1# 2# CDDL HEADER START 3# 4# The contents of this file are subject to the terms of the 5# Common Development and Distribution License (the "License"). 6# You may not use this file except in compliance with the License. 7# 8# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9# or http://www.opensolaris.org/os/licensing. 10# See the License for the specific language governing permissions 11# and limitations under the License. 12# 13# When distributing Covered Code, include this CDDL HEADER in each 14# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15# If applicable, add the following below this CDDL HEADER, with the 16# fields enclosed by brackets "[]" replaced with your own identifying 17# information: Portions Copyright [yyyy] [name of copyright owner] 18# 19# CDDL HEADER END 20# 21 22# 23# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24# Use is subject to license terms. 25# 26# ident "%Z%%M% %I% %E% SMI" 27# 28 29PROG = safe_finger tcpd tcpdchk tcpdmatch try-from 30 31include ../Makefile.cmd 32 33ERROFF = -erroff=E_FUNC_HAS_NO_RETURN_STMT \ 34 -erroff=E_IMPLICIT_DECL_FUNC_RETURN_INT \ 35 -_gcc=-Wno-return-type -_gcc=-Wno-implicit 36CFLAGS += $(CCVERBOSE) $(ERROFF) 37CPPFLAGS += $(ACCESS) $(PARANOID) $(NETGROUP) $(TLI) \ 38 $(UMASK) $(STYLE) $(TABLES) $(KILL_OPT) $(BUGS) \ 39 -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ 40 -DFACILITY=$(FACILITY) -DSEVERITY=$(SEVERITY) \ 41 -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \ 42 -I$(ROOTSFWINCLUDE) -I../../lib/libwrap 43tcpd tcpdmatch try-from := \ 44 LDLIBS += -R$(SFW_ROOT)/lib -L$(ROOTSFWLIB) -lwrap 45tcpdchk := \ 46 LDLIBS += -R$(SFW_ROOT)/lib -L$(ROOTSFWLIB) -lwrap -lnsl 47 48# Various components must export interfaces, but also contain name-space 49# clashes with system libraries. 50MAPFILE.INT.D = $(MAPFILE.NGB) mapfile-intf-tcpdchk 51MAPFILE.INT.M = $(MAPFILE.NGB) mapfile-intf-tcpdmatch 52MAPFILE.INT.F = $(MAPFILE.NGB) mapfile-intf-tryfrom 53 54tcpdchk := LDFLAGS +=$(MAPFILE.INT.D:%=-M%) 55tcpdmatch := LDFLAGS +=$(MAPFILE.INT.M:%=-M%) 56try-from := LDFLAGS +=$(MAPFILE.INT.F:%=-M%) 57 58# SRCONLY files are not used for building but are included in the source code 59# package SUNWtcpdS for consistency and completeness with respect to the 60# public tcp_wrappers distribution. 61SRCONLY = BLURB Banners.Makefile CHANGES DISCLAIMER Makefile \ 62 Makefile.dist Makefile.org README README.IRIX README.NIS \ 63 README.ipv6 hosts_access.c.org misc.c.org miscd.c myvsyslog.c \ 64 ncr.c printf.ck ptx.c rfc931.c.org scaffold.c.org \ 65 socket.c.diff socket.c.org strcasecmp.c tags tcpd.h.org \ 66 tcpdchk.c.org tcpdmatch.c.org tli-sequent.c tli-sequent.h \ 67 tli.c.org update.c.org vfprintf.c 68 69MANDIRS = man3 man4 man1m 70MANPAGES = man3/hosts_access.3 man3/libwrap.3 man4/hosts_access.4 \ 71 man4/hosts_options.4 man4/hosts.allow.4 man4/hosts.deny.4 \ 72 man1m/tcpd.1m man1m/tcpdchk.1m man1m/tcpdmatch.1m 73DISTFILES = environ.c fakelog.c hosts_access.3 hosts_access.4 \ 74 hosts_options.4 inetcf.c inetcf.h safe_finger.c scaffold.c \ 75 scaffold.h tcpd.1m tcpd.c tcpdchk.1m tcpdchk.c tcpdmatch.1m \ 76 tcpdmatch.c try-from.c README.sfw $(SRCONLY) 77 78ROOTSFWSRC = $(ROOTSFWSHSRC)/tcp_wrappers 79ROOTSFWSBINPROG = $(PROG:%=$(ROOTSFWSBIN)/%) 80ROOTSFWMANPAGES = $(MANPAGES:%=$(ROOTSFWMAN)/%) 81ROOTSFWMANDIRS = $(MANDIRS:%=$(ROOTSFWMAN)/%) 82ROOTSFWSRCFILES = $(DISTFILES:%=$(ROOTSFWSRC)/%) 83 84.KEEP_STATE: 85 86all: $(PROG) THIRDPARTYLICENSE 87 88install: all $(ROOTSFWSBINPROG) $(ROOTSFWMANPAGES) $(ROOTSFWSRCFILES) 89 90clean: 91 $(RM) *.o 92 $(RM) -r sunman 93 94lint: lint_PROG 95 96$(ROOTSFWSBINPROG): $(ROOTSFWSBIN) 97$(ROOTSFWSBIN): $(ROOTSFW) 98 $(INS.dir) 99$(ROOTSFWSBIN)/% : % 100 $(INS.file) 101 102# These Solaris-specific man page aliases are installed verbatim. 103sunman/libwrap.3: libwrap.3 104 mkdir -p sunman; cat libwrap.3 > $@ 105sunman/hosts.allow.4: hosts.allow.4 106 mkdir -p sunman; cat hosts.allow.4 > $@ 107sunman/hosts.deny.4: hosts.deny.4 108 mkdir -p sunman; cat hosts.deny.4 > $@ 109 110# The rest of the man pages are in the form provided in the original 111# distribution, but get edited and renamed to follow Solaris man page 112# conventions. E.g. tcpd.8 gets installed as /usr/sfw/man/man1m/tcpd.1m. 113# Create temporary copies in the sunman directory with modified names 114# and contents. The sed program man.sed contains the content edits. 115 116sunman/%.1m: %.8 117 mkdir -p sunman; sed -f man.sed < $< > $@ 118sunman/%.4: %.5 119 mkdir -p sunman; sed -f man.sed < $< > $@ 120sunman/%.3: %.3 121 mkdir -p sunman; sed -f man.sed < $< > $@ 122 123$(ROOTSFWMANPAGES) := FILEMODE = 0444 124$(ROOTSFWMANPAGES): $(ROOTSFWMANDIRS) $(ROOTSFW)/man 125$(ROOTSFWMANDIRS): $(ROOTSFWMAN) 126 $(INS.dir) 127$(ROOTSFWMAN): $(ROOTSFW)/share 128 $(INS.dir) 129$(ROOTSFW)/man: $(ROOTSFW) 130 $(RM) $@ 131 $(SYMLINK) share/man $@ $(CHOWNLINK) $(CHGRPLINK) 132$(ROOTSFWMAN)/man1m/% $(ROOTSFWMAN)/man3/% $(ROOTSFWMAN)/man4/%: sunman/% 133 $(INS.file) 134 135$(ROOTSFWSRCFILES) := FILEMODE = 0444 136$(ROOTSFWSRCFILES): $(ROOTSFWSRC) 137$(ROOTSFWSRC): $(ROOTSFWSHSRC) 138 $(INS.dir) 139$(ROOTSFWSHSRC): $(ROOTSFW)/share 140 $(INS.dir) 141$(ROOTSFWSRC)/%: %.sfwsrc 142 $(INS.rename) 143$(ROOTSFWSRC)/%: sunman/% 144 $(INS.file) 145$(ROOTSFWSRC)/%: % 146 $(INS.file) 147 148$(ROOTSFW)/share: $(ROOTSFW) 149 $(INS.dir) 150$(ROOTSFW): 151 $(INS.dir) 152 153TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o 154 155tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) $(MAPFILE.INTF.M) 156 $(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS) 157 $(POST_PROCESS) 158 159try-from: try-from.o fakelog.o $(LIB) $(MAPFILE.INTF.F) 160 $(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS) 161 $(POST_PROCESS) 162 163TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o 164 165tcpdchk: $(TCPDCHK_OBJ) $(LIB) $(MAPFILE.INTF.C) 166 $(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS) 167 $(POST_PROCESS) 168 169THIRDPARTYLICENSE: DISCLAIMER 170 $(GREP) -v '\*\*\*\*' DISCLAIMER > $@ 171 172CLOBBERFILES += THIRDPARTYLICENSE 173 174include ../Makefile.targ 175 176# The rest of this file contains definitions more-or-less directly from the 177# original Makefile of the tcp_wrappers distribution. 178 179############################## 180# System parameters appropriate for Solaris 9 181 182REAL_DAEMON_DIR = /usr/sbin 183TLI = -DTLI 184NETGROUP = -DNETGROUP 185 186############################## 187# Start of the optional stuff. 188 189########################################### 190# Optional: Turning on language extensions 191# 192# Instead of the default access control language that is documented in 193# the hosts_access.5 document, the wrappers can be configured to 194# implement an extensible language documented in the hosts_options.5 195# document. This language is implemented by the "options.c" source 196# module, which also gives hints on how to add your own extensions. 197# Uncomment the next definition to turn on the language extensions 198# (examples: allow, deny, banners, twist and spawn). 199# 200STYLE = -DPROCESS_OPTIONS # Enable language extensions. 201 202################################################################ 203# Optional: Changing the default disposition of logfile records 204# 205# By default, logfile entries are written to the same file as used for 206# sendmail transaction logs. See your /etc/syslog.conf file for actual 207# path names of logfiles. The tutorial section in the README file 208# gives a brief introduction to the syslog daemon. 209# 210# Change the FACILITY definition below if you disagree with the default 211# disposition. Some syslog versions (including Ultrix 4.x) do not provide 212# this flexibility. 213# 214# If nothing shows up on your system, it may be that the syslog records 215# are sent to a dedicated loghost. It may also be that no syslog daemon 216# is running at all. The README file gives pointers to surrogate syslog 217# implementations for systems that have no syslog library routines or 218# no syslog daemons. When changing the syslog.conf file, remember that 219# there must be TABs between fields. 220# 221# The LOG_XXX names below are taken from the /usr/include/syslog.h file. 222 223FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use 224 225# The syslog priority at which successful connections are logged. 226 227SEVERITY= LOG_INFO # LOG_INFO is normally not logged to the console 228 229###################################################### 230# Optional: Changing the default file protection mask 231# 232# On many systems, network daemons and other system processes are started 233# with a zero umask value, so that world-writable files may be produced. 234# It is a good idea to edit your /etc/rc* files so that they begin with 235# an explicit umask setting. On our site we use `umask 022' because it 236# does not break anything yet gives adequate protection against tampering. 237# 238# The following macro specifies the default umask for processes run under 239# control of the daemon wrappers. Comment it out only if you are certain 240# that inetd and its children are started with a safe umask value. 241 242UMASK = -DDAEMON_UMASK=022 243 244####################################### 245# Optional: Turning off access control 246# 247# By default, host access control is enabled. To disable host access 248# control, comment out the following definition. Host access control 249# can also be turned off at runtime by providing no or empty access 250# control tables. 251 252ACCESS = -DHOSTS_ACCESS 253 254#################################################### 255# Optional: dealing with host name/address conflicts 256# 257# By default, the software tries to protect against hosts that claim to 258# have someone elses host name. This is relevant for network services 259# whose authentication depends on host names, such as rsh and rlogin. 260# 261# With paranoid mode on, connections will be rejected when the host name 262# does not match the host address. Connections will also be rejected when 263# the host name is available but cannot be verified. 264# 265# Comment out the following definition if you want more control over such 266# requests. When paranoid mode is off and a host name double check fails, 267# the client can be matched with the PARANOID access control pattern. 268# 269# Paranoid mode implies hostname lookup. In order to disable hostname 270# lookups altogether, see the next section. 271 272PARANOID= -DPARANOID 273 274# The default username lookup timeout is 10 seconds. This may not be long 275# enough for slow hosts or networks, but is enough to irritate PC users. 276 277RFC931_TIMEOUT = 10 278 279######################################################## 280# Optional: Changing the access control table pathnames 281# 282# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will 283# look for access control information. Watch out for the quotes and 284# backslashes when you make changes. 285 286TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\" 287 288############################################# 289# Optional: Turning on host ADDRESS checking 290# 291# Optionally, the software tries to protect against hosts that pretend to 292# have someone elses host address. This is relevant for network services 293# whose authentication depends on host names, such as rsh and rlogin, 294# because the network address is used to look up the remote host name. 295# 296# The protection is to refuse TCP connections with IP source routing 297# options. 298# 299# This feature cannot be used with SunOS 4.x because of a kernel bug in 300# the implementation of the getsockopt() system call. Kernel panics have 301# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data 302# fault" while executing the tcp_ctloutput() kernel function. 303# 304# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x. 305# 306# Uncomment the following macro definition if your getsockopt() is OK. 307# 308# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop 309# source-routed traffic in the kernel. Examples: 4.4BSD derivatives, 310# Solaris 2.x, and Linux. See your system documentation for details. 311# 312# KILL_OPT= -DKILL_IP_OPTIONS 313 314## End configuration options 315############################ 316