunman/hosts.allow.4: hosts.allow.4
106	mkdir -p sunman; cat hosts.allow.4 > $@
107sunman/hosts.deny.4: hosts.deny.4
108	mkdir -p sunman; cat hosts.deny.4 > $@
109
110# The rest of the man pages are in the form provided in the original
111# distribution, but get edited and renamed to follow Solaris man page
112# conventions.  E.g. tcpd.8 gets installed as /usr/sfw/man/man1m/tcpd.1m.
113# Create temporary copies in the sunman directory with modified names
114# and contents.  The sed program man.sed contains the content edits.
115
116sunman/%.1m: %.8
117	mkdir -p sunman; sed -f man.sed < $< > $@
118sunman/%.4: %.5
119	mkdir -p sunman; sed -f man.sed < $< > $@
120sunman/%.3: %.3
121	mkdir -p sunman; sed -f man.sed < $< > $@
122
123$(ROOTSFWMANPAGES) := FILEMODE = 0444
124$(ROOTSFWMANPAGES): $(ROOTSFWMANDIRS) $(ROOTSFW)/man
125$(ROOTSFWMANDIRS): $(ROOTSFWMAN)
126	$(INS.dir)
127$(ROOTSFWMAN): $(ROOTSFW)/share
128	$(INS.dir)
129$(ROOTSFW)/man: $(ROOTSFW)
130	$(RM) $@
131	$(SYMLINK) share/man $@ $(CHOWNLINK) $(CHGRPLINK)
132$(ROOTSFWMAN)/man1m/% $(ROOTSFWMAN)/man3/% $(ROOTSFWMAN)/man4/%: sunman/%
133	$(INS.file)
134
135$(ROOTSFWSRCFILES) := FILEMODE = 0444
136$(ROOTSFWSRCFILES): $(ROOTSFWSRC)
137$(ROOTSFWSRC): $(ROOTSFWSHSRC)
138	$(INS.dir)
139$(ROOTSFWSHSRC): $(ROOTSFW)/share
140	$(INS.dir)
141$(ROOTSFWSRC)/%: %.sfwsrc
142	$(INS.rename)
143$(ROOTSFWSRC)/%: sunman/%
144	$(INS.file)
145$(ROOTSFWSRC)/%: %
146	$(INS.file)
147
148$(ROOTSFW)/share: $(ROOTSFW)
149	$(INS.dir)
150$(ROOTSFW):
151	$(INS.dir)
152
153TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
154
155tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) $(MAPFILE.INTF.M)
156	$(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS)
157	$(POST_PROCESS)
158
159try-from: try-from.o fakelog.o $(LIB) $(MAPFILE.INTF.F)
160	$(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS)
161	$(POST_PROCESS)
162
163TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
164
165tcpdchk: $(TCPDCHK_OBJ) $(LIB) $(MAPFILE.INTF.C)
166	$(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS)
167	$(POST_PROCESS)
168
169THIRDPARTYLICENSE: DISCLAIMER
170	$(GREP) -v '\*\*\*\*' DISCLAIMER > $@
171
172CLOBBERFILES += THIRDPARTYLICENSE
173
174include ../Makefile.targ
175
176# The rest of this file contains definitions more-or-less directly from the
177# original Makefile of the tcp_wrappers distribution.
178
179##############################
180# System parameters appropriate for Solaris 9
181
182REAL_DAEMON_DIR	= /usr/sbin
183TLI		= -DTLI
184NETGROUP	= -DNETGROUP
185
186##############################
187# Start of the optional stuff.
188
189###########################################
190# Optional: Turning on language extensions
191#
192# Instead of the default access control language that is documented in
193# the hosts_access.5 document, the wrappers can be configured to
194# implement an extensible language documented in the hosts_options.5
195# document.  This language is implemented by the "options.c" source
196# module, which also gives hints on how to add your own extensions.
197# Uncomment the next definition to turn on the language extensions
198# (examples: allow, deny, banners, twist and spawn).
199#
200STYLE	= -DPROCESS_OPTIONS	# Enable language extensions.
201
202################################################################
203# Optional: Changing the default disposition of logfile records
204#
205# By default, logfile entries are written to the same file as used for
206# sendmail transaction logs. See your /etc/syslog.conf file for actual
207# path names of logfiles. The tutorial section in the README file
208# gives a brief introduction to the syslog daemon.
209#
210# Change the FACILITY definition below if you disagree with the default
211# disposition. Some syslog versions (including Ultrix 4.x) do not provide
212# this flexibility.
213#
214# If nothing shows up on your system, it may be that the syslog records
215# are sent to a dedicated loghost. It may also be that no syslog daemon
216# is running at all. The README file gives pointers to surrogate syslog
217# implementations for systems that have no syslog library routines or
218# no syslog daemons. When changing the syslog.conf file, remember that
219# there must be TABs between fields.
220#
221# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
222
223FACILITY= LOG_MAIL	# LOG_MAIL is what most sendmail daemons use
224
225# The syslog priority at which successful connections are logged.
226
227SEVERITY= LOG_INFO	# LOG_INFO is normally not logged to the console
228
229######################################################
230# Optional: Changing the default file protection mask
231#
232# On many systems, network daemons and other system processes are started
233# with a zero umask value, so that world-writable files may be produced.
234# It is a good idea to edit your /etc/rc* files so that they begin with
235# an explicit umask setting.  On our site we use `umask 022' because it
236# does not break anything yet gives adequate protection against tampering.
237#
238# The following macro specifies the default umask for processes run under
239# control of the daemon wrappers. Comment it out only if you are certain
240# that inetd and its children are started with a safe umask value.
241
242UMASK	= -DDAEMON_UMASK=022
243
244#######################################
245# Optional: Turning off access control
246#
247# By default, host access control is enabled.  To disable host access
248# control, comment out the following definition.  Host access control
249# can also be turned off at runtime by providing no or empty access
250# control tables.
251
252ACCESS	= -DHOSTS_ACCESS
253
254####################################################
255# Optional: dealing with host name/address conflicts
256#
257# By default, the software tries to protect against hosts that claim to
258# have someone elses host name. This is relevant for network services
259# whose authentication depends on host names, such as rsh and rlogin.
260#
261# With paranoid mode on, connections will be rejected when the host name
262# does not match the host address. Connections will also be rejected when
263# the host name is available but cannot be verified.
264#
265# Comment out the following definition if you want more control over such
266# requests. When paranoid mode is off and a host name double check fails,
267# the client can be matched with the PARANOID access control pattern.
268#
269# Paranoid mode implies hostname lookup. In order to disable hostname
270# lookups altogether, see the next section.
271
272PARANOID= -DPARANOID
273
274# The default username lookup timeout is 10 seconds. This may not be long
275# enough for slow hosts or networks, but is enough to irritate PC users.
276
277RFC931_TIMEOUT = 10
278
279########################################################
280# Optional: Changing the access control table pathnames
281#
282# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
283# look for access control information. Watch out for the quotes and
284# backslashes when you make changes.
285
286TABLES	= -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
287
288#############################################
289# Optional: Turning on host ADDRESS checking
290#
291# Optionally, the software tries to protect against hosts that pretend to
292# have someone elses host address. This is relevant for network services
293# whose authentication depends on host names, such as rsh and rlogin,
294# because the network address is used to look up the remote host name.
295#
296# The protection is to refuse TCP connections with IP source routing
297# options.
298#
299# This feature cannot be used with SunOS 4.x because of a kernel bug in
300# the implementation of the getsockopt() system call. Kernel panics have
301# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
302# fault" while executing the tcp_ctloutput() kernel function.
303#
304# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
305#
306# Uncomment the following macro definition if your getsockopt() is OK.
307#
308# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
309# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
310# Solaris 2.x, and Linux. See your system documentation for details.
311#
312# KILL_OPT= -DKILL_IP_OPTIONS
313
314## End configuration options
315############################
316