1# 2# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3# Use is subject to license terms. 4# 5# Copyright 2011 Nexenta Systems, Inc. All rights reserved. 6# 7# Copyright (c) 2018, Joyent, Inc. 8 9PROG= safe_finger tcpd tcpdchk tcpdmatch try-from 10 11include ../Makefile.cmd 12 13CFLAGS += $(CCVERBOSE) 14CPPFLAGS += $(ACCESS) $(PARANOID) $(NETGROUP) $(TLI) \ 15 $(UMASK) $(STYLE) $(TABLES) $(KILL_OPT) $(BUGS) \ 16 -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ 17 -DFACILITY=$(FACILITY) -DSEVERITY=$(SEVERITY) \ 18 -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \ 19 -I../../lib/libwrap 20tcpd tcpdmatch try-from := \ 21 LDLIBS += -lwrap 22tcpdchk := LDLIBS += -lwrap -lnsl 23 24CERRWARN += -erroff=E_FUNC_HAS_NO_RETURN_STMT 25CERRWARN += -erroff=E_IMPLICIT_DECL_FUNC_RETURN_INT 26CERRWARN += -_gcc=-Wno-unused-variable 27CERRWARN += -_gcc=-Wno-parentheses 28CERRWARN += $(CNOWARN_UNINIT) 29CERRWARN += -_gcc=-Wno-implicit-function-declaration 30CERRWARN += -_gcc=-Wno-return-type 31CERRWARN += -_gcc=-Wno-clobbered 32 33# not linted 34SMATCH=off 35 36# Various components must export interfaces, but also contain name-space 37# clashes with system libraries. 38MAPFILE.INT.D= $(MAPFILE.NGB) mapfile-intf-tcpdchk 39MAPFILE.INT.M= $(MAPFILE.NGB) mapfile-intf-tcpdmatch 40MAPFILE.INT.F= $(MAPFILE.NGB) mapfile-intf-tryfrom 41 42tcpdchk := LDFLAGS +=$(MAPFILE.INT.D:%=-Wl,-M%) 43tcpdmatch := LDFLAGS +=$(MAPFILE.INT.M:%=-Wl,-M%) 44try-from := LDFLAGS +=$(MAPFILE.INT.F:%=-Wl,-M%) 45 46.KEEP_STATE: 47 48all: $(PROG) 49 50install: all $(ROOTUSRSBINPROG) 51 52clean: 53 $(RM) *.o 54 55TCPDMATCH_OBJ= tcpdmatch.o fakelog.o inetcf.o scaffold.o 56 57tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) $(MAPFILE.INTF.M) 58 $(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS) 59 $(POST_PROCESS) 60 61try-from: try-from.o fakelog.o $(LIB) $(MAPFILE.INTF.F) 62 $(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS) 63 $(POST_PROCESS) 64 65TCPDCHK_OBJ= tcpdchk.o fakelog.o inetcf.o scaffold.o 66 67tcpdchk: $(TCPDCHK_OBJ) $(LIB) $(MAPFILE.INTF.C) 68 $(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS) 69 $(POST_PROCESS) 70 71include ../Makefile.targ 72 73# The rest of this file contains definitions more-or-less directly from the 74# original Makefile of the tcp_wrappers distribution. 75 76############################## 77# System parameters appropriate for Solaris 9 78 79REAL_DAEMON_DIR = /usr/sbin 80TLI = -DTLI 81NETGROUP = -DNETGROUP 82 83############################## 84# Start of the optional stuff. 85 86########################################### 87# Optional: Turning on language extensions 88# 89# Instead of the default access control language that is documented in 90# the hosts_access.5 document, the wrappers can be configured to 91# implement an extensible language documented in the hosts_options.5 92# document. This language is implemented by the "options.c" source 93# module, which also gives hints on how to add your own extensions. 94# Uncomment the next definition to turn on the language extensions 95# (examples: allow, deny, banners, twist and spawn). 96# 97STYLE = -DPROCESS_OPTIONS # Enable language extensions. 98 99################################################################ 100# Optional: Changing the default disposition of logfile records 101# 102# By default, logfile entries are written to the same file as used for 103# sendmail transaction logs. See your /etc/syslog.conf file for actual 104# path names of logfiles. The tutorial section in the README file 105# gives a brief introduction to the syslog daemon. 106# 107# Change the FACILITY definition below if you disagree with the default 108# disposition. Some syslog versions (including Ultrix 4.x) do not provide 109# this flexibility. 110# 111# If nothing shows up on your system, it may be that the syslog records 112# are sent to a dedicated loghost. It may also be that no syslog daemon 113# is running at all. The README file gives pointers to surrogate syslog 114# implementations for systems that have no syslog library routines or 115# no syslog daemons. When changing the syslog.conf file, remember that 116# there must be TABs between fields. 117# 118# The LOG_XXX names below are taken from the /usr/include/syslog.h file. 119 120FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use 121 122# The syslog priority at which successful connections are logged. 123 124SEVERITY= LOG_INFO # LOG_INFO is normally not logged to the console 125 126###################################################### 127# Optional: Changing the default file protection mask 128# 129# On many systems, network daemons and other system processes are started 130# with a zero umask value, so that world-writable files may be produced. 131# It is a good idea to edit your /etc/rc* files so that they begin with 132# an explicit umask setting. On our site we use `umask 022' because it 133# does not break anything yet gives adequate protection against tampering. 134# 135# The following macro specifies the default umask for processes run under 136# control of the daemon wrappers. Comment it out only if you are certain 137# that inetd and its children are started with a safe umask value. 138 139UMASK = -DDAEMON_UMASK=022 140 141####################################### 142# Optional: Turning off access control 143# 144# By default, host access control is enabled. To disable host access 145# control, comment out the following definition. Host access control 146# can also be turned off at runtime by providing no or empty access 147# control tables. 148 149ACCESS = -DHOSTS_ACCESS 150 151#################################################### 152# Optional: dealing with host name/address conflicts 153# 154# By default, the software tries to protect against hosts that claim to 155# have someone elses host name. This is relevant for network services 156# whose authentication depends on host names, such as rsh and rlogin. 157# 158# With paranoid mode on, connections will be rejected when the host name 159# does not match the host address. Connections will also be rejected when 160# the host name is available but cannot be verified. 161# 162# Comment out the following definition if you want more control over such 163# requests. When paranoid mode is off and a host name double check fails, 164# the client can be matched with the PARANOID access control pattern. 165# 166# Paranoid mode implies hostname lookup. In order to disable hostname 167# lookups altogether, see the next section. 168 169PARANOID= -DPARANOID 170 171# The default username lookup timeout is 10 seconds. This may not be long 172# enough for slow hosts or networks, but is enough to irritate PC users. 173 174RFC931_TIMEOUT = 10 175 176######################################################## 177# Optional: Changing the access control table pathnames 178# 179# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will 180# look for access control information. Watch out for the quotes and 181# backslashes when you make changes. 182 183TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\" 184 185############################################# 186# Optional: Turning on host ADDRESS checking 187# 188# Optionally, the software tries to protect against hosts that pretend to 189# have someone elses host address. This is relevant for network services 190# whose authentication depends on host names, such as rsh and rlogin, 191# because the network address is used to look up the remote host name. 192# 193# The protection is to refuse TCP connections with IP source routing 194# options. 195# 196# This feature cannot be used with SunOS 4.x because of a kernel bug in 197# the implementation of the getsockopt() system call. Kernel panics have 198# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data 199# fault" while executing the tcp_ctloutput() kernel function. 200# 201# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x. 202# 203# Uncomment the following macro definition if your getsockopt() is OK. 204# 205# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop 206# source-routed traffic in the kernel. Examples: 4.4BSD derivatives, 207# Solaris 2.x, and Linux. See your system documentation for details. 208# 209# KILL_OPT= -DKILL_IP_OPTIONS 210 211## End configuration options 212############################ 213