Package: erlang-base Version: 1:13.b.4-dfsg-5 Severity: wishlist Tags: upstream, patch
Hello, when used in conjunction with ejabberd, I only need to run erlang programs on one single machine without the need for internetwide connections. epmd unfortunately does not come with any kind of access restriction by itself. The following patch allows using libwrap as a kind of minimalistic access restriction. It is lightweight and easy to configure. Please consider for inclusion. Bye, Joerg --- erts/epmd/src/Makefile.in.orig 2010-06-10 14:19:48.000000000 +0200 +++ erts/epmd/src/Makefile.in 2010-06-10 14:20:44.000000000 +0200 @@ -54,7 +54,7 @@ WFLAGS = @WFLAGS@ CFLAGS = @CFLAGS@ @DEFS@ $(TYPE_FLAGS) $(WFLAGS) LD = @LD@ -LIBS = @LIBS@ +LIBS = @LIBS@ -lwrap LDFLAGS = @LDFLAGS@ --- erts/epmd/src/epmd_srv.c.orig 2010-06-09 11:20:27.000000000 +0200 +++ erts/epmd/src/epmd_srv.c 2010-06-10 14:18:52.000000000 +0200 @@ -23,6 +23,7 @@ #endif #include "epmd.h" /* Renamed from 'epmd_r4.h' */ #include "epmd_int.h" +#include <tcpd.h> /* * @@ -393,6 +394,8 @@ int msgsock; struct EPMD_SOCKADDR_IN icli_addr; /* workaround for QNX bug - cannot */ int icli_addr_len; /* handle NULL pointers to accept. */ + char buf[64]; + char *addr; icli_addr_len = sizeof(icli_addr); @@ -403,6 +406,15 @@ dbg_perror(g,"error in accept"); return EPMD_FALSE; } +#if FAMILY == AF_INET6 + addr=inet_ntop(FAMILY, &icli_addr.sin6_addr,buf,64); +#else + addr=inet_ntop(FAMILY, &icli_addr.sin_addr,buf,64); +#enidif + if ((!addr) || (!hosts_ctl("epmd", STRING_UNKNOWN, buf, STRING_UNKNOWN))) { + close(msgsock); + return EPMD_FALSE; + } return conn_open(g,msgsock); } -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org