Author: qboosh Date: Sun Mar 12 11:44:33 2006 GMT Module: SOURCES Tag: HEAD ---- Log message: - disable libwrap checks for rpc services (from FC)
---- Files affected: SOURCES: xinetd-tcp_rpc.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/xinetd-tcp_rpc.patch diff -u /dev/null SOURCES/xinetd-tcp_rpc.patch:1.1 --- /dev/null Sun Mar 12 12:44:33 2006 +++ SOURCES/xinetd-tcp_rpc.patch Sun Mar 12 12:44:28 2006 @@ -0,0 +1,34 @@ +--- xinetd-2.3.12/xinetd/service.c.tcp_rpc 2003-06-27 21:05:06.000000000 -0400 ++++ xinetd-2.3.12/xinetd/service.c 2004-01-29 23:09:29.000000000 -0500 +@@ -181,6 +181,9 @@ + else + memset( &tsin, 0, sizeof(tsin)); + ++ if ( SC_PROTOVAL ( scp ) == IPPROTO_TCP ) { ++ M_SET ( scp->sc_xflags, SF_NOLIBWRAP ); ++ } + if( SC_IPV4( scp ) ) { + tsin.sa_in.sin_family = AF_INET ; + sin_len = sizeof(struct sockaddr_in); +--- xinetd-2.3.12/xinetd/xinetd.conf.man.tcp_rpc 2004-01-30 12:38:59.000000000 -0500 ++++ xinetd-2.3.12/xinetd/xinetd.conf.man 2004-01-30 12:43:50.000000000 -0500 +@@ -123,6 +123,8 @@ + to the service. This may be needed in order to use libwrap functionality + not available to long-running processes such as xinetd; in this case, + the tcpd program can be called explicitly (see also the NAMEINARGS flag). ++For RPC services using TCP transport, this flag is automatically turned on, ++because xinetd cannot get remote host address information for the rpc port. + .TP + .B SENSOR + This replaces the service with a sensor that detects accesses to the +@@ -1215,6 +1217,10 @@ + access control on the address of the remote host is not performed when + \fIwait\fP is \fIyes\fP and \fIsocket_type\fP is \fIstream\fP. + .LP ++The NOLIBWRAP flag is automatically turned on for RPC services whose ++\fIsocket_type\fP is \fIstream\fP because xinetd cannot determine the ++address of the remote host. ++.LP + If the + .B INTERCEPT + flag is not used, ================================================================ _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit