SOURCES: xinetd-tcp_rpc.patch (NEW) - disable libwrap checks for r...

qboosh qboosh at pld-linux.org
Sun Mar 12 12:44:33 CET 2006 

Author: qboosh                       Date: Sun Mar 12 11:44:33 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- disable libwrap checks for rpc services (from FC)

---- Files affected:
SOURCES:
   xinetd-tcp_rpc.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/xinetd-tcp_rpc.patch
diff -u /dev/null SOURCES/xinetd-tcp_rpc.patch:1.1
--- /dev/null	Sun Mar 12 12:44:33 2006
+++ SOURCES/xinetd-tcp_rpc.patch	Sun Mar 12 12:44:28 2006
@@ -0,0 +1,34 @@
+--- xinetd-2.3.12/xinetd/service.c.tcp_rpc	2003-06-27 21:05:06.000000000 -0400
++++ xinetd-2.3.12/xinetd/service.c	2004-01-29 23:09:29.000000000 -0500
+@@ -181,6 +181,9 @@
+    else
+       memset( &tsin, 0, sizeof(tsin));
+ 
++   if ( SC_PROTOVAL ( scp ) == IPPROTO_TCP ) {
++      M_SET ( scp->sc_xflags, SF_NOLIBWRAP );
++   }
+    if( SC_IPV4( scp ) ) {
+       tsin.sa_in.sin_family = AF_INET ;
+       sin_len = sizeof(struct sockaddr_in);
+--- xinetd-2.3.12/xinetd/xinetd.conf.man.tcp_rpc	2004-01-30 12:38:59.000000000 -0500
++++ xinetd-2.3.12/xinetd/xinetd.conf.man	2004-01-30 12:43:50.000000000 -0500
+@@ -123,6 +123,8 @@
+ to the service.  This may be needed in order to use libwrap functionality
+ not available to long-running processes such as xinetd; in this case,
+ the tcpd program can be called explicitly (see also the NAMEINARGS flag).
++For RPC services using TCP transport, this flag is automatically turned on,
++because xinetd cannot get remote host address information for the rpc port.
+ .TP
+ .B SENSOR
+ This replaces the service with a sensor that detects accesses to the 
+@@ -1215,6 +1217,10 @@
+ access control on the address of the remote host is not performed when
+ \fIwait\fP is \fIyes\fP and \fIsocket_type\fP is \fIstream\fP.
+ .LP
++The NOLIBWRAP flag is automatically turned on for RPC services whose
++\fIsocket_type\fP is \fIstream\fP because xinetd cannot determine the
++address of the remote host.
++.LP
+ If the 
+ .B INTERCEPT
+ flag is not used,
================================================================

More information about the pld-cvs-commit mailing list