You can define here what is acceptable as a password. You control the minimum length and the number of non alpha characters. By forcing passwords made with other characters, you encourage the choice of better passwords (hard to guess and crack).

Note that this is not effective on PAM aware systems such as ! Red Hat 5. The PAM library has its own set of rules to accept/reject a new password.

Note that this is not effective on PAM aware systems such as ! Red Hat. The PAM library has its own set of rules to accept/reject a new password. +

1.2 Private group +

When this feature is enabled, Linuxconf will create a group + having the same name as the user account, unless a group + is specified. The dialog for a new account appears with the + group field empty. +

This feature is not effective for special accounts such as POP and + PPP accounts since those accounts are assigned to a specific group + (popusers and pppusers). +

Note also that this feature does not prevent you from assigning the + group you want to an account. If the group does not exist, you will have + the opportunity to create it on the fly. +

1.3 Default base directory for homes +

Specify the base directory which will be used to create new + user accounts. It defaults to /home. +

1.4 Creation permissions +

This control how the home directory are created. You must enter + an octal number representing three triplets. Each triplet represents + the bits for read, write and execute(lookup). The first triplet + sets the owner access and we generally enter 7 there (the owner has + full access in his home directory. The second triplet represents the + group access. The last triplet represents the access for everybody else. +

In general, a value of 750 is suitable. This means that the owner has + full access and members of his group have read and lookup access. +

1.5 Show the shadow parameters +

This control the visibility of the parameters defined in /etc/shadow. + A complete section of a user account is either shown or hidden. +

The check-box is there to simplify the user account dialog, since the + shadow parameters are seldom used. +

1.6 May change the HOME directory path +

This check-box control the visibility of the home directory field in + the user account dialog. When this check-box is UN-set, the field is + not accessible anymore. New accounts are always created in the default + directory (you can setup one defaults directory per group) and can't + be changed from Linuxconf. +

The check-box is there to simplify the user account dialog, since the + home directory is seldom changed on a per user basis. +

Note that the account numerical id visibility is also controlled by + this check-box. +

1.7 May change the login shell +

This check-box control the visibility of the login shell field. + This is there to simplify the user account dialog, especially in the + case where the administrator has defined only one available shell.

2. Private group

When this feature is enabled, linuxconf will create a group ! having the same name as the user account, unless a group ! is specified. The dialog for a new account appears with the ! group field empty. !

This feature is not effective for special accounts such as POP and ! PPP accounts since those accounts are assigned to a specific group ! (popusers and pppusers). !

Note also that this feature does not prevent you from assigning the ! group you want to an account. If the group does not exist, you will have ! the opportunity to create it on the fly.

2. Account defaults

When using shadow passwords, you have control of both the ! password expiration date and also of the account expiration date. ! You can set defaults here. They will be used to setup new accounts. !

Note that this section only shows up if you have enabled shadow ! password. Some Linux distributions do not support shadow passwords. ! Others do not install them by default. Linuxconf adapts ! to this situation on the fly.

3. Default base dir for homes

Specify the base directory which will be used to create new ! user accounts. It defaults to /home.

3. User defined account management commands

When Linuxconf creates or deletes user accounts, it calls various ! scripts. You can override these scripts by entering the path to your ! own versions. You can also disable this process by erasing the path. ! Linuxconf provides default values for some of these scripts. !

3.1 Command line arguments !

Linuxconf always calls the scripts with the same command line. It ! is built with the following arguments. !

3.2 Delete account command !

This command (if non empty) is used to delete the account data: the ! HOME directory and the mail in-box folder. When you delete an account, ! a pop-up dialog lets you pick the proper action: Archive the data, ! delete or leave in place. ! A default delete command is supplied, but you can define a new one. !

3.3 Archive account command !

A default archiving command is supplied. It preserves the HOME ! directory and the mail in-box folder in a compressed tar file. This ! file is stored in /home/oldaccounts. The name of the file has the ! following format !

The PID is simply the process ID of the archive command. This is used ! to make the name fully unique. !

Files archived in /home/oldaccounts are left there forever. You may ! want to clean out the old ones from time to time, according to the ! administration policies applying to your organization. !

3.4 Post-create command !

Each time you create a user account, a command may be executed. You ! must specify here the absolute path of the command as well as any ! arguments. !

Note that this command is called after the account has been created ! and committed in the password database (/etc/passwd). The ! output and error codes of the command are logged in the ! "Linuxconf's logs". !

3.5 Pre-delete command !

You can specify a command which is executed before the account ! is removed from the password database (/etc/passwd). ! Output and error codes are also logged. If any error is detected, the ! user will be allowed to see the logs and will be asked if the accounts ! should be deleted. !

1. Principles

Linux offers a standard set of services from the box. These include + web-server, telnet, ftp etc. These are normally enabled as default. It + may be hard for beginners to determine what these services offer and + why they should be inaccessible from the internet. +

This firewall first determines which these services are by looking at + listening services. This list is presented with a button to click + if the service is to be accessible from the internet. +

If the computer offer no services to the internet it may still be a + good idea to at least enable one service. That is 113/auth as this + will enable other systems to determine who you are when you make + connections to them. +

2. Input deny

All input to the internet interface will at first be denied. Ports which + are enabled will then be opened and last all ports above 1024 will be + opened (these ports will be used for local access toward internet). +

Any new service which is started in the computer later on will be + inaccessible from the internet until the corresponding port is opened. +

3. Masquerading

This firewall assumes (for now) that you have a local network + with access to the internet. So masquerading + is done. This is a technique which enables any computer on the local + network to access the internet without letting anyone know you have + more than one computer. +

4. Forwarding

This firewall also assumes (for now) that forwarding should be enabled in + Linux. Otherwise no host on the local network will be able to + reach the internet. +

5. Dynamic ip addresses

Dial up connections usually result in different ip addresses for each + connection. So there is no way to determine once and for all what address + you will get once connected to the internet. In this case the firewall + must be activated the moment the connection is made and the address is + known. The script /etc/ppp/ip-up (and /etc/ppp/ip-up.local for RedHat) + knows the address and will be able to start the firewall. +

Firewall activation is not inserted in this script (at the moment) so + this will have to be done manually. +

6. Static ip addresses

If a static ip address can be used (as will be the case of a direct + connection) the firewall can be started at boot time through + a rc-script. +

7. The executable script

This firewall results in an executable script which can run either for + a static address or a dynamic address. Usage: +

The stop options removes all firewall rules (but still enables + masquerading). +

Internet firewall

Introduction

5. Dynamic ip addresses

6. Static ip addresses

7. The executable script

+ Internet firewall + <author>Introduction + <abstract> + The moment a computer is attached to the internet it is possible for any + number of users on the net to make connections to it. Not everyone + has good intentions. This simple internet firewall is meant for those + wanting contact to the internet but have an uncomplicated set of + services to offer to others. I would imagine this covers more than + 90% of all internet servers. + </abstract> + + <sect>Principles + <p> + <em/Linux/ offers a standard set of services from the box. These include + web-server, telnet, ftp etc. These are normally enabled as default. It + may be hard for beginners to determine what these services offer and + why they should be inaccessible from the internet. + <p> + This firewall first determines which these services are by looking at + listening services. This list is presented with a button to click + if the service is to be accessible from the internet. + <p> + If the computer offer no services to the internet it may still be a + good idea to at least enable one service. That is 113/auth as this + will enable <em/other/ systems to determine who <em/you/ are when you make + connections to <em/them/. + + <sect>Input deny + <p> + All input to the internet interface will at first be denied. Ports which + are enabled will then be opened and last all ports above 1024 will be + opened (these ports will be used for local access toward internet). + <p> + Any new service which is started in the computer later on will be + inaccessible from the internet until the corresponding port is opened. + + <sect>Masquerading + <p> + This firewall assumes (for now) that you have a local network + with access to the internet. So masquerading + is done. This is a technique which enables any computer on the local + network to access the internet without letting anyone know you have + more than one computer. + + <sect>Forwarding + <p> + This firewall also assumes (for now) that forwarding should be enabled in + <em/Linux/. Otherwise no host on the local network will be able to + reach the internet. + + <sect>Dynamic ip addresses + <p> + Dial up connections usually result in different ip addresses for each + connection. So there is no way to determine once and for all what address + you will get once connected to the internet. In this case the firewall + must be activated the moment the connection is made and the address is + known. The script /etc/ppp/ip-up (and /etc/ppp/ip-up.local for RedHat) + knows the address and will be able to start the firewall. + <p> + Firewall activation is not inserted in this script (at the moment) so + this will have to be done manually. + <p> + + <sect>Static ip addresses + <p> + If a static ip address can be used (as will be the case of a direct + connection) the firewall can be started at boot time through + a rc-script. + + <sect>The executable script + <p> + This firewall results in an executable script which can run either for + a static address or a dynamic address. Usage: + <p> + /usr/lib/linuxconf/lib/inetdconfFW.sh start interface ip-address + <p> + or + <p> + /usr/lib/linuxconf/lib/inetdconfFW.sh stop + <p> + The stop options removes all firewall rules (but still enables + masquerading). + + </article> *** 1.17r3/linuxconf/help.files/sources/inetdconf/hostsallow-1.html --- 1,17r4/linuxconf/help.files/sources/inetdconf/hostsallow-1.html Wed Feb 16 14:21:57 2000 *************** *** 0 **** --- 1,26 ---- + <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> + <HTML> + <HEAD> + <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> + <TITLE>Hosts allow and deny: Server + + + + + + Next + Previous + Contents +

1. Server

+ +

The name of the server is specified. It is possible to enter several + servers. But only servers in the list are acceptable. These servers + are started by tcpd through inetd. +

+ Next + Previous + Contents + + *** 1.17r3/linuxconf/help.files/sources/inetdconf/hostsallow-2.html --- 1,17r4/linuxconf/help.files/sources/inetdconf/hostsallow-2.html Wed Feb 16 14:21:57 2000 *************** *** 0 **** --- 1,25 ---- + + + + + Hosts allow and deny: Client systems + + + + + + Next + Previous + Contents +

2. Client systems

+ +

Enter the names of clients which are allowed or denied. It is possible to + enter several clients or enter the keywoard ALL. +

+ Next + Previous + Contents + + *** 1.17r3/linuxconf/help.files/sources/inetdconf/hostsallow-3.html --- 1,17r4/linuxconf/help.files/sources/inetdconf/hostsallow-3.html Wed Feb 16 14:21:57 2000 *************** *** 0 **** --- 1,23 ---- + + + + + Hosts allow and deny: Optional command + + + + + Next + Previous + Contents +

3. Optional command

+ +

Any command can be executed when the filter is applied. +

+ Next + Previous + Contents + + *** 1.17r3/linuxconf/help.files/sources/inetdconf/hostsallow.help --- 1,17r4/linuxconf/help.files/sources/inetdconf/hostsallow.help Wed Feb 16 14:21:53 2000 *************** *** 0 **** --- 1,66 ---- + Hosts allow and deny + Introduction + + + This is the last line of defence against unwanted visitors for ser- + vices which are started by tcpd through inetd. This is where it is + possible to allow or deny connections based on the source of the + requests. + + 11.. SSeerrvveerr + + The name of the server is specified. It is possible to enter several + servers. But only servers in the list are acceptable. These servers + are started by tcpd through inetd. + + + 22.. CClliieenntt ssyysstteemmss + + Enter the names of clients which are allowed or denied. It is possible + to enter several clients or enter the keywoard _A_L_L. + + + 33.. OOppttiioonnaall ccoommmmaanndd + + Any command can be executed when the filter is applied. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + *** 1.17r3/linuxconf/help.files/sources/inetdconf/hostsallow.html --- 1,17r4/linuxconf/help.files/sources/inetdconf/hostsallow.html Wed Feb 16 14:21:57 2000 *************** *** 0 **** --- 1,37 ---- + + + + + Hosts allow and deny + + + + + + Next + Previous + Contents +

Hosts allow and deny

+ +

Introduction

+ This is the last line of defence against unwanted visitors for services + which are started by tcpd through inetd. This is where it is possible + to allow or deny connections based on the source of the requests. +

1. Server

+ +

2. Client systems

+ +

3. Optional command

+ +

+ Next + Previous + Contents + + *** 1.17r3/linuxconf/help.files/sources/inetdconf/hostsallow.sgml --- 1,17r4/linuxconf/help.files/sources/inetdconf/hostsallow.sgml Wed Feb 16 14:21:23 2000 *************** *** 0 **** --- 1,26 ---- + +

+ Hosts allow and deny + <author>Introduction + <abstract> + This is the last line of defence against unwanted visitors for services + which are started by tcpd through inetd. This is where it is possible + to allow or deny connections based on the source of the requests. + </abstract> + + <sect>Server + <p> + The name of the server is specified. It is possible to enter several + servers. But only servers in the list are acceptable. These servers + are started by tcpd through inetd. + + <sect>Client systems + <p> + Enter the names of clients which are allowed or denied. It is possible to + enter several clients or enter the keywoard <em/ALL/. + + <sect>Optional command + <p> + Any command can be executed when the filter is applied. + + </article> *** 1.17r3/linuxconf/images/modemconf.xpm Sun Dec 12 22:07:40 1999 --- 1,17r4/linuxconf/images/modemconf.xpm Wed Feb 16 23:48:27 2000 *************** *** 55,59 **** "..................................................", "..................................................", "..................................................", ! ".................................................." ! }; --- 55,58 ---- "..................................................", "..................................................", "..................................................", ! ".................................................."}; *** 1.17r3/linuxconf/main/linuxconf.cc Fri Feb 4 16:55:00 2000 --- 1,17r4/linuxconf/main/linuxconf.cc Sun Feb 20 14:55:11 2000 *************** *** 344,350 **** } } SSTRING lang; ! char langmode = linuxconf_getlangmode(); dia.newf_chk ("",langmode,MSG_U(I_LANGMODE,"Automatic language selection")); lang.setfrom (linuxconf_getlangmanual()); comb = dia.newf_list (MSG_U(F_LANGAGE,"Language"),lang); --- 344,350 ---- } } SSTRING lang; ! char langmode = linuxconf_getlangmode() ? 1 : 0; dia.newf_chk ("",langmode,MSG_U(I_LANGMODE,"Automatic language selection")); lang.setfrom (linuxconf_getlangmanual()); comb = dia.newf_list (MSG_U(F_LANGAGE,"Language"),lang); *************** *** 370,378 **** } dia.newf_num (MSG_U(F_HTMLTIMEOUT,"Html timeout"),html_timeout); ! char usegui = (char)linuxconf_getguimode(); dia.newf_chk ("",usegui,MSG_U(F_USEGUI,"May use the GUI mode")); ! char usecol = (char)linuxconf_getcolormode(); dia.newf_chk ("",usecol,MSG_U(F_USECOLORS ,"May use the colors in text mode")); int trig = linuxconf_getprefixtrig(); --- 370,378 ---- } dia.newf_num (MSG_U(F_HTMLTIMEOUT,"Html timeout"),html_timeout); ! char usegui = linuxconf_getguimode() ? 1 : 0; dia.newf_chk ("",usegui,MSG_U(F_USEGUI,"May use the GUI mode")); ! char usecol = (char)linuxconf_getcolormode() ? 1 : 0; dia.newf_chk ("",usecol,MSG_U(F_USECOLORS ,"May use the colors in text mode")); int trig = linuxconf_getprefixtrig(); *************** *** 415,422 **** } linuxconf_setlang (lang.get()); linuxconf_setlangmode (langmode); ! linuxconf_setguimode(usegui); ! linuxconf_setcolormode(usecol); linuxconf_setprefixtrig(trig); html_setbodyparm (bodyparm.get()); dialog_setuselynx (uselynx != 0); --- 415,422 ---- } linuxconf_setlang (lang.get()); linuxconf_setlangmode (langmode); ! linuxconf_setguimode(usegui != 0); ! linuxconf_setcolormode(usecol != 0); linuxconf_setprefixtrig(trig); html_setbodyparm (bodyparm.get()); dialog_setuselynx (uselynx != 0); *** 1.17r3/linuxconf/main/main.cc Thu Jan 6 00:23:53 2000 --- 1,17r4/linuxconf/main/main.cc Mon Feb 21 11:33:39 2000 *************** *** 382,390 **** userconf_editupass(); }else if (strcmp(module_key,"userconf")==0){ userconf_main(0,NULL); - }else if (strncmp(module_key,"vuser-",6)==0){ - const char *tb[]={module_key+6}; - module_sendmessage ("editvdom",1,tb); }else if (strcmp(module_key,"listspc")==0){ userconf_listspc(); }else{ --- 382,387 ---- *** 1.17r3/linuxconf/messages/se/inetdconf.dic Fri Jan 21 17:20:42 2000 --- 1,17r4/linuxconf/messages/se/inetdconf.dic Wed Feb 16 16:56:16 2000 *************** *** 1,8 **** @version 3 !E_SERVERPATHINCORRECT :E Server path incorrect.\nFirst character must be a /\n ! :T S�kv�g till server-program fel.\n ! +M�ste b�rja med ett /\n !I_ETCHOSTSALLOWLIST :E This is the list of all services which\npresently are allowed in the system.\n :T Denna lista visar alla tj�nster som f�r n�rvarande\n --- 1,199 ---- @version 3 + !T_USAGE + :E Module inetdconf usage\n + +\n + + --enable service [service ...]\n + + --disable service [service ...]\n + :T Modul inetdconf kommandoalternativ\n + +\n + + --enable tj�nst [tj�nst ...]\n + + --disable tj�nst [tj�nst ...]\n + !P_EDITFIREWALL + :E change internet firewall + :T �ndra brandv�gg mot internet + !I_SCRIPT_CREATED + :E Executable script (%s) has been created.\n + +This script should be executed when the internet interface %s is brought up.\n + +\n + +For a dynamic ip address start it by (in %s):\n + +%s start $1 $4\n + +\n + +or for a static ip address in a rc-script:\n + +%s start %s %s\n + :T Exekverbart skript (%s) har skapats.\n + +Detta skript b�r startas n�r %s aktiveras.\n + +\n + +F�r en dynamisk ip-adress startas detta genom (i %s):\n + +%s start $1 $4\n + +\n + +eller f�r en statisk adress i ett rc-skript:\n + +%s start %s %s\n + !E_IP_DYNADDR + :E You want dynamic ip address but this is\nnot active in the kernel\n + :T Du vill ha en dynamisk ip-adress, men detta �r inte\n + +aktiverat i k�rnan.\n + !E_IP_FORWARD + :E Forwarding of ip traffic is not active in\n + +the kernel. This is not needed for the\n + +firewall but you will not reach the internet\n + +from a local network.\n + :T Vidarebefordran av ip-trafik �r inte aktivt i k�rnan.\n + +Detta beh�vs inte f�r brandv�ggen, men du kommer inte\n + +�t internet fr�n ett lokalt n�tverk.\n + !F_IP_FORWARD + :E Kernel ip forward + :T K�rnan vidarebefordrar ip-trafik: + !F_YES + :E Yes + :T Ja + !F_NO + :E No + :T Nej + !F_IP_DYNADDR + :E Kernel dynamic ip + :T K�rnan hanterar dynamiska adresser: + !E_NODEFAULT_ROUTE + :T Kan inte best�mma rutten till internet!\n + +S�kningen baseras p� att internet �r reservutg�ngen.\n + :E Can not determine the route to the internet!\n + +The search is based on internet being the default\n + +route.\n + !F_ACTIVE + :E Active + :T Aktiv + !E_ALLOWSERVICEMISSING + :E Server name is missing + :T Servernamn saknas + !I_INETD + :E This menu allows you to configure basic system services\n + +based on the internet super server inetd and do a\n + +simple firewall against the internet with internal\n + +masquerading of the local network.\n + +\n + +For servers which are started by inetd/tcpd it is also\n + +possible to allow or deny servers on a system basis. + :T Denna meny l�ter dig st�lla in grundl�ggande systemtj�nster\n + +baserade p� internet superserver inetd och g�ra en enkel\n + +brandv�gg mot internet med maskering av det lokala n�tverket.\n + !E_NOPORTLIST + :E No active services could be located in this system.\n + +If this is correct there is no need for a firewall.\n + :T Inga aktiva tj�nster funna i detta system.\n + +Om detta �r korrekt, s� beh�vs ingen brandv�gg.\n + !F_INTERNET_INTERFACE + :E Internet interface + :T Internet via enhet: + !F_INTERNET_IP + :E Internet ip address + :T IP-address mot internet: + # *** new message + !T_ACTIVE_SERVICES_TCP + :E TCP + :T TCP + # *** new message + !T_FIREWALL + :E Input firewall + :T Brandv�gg f�r indata + !T_ACTIVE_SERVICES_UDP + :E UDP + :T UDP + !I_FIREWALL + :E This simple input filter firewall for internet interface blocks every connection unless it is\n + +allowed in this dialog. Internal network is masqueraded and icmp is allowed. + :T Denna enkla brandv�gg med indatafilter mot internet blockerar varje uppkoppling\n + +s�vida den inte till�ts i denna dialog. Interna n�tverk maskeras och icmp till�ts. + !F_ENABLE_FIREWALL + :E Internet input filter firewall + :T Internet brandv�gg f�r indata: + !T_IN + :E in + :T i + !T_BY + :E by + :T av + !F_DYNAMIC_IP + :E Dynamic ip address + :T Dynamisk ip-adress: + !T_ALLOWED_SERVICES + :E Allowed services from the internet + :T Till�tna tj�nster fr�n internet + !T_INTERNET + :E Internet + :T Internet + !F_NETWORK_MASK + :E Network mask + :T N�tverksmask: + !F_NETWORK_ADDRESS + :E Network address + :T N�tverksadress: + !F_LOG_DENIED + :E Denied packets logged in system log + :T Blockerade paket loggas i systemlogg: + !M_FIREWALL + :E Internet firewall and masquerade + :T Internet brandv�gg och maskering + !T_BASICFWINFO + :E Basic information + :T Grundinformation + !E_OLD_KERNEL + :E Sorry, your kernel is too old for this function.\n + +Version at least 2.2.0 required\n + :T Tyv�rr �r din k�rna f�r gammal f�r denna funktion.\n + +Version m�ste vara minst 2.2.0.\n + !I_INTERFACE + :E Full access to this interface + :T Fullst�ndig tillg�ng denna enhet: + !I_ETCHOSTSDENYLIST + :E This is a list of all servers which\npresently are denied in the system.\n + :T Detta �r en lista �ver samtliga servers\n + +som just nu �r stoppade i detta system.\n + !T_ETCHOSTSDENYLIST + :E Denied servers + :T Stoppade servers + !T_ETCHOSTSDENY + :E Denied servers + :T Stoppade servers + !F_SERVER + :E Server + :T Server: + !F_HOSTSALLOWCLIENT + :E Client systems + :T Klientsystem: + !F_HOSTSALLOWCOMMAND + :E Optional command + :T Valfritt kommando: + !T_HOSTSALLOW + :E Allowed servers + :T Till�tna servers + !H_HOSTSALLOW + :E Service\tClient + :T Server\tKlient + !I_ADDHOSTSALLOW + :E Select [Add] to add a new server\n + :T V�lj [Addera] f�r att l�gga till en ny server\n + !T_HOSTSALLOWLIST + :E Allowed servers + :T Till�tna servers + !I_HOSTSALLOWLIST + :E This is a list of all servers which\npresently are allowed in the system.\n + :T Detta �r en lista �ver samtliga servers\n + +som just nu �r till�tna i detta system.\n + !M_HOSTSALLOW + :E Allowed server access + :T Till�ten serveranslutning + !M_HOSTSDENY + :E Denied server access + :T Stoppad serveranslutning + !E_NOT_UP + :E Route to the internet is not valid.\n + +Diald is running but the link is not active.\n + +Can not determine the route to the internet!\n + :T Rutt till internet �r inte giltig.\n + +Diald �r ig�ng men uppkopplingen �r inte aktiv.\n + +Kan inte best�mma rutten till internet!\n !E_SERVERPATHINCORRECT :E Server path incorrect.\nFirst character must be a /\n ! :T S�kv�g till server-program fel.\nM�ste b�rja med ett /\n !I_ETCHOSTSALLOWLIST :E This is the list of all services which\npresently are allowed in the system.\n :T Denna lista visar alla tj�nster som f�r n�rvarande\n *************** *** 38,46 **** !I_RUNNING :E On demand :T Vid behov - !F_ACTIVE - :E Enabled - :T Tillg�nglig !T_ACTIVE :E Enabled :T Tillg�nglig --- 229,234 ---- *************** *** 51,59 **** :T Detta �r listan �ver alla servers som f�r n�rvarande\n +finns tillg�ngliga i systemet. Dessa kan vara tillg�ngliga\n +eller ej.\n - !E_ALLOWSERVICEMISSING - :E Service name is missing - :T Namn f�r tj�nst saknas !E_ALLOWCLIENT :E Client name is missing :T Klientnamn saknas --- 239,244 ---- *************** *** 75,94 **** !M_INETDCONFS_INETD :E Internet servers database :T Databas internetservers - !T_USAGE - :E linuxconf --modulemain inetdconf usage\n - +\n - + inetdconf --enable service [service ...]\n - + inetdconf --disable service [service ...]\n - +\n - +Without arguments the modules main dialog is started.\n - :T linuxconf --modulemain inetdconf anv�ndning\n - +\n - +\n - + inetdconf --enable tj�nst [tj�nst ...]\n - + inetdconf --disable tj�nst [tj�nst ...]\n - +\n - +Utan argument startas modulens huvuddialog\n !F_NO_WAIT :E Yes (nowait) :T Ja (nowait) --- 260,265 ---- *************** *** 169,179 **** !T_INETD :E Internet super server :T Internet superserver - !I_INETD - :E This menu allows you to configure basic system services\n - +based on the internet super server inetd\n - :T Denna meny l�ter dig st�lla in grundl�ggande systemtj�nster\n - +baserade p� internet superserver inetd\n !F_SOCKET_TYPE :E Socket type :T Sockettyp --- 340,345 ---- *************** *** 252,254 **** --- 418,421 ---- !I_ADDETCSERVICE :E Select [Add] to add a new service.\n :T V�lj [Addera] f�r att l�gga till en ny tj�nst.\n + !P_EDITHOSTSALLOW *** 1.17r3/linuxconf/messages/sources/mailconf.dic Thu Jan 6 00:12:46 2000 --- 1,17r4/linuxconf/messages/sources/mailconf.dic Thu Feb 17 00:34:06 2000 *************** *** 531,536 **** --- 531,537 ---- + --delvdom domain\n + --addvuser domain id name\n + --delvuser domain id\n + + --generatecf\n + --setalias alias value ...\n + --setvalias alias vdomain value ...\n + --unsetalias alias [value] ...\n *** 1.17r3/linuxconf/messages/sources/userconf.dic Mon Dec 13 21:53:12 1999 --- 1,17r4/linuxconf/messages/sources/userconf.dic Tue Feb 22 17:22:50 2000 *************** *** 1,4 **** ! @version 14 !E_GROUPEXIST :E Group already exist\n !E_GROUPEXISTID --- 1,4 ---- ! @version 15 !E_GROUPEXIST :E Group already exist\n !E_GROUPEXISTID *************** *** 260,267 **** :E User account creation !F_WASCHG :E Last password change - !T_SHADEF - :E Account management defaults !F_STDDURATION :E Standard account duration !F_WASISDIS --- 260,265 ---- *************** *** 281,287 **** !T_IDENTIFY :E Change your password !I_IDENTIFY ! :E Enter you account id and your current password\n +followed by the new password you want. You must\n +enter it twice to make sure you have it right !E_IVLDUPASS --- 279,285 ---- !T_IDENTIFY :E Change your password !I_IDENTIFY ! :E Enter your account id and your current password\n +followed by the new password you want. You must\n +enter it twice to make sure you have it right !E_IVLDUPASS *************** *** 558,560 **** --- 556,566 ---- !N_MAXALTGR :E You have entered %d supplemental groups\n +The Linux kernel only support 32 by default + !I_SHOWSHADOW + :E Show the shadow parameters + !I_EDITHOME + :E May change the HOME directory path + !T_SCRIPTS + :E Scripts + !I_EDITSHELL + :E May change the login shell *** 1.17r3/linuxconf/messages/sources/inetdconf.dic Sun Jan 23 22:24:51 2000 --- 1,17r4/linuxconf/messages/sources/inetdconf.dic Wed Feb 16 22:58:33 2000 *************** *** 1,16 **** ! @version 8 !T_INETD :E Internet super server !T_USAGE ! :E linuxconf --modulemain inetdconf usage\n +\n ! + inetdconf --enable service [service ...]\n ! + inetdconf --disable service [service ...]\n ! +\n ! +Without arguments the modules main dialog is started.\n !I_INETD :E This menu allows you to configure basic system services\n ! +based on the internet super server inetd\n !F_SOCKET_TYPE :E Socket type !F_PROTOCOLS --- 1,19 ---- ! @version 16 !T_INETD :E Internet super server !T_USAGE ! :E Module inetdconf usage\n +\n ! + --enable service [service ...]\n ! + --disable service [service ...]\n !I_INETD :E This menu allows you to configure basic system services\n ! +based on the internet super server inetd and do a\n ! +simple firewall against the internet with internal\n ! +masquerading of the local network.\n ! +\n ! +For servers which are started by inetd/tcpd it is also\n ! +possible to allow or deny servers on a system basis. !F_SOCKET_TYPE :E Socket type !F_PROTOCOLS *************** *** 91,120 **** :E Select [Add] to add a new service.\n !F_ETCPROTOCOLCOMMENT :E Protocol description - !P_EDITETCHOSTSALLOW - :E change service configuration - !T_ETCHOSTSALLOW - :E Access allowed - !H_ETCHOSTSALLOW - :E Service\tClient - !I_ADDETCHOSTSALLOW - :E Select [Add] to add a new service\n - !T_ETCHOSTSALLOWLIST - :E Allowed access - !I_ETCHOSTSALLOWLIST - :E This is the list of all services which\npresently are allowed in the system.\n - !F_ETCHOSTSALLOWSERV - :E Host services - !F_ETCHOSTSALLOWCLIENT - :E Client systems - !F_ETCHOSTSALLOWCOMMAND - :E Optional command - !M_ETCHOSTSALLOW - :E Allow access - !M_ETCHOSTSDENY - :E Deny access - !F_ADDONESERVICE - :E Add one service !F_MAXDEFAULT :E Default !E_PORTPROTOCOL --- 94,99 ---- *************** *** 140,146 **** !E_NOSERVERPATH :E Server path missing !E_ALLOWSERVICEMISSING ! :E Service name is missing !E_ALLOWCLIENT :E Client name is missing !F_DISABLED --- 119,125 ---- !E_NOSERVERPATH :E Server path missing !E_ALLOWSERVICEMISSING ! :E Server name is missing !E_ALLOWCLIENT :E Client name is missing !F_DISABLED *************** *** 153,155 **** --- 132,239 ---- :E Server path incorrect.\nFirst character must be a /\n !F_ETCSERVICECOMMENT :E Comment + !E_NODEFAULT_ROUTE + :E Can not determine the route to the internet!\n + +The search is based on internet being the default\n + +route.\n + !E_NOPORTLIST + :E No active services could be located in this system.\n + +If this is correct there is no need for a firewall.\n + !F_INTERNET_INTERFACE + :E Internet interface + !F_INTERNET_IP + :E Internet ip address + !T_ACTIVE_SERVICES_TCP + :E TCP + !T_FIREWALL + :E Input firewall + !T_ACTIVE_SERVICES_UDP + :E UDP + !I_FIREWALL + :E This simple input filter firewall for internet interface blocks every connection unless it is\n + +allowed in this dialog. Internal network is masqueraded and icmp is allowed. + !F_ENABLE_FIREWALL + :E Internet input filter firewall + !T_IN + :E in + !T_BY + :E by + !F_DYNAMIC_IP + :E Dynamic ip address + !T_ALLOWED_SERVICES + :E Allowed services from the internet + !T_INTERNET + :E Internet + !F_NETWORK_MASK + :E Network mask + !F_NETWORK_ADDRESS + :E Network address + !P_EDITFIREWALL + :E change internet firewall + !F_LOG_DENIED + :E Denied packets logged in system log + !F_ACTIVE + :E Active + !M_FIREWALL + :E Internet firewall and masquerade + !T_BASICFWINFO + :E Basic information + !E_OLD_KERNEL + :E Sorry, your kernel is too old for this function.\n + +Version at least 2.2.0 required\n + !I_INTERFACE + :E Full access to this interface + !I_ETCHOSTSDENYLIST + :E This is a list of all servers which\npresently are denied in the system.\n + !T_ETCHOSTSDENYLIST + :E Denied servers + !T_ETCHOSTSDENY + :E Denied servers + !F_SERVER + :E Server + !F_HOSTSALLOWCLIENT + :E Client systems + !F_HOSTSALLOWCOMMAND + :E Optional command + !T_HOSTSALLOW + :E Allowed servers + !H_HOSTSALLOW + :E Service\tClient + !I_ADDHOSTSALLOW + :E Select [Add] to add a new server\n + !T_HOSTSALLOWLIST + :E Allowed servers + !I_HOSTSALLOWLIST + :E This is a list of all servers which\npresently are allowed in the system.\n + !M_HOSTSALLOW + :E Allowed server access + !M_HOSTSDENY + :E Denied server access + !E_NOT_UP + :E Route to the internet is not valid.\n + +Diald is running but the link is not active.\n + +Can not determine the route to the internet!\n + !I_SCRIPT_CREATED + :E Executable script (%s) has been created.\n + +This script should be executed when the internet interface %s is brought up.\n + +\n + +For a dynamic ip address start it by (in %s):\n + +%s start $1 $4\n + +\n + +or for a static ip address in a rc-script:\n + +%s start %s %s\n + !E_IP_DYNADDR + :E You want dynamic ip address but this is\nnot active in the kernel\n + !E_IP_FORWARD + :E Forwarding of ip traffic is not active in\n + +the kernel. This is not needed for the\n + +firewall but you will not reach the internet\n + +from a local network.\n + !F_IP_FORWARD + :E Kernel ip forward + !F_YES + :E Yes + !F_NO + :E No + !F_IP_DYNADDR + :E Kernel dynamic ip *** 1.17r3/linuxconf/misc/confdb.cc Sun Dec 12 22:09:11 1999 --- 1,17r4/linuxconf/misc/confdb.cc Sun Feb 20 14:59:46 2000 *************** *** 484,489 **** --- 484,499 ---- sprintf (buf,"%d",val); add (prefix,key,buf); } + /* + Add one record to the configuration file + */ + PUBLIC void CONFDB::add ( + const char *prefix, + const char *key, + bool val) + { + add (prefix,key,val ? 1 : 0); + } /* Replace one record in the configuration file *************** *** 519,524 **** --- 529,541 ---- char buf[20]; sprintf (buf,"%d",val); replace (prefix,key,buf); + } + /* + Replace one record in the configuration file + */ + PUBLIC void CONFDB::replace (const char *prefix, const char *key, bool val) + { + replace (prefix,key,val ? 1 : 0); } /* Replace one record in the configuration file *** 1.17r3/linuxconf/misc/confdb.h Sun Dec 12 22:09:11 1999 --- 1,17r4/linuxconf/misc/confdb.h Sun Feb 20 14:59:49 2000 *************** *** 34,39 **** --- 34,42 ---- CONFDB (void); void add (const char *prefix, const char *key, + bool val); + void add (const char *prefix, + const char *key, const SSTRING&val); virtual void add (const char *prefix, const char *key, *************** *** 83,88 **** --- 86,94 ---- private: void removeallk (const char *key); public: + void replace (const char *prefix, + const char *key, + bool val); void replace (const char *prefix, const char *key, char val); *** 1.17r3/linuxconf/misc/linuxconf.cc Sun Dec 12 22:12:47 1999 --- 1,17r4/linuxconf/misc/linuxconf.cc Sun Feb 20 15:52:28 2000 *************** *** 317,322 **** --- 317,330 ---- /* Replace one record in the configuration file */ + void linuxconf_replace (const char *prefix, const char *key, bool val) + { + linuxconf_init(); + ui_context.tb->replace (prefix,key,val); + } + /* + Replace one record in the configuration file + */ void linuxconf_replace (const char *prefix, const char *key, long val) { linuxconf_init(); *************** *** 350,356 **** const char *linuxconf_getdistdir() { const char *ret = linuxconf_getval ("LINUXCONF","distribution"); ! if (ret == NULL) ret = "std"; return ret; } --- 358,384 ---- const char *linuxconf_getdistdir() { const char *ret = linuxconf_getval ("LINUXCONF","distribution"); ! if (ret == NULL){ ! static bool done = false; ! if (!done && geteuid()==0){ ! done = true; ! fprintf (stderr, ! "\n" ! "**** /etc/conf.linuxconf is incomplete.\n" ! " It must hold a line identifying the linux distribution.\n" ! " This probably means that Linuxconf was not properly installed\n" ! " or that somebody cleared /etc/conf.linuxconf.\n" ! "\n" ! " Linuxconf will behave badly unless this is fixed.\n" ! "\n" ! " A line like this must be written in /etc/conf.linuxconf:\n" ! "\n" ! " LINUXCONF.distribution redhat\n" ! ); ! sleep (4); ! } ! ret = "std"; ! } return ret; } *************** *** 489,502 **** /* Get the selection mode for the language (manual = 0, automatic = 1) */ ! int linuxconf_getlangmode() { ! return linuxconf_getvalnum (K_LINUXCONF,K_LANGMODE,1); } /* Record the selection mode for the language */ ! void linuxconf_setlangmode (int mode) { if (mode){ linuxconf_removeall (K_LINUXCONF,K_LANGMODE); --- 517,530 ---- /* Get the selection mode for the language (manual = 0, automatic = 1) */ ! bool linuxconf_getlangmode() { ! return linuxconf_getvalnum (K_LINUXCONF,K_LANGMODE,1) != 0; } /* Record the selection mode for the language */ ! void linuxconf_setlangmode (bool mode) { if (mode){ linuxconf_removeall (K_LINUXCONF,K_LANGMODE); *************** *** 509,519 **** Find out if the GUI mode is allowed by the user. It will be turned off on some slow machine. */ ! int linuxconf_getguimode() { ! return linuxconf_getvalnum (K_LINUXCONF,K_GUIMODE,1); } ! void linuxconf_setguimode (int mode) { if (mode){ linuxconf_removeall (K_LINUXCONF,K_GUIMODE); --- 537,547 ---- Find out if the GUI mode is allowed by the user. It will be turned off on some slow machine. */ ! bool linuxconf_getguimode() { ! return linuxconf_getvalnum (K_LINUXCONF,K_GUIMODE,1) != 0; } ! void linuxconf_setguimode (bool mode) { if (mode){ linuxconf_removeall (K_LINUXCONF,K_GUIMODE); *************** *** 524,534 **** /* Find out if linuxconf is allowed to use color in text mode */ ! int linuxconf_getcolormode() { return linuxconf_getvalnum (K_LINUXCONF,K_COLORMODE,1); } ! void linuxconf_setcolormode (int mode) { if (mode){ linuxconf_removeall (K_LINUXCONF,K_COLORMODE); --- 552,562 ---- /* Find out if linuxconf is allowed to use color in text mode */ ! bool linuxconf_getcolormode() { return linuxconf_getvalnum (K_LINUXCONF,K_COLORMODE,1); } ! void linuxconf_setcolormode (bool mode) { if (mode){ linuxconf_removeall (K_LINUXCONF,K_COLORMODE); *************** *** 536,542 **** --- 564,576 ---- linuxconf_replace (K_LINUXCONF,K_COLORMODE,mode); } } + /* + Get the threshold value to enable the filtering for long list. + When a record list is longer than this threshold, a popup lets the + user enter a search prefix. + The default is 60 entries. + */ int linuxconf_getprefixtrig() { return linuxconf_getvalnum (K_LINUXCONF,K_PREFIXTRIG,60); *** 1.17r3/linuxconf/misc/misc.p Thu Jan 6 23:23:30 2000 --- 1,17r4/linuxconf/misc/misc.p Sun Feb 20 14:59:49 2000 *************** *** 1,9 **** - /* _dict.cc 14/08/1996 14.39.06 */ /* array.cc 29/12/1999 23.53.22 */ /* arraykey.cc 12/12/1999 22.30.32 */ void arraykey_required (void); ! /* confdb.cc 12/12/1999 22.09.10 */ ! /* configf.cc 12/12/1999 22.30.32 */ void configf_required (void); void configf_forgetpath (void); void configf_readlookup (void); --- 1,8 ---- /* array.cc 29/12/1999 23.53.22 */ /* arraykey.cc 12/12/1999 22.30.32 */ void arraykey_required (void); ! /* confdb.cc 20/02/2000 14.59.46 */ ! /* configf.cc 28/01/2000 10.57.40 */ void configf_required (void); void configf_forgetpath (void); void configf_readlookup (void); *************** *** 46,51 **** --- 45,51 ---- const char *group, int perm); bool context_fexist (const char *path); + /* _dict.cc 14/08/1996 14.39.06 */ /* dictionary.cc 10/01/1999 21.43.42 */ /* dir.cc 02/10/1998 01.20.08 */ int dir_getlist (const char *path, SSTRINGS&lst); *************** *** 55,60 **** --- 55,68 ---- void error_setmode (bool batch); void xconf_error (const char *msg, ...); void xconf_notice (const char *msg, ...); + /* fgets1.cc 13/12/1996 23.39.36 */ + char *fgets_strip (char *buf, + int sizebuf, + FILE *fin, + char contcar, + char comcar, + int *noline, + int *empty); /* fgets.cc 20/07/1998 22.57.24 */ char *fgets_strip (char *buf, int sizebuf, *************** *** 75,88 **** SSTRING&comments); void comment_write (const SSTRING&str, FILE *fout, char comchar); void comment_write (const SSTRING&str, FILE *fout); - /* fgets1.cc 13/12/1996 23.39.36 */ - char *fgets_strip (char *buf, - int sizebuf, - FILE *fin, - char contcar, - char comcar, - int *noline, - int *empty); /* file.cc 07/06/1999 19.06.18 */ int file_mkdir (const char *dir, int uid, --- 83,88 ---- *************** *** 105,117 **** int gid, int mode); int file_followlink (const char *fpath, char *realpath); - /* fopen.cc 22/12/1997 00.37.36 */ - FILE *xconf_fopen (const char *fname, const char *mode); /* fopen1.cc 30/07/1998 02.03.12 */ void xconf_fopencfg_bypass (bool _bypass); FILE *xconf_fopencfg (PRIVILEGE *priv, const char *fname, const char *mode); /* fviews.cc 02/02/1999 23.33.28 */ void fviews_required (void); /* helpf.cc 18/08/1998 13.56.58 */ --- 105,117 ---- int gid, int mode); int file_followlink (const char *fpath, char *realpath); /* fopen1.cc 30/07/1998 02.03.12 */ void xconf_fopencfg_bypass (bool _bypass); FILE *xconf_fopencfg (PRIVILEGE *priv, const char *fname, const char *mode); + /* fopen.cc 22/12/1997 00.37.36 */ + FILE *xconf_fopen (const char *fname, const char *mode); /* fviews.cc 02/02/1999 23.33.28 */ void fviews_required (void); /* helpf.cc 18/08/1998 13.56.58 */ *************** *** 128,134 **** bool ipnum_validip (const char *aip, bool ishost); bool ipnum_validip (const char *aip, const char *netmask, bool ishost); /* ipstuff.cc 07/04/1999 02.43.14 */ ! /* linuxconf.cc 12/12/1999 22.12.46 */ void linuxconf_sethook (CONFDB * (*fct)(CONFDB *)); CONFDB *linuxconf_getdb (void); const char *linuxconf_getval (const char *prefix, const char *key); --- 128,134 ---- bool ipnum_validip (const char *aip, bool ishost); bool ipnum_validip (const char *aip, const char *netmask, bool ishost); /* ipstuff.cc 07/04/1999 02.43.14 */ ! /* linuxconf.cc 20/02/2000 14.57.48 */ void linuxconf_sethook (CONFDB * (*fct)(CONFDB *)); CONFDB *linuxconf_getdb (void); const char *linuxconf_getval (const char *prefix, const char *key); *************** *** 162,167 **** --- 162,168 ---- const char *val); void linuxconf_replace (const char *prefix, const char *key, char val); void linuxconf_replace (const char *prefix, const char *key, int val); + void linuxconf_replace (const char *prefix, const char *key, bool val); void linuxconf_replace (const char *prefix, const char *key, long val); void linuxconf_replace (const char *prefix, const char *key, *************** *** 175,186 **** const char *linuxconf_getlangmanual (void); const char *linuxconf_getlang (void); void linuxconf_setlang (const char *lang); ! int linuxconf_getlangmode (void); ! void linuxconf_setlangmode (int mode); ! int linuxconf_getguimode (void); ! void linuxconf_setguimode (int mode); ! int linuxconf_getcolormode (void); ! void linuxconf_setcolormode (int mode); int linuxconf_getprefixtrig (void); void linuxconf_setprefixtrig (int trig); void linuxconf_loadmsg (const char *prefix, const char *rev); --- 176,187 ---- const char *linuxconf_getlangmanual (void); const char *linuxconf_getlang (void); void linuxconf_setlang (const char *lang); ! bool linuxconf_getlangmode (void); ! void linuxconf_setlangmode (bool mode); ! bool linuxconf_getguimode (void); ! void linuxconf_setguimode (bool mode); ! bool linuxconf_getcolormode (void); ! void linuxconf_setcolormode (bool mode); int linuxconf_getprefixtrig (void); void linuxconf_setprefixtrig (int trig); void linuxconf_loadmsg (const char *prefix, const char *rev); *************** *** 194,199 **** --- 195,220 ---- char *strdup_err (const char *str); /* misc.cc 12/12/1999 22.25.52 */ void misc_required (void); + /* module_api.cc 13/12/1999 21.53.12 */ + void module_api_required (void); + void module_register_api (const char *apiname, + int version, + void * (*fctget)(), + void (*fctrelease)(void *)); + int module_get_apis (const char *apiname, + int version, + const char *client, + void *tbapi[MAX_API_PROVIDERS]); + void module_release_apis (const char *apiname, + void *tbapi[], + int nbapi); + void *module_get_api (const char *apiname, + int version, + const char *client); + void module_release_api (const char *apiname, void *api); + bool module_api_available (const char *apiname, + int version, + const char *client); /* module.cc 12/12/1999 22.23.12 */ void module_setmenu (DIALOG&dia, MENU_CONTEXT context); void module_setmenu (DIALOG&dia, const char *menuid); *************** *** 216,259 **** void module_loaddistmod (void); void module_setone (const char *path); void module_unsetone (const char *path); ! /* module_api.cc 13/12/1999 21.53.12 */ ! void module_api_required (void); ! void module_register_api (const char *apiname, ! int version, ! void * (*fctget)(), ! void (*fctrelease)(void *)); ! int module_get_apis (const char *apiname, ! int version, ! const char *client, ! void *tbapi[MAX_API_PROVIDERS]); ! void module_release_apis (const char *apiname, ! void *tbapi[], ! int nbapi); ! void *module_get_api (const char *apiname, ! int version, ! const char *client); ! void module_release_api (const char *apiname, void *api); ! bool module_api_available (const char *apiname, ! int version, ! const char *client); ! /* popen.cc 06/01/2000 23.23.20 */ void popen_initsignal (void); int popen_getloginuid (void); /* sstream.cc 08/12/1998 01.32.18 */ /* sstring.cc 12/12/1999 22.07.40 */ /* sstrings.cc 11/09/1998 17.11.26 */ - /* str.cc 28/07/1998 14.20.02 */ - char *str_copyword (char *dest, const char *str); - char *str_copyword (char *dest, const char *str, int size); - int str_isword (const char *str, const char *word); - void strcpy_cut (char *dst, const char *src, int size); - char *str_skipword (const char *str); - char *str_copyword (SSTRING&dest, const char *str); - void tbstr_free (char *tb[], int nb); - int stricmp (const char *str1, const char *str2); - void strupr (char *str); - const char *str_extract (const char *buf, SSTRING&s); - int str_splitline (const char *line, char delim, SSTRINGS&words); /* str1.cc 12/11/1997 02.59.48 */ int str_strip (const char *str, char *newstr); char *strip_end (char *str); --- 237,248 ---- void module_loaddistmod (void); void module_setone (const char *path); void module_unsetone (const char *path); ! /* popen.cc 25/01/2000 10.49.24 */ void popen_initsignal (void); int popen_getloginuid (void); /* sstream.cc 08/12/1998 01.32.18 */ /* sstring.cc 12/12/1999 22.07.40 */ /* sstrings.cc 11/09/1998 17.11.26 */ /* str1.cc 12/11/1997 02.59.48 */ int str_strip (const char *str, char *newstr); char *strip_end (char *str); *************** *** 274,280 **** /* str6.cc 29/11/1997 13.38.50 */ void str6_required (void); int str_exptab (const char *src, int step, char *dst); ! /* stub.cc 13/12/1999 21.53.12 */ void html_access_log (int , const char *); int html_access_check (int); void perm_setaccess (const char *, const char *); --- 263,281 ---- /* str6.cc 29/11/1997 13.38.50 */ void str6_required (void); int str_exptab (const char *src, int step, char *dst); ! /* str.cc 28/07/1998 14.20.02 */ ! char *str_copyword (char *dest, const char *str); ! char *str_copyword (char *dest, const char *str, int size); ! int str_isword (const char *str, const char *word); ! void strcpy_cut (char *dst, const char *src, int size); ! char *str_skipword (const char *str); ! char *str_copyword (SSTRING&dest, const char *str); ! void tbstr_free (char *tb[], int nb); ! int stricmp (const char *str1, const char *str2); ! void strupr (char *str); ! const char *str_extract (const char *buf, SSTRING&s); ! int str_splitline (const char *line, char delim, SSTRINGS&words); ! /* stub.cc 24/01/2000 15.52.46 */ void html_access_log (int , const char *); int html_access_check (int); void perm_setaccess (const char *, const char *); *************** *** 297,303 **** const char *daemon_findpath (char const *command); void button_text2png (const char *, FILE *); void module_setmenu (class DIALOG&, MENU_CONTEXT); ! /* subsys.cc 12/12/1999 22.10.50 */ int subsys_getallsubsys (SSTRINGS&tb); int subsys_getallsubsys (SSTRINGS&tb, SSTRINGS&titles); const char *confver_getcur (void); --- 298,304 ---- const char *daemon_findpath (char const *command); void button_text2png (const char *, FILE *); void module_setmenu (class DIALOG&, MENU_CONTEXT); ! /* subsys.cc 28/01/2000 10.42.00 */ int subsys_getallsubsys (SSTRINGS&tb); int subsys_getallsubsys (SSTRINGS&tb, SSTRINGS&titles); const char *confver_getcur (void); *** 1.17r3/linuxconf/misc/misc.pm Thu Jan 6 23:23:30 2000 --- 1,17r4/linuxconf/misc/misc.pm Sun Feb 20 14:59:49 2000 *************** *** 1,4 **** - /* _dict.cc 14/08/1996 14.39.06 */ /* array.cc 29/12/1999 23.53.22 */ PUBLIC ARRAY_OBJ::ARRAY_OBJ (void); PUBLIC VIRTUAL ARRAY_OBJ::~ARRAY_OBJ (void); --- 1,3 ---- *************** *** 51,57 **** PUBLIC SSTRING_KEY *SSTRING_KEYS::getitem (int no)const; PUBLIC SSTRING_KEY *SSTRING_KEYS::getobj (const char *key)const; PUBLIC const char *SSTRING_KEYS::getval (const char *key)const; ! /* confdb.cc 12/12/1999 22.09.10 */ PUBLIC CONFOBJ::CONFOBJ (const char *_sys, const char *_key, const char *_val); --- 50,56 ---- PUBLIC SSTRING_KEY *SSTRING_KEYS::getitem (int no)const; PUBLIC SSTRING_KEY *SSTRING_KEYS::getobj (const char *key)const; PUBLIC const char *SSTRING_KEYS::getval (const char *key)const; ! /* confdb.cc 20/02/2000 14.59.46 */ PUBLIC CONFOBJ::CONFOBJ (const char *_sys, const char *_key, const char *_val); *************** *** 104,109 **** --- 103,111 ---- PUBLIC void CONFDB::add (const char *prefix, const char *key, int val); + PUBLIC void CONFDB::add (const char *prefix, + const char *key, + bool val); PUBLIC void CONFDB::replacek (const char *key, const char *val); PUBLIC void CONFDB::replace (const char *prefix, const char *key, *************** *** 116,121 **** --- 118,126 ---- int val); PUBLIC void CONFDB::replace (const char *prefix, const char *key, + bool val); + PUBLIC void CONFDB::replace (const char *prefix, + const char *key, long val); PUBLIC void CONFDB::replace (const char *prefix, const char *key, *************** *** 130,136 **** PRIVATE void CONFDB::delsys (const char *_sys); PUBLIC VIRTUAL int CONFDB::extract (SSTREAM&ss, const char *_sys); PUBLIC void CONFDB::patchsys (void); ! /* configf.cc 12/12/1999 22.30.32 */ PUBLIC CONFIG_FILE_LISTER::CONFIG_FILE_LISTER (void (*f)()); PUBLIC CONFIG_FILE_INTERNAL::CONFIG_FILE_INTERNAL (HELP_FILE&_helpfile, const char *_path, --- 135,141 ---- PRIVATE void CONFDB::delsys (const char *_sys); PUBLIC VIRTUAL int CONFDB::extract (SSTREAM&ss, const char *_sys); PUBLIC void CONFDB::patchsys (void); ! /* configf.cc 28/01/2000 10.57.40 */ PUBLIC CONFIG_FILE_LISTER::CONFIG_FILE_LISTER (void (*f)()); PUBLIC CONFIG_FILE_INTERNAL::CONFIG_FILE_INTERNAL (HELP_FILE&_helpfile, const char *_path, *************** *** 214,219 **** --- 219,225 ---- PUBLIC LINUXCONF_CONTEXT::LINUXCONF_CONTEXT (void); PUBLIC void LINUXCONF_CONTEXT::set (LINUXCONF_CONTEXT&cur); PUBLIC void LINUXCONF_CONTEXT::settitle (const char *title); + /* _dict.cc 14/08/1996 14.39.06 */ /* dictionary.cc 10/01/1999 21.43.42 */ PUBLIC DICTIONARY::DICTIONARY (void); PRIVATE void DICTIONARY::set_type (const char prefix, *************** *** 233,243 **** PUBLIC const char *DICTIONARY::get_val (int no)const; /* dir.cc 02/10/1998 01.20.08 */ /* error.cc 02/02/1999 18.13.16 */ - /* fgets.cc 20/07/1998 22.57.24 */ /* fgets1.cc 13/12/1996 23.39.36 */ /* file.cc 07/06/1999 19.06.18 */ - /* fopen.cc 22/12/1997 00.37.36 */ /* fopen1.cc 30/07/1998 02.03.12 */ /* fviews.cc 02/02/1999 23.33.28 */ PUBLIC VIEWITEM::VIEWITEM (const SSTRING&_comment, const char *_line, --- 239,249 ---- PUBLIC const char *DICTIONARY::get_val (int no)const; /* dir.cc 02/10/1998 01.20.08 */ /* error.cc 02/02/1999 18.13.16 */ /* fgets1.cc 13/12/1996 23.39.36 */ + /* fgets.cc 20/07/1998 22.57.24 */ /* file.cc 07/06/1999 19.06.18 */ /* fopen1.cc 30/07/1998 02.03.12 */ + /* fopen.cc 22/12/1997 00.37.36 */ /* fviews.cc 02/02/1999 23.33.28 */ PUBLIC VIEWITEM::VIEWITEM (const SSTRING&_comment, const char *_line, *************** *** 303,309 **** PUBLIC int IPMAP::next (void); PUBLIC const char *IPMAP::getcur (void); PUBLIC void IPMAP::setuse (const IP_ADDR *adr); ! /* linuxconf.cc 12/12/1999 22.12.46 */ PUBLIC CONFIG_FILE_LINUXCONF::CONFIG_FILE_LINUXCONF (const char *_path, const char *_subsys); PUBLIC int CONFIG_FILE_LINUXCONF::archive (SSTREAM&ss)const; --- 309,315 ---- PUBLIC int IPMAP::next (void); PUBLIC const char *IPMAP::getcur (void); PUBLIC void IPMAP::setuse (const IP_ADDR *adr); ! /* linuxconf.cc 20/02/2000 14.57.48 */ PUBLIC CONFIG_FILE_LINUXCONF::CONFIG_FILE_LINUXCONF (const char *_path, const char *_subsys); PUBLIC int CONFIG_FILE_LINUXCONF::archive (SSTREAM&ss)const; *************** *** 312,317 **** --- 318,333 ---- PUBLIC int CONFIG_FILE_LINUXCONF::extract (void); /* malloc.cc 14/08/1996 14.40.26 */ /* misc.cc 12/12/1999 22.25.52 */ + /* module_api.cc 13/12/1999 21.53.12 */ + PUBLIC MODULE_API::MODULE_API (void * (*_fctget)(), + void (*_fctrelease)(void *)); + PUBLIC MODULE_API *MODULE_APIS::getitem (int no)const; + PUBLIC MODULE_APIREF::MODULE_APIREF (const char *_apiname, + int _version); + PUBLIC MODULE_APIREF::~MODULE_APIREF (void); + PUBLIC void MODULE_APIREF::add (void * (*_fctget)(), + void (*_fctrelease)(void *)); + PUBLIC MODULE_APIREF *MODULE_APIREFS::getitem (int no)const; /* module.cc 12/12/1999 22.23.12 */ PUBLIC LINUXCONF_MODULE *LINUXCONF_MODULES::getitem (int no); PUBLIC LINUXCONF_MODULE::LINUXCONF_MODULE (const char *_name); *************** *** 344,360 **** PUBLIC int MODULE_INFOS::write (void); PUBLIC void MODULE_INFOS::setone (const char *path); PUBLIC void MODULE_INFOS::unsetone (const char *path); ! /* module_api.cc 13/12/1999 21.53.12 */ ! PUBLIC MODULE_API::MODULE_API (void * (*_fctget)(), ! void (*_fctrelease)(void *)); ! PUBLIC MODULE_API *MODULE_APIS::getitem (int no)const; ! PUBLIC MODULE_APIREF::MODULE_APIREF (const char *_apiname, ! int _version); ! PUBLIC MODULE_APIREF::~MODULE_APIREF (void); ! PUBLIC void MODULE_APIREF::add (void * (*_fctget)(), ! void (*_fctrelease)(void *)); ! PUBLIC MODULE_APIREF *MODULE_APIREFS::getitem (int no)const; ! /* popen.cc 06/01/2000 23.23.20 */ PROTECTED void POPENFD::setfds (int fdin, int fdout, int fderr, --- 360,366 ---- PUBLIC int MODULE_INFOS::write (void); PUBLIC void MODULE_INFOS::setone (const char *path); PUBLIC void MODULE_INFOS::unsetone (const char *path); ! /* popen.cc 25/01/2000 10.49.24 */ PROTECTED void POPENFD::setfds (int fdin, int fdout, int fderr, *************** *** 474,485 **** PUBLIC void SSTRINGS::remove_empty (void); PUBLIC void SSTRINGS::remove_dups (void); PUBLIC void SSTRINGS::append (const SSTRINGS&tb); - /* str.cc 28/07/1998 14.20.02 */ /* str1.cc 12/11/1997 02.59.48 */ /* str3.cc 12/12/1999 22.09.10 */ /* str6.cc 29/11/1997 13.38.50 */ ! /* stub.cc 13/12/1999 21.53.12 */ ! /* subsys.cc 12/12/1999 22.10.50 */ PRIVATE void LINUXCONF_SUBSYS::init (const char *key); PUBLIC LINUXCONF_SUBSYS::LINUXCONF_SUBSYS (const char *key, TRANS_NOTLOAD *_title); --- 480,491 ---- PUBLIC void SSTRINGS::remove_empty (void); PUBLIC void SSTRINGS::remove_dups (void); PUBLIC void SSTRINGS::append (const SSTRINGS&tb); /* str1.cc 12/11/1997 02.59.48 */ /* str3.cc 12/12/1999 22.09.10 */ /* str6.cc 29/11/1997 13.38.50 */ ! /* str.cc 28/07/1998 14.20.02 */ ! /* stub.cc 24/01/2000 15.52.46 */ ! /* subsys.cc 28/01/2000 10.42.00 */ PRIVATE void LINUXCONF_SUBSYS::init (const char *key); PUBLIC LINUXCONF_SUBSYS::LINUXCONF_SUBSYS (const char *key, TRANS_NOTLOAD *_title); *** 1.17r3/linuxconf/modules/mailconf/generate.cc Tue Feb 8 17:20:37 2000 --- 1,17r4/linuxconf/modules/mailconf/generate.cc Thu Feb 17 00:38:22 2000 *************** *** 495,501 **** return ret; } ! PUBLIC int MAILCONF::generate_go() { int ret = -1; FILE *fout = f_sendmail.fopen ("w"); --- 495,501 ---- return ret; } ! PUBLIC int MAILCONF::generate_go(bool confirm) { int ret = -1; FILE *fout = f_sendmail.fopen ("w"); *************** *** 508,514 **** linuxconf_setcursys(subsys_sendmail); confread_replace (K_SENDMAILSUM,sum); linuxconf_save(); ! if (ret != -1){ xconf_notice (MSG_U(N_HASGEN,"%s has been regenerated!") ,f_sendmail.getpath()); } --- 508,514 ---- linuxconf_setcursys(subsys_sendmail); confread_replace (K_SENDMAILSUM,sum); linuxconf_save(); ! if (ret != -1 && confirm){ xconf_notice (MSG_U(N_HASGEN,"%s has been regenerated!") ,f_sendmail.getpath()); } *************** *** 525,531 **** Return -1 if any error */ ! PUBLIC int MAILCONF::generate() { int ret = -1; const char *path = f_sendmail.getpath(); --- 525,531 ---- Return -1 if any error */ ! PUBLIC int MAILCONF::generate(bool confirm) { int ret = -1; const char *path = f_sendmail.getpath(); *************** *** 558,564 **** rename (path,pathold); } } ! if (go) ret = generate_go(); return ret; } /* --- 558,564 ---- rename (path,pathold); } } ! if (go) ret = generate_go(confirm); return ret; } /* *************** *** 583,589 **** 0 if all is fine -1 if any error */ ! PUBLIC int MAILCONF::generate_if() { int ret = -1; if (mailconf_generated_once()){ --- 583,589 ---- 0 if all is fine -1 if any error */ ! PUBLIC int MAILCONF::generate_if(bool confirm) { int ret = -1; if (mailconf_generated_once()){ *************** *** 606,612 **** ,f_sendmail.getpath()); ret = 1; if (!simul_ison()){ ! ret = generate_go(); if (ret != -1) ret = 1; } } --- 606,612 ---- ,f_sendmail.getpath()); ret = 1; if (!simul_ison()){ ! ret = generate_go(confirm); if (ret != -1) ret = 1; } } *** 1.17r3/linuxconf/modules/mailconf/internal.h Sun Dec 12 22:23:14 1999 --- 1,17r4/linuxconf/modules/mailconf/internal.h Thu Feb 17 00:38:51 2000 *************** *** 340,348 **** private: int generate (FILE *fout); public: ! int generate (void); ! int generate_go (void); ! int generate_if (void); private: bool generated_byme (char sendmail_sum[]); public: --- 340,348 ---- private: int generate (FILE *fout); public: ! int generate (bool confirm); ! int generate_go (bool confirm); ! int generate_if (bool confirm); private: bool generated_byme (char sendmail_sum[]); public: *** 1.17r3/linuxconf/modules/mailconf/mailconf.cc Sun Dec 12 22:10:51 1999 --- 1,17r4/linuxconf/modules/mailconf/mailconf.cc Thu Feb 17 00:42:24 2000 *************** *** 89,95 **** ,sendpath.get()); if (xconf_yesno(buf,intro,help_mailconf) == MENU_YES){ MAILCONF mconf; ! mconf.generate(); } } break; --- 89,95 ---- ,sendpath.get()); if (xconf_yesno(buf,intro,help_mailconf) == MENU_YES){ MAILCONF mconf; ! mconf.generate(true); } } break; *************** *** 127,133 **** spam_edit_relay_allow(); }else if (key == sendpath.get()){ if (dialog_mode != DIALOG_TREE){ ! mconf.generate(); modified = 0; } } --- 127,133 ---- spam_edit_relay_allow(); }else if (key == sendpath.get()){ if (dialog_mode != DIALOG_TREE){ ! mconf.generate(true); modified = 0; } } *************** *** 170,176 **** mtable_makemap(f_virtuser); mtable_makemap(f_pophash); MAILCONF mconf; ! ret = mconf.generate_if(); } return ret; } --- 170,176 ---- mtable_makemap(f_virtuser); mtable_makemap(f_pophash); MAILCONF mconf; ! ret = mconf.generate_if(true); } return ret; } *** 1.17r3/linuxconf/modules/mailconf/mod_mailconf.cc Thu Jan 6 00:12:34 2000 --- 1,17r4/linuxconf/modules/mailconf/mod_mailconf.cc Mon Feb 21 11:48:07 2000 *************** *** 11,16 **** --- 11,17 ---- #include <translat.h> #include "mod_mailconf.h" #include "mailconf.m" + #include "internal.h" #include <userconf.h> #include <netconf.h> #include <daemoni.h> *************** *** 81,104 **** return 0; } ! ! PUBLIC int MODULE_mailconf::dohtml (const char *key) { ! int ret = LNCF_NOT_APPLICABLE; ! if (strcmp(key,"mailconf")==0){ ! // ### Insert any menu and dialog here ret = 0; } return ret; } ! PUBLIC int MODULE_mailconf::message ( ! const char *msg, ! int, ! const char *argv[]) { int ret = LNCF_NOT_APPLICABLE; ! if (strcmp(msg,"editvdom")==0){ USER *like; if (special_init (POP_GROUP,like) != -1){ vdomain_editusers(like); --- 82,116 ---- return 0; } ! /* ! Let one user edit his password in a vdomain ! */ ! static int mailconf_editupass(const char *hostname) { ! int ret = -1; ! char pwdfile[PATH_MAX],shadowfile[PATH_MAX],rootdir[PATH_MAX]; ! if (vdomain_locateinfo(hostname,pwdfile,shadowfile,rootdir)!=-1){ ! CONFIG_FILE file (pwdfile,help_nil ! ,CONFIGF_MANAGED|CONFIGF_OPTIONNAL ! ,"root","mail",0640); ! CONFIG_FILE file_shadow (shadowfile,help_nil ! ,CONFIGF_MANAGED|CONFIGF_OPTIONNAL ! ,"root","mail",0640); ! USERS users (file,file_shadow,rootdir,"","",0); ! userconf_editupass (users,hostname); ret = 0; } return ret; } ! ! PUBLIC int MODULE_mailconf::dohtml (const char *key) { int ret = LNCF_NOT_APPLICABLE; ! if (strncmp(key,"vpass-",6)==0){ ! if (mailconf_editupass (key+6)==-1) html_setdone(); ! ret = 0; ! }else if (strncmp(key,"vuser-",6)==0){ USER *like; if (special_init (POP_GROUP,like) != -1){ vdomain_editusers(like); *************** *** 106,128 **** } delete like; ret = 0; ! }else if (strcmp(msg,"listspc")==0){ vdomain_listspc (); ret = 0; }else if (strcmp(msg,"editupass")==0){ ! const char *hostname = argv[0]; ! char pwdfile[PATH_MAX],shadowfile[PATH_MAX],rootdir[PATH_MAX]; ! if (vdomain_locateinfo(hostname,pwdfile,shadowfile,rootdir)!=-1){ ! CONFIG_FILE file (pwdfile,help_nil ! ,CONFIGF_MANAGED|CONFIGF_OPTIONNAL ! ,"root","mail",0640); ! CONFIG_FILE file_shadow (shadowfile,help_nil ! ,CONFIGF_MANAGED|CONFIGF_OPTIONNAL ! ,"root","mail",0640); ! USERS users (file,file_shadow,rootdir,"","",0); ! userconf_editupass (users,hostname); ! ret = 0; ! } } return ret; } --- 118,138 ---- } delete like; ret = 0; ! } ! return ret; ! } ! ! PUBLIC int MODULE_mailconf::message ( ! const char *msg, ! int, ! const char *argv[]) ! { ! int ret = LNCF_NOT_APPLICABLE; ! if (strcmp(msg,"listspc")==0){ vdomain_listspc (); ret = 0; }else if (strcmp(msg,"editupass")==0){ ! if (mailconf_editupass(argv[0])!=-1) ret = 0; } return ret; } *************** *** 220,225 **** --- 230,236 ---- " --delvdom domain\n" " --addvuser domain id name\n" " --delvuser domain id\n" + " --generatecf\n" " --setalias alias value ...\n" " --setvalias alias vdomain value ...\n" " --unsetalias alias [value] ...\n" *************** *** 289,294 **** --- 300,310 ---- } }else{ ::usage(); + } + }else if (argc == 2 && strcmp(argv[1],"--generatecf")==0){ + if (netconf_rootaccess()){ + MAILCONF mconf; + ret = mconf.generate_if(false); } }else{ ::usage(); *** 1.17r3/linuxconf/modules/mailconf/vdomain.cc Thu Jan 6 00:09:35 2000 --- 1,17r4/linuxconf/modules/mailconf/vdomain.cc Mon Feb 21 11:16:56 2000 *************** *** 759,765 **** const char *name = v->domain.get(); html_printf ("<tr><td><a href=/htmlmod:vuser-%s:>%s</a>\n" ,name,name); ! html_printf ("\t<td><a href=http://mail.%s:98/htmlmod:userpass:>____</a>\n" ,name); } html_printf ("</table>\n"); --- 759,765 ---- const char *name = v->domain.get(); html_printf ("<tr><td><a href=/htmlmod:vuser-%s:>%s</a>\n" ,name,name); ! html_printf ("\t<td><a href=/htmlmod:vpass-%s:>____</a>\n" ,name); } html_printf ("</table>\n"); *** 1.17r3/linuxconf/modules/mailconf/mailconf.p Sun Dec 12 22:30:33 1999 --- 1,17r4/linuxconf/modules/mailconf/mailconf.p Thu Feb 17 00:38:51 2000 *************** *** 1,41 **** ! /* alias.cc 28/11/1999 23.34.44 */ void aliases_edit (CONFIG_FILE&f, PRIVILEGE *privi, const char *title); void aliases_edit (void); int aliases_set (const char *name, int nb, const char *vals[]); int aliases_unset (const char *name, int nb, const char *vals[]); ! /* mailconf.cc 23/09/1999 13.34.24 */ void mailconf_edit (void); int mailconf_getqueuedelay (void); int mailconf_mainmenu (void); int mailconf_generate_if (void); /* mailfax.cc 20/12/1998 14.44.00 */ int mailfax_edit (void); /* masq.cc 03/03/1999 09.43.54 */ int masq_edit (void); ! /* generate.cc 30/10/1999 18.15.06 */ ! bool mailconf_generated_once (void); ! /* helpf.cc 14/08/1996 15.06.34 */ ! /* spam.cc 16/08/1999 19.41.56 */ void spam_edit_deny (void); void spam_edit_ip_allow (void); void spam_edit_name_allow (void); void spam_edit_relay_allow (void); ! /* basic.cc 04/10/1999 23.03.58 */ ! void basic_setmailer (FIELD_COMBO *comb); ! /* internal.cc 17/11/1997 14.30.36 */ ! /* _dict.cc 14/08/1996 15.04.54 */ ! /* complex.cc 01/06/1999 11.21.16 */ ! int complex_edit (void); ! int complex_parse (const SSTRING&adr, char *user, char *site); ! /* confread.cc 02/08/1999 15.36.50 */ ! const char *confread_getval (const char *key, const char *defval); ! const char *confread_getdbformat (void); ! void confread_replace (const char *key, const char *val); ! /* mtable.cc 20/12/1998 14.44.36 */ ! int mtable_makemap (CONFIG_FILE&conf); ! /* vdomain.cc 28/11/1999 23.35.22 */ void vdomain_editone (const char *dom, USER *like); void vdomain_editusers (USER *like); void vdomain_editaliases (void); --- 1,46 ---- ! /* _dict.cc 14/08/1996 15.04.54 */ ! /* alias.cc 12/12/1999 22.30.32 */ void aliases_edit (CONFIG_FILE&f, PRIVILEGE *privi, const char *title); void aliases_edit (void); int aliases_set (const char *name, int nb, const char *vals[]); int aliases_unset (const char *name, int nb, const char *vals[]); ! /* aliascomng.cc 12/12/1999 22.22.16 */ ! USERACCT_COMNG *alias_newcomng (const char *key, DICTIONARY&dict); ! /* basic.cc 12/12/1999 22.12.46 */ ! void basic_setmailer (FIELD_COMBO *comb); ! /* complex.cc 01/06/1999 11.21.16 */ ! int complex_edit (void); ! int complex_parse (const SSTRING&adr, char *user, char *site); ! /* confread.cc 13/12/1999 21.53.12 */ ! const char *confread_getval (const char *key, const char *defval); ! const char *confread_getdbformat (void); ! void confread_replace (const char *key, const char *val); ! /* generate.cc 17/02/2000 00.38.22 */ ! bool mailconf_generated_once (void); ! /* helpf.cc 14/08/1996 15.06.34 */ ! /* internal.cc 17/11/1997 14.30.36 */ ! /* mailconf.cc 17/02/2000 00.38.46 */ void mailconf_edit (void); int mailconf_getqueuedelay (void); int mailconf_mainmenu (void); int mailconf_generate_if (void); /* mailfax.cc 20/12/1998 14.44.00 */ int mailfax_edit (void); + /* mailq.cc 13/07/1999 18.28.22 */ + void mailq_edit (void); /* masq.cc 03/03/1999 09.43.54 */ int masq_edit (void); ! /* mod_mailconf.cc 17/02/2000 00.38.34 */ ! /* mtable.cc 08/02/2000 17.20.36 */ ! int mtable_makemap (CONFIG_FILE&conf); ! /* spam.cc 20/12/1998 14.44.56 */ void spam_edit_deny (void); void spam_edit_ip_allow (void); void spam_edit_name_allow (void); void spam_edit_relay_allow (void); ! /* vdomain.cc 06/01/2000 00.09.34 */ void vdomain_editone (const char *dom, USER *like); void vdomain_editusers (USER *like); void vdomain_editaliases (void); *************** *** 61,68 **** const char *name, int nb, const char *vals[]); - /* aliascomng.cc 02/11/1999 14.27.58 */ - USERACCT_COMNG *alias_newcomng (const char *key, DICTIONARY&dict); - /* mod_mailconf.cc 28/11/1999 23.17.46 */ - /* mailq.cc 16/08/1999 19.41.56 */ - void mailq_edit (void); --- 66,68 ---- *** 1.17r3/linuxconf/modules/mailconf/mailconf.pm Sun Dec 12 22:30:33 1999 --- 1,17r4/linuxconf/modules/mailconf/mailconf.pm Thu Feb 17 00:38:51 2000 *************** *** 1,4 **** ! /* alias.cc 28/11/1999 23.34.44 */ PUBLIC ALIAS::ALIAS (void); PUBLIC void ALIAS::addoneval (const char *val); PRIVATE void ALIAS::splitline (char *ptpt); --- 1,5 ---- ! /* _dict.cc 14/08/1996 15.04.54 */ ! /* alias.cc 12/12/1999 22.30.32 */ PUBLIC ALIAS::ALIAS (void); PUBLIC void ALIAS::addoneval (const char *val); PRIVATE void ALIAS::splitline (char *ptpt); *************** *** 25,31 **** PUBLIC int ALIASES::unsetalias (const char *name, int nb, const char *vals[]); ! /* mailconf.cc 23/09/1999 13.34.24 */ PUBLIC void MAILCONF::spcs_edit (void); /* mailfax.cc 20/12/1998 14.44.00 */ PUBLIC FAXALIAS::FAXALIAS (const char *buf); --- 26,72 ---- PUBLIC int ALIASES::unsetalias (const char *name, int nb, const char *vals[]); ! /* aliascomng.cc 12/12/1999 22.22.16 */ ! PRIVATE void ALIAS_COMNG::setup_uquotap (char uquotap[PATH_MAX]); ! PUBLIC ALIAS_COMNG::ALIAS_COMNG (DICTIONARY&_dict); ! PUBLIC void ALIAS_COMNG::setupdia (DIALOG&dia); ! PUBLIC int ALIAS_COMNG::save (PRIVILEGE *priv); ! PUBLIC int ALIAS_COMNG::validate (DIALOG&, int &nof); ! PUBLIC int ALIAS_COMNG::deluser (PRIVILEGE *priv); ! /* basic.cc 12/12/1999 22.12.46 */ ! PUBLIC int MAILCONF::basicedit (void); ! PUBLIC int MAILCONF::check (VDOMAINS&vdoms); ! /* complex.cc 01/06/1999 11.21.16 */ ! PUBLIC COMPLEX_ROUTE::COMPLEX_ROUTE (const char *buf); ! PUBLIC COMPLEX_ROUTE::COMPLEX_ROUTE (void); ! PUBLIC int COMPLEX_ROUTE::edit (void); ! PUBLIC COMPLEX_ROUTES::COMPLEX_ROUTES (void); ! PUBLIC COMPLEX_ROUTE *COMPLEX_ROUTES::getitem (int no); ! PUBLIC int COMPLEX_ROUTES::write (void); ! PUBLIC int COMPLEX_ROUTES::edit (void); ! PUBLIC int COMPLEX_ROUTE::rule0 (FILE *fout, ! char *status, ! SSTRINGS *aliases, ! VDOMAINS *vdomains); ! PUBLIC bool COMPLEX_ROUTE::isuserroute (void); ! PUBLIC int COMPLEX_ROUTES::rule0 (FILE *fout, ! SSTRINGS&aliases, ! VDOMAINS&vdomains); ! /* confread.cc 13/12/1999 21.53.12 */ ! PUBLIC MAILCONF::MAILCONF (void); ! PUBLIC int MAILCONF::write (void); ! PUBLIC int MAILCONF::getqueuedelay (void); ! /* generate.cc 17/02/2000 00.38.22 */ ! PUBLIC MAILCONF_FILE::MAILCONF_FILE (const char *fname); ! PRIVATE int MAILCONF::generate (FILE *fout); ! PRIVATE bool MAILCONF::generated_byme (char sendmail_sum[]); ! PUBLIC int MAILCONF::generate_go (bool confirm); ! PUBLIC int MAILCONF::generate (bool confirm); ! PUBLIC int MAILCONF::generate_if (bool confirm); ! /* helpf.cc 14/08/1996 15.06.34 */ ! PUBLIC MAILCONF_HELP_FILE::MAILCONF_HELP_FILE (const char *fname); ! /* internal.cc 17/11/1997 14.30.36 */ ! /* mailconf.cc 17/02/2000 00.38.46 */ PUBLIC void MAILCONF::spcs_edit (void); /* mailfax.cc 20/12/1998 14.44.00 */ PUBLIC FAXALIAS::FAXALIAS (const char *buf); *************** *** 63,68 **** --- 104,116 ---- PUBLIC MAILFAX::MAILFAX (void); PUBLIC int MAILFAX::write (void); PUBLIC int MAILFAX::edit (void); + /* mailq.cc 13/07/1999 18.28.22 */ + PUBLIC MAILQ_ENTRY::MAILQ_ENTRY (const char *_id, + int _size, + const char *_date, + const char *_sender); + PUBLIC int MAILQ_ENTRY::edit (void); + PUBLIC MAILQ_ENTRY *MAILQ_ENTRIES::getitem (int no)const; /* masq.cc 03/03/1999 09.43.54 */ PUBLIC MASQ::MASQ (const char *buf); PUBLIC MASQ::MASQ (void); *************** *** 73,88 **** PUBLIC int MASQS::edit (void); PUBLIC int MASQ::rule1 (FILE *fout, char *status); PUBLIC int MASQS::rule1 (FILE *fout); ! /* generate.cc 30/10/1999 18.15.06 */ ! PUBLIC MAILCONF_FILE::MAILCONF_FILE (const char *fname); ! PRIVATE int MAILCONF::generate (FILE *fout); ! PRIVATE bool MAILCONF::generated_byme (char sendmail_sum[]); ! PUBLIC int MAILCONF::generate_go (void); ! PUBLIC int MAILCONF::generate (void); ! PUBLIC int MAILCONF::generate_if (void); ! /* helpf.cc 14/08/1996 15.06.34 */ ! PUBLIC MAILCONF_HELP_FILE::MAILCONF_HELP_FILE (const char *fname); ! /* spam.cc 16/08/1999 19.41.56 */ PUBLIC SPAM_ITEM::SPAM_ITEM (const char *line); PUBLIC VIRTUAL int SPAM_ITEM::edit (const char *title, const char *intro, --- 121,150 ---- PUBLIC int MASQS::edit (void); PUBLIC int MASQ::rule1 (FILE *fout, char *status); PUBLIC int MASQS::rule1 (FILE *fout); ! /* mod_mailconf.cc 17/02/2000 00.38.34 */ ! PUBLIC MODULE_mailconf::MODULE_mailconf (void); ! PUBLIC void MODULE_mailconf::setmenu (DIALOG&dia, ! MENU_CONTEXT context); ! PUBLIC int MODULE_mailconf::domenu (MENU_CONTEXT context, ! const char *key); ! PUBLIC int MODULE_mailconf::dohtml (const char *key); ! PUBLIC int MODULE_mailconf::message (const char *msg, ! int , ! const char *argv[]); ! PUBLIC int MODULE_mailconf::probe (int level, int target, bool); ! PUBLIC void MODULE_mailconf::usage (SSTRINGS&tb); ! PUBLIC int MODULE_mailconf::execmain (int argc, char *argv[]); ! /* mtable.cc 08/02/2000 17.20.36 */ ! PUBLIC SPC_ROUTE::SPC_ROUTE (void); ! PUBLIC void SPC_ROUTE::write (FILE *fout); ! PUBLIC int SPC_ROUTE::edit (void); ! PUBLIC SPC_ROUTES::SPC_ROUTES (void); ! PUBLIC int SPC_ROUTES::save (void); ! PUBLIC int SPC_ROUTES::build (void); ! PUBLIC SPC_ROUTE *SPC_ROUTES::getitem (int no); ! PUBLIC void SPC_ROUTES::sort (void); ! PUBLIC int SPC_ROUTES::edit (void); ! /* spam.cc 20/12/1998 14.44.56 */ PUBLIC SPAM_ITEM::SPAM_ITEM (const char *line); PUBLIC VIRTUAL int SPAM_ITEM::edit (const char *title, const char *intro, *************** *** 111,152 **** PUBLIC SPAM_ITEM *SPAM_ITEMS_DENY::new_spam_item (const char *line); PUBLIC SPAM_ITEMS_DENY::SPAM_ITEMS_DENY (CONFIG_FILE&_fconf); PUBLIC int SPAM_ITEMS_DENY::write (void); ! /* basic.cc 04/10/1999 23.03.58 */ ! PUBLIC int MAILCONF::basicedit (void); ! PUBLIC int MAILCONF::check (VDOMAINS&vdoms); ! /* internal.cc 17/11/1997 14.30.36 */ ! /* _dict.cc 14/08/1996 15.04.54 */ ! /* complex.cc 01/06/1999 11.21.16 */ ! PUBLIC COMPLEX_ROUTE::COMPLEX_ROUTE (const char *buf); ! PUBLIC COMPLEX_ROUTE::COMPLEX_ROUTE (void); ! PUBLIC int COMPLEX_ROUTE::edit (void); ! PUBLIC COMPLEX_ROUTES::COMPLEX_ROUTES (void); ! PUBLIC COMPLEX_ROUTE *COMPLEX_ROUTES::getitem (int no); ! PUBLIC int COMPLEX_ROUTES::write (void); ! PUBLIC int COMPLEX_ROUTES::edit (void); ! PUBLIC int COMPLEX_ROUTE::rule0 (FILE *fout, ! char *status, ! SSTRINGS *aliases, ! VDOMAINS *vdomains); ! PUBLIC bool COMPLEX_ROUTE::isuserroute (void); ! PUBLIC int COMPLEX_ROUTES::rule0 (FILE *fout, ! SSTRINGS&aliases, ! VDOMAINS&vdomains); ! /* confread.cc 02/08/1999 15.36.50 */ ! PUBLIC MAILCONF::MAILCONF (void); ! PUBLIC int MAILCONF::write (void); ! PUBLIC int MAILCONF::getqueuedelay (void); ! /* mtable.cc 20/12/1998 14.44.36 */ ! PUBLIC SPC_ROUTE::SPC_ROUTE (void); ! PUBLIC void SPC_ROUTE::write (FILE *fout); ! PUBLIC int SPC_ROUTE::edit (void); ! PUBLIC SPC_ROUTES::SPC_ROUTES (void); ! PUBLIC int SPC_ROUTES::save (void); ! PUBLIC int SPC_ROUTES::build (void); ! PUBLIC SPC_ROUTE *SPC_ROUTES::getitem (int no); ! PUBLIC void SPC_ROUTES::sort (void); ! PUBLIC int SPC_ROUTES::edit (void); ! /* vdomain.cc 28/11/1999 23.35.22 */ PUBLIC VDOMAIN::VDOMAIN (const char *line); PUBLIC VDOMAIN::VDOMAIN (void); PRIVATE void VDOMAIN::showother (DIALOG&dia, int item); --- 173,179 ---- PUBLIC SPAM_ITEM *SPAM_ITEMS_DENY::new_spam_item (const char *line); PUBLIC SPAM_ITEMS_DENY::SPAM_ITEMS_DENY (CONFIG_FILE&_fconf); PUBLIC int SPAM_ITEMS_DENY::write (void); ! /* vdomain.cc 06/01/2000 00.09.34 */ PUBLIC VDOMAIN::VDOMAIN (const char *line); PUBLIC VDOMAIN::VDOMAIN (void); PRIVATE void VDOMAIN::showother (DIALOG&dia, int item); *************** *** 182,211 **** PUBLIC int VIRTUAL_COMNG::save (PRIVILEGE *priv); PUBLIC int VIRTUAL_COMNG::validate (DIALOG&, int &nof); PUBLIC int VIRTUAL_COMNG::deluser (PRIVILEGE *); - /* aliascomng.cc 02/11/1999 14.27.58 */ - PRIVATE void ALIAS_COMNG::setup_uquotap (char uquotap[PATH_MAX]); - PUBLIC ALIAS_COMNG::ALIAS_COMNG (DICTIONARY&_dict); - PUBLIC void ALIAS_COMNG::setupdia (DIALOG&dia); - PUBLIC int ALIAS_COMNG::save (PRIVILEGE *priv); - PUBLIC int ALIAS_COMNG::validate (DIALOG&, int &nof); - PUBLIC int ALIAS_COMNG::deluser (PRIVILEGE *priv); - /* mod_mailconf.cc 28/11/1999 23.17.46 */ - PUBLIC MODULE_mailconf::MODULE_mailconf (void); - PUBLIC void MODULE_mailconf::setmenu (DIALOG&dia, - MENU_CONTEXT context); - PUBLIC int MODULE_mailconf::domenu (MENU_CONTEXT context, - const char *key); - PUBLIC int MODULE_mailconf::dohtml (const char *key); - PUBLIC int MODULE_mailconf::message (const char *msg, - int , - const char *argv[]); - PUBLIC int MODULE_mailconf::probe (int level, int target, bool); - PUBLIC void MODULE_mailconf::usage (SSTRINGS&tb); - PUBLIC int MODULE_mailconf::execmain (int argc, char *argv[]); - /* mailq.cc 16/08/1999 19.41.56 */ - PUBLIC MAILQ_ENTRY::MAILQ_ENTRY (const char *_id, - int _size, - const char *_date, - const char *_sender); - PUBLIC int MAILQ_ENTRY::edit (void); - PUBLIC MAILQ_ENTRY *MAILQ_ENTRIES::getitem (int no)const; --- 209,211 ---- *** 1.17r3/linuxconf/modules/mailconf/conf/rulesets.relay.cf Sun Dec 12 22:22:18 1999 --- 1,17r4/linuxconf/modules/mailconf/conf/rulesets.relay.cf Thu Feb 17 22:20:31 2000 *************** *** 23,28 **** --- 23,29 ---- Sremovelocal # remove RelayTo part (maybe repeatedly) R$*<@$*$={RelayTo}.>$* $>3 $1 $4 + R$*<@$*$={RelayTo}>$* $>3 $1 $4 R$*<@$=V>$* $: $>removelocal $>3 $1 $3 R$*<@$=V.>$* $: $>removelocal $>3 $1 $3 R$*<@$=w.>$* $: $>removelocal $>3 $1 $3 *** 1.17r3/linuxconf/modules/inetdconf/Makefile Fri Jan 21 13:06:19 2000 --- 1,17r4/linuxconf/modules/inetdconf/Makefile Wed Feb 16 15:24:02 2000 *************** *** 1,10 **** ! VERSION=1.3 CURDIR=inetdconf LOCAL_CLEAN=local_clean LOCAL_INSTALL=local_install all: $(CURDIR).so OBJS = inetdconf.os inetdconfedit.os etcservice.os etcprotocol.os \ ! etchostsallow.os servicectl_api.os _dict.os include ../rules.mak include ../stdmod.mak --- 1,10 ---- ! VERSION=1.4 CURDIR=inetdconf LOCAL_CLEAN=local_clean LOCAL_INSTALL=local_install all: $(CURDIR).so OBJS = inetdconf.os inetdconfedit.os etcservice.os etcprotocol.os \ ! hostsallow.os servicectl_api.os fwedit.os fwport.os _dict.os include ../rules.mak include ../stdmod.mak *** 1.17r3/linuxconf/modules/inetdconf/README Fri Jan 21 13:06:32 2000 --- 1,17r4/linuxconf/modules/inetdconf/README Wed Feb 16 15:27:34 2000 *************** *** 1,8 **** A module in Linuxconf: inetdconf ! Version 1.3 2000-01-06 ! This is at the moment basically an edit program for /etc/services and ! /etc/inetd.conf. /etc/protocols is read for protocol check. Included is also an api to Control Service Activity. --- 1,11 ---- A module in Linuxconf: inetdconf ! Version 1.4 2000-02-16 ! Edit of /etc/services, /etc/inetd.conf, /etc/hosts.allow and ! /etc/host.deny. ! ! Input internet firewall controlled by a clickable list of listening ! processes. Included is also an api to Control Service Activity. *** 1.17r3/linuxconf/modules/inetdconf/etcprotocol.cc Sun Dec 19 17:07:15 1999 --- 1,17r4/linuxconf/modules/inetdconf/etcprotocol.cc Thu Feb 3 13:36:32 2000 *************** *** 21,27 **** ,"root" ,"root" ,0644 ! ); /* * ETCPROTOCOL --- 21,27 ---- ,"root" ,"root" ,0644 ! ,subsys_inetdconf); /* * ETCPROTOCOL *** 1.17r3/linuxconf/modules/inetdconf/etcservice.cc Fri Jan 21 17:18:10 2000 --- 1,17r4/linuxconf/modules/inetdconf/etcservice.cc Tue Feb 15 13:34:50 2000 *************** *** 13,28 **** #include "inetdconf.m" #include "etcservice.h" #include "etcprotocol.h" static HELP_FILE help_etcservice ("inetdconf","etcservice"); static CONFIG_FILE f_config_file( ! "/etc/services" ,help_etcservice ,CONFIGF_MANAGED ,"root" ,"root" ,0644 ! ); static ETCSERVICELIST *etcservicelist = NULL; static ETCPROTOCOLLIST *etcprotocollist = NULL; --- 13,29 ---- #include "inetdconf.m" #include "etcservice.h" #include "etcprotocol.h" + #include "../../paths.h" static HELP_FILE help_etcservice ("inetdconf","etcservice"); static CONFIG_FILE f_config_file( ! ETC_SERVICES ,help_etcservice ,CONFIGF_MANAGED ,"root" ,"root" ,0644 ! ,subsys_inetdconf ); static ETCSERVICELIST *etcservicelist = NULL; static ETCPROTOCOLLIST *etcprotocollist = NULL; *************** *** 240,245 **** --- 241,263 ---- return ret; } + PUBLIC ETCSERVICE *ETCSERVICELIST::getitem(const char *_protocol, int _port) const + { + //fprintf(stderr,"etcservice.cc: getitem: protocol=%s port=%d\n", _protocol, _port ); + ETCSERVICE *ret = NULL; + int n = getnb(); + for (int i=0; i<n; i++) { + ETCSERVICE *etcservice = getitem(i); + if (( etcservice->protocol.cmp( _protocol ) == 0 ) + && ( etcservice->port == _port )) { + //fprintf(stderr,"etcservice.cc: getitem: found: protocol=%s port=%d\n", _protocol, _port ); + etcservice->index = i; + return( etcservice ); + } + } + return ret; + } + PUBLIC ETCSERVICE *ETCSERVICELIST::getitem_alias(const char *_service_name) const { ETCSERVICE *ret = NULL; *************** *** 446,457 **** dia->newf_head ("",MSG_U(H_ETCSERVICE,"Service\tPort/Protocol")); sorted.remove_all(); for (int i=0; i<getnb(); i++) { - // ETCSERVICE *etcservice = getitem(i); - // SSTRING pp; - // pp.setfrom( etcservice->port ); - // pp.append( "/" ); - // pp.append( etcservice->protocol.get() ); - // dia->new_menuitem (etcservice->service_name, pp); ETCSERVICE *etcservice = getitem(i); SSTRING *pp = new SSTRING( etcservice->service_name.get() ); SSTRING p; --- 464,469 ---- *** 1.17r3/linuxconf/modules/inetdconf/etcservice.h Sat Dec 25 14:56:05 1999 --- 1,17r4/linuxconf/modules/inetdconf/etcservice.h Sun Jan 30 15:47:18 2000 *************** *** 35,43 **** public: ETCSERVICELIST( ); ETCSERVICE *getitem (const char *id) const; ETCSERVICE *getitem_alias(const char *id) const; ETCSERVICE *getitem_service(const char *service) const; - ETCSERVICE *getitem (int negative) const; void read (void); int edit (void); /*~PROTOEND~ ETCSERVICELIST */ --- 35,44 ---- public: ETCSERVICELIST( ); ETCSERVICE *getitem (const char *id) const; + ETCSERVICE *getitem(const char *protocol, int port) const; + ETCSERVICE *getitem(int negative) const; ETCSERVICE *getitem_alias(const char *id) const; ETCSERVICE *getitem_service(const char *service) const; void read (void); int edit (void); /*~PROTOEND~ ETCSERVICELIST */ *** 1.17r3/linuxconf/modules/inetdconf/inetdconf.cc Thu Jan 20 17:35:54 2000 --- 1,17r4/linuxconf/modules/inetdconf/inetdconf.cc Sat Feb 12 13:44:47 2000 *************** *** 2,12 **** #include <stdio.h> #include <string.h> #include <translat.h> #include "inetdconf.h" #include "inetdconf.m" - #include "inetdconfedit.h" - #include "etcservice.h" - #include "etchostsallow.h" #include <module_apis/servicectl_api.h> --- 2,10 ---- #include <stdio.h> #include <string.h> #include <translat.h> + #include <subsys.h> #include "inetdconf.h" #include "inetdconf.m" #include <module_apis/servicectl_api.h> *************** *** 62,73 **** static void usage() { xconf_error (MSG_U(T_USAGE ! ,"linuxconf --modulemain inetdconf usage\n" "\n" ! " inetdconf --enable service [service ...]\n" ! " inetdconf --disable service [service ...]\n" ! "\n" ! "Without arguments the modules main dialog is started.\n" ) ); } --- 60,69 ---- static void usage() { xconf_error (MSG_U(T_USAGE ! ,"Module inetdconf usage\n" "\n" ! " --enable service [service ...]\n" ! " --disable service [service ...]\n" ) ); } *************** *** 116,128 **** { static const char *m_etcservice = MSG_U(M_ETCSERVICE,"Internet network services"); static const char *m_inetdconf = MSG_U(M_INETDCONFS_INETD,"Internet servers database"); ! static const char *m_etchostsallow = MSG_U(M_ETCHOSTSALLOW,"Allow access"); ! static const char *m_etchostsdeny = MSG_U(M_ETCHOSTSDENY,"Deny access"); static const char *menuopt[] = { "", m_etcservice, "", m_inetdconf, ! // "", m_etchostsallow, ! // "", m_etchostsdeny, NULL, }; DIALOG_MENU dia; --- 112,126 ---- { static const char *m_etcservice = MSG_U(M_ETCSERVICE,"Internet network services"); static const char *m_inetdconf = MSG_U(M_INETDCONFS_INETD,"Internet servers database"); ! static const char *m_firewall = MSG_U(M_FIREWALL,"Internet firewall and masquerade"); ! static const char *m_hostsallow = MSG_U(M_HOSTSALLOW,"Allowed server access"); ! static const char *m_hostsdeny = MSG_U(M_HOSTSDENY,"Denied server access"); static const char *menuopt[] = { "", m_etcservice, "", m_inetdconf, ! "", m_firewall, ! "", m_hostsallow, ! "", m_hostsdeny, NULL, }; DIALOG_MENU dia; *************** *** 132,138 **** MENU_STATUS code = dia.editmenu (MSG_U(M_INETDCONFS_MENU, "Basic services") ,MSG_U(I_INETD, "This menu allows you to configure basic system services\n" ! "based on the internet super server inetd\n") ,help_inetdconf ,choice,0); if (code == MENU_QUIT || code == MENU_ESCAPE){ --- 130,142 ---- MENU_STATUS code = dia.editmenu (MSG_U(M_INETDCONFS_MENU, "Basic services") ,MSG_U(I_INETD, "This menu allows you to configure basic system services\n" ! "based on the internet super server inetd and do a\n" ! "simple firewall against the internet with internal\n" ! "masquerading of the local network.\n" ! "\n" ! "For servers which are started by inetd/tcpd it is also\n" ! "possible to allow or deny servers on a system basis." ! ) ,help_inetdconf ,choice,0); if (code == MENU_QUIT || code == MENU_ESCAPE){ *************** *** 144,154 **** etcservice_edit( ); } else if (key == m_inetdconf) { inetdconf_edit( ); ! } //else if (key == m_etchostsallow) { ! // etchostsallow_edit( ); ! // } // else if (key == m_etchostsdeny) { ! // etchostsdeny_edit( ); ! // } } } } --- 148,160 ---- etcservice_edit( ); } else if (key == m_inetdconf) { inetdconf_edit( ); ! } else if (key == m_firewall) { ! firewall_edit( ); ! } else if (key == m_hostsallow) { ! hostsallow_edit( ); ! } else if (key == m_hostsdeny) { ! hostsdeny_edit( ); ! } } } } *** 1.17r3/linuxconf/modules/inetdconf/inetdconf.h Sun Jan 23 22:24:47 2000 --- 1,17r4/linuxconf/modules/inetdconf/inetdconf.h Thu Feb 3 13:25:32 2000 *************** *** 24,29 **** --- 24,35 ---- /*~PROTOEND~ MODULE_inetdconf */ }; + static const char K_FIREWALL[] = "firewall"; + static const char K_ACTIVE[] = "active"; + static const char K_DYNAMIC_IP[] = "dynamic_ip"; + static const char K_LOG_DENIED[] = "log_denied"; + static const char subsys_inetdconf[] = "inetdconf"; + #include "inetdconf.p" #endif *** 1.17r3/linuxconf/modules/inetdconf/inetdconf.m Sun Jan 23 22:24:51 2000 --- 1,17r4/linuxconf/modules/inetdconf/inetdconf.m Wed Feb 16 22:58:33 2000 *************** *** 2,8 **** #ifndef DICTIONARY_REQUEST #define DICTIONARY_REQUEST \ const char **_dictionary_inetdconf;\ ! TRANSLATE_SYSTEM_REQ _dictionary_req_inetdconf("inetdconf",_dictionary_inetdconf,70,8);\ void dummy_dict_inetdconf(){} #endif #ifndef MSG_U --- 2,8 ---- #ifndef DICTIONARY_REQUEST #define DICTIONARY_REQUEST \ const char **_dictionary_inetdconf;\ ! TRANSLATE_SYSTEM_REQ _dictionary_req_inetdconf("inetdconf",_dictionary_inetdconf,102,16);\ void dummy_dict_inetdconf(){} #endif #ifndef MSG_U *************** *** 55,85 **** #define F_ETCSERVICEALIASES 39 #define I_ADDETCSERVICE 40 #define F_ETCPROTOCOLCOMMENT 41 ! #define P_EDITETCHOSTSALLOW 42 ! #define T_ETCHOSTSALLOW 43 ! #define H_ETCHOSTSALLOW 44 ! #define I_ADDETCHOSTSALLOW 45 ! #define T_ETCHOSTSALLOWLIST 46 ! #define I_ETCHOSTSALLOWLIST 47 ! #define F_ETCHOSTSALLOWSERV 48 ! #define F_ETCHOSTSALLOWCLIENT 49 ! #define F_ETCHOSTSALLOWCOMMAND 50 ! #define M_ETCHOSTSALLOW 51 ! #define M_ETCHOSTSDENY 52 ! #define F_ADDONESERVICE 53 ! #define F_MAXDEFAULT 54 ! #define E_PORTPROTOCOL 55 ! #define E_DUPPORTPROTOCOL 56 ! #define F_MULTIPROCESS 57 ! #define E_FILE_MODIFIED 58 ! #define I_SYSVENABLED 59 ! #define I_SYSVDISABLED 60 ! #define I_RUNNING 61 ! #define E_NOSERVERPATH 62 ! #define E_ALLOWSERVICEMISSING 63 ! #define E_ALLOWCLIENT 64 ! #define F_DISABLED 65 ! #define F_ENABLED 66 ! #define F_STATE 67 ! #define E_SERVERPATHINCORRECT 68 ! #define F_ETCSERVICECOMMENT 69 --- 55,117 ---- #define F_ETCSERVICEALIASES 39 #define I_ADDETCSERVICE 40 #define F_ETCPROTOCOLCOMMENT 41 ! #define F_MAXDEFAULT 42 ! #define E_PORTPROTOCOL 43 ! #define E_DUPPORTPROTOCOL 44 ! #define F_MULTIPROCESS 45 ! #define E_FILE_MODIFIED 46 ! #define I_SYSVENABLED 47 ! #define I_SYSVDISABLED 48 ! #define I_RUNNING 49 ! #define E_NOSERVERPATH 50 ! #define E_ALLOWSERVICEMISSING 51 ! #define E_ALLOWCLIENT 52 ! #define F_DISABLED 53 ! #define F_ENABLED 54 ! #define F_STATE 55 ! #define E_SERVERPATHINCORRECT 56 ! #define F_ETCSERVICECOMMENT 57 ! #define E_NODEFAULT_ROUTE 58 ! #define E_NOPORTLIST 59 ! #define F_INTERNET_INTERFACE 60 ! #define F_INTERNET_IP 61 ! #define T_ACTIVE_SERVICES_TCP 62 ! #define T_FIREWALL 63 ! #define T_ACTIVE_SERVICES_UDP 64 ! #define I_FIREWALL 65 ! #define F_ENABLE_FIREWALL 66 ! #define T_IN 67 ! #define T_BY 68 ! #define F_DYNAMIC_IP 69 ! #define T_ALLOWED_SERVICES 70 ! #define T_INTERNET 71 ! #define F_NETWORK_MASK 72 ! #define F_NETWORK_ADDRESS 73 ! #define P_EDITFIREWALL 74 ! #define F_LOG_DENIED 75 ! #define F_ACTIVE 76 ! #define M_FIREWALL 77 ! #define T_BASICFWINFO 78 ! #define E_OLD_KERNEL 79 ! #define I_INTERFACE 80 ! #define I_ETCHOSTSDENYLIST 81 ! #define T_ETCHOSTSDENYLIST 82 ! #define T_ETCHOSTSDENY 83 ! #define F_SERVER 84 ! #define F_HOSTSALLOWCLIENT 85 ! #define F_HOSTSALLOWCOMMAND 86 ! #define T_HOSTSALLOW 87 ! #define H_HOSTSALLOW 88 ! #define I_ADDHOSTSALLOW 89 ! #define T_HOSTSALLOWLIST 90 ! #define I_HOSTSALLOWLIST 91 ! #define M_HOSTSALLOW 92 ! #define M_HOSTSDENY 93 ! #define E_NOT_UP 94 ! #define I_SCRIPT_CREATED 95 ! #define E_IP_DYNADDR 96 ! #define E_IP_FORWARD 97 ! #define F_IP_FORWARD 98 ! #define F_YES 99 ! #define F_NO 100 ! #define F_IP_DYNADDR 101 *** 1.17r3/linuxconf/modules/inetdconf/inetdconf.p Sun Jan 23 22:24:47 2000 --- 1,17r4/linuxconf/modules/inetdconf/inetdconf.p Wed Feb 16 22:59:38 2000 *************** *** 1,11 **** /* _dict.cc 11/12/1999 11.34.02 */ ! /* etchostsallow.cc 17/01/2000 18.28.48 */ ! PUBLIC void etchostsallow_edit (void); ! /* etcprotocol.cc 30/12/1999 13.53.12 */ ! /* etcservice.cc 21/01/2000 17.18.10 */ PUBLIC void etcservice_edit (void); ! /* inetdconf.cc 20/01/2000 17.35.54 */ ! /* inetdconfedit.cc 21/01/2000 17.15.00 */ PUBLIC void inetdconf_edit (void); PUBLIC void inetdconf_enable_service (int argc, char *service[], --- 1,9 ---- /* _dict.cc 11/12/1999 11.34.02 */ ! /* etcprotocol.cc 03/02/2000 13.36.32 */ ! /* etcservice.cc 15/02/2000 13.34.50 */ PUBLIC void etcservice_edit (void); ! /* inetdconf.cc 12/02/2000 13.44.46 */ ! /* inetdconfedit.cc 03/02/2000 13.21.56 */ PUBLIC void inetdconf_edit (void); PUBLIC void inetdconf_enable_service (int argc, char *service[], *************** *** 13,15 **** --- 11,24 ---- /* servicectl_api.cc 21/01/2000 12.49.24 */ void *inetdconf_api_get (void); void inetdconf_api_release (void *obj); + /* fwport.cc 31/01/2000 14.06.18 */ + char *safe_strncpy (char *dst, const char *src, size_t size); + void afinit (void); + struct aftype *get_afntype (int af); + /* fwedit.cc 16/02/2000 13.55.42 */ + PUBLIC void firewall_edit (void); + /* hostsallow.cc 13/02/2000 17.44.26 */ + PUBLIC void hostsallow_edit (void); + PUBLIC void hostsdeny_edit (void); + /* fwinput.cc 16/02/2000 22.59.34 */ + PUBLIC void read (void); *** 1.17r3/linuxconf/modules/inetdconf/inetdconf.pm Sun Jan 23 22:24:47 2000 --- 1,17r4/linuxconf/modules/inetdconf/inetdconf.pm Wed Feb 16 22:59:38 2000 *************** *** 1,23 **** /* _dict.cc 11/12/1999 11.34.02 */ ! /* etchostsallow.cc 17/01/2000 18.28.48 */ ! PRIVATE void ETCHOSTSALLOW::init (void); ! PUBLIC ETCHOSTSALLOW::ETCHOSTSALLOW (const char *_service); ! PUBLIC ETCHOSTSALLOW::ETCHOSTSALLOW (void); ! PUBLIC int ETCHOSTSALLOW::write (int button); ! PRIVATE void ETCHOSTSALLOW::modify_service (VIEWITEM *item); ! PUBLIC int ETCHOSTSALLOW::edit (void); ! PRIVATE int ETCHOSTSALLOW::input_error (void); ! PUBLIC ETCHOSTSALLOW *ETCHOSTSALLOWLIST::getitem (int no)const; ! PUBLIC ETCHOSTSALLOW *ETCHOSTSALLOWLIST::getitem (const char *_service)const; ! PUBLIC ETCHOSTSALLOWLIST::ETCHOSTSALLOWLIST (void); ! PRIVATE char *ETCHOSTSALLOWLIST::next_word (char *d, ! char *s, ! int size); ! PUBLIC void ETCHOSTSALLOWLIST::add_service (int line_number, ! VIEWITEM *item); ! PUBLIC void ETCHOSTSALLOWLIST::read (void); ! PUBLIC int ETCHOSTSALLOWLIST::edit (void); ! /* etcprotocol.cc 30/12/1999 13.53.12 */ PRIVATE void ETCPROTOCOL::init (void); PUBLIC ETCPROTOCOL::ETCPROTOCOL (const char *_protocol_name); PUBLIC ETCPROTOCOL::ETCPROTOCOL (void); --- 1,5 ---- /* _dict.cc 11/12/1999 11.34.02 */ ! /* etcprotocol.cc 03/02/2000 13.36.32 */ PRIVATE void ETCPROTOCOL::init (void); PUBLIC ETCPROTOCOL::ETCPROTOCOL (const char *_protocol_name); PUBLIC ETCPROTOCOL::ETCPROTOCOL (void); *************** *** 37,43 **** VIEWITEM *item); PUBLIC void ETCPROTOCOLLIST::read (void); PUBLIC int ETCPROTOCOLLIST::edit (void); ! /* etcservice.cc 21/01/2000 17.18.10 */ PRIVATE void ETCSERVICE::init (void); PUBLIC ETCSERVICE::ETCSERVICE (const char *_service_name); PUBLIC ETCSERVICE::ETCSERVICE (void); --- 19,25 ---- VIEWITEM *item); PUBLIC void ETCPROTOCOLLIST::read (void); PUBLIC int ETCPROTOCOLLIST::edit (void); ! /* etcservice.cc 15/02/2000 13.34.50 */ PRIVATE void ETCSERVICE::init (void); PUBLIC ETCSERVICE::ETCSERVICE (const char *_service_name); PUBLIC ETCSERVICE::ETCSERVICE (void); *************** *** 47,52 **** --- 29,36 ---- PRIVATE int ETCSERVICE::input_error (void); PUBLIC ETCSERVICE *ETCSERVICELIST::getitem (int no)const; PUBLIC ETCSERVICE *ETCSERVICELIST::getitem (const char *_service_name)const; + PUBLIC ETCSERVICE *ETCSERVICELIST::getitem (const char *_protocol, + int _port)const; PUBLIC ETCSERVICE *ETCSERVICELIST::getitem_alias (const char *_service_name) const; PUBLIC ETCSERVICE *ETCSERVICELIST::getitem_service (const char *_service)const; *************** *** 60,66 **** VIEWITEM *item); PUBLIC void ETCSERVICELIST::read (void); PUBLIC int ETCSERVICELIST::edit (void); ! /* inetdconf.cc 20/01/2000 17.35.54 */ PUBLIC MODULE_inetdconf::MODULE_inetdconf (void); PUBLIC void MODULE_inetdconf::setmenu (DIALOG&dia, MENU_CONTEXT context); --- 44,50 ---- VIEWITEM *item); PUBLIC void ETCSERVICELIST::read (void); PUBLIC int ETCSERVICELIST::edit (void); ! /* inetdconf.cc 12/02/2000 13.44.46 */ PUBLIC MODULE_inetdconf::MODULE_inetdconf (void); PUBLIC void MODULE_inetdconf::setmenu (DIALOG&dia, MENU_CONTEXT context); *************** *** 69,75 **** PUBLIC int MODULE_inetdconf::dohtml (const char *key); PUBLIC void MODULE_inetdconf::usage (SSTRINGS&tb); PUBLIC int MODULE_inetdconf::execmain (int argc, char *argv[]); ! /* inetdconfedit.cc 21/01/2000 17.15.00 */ PRIVATE void INETDCONF::init (void); PUBLIC INETDCONF::INETDCONF (const char *_service_name); PUBLIC INETDCONF::INETDCONF (void); --- 53,59 ---- PUBLIC int MODULE_inetdconf::dohtml (const char *key); PUBLIC void MODULE_inetdconf::usage (SSTRINGS&tb); PUBLIC int MODULE_inetdconf::execmain (int argc, char *argv[]); ! /* inetdconfedit.cc 03/02/2000 13.21.56 */ PRIVATE void INETDCONF::init (void); PUBLIC INETDCONF::INETDCONF (const char *_service_name); PUBLIC INETDCONF::INETDCONF (void); *************** *** 112,114 **** --- 96,140 ---- PUBLIC const char *SERVICE_INETDCONF::getrunstatus (void); PUBLIC void SERVICE_INETDCONF::showstatus (void); PUBLIC int SERVICE_INETDCONF::control (SERVICE_OPER oper); + /* fwport.cc 31/01/2000 14.06.18 */ + FWPORT::FWPORT (void); + FWPORTLIST::FWPORTLIST (void); + PRIVATE void FWPORTLIST::tcp_do_one (int lnr, const char *line); + PRIVATE void FWPORTLIST::udp_do_one (int lnr, const char *line); + PRIVATE int FWPORTLIST::getlist_tcp (void); + PRIVATE int FWPORTLIST::getlist_udp (void); + PUBLIC void FWPORTLIST::sort (void); + PUBLIC void FWPORTLIST::update_from_db (void); + PUBLIC void FWPORTLIST::read (void); + PUBLIC FWPORT *FWPORTLIST::getitem (int no)const; + /* fwedit.cc 16/02/2000 13.55.42 */ + PUBLIC FW::FW (void); + PUBLIC FW::~FW (void); + PUBLIC int FW::internet_route (void); + PUBLIC int FW::write (void); + PRIVATE void FW::check_status (void); + PRIVATE void FW::append_to_dialog (DIALOG *dia, FWPORT *fwport); + PUBLIC int FW::edit (void); + PUBLIC int FW::input_error (void); + PUBLIC DAEMON_DIALD::DAEMON_DIALD (void); + PUBLIC PROC *DAEMON_DIALD::getdaemonprocess (void); + /* hostsallow.cc 13/02/2000 17.44.26 */ + PUBLIC MYDATA::MYDATA (int path, CONFIG_FILE *f); + PUBLIC MYDATA::~MYDATA (void); + PRIVATE void HOSTSALLOW::init (void); + PUBLIC HOSTSALLOW::HOSTSALLOW (const char *_service); + PUBLIC HOSTSALLOW::HOSTSALLOW (void); + PUBLIC int HOSTSALLOW::write (int button, MYDATA *mydata); + PRIVATE void HOSTSALLOW::modify_service (VIEWITEM *item); + PUBLIC int HOSTSALLOW::edit (MYDATA *mydata); + PRIVATE int HOSTSALLOW::input_error (void); + PUBLIC HOSTSALLOW *HOSTSALLOWLIST::getitem (int no)const; + PUBLIC HOSTSALLOW *HOSTSALLOWLIST::getitem (const char *_service)const; + PUBLIC HOSTSALLOWLIST::HOSTSALLOWLIST (void); + PRIVATE char *HOSTSALLOWLIST::next_word (char *d, char *s, int size); + PUBLIC void HOSTSALLOWLIST::add_service (int line_number, + VIEWITEM *item); + PUBLIC void HOSTSALLOWLIST::read (MYDATA *mydata); + PUBLIC int HOSTSALLOWLIST::edit (MYDATA *mydata); + /* fwinput.cc 16/02/2000 22.59.34 */ + PUBLIC FWINPUT::FWINPUT (void); *** 1.17r3/linuxconf/modules/inetdconf/inetdconfedit.cc Fri Jan 21 17:15:01 2000 --- 1,17r4/linuxconf/modules/inetdconf/inetdconfedit.cc Thu Feb 3 13:21:56 2000 *************** *** 16,22 **** #include "etcservice.h" #include "etcprotocol.h" - const char subsys_inetdconf[]="inetdconf"; static LINUXCONF_SUBSYS subb (subsys_inetdconf,P_MSG_U(T_INETD, "Internet super server" )); --- 16,21 ---- *** 1.17r3/linuxconf/modules/inetdconf/HISTORY Fri Jan 21 13:08:09 2000 --- 1,17r4/linuxconf/modules/inetdconf/HISTORY Wed Feb 16 17:04:57 2000 *************** *** 1,5 **** --- 1,21 ---- History of the inetdconf module for Linuxconf + 1.4 000216 + - Internet input firewall. This firewall makes some + assumptions and may not work for everyone. Basically it locates + all processes listening on unconnected sockets. This list is + presented with a clickable button to enable connections on + the internet interface. + - The firewall is activated through a script which can be started + either as a rc-script (complete with start, stop and status + commands) or an ip-up script for dynamic ip-addresses. + - The firewall assumes that any local network wants masquerading + for access to the internet. + - It also assumes free access to services on the local + network (for now). + - Editing of /etc/hosts.allow and /etc/hosts.deny through two + new menu entries. Lists servers started by tcpd as only these + are allowed. 1.3 000121 - Check for already active identical service (re port & protocol) failed when editing was done from "Control Service Activity". *************** *** 31,38 **** this list. Having duplicate entries is not acceptable. Now inetdconf shows up as "inetdconf" and when selected normal edititing is started. - Added enable/disable service as options. Syntax: ! "linuxconf --mainmodule inetdconf --enable service [service ...]" ! "linuxconf --mainmodule inetdconf --disable service [service ...]" These options write /etc/inetd.conf once for every service entered. Only one write should occur. - Changed the misnamed field text "Delay" to "Concurrent processes" --- 47,54 ---- this list. Having duplicate entries is not acceptable. Now inetdconf shows up as "inetdconf" and when selected normal edititing is started. - Added enable/disable service as options. Syntax: ! "linuxconf --modulemain inetdconf --enable service [service ...]" ! "linuxconf --modulemain inetdconf --disable service [service ...]" These options write /etc/inetd.conf once for every service entered. Only one write should occur. - Changed the misnamed field text "Delay" to "Concurrent processes" *** 1.17r3/linuxconf/modules/inetdconf/etchostsallow.cc Mon Jan 17 18:28:49 2000 --- 1,17r4/linuxconf/modules/inetdconf/etchostsallow.cc *************** *** 1,414 **** - #pragma implementation - #include <stdio.h> - #include <stdlib.h> - #include <string.h> - #include <ctype.h> - #include <misc.h> - #include <configf.h> - #include <userconf.h> - #include <translat.h> - #include <subsys.h> - #include <fviews.h> - #include "inetdconf.h" - #include "inetdconf.m" - #include "inetdconfedit.h" - #include "etchostsallow.h" - - static HELP_FILE help_etchostsallow ("inetdconf","etchostsallow"); - static CONFIG_FILE f_config_file( - "/etc/hosts.allow" - ,help_etchostsallow - ,0 - ,"root" - ,"root" - ,0644 - ); - - - static ETCHOSTSALLOWLIST *etchostsallowlist = NULL; - static INETDCONFLIST *inetdconflist = NULL; - static long modified_time = 0; - static bool config_file_modified = false; - /* - * ETCHOSTSALLOW - */ - #define K_FIELD_SERVICE 1 - #define K_FIELD_CLIENT 2 - #define K_FIELD_COMMAND 3 - - PRIVATE void ETCHOSTSALLOW::init() - { - fprintf(stderr,"ETCHOSTSALLOW::init\n"); - new_etchostsallow = 0; - } - - PUBLIC ETCHOSTSALLOW::ETCHOSTSALLOW(const char *_service) - { - fprintf(stderr,"ETCHOSTSALLOW::ETCHOSTSALLOW _service=%s\n", _service); - service.setfrom (_service); - init(); - } - - PUBLIC ETCHOSTSALLOW::ETCHOSTSALLOW( ) - { - fprintf(stderr,"ETCHOSTSALLOW::ETCHOSTSALLOW\n"); - init(); - } - - PUBLIC int ETCHOSTSALLOW::write( int button ) - { - fprintf(stderr,"ETCHOSTSALLOW::write\n"); - int ret = -1; - if ( ! perm_rootaccess( MSG_U(P_EDITETCHOSTSALLOW, "change service configuration") ) ) { - return( ret ); - } - long this_modified_time = file_date( f_config_file.getpath() ); - if ( this_modified_time > modified_time ) { - xconf_error(MSG_R(E_FILE_MODIFIED), f_config_file.getpath() ); - config_file_modified = true; - return( ret ); - } - VIEWITEMS items; - items.setcomcar( '\002' ); // Set comment to "impossible" char - items.read( f_config_file ); // Read current version of config file - if ( new_etchostsallow ) { - VIEWITEM *item = new VIEWITEM(""); - modify_service( item ); - items.add( item ); - } else { - for ( int line=0; line<items.getnb(); line++ ) { - if ( line == etchostsallow_line ) { - VIEWITEM *item = items.getitem(line); - if ( button == MENU_DEL ) { - items.remove( item ); - } else { - modify_service( item ); - } - } - } - } - items.write( f_config_file, (PRIVILEGE *)NULL ); - - /* - * Last modified set when config file read or written. - */ - modified_time = file_date( f_config_file.getpath() ); - return( ret ); - } - - - /** - * Update line - */ - PRIVATE void ETCHOSTSALLOW::modify_service( VIEWITEM *item ) - { - fprintf(stderr,"ETCHOSTSALLOW::modify_service: item=%s\n", item->line.get()); - char line[2048]; - - if ( ! add_service.is_empty() ) { - if ( ! service.is_empty() ) { - service.append( "," ); - } - service.append( add_service.get() ); - add_service.setfrom( "" ); - } - if ( command.is_empty() ) { - snprintf( line, sizeof(line), "%s:%s", - service.get(), - client.get()); - } else { - snprintf( line, sizeof(line), "%s:%s:%s", - service.get(), - client.get(), - command.get()); - } - item->line.setfrom( line ); - } - - /** - * Edit etchostsallow entry - */ - PUBLIC int ETCHOSTSALLOW::edit() - { - fprintf(stderr,"ETCHOSTSALLOW::edit\n"); - DIALOG dia; - - dia.newf_str( MSG_U(F_ETCHOSTSALLOWSERV,"Host services"), service ); - { - FIELD_COMBO *combo = dia.newf_combo(MSG_U(F_ADDONESERVICE,"Add one service"),add_service); - INETDCONF *inetdconf = NULL; - SSTRINGS strings; - for (int i=0; i<inetdconflist->getnb(); i++ ) { - inetdconf = inetdconflist->getitem( i ); - SSTRING *service_name = new SSTRING(inetdconf->service_name.get()); - strings.add( service_name ); - } - strings.sort(); - strings.remove_dups(); - for (int i=0; i<strings.getnb(); i++ ) { - combo->addopt(strings.getitem(i)->get()); - } - } - dia.newf_str( MSG_U(F_ETCHOSTSALLOWCLIENT,"Client systems"), client ); - - dia.newf_str( MSG_U(F_ETCHOSTSALLOWCOMMAND,"Optional command"), command ); - - int buttons; - if ( new_etchostsallow ) { - buttons = (MENUBUT_CANCEL|MENUBUT_ACCEPT); - } else { - buttons = (MENUBUT_DEL|MENUBUT_CANCEL|MENUBUT_ACCEPT); - } - int ret = 0; - int nof = 0; - while (1){ - MENU_STATUS code = dia.edit( - MSG_U(T_ETCHOSTSALLOW, - "Access allowed") - ,"" - ,help_etchostsallow - ,nof - ,buttons); - if (code == MENU_CANCEL || code == MENU_ESCAPE){ - ret = -1; - break; - }else if (code == MENU_DEL){ - if ( xconf_delok() ) { - write( MENU_DEL ); - ret = 1; - break; - } - }else if (code == MENU_ACCEPT ) { - if ( input_error( ) ) continue; - write ( MENU_ACCEPT ); - ret = 0; - break; - } - } - return ret; - } - - PRIVATE int ETCHOSTSALLOW::input_error( ) - { - if ( service.is_empty() && add_service.is_empty() ) { - xconf_error( MSG_U(E_ALLOWSERVICEMISSING, - "Service name is missing") ); - return( 1 ); - } - if ( client.is_empty() ) { - xconf_error( MSG_U(E_ALLOWCLIENT, - "Client name is missing") ); - return( 1 ); - } - return( 0 ); - } - - /** - * ETCHOSTSALLOWLIST - */ - - PUBLIC ETCHOSTSALLOW *ETCHOSTSALLOWLIST::getitem (int no) const - { - return (ETCHOSTSALLOW*)ARRAY::getitem (no); - } - - PUBLIC ETCHOSTSALLOW *ETCHOSTSALLOWLIST::getitem (const char *_service) const - { - ETCHOSTSALLOW *ret = NULL; - int n = getnb(); - for (int i=0; i<n; i++) { - ETCHOSTSALLOW *etchostsallow = getitem(i); - if (etchostsallow->service.cmp(_service)==0){ - ret = etchostsallow; - break; - } - } - return ret; - } - - PUBLIC ETCHOSTSALLOWLIST::ETCHOSTSALLOWLIST( ) - { - fprintf(stderr,"ETCHOSTSALLOWLIST::ETCHOSTSALLOWLIST\n"); - } - - PRIVATE char * ETCHOSTSALLOWLIST::next_word( char *d, char *s, int size ) - { - while ( *s ) { - switch ( *s ) { - case ' ': - case ':': - case '\t': - s++; - continue; - default: - break; - } - break; - } - for ( size--; *s && size; size-- ) { - switch ( *s ) { - case ':': - case '\n': - *d = '\0'; - return( s ); - case '#': - *d++ = *s++; - *d = '\0'; - return( s ); - default: - *d++ = *s++; - break; - } - } - *d = '\0'; - return( s ); - } - - PUBLIC void ETCHOSTSALLOWLIST::add_service( int line_number, VIEWITEM *item ) - { - //fprintf(stderr,"etchostsallow.cc: add_service: item->line.get()=%s\n", item->line.get()); - ETCHOSTSALLOW *etchostsallow = NULL; - char word[1024]; - char *line = (char *)item->line.get(); - char *p = line; - if ( *p && *p == '#' ) { - return; - } - if ( strlen( p ) < 3 ) return; - int field = 1; - int valid_keywords = 0; - while ( 1 ) { - p = next_word( word, p, sizeof( word )); - if ( strlen( word ) == 0 ) { - break; - } - fprintf(stderr,"etchostsallow.cc: add_service: field=%d word=\"%s\" length=%d\n", field, word, strlen(word)); - switch ( field ) { - case K_FIELD_SERVICE: - etchostsallow = new ETCHOSTSALLOW(); - etchostsallow->service.setfrom( word ); - valid_keywords++; - field++; - break; - case K_FIELD_CLIENT: - if ( etchostsallow->client.is_empty( ) ) { - etchostsallow->client.setfrom( word ); - } else { - etchostsallow->client.append( " " ); - etchostsallow->client.append( word ); - } - field++; - valid_keywords++; - break; - case K_FIELD_COMMAND: - if ( etchostsallow->command.is_empty( ) ) { - etchostsallow->command.setfrom( word ); - } else { - etchostsallow->command.append( " " ); - etchostsallow->command.append( word ); - } - break; - } - } - if ( valid_keywords > 1 ) { - etchostsallow->etchostsallow_line = line_number; - add( etchostsallow ); - } else { - delete( etchostsallow ); - } - return; - } - - /** - * Read config file and parse etc/services - */ - PUBLIC void ETCHOSTSALLOWLIST::read() - { - if ( inetdconflist == NULL ) { - inetdconflist = new INETDCONFLIST(); - inetdconflist->read( ); - } - VIEWITEMS items; - items.setcomcar( '\002' ); // Set comment to "impossible" char - items.read( f_config_file ); // Read config file - fprintf(stderr,"ETCHOSTSALLOWLIST::read items.getnb()=%d\n", items.getnb()); - for ( int i=0; i<items.getnb(); i++ ) { - VIEWITEM *item = items.getitem( i ); - add_service( i, item ); - } - /* - * Last modified set when config file read or written. - */ - modified_time = file_date( f_config_file.getpath() ); - } - - /** - * Edit etchostsallowlist - */ - PUBLIC int ETCHOSTSALLOWLIST::edit() - { - fprintf(stderr,"ETCHOSTSALLOWLIST::edit\n"); - DIALOG_RECORDS dia; - int nof = 0; - int ret = -1; - while (1) { - fprintf(stderr,"ETCHOSTSALLOWLIST::edit: getnb()=%d\n", getnb()); - dia.newf_head ("",MSG_U(H_ETCHOSTSALLOW,"Service\tClient")); - for (int i=0; i<getnb(); i++) { - ETCHOSTSALLOW *etchostsallow = getitem(i); - fprintf(stderr,"ETCHOSTSALLOWLIST::edit: service=%s client=%s\n", etchostsallow->service.get(), etchostsallow->client.get()); - dia.set_menuitem( i, etchostsallow->service.get(), etchostsallow->client.get()); - } - dia.addwhat (MSG_U(I_ADDETCHOSTSALLOW,"Select [Add] to add a new service\n")); - // Remove extra fields - // dia.getnb() includes the header - while ( dia.getnb() > getnb()+1 ) { - fprintf(stderr,"etchostsallow.cc: edit: dia.remove_del\n"); - dia.remove_del( getnb()+1 ); - } - MENU_STATUS code = dia.editmenu (MSG_U(T_ETCHOSTSALLOWLIST,"Allowed access") - ,MSG_U(I_ETCHOSTSALLOWLIST, - "This is the list of all services which\n" - "presently are allowed in the system.\n" - ) - ,help_etchostsallow - ,nof,MENUBUT_ADD); - if (code == MENU_QUIT || code == MENU_ESCAPE) { - break; - } else if (code == MENU_ADD) { - ETCHOSTSALLOW *etchostsallow = new ETCHOSTSALLOW; - etchostsallow->new_etchostsallow = true; - add( etchostsallow ); - ret = editone(etchostsallow); - } else { - ETCHOSTSALLOW *etchostsallow = getitem( nof ); - etchostsallow->new_etchostsallow = false; - fprintf(stderr,"editone: %s\n", etchostsallow->service.get()); - ret = editone(nof); - } - fprintf(stderr,"etchostsallow.cc: ETCHOSTSALLOWLIST::edit: ret=%d\n", ret); - /* - * ret = 1: Delete - * ret = 0: Add - */ - etchostsallowlist->remove_all(); - etchostsallowlist->read(); - config_file_modified = false; - } - return ret; - } - - PUBLIC void etchostsallow_edit( void ) - { - //fprintf(stderr,"etchostsallow_edit\n"); - etchostsallowlist = new ETCHOSTSALLOWLIST(); - etchostsallowlist->read(); - etchostsallowlist->edit(); - delete etchostsallowlist; - etchostsallowlist = NULL; - if ( inetdconflist != NULL ) { - delete inetdconflist; - inetdconflist = NULL; - } - } - --- 0 ---- *** 1.17r3/linuxconf/modules/inetdconf/etchostsallow.h Tue Dec 21 18:17:23 1999 --- 1,17r4/linuxconf/modules/inetdconf/etchostsallow.h *************** *** 1,40 **** - #pragma interface - #include <fviews.h> - - class ETCHOSTSALLOW: public ARRAY_OBJ { - private: - void init (void); - int input_error( ); - void modify_service( VIEWITEM *item ); - public: - SSTRING service; // - SSTRING add_service; // - SSTRING client; // - SSTRING command; // - SSTRING comment; // - bool new_etchostsallow; // - int etchostsallow_line; // Line number in file /etc/hosts.allow - /*~PROTOBEG~ ETCHOSTSALLOW */ - public: - ETCHOSTSALLOW (const char *_service_name); - ETCHOSTSALLOW ( void ); - int edit( void ); - int write( int button ); - public: - /*~PROTOEND~ ETCHOSTSALLOW */ - }; - - class ETCHOSTSALLOWLIST: public ARRAY { - private: - char *next_word( char *d, char *s, int size ); - void add_service( int line, VIEWITEM *item ); - /*~PROTOBEG~ ETCHOSTSALLOWLIST */ - public: - ETCHOSTSALLOWLIST( ); - ETCHOSTSALLOW *getitem (const char *id) const; - ETCHOSTSALLOW *getitem (int negative) const; - void read (void); - int edit (void); - /*~PROTOEND~ ETCHOSTSALLOWLIST */ - }; - --- 0 ---- *** 1.17r3/linuxconf/modules/inetdconf/fwedit.cc --- 1,17r4/linuxconf/modules/inetdconf/fwedit.cc Wed Feb 16 13:55:43 2000 *************** *** 0 **** --- 1,550 ---- + #pragma implementation + #include <stdio.h> + #include <stdlib.h> + #include <string.h> + #include <ctype.h> + #include <misc.h> + #include <configf.h> + #include <userconf.h> + #include <translat.h> + #include <subsys.h> + #include <netconf.h> + #include <fviews.h> + #include "inetdconf.h" + #include "inetdconf.m" + #include "etcservice.h" + #include "fwport.h" + #include "../../paths.h" + + #define PROC_SYS_NET_IPV4_IPLOCAL_PORT_RANGE "/proc/sys/net/ipv4/ip_local_port_range" + + /* + * class DAEMON_DIALD + */ + #include <netconf.h> + #include <daemoni.h> + #include <signal.h> + + static HELP_FILE help_firewall ("inetdconf","firewall"); + + static CONFIG_FILE f_config_file( + "/usr/lib/linuxconf/lib/inetdconfFW.sh" + ,help_firewall + ,CONFIGF_OPTIONAL|CONFIGF_GENERATED + ,"root" + ,"root" + ,0700 + ,subsys_inetdconf); + + class FW { + private: + void append_to_dialog( DIALOG *dia, FWPORT *fwport ); + void check_status( ); + int config_file_existed; // Flag: file exists before write + public: + SSTRING internet_ip; // Local internet adress + SSTRING internet_interface; // Local internet interface + SSTRINGS other_ip; // Other network routes + SSTRINGS other_if; // Other interface routes + SSTRINGS other_mask; // Other routes masks + FWPORTLIST *fwportlist; // Active servers + ETCSERVICELIST *etcservicelist; // /etc/services + char active; // 1: Set firewall + char dynamic_ip; // 1: Dynamic ip address + char log_denied; // 1: Log denied packets in syslog + int ip_forward; // /proc/sys/net/ipv4/ip_forward + int ip_dynaddr; // /proc/sys/net/ipv4/ip_dynaddr + int port_low; // ip_local_port_range: From + int port_high; // ip_local_port_range: To + public: + FW( void ); + int internet_route( void ); + int edit( void ); + int write( void ); + int input_error( void ); + ~FW( void ); + }; + + + PUBLIC FW::FW( void ) + { + etcservicelist = new ETCSERVICELIST(); + etcservicelist->read(); + fwportlist = new FWPORTLIST(); + fwportlist->read(); + fwportlist->sort(); + fwportlist->update_from_db(); + + FILE *fp = NULL; + #if 0 + // Apparently this does not work or there is something I dont + // understand. A firewall I set up used default values 1024-4999 + // which denied packets on ports above 61000 ... which should + // not have been allocated in the first place! + FILE *fp = fopen( PROC_SYS_NET_IPV4_IPLOCAL_PORT_RANGE, "r" ); + if ( fp != NULL ) { + fscanf( fp, "%d %d", &port_low, &port_high ); + fclose( fp ); + } else { + port_low = 1024; + port_high = 65535; + } + #endif + port_low = 1024; + port_high = 65535; + + fp = fopen( PROC_SYS_NET_IPV4_DYNADDR, "r" ); + if ( fp != NULL ) { + fscanf( fp, "%d", &ip_dynaddr ); + fclose( fp ); + } else { + ip_dynaddr = 0; + } + fp = fopen( PROC_SYS_IP_FORWARD, "r" ); + if ( fp != NULL ) { + fscanf( fp, "%d", &ip_forward ); + fclose( fp ); + } else { + ip_forward = 0; + } + //fprintf(stderr, "FW::FW: port_low=%d port_high=%d ip_forward=%d ip_dynaddr=%d\n", port_low, port_high, ip_forward, ip_dynaddr ); + active = (char)linuxconf_getvalnum( K_FIREWALL, K_ACTIVE, 0 ); + dynamic_ip=(char)linuxconf_getvalnum(K_FIREWALL,K_DYNAMIC_IP,ip_dynaddr?1:0); + log_denied=(char)linuxconf_getvalnum(K_FIREWALL,K_LOG_DENIED,0); + } + + PUBLIC FW::~FW( void ) + { + delete fwportlist; + delete etcservicelist; + } + + /* + * Find route to the internet. + */ + PUBLIC int FW::internet_route( void ) + { + ROUTES routes; + ROUTE *defaultroute = NULL; + routes.readactive(); + for ( int i=0; i<routes.getnb(); i++ ) { + ROUTE *route = routes.getitem(i); + //fprintf(stderr,"%s %s %s %s %s\n", route->getdst(), route->getgateway(), route->getmask(), route->getiface(), (route->dst_is_host())?"Host":"Net"); + if ((strcmp( route->getdst(), "default" ) == 0 ) + /* + * Do not accept sl0 as the route to internet as this will be + * replaced by ppp0 by diald + */ + && ( strncmp( route->getiface(), "lo", 2 ) != 0 ) ) { + if ( strcmp( route->getgateway(), route->getiface() ) == 0 ) { + defaultroute = route; + break; + } else { + internet_ip.setfrom( route->getgateway() ); + internet_interface.setfrom( route->getiface() ); + //fprintf(stderr,"default: %s %s %s %s\n", route->getdst(), route->getgateway(), route->getmask(), route->getiface()); + return( 1 ); + } + } else if ( ! route->dst_is_host() ) { + other_ip.add( new SSTRING( route->getdst() )); + other_if.add( new SSTRING( route->getiface() )); + other_mask.add( new SSTRING( route->getmask() )); + } + } + if ( defaultroute == NULL ) { + return( 0 ); + } + for ( int i=0; i<routes.getnb(); i++ ) { + ROUTE *route = routes.getitem(i); + if ((strcmp( route->getiface(), defaultroute->getiface() ) == 0) + && ( route->dst_is_host() )) { + //fprintf(stderr,"internet: %s %s %s %s\n", route->getdst(), route->getgateway(), route->getmask(), route->getiface()); + internet_ip.setfrom( route->getdst() ); + internet_interface.setfrom( route->getiface() ); + return( 1 ); + } + } + return( 0 ); + } + + + PUBLIC int FW::write( void ) + { + if ( ! perm_rootaccess( MSG_U(P_EDITFIREWALL, + "change internet firewall") ) ) { + return( -1 ); + } + config_file_existed = f_config_file.exist(); + /* + * Update linuxconf database + */ + linuxconf_setcursys( subsys_inetdconf ); + linuxconf_replace( K_FIREWALL, K_ACTIVE, active ); + linuxconf_replace( K_FIREWALL, K_DYNAMIC_IP, dynamic_ip ); + linuxconf_replace( K_FIREWALL, K_LOG_DENIED, log_denied ); + for (int i=0; i<fwportlist->getnb(); i++ ) { + FWPORT *fwport = fwportlist->getitem( i ); + char service[100]; + snprintf( service, sizeof(service), + "%s/%d", fwport->protocol.get(), fwport->port); + if ( fwport->active ) { + linuxconf_replace( K_FIREWALL, service, fwport->active); + } else { + linuxconf_removeall( K_FIREWALL, service ); + } + } + linuxconf_save( (PRIVILEGE *)NULL ); + if ( ! active ) { + return( 0 ); + } + + const char *ipchains = daemon_findpath( "ipchains" ); + FILE *fout = f_config_file.fopen( (PRIVILEGE *)NULL, "w" ); + fprintf( fout, "#!/bin/sh\n" ); + fprintf( fout, "# Created by Linuxconf (module: inetdconf)\n" ); + fprintf( fout, "#\n" ); + fprintf( fout, "command=$1;\n" ); + fprintf( fout, "internet_interface=$2;\n" ); + fprintf( fout, "ip=$3;\n" ); + fprintf( fout, "\n" ); + fprintf( fout, "\n" ); + + fprintf( fout, "start_firewall() {\n" ); + /* + * Forward: Flush & set policy DENY, allow local interfaces with MASQ. + * Log the rest on this particular interface. + */ + fprintf( fout, "\t%s -F forward;\n", ipchains ); + fprintf( fout, "\t%s -P forward DENY;\n", ipchains ); + for (int i=0; i<other_ip.getnb(); i++ ) { + SSTRING *iface = other_if.getitem( i ); + SSTRING *ip = other_ip.getitem( i ); + SSTRING *mask = other_mask.getitem( i ); + if ( strncmp( iface->get(), "lo", 2 ) != 0 ) { + fprintf( fout, + "\t%s -A forward -s %s/%s -j MASQ -b;\n", + ipchains, ip->get(), mask->get() ); + fprintf( fout, "\t%s -A forward -j DENY -l;\n", ipchains ); + } + } + + /* + * Input: Flush & set policy DENY, allow local interfaces. + */ + fprintf( fout, "\t%s -F input;\n", ipchains ); + fprintf( fout, "\t%s -P input DENY;\n", ipchains ); + for (int i=0; i<other_ip.getnb(); i++ ) { + SSTRING *iface = other_if.getitem( i ); + // SSTRING *ip = other_ip.getitem( i ); + // SSTRING *mask = other_mask.getitem( i ); + fprintf( fout, "\t%s -A input -i %s -j ACCEPT;\n", + ipchains, iface->get() ); + } + /* + * Allow icmp + */ + fprintf( fout, "\t%s -A input -p %s -d $ip/32 -j ACCEPT;\n", + ipchains, + "icmp" + ); + /* + * Allow specified ports + */ + for (int i=0; i<fwportlist->getnb(); i++ ) { + FWPORT *fwport = fwportlist->getitem( i ); + if ( ! fwport->active ) continue; + ETCSERVICE *etcservice = etcservicelist->getitem( fwport->protocol.get(), fwport->port); + char port[10]; + snprintf( port, sizeof(port), "%d", fwport->port ); + const char *service = ""; + if ( etcservice != NULL ) { + service = etcservice->service_name.get(); + } else { + service = port; + } + fprintf( fout, "\t%s -A input -i %s -p %s -d $ip/32 %s -j ACCEPT;\n", + ipchains, + internet_interface.get(), + fwport->protocol.get(), + service + ); + } + /* + * Allow ports from port_low to port_high : tcp and udp + */ + fprintf( fout, "\t%s -A input -i %s -p %s -d $ip/32 %d:%d -j ACCEPT;\n", + ipchains, + internet_interface.get(), + "tcp", + port_low, + port_high + ); + fprintf( fout, "\t%s -A input -i %s -p %s -d $ip/32 %d:%d -j ACCEPT;\n", + ipchains, + internet_interface.get(), + "udp", + port_low, + port_high + ); + /* + * Log denied packets to syslog + */ + if ( log_denied ) { + fprintf( fout, "\t%s -A input -j DENY -l;\n", + ipchains + ); + } + fprintf( fout, "}\n" ); + fprintf( fout, "\n" ); + fprintf( fout, "\n" ); + fprintf( fout, "stop_firewall() {\n" ); + fprintf( fout, "\t%s -F input;\n", ipchains ); + fprintf( fout, "\t%s -P input ACCEPT;\n", ipchains ); + fprintf( fout, "}\n" ); + fprintf( fout, "\n" ); + fprintf( fout, "\n" ); + fprintf( fout, "case $command in\n" ); + fprintf( fout, "\tstart)\n" ); + fprintf( fout, "\t\tcase $internet_interface in\n" ); + fprintf( fout, "\t\t\t%s)\n", internet_interface.get() ); + fprintf( fout, "\t\t\t\tstart_firewall;\n" ); + fprintf( fout, "\t\t\t\t;;\n" ); + fprintf( fout, "\t\tesac\n" ); + fprintf( fout, "\t\t;;\n" ); + fprintf( fout, "\tstatus)\n" ); + fprintf( fout, "\t\t%s -L -v;\n", ipchains ); + fprintf( fout, "\t\t;;\n" ); + fprintf( fout, "\tstop)\n" ); + fprintf( fout, "\t\tstop_firewall;\n" ); + fprintf( fout, "\t\t;;\n" ); + fprintf( fout, "\t*)\n" ); + fprintf( fout, "\t\techo \"Usage: $0 {start %s ip|stop|status}\"\n", + internet_interface.get() ); + fprintf( fout, "\t\texit 1\n" ); + fprintf( fout, "\t;;\n" ); + fprintf( fout, "esac\n" ); + + fprintf( fout, "exit 0\n" ); + + return( fclose( fout ) ); + } + + PRIVATE void FW::check_status( ) + { + if ( ! config_file_existed ) { + xconf_notice( MSG_U(I_SCRIPT_CREATED, + "Executable script (%s) has been created.\n" + "This script should be executed when the internet interface %s is brought up.\n" + "\n" + "For a dynamic ip address start it by (in %s):\n" + "%s start $1 $4\n" + "\n" + "or for a static ip address in a rc-script:\n" + "%s start %s %s\n" + ), f_config_file.getpath(), + internet_interface.get(), + ETC_PPP_IPUP, + f_config_file.getpath(), + f_config_file.getpath(), + internet_interface.get(), + internet_ip.get() + ); + } + } + + PRIVATE void FW::append_to_dialog( DIALOG *dia, FWPORT *fwport ) + { + ETCSERVICE *etcservice = etcservicelist->getitem( fwport->protocol.get(), fwport->port); + const char *service = ""; + if ( etcservice != NULL ) { + service = etcservice->service_name.get(); + } + char text[100]; + snprintf( text, sizeof( text ), "%d/%s %s %s:%d %s %s", + fwport->port, + service, + MSG_U(T_IN,"in"), + fwport->program.get(), + fwport->pid, + MSG_U(T_BY,"by"), + fwport->user.get() + ); + dia->newf_chk( "", fwport->active, text); + } + + PUBLIC int FW::edit( void ) + { + //fprintf(stderr,"FW::edit: inferface=%s ip=%s fwportlist->getnb()=%d\n",internet_interface.get(), internet_ip.get(), fwportlist->getnb()); + + DIALOG dia; + + + dia.newf_title (MSG_U(T_BASICFWINFO,"Basic information") + ,1,"",MSG_R(T_BASICFWINFO)); + dia.newf_chk( MSG_U(F_ENABLE_FIREWALL,"Internet input filter firewall"), active, MSG_U(F_ACTIVE,"Active" ) ); + dia.newf_chk( MSG_U(F_DYNAMIC_IP,"Dynamic ip address"), dynamic_ip, "" ); + dia.newf_chk( MSG_U(F_LOG_DENIED,"Denied packets logged in system log"), log_denied, "" ); + dia.newf_info( MSG_U(F_INTERNET_INTERFACE, "Internet interface"), + internet_interface.get() ); + dia.newf_info( MSG_U(F_INTERNET_IP, "Internet ip address"), + internet_ip.get() ); + dia.newf_info( MSG_U(F_IP_FORWARD, "Kernel ip forward"), + ip_forward?MSG_U(F_YES,"Yes"):MSG_U(F_NO,"No") ); + dia.newf_info( MSG_U(F_IP_DYNADDR, "Kernel dynamic ip"), + ip_forward?MSG_R(F_YES):MSG_R(F_NO) ); + + dia.newf_title (MSG_U(T_INTERNET,"Internet") + ,1,"",MSG_R(T_INTERNET)); + dia.newf_title ("",MSG_U(T_ALLOWED_SERVICES, + "Allowed services from the internet")); + #if 0 + #endif + dia.newf_title( MSG_U(T_ACTIVE_SERVICES_TCP,"TCP") ,2,"",MSG_R(T_ACTIVE_SERVICES_TCP)); + for (int i=0; i<fwportlist->getnb(); i++ ) { + FWPORT *fwport = fwportlist->getitem( i ); + if ( fwport->protocol.cmp( "tcp" ) == 0 ) { + append_to_dialog( &dia, fwport ); + } + } + #if 0 + #endif + dia.newf_title( MSG_U(T_ACTIVE_SERVICES_UDP,"UDP") ,2,"",MSG_R(T_ACTIVE_SERVICES_UDP)); + for (int i=0; i<fwportlist->getnb(); i++ ) { + FWPORT *fwport = fwportlist->getitem( i ); + if ( fwport->protocol.cmp( "udp" ) == 0 ) { + append_to_dialog( &dia, fwport ); + } + } + for (int i=0; i<other_ip.getnb(); i++ ) { + SSTRING *ip = other_ip.getitem( i ); + SSTRING *iface = other_if.getitem( i ); + SSTRING *mask = other_mask.getitem( i ); + dia.newf_title ( iface->get(),1,"",iface->get()); + dia.newf_info( MSG_U(I_INTERFACE, + "Full access to this interface"), iface->get() ); + dia.newf_info( MSG_U(F_NETWORK_ADDRESS, + "Network address"), ip->get()); + dia.newf_info( MSG_U(F_NETWORK_MASK, + "Network mask"),mask->get()); + } + //fprintf(stderr,"FW::edit: OK\n"); + int ret = 0; + int choice = 0; + while (1) { + MENU_STATUS code = dia.edit( + MSG_U(T_FIREWALL, "Input firewall") + ,MSG_U(I_FIREWALL, + "This simple input filter firewall for internet interface blocks every connection unless it is\n" + "allowed in this dialog. Internal network is masqueraded and icmp is allowed." + ) + ,help_firewall + ,choice + ,(MENUBUT_CANCEL|MENUBUT_ACCEPT) + ); + if (code == MENU_CANCEL || code == MENU_ESCAPE){ + ret = -1; + break; + }else if (code == MENU_ACCEPT ) { + if ( input_error( ) ) { + continue; + } + ret = 0; + write( ); + check_status(); + break; + } + } + return ret; + } + + PUBLIC int FW::input_error( void ) + { + if ( dynamic_ip && ip_dynaddr == 0 ) { + xconf_error( MSG_U(E_IP_DYNADDR, + "You want dynamic ip address but this is\n" + "not active in the kernel\n")); + return( 1 ); + } + if ( ip_forward == 0 ) { + xconf_notice( MSG_U(E_IP_FORWARD, + "Forwarding of ip traffic is not active in\n" + "the kernel. This is not needed for the\n" + "firewall but you will not reach the internet\n" + "from a local network.\n") ); + } + return( 0 ); + } + /* + * DAEMON_DIALD + */ + class PROC; + class DAEMON_DIALD { + private: + public: + PROC *myProcess; + public: + DAEMON_DIALD(); + PROC *getdaemonprocess( void ); + }; + + PUBLIC DAEMON_DIALD::DAEMON_DIALD() + { + myProcess = getdaemonprocess(); + } + + PUBLIC PROC *DAEMON_DIALD::getdaemonprocess() + { + PROC *myProcess = NULL; + char pidpath[PATH_MAX]; + sprintf (pidpath,"%s.pid","/var/run/diald"); + CONFIG_FILE f_pid ( pidpath, help_nil + ,CONFIGF_OPTIONAL|CONFIGF_MANAGED + ,"root","root",0600); + if ( f_pid.exist ()){ + myProcess = process_find ("diald", &f_pid); + } + return( myProcess ); + } + + PUBLIC void firewall_edit( ) + { + if ( ! kernel_newer( 2,2,0 ) ) { + xconf_error( MSG_U( E_OLD_KERNEL, + "Sorry, your kernel is too old for this function.\n" + "Version at least 2.2.0 required\n" + ) ); + return; + } + + FW fw; + fw.internet_route(); + + if ( strncmp( fw.internet_interface.get(), "sl", 2 ) == 0 ) { + DAEMON_DIALD myDiald; + if ( myDiald.myProcess != NULL ) { + xconf_error( MSG_U( E_NOT_UP, + "Route to the internet is not valid.\n" + "Diald is running but the link is not active.\n" + "Can not determine the route to the internet!\n" + ) ); + return; + } + } + if ( fw.internet_interface.is_empty() ) { + xconf_error( MSG_U( E_NODEFAULT_ROUTE, + "Can not determine the route to the internet!\n" + "The search is based on internet being the default\n" + "route.\n") ); + return; + } + //fprintf(stderr,"firewall_edit: fw.internet_ip=%s fw.internet_interface=%s\n", fw.internet_ip.get(), fw.internet_interface.get()); + if ( fw.fwportlist->getnb() == 0 ) { + xconf_error( MSG_U( E_NOPORTLIST, + "No active services could be located in this system.\n" + "If this is correct there is no need for a firewall.\n" + ) ); + return; + } + + fw.edit( ); + } *** 1.17r3/linuxconf/modules/inetdconf/fwinput.cc --- 1,17r4/linuxconf/modules/inetdconf/fwinput.cc Wed Feb 16 22:59:34 2000 *************** *** 0 **** --- 1,21 ---- + #include <stdio.h> + #include <stdlib.h> + #include <string.h> + #include <ctype.h> + #include <misc.h> + + class FWINPUT { + private: + public: + public: + FWINOUT( void ); + read( void ); + }; + + PUBLIC FWINPUT::FWINPUT( void ) + { + } + + PUBLIC void read( void ) + { + } *** 1.17r3/linuxconf/modules/inetdconf/fwport.cc --- 1,17r4/linuxconf/modules/inetdconf/fwport.cc Mon Jan 31 14:06:19 2000 *************** *** 0 **** --- 1,737 ---- + #pragma implementation + /* + * Most of this source is copied directly from net-tools-1.54/netstat.c. + * + * Adapted to Linuxconf by Torbj�rn Gard + */ + #include <errno.h> + #include <stdio.h> + #include <stdlib.h> + #include <string.h> + #include <strings.h> + #include <unistd.h> + #include <ctype.h> + #include <fcntl.h> + #include <netdb.h> + #include <paths.h> + #include <pwd.h> + + #include <misc.h> + #include <translat.h> + #include "inetdconf.h" + #include "fwport.h" + + + #include <sys/types.h> + #include <sys/param.h> + #include <sys/socket.h> + #include <netinet/in.h> + #include <arpa/inet.h> + #include <arpa/nameser.h> + #include <resolv.h> + #include <netdb.h> + #include <sys/ioctl.h> + #include <net/if.h> + #include <dirent.h> + + #include "lib/pathnames.h" + #include "lib/net-support.h" + #include "lib/util.h" + + #define HAS_INODE 1 + #define PROGNAME_WIDTH 20 + + int flag_inet; + int flag_inet6; + + static int flag_not = 1; + static int flag_tcp = 1; + static int flag_udp = 1; + static int flag_arg = 0; + + FILE *procinfo; + + #define INFO_GUTS1(file,name,proc) \ + procinfo = fopen((file), "r"); \ + if (procinfo == NULL) { \ + if (errno != ENOENT) { \ + perror((file)); \ + return -1; \ + } \ + rc = 1; \ + } else { \ + do { \ + if (fgets(buffer, sizeof(buffer), procinfo)) \ + (proc)(lnr++, buffer); \ + } while (!feof(procinfo)); \ + fclose(procinfo); \ + } + + #if HAVE_AFINET6 + #define INFO_GUTS2(file,proc) \ + lnr = 0; \ + procinfo = fopen((file), "r"); \ + if (procinfo != NULL) { \ + do { \ + if (fgets(buffer, sizeof(buffer), procinfo)) \ + (proc)(lnr++, buffer); \ + } while (!feof(procinfo)); \ + fclose(procinfo); \ + } + #else + #define INFO_GUTS2(file,proc) + #endif + + #define INFO_GUTS3 \ + return rc; + + #define INFO_GUTS6(file,file6,name,proc) \ + char buffer[8192]; \ + int rc = 0; \ + int lnr = 0; \ + if (!flag_arg || flag_inet) { \ + INFO_GUTS1(file,name,proc) \ + } \ + if (!flag_arg || flag_inet6) { \ + INFO_GUTS2(file6,proc) \ + } \ + INFO_GUTS3 + + #define INFO_GUTS(file,name,proc) \ + char buffer[8192]; \ + int rc = 0; \ + int lnr = 0; \ + INFO_GUTS1(file,name,proc) \ + INFO_GUTS3 + + typedef enum { + SS_FREE = 0, /* not allocated */ + SS_UNCONNECTED, /* unconnected to any socket */ + SS_CONNECTING, /* in process of connecting */ + SS_CONNECTED, /* connected to socket */ + SS_DISCONNECTING /* in process of disconnecting */ + } socket_state; + + enum { + TCP_ESTABLISHED = 1, + TCP_SYN_SENT, + TCP_SYN_RECV, + TCP_FIN_WAIT1, + TCP_FIN_WAIT2, + TCP_TIME_WAIT, + TCP_CLOSE, + TCP_CLOSE_WAIT, + TCP_LAST_ACK, + TCP_LISTEN, + TCP_CLOSING /* now a valid state */ + }; + + #define SO_ACCEPTCON (1<<16) /* performed a listen */ + #define SO_WAITDATA (1<<17) /* wait data to read */ + #define SO_NOSPACE (1<<18) /* no space to write */ + + #define PROGNAME_WIDTHs PROGNAME_WIDTH1(PROGNAME_WIDTH) + #define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s) + #define PROGNAME_WIDTH2(s) #s + + #define PRG_HASH_SIZE 211 + + static struct prg_node { + struct prg_node *next; + int inode; + char name[PROGNAME_WIDTH]; + } *prg_hash[PRG_HASH_SIZE]; + + static char prg_cache_loaded = 0; + + #define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE) + + #define PROGNAME_BANNER "PID/Program name" + + #define print_progname_banner() do { printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0) + + #define PRG_LOCAL_ADDRESS "local_address" + #define PRG_INODE "inode" + #define PRG_SOCKET_PFX "socket:[" + #define PRG_SOCKET_PFXl (strlen(PRG_SOCKET_PFX)) + + #ifndef LINE_MAX + #define LINE_MAX 4096 + #endif + + #define PATH_PROC "/proc" + #define PATH_FD_SUFF "fd" + #define PATH_FD_SUFFl strlen(PATH_FD_SUFF) + #define PATH_PROC_X_FD PATH_PROC "/%s/" PATH_FD_SUFF + #define PATH_CMDLINE "cmdline" + #define PATH_CMDLINEl strlen(PATH_CMDLINE) + /* NOT working as of glibc-2.0.7: */ + #undef DIRENT_HAVE_D_TYPE_WORKS + + static void prg_cache_add(int inode, char *name) + { + unsigned hi = PRG_HASHIT(inode); + struct prg_node **pnp,*pn; + + prg_cache_loaded=2; + for (pnp=prg_hash+hi;(pn=*pnp);pnp=&pn->next) { + if (pn->inode==inode) { + /* Some warning should be appropriate here + as we got multiple processes for one i-node */ + return; + } + } + if (!(*pnp=(prg_node *)malloc(sizeof(**pnp)))) + return; + pn=*pnp; + pn->next=NULL; + pn->inode=inode; + if (strlen(name)>sizeof(pn->name)-1) + name[sizeof(pn->name)-1]='\0'; + strcpy(pn->name,name); + } + + static const char *prg_cache_get(int inode) + { + unsigned hi=PRG_HASHIT(inode); + struct prg_node *pn; + + for (pn=prg_hash[hi];pn;pn=pn->next) + if (pn->inode==inode) return(pn->name); + return("-"); + } + + static void prg_cache_clear(void) + { + struct prg_node **pnp,*pn; + + if (prg_cache_loaded == 2) + for (pnp=prg_hash;pnp<prg_hash+PRG_HASH_SIZE;pnp++) + while ((pn=*pnp)) { + *pnp=pn->next; + free(pn); + } + prg_cache_loaded=0; + } + + static void prg_cache_load(void) + { + char line[LINE_MAX],*serr,eacces=0; + int procfdlen,fd,cmdllen,lnamelen; + char lname[30],cmdlbuf[512],finbuf[PROGNAME_WIDTH]; + long inode; + const char *cs,*cmdlp; + DIR *dirproc=NULL,*dirfd=NULL; + struct dirent *direproc,*direfd; + + if (prg_cache_loaded ) return; + prg_cache_loaded=1; + cmdlbuf[sizeof(cmdlbuf)-1]='\0'; + if (!(dirproc=opendir(PATH_PROC))) { + /* + * FIXME: ErrorMsg + */ + return; + } + while (errno=0,direproc=readdir(dirproc)) { + #ifdef DIRENT_HAVE_D_TYPE_WORKS + if (direproc->d_type!=DT_DIR) continue; + #endif + for (cs=direproc->d_name;*cs;cs++) + if (!isdigit(*cs)) + break; + if (*cs) + continue; + procfdlen=snprintf(line,sizeof(line),PATH_PROC_X_FD,direproc->d_name); + if (procfdlen<=0 || (unsigned int)procfdlen>=sizeof(line)-5) + continue; + errno=0; + dirfd=opendir(line); + if (! dirfd) { + if (errno==EACCES) + eacces=1; + continue; + } + line[procfdlen] = '/'; + cmdlp = NULL; + while ((direfd = readdir(dirfd))) { + #ifdef DIRENT_HAVE_D_TYPE_WORKS + if (direfd->d_type!=DT_LNK) + continue; + #endif + if (procfdlen+1+strlen(direfd->d_name)+1>sizeof(line)) + continue; + memcpy(line + procfdlen - PATH_FD_SUFFl, PATH_FD_SUFF "/", + PATH_FD_SUFFl+1); + strcpy(line + procfdlen + 1, direfd->d_name); + lnamelen=readlink(line,lname,sizeof(lname)); + if ((unsigned int)lnamelen < strlen(PRG_SOCKET_PFX+2)) + continue; + if (memcmp(lname, PRG_SOCKET_PFX, PRG_SOCKET_PFXl) + || lname[lnamelen-1]!=']') + continue; + lname[lnamelen-1]='\0'; + inode = strtol(lname+PRG_SOCKET_PFXl,&serr,0); + if (!serr || *serr || inode < 0 || inode >= INT_MAX) + continue; + + if (!cmdlp) { + if (procfdlen - PATH_FD_SUFFl + PATH_CMDLINEl >= + sizeof(line) - 5) + continue; + strcpy(line + procfdlen-PATH_FD_SUFFl, PATH_CMDLINE); + fd = open(line, O_RDONLY); + if (fd < 0) + continue; + cmdllen = read(fd, cmdlbuf, sizeof(cmdlbuf) - 1); + if (close(fd)) + continue; + if (cmdllen == -1) + continue; + if ((unsigned int)cmdllen < sizeof(cmdlbuf) - 1) + cmdlbuf[cmdllen]='\0'; + if ((cmdlp = strrchr(cmdlbuf, '/'))) + cmdlp++; + else + cmdlp = cmdlbuf; + } + + snprintf(finbuf, sizeof(finbuf), "%s %s", direproc->d_name, cmdlp); + prg_cache_add(inode, finbuf); + } + closedir(dirfd); + dirfd = NULL; + } + if (dirproc) + closedir(dirproc); + if (dirfd) + closedir(dirfd); + } + + /*********************************************************************** + * From net-tools-1.54/lib/af.c: + */ + #define HAVE_AFINET 1 + + /* + * From net-tools-1.54/lib/util.c: + */ + /* Like strncpy but make sure the resulting string is always 0 terminated. */ + char *safe_strncpy(char *dst, const char *src, size_t size) + { + dst[size-1] = '\0'; + return strncpy(dst,src,size-1); + } + /* + * From net-tools-1.54/lib/inet.c: + */ + + /* cache */ + struct addr { + struct sockaddr_in addr; + char *name; + int host; + struct addr *next; + }; + + static int INET_rresolve(char *name, size_t len, struct sockaddr_in *sin, + int numeric, unsigned int netmask) + { + unsigned long ad; + + /* Grmpf. -FvK */ + if (sin->sin_family != AF_INET) { + #ifdef DEBUG + fprintf(stderr, "rresolve: unsupport address family %d !\n", sin->sin_family); + #endif + errno = EAFNOSUPPORT; + return (-1); + } + ad = (unsigned long) sin->sin_addr.s_addr; + #ifdef DEBUG + fprintf (stderr, "rresolve: %08lx, mask %08x, num %08x %08lx\n", ad, netmask, numeric, INADDR_ANY); + #endif + if (ad == INADDR_ANY) { + if ((numeric & 0x0FFF) == 0) { + if (numeric & 0x8000) + safe_strncpy(name, "default", len); + else + safe_strncpy(name, "*", len); + return (0); + } else { + safe_strncpy(name, "*", len); + return (0); + } + } + safe_strncpy(name, inet_ntoa(sin->sin_addr), len); + return (0); + } + + /* Display an Internet socket address. */ + static char *INET_sprint(struct sockaddr *sap, int numeric) + { + static char buff[128]; + + //fprintf(stderr,"ports.cc: INET_sprint\n"); + if (sap->sa_family == 0xFFFF || sap->sa_family == 0) { + return safe_strncpy(buff, "[NONE SET]", sizeof(buff)); + } + + if (INET_rresolve(buff, sizeof(buff), (struct sockaddr_in *) sap, + numeric, 0xffffff00) != 0) { + return (NULL); + } + + //fprintf(stderr,"ports.cc: INET_sprint: %s\n", buff); + return (buff); + } + + struct aftype inet_aftype = + { + "inet", /* name */ + NULL, /* title */ + AF_INET, /*af="DARPA Internet" */ + sizeof(unsigned long), /* alen */ + NULL, /* INET_print*/ + INET_sprint, /* INET_sprint */ + NULL, /*INET_input*/ + NULL, /*INET_reserror*/ + NULL, /*INET_rprint */ + NULL, /*INET_rinput */ + NULL, /*INET_getnetmask*/ + -1, + NULL + }; + + static short sVafinit = 0; + + struct aftype *aftypes[] = + { + &inet_aftype, + NULL + }; + + void afinit() + { + inet_aftype.title = "DARPA Internet"; + sVafinit = 1; + } + + /* Check our protocol family table for this family. */ + struct aftype *get_afntype(int af) + { + //fprintf(stderr, "ports.cc:get_afntype: af=%d\n", af); + struct aftype **afp; + + if (!sVafinit) + afinit(); + + afp = aftypes; + while (*afp != NULL) { + if ((*afp)->af == af) + return (*afp); + afp++; + } + return (NULL); + } + /* + * From net-tools/lib/af.c END + **********************************************************************/ + FWPORT::FWPORT() + { + port = 0; + uid = 0; + pid = 0; + active = 0; + } + + FWPORTLIST::FWPORTLIST() + { + } + + PRIVATE void FWPORTLIST::tcp_do_one(int lnr, const char *line) + { + unsigned long rxq, txq, time_len, retr, inode; + int num, local_port, rem_port, d, state, uid, timer_run, timeout; + char rem_addr[128], local_addr[128], more[512]; + struct aftype *ap; + #if HAVE_AFINET6 + struct sockaddr_in6 localaddr, remaddr; + char addr6p[16][3], addr6[128]; + extern struct aftype inet6_aftype; + #else + struct sockaddr_in localaddr, remaddr; + #endif + + if (lnr == 0) + return; + + num = sscanf(line, + "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %ld %512s\n", + &d, local_addr, &local_port, rem_addr, &rem_port, &state, + &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more); + + if (strlen(local_addr) > 8) { + #if HAVE_AFINET6 + /* Demangle what the kernel gives us */ + sscanf(local_addr, + "%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s", + addr6p[0], addr6p[1], addr6p[2], addr6p[3], + addr6p[4], addr6p[5], addr6p[6], addr6p[7], + addr6p[8], addr6p[9], addr6p[10], addr6p[11], + addr6p[12], addr6p[13], addr6p[14], addr6p[15]); + snprintf(addr6, sizeof(addr6), "%s%s:%s%s:%s%s:%s%s:%s%s:%s%s:%s%s:%s%s", + addr6p[3], addr6p[2], addr6p[1], addr6p[0], + addr6p[7], addr6p[6], addr6p[5], addr6p[4], + addr6p[11], addr6p[10], addr6p[9], addr6p[8], + addr6p[15], addr6p[14], addr6p[13], addr6p[12]); + inet6_aftype.input(1, addr6, (struct sockaddr *) &localaddr); + sscanf(rem_addr, + "%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s%2s", + addr6p[0], addr6p[1], addr6p[2], addr6p[3], + addr6p[4], addr6p[5], addr6p[6], addr6p[7], + addr6p[8], addr6p[9], addr6p[10], addr6p[11], + addr6p[12], addr6p[13], addr6p[14], addr6p[15]); + snprintf(addr6, sizeof(addr6), "%s%s:%s%s:%s%s:%s%s:%s%s:%s%s:%s%s:%s%s", + addr6p[3], addr6p[2], addr6p[1], addr6p[0], + addr6p[7], addr6p[6], addr6p[5], addr6p[4], + addr6p[11], addr6p[10], addr6p[9], addr6p[8], + addr6p[15], addr6p[14], addr6p[13], addr6p[12]); + inet6_aftype.input(1, addr6, (struct sockaddr *) &remaddr); + localaddr.sin6_family = AF_INET6; + remaddr.sin6_family = AF_INET6; + #endif + } else { + sscanf(local_addr, "%X", + &((struct sockaddr_in *) &localaddr)->sin_addr.s_addr); + sscanf(rem_addr, "%X", + &((struct sockaddr_in *) &remaddr)->sin_addr.s_addr); + ((struct sockaddr *) &localaddr)->sa_family = AF_INET; + ((struct sockaddr *) &remaddr)->sa_family = AF_INET; + } + + if (num < 11) { + fprintf(stderr, "warning, got bogus tcp line.\n"); + return; + } + if ((ap = get_afntype(((struct sockaddr *) &localaddr)->sa_family)) == NULL) { + fprintf(stderr, "ports.cc: unsupported address family %d !\n", + ((struct sockaddr *) &localaddr)->sa_family); + return; + } + if (state == TCP_LISTEN) { + time_len = 0; + retr = 0L; + rxq = 0L; + txq = 0L; + } + safe_strncpy(local_addr, + ap->sprint((struct sockaddr *) &localaddr, flag_not), + sizeof(local_addr)); + if ( strcmp( local_addr, "*" ) != 0 ) { + return; + } + + { + FWPORT *fwport = new FWPORT(); + struct passwd *pw; + fwport->protocol.setfrom( "tcp" ); + char word[100]; + char *p = str_copyword( word, prg_cache_get(inode), sizeof(word)); + fwport->pid = atoi( word ); + p = str_copyword( word, p, sizeof(word)); + fwport->program.setfrom( word ); + fwport->port = local_port; + fwport->uid = uid; + + if ((pw = getpwuid(uid)) != NULL) + fwport->user.setfrom( pw->pw_name ); + else + fwport->user.setfrom( uid ); + add( fwport ); + } + } + + PRIVATE void FWPORTLIST::udp_do_one(int lnr, const char *line) + { + char local_addr[64], rem_addr[64]; + char *udp_state, more[512]; + int num, local_port, rem_port, d, state, timer_run, uid, timeout; + #if HAVE_AFINET6 + struct sockaddr_in6 localaddr, remaddr; + char addr6p[8][5]; + char addr6[128]; + extern struct aftype inet6_aftype; + #else + struct sockaddr_in localaddr, remaddr; + #endif + struct aftype *ap; + unsigned long rxq, txq, time_len, retr, inode; + + if (lnr == 0) + return; + + more[0] = '\0'; + num = sscanf(line, + "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %ld %512s\n", + &d, local_addr, &local_port, + rem_addr, &rem_port, &state, + &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more); + + if (strlen(local_addr) > 8) { + #if HAVE_AFINET6 + sscanf(local_addr, "%4s%4s%4s%4s%4s%4s%4s%4s", + addr6p[0], addr6p[1], addr6p[2], addr6p[3], + addr6p[4], addr6p[5], addr6p[6], addr6p[7]); + snprintf(addr6, sizeof(addr6), "%s:%s:%s:%s:%s:%s:%s:%s", + addr6p[0], addr6p[1], addr6p[2], addr6p[3], + addr6p[4], addr6p[5], addr6p[6], addr6p[7]); + inet6_aftype.input(1, addr6, (struct sockaddr *) &localaddr); + sscanf(rem_addr, "%4s%4s%4s%4s%4s%4s%4s%4s", + addr6p[0], addr6p[1], addr6p[2], addr6p[3], + addr6p[4], addr6p[5], addr6p[6], addr6p[7]); + snprintf(addr6, sizeof(addr6), "%s:%s:%s:%s:%s:%s:%s:%s", + addr6p[0], addr6p[1], addr6p[2], addr6p[3], + addr6p[4], addr6p[5], addr6p[6], addr6p[7]); + inet6_aftype.input(1, addr6, (struct sockaddr *) &remaddr); + localaddr.sin6_family = AF_INET6; + remaddr.sin6_family = AF_INET6; + #endif + } else { + sscanf(local_addr, "%X", + &((struct sockaddr_in *) &localaddr)->sin_addr.s_addr); + sscanf(rem_addr, "%X", + &((struct sockaddr_in *) &remaddr)->sin_addr.s_addr); + ((struct sockaddr *) &localaddr)->sa_family = AF_INET; + ((struct sockaddr *) &remaddr)->sa_family = AF_INET; + } + + retr = 0L; + more[0] = '\0'; + + if (num < 10) { + fprintf(stderr, "warning, got bogus udp line.\n"); + return; + } + if ((ap = get_afntype(((struct sockaddr *) &localaddr)->sa_family)) == NULL) { + fprintf(stderr, "ports.cc: unsupported address family %d !\n", + ((struct sockaddr *) &localaddr)->sa_family); + return; + } + switch (state) { + case TCP_ESTABLISHED: + udp_state = "ESTABLISHED"; + break; + + case TCP_CLOSE: + udp_state = ""; + break; + + default: + udp_state = "UNKNOWN"; + break; + } + + #if HAVE_AFINET6 + #define notnull(A) (((A.sin6_family == AF_INET6) && \ + ((A.sin6_addr.s6_addr32[0]) || \ + (A.sin6_addr.s6_addr32[1]) || \ + (A.sin6_addr.s6_addr32[2]) || \ + (A.sin6_addr.s6_addr32[3]))) || \ + ((A.sin6_family == AF_INET) && \ + ((struct sockaddr_in *) &A)->sin_addr.s_addr)) + #else + #define notnull(A) (A.sin_addr.s_addr) + #endif + + //fprintf(stderr, "ports.cc:udp\n"); + safe_strncpy(local_addr, + ap->sprint((struct sockaddr *) &localaddr, flag_not), + sizeof(local_addr)); + + if ( strcmp( local_addr, "*" ) != 0 ) { + return; + } + { + FWPORT *fwport = new FWPORT(); + struct passwd *pw; + fwport->protocol.setfrom( "udp" ); + char word[100]; + char *p = str_copyword( word, prg_cache_get(inode), sizeof(word)); + fwport->pid = atoi( word ); + p = str_copyword( word, p, sizeof(word)); + fwport->program.setfrom( word ); + fwport->port = local_port; + fwport->uid = uid; + + if ((pw = getpwuid(uid)) != NULL) + fwport->user.setfrom( pw->pw_name ); + else + fwport->user.setfrom( uid ); + add( fwport ); + } + } + + PRIVATE int FWPORTLIST::getlist_tcp( ) + { + //fprintf(stderr,"PRIVATE int FWPORTLIST::getlist_tcp( )\n"); + { + INFO_GUTS6(_PATH_PROCNET_TCP, _PATH_PROCNET_TCP6, "AF INET (tcp)", tcp_do_one); + } + return( 1 ); + } + + PRIVATE int FWPORTLIST::getlist_udp( ) + { + //fprintf(stderr,"PRIVATE int FWPORTLIST::getlist_udp( )\n"); + { + INFO_GUTS6(_PATH_PROCNET_UDP, _PATH_PROCNET_UDP6, "AF INET (udp)", udp_do_one); + } + return( 1 ); + } + + static int cmp_by_name (const ARRAY_OBJ *o1, const ARRAY_OBJ *o2) + { + FWPORT *s1 = (FWPORT*)o1; + FWPORT *s2 = (FWPORT*)o2; + int ret = s1->protocol.cmp(s2->protocol); + if (ret == 0){ + if ( s1->port < s2->port ) ret = -1; + else if ( s1->port > s2->port ) ret = 1; + else ret = 0; + } + return ret; + } + + PUBLIC void FWPORTLIST::sort() + { + ARRAY::sort (cmp_by_name); + } + + PUBLIC void FWPORTLIST::update_from_db() + { + char service[100]; + for (int i=0; i<getnb(); i++ ) { + FWPORT *fwport = getitem( i ); + snprintf( service, sizeof(service), + "%s/%d", fwport->protocol.get(), fwport->port); + fwport->active = (char)linuxconf_getvalnum( K_FIREWALL, service, 0 ); + } + } + + PUBLIC void FWPORTLIST::read( ) + { + flag_inet = 1; + flag_arg = flag_tcp + flag_udp; + + prg_cache_load(); + getlist_tcp(); + getlist_udp(); + prg_cache_clear(); + + } + + PUBLIC FWPORT *FWPORTLIST::getitem (int no) const + { + return (FWPORT*)ARRAY::getitem (no); + } *** 1.17r3/linuxconf/modules/inetdconf/fwport.h --- 1,17r4/linuxconf/modules/inetdconf/fwport.h Mon Jan 31 13:59:52 2000 *************** *** 0 **** --- 1,33 ---- + #pragma interface + + class FWPORT: public ARRAY_OBJ { + public: + SSTRING protocol; // "tcp", "udp" + int port; + SSTRING program; + SSTRING user; + int uid; + int pid; + char active; + + /*~PROTOBEG~ FWPORT */ + public: + FWPORT(); + /*~PROTOEND~ FWPORT */ + }; + + class FWPORTLIST: public ARRAY { + private: + void udp_do_one( int lnr, const char *line ); + void tcp_do_one( int lnr, const char *line ); + int getlist_tcp( void ); + int getlist_udp( void ); + /*~PROTOBEG~ FWPORTLIST */ + public: + FWPORTLIST(); + FWPORT *getitem( int item ) const; + void read( void ); + void sort( void ); + void update_from_db( void ); + /*~PROTOEND~ FWPORTLIST */ + }; *** 1.17r3/linuxconf/modules/inetdconf/hostsallow.cc --- 1,17r4/linuxconf/modules/inetdconf/hostsallow.cc Sun Feb 13 17:44:27 2000 *************** *** 0 **** --- 1,508 ---- + #include <stdio.h> + #include <stdlib.h> + #include <string.h> + #include <ctype.h> + #include <misc.h> + #include <configf.h> + #include <userconf.h> + #include <translat.h> + #include <subsys.h> + #include <fviews.h> + #include "inetdconf.h" + #include "inetdconf.m" + #include "inetdconfedit.h" + + #define FILE_PATH_HOSTS_ALLOW 1 + #define FILE_PATH_HOSTS_DENY 2 + + class MYDATA { + private: + public: + int filepath; + CONFIG_FILE *f_config_file; // /etc/hosts.allow or /etc/hosts.deny + long modified_time; + bool config_file_modified; + INETDCONFLIST *inetdconflist; + public: + MYDATA( int path, CONFIG_FILE *f ); + ~MYDATA( void ); + }; + + PUBLIC MYDATA::MYDATA( int path, CONFIG_FILE *f ) + { + filepath = path; + f_config_file = f; + inetdconflist = new INETDCONFLIST(); + inetdconflist->read( ); + modified_time = 0; + config_file_modified = false; + } + + PUBLIC MYDATA::~MYDATA( void ) + { + delete inetdconflist; + inetdconflist = NULL; + } + + class HOSTSALLOW: public ARRAY_OBJ { + private: + void init (void); + int input_error( ); + void modify_service( VIEWITEM *item ); + public: + SSTRING service; // + SSTRING add_service; // + SSTRING client; // + SSTRING command; // + SSTRING comment; // + bool new_hostsallow; // + int hostsallow_line; // Line number in file /etc/hosts.allow + /*~PROTOBEG~ HOSTSALLOW */ + public: + HOSTSALLOW (const char *_service_name); + HOSTSALLOW ( void ); + int edit( MYDATA *mydata ); + int write( int button, MYDATA *mydata ); + public: + /*~PROTOEND~ HOSTSALLOW */ + }; + + class HOSTSALLOWLIST: public ARRAY { + private: + char *next_word( char *d, char *s, int size ); + void add_service( int line, VIEWITEM *item ); + public: + /*~PROTOBEG~ HOSTSALLOWLIST */ + public: + HOSTSALLOWLIST( ); + HOSTSALLOW *getitem (const char *id) const; + HOSTSALLOW *getitem (int negative) const; + void read ( MYDATA *mydata ); + int edit ( MYDATA *mydata ); + /*~PROTOEND~ HOSTSALLOWLIST */ + }; + + static HELP_FILE help_hostsallow ("inetdconf","hostsallow"); + + static CONFIG_FILE f_config_file_allow( + "/etc/hosts.allow" + ,help_hostsallow + ,CONFIGF_MANAGED + ,"root" + ,"root" + ,0644 + ,subsys_inetdconf); + + static CONFIG_FILE f_config_file_deny( + "/etc/hosts.deny" + ,help_hostsallow + ,CONFIGF_MANAGED + ,"root" + ,"root" + ,0644 + ,subsys_inetdconf); + + /* + * HOSTSALLOW + */ + #define K_FIELD_SERVICE 1 + #define K_FIELD_CLIENT 2 + #define K_FIELD_COMMAND 3 + + PRIVATE void HOSTSALLOW::init() + { + //fprintf(stderr,"HOSTSALLOW::init\n"); + new_hostsallow = 1; + } + + PUBLIC HOSTSALLOW::HOSTSALLOW(const char *_service) + { + //fprintf(stderr,"HOSTSALLOW::HOSTSALLOW _service=%s\n", _service); + service.setfrom (_service); + init(); + } + + PUBLIC HOSTSALLOW::HOSTSALLOW( ) + { + //fprintf(stderr,"HOSTSALLOW::HOSTSALLOW\n"); + init(); + } + + PUBLIC int HOSTSALLOW::write( int button, MYDATA *mydata ) + { + //fprintf(stderr,"HOSTSALLOW::write\n"); + int ret = -1; + long this_modified_time = file_date( mydata->f_config_file->getpath() ); + if ( this_modified_time > mydata->modified_time ) { + xconf_error(MSG_R(E_FILE_MODIFIED), mydata->f_config_file->getpath() ); + mydata->config_file_modified = true; + return( ret ); + } + VIEWITEMS items; + items.setcomcar( '\002' ); // Set comment to "impossible" char + items.read( *mydata->f_config_file ); // Read current version of config file + if ( new_hostsallow ) { + VIEWITEM *item = new VIEWITEM(""); + modify_service( item ); + items.add( item ); + new_hostsallow = false; + } else { + for ( int line=0; line<items.getnb(); line++ ) { + if ( line == hostsallow_line ) { + VIEWITEM *item = items.getitem(line); + if ( button == MENU_DEL ) { + items.remove( item ); + } else { + modify_service( item ); + } + } + } + } + items.write( *mydata->f_config_file, (PRIVILEGE *)NULL ); + + /* + * Last modified set when config file read or written. + */ + mydata->modified_time = file_date( mydata->f_config_file->getpath() ); + return( ret ); + } + + + /** + * Update line + */ + PRIVATE void HOSTSALLOW::modify_service( VIEWITEM *item ) + { + //fprintf(stderr,"HOSTSALLOW::modify_service: item=%s\n", item->line.get()); + char line[2048]; + + if ( command.is_empty() ) { + snprintf( line, sizeof(line), "%s:%s", + service.get(), + client.get()); + } else { + snprintf( line, sizeof(line), "%s:%s:%s", + service.get(), + client.get(), + command.get()); + } + item->line.setfrom( line ); + } + + /** + * Edit hostsallow entry + */ + PUBLIC int HOSTSALLOW::edit( MYDATA *mydata ) + { + //fprintf(stderr,"HOSTSALLOW::edit\n"); + DIALOG dia; + + { + FIELD_COMBO *combo = dia.newf_combo(MSG_U(F_SERVER,"Server"),service); + INETDCONF *inetdconf = NULL; + SSTRINGS strings; + for (int i=0; i<mydata->inetdconflist->getnb(); i++ ) { + inetdconf = mydata->inetdconflist->getitem( i ); + if ( inetdconf->path.cmp( daemon_findpath( "tcpd" ) ) == 0 ) { + SSTRING *service_name = new SSTRING(inetdconf->arguments.get()); + strings.add( service_name ); + } + } + strings.add( new SSTRING("ALL") ); + strings.sort(); + strings.remove_dups(); + for (int i=0; i<strings.getnb(); i++ ) { + combo->addopt(strings.getitem(i)->get()); + } + } + { + FIELD_COMBO *combo = dia.newf_combo(MSG_U(F_HOSTSALLOWCLIENT,"Client systems"),client); + SSTRINGS strings; + strings.add( new SSTRING("ALL") ); + strings.add( new SSTRING("LOCAL") ); + strings.add( new SSTRING("UNKNOWN") ); + strings.add( new SSTRING("KNOWN") ); + strings.sort(); + for (int i=0; i<strings.getnb(); i++ ) { + combo->addopt(strings.getitem(i)->get()); + } + } + + dia.newf_str( MSG_U(F_HOSTSALLOWCOMMAND,"Optional command"), command ); + + int buttons; + if ( new_hostsallow ) { + buttons = (MENUBUT_CANCEL|MENUBUT_ACCEPT); + } else { + buttons = (MENUBUT_DEL|MENUBUT_CANCEL|MENUBUT_ACCEPT); + } + const char *title = NULL; + if ( mydata->filepath == FILE_PATH_HOSTS_ALLOW ) { + title = MSG_U(T_HOSTSALLOW, "Allowed servers"); + } else if ( mydata->filepath == FILE_PATH_HOSTS_DENY ) { + title = MSG_U(T_ETCHOSTSDENY, "Denied servers"); + } + int ret = 0; + int choice = 0; + while (1){ + MENU_STATUS code = dia.edit( + title + ,"" + ,help_hostsallow + ,choice + ,buttons); + if (code == MENU_CANCEL || code == MENU_ESCAPE){ + ret = -1; + break; + }else if (code == MENU_DEL){ + if ( xconf_delok() ) { + write( MENU_DEL, mydata ); + ret = 1; + break; + } + }else if (code == MENU_ACCEPT ) { + if ( input_error( ) ) continue; + write ( MENU_ACCEPT, mydata ); + ret = 0; + break; + } + } + return ret; + } + + PRIVATE int HOSTSALLOW::input_error( ) + { + if ( service.is_empty() ) { + xconf_error( MSG_U(E_ALLOWSERVICEMISSING, + "Server name is missing") ); + return( 1 ); + } + if ( client.is_empty() ) { + xconf_error( MSG_U(E_ALLOWCLIENT, + "Client name is missing") ); + return( 1 ); + } + return( 0 ); + } + + /** + * HOSTSALLOWLIST + */ + + PUBLIC HOSTSALLOW *HOSTSALLOWLIST::getitem (int no) const + { + return (HOSTSALLOW*)ARRAY::getitem (no); + } + + PUBLIC HOSTSALLOW *HOSTSALLOWLIST::getitem (const char *_service) const + { + HOSTSALLOW *ret = NULL; + int n = getnb(); + for (int i=0; i<n; i++) { + HOSTSALLOW *hostsallow = getitem(i); + if (hostsallow->service.cmp(_service)==0){ + ret = hostsallow; + break; + } + } + return ret; + } + + PUBLIC HOSTSALLOWLIST::HOSTSALLOWLIST( ) + { + //fprintf(stderr,"HOSTSALLOWLIST::HOSTSALLOWLIST\n"); + } + + PRIVATE char * HOSTSALLOWLIST::next_word( char *d, char *s, int size ) + { + while ( *s ) { + switch ( *s ) { + case ' ': + case ':': + case '\t': + s++; + continue; + default: + break; + } + break; + } + for ( size--; *s && size; size-- ) { + switch ( *s ) { + case ':': + case '\n': + *d = '\0'; + return( s ); + case '#': + *d++ = *s++; + *d = '\0'; + return( s ); + default: + *d++ = *s++; + break; + } + } + *d = '\0'; + return( s ); + } + + PUBLIC void HOSTSALLOWLIST::add_service( int line_number, VIEWITEM *item ) + { + //fprintf(stderr,"hostsallow.cc: add_service: item->line.get()=%s\n", item->line.get()); + char word[1024]; + char *line = (char *)item->line.get(); + char *p = line; + if ( *p && *p == '#' ) { + return; + } + if ( strlen( p ) < 3 ) return; + HOSTSALLOW *hostsallow = new HOSTSALLOW(); + int field = 1; + int valid_keywords = 0; + while ( 1 ) { + p = next_word( word, p, sizeof( word )); + if ( strlen( word ) == 0 ) { + break; + } + //fprintf(stderr,"hostsallow.cc: add_service: field=%d word=\"%s\" length=%d\n", field, word, strlen(word)); + switch ( field ) { + case K_FIELD_SERVICE: + hostsallow->service.setfrom( word ); + valid_keywords++; + field++; + break; + case K_FIELD_CLIENT: + if ( hostsallow->client.is_empty( ) ) { + hostsallow->client.setfrom( word ); + } else { + hostsallow->client.append( " " ); + hostsallow->client.append( word ); + } + field++; + valid_keywords++; + break; + case K_FIELD_COMMAND: + if ( hostsallow->command.is_empty( ) ) { + hostsallow->command.setfrom( word ); + } else { + hostsallow->command.append( " " ); + hostsallow->command.append( word ); + } + break; + } + } + if ( valid_keywords > 1 ) { + hostsallow->hostsallow_line = line_number; + hostsallow->new_hostsallow = false; + add( hostsallow ); + } else { + delete( hostsallow ); + } + return; + } + + /** + * Read config file and parse /etc/hosts.allow or /etc/hosts.deny + */ + PUBLIC void HOSTSALLOWLIST::read( MYDATA *mydata ) + { + VIEWITEMS items; + items.setcomcar( '\002' ); // Set comment to "impossible" char + items.read( *mydata->f_config_file ); // Read config file + //fprintf(stderr,"HOSTSALLOWLIST::read items.getnb()=%d\n", items.getnb()); + for ( int i=0; i<items.getnb(); i++ ) { + VIEWITEM *item = items.getitem( i ); + add_service( i, item ); + } + /* + * Last modified set when config file read or written. + */ + mydata->modified_time = file_date( mydata->f_config_file->getpath() ); + } + + /** + * Edit hostsallowlist + */ + PUBLIC int HOSTSALLOWLIST::edit( MYDATA *mydata ) + { + //fprintf(stderr,"HOSTSALLOWLIST::edit\n"); + DIALOG_RECORDS dia; + int choice = 0; + int ret = -1; + dia.newf_head ("",MSG_U(H_HOSTSALLOW,"Service\tClient")); + dia.addwhat (MSG_U(I_ADDHOSTSALLOW,"Select [Add] to add a new server\n")); + while ( 1 ) { + //fprintf(stderr,"HOSTSALLOWLIST::edit: getnb()=%d dia.getnb()=%d\n", getnb(),dia.getnb()); + for (int i=0; i<getnb(); i++) { + HOSTSALLOW *hostsallow = getitem(i); + //fprintf(stderr,"HOSTSALLOWLIST::edit: i=%d service=%s client=%s\n", i, hostsallow->service.get(), hostsallow->client.get()); + dia.set_menuitem( i, hostsallow->service.get(), hostsallow->client.get()); + } + const char *heading = NULL; + const char *title = NULL; + if ( mydata->filepath == FILE_PATH_HOSTS_ALLOW ) { + title = MSG_U(T_HOSTSALLOWLIST,"Allowed servers"); + heading = MSG_U(I_HOSTSALLOWLIST, + "This is a list of all servers which\n" + "presently are allowed in the system.\n" + ); + } else if ( mydata->filepath == FILE_PATH_HOSTS_DENY ) { + title = MSG_U(T_ETCHOSTSDENYLIST,"Denied servers"); + heading = MSG_U(I_ETCHOSTSDENYLIST, + "This is a list of all servers which\n" + "presently are denied in the system.\n" + ); + } + + MENU_STATUS code = dia.editmenu (title + ,heading + ,help_hostsallow + ,choice,MENUBUT_ADD); + + if (code == MENU_QUIT || code == MENU_ESCAPE) { + break; + } + if ( ! perm_rootaccess("modify server access" ) ) { + continue; + } + if (code == MENU_ADD) { + HOSTSALLOW *hostsallow = new HOSTSALLOW(); + ret = hostsallow->edit( mydata ); + if ( ret == 0 ) { + add( hostsallow ); + } else if ( ret == -1 ) { + delete hostsallow; + } + } else if ( code == MENU_OK ) { + HOSTSALLOW *hostsallow = getitem( choice ); + ret = hostsallow->edit( mydata ); + if ( ret == 1 ) { + remove_del( choice ); + dia.remove_del( choice ); + } + } + /* + * ret = 1: Delete + * ret = 0: Accept + * ret = -1: Cancel + */ + } + return ret; + } + + PUBLIC void hostsallow_edit( void ) + { + MYDATA mydata( FILE_PATH_HOSTS_ALLOW, &f_config_file_allow ); + HOSTSALLOWLIST hostsallowlist; + hostsallowlist.read( &mydata ); + hostsallowlist.edit( &mydata ); + } + + PUBLIC void hostsdeny_edit( void ) + { + MYDATA mydata( FILE_PATH_HOSTS_DENY, &f_config_file_deny ); + HOSTSALLOWLIST hostsallowlist; + hostsallowlist.read( &mydata ); + hostsallowlist.edit( &mydata ); + } + *** 1.17r3/linuxconf/modules/inetdconf/lib/net-support.h --- 1,17r4/linuxconf/modules/inetdconf/lib/net-support.h Sat Jan 29 09:07:56 2000 *************** *** 0 **** --- 1,230 ---- + /* + * lib/support.h This file contains the definitions of what is in the + * support library. Most of all, it defines structures + * for accessing support modules, and the function proto- + * types. + * + * NET-LIB A collection of functions used from the base set of the + * NET-3 Networking Distribution for the LINUX operating + * system. (net-tools, net-drivers) + * + * Version: lib/net-support.h 1.35 (1996-01-01) + * + * Maintainer: Bernd 'eckes' Eckenfels, <net-tools@lina.inka.de> + * + * Author: Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org> + * Copyright 1993 MicroWalt Corporation + * + * Modifications: + *960125 {1.20} Bernd Eckenfels: reformated, layout + *960202 {1.30} Bernd Eckenfels: rprint in aftype + *960206 {1.31} Bernd Eckenfels: route_init + *960219 {1.32} Bernd Eckenfels: type for ap->input() + *960322 {1.33} Bernd Eckenfels: activate_ld and const in get_hwtype + *960413 {1.34} Bernd Eckenfels: new RTACTION suport + *990101 {1.35} Bernd Eckenfels: print_(hw|af)list support, added kerneldefines + * + * This program is free software; you can redistribute it + * and/or modify it under the terms of the GNU General + * Public License as published by the Free Software + * Foundation; either version 2 of the License, or (at + * your option) any later version. + */ + #include <sys/socket.h> + + /* This structure defines protocol families and their handlers. */ + struct aftype { + char *name; + char *title; + int af; + int alen; + char *(*print) (unsigned char *); + char *(*sprint) (struct sockaddr *, int numeric); + int (*input) (int type, char *bufp, struct sockaddr *); + void (*herror) (char *text); + int (*rprint) (int options); + int (*rinput) (int typ, int ext, char **argv); + + /* may modify src */ + int (*getmask) (char *src, struct sockaddr * mask, char *name); + + int fd; + char *flag_file; + }; + + extern struct aftype *aftypes[]; + + /* This structure defines hardware protocols and their handlers. */ + struct hwtype { + char *name; + char *title; + int type; + int alen; + char *(*print) (unsigned char *); + int (*input) (char *, struct sockaddr *); + int (*activate) (int fd); + int suppress_null_addr; + }; + + + extern struct hwtype *get_hwtype(const char *name); + extern struct hwtype *get_hwntype(int type); + extern void print_hwlist(int type); + extern struct aftype *get_aftype(const char *name); + extern struct aftype *get_afntype(int type); + extern void print_aflist(int type); + extern int hw_null_address(struct hwtype *hw, void *addr); + + extern int getargs(char *string, char *arguments[]); + + extern int get_socket_for_af(int af); + + extern void getroute_init(void); + extern void setroute_init(void); + extern void activate_init(void); + extern int route_info(const char *afname, int flags); + extern int route_edit(int action, const char *afname, int flags, char **argv); + extern int activate_ld(const char *hwname, int fd); + + #define RTACTION_ADD 1 + #define RTACTION_DEL 2 + #define RTACTION_HELP 3 + #define RTACTION_FLUSH 4 + #define RTACTION_SHOW 5 + + #define FLAG_EXT 3 /* AND-Mask */ + #define FLAG_NUM 4 + #define FLAG_SYM 8 + #define FLAG_CACHE 16 + #define FLAG_FIB 32 + #define FLAG_VERBOSE 64 + + extern int ip_masq_info(int numeric, int ext); + + extern int INET_rprint(int options); + extern int INET6_rprint(int options); + extern int DDP_rprint(int options); + extern int IPX_rprint(int options); + extern int NETROM_rprint(int options); + extern int AX25_rprint(int options); + + extern int INET_rinput(int action, int flags, char **argv); + extern int INET6_rinput(int action, int flags, char **argv); + extern int DDP_rinput(int action, int flags, char **argv); + extern int IPX_rinput(int action, int flags, char **argv); + extern int NETROM_rinput(int action, int flags, char **argv); + extern int AX25_rinput(int action, int flags, char **argv); + + extern int aftrans_opt(const char *arg); + extern void aftrans_def(char *tool, char *argv0, char *dflt); + + extern char *get_sname(int socknumber, char *proto, int numeric); + + extern int flag_unx; + extern int flag_ipx; + extern int flag_ax25; + extern int flag_ddp; + extern int flag_netrom; + extern int flag_inet; + extern int flag_inet6; + + extern char afname[]; + + #define AFTRANS_OPTS \ + {"ax25", 0, 0, 1}, \ + {"ip", 0, 0, 1}, \ + {"ipx", 0, 0, 1}, \ + {"appletalk", 0, 0, 1}, \ + {"netrom", 0, 0, 1}, \ + {"inet", 0, 0, 1}, \ + {"inet6", 0, 0, 1}, \ + {"ddp", 0, 0, 1}, \ + {"unix", 0, 0, 1}, \ + {"tcpip", 0, 0, 1} + #define AFTRANS_CNT 10 + + #define EINTERN(file, text) fprintf(stderr, \ + "%s: Internal Error `%s'.\n",file,text); + + #define E_NOTFOUND 8 + #define E_SOCK 7 + #define E_LOOKUP 6 + #define E_VERSION 5 + #define E_USAGE 4 + #define E_OPTERR 3 + #define E_INTERN 2 + #define E_NOSUPP 1 + + + /* ========== Kernel Defines ============= + * Since it is not a good idea to depend on special kernel sources for the headers + * and since the libc6 Headers are not always up to date, we keep a copy of the + * most often used Flags in this file. We realy need a way to keep them up-to-date. + * Perhaps anybody knows how the glibc2 folk is doing it? -ecki + */ + + /* Keep this ins sync with /usr/src/linux/include/linux/rtnetlink.h */ + #define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */ + #define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */ + #define RTNH_F_ONLINK 4 /* Gateway is forced on link */ + + /* Keep this in sync with /usr/src/linux/include/linux/in_route.h */ + #define RTCF_DEAD RTNH_F_DEAD + #define RTCF_ONLINK RTNH_F_ONLINK + /* #define RTCF_NOPMTUDISC RTM_F_NOPMTUDISC */ + #define RTCF_NOTIFY 0x00010000 + #define RTCF_DIRECTDST 0x00020000 + #define RTCF_REDIRECTED 0x00040000 + #define RTCF_TPROXY 0x00080000 + #define RTCF_FAST 0x00200000 + #define RTCF_MASQ 0x00400000 + #define RTCF_SNAT 0x00800000 + #define RTCF_DOREDIRECT 0x01000000 + #define RTCF_DIRECTSRC 0x04000000 + #define RTCF_DNAT 0x08000000 + #define RTCF_BROADCAST 0x10000000 + #define RTCF_MULTICAST 0x20000000 + #define RTCF_REJECT 0x40000000 + #define RTCF_LOCAL 0x80000000 + + /* Keep this in sync with /usr/src/linux/include/linux/ipv6_route.h */ + #ifndef RTF_DEFAULT + #define RTF_DEFAULT 0x00010000 /* default - learned via ND */ + #endif + #define RTF_ALLONLINK 0x00020000 /* fallback, no routers on link */ + #ifndef RTF_ADDRCONF + #define RTF_ADDRCONF 0x00040000 /* addrconf route - RA */ + #endif + #define RTF_NONEXTHOP 0x00200000 /* route with no nexthop */ + #define RTF_EXPIRES 0x00400000 + #define RTF_CACHE 0x01000000 /* cache entry */ + #define RTF_FLOW 0x02000000 /* flow significant route */ + #define RTF_POLICY 0x04000000 /* policy route */ + #define RTF_LOCAL 0x80000000 + + /* Keep this in sync with /usr/src/linux/include/linux/route.h */ + #define RTF_UP 0x0001 /* route usable */ + #define RTF_GATEWAY 0x0002 /* destination is a gateway */ + #define RTF_HOST 0x0004 /* host entry (net otherwise) */ + #define RTF_REINSTATE 0x0008 /* reinstate route after tmout */ + #define RTF_DYNAMIC 0x0010 /* created dyn. (by redirect) */ + #define RTF_MODIFIED 0x0020 /* modified dyn. (by redirect) */ + #define RTF_MTU 0x0040 /* specific MTU for this route */ + #ifndef RTF_MSS + #define RTF_MSS RTF_MTU /* Compatibility :-( */ + #endif + #define RTF_WINDOW 0x0080 /* per route window clamping */ + #define RTF_IRTT 0x0100 /* Initial round trip time */ + #define RTF_REJECT 0x0200 /* Reject route */ + + /* this is a 2.0.36 flag from /usr/src/linux/include/linux/route.h */ + #define RTF_NOTCACHED 0x0400 /* this route isn't cached */ + + #ifdef HAVE_AFECONET + #ifndef AF_ECONET + #define AF_ECONET 19 /* Acorn Econet */ + #endif + #endif + + /* End of lib/support.h */ + *** 1.17r3/linuxconf/modules/inetdconf/lib/pathnames.h --- 1,17r4/linuxconf/modules/inetdconf/lib/pathnames.h Fri Jan 28 13:06:17 2000 *************** *** 0 **** --- 1,50 ---- + + /* + * lib/pathnames.h This file contains the definitions of the path + * names used by the NET-LIB. + * + * NET-LIB + * + * Version: lib/pathnames.h 1.37 (1997-08-23) + * + * Author: Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org> + */ + + /* pathnames of the procfs files used by NET. */ + #define _PATH_PROCNET_IGMP "/proc/net/igmp" + #define _PATH_PROCNET_IGMP6 "/proc/net/igmp6" + #define _PATH_PROCNET_TCP "/proc/net/tcp" + #define _PATH_PROCNET_TCP6 "/proc/net/tcp6" + #define _PATH_PROCNET_UDP "/proc/net/udp" + #define _PATH_PROCNET_UDP6 "/proc/net/udp6" + #define _PATH_PROCNET_RAW "/proc/net/raw" + #define _PATH_PROCNET_RAW6 "/proc/net/raw6" + #define _PATH_PROCNET_UNIX "/proc/net/unix" + #define _PATH_PROCNET_ROUTE "/proc/net/route" + #define _PATH_PROCNET_ROUTE6 "/proc/net/ipv6_route" + #define _PATH_PROCNET_RTCACHE "/proc/net/rt_cache" + #define _PATH_PROCNET_AX25_ROUTE "/proc/net/ax25_route" + #define _PATH_PROCNET_NR "/proc/net/nr" + #define _PATH_PROCNET_NR_NEIGH "/proc/net/nr_neigh" + #define _PATH_PROCNET_NR_NODES "/proc/net/nr_nodes" + #define _PATH_PROCNET_ARP "/proc/net/arp" + #define _PATH_PROCNET_AX25 "/proc/net/ax25" + #define _PATH_PROCNET_IPX "/proc/net/ipx" + #define _PATH_PROCNET_IPX_ROUTE "/proc/net/ipx_route" + #define _PATH_PROCNET_ATALK "/proc/net/appletalk" + #define _PATH_PROCNET_IP_BLK "/proc/net/ip_block" + #define _PATH_PROCNET_IP_FWD "/proc/net/ip_forward" + #define _PATH_PROCNET_IP_ACC "/proc/net/ip_acct" + #define _PATH_PROCNET_IP_MASQ "/proc/net/ip_masquerade" + #define _PATH_PROCNET_NDISC "/proc/net/ndisc" + #define _PATH_PROCNET_IFINET6 "/proc/net/if_inet6" + #define _PATH_PROCNET_DEV "/proc/net/dev" + #define _PATH_PROCNET_RARP "/proc/net/rarp" + #define _PATH_ETHERS "/etc/ethers" + #define _PATH_PROCNET_ROSE_ROUTE "/proc/net/rose_routes" + #define _PATH_PROCNET_DEV_MCAST "/proc/net/dev_mcast" + + /* pathname for the netlink device */ + #define _PATH_DEV_ROUTE "/dev/route" + + /* End of pathnames.h */ *** 1.17r3/linuxconf/modules/inetdconf/lib/util.h --- 1,17r4/linuxconf/modules/inetdconf/lib/util.h Sat Jan 29 09:01:08 2000 *************** *** 0 **** --- 1,16 ---- + #include <stddef.h> + + void *xmalloc(size_t sz); + void *xrealloc(void *p, size_t sz); + + #define new(p) ((p) = xmalloc(sizeof(*(p)))) + + + int kernel_version(void); + #define KRELEASE(maj,min,patch) ((maj) * 10000 + (min)*1000 + (patch)) + + + int nstrcmp(const char *, const char *); + + char *safe_strncpy(char *dst, const char *src, size_t size); + *** 1.17r3/linuxconf/userconf/internal.h Sun Nov 15 00:56:10 1998 --- 1,17r4/linuxconf/userconf/internal.h Tue Feb 22 17:21:32 2000 *************** *** 24,29 **** --- 24,32 ---- SSTRING deletecmd; SSTRING archivecmd; SSTRING postdeletecmd; + char showshadow; + char mayedithome; + char mayeditshell; /*~PROTOBEG~ PASSWD_VALID */ public: PASSWD_VALID (void); *** 1.17r3/linuxconf/userconf/passwd_valid.cc Sun Dec 12 22:04:59 1999 --- 1,17r4/linuxconf/userconf/passwd_valid.cc Tue Feb 22 17:22:47 2000 *************** *** 27,32 **** --- 27,35 ---- static const char POSTDELETECMD[] = "postdeletecmd"; static const char PRIVGROUP[] = "privgroup"; static const char CREATEPERM[]="createperm"; + static const char SHOWSHADOW[]="showshadow"; + static const char MAYEDITHOME[]="mayedithome"; + static const char MAYEDITSHELL[]="mayeditshell"; static const char def_archive[]= USR_LIB_LINUXCONF "/lib/accountarchive.sh"; static const char def_delete[]=USR_LIB_LINUXCONF "/lib/accountdelete.sh"; *************** *** 51,56 **** --- 54,62 ---- linuxconf_replace (PASSWD,ARCHIVECMD,archivecmd); linuxconf_replace (PASSWD,PRIVGROUP,privgroup); linuxconf_replace (PASSWD,CREATEPERM,createperm); + linuxconf_replace (PASSWD,SHOWSHADOW,showshadow); + linuxconf_replace (PASSWD,MAYEDITHOME,mayedithome); + linuxconf_replace (PASSWD,MAYEDITSHELL,mayeditshell); linuxconf_save(); } *************** *** 119,124 **** --- 125,152 ---- return ret; } + /* + Return true if the HOME directory is editable/visible in the user accounts + */ + bool policies_mayedithome() + { + return linuxconf_getvalnum (PASSWD,MAYEDITHOME,1) != 0; + } + /* + Return true if the shell is editable/visible in the user accounts + */ + bool policies_mayeditshell() + { + return linuxconf_getvalnum (PASSWD,MAYEDITSHELL,1) != 0; + } + /* + Return true if the shadow parameters are visible in the user accounts + */ + bool policies_mayshowshadow() + { + return linuxconf_getvalnum (PASSWD,SHOWSHADOW,1) != 0; + } + PUBLIC PASSWD_VALID::PASSWD_VALID() { minlen = passwd_valid_getval(MINLEN,6); *************** *** 130,135 **** --- 158,166 ---- archivecmd.setfrom (policies_getarchivecmd()); privgroup = policies_privgroup() ? 1 : 0; createperm = policies_getcreateperm(); + showshadow = policies_mayshowshadow() ? 1 : 0; + mayedithome = policies_mayedithome() ? 1 : 0; + mayeditshell = policies_mayeditshell() ? 1 : 0; } /* *************** *** 140,145 **** --- 171,177 ---- if(perm_rootaccess(MSG_U(P_PASSPOLICIES ,"set the password and account policies"))){ DIALOG dia; + dia.newf_title (MSG_R(T_POLICIES),1,"",MSG_R(T_POLICIES)); dia.newf_num (MSG_U(F_MINLEN,"Minimum length"),minlen); dia.newf_num (MSG_U(F_MINCHARS,"Minimum amount of non alpha char") ,minnonalpha); *************** *** 147,152 **** --- 179,192 ---- ,MSG_U(I_PRIVGROUP,"One group per user")); dia.newf_str (MSG_U(F_DEFHOME,"Default base dir for homes"),defhome); dia.newf_octnum (MSG_R(F_CREATEPERM),createperm); + dia.newf_chk ("",showshadow,MSG_U(I_SHOWSHADOW,"Show the shadow parameters")); + dia.newf_chk ("",mayedithome,MSG_U(I_EDITHOME,"May change the HOME directory path")); + dia.newf_chk ("",mayeditshell,MSG_U(I_EDITSHELL,"May change the login shell")); + SHADOW sha; + if (shadow_exist()){ + sha.setdialog (dia); + } + dia.newf_title (MSG_U(T_SCRIPTS,"Scripts"),1,"",MSG_R(T_SCRIPTS)); FIELD_COMBO *comb = dia.newf_combo (MSG_U(F_DELETECMD ,"Delete account command"),deletecmd); comb->addopt (def_delete); *************** *** 156,165 **** dia.newf_str (MSG_U(F_NEWUSERCMD,"Post-create command"),createcmd); dia.newf_str (MSG_U(F_POSTDELCMD,"Pre-delete command") ,postdeletecmd); - SHADOW sha; - if (shadow_exist()){ - sha.setdialog (dia); - } if (dia.edit ( MSG_U(T_PASSPOLICIES,"Password/Account setting policies") ,MSG_U(I_PASSPOLICIES --- 196,201 ---- *** 1.17r3/linuxconf/userconf/shadow.cc Fri May 1 15:19:00 1998 --- 1,17r4/linuxconf/userconf/shadow.cc Tue Feb 22 17:35:35 2000 *************** *** 81,93 **** */ PUBLIC void SHADOW::setdialog (DIALOG &dia) { ! dia.newf_title ("",MSG_U(T_SHADEF,"Account management defaults")); ! dia.newf_num (MSG_R(F_PASSMAY),may); ! dia.newf_num (MSG_R(F_PASSMUST),must); ! dia.newf_num (MSG_R(F_PASSWARN),warn); ! dia.newf_num (MSG_R(F_PASSEXPIRE),expire); ! dia.newf_num (MSG_U(F_STDDURATION,"Standard account duration") ! ,stdduration); } /* --- 81,97 ---- */ PUBLIC void SHADOW::setdialog (DIALOG &dia) { ! dia.newf_title (MSG_R(T_PARAMS),1,"",MSG_R(T_PASSMNG)); ! static const char *tb[]={MSG_R(I_IGNORED),NULL}; ! static const int tbv[]={-1,0}; ! dia.newf_chkm_num (MSG_R(F_PASSMAY),may,tbv,tb); ! static const int tbv99999[]={99999,0}; ! dia.newf_chkm_num (MSG_R(F_PASSMUST),must,tbv99999,tb); ! dia.newf_chkm_num (MSG_R(F_PASSWARN),warn,tbv,tb); ! dia.newf_chkm_num (MSG_R(F_PASSEXPIRE),expire,tbv,tb); ! static const int tbv0[]={0,0}; ! dia.newf_chkm_num (MSG_U(F_STDDURATION,"Standard account duration") ! ,stdduration,tbv0,tb); } /* *** 1.17r3/linuxconf/userconf/upass.cc Wed Jul 28 17:41:46 1999 --- 1,17r4/linuxconf/userconf/upass.cc Mon Feb 21 11:17:23 2000 *************** *** 8,16 **** #include <dialog.h> #include <module.h> #include "internal.h" ! ! static CONFIG_FILE f_intro (ETC_PASSWD_HTMLINTRO,help_nil ! ,CONFIGF_OPTIONNAL); void upass_setintro (DIALOG &dia, const char *server) { --- 8,14 ---- #include <dialog.h> #include <module.h> #include "internal.h" ! #include <paths.h> void upass_setintro (DIALOG &dia, const char *server) { *************** *** 19,24 **** --- 17,33 ---- file must contain html and will be inserted in the html dialog letting a user change his password. */ + /* Added by jmdault@netrevolution.com on 02/13/2000: + For virtual pop servers, you can supply a file + /etc/vmail/htmlintro.DOMAIN. When a virtual pop + user wants to change his password, he will get + the html from the domain file. + */ + char htmlpath[PATH_MAX]; + sprintf(htmlpath,"%s/htmlintro.%s",ETC_VMAIL,server); + CONFIG_FILE f_intro (htmlpath,help_nil,CONFIGF_OPTIONNAL); + static CONFIG_FILE default_intro (ETC_PASSWD_HTMLINTRO, help_nil,CONFIGF_OPTIONNAL); + FILE *fin = f_intro.fopen ("r"); if (fin != NULL){ char buf[500]; *************** *** 26,47 **** dia.html_top ("%s",buf); } fclose (fin); } dia.html_intro (MSG_U(I_SERVER ,"<center><h2>Server %s</h2></center>\n<hr>\n") ,server); } ! void upass_setend (DIALOG &dia) { ! dia.html_end ("%s" ! ,"<p>\n" ! "<A HREF=http://www.solucorp.qc.ca/linuxconf>\n" ! "<img src=/images:images/managed.gif align=left align=top>\n" ! "</A>\n" ! "<A HREF=http://www.linux.org>\n" ! "<img src=/images:images/power.gif align=right align=top>\n" ! "</A>\n"); } /* --- 35,99 ---- dia.html_top ("%s",buf); } fclose (fin); + } else { + FILE *default_fin = default_intro.fopen ("r"); + if (default_fin != NULL){ + char buf[500]; + while (fgets(buf,sizeof(buf)-1,default_fin)!=NULL){ + dia.html_top ("%s",buf); + } + fclose (default_fin); + } } dia.html_intro (MSG_U(I_SERVER ,"<center><h2>Server %s</h2></center>\n<hr>\n") ,server); } ! void upass_setend (DIALOG &dia, const char *server) { ! /* #Specification: html password dialog / end of page ! The admin may supply a file /etc/passwd.htmlend. This ! file must contain html and will be inserted in the ! html dialog letting a user change his password. ! */ ! /* Added by jmdault@netrevolution.com on 02/13/2000: ! For virtual pop servers, you can supply a file ! /etc/vmail/htmlend.DOMAIN. When a virtual pop ! user wants to change his password, he will get ! the html from the domain file. ! */ ! char htmlpath[PATH_MAX]; ! sprintf(htmlpath,"%s/htmlend.%s",ETC_VMAIL,server); ! CONFIG_FILE f_end (htmlpath,help_nil,CONFIGF_OPTIONNAL); ! static CONFIG_FILE default_end (ETC_PASSWD_HTMLEND,help_nil,CONFIGF_OPTIONNAL); ! ! FILE *fin = f_end.fopen ("r"); ! if (fin != NULL){ ! char buf[500]; ! while (fgets(buf,sizeof(buf)-1,fin)!=NULL){ ! dia.html_end ("%s",buf); ! } ! fclose (fin); ! } else { ! FILE *default_fin = default_end.fopen ("r"); ! if (default_fin != NULL){ ! char buf[500]; ! while (fgets(buf,sizeof(buf)-1,default_fin)!=NULL){ ! dia.html_end ("%s",buf); ! } ! fclose (default_fin); ! } else { ! dia.html_end ("%s", ! "<p>\n" ! "<A HREF=http://www.solucorp.qc.ca/linuxconf>\n" ! "<img border=0 src=/images:images/managed.gif align=left align=top>\n" ! "</A>\n" ! "<A HREF=http://www.linux.org>\n" ! "<img border=0 src=/images:images/power.gif align=right align=top>\n" ! "</A>\n"); ! } ! } } /* *************** *** 58,64 **** DIALOG dia; upass_setintro(dia,server); dia.html_intro (MSG_U(I_IDENTIFY ! ,"Enter you account id and your current password\n" "followed by the new password you want. You must\n" "enter it twice to make sure you have it right")); --- 110,116 ---- DIALOG dia; upass_setintro(dia,server); dia.html_intro (MSG_U(I_IDENTIFY ! ,"Enter your account id and your current password\n" "followed by the new password you want. You must\n" "enter it twice to make sure you have it right")); *************** *** 70,76 **** SSTRING npass2; dia.newf_pass (MSG_U(F_NEWPASSWORD,"New password"),npass1); dia.newf_pass (MSG_U(F_PASSCONFIRM,"New password again"),npass2); ! upass_setend (dia); if (dia.edit (MSG_U(T_IDENTIFY,"Change your password") ,"" --- 122,128 ---- SSTRING npass2; dia.newf_pass (MSG_U(F_NEWPASSWORD,"New password"),npass1); dia.newf_pass (MSG_U(F_PASSCONFIRM,"New password again"),npass2); ! upass_setend (dia,server); if (dia.edit (MSG_U(T_IDENTIFY,"Change your password") ,"" *************** *** 126,132 **** upass_setintro(dia,hostname); SSTRING account; dia.newf_str (MSG_R(F_ACCOUNT),account); ! upass_setend (dia); int nof = 0; if (dia.edit (MSG_U(T_YOURNAME,"Your account ID") ,MSG_U(I_YOURNAME,"Please enter your account name") --- 178,184 ---- upass_setintro(dia,hostname); SSTRING account; dia.newf_str (MSG_R(F_ACCOUNT),account); ! upass_setend (dia,hostname); int nof = 0; if (dia.edit (MSG_U(T_YOURNAME,"Your account ID") ,MSG_U(I_YOURNAME,"Please enter your account name") *** 1.17r3/linuxconf/userconf/user.cc Mon Feb 7 15:34:37 2000 --- 1,17r4/linuxconf/userconf/user.cc Tue Feb 22 17:22:31 2000 *************** *** 744,751 **** ,*pt); } } ! dia.newf_str (MSG_U(F_HOME,"Home directory(opt)"),wrkdir); ! if (categ != TUSER_POP && editshell){ /* #Specification: user account / shell selection / list For different reasons, the list of shell available when managing an account is limited. The admin has to choose --- 744,753 ---- ,*pt); } } ! if (policies_mayedithome()){ ! dia.newf_str (MSG_U(F_HOME,"Home directory(opt)"),wrkdir); ! } ! if (categ != TUSER_POP && editshell && policies_mayeditshell()){ /* #Specification: user account / shell selection / list For different reasons, the list of shell available when managing an account is limited. The admin has to choose *************** *** 793,800 **** bool override = users.has_add_override(); if (is_new && !override) uid = users.getnewuid(); if (uid != -1) struid.setfrom (uid); ! // FIELD *fuid = ! dia.newf_str (MSG_U(F_UID,"User ID(opt)"),struid); if (categ==TUSER_ADMIN || categ == TUSER_POP || categ == TUSER_UUCP --- 795,803 ---- bool override = users.has_add_override(); if (is_new && !override) uid = users.getnewuid(); if (uid != -1) struid.setfrom (uid); ! if (policies_mayedithome()){ ! dia.newf_str (MSG_U(F_UID,"User ID(opt)"),struid); ! } if (categ==TUSER_ADMIN || categ == TUSER_POP || categ == TUSER_UUCP *************** *** 806,812 **** } SSTRING disable_str; int disable_field = 0; ! if (users.has_shadow()){ dia.newf_title (MSG_U(T_PARAMS,"Params"),1,"" ,MSG_U(T_PASSMNG,"Password management")); if (shadow->last > 0){ --- 809,815 ---- } SSTRING disable_str; int disable_field = 0; ! if (users.has_shadow() && policies_mayshowshadow()){ dia.newf_title (MSG_U(T_PARAMS,"Params"),1,"" ,MSG_U(T_PASSMNG,"Password management")); if (shadow->last > 0){ *** 1.17r3/linuxconf/userconf/userconf.m Mon Dec 13 21:53:14 1999 --- 1,17r4/linuxconf/userconf/userconf.m Tue Feb 22 17:22:50 2000 *************** *** 2,8 **** #ifndef DICTIONARY_REQUEST #define DICTIONARY_REQUEST \ const char **_dictionary_userconf;\ ! TRANSLATE_SYSTEM_REQ _dictionary_req_userconf("userconf",_dictionary_userconf,253,14);\ void dummy_dict_userconf(){} #endif #ifndef MSG_U --- 2,8 ---- #ifndef DICTIONARY_REQUEST #define DICTIONARY_REQUEST \ const char **_dictionary_userconf;\ ! TRANSLATE_SYSTEM_REQ _dictionary_req_userconf("userconf",_dictionary_userconf,256,15);\ void dummy_dict_userconf(){} #endif #ifndef MSG_U *************** *** 134,268 **** #define E_ROOTID 118 #define T_NEWUSER 119 #define F_WASCHG 120 ! #define T_SHADEF 121 ! #define F_STDDURATION 122 ! #define F_WASISDIS 123 ! #define E_IVLDDATE 124 ! #define E_ROOTPASS 125 ! #define M_EALIAS 126 ! #define E_SHELLNOTEXEC 127 ! #define F_NEWPASSWORD 128 ! #define F_PASSCONFIRM 129 ! #define T_IDENTIFY 130 ! #define I_IDENTIFY 131 ! #define E_IVLDUPASS 132 ! #define F_ACCOUNT 133 ! #define F_CURPASSWORD 134 ! #define N_NEWPASSOK 135 ! #define I_SERVER 136 ! #define E_UPASSROOT 137 ! #define E_ACCTLOCKED 138 ! #define E_PASSLOCKED 139 ! #define E_PASSWAIT 140 ! #define E_PICKNEW 141 ! #define F_CRONRANGE 142 ! #define F_COMMAND 143 ! #define F_MONTHS 144 ! #define F_ISJANUARY 145 ! #define F_ISDECEMBER 146 ! #define F_DMONTH 147 ! #define F_DWEEK 148 ! #define F_ISSUNDAY 149 ! #define F_ISSATURDAY 150 ! #define F_HOURS 151 ! #define F_MINUTES 152 ! #define T_CRONENTRY 153 ! #define I_CRONENTRY 154 ! #define T_JOBS 155 ! #define B_TASKS 156 ! #define F_3VALUES 157 ! #define F_CRONSTEP 158 ! #define F_ENABLED 159 ! #define P_CRON 160 ! #define F_EVERY 161 ! #define F_MONTH 162 ! #define F_DAYOFMONTH 163 ! #define F_DAYOFWEEK 164 ! #define F_hOURS 165 ! #define F_mINUTES 166 ! #define T_BASE 167 ! #define T_PARAMS 168 ! #define M_NORMAL 169 ! #define T_PRIVROOTEQUIV 170 ! #define T_PSYSCONTROL 171 ! #define T_CHGROOTPASS 172 ! #define I_ENTERROOTPASS 173 ! #define T_POLICIES 174 ! #define E_PASSWDCMD 175 ! #define E_UNLOCKPASS 176 ! #define H_GROUPS 177 ! #define F_USERPREFIX 178 ! #define I_USERPREFIX 179 ! #define T_USERPREFIX 180 ! #define H_USERS 181 ! #define T_GDISKQUOTA 182 ! #define T_UDEFDISKQUOTA 183 ! #define T_DISKQUOTA 184 ! #define F_DEFSHELL 185 ! #define E_IVLDDEF 186 ! #define E_NOSPACE 187 ! #define E_IVLDPERIOD 188 ! #define E_UEXIST 189 ! #define E_UNOTEXIST 190 ! #define T_SPCACCTS 191 ! #define X_PASSWD 192 ! #define X_TASKS 193 ! #define F_DEFHOME 194 ! #define E_GNOTEXIST 195 ! #define F_NEWUSERCMD 196 ! #define F_DELETECMD 197 ! #define E_NOTDEL 198 ! #define I_NOTDEL 199 ! #define E_DELANYWAY 200 ! #define I_DELANYWAY 201 ! #define E_PREDELFAIL 202 ! #define F_PRIVGROUP 203 ! #define I_PRIVGROUP 204 ! #define E_NOGROUP 205 ! #define I_CREATEGROUP 206 ! #define T_CREATGROUP 207 ! #define F_SUPGROUP 208 ! #define E_IVLDSUPGROUP 209 ! #define F_GECOSPREFIX 210 ! #define F_UID_FROM 211 ! #define F_UID_TO 212 ! #define E_GEXIST 213 ! #define F_GROUPOPT 214 ! #define F_ARCHIVECMD 215 ! #define F_POSTDELCMD 216 ! #define I_ARCHACCTDATA 217 ! #define I_DELACCTDATA 218 ! #define I_LEAVEDATA 219 ! #define T_DELACCT 220 ! #define I_DELACCT 221 ! #define I_ENABLED 222 ! #define T_YOURNAME 223 ! #define I_YOURNAME 224 ! #define E_PASSCHG 225 ! #define I_DELETING 226 ! #define I_CREATING 227 ! #define T_SPCLINKS 228 ! #define T_CHGPASS 229 ! #define T_EdITUSERS 230 ! #define T_HOMEDIRS 231 ! #define F_DIFFDIR 232 ! #define I_CREATEHOME 233 ! #define F_HOMEBASE 234 ! #define F_CREATEPERM 235 ! #define Q_MISSBASE 236 ! #define T_MISSBASE 237 ! #define E_IVLDDIR 238 ! #define I_USAGE 239 ! #define F_DONOTHING 240 ! #define F_CHOWNDIR 241 ! #define T_FIXHOME 242 ! #define F_CHOWNRECUR 243 ! #define I_IGNORED 244 ! #define T_USERPRIVI 245 ! #define T_GENPRIVI 246 ! #define T_USERADMPRIVI 247 ! #define T_THISHELP 248 ! #define E_IVLDLOGINCHAR 249 ! #define E_FAILCREATE 250 ! #define P_USERACCOUTS 251 ! #define N_MAXALTGR 252 --- 134,271 ---- #define E_ROOTID 118 #define T_NEWUSER 119 #define F_WASCHG 120 ! #define F_STDDURATION 121 ! #define F_WASISDIS 122 ! #define E_IVLDDATE 123 ! #define E_ROOTPASS 124 ! #define M_EALIAS 125 ! #define E_SHELLNOTEXEC 126 ! #define F_NEWPASSWORD 127 ! #define F_PASSCONFIRM 128 ! #define T_IDENTIFY 129 ! #define I_IDENTIFY 130 ! #define E_IVLDUPASS 131 ! #define F_ACCOUNT 132 ! #define F_CURPASSWORD 133 ! #define N_NEWPASSOK 134 ! #define I_SERVER 135 ! #define E_UPASSROOT 136 ! #define E_ACCTLOCKED 137 ! #define E_PASSLOCKED 138 ! #define E_PASSWAIT 139 ! #define E_PICKNEW 140 ! #define F_CRONRANGE 141 ! #define F_COMMAND 142 ! #define F_MONTHS 143 ! #define F_ISJANUARY 144 ! #define F_ISDECEMBER 145 ! #define F_DMONTH 146 ! #define F_DWEEK 147 ! #define F_ISSUNDAY 148 ! #define F_ISSATURDAY 149 ! #define F_HOURS 150 ! #define F_MINUTES 151 ! #define T_CRONENTRY 152 ! #define I_CRONENTRY 153 ! #define T_JOBS 154 ! #define B_TASKS 155 ! #define F_3VALUES 156 ! #define F_CRONSTEP 157 ! #define F_ENABLED 158 ! #define P_CRON 159 ! #define F_EVERY 160 ! #define F_MONTH 161 ! #define F_DAYOFMONTH 162 ! #define F_DAYOFWEEK 163 ! #define F_hOURS 164 ! #define F_mINUTES 165 ! #define T_BASE 166 ! #define T_PARAMS 167 ! #define M_NORMAL 168 ! #define T_PRIVROOTEQUIV 169 ! #define T_PSYSCONTROL 170 ! #define T_CHGROOTPASS 171 ! #define I_ENTERROOTPASS 172 ! #define T_POLICIES 173 ! #define E_PASSWDCMD 174 ! #define E_UNLOCKPASS 175 ! #define H_GROUPS 176 ! #define F_USERPREFIX 177 ! #define I_USERPREFIX 178 ! #define T_USERPREFIX 179 ! #define H_USERS 180 ! #define T_GDISKQUOTA 181 ! #define T_UDEFDISKQUOTA 182 ! #define T_DISKQUOTA 183 ! #define F_DEFSHELL 184 ! #define E_IVLDDEF 185 ! #define E_NOSPACE 186 ! #define E_IVLDPERIOD 187 ! #define E_UEXIST 188 ! #define E_UNOTEXIST 189 ! #define T_SPCACCTS 190 ! #define X_PASSWD 191 ! #define X_TASKS 192 ! #define F_DEFHOME 193 ! #define E_GNOTEXIST 194 ! #define F_NEWUSERCMD 195 ! #define F_DELETECMD 196 ! #define E_NOTDEL 197 ! #define I_NOTDEL 198 ! #define E_DELANYWAY 199 ! #define I_DELANYWAY 200 ! #define E_PREDELFAIL 201 ! #define F_PRIVGROUP 202 ! #define I_PRIVGROUP 203 ! #define E_NOGROUP 204 ! #define I_CREATEGROUP 205 ! #define T_CREATGROUP 206 ! #define F_SUPGROUP 207 ! #define E_IVLDSUPGROUP 208 ! #define F_GECOSPREFIX 209 ! #define F_UID_FROM 210 ! #define F_UID_TO 211 ! #define E_GEXIST 212 ! #define F_GROUPOPT 213 ! #define F_ARCHIVECMD 214 ! #define F_POSTDELCMD 215 ! #define I_ARCHACCTDATA 216 ! #define I_DELACCTDATA 217 ! #define I_LEAVEDATA 218 ! #define T_DELACCT 219 ! #define I_DELACCT 220 ! #define I_ENABLED 221 ! #define T_YOURNAME 222 ! #define I_YOURNAME 223 ! #define E_PASSCHG 224 ! #define I_DELETING 225 ! #define I_CREATING 226 ! #define T_SPCLINKS 227 ! #define T_CHGPASS 228 ! #define T_EdITUSERS 229 ! #define T_HOMEDIRS 230 ! #define F_DIFFDIR 231 ! #define I_CREATEHOME 232 ! #define F_HOMEBASE 233 ! #define F_CREATEPERM 234 ! #define Q_MISSBASE 235 ! #define T_MISSBASE 236 ! #define E_IVLDDIR 237 ! #define I_USAGE 238 ! #define F_DONOTHING 239 ! #define F_CHOWNDIR 240 ! #define T_FIXHOME 241 ! #define F_CHOWNRECUR 242 ! #define I_IGNORED 243 ! #define T_USERPRIVI 244 ! #define T_GENPRIVI 245 ! #define T_USERADMPRIVI 246 ! #define T_THISHELP 247 ! #define E_IVLDLOGINCHAR 248 ! #define E_FAILCREATE 249 ! #define P_USERACCOUTS 250 ! #define N_MAXALTGR 251 ! #define I_SHOWSHADOW 252 ! #define I_EDITHOME 253 ! #define T_SCRIPTS 254 ! #define I_EDITSHELL 255 *** 1.17r3/linuxconf/userconf/userconf.p Thu Jan 6 00:24:04 2000 --- 1,17r4/linuxconf/userconf/userconf.p Tue Feb 22 17:22:52 2000 *************** *** 1,4 **** - /* _dict.cc 14/08/1996 15.00.36 */ /* cron.cc 08/01/1999 23.36.04 */ int cron_install (const char *user, const char *options); void cron_edit (const char *user, const char *suggest[][2]); --- 1,3 ---- *************** *** 12,18 **** const char *dweeks, const char *months); int cron_delcmd (const char *user, const char *cmd); ! /* fileowner.cc 13/12/1999 21.53.12 */ /* group.cc 12/12/1999 22.12.46 */ const char *group_gethomebase (const char *gname); bool group_homeneeded (const char *gname); --- 11,18 ---- const char *dweeks, const char *months); int cron_delcmd (const char *user, const char *cmd); ! /* _dict.cc 14/08/1996 15.00.36 */ ! /* fileowner.cc 20/01/2000 20.40.46 */ /* group.cc 12/12/1999 22.12.46 */ const char *group_gethomebase (const char *gname); bool group_homeneeded (const char *gname); *************** *** 29,35 **** /* helpf.cc 14/08/1996 15.01.30 */ /* internal.cc 27/08/1995 12.26.28 */ /* passwd_chat.cc 24/06/1999 13.08.06 */ ! /* passwd_valid.cc 12/12/1999 22.04.58 */ const char *policies_getdefhome (void); int policies_getcreateperm (void); const char *policies_getcreatecmd (void); --- 29,35 ---- /* helpf.cc 14/08/1996 15.01.30 */ /* internal.cc 27/08/1995 12.26.28 */ /* passwd_chat.cc 24/06/1999 13.08.06 */ ! /* passwd_valid.cc 22/02/2000 17.22.46 */ const char *policies_getdefhome (void); int policies_getcreateperm (void); const char *policies_getcreatecmd (void); *************** *** 37,43 **** const char *policies_getpostdeletecmd (void); const char *policies_getdeletecmd (void); const char *policies_getarchivecmd (void); ! /* perm.cc 06/01/2000 00.22.48 */ void passwd_sethook (int (*_fct_check)(const char *user), int (*_fct_change)(const char *user, bool pre_authenticated), int (*_fct_check_pair)(const char *user, const char *passwd)); --- 37,46 ---- const char *policies_getpostdeletecmd (void); const char *policies_getdeletecmd (void); const char *policies_getarchivecmd (void); ! bool policies_mayedithome (void); ! bool policies_mayeditshell (void); ! bool policies_mayshowshadow (void); ! /* perm.cc 06/01/2000 00.39.28 */ void passwd_sethook (int (*_fct_check)(const char *user), int (*_fct_change)(const char *user, bool pre_authenticated), int (*_fct_check_pair)(const char *user, const char *passwd)); *************** *** 65,71 **** PRIVILEGE_DATAS&tb, PRIVILEGE *priv); USERACCT_COMNG *privi_newcomng (const char *key, DICTIONARY&dict); ! /* shadow.cc 01/05/1998 15.19.00 */ int shadow_exist (void); /* shells.cc 04/05/1999 11.53.22 */ bool shells_isok (const char *path); --- 68,74 ---- PRIVILEGE_DATAS&tb, PRIVILEGE *priv); USERACCT_COMNG *privi_newcomng (const char *key, DICTIONARY&dict); ! /* shadow.cc 22/02/2000 17.16.40 */ int shadow_exist (void); /* shells.cc 04/05/1999 11.53.22 */ bool shells_isok (const char *path); *************** *** 86,101 **** /* special.cc 09/12/1996 16.22.12 */ int special_init (const char *group, USER *&special); PRIVILEGE *special_getpriv (const char *group); ! /* upass.cc 28/07/1999 17.41.46 */ void upass_setintro (DIALOG&dia, const char *server); ! void upass_setend (DIALOG&dia); void userconf_editupass (USERS&users, const char *server); void userconf_editupass (void); ! /* user.cc 13/12/1999 21.53.14 */ int user_splitline (const char *line, char words[9][100]); bool user_isadmin (const char *loginid); int pass_isweak (const char *pass); - /* user1.cc 10/05/1999 23.12.24 */ /* usercomng.cc 12/12/1999 22.09.12 */ /* userconf.cc 12/12/1999 22.10.52 */ const char *userconf_getprivsection (void); --- 89,104 ---- /* special.cc 09/12/1996 16.22.12 */ int special_init (const char *group, USER *&special); PRIVILEGE *special_getpriv (const char *group); ! /* upass.cc 21/02/2000 11.17.22 */ void upass_setintro (DIALOG&dia, const char *server); ! void upass_setend (DIALOG&dia, const char *server); void userconf_editupass (USERS&users, const char *server); void userconf_editupass (void); ! /* user1.cc 10/05/1999 23.12.24 */ ! /* user.cc 22/02/2000 17.22.30 */ int user_splitline (const char *line, char words[9][100]); bool user_isadmin (const char *loginid); int pass_isweak (const char *pass); /* usercomng.cc 12/12/1999 22.09.12 */ /* userconf.cc 12/12/1999 22.10.52 */ const char *userconf_getprivsection (void); *** 1.17r3/linuxconf/userconf/userconf.pm Thu Jan 6 00:24:04 2000 --- 1,17r4/linuxconf/userconf/userconf.pm Tue Feb 22 17:22:52 2000 *************** *** 1,4 **** - /* _dict.cc 14/08/1996 15.00.36 */ /* cron.cc 08/01/1999 23.36.04 */ PRIVATE void CRON_ENTRY::parse (const char *buf); PUBLIC CRON_ENTRY::CRON_ENTRY (const char *buf); --- 1,3 ---- *************** *** 17,23 **** const char *dweeks, const char *months); PUBLIC int CRONTAB::delcmd (const char *cmd); ! /* fileowner.cc 13/12/1999 21.53.12 */ /* group.cc 12/12/1999 22.12.46 */ PRIVATE void GROUP::settbmem (char **members); PRIVATE void GROUP::init (const char *_name, --- 16,23 ---- const char *dweeks, const char *months); PUBLIC int CRONTAB::delcmd (const char *cmd); ! /* _dict.cc 14/08/1996 15.00.36 */ ! /* fileowner.cc 20/01/2000 20.40.46 */ /* group.cc 12/12/1999 22.12.46 */ PRIVATE void GROUP::settbmem (char **members); PRIVATE void GROUP::init (const char *_name, *************** *** 71,81 **** PUBLIC USERCONF_HELP_FILE::USERCONF_HELP_FILE (const char *fname); /* internal.cc 27/08/1995 12.26.28 */ /* passwd_chat.cc 24/06/1999 13.08.06 */ ! /* passwd_valid.cc 12/12/1999 22.04.58 */ PUBLIC void PASSWD_VALID::write (void); PUBLIC PASSWD_VALID::PASSWD_VALID (void); PUBLIC void PASSWD_VALID::edit (void); ! /* perm.cc 06/01/2000 00.22.48 */ /* privi.cc 12/12/1999 22.09.12 */ PUBLIC PRIVILEGE::PRIVILEGE (const char *_id, TRANS_NOTLOAD *_title, --- 71,81 ---- PUBLIC USERCONF_HELP_FILE::USERCONF_HELP_FILE (const char *fname); /* internal.cc 27/08/1995 12.26.28 */ /* passwd_chat.cc 24/06/1999 13.08.06 */ ! /* passwd_valid.cc 22/02/2000 17.22.46 */ PUBLIC void PASSWD_VALID::write (void); PUBLIC PASSWD_VALID::PASSWD_VALID (void); PUBLIC void PASSWD_VALID::edit (void); ! /* perm.cc 06/01/2000 00.39.28 */ /* privi.cc 12/12/1999 22.09.12 */ PUBLIC PRIVILEGE::PRIVILEGE (const char *_id, TRANS_NOTLOAD *_title, *************** *** 116,122 **** PUBLIC int USERPRIVI_COMNG::deluser (PRIVILEGE *); PUBLIC REGISTER_PRIVI_HELP::REGISTER_PRIVI_HELP (HELP_FILE&_help, TRANS_NOTLOAD *_title); ! /* shadow.cc 01/05/1998 15.19.00 */ PUBLIC SHADOW::SHADOW (const char *line); PRIVATE void SHADOW::initdef (void); PUBLIC SHADOW::SHADOW (void); --- 116,122 ---- PUBLIC int USERPRIVI_COMNG::deluser (PRIVILEGE *); PUBLIC REGISTER_PRIVI_HELP::REGISTER_PRIVI_HELP (HELP_FILE&_help, TRANS_NOTLOAD *_title); ! /* shadow.cc 22/02/2000 17.16.40 */ PUBLIC SHADOW::SHADOW (const char *line); PRIVATE void SHADOW::initdef (void); PUBLIC SHADOW::SHADOW (void); *************** *** 138,145 **** PUBLIC int SHADOWS::write (PRIVILEGE *priv); /* shells.cc 04/05/1999 11.53.22 */ /* special.cc 09/12/1996 16.22.12 */ ! /* upass.cc 28/07/1999 17.41.46 */ ! /* user.cc 13/12/1999 21.53.14 */ PUBLIC bool USER::statuschanged (bool&active); PRIVATE void USER::init (const char *_name, const char *_passwd, --- 138,149 ---- PUBLIC int SHADOWS::write (PRIVILEGE *priv); /* shells.cc 04/05/1999 11.53.22 */ /* special.cc 09/12/1996 16.22.12 */ ! /* upass.cc 21/02/2000 11.17.22 */ ! /* user1.cc 10/05/1999 23.12.24 */ ! PUBLIC int USER::getcateg (void)const; ! PUBLIC bool USER::is_like (const USER *other)const; ! PUBLIC void USER::setlike (const USER *other); ! /* user.cc 22/02/2000 17.22.30 */ PUBLIC bool USER::statuschanged (bool&active); PRIVATE void USER::init (const char *_name, const char *_passwd, *************** *** 207,216 **** const char *domain); PUBLIC int USER::edithispass_notty (SHADOW *shadow, const char *domain); - /* user1.cc 10/05/1999 23.12.24 */ - PUBLIC int USER::getcateg (void)const; - PUBLIC bool USER::is_like (const USER *other)const; - PUBLIC void USER::setlike (const USER *other); /* usercomng.cc 12/12/1999 22.09.12 */ PUBLIC USERACCT_COMNG::USERACCT_COMNG (DICTIONARY&_dict); PUBLIC VIRTUAL void USERACCT_COMNG::setupdia (DIALOG&dia); --- 211,216 ---- *** 1.17r3/linuxconf/vpop3d/vdeliver.cc Sun Dec 12 22:23:14 1999 --- 1,17r4/linuxconf/vpop3d/vdeliver.cc Thu Feb 17 23:05:40 2000 *************** *** 20,25 **** --- 20,26 ---- // Error code returned to sendmail #define VERR_USER_UNKNOWN 67 #define VERR_CANTCREAT 73 + #define VERR_NOPERM 77 static void vdeliver_checkdir(const char *dirpath) { *************** *** 305,310 **** --- 306,312 ---- || st.st_size+ctx->mailsize > uquota)){ deliver = false; ret = VERR_CANTCREAT; + fprintf (stderr,"Out of disk quota for this user inbox\n"); } } if (deliver){ *** 1.17r3/linuxconf/doc/guiapi.sgml Fri Jan 7 14:08:27 2000 --- 1,17r4/linuxconf/doc/guiapi.sgml Thu Feb 10 12:00:16 2000 *************** *** 77,101 **** Here are the feature currently understood. <descrip> ! <tag/reconfdia/ ! ! The front-end accept a redefinition of an existing dialog. ! ! <tag/slider/ ! The front-end has a slider widget. <tag/gauge/ The front-end has a gauge widget. ! <tag/setval/ ! The front-end supports the Setval primitive. ! <tag/alive/ ! The front-end supports the Alive primitive. <tag/modal/ --- 77,97 ---- Here are the feature currently understood. <descrip> ! <tag/alive/ ! The front-end supports the Alive primitive. <tag/gauge/ The front-end has a gauge widget. ! <tag/context/ ! The front-end supports the Setcontext primitive. ! <tag/html/ ! The front-end can display HTML help. <tag/modal/ *************** *** 107,119 **** No icon should be sent. The front-end either does not support it or the user which to limit the amount of data transfered. ! <tag/treemenu/ ! The front-end has a treemenu widget. ! <tag/html/ ! The front-end can display HTML help. </descrip> --- 103,123 ---- No icon should be sent. The front-end either does not support it or the user which to limit the amount of data transfered. ! <tag/reconfdia/ ! The front-end accept a redefinition of an existing dialog. ! <tag/setval/ ! The front-end supports the Setval primitive. ! ! <tag/slider/ ! ! The front-end has a slider widget. ! ! <tag/treemenu/ ! ! The front-end has a treemenu widget. </descrip>

1.1 Policies for password !

1.2 Private group +

1.3 Default base directory for homes +

1.4 Creation permissions +

1.5 Show the shadow parameters +

1.6 May change the HOME directory path +

1.7 May change the login shell +

3.1 Command line arguments !

3.2 Delete account command !

3.3 Archive account command !

3.4 Post-create command !

3.5 Pre-delete command !

Internet firewall

Introduction

Hosts allow and deny

Introduction