| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Quiesce warnings by updating headerfile includes
r257404 | sbruno | 2013-10-30 23:41:18 +0100 (Wed, 30 Oct 2013) | 9 lines
Quiesce two warnings:
1. define the CODE * as const
2. restructure function to eliminate warning about exiting with no return.
severity_map() never returns when it can't find an appropriate sysylog
facility, and it longjmp()'s away into error code handling. Keep this
behavior by stashing the facility value found during our search and
checking for -1 if found.
MFC r257405 (by sbruno):
Quiesce warning, which could be a bug IMO, by correctly defining the host_info
structure name
MFC r257406 (by sbruno):
Queisce warning about undeclared function usage.
yp_get_default_domain is defined in workaround.c but is not declared
in any header file. Tie the declaration to the same #define conditional
used when the function is called, NETGROUP
MFC r311459:
Put proper prototypes in tcpd.h
Clang 4.0.0 complains about tcpd.h's not-really-prototypes, e.g.:
/usr/include/tcpd.h:75:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
extern int hosts_access(); /* access control */
^
To fix this, turn these declarations into real prototypes. While here,
garbage collect the incompatible rfc931() function from scaffold.c, as
it is never used.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D9052
MFC r311461:
Also remove unnecessary extern keywords from tcpd.h.
Noticed by: kib
MFC r311556:
After r311459, some ports can break, because a few of the newly added
prototypes in <tcpd.h> use FILE. Pull in a minimal forward declaration
of FILE from <stdio.h> to minimize impact. Sorry for the breakage.
Reported by: Shawn Webb <shawn.webb@hardenedbsd.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now when tcp_wrapper is enabled by inetd -wW,
several accesses which should be permitted are refused only for IPv6,
if hostname is used to decide the host to be allowed.
IPv6 users will be just upset.
About security related concern.
-All extensions are wrapped by #ifdef INET6, so people can completely
disable the extension by recompile libwrap without INET6 option.
-Access via IPv6 is not enabled by default.
People need to enable IPv6 access by changing /etc/inetd.conf at first,
by adding tcp6 and/or tcp46 entries.
-The base of patches are from KAME package and are actually daily used
for more than a year in several Japanese IPv6 environments.
-Patches are reviewed by markm.
Approved by: jkh
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: markm
Obtained from: KAME project
|
