# @(#) Makefile.dist 1.1 93/03/07 22:47:45
# 
# If you did not already do so, copy the file Makefile.dist to Makefile
# and edit the copy, not the original. Have a copy of the README file at
# hand while editing. It gives some additional background.
#
# For your convenience, all configurable parameters have been moved into
# the Makefile, so that you do not have to hack the source files anymore.
#
# Some parameters must always be set to match the operating environment.
# Other parameter settings are a matter of taste. Their sections headings
# are labeled "(Optional)". The defaults correspond to the programs as
# documented in the manual pages.

######################################################
# Choice between easy and advanced installation recipe
# 
# According to the easy installation recipe in the README file, vendor-
# provided network daemons are moved to "some other" directory, and the
# tcpd wrapper fills in the "holes". For this mode of operation, the
# REAL_DAEMON_DIR macro should be set to the "some other" directory.
# Uncomment the appropriate line. The "..." is here for historical
# reasons only; you will probably want to use some other name. Watch out
# for the quotes and backslashes.

#REAL_DAEMON_DIR=\"/usr/etc/...\"	# BSD 4.3 Ultrix 4.x SunOS 4.x
#REAL_DAEMON_DIR=\"/usr/sbin/...\"	# SysV.4 Solaris 2.x
#REAL_DAEMON_DIR=\"/usr/libexec/...\"	# BSD 4.4

# According to the advanced installation recipe, vendor-provided daemons
# are left alone, and the inetd file is edited instead. In that case, the
# REAL_DAEMON_DIR macro should reflect the actual directory with (most of)
# your vendor-provided network daemons.  Uncomment the appropriate line.

REAL_DAEMON_DIR=\"/usr/etc\"		# BSD 4.3 Ultrix 4.x SunOS 4.x
#REAL_DAEMON_DIR=\"/usr/sbin\"		# SysV.4 Solaris 2.x
#REAL_DAEMON_DIR=\"/usr/libexec\"	# BSD 4.4

#########################################################
# Differences between ranlib(1) and ar(1) implementations
#
# Some C compilers (Ultrix 4.x) insist that ranlib(1) be run on an object
# library; some don't care as long as the modules are in the right order;
# some systems don't even have a ranlib(1) command. SGI IRIX uses the 's'
# option to the 'ar' command instead. Make your choice.

RANLIB	= ranlib	# have ranlib (BSD-ish UNIX)
#RANLIB	= echo		# no ranlib (SYSV-ish UNIX)

ARFLAGS	= rv		# OK for most systems
#ARFLAGS= rvs		# ranlib flag for 'ar' on IRIX 4.0.x

#######################################################
# Routines that are not present in the system libraries
# 
# The strcasecmp.c file provided with this package comes from 4.3+BSD
# UNIX. The setenv.c module is a re-implementation of the 4.4 BSD one.
# strtok.c comes from 4.4BSD. 

#AUX_OBJ	= setenv.o			# no setenv(3)
#AUX_OBJ= setenv.o strcasecmp.o		# no setenv(3) and no strcasecmp(3)
#AUX_OBJ= setenv.o strcasecmp.o strtok.o

# While building the file strcasecmp.o, the compiler may complain that
# u_char is undefined. Uncomment the following definition for a fix.
#
#UCHAR	= -Du_char="unsigned char"	# no u_char type

# Uncomment the following if your C library has index/rindex/bcmp
# but does not provide the strchr/strrchr/memcmp routines. If that
# is the case, you probably also do not have strtok() (see above).
#
#STRINGS= -Dindex=strchr -Drindex=strrchr -Dmemcmp=bcmp

###########################################
# Selection of non-default object libraries
#
# Many System-V versions require that you explicitly specify the networking
# libraries (for example, -lnet or -linet).
#
#LIBS	= -lsocket -lnsl	# SysV.4 Solaris 2.x
#LIBS	= -lsun			# IRIX

#########################
# Ultrix-specific section
#
# Ultrix users may want to use the miscd wrapper, too. The Ultrix miscd
# implements among others the SYSTAT service which runs the WHO command,
# and thus provides a subset of the finger service. The very first wrapper
# application (in the early hours of May 20, 1990) was to monitor SYSTAT.

#all:	tcpd try			# no Ultrix miscd
all:	tcpd try miscd			# Ultrix, monitor systat etc. too

#REAL_MISCD=\"/usr/etc/.../miscd\"	# easy installation
REAL_MISCD=\"/usr/etc/miscd\"		# advanced installation

################################
# System-specific compiler flags
#
# Apollo Domain/OS offers both bsd and sys5 environments, sometimes
# on the same machine.  If your Apollo is primarily sys5.3 and also
# has bsd4.3, uncomment the following to build under bsd and run under
# either environment.
#
#SYSTYPE= -A run,any -A sys,any

# For MIPS RISC/os 4_52.p3, uncomment the following definition.
#
#SYSTYPE= -sysname bsd43

############################
# Working around system bugs
#
# Some versions of Apollo or SYSV.4 UNIX have a bug in the getpeername(2)
# routine.  You may have this bug when the wrapper reports that all UDP
# connections come from address 0.0.0.0. Compile with -DGETPEERNAME_BUG
# for a workaround. The workaround does no harm on other systems. If in
# doubt, leave it in.
#
# Some System V versions (Solaris 2) have a problem in the recvfrom()
# emulation code.  You may have this bug when the wrapper programs
# complain about "unexpected address family 0" when processing an UDP
# request. Compile with -DRECVFROM_BUG for a workaround. The workaround
# does no harm on other systems. If in doubt, leave it in.
# 
# With some System V implementations (SCO UNIX 3.2v4), even compiling
# with -DRECVFROM_BUG does not solve the "address family 0" problem. If
# that is the case, compile with -DADDRESS_FAMILY_BUG instead.
#
# DG/UX 5.4.1 comes with an inet_ntoa() function that returns a structure
# instead of a long integer. Compile with -DINET_ADDR_BUG to work around
# this mutant behavour.

#BUGS	= -DGETPEERNAME_BUG -DRECVFROM_BUG # -DADDRESS_FAMILY_BUG

####################################################
# Whether or not your system has NIS (or YP) support
#
# If your system supports NIS or YP-style netgroups, enable the following
# macro definition. Netgroups are used only for host access control.
#
#NETGROUP= -DNETGROUP

# End of the required configuration options; all other ones are optional.
#########################################################################

################################################################
# Changing the default disposition of logfile records (Optional)
#
# By default, logfile entries are written to the same file as used for
# sendmail transaction logs. See your /etc/syslog.conf file for actual
# path names of logfiles. The tutorial section in the README file
# gives a brief introduction to the syslog daemon.
# 
# Change the FACILITY definition below if you disagree with the default
# disposition. Some syslog versions (including Ultrix 4.x) do not provide
# this flexibility.
# 
# If nothing shows up on your system, it may be that the syslog records
# are sent to a dedicated loghost. It may also be that no syslog daemon
# is running at all. The README file gives pointers to surrogate syslog
# implementations for systems that have no syslog library routines or
# no syslog daemons.
#
# The LOG_XXX names below are taken from the /usr/include/syslog.h file.

FACILITY= LOG_MAIL	# LOG_MAIL is what most sendmail daemons use

# The syslog priority at which successful connections are logged.

SEVERITY= LOG_INFO	# LOG_INFO is normally not logged to the console

#############################################
# Enabling remote username lookups (Optional)
#
# By default, the wrappers just report the remote host name (the host
# address if the host name lookup fails or times out).  Username lookups
# require that the remote host runs a daemon that supports a RFC 931 like
# protocol.  Remote user name lookups are not possible for UDP-based
# connections, and can cause noticeable delays with connections from
# non-UNIX PCs.  On some systems, remote username lookups can trigger a
# kernel bug, causing loss of service. The README file gives details on
# how to find out if your system has that problem.
# 
# Uncomment the following definition if the wrappers should always
# attempt to get the remote user name.
#
# The default username lookup timeout is 30 seconds.
#
#AUTH	= -DRFC931_TIMEOUT=30 -DRFC931

# The USER_AT_HOST feature does selective username lookups. It triggers
# on access control patterns of the form xxx@yyy. Until now, such
# patterns were not used, so that USER_AT_HOST does not break existing
# rules.
# 
# The feature is not documented and is not yet intended for general use,
# because it can complicate the design of access control tables.
# 
# With USER_AT_HOST enabled, remote username lookups are done only for
# user_pattern@host_pattern expressions in the access control files, but
# only when the host_pattern matches. Example: "ALL: @pcgroup ALL@ALL"
# avoids user name lookups for members of the pcgroup netgroup.  The
# user_pattern syntax is identical to that of host_pattern, but "ALL"
# is usually the only user_pattern that makes sense.
# 
# The default username lookup timeout is 30 seconds.
#
#AUTH	= -DRFC931_TIMEOUT=30 -DUSER_AT_HOST

########################################################
# Turning on experimental language extensions (Optional)
#
# Instead of the officially documented access control language, the
# software can be configured to implement a more experimental language
# that is easily extended. The experimental language is implemented by
# the "options.c" source module which also serves as its documentation.

STYLE	= -DOPTIONS_STYLE=shell_cmd		# The documented language
#STYLE	= -DOPTIONS_STYLE=process_options	# The experimental one

######################################################
# Changing the default file protection mask (Optional)
#
# On many systems, network daemons and other system processes are started
# with a zero umask value, so that world-writable files may be produced.
# It is a good idea to edit your /etc/rc* files so that they begin with
# an explicit umask setting.  On our site we use `umask 022' because it
# does not break anything yet gives adequate protection against tampering.
# 
# The following macro specifies the default umask for processes run under
# control of the daemon wrappers. Comment it out only if you are certain
# that inetd and its children are started with a safe umask value.

UMASK	= -DDAEMON_UMASK=022

#######################################
# Turning off access control (Optional)
#
# By default, host access control is enabled.  To disable host access
# control, comment out the following definition.  Host access control
# can also be turned off at runtime by providing no or empty access
# control tables.

ACCESS	= -DHOSTS_ACCESS

########################################################
# Changing the access control table pathnames (Optional)
#
# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
# look for access control information. Watch out for the quotes and
# backslashes when you make changes.

TABLES	= -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"

###########################################
# Turning off host NAME checking (Optional)
#
# By default, the software tries to protect against hosts that claim to
# have someone elses host name. This is relevant for network services
# whose authentication depends on host names, such as rsh and rlogin.
#
# With paranoid mode on, connections will be rejected when the host name
# does not match the host address. Connections will also be rejected when
# the host name cannot be verified because gethostbyname() fails.
#
# Comment out the following definition if you do not need this additional
# protection. If paranoid mode is off, and a host name check fails, the
# daemon wrappers will use only the host address, but your daemons may
# still use the host name.

PARANOID= -DPARANOID

##############################################
# Turning off host ADDRESS checking (Optional)
#
# By default, the software tries to protect against hosts that pretend to
# have someone elses host address. This is relevant for network services
# whose authentication depends on host names, such as rsh and rlogin,
# because the network address is used to look up the remote host name.
# 
# The protection is effective only when the offending host claims to have
# a network address that lies outside its own network.
#
# My site has been running rlogind and rshd daemons that implement this
# feature for more than 2 years, and without any ill effects.
#
# Comment out the following definition if you do not need the additional
# protection.

KILL_OPT= -DKILL_IP_OPTIONS

## End configuration options
############################

CFLAGS	= -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
	$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) -DREAL_MISCD=$(REAL_MISCD) \
	-DREAL_DAEMON_DIR=$(REAL_DAEMON_DIR) $(STYLE) $(KILL_OPT) \
	-DSEVERITY=$(SEVERITY) $(UCHAR) $(TABLES) $(STRINGS)

LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o hosts_info.o \
	hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
	fromhost.o fix_options.o

KIT	= README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
	log_tcp.h try.c refuse.c Makefile.dist hosts_access.5 strcasecmp.c \
	BLURB rfc931.c tcpd.8 hosts_info.c hosts_access.3 hosts_ctl.c \
	percent_x.c options.c clean_exit.c setenv.c patchlevel.h strtok.c \
	fix_options.c inet_addr_fix

LIB	= libwrap.a

$(LIB):	$(LIB_OBJ)
	rm -f $(LIB)
	ar $(ARFLAGS) $(LIB) $(LIB_OBJ)
	$(RANLIB) $(LIB)

tcpd:	tcpd.o fromhost.o $(LIB)
	$(CC) $(CFLAGS) -o $@ tcpd.o fromhost.o $(LIB) $(LIBS)

miscd:	miscd.o fromhost.o $(LIB)
	$(CC) $(CFLAGS) -o $@ miscd.o fromhost.o $(LIB) $(LIBS)

try:	try.o $(LIB)
	$(CC) $(CFLAGS) -o $@ try.o $(LIB) $(LIBS)

fromhost: fromhost.c log_tcp.h Makefile $(LIB)
	$(CC) $(CFLAGS) -DTEST -o fromhost fromhost.c $(LIB) $(LIBS)
	rm -f fromhost.o

shar:	$(KIT)
	@shar $(KIT)

kit:	$(KIT)
	@makekit $(KIT)

archive:
	$(ARCHIVE) $(KIT)

clean:
	rm -f tcpd miscd try fromhost *.[oa] core

# Enable all bells and whistles for linting.

lint: tcpd_lint miscd_lint try_lint

tcpd_lint:
	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
	-DUSER_AT_HOST -DKILL_IP_OPTIONS -DOPTIONS_STYLE=process_options \
	tcpd.c fromhost.c hosts_access.c shell_cmd.c refuse.c rfc931.c \
	hosts_info.c percent_x.c clean_exit.c options.c setenv.c fix_options.c

miscd_lint:
	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
	-DUSER_AT_HOST -DKILL_IP_OPTIONS -DOPTIONS_STYLE=process_options \
	miscd.c fromhost.c hosts_access.c shell_cmd.c refuse.c rfc931.c \
	hosts_info.c percent_x.c clean_exit.c options.c setenv.c fix_options.c

try_lint:
	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DNETGROUP try.c \
	hosts_ctl.c hosts_access.c hosts_info.c percent_x.c

# Compilation dependencies.

clean_exit.o: log_tcp.h Makefile
fix_options.o: log_tcp.h Makefile
fromhost.o: log_tcp.h Makefile
hosts_access.o: log_tcp.h Makefile
hosts_ctl.o: log_tcp.h Makefile
hosts_info.o: log_tcp.h Makefile
miscd.o: patchlevel.h log_tcp.h Makefile
options.o: log_tcp.h Makefile
percent_x.o: log_tcp.h Makefile
refuse.o: log_tcp.h Makefile
rfc931.o: log_tcp.h Makefile
shell_cmd.o: log_tcp.h Makefile
tcpd.o: patchlevel.h log_tcp.h Makefile
try.o: log_tcp.h Makefile
