Makefile revision 72398d67cd37f6af5332ce68e72f5b7083ae1d6f
0N/A#
3254N/A# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
0N/A# Use is subject to license terms.
0N/A#
0N/A# ident "%Z%%M% %I% %E% SMI"
0N/A#
0N/A
0N/APROG = safe_finger tcpd tcpdchk tcpdmatch try-from
0N/A
0N/Ainclude ../Makefile.cmd
0N/A
0N/AERROFF = -erroff=E_FUNC_HAS_NO_RETURN_STMT \
0N/A -erroff=E_IMPLICIT_DECL_FUNC_RETURN_INT \
0N/A -_gcc=-Wno-return-type -_gcc=-Wno-implicit
0N/ACFLAGS += $(CCVERBOSE) $(ERROFF)
0N/ACPPFLAGS += $(ACCESS) $(PARANOID) $(NETGROUP) $(TLI) \
0N/A $(UMASK) $(STYLE) $(TABLES) $(KILL_OPT) $(BUGS) \
0N/A -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
1472N/A -DFACILITY=$(FACILITY) -DSEVERITY=$(SEVERITY) \
1472N/A -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
1472N/A -I$(ROOTSFWINCLUDE) -I../../lib/libwrap
0N/Atcpd tcpdmatch try-from := \
0N/A LDLIBS += -R$(SFW_ROOT)/lib -L$(ROOTSFWLIB) -lwrap
0N/Atcpdchk := \
1879N/A LDLIBS += -R$(SFW_ROOT)/lib -L$(ROOTSFWLIB) -lwrap -lnsl
1879N/A
1879N/A# SRCONLY files are not used for building but are included in the source code
1879N/A# package SUNWtcpdS for consistency and completeness with respect to the
1879N/A# public tcp_wrappers distribution.
1879N/ASRCONLY = BLURB Banners.Makefile CHANGES DISCLAIMER Makefile \
1879N/A Makefile.dist Makefile.org README README.IRIX README.NIS \
1879N/A README.ipv6 hosts_access.c.org misc.c.org miscd.c myvsyslog.c \
1879N/A ncr.c printf.ck ptx.c rfc931.c.org scaffold.c.org \
1879N/A socket.c.diff socket.c.org strcasecmp.c tags tcpd.h.org \
1879N/A tcpdchk.c.org tcpdmatch.c.org tli-sequent.c tli-sequent.h \
0N/A tli.c.org update.c.org vfprintf.c
1879N/A
0N/AMANDIRS = man3 man4 man1m
0N/AMANPAGES = man3/hosts_access.3 man3/libwrap.3 man4/hosts_access.4 \
0N/A man4/hosts_options.4 man4/hosts.allow.4 man4/hosts.deny.4 \
0N/A man1m/tcpd.1m man1m/tcpdchk.1m man1m/tcpdmatch.1m
0N/ADISTFILES = environ.c fakelog.c hosts_access.3 hosts_access.4 \
0N/A hosts_options.4 inetcf.c inetcf.h safe_finger.c scaffold.c \
0N/A scaffold.h tcpd.1m tcpd.c tcpdchk.1m tcpdchk.c tcpdmatch.1m \
0N/A tcpdmatch.c try-from.c README.sfw $(SRCONLY)
0N/A
0N/AROOTSFWSRC = $(ROOTSFWSHSRC)/tcp_wrappers
0N/AROOTSFWSBINPROG = $(PROG:%=$(ROOTSFWSBIN)/%)
0N/AROOTSFWMANPAGES = $(MANPAGES:%=$(ROOTSFWMAN)/%)
0N/AROOTSFWMANDIRS = $(MANDIRS:%=$(ROOTSFWMAN)/%)
0N/AROOTSFWSRCFILES = $(DISTFILES:%=$(ROOTSFWSRC)/%)
0N/A
0N/A.KEEP_STATE:
164N/A
0N/Aall: $(PROG)
168N/A
0N/Ainstall: all $(ROOTSFWSBINPROG) $(ROOTSFWMANPAGES) $(ROOTSFWSRCFILES)
0N/A
0N/Aclean:
0N/A $(RM) *.o
0N/A $(RM) -r sunman
0N/A
0N/Alint: lint_PROG
0N/A
0N/A$(ROOTSFWSBINPROG): $(ROOTSFWSBIN)
0N/A$(ROOTSFWSBIN): $(ROOTSFW)
0N/A $(INS.dir)
0N/A$(ROOTSFWSBIN)/% : %
0N/A $(INS.file)
0N/A
0N/A# These Solaris-specific man page aliases are installed verbatim.
0N/Asunman/libwrap.3: libwrap.3
0N/A mkdir -p sunman; cat libwrap.3 > $@
0N/Asunman/hosts.allow.4: hosts.allow.4
0N/A mkdir -p sunman; cat hosts.allow.4 > $@
0N/Asunman/hosts.deny.4: hosts.deny.4
0N/A mkdir -p sunman; cat hosts.deny.4 > $@
0N/A
0N/A# The rest of the man pages are in the form provided in the original
0N/A# distribution, but get edited and renamed to follow Solaris man page
0N/A# conventions. E.g. tcpd.8 gets installed as /usr/sfw/man/man1m/tcpd.1m.
0N/A# Create temporary copies in the sunman directory with modified names
605N/A# and contents. The sed program man.sed contains the content edits.
0N/A
0N/Asunman/%.1m: %.8
0N/A mkdir -p sunman; sed -f man.sed < $< > $@
0N/Asunman/%.4: %.5
0N/A mkdir -p sunman; sed -f man.sed < $< > $@
0N/Asunman/%.3: %.3
0N/A mkdir -p sunman; sed -f man.sed < $< > $@
0N/A
0N/A$(ROOTSFWMANPAGES) := FILEMODE = 0444
0N/A$(ROOTSFWMANPAGES): $(ROOTSFWMANDIRS) $(ROOTSFW)/man
0N/A$(ROOTSFWMANDIRS): $(ROOTSFWMAN)
0N/A $(INS.dir)
0N/A$(ROOTSFWMAN): $(ROOTSFW)/share
0N/A $(INS.dir)
0N/A$(ROOTSFW)/man: $(ROOTSFW)
0N/A $(SYMLINK) share/man $@ $(CHOWNLINK) $(CHGRPLINK)
0N/A$(ROOTSFWMAN)/man1m/% $(ROOTSFWMAN)/man3/% $(ROOTSFWMAN)/man4/%: sunman/%
0N/A $(INS.file)
0N/A
0N/A$(ROOTSFWSRCFILES) := FILEMODE = 0444
0N/A$(ROOTSFWSRCFILES): $(ROOTSFWSRC)
0N/A$(ROOTSFWSRC): $(ROOTSFWSHSRC)
0N/A $(INS.dir)
0N/A$(ROOTSFWSHSRC): $(ROOTSFW)/share
0N/A $(INS.dir)
0N/A$(ROOTSFWSRC)/%: %.sfwsrc
0N/A $(INS.rename)
0N/A$(ROOTSFWSRC)/%: sunman/%
0N/A $(INS.file)
305N/A$(ROOTSFWSRC)/%: %
305N/A $(INS.file)
0N/A
0N/A$(ROOTSFW)/share: $(ROOTSFW)
0N/A $(INS.dir)
0N/A$(ROOTSFW):
0N/A $(INS.dir)
0N/A
0N/ATCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
0N/A
0N/Atcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
0N/A $(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS)
0N/A $(POST_PROCESS)
0N/A
0N/Atry-from: try-from.o fakelog.o $(LIB)
0N/A $(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS)
0N/A $(POST_PROCESS)
0N/A
0N/ATCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
0N/A
0N/Atcpdchk: $(TCPDCHK_OBJ) $(LIB)
0N/A $(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS)
0N/A $(POST_PROCESS)
0N/A
0N/Ainclude ../Makefile.targ
0N/A
0N/A
755N/A# The rest of this file contains definitions more-or-less directly from the
755N/A# original Makefile of the tcp_wrappers distribution.
755N/A
755N/A##############################
0N/A# System parameters appropriate for Solaris 9
0N/A
0N/AREAL_DAEMON_DIR = /usr/sbin
0N/ATLI = -DTLI
0N/ANETGROUP = -DNETGROUP
0N/A
0N/A##############################
0N/A# Start of the optional stuff.
0N/A
0N/A###########################################
0N/A# Optional: Turning on language extensions
0N/A#
0N/A# Instead of the default access control language that is documented in
0N/A# the hosts_access.5 document, the wrappers can be configured to
0N/A# implement an extensible language documented in the hosts_options.5
0N/A# document. This language is implemented by the "options.c" source
0N/A# module, which also gives hints on how to add your own extensions.
0N/A# Uncomment the next definition to turn on the language extensions
0N/A# (examples: allow, deny, banners, twist and spawn).
0N/A#
0N/ASTYLE = -DPROCESS_OPTIONS # Enable language extensions.
0N/A
0N/A################################################################
0N/A# Optional: Changing the default disposition of logfile records
0N/A#
0N/A# By default, logfile entries are written to the same file as used for
0N/A# sendmail transaction logs. See your /etc/syslog.conf file for actual
0N/A# path names of logfiles. The tutorial section in the README file
0N/A# gives a brief introduction to the syslog daemon.
0N/A#
0N/A# Change the FACILITY definition below if you disagree with the default
0N/A# disposition. Some syslog versions (including Ultrix 4.x) do not provide
0N/A# this flexibility.
0N/A#
0N/A# If nothing shows up on your system, it may be that the syslog records
0N/A# are sent to a dedicated loghost. It may also be that no syslog daemon
0N/A# is running at all. The README file gives pointers to surrogate syslog
0N/A# implementations for systems that have no syslog library routines or
0N/A# no syslog daemons. When changing the syslog.conf file, remember that
0N/A# there must be TABs between fields.
0N/A#
0N/A# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
0N/A
0N/AFACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
0N/A
0N/A# The syslog priority at which successful connections are logged.
0N/A
0N/ASEVERITY= LOG_INFO # LOG_INFO is normally not logged to the console
0N/A
0N/A######################################################
0N/A# Optional: Changing the default file protection mask
0N/A#
0N/A# On many systems, network daemons and other system processes are started
0N/A# with a zero umask value, so that world-writable files may be produced.
0N/A# It is a good idea to edit your /etc/rc* files so that they begin with
0N/A# an explicit umask setting. On our site we use `umask 022' because it
0N/A# does not break anything yet gives adequate protection against tampering.
0N/A#
0N/A# The following macro specifies the default umask for processes run under
164N/A# control of the daemon wrappers. Comment it out only if you are certain
0N/A# that inetd and its children are started with a safe umask value.
0N/A
0N/AUMASK = -DDAEMON_UMASK=022
0N/A
0N/A#######################################
0N/A# Optional: Turning off access control
0N/A#
0N/A# By default, host access control is enabled. To disable host access
0N/A# control, comment out the following definition. Host access control
0N/A# can also be turned off at runtime by providing no or empty access
0N/A# control tables.
0N/A
0N/AACCESS = -DHOSTS_ACCESS
0N/A
0N/A####################################################
0N/A# Optional: dealing with host name/address conflicts
0N/A#
0N/A# By default, the software tries to protect against hosts that claim to
0N/A# have someone elses host name. This is relevant for network services
0N/A# whose authentication depends on host names, such as rsh and rlogin.
0N/A#
0N/A# With paranoid mode on, connections will be rejected when the host name
0N/A# does not match the host address. Connections will also be rejected when
0N/A# the host name is available but cannot be verified.
0N/A#
0N/A# Comment out the following definition if you want more control over such
0N/A# requests. When paranoid mode is off and a host name double check fails,
0N/A# the client can be matched with the PARANOID access control pattern.
0N/A#
0N/A# Paranoid mode implies hostname lookup. In order to disable hostname
0N/A# lookups altogether, see the next section.
0N/A
0N/APARANOID= -DPARANOID
0N/A
0N/A# The default username lookup timeout is 10 seconds. This may not be long
0N/A# enough for slow hosts or networks, but is enough to irritate PC users.
0N/A
0N/ARFC931_TIMEOUT = 10
0N/A
0N/A########################################################
0N/A# Optional: Changing the access control table pathnames
0N/A#
0N/A# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
0N/A# look for access control information. Watch out for the quotes and
0N/A# backslashes when you make changes.
0N/A
0N/ATABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
0N/A
0N/A#############################################
0N/A# Optional: Turning on host ADDRESS checking
0N/A#
0N/A# Optionally, the software tries to protect against hosts that pretend to
0N/A# have someone elses host address. This is relevant for network services
0N/A# whose authentication depends on host names, such as rsh and rlogin,
0N/A# because the network address is used to look up the remote host name.
0N/A#
0N/A# The protection is to refuse TCP connections with IP source routing
0N/A# options.
0N/A#
0N/A# This feature cannot be used with SunOS 4.x because of a kernel bug in
0N/A# the implementation of the getsockopt() system call. Kernel panics have
0N/A# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
0N/A# fault" while executing the tcp_ctloutput() kernel function.
0N/A#
0N/A# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
0N/A#
0N/A# Uncomment the following macro definition if your getsockopt() is OK.
0N/A#
0N/A# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
0N/A# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
0N/A# Solaris 2.x, and Linux. See your system documentation for details.
0N/A#
0N/A# KILL_OPT= -DKILL_IP_OPTIONS
0N/A
0N/A## End configuration options
0N/A############################
0N/A