Commit Graph

3 Commits

Author SHA1 Message Date
David Malone
c268f6e47c Stop the tcp_wrappers ident code sending a request which is split
across several packets. This is done by not turning off buffering
on the stdio stream for the ident connection. Originally this was
done to avoid reading back what you'd just written into the buffer.
However ANSI C gives a list of functions which should allow you to
safely change direction on a stdio stream, and Wietse found that
fseek seemed to be the most portable.

The original patch used a different workaround, but this should be
a real fix.

PR:		16086
Reviewed by:	wietse@porcupine.org
(Original version) Approved by:	markm
2000-07-14 15:07:37 +00:00
Yoshinobu Inoue
8053080cbc Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it.
Now when tcp_wrapper is enabled by inetd -wW,
  several accesses which should be permitted are refused only for IPv6,
  if hostname is used to decide the host to be allowed.
  IPv6 users will be just upset.

  About security related concern.
    -All extensions are wrapped by #ifdef INET6, so people can completely
     disable the extension by recompile libwrap without INET6 option.
    -Access via IPv6 is not enabled by default.
     People need to enable IPv6 access by changing /etc/inetd.conf at first,
     by adding tcp6 and/or tcp46 entries.
    -The base of patches are from KAME package and are actually daily used
     for more than a year in several Japanese IPv6 environments.
    -Patches are reviewed by markm.

Approved by: jkh

Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: markm
Obtained from: KAME project
2000-02-03 10:27:03 +00:00
Mark Murray
2aef693010 Clean import of TCP-wrappers by Wietse Venema.
Rest of build to follow.
1999-03-14 17:13:19 +00:00