dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / tcpd / Makefile
blobada09623742acc0ccc9636b8cbbe79f5adfd6fac
2 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
3 # Use is subject to license terms.
5 # Copyright 2011 Nexenta Systems, Inc. All rights reserved.
8 PROG= safe_finger tcpd tcpdchk tcpdmatch try-from
10 include ../Makefile.cmd
12 CPPFLAGS += $(ACCESS) $(PARANOID) $(NETGROUP) $(TLI) \
13 $(UMASK) $(STYLE) $(TABLES) $(KILL_OPT) $(BUGS) \
14 -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
15 -DFACILITY=$(FACILITY) -DSEVERITY=$(SEVERITY) \
16 -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
17 -I../../lib/libwrap
18 tcpd tcpdmatch try-from := \
19 LDLIBS += -lwrap
20 tcpdchk := LDLIBS += -lwrap
22 CERRWARN += -Wno-unused-variable
23 CERRWARN += -Wno-parentheses
24 CERRWARN += -Wno-uninitialized
25 CERRWARN += -Wno-implicit-function-declaration
26 CERRWARN += -Wno-return-type
27 CERRWARN += -Wno-clobbered
29 MAPFILE.INT.D= mapfile-intf-tcpdchk
30 MAPFILE.INT.M= mapfile-intf-tcpdmatch
31 MAPFILE.INT.F= mapfile-intf-tryfrom
33 tcpdchk := LDFLAGS +=$(MAPFILE.INT.D:%=-Wl,-M%)
34 tcpdmatch := LDFLAGS +=$(MAPFILE.INT.M:%=-Wl,-M%)
35 try-from := LDFLAGS +=$(MAPFILE.INT.F:%=-Wl,-M%)
37 .KEEP_STATE:
39 all: $(PROG)
41 install: all $(ROOTUSRSBINPROG)
43 clean:
44 $(RM) *.o
47 TCPDMATCH_OBJ= tcpdmatch.o fakelog.o inetcf.o scaffold.o
49 tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) $(MAPFILE.INTF.M)
50 $(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS)
51 $(POST_PROCESS)
53 try-from: try-from.o fakelog.o $(LIB) $(MAPFILE.INTF.F)
54 $(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS)
55 $(POST_PROCESS)
57 TCPDCHK_OBJ= tcpdchk.o fakelog.o inetcf.o scaffold.o
59 tcpdchk: $(TCPDCHK_OBJ) $(LIB) $(MAPFILE.INTF.C)
60 $(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS)
61 $(POST_PROCESS)
63 include ../Makefile.targ
65 # The rest of this file contains definitions more-or-less directly from the
66 # original Makefile of the tcp_wrappers distribution.
68 ##############################
69 # System parameters appropriate for Solaris 9
71 REAL_DAEMON_DIR = /usr/sbin
72 TLI = -DTLI
73 NETGROUP = -DNETGROUP
75 ##############################
76 # Start of the optional stuff.
78 ###########################################
79 # Optional: Turning on language extensions
81 # Instead of the default access control language that is documented in
82 # the hosts_access.5 document, the wrappers can be configured to
83 # implement an extensible language documented in the hosts_options.5
84 # document. This language is implemented by the "options.c" source
85 # module, which also gives hints on how to add your own extensions.
86 # Uncomment the next definition to turn on the language extensions
87 # (examples: allow, deny, banners, twist and spawn).
89 STYLE = -DPROCESS_OPTIONS # Enable language extensions.
91 ################################################################
92 # Optional: Changing the default disposition of logfile records
94 # By default, logfile entries are written to the same file as used for
95 # sendmail transaction logs. See your /etc/syslog.conf file for actual
96 # path names of logfiles. The tutorial section in the README file
97 # gives a brief introduction to the syslog daemon.
99 # Change the FACILITY definition below if you disagree with the default
100 # disposition. Some syslog versions (including Ultrix 4.x) do not provide
101 # this flexibility.
103 # If nothing shows up on your system, it may be that the syslog records
104 # are sent to a dedicated loghost. It may also be that no syslog daemon
105 # is running at all. The README file gives pointers to surrogate syslog
106 # implementations for systems that have no syslog library routines or
107 # no syslog daemons. When changing the syslog.conf file, remember that
108 # there must be TABs between fields.
110 # The LOG_XXX names below are taken from the /usr/include/syslog.h file.
112 FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
114 # The syslog priority at which successful connections are logged.
116 SEVERITY= LOG_INFO # LOG_INFO is normally not logged to the console
118 ######################################################
119 # Optional: Changing the default file protection mask
121 # On many systems, network daemons and other system processes are started
122 # with a zero umask value, so that world-writable files may be produced.
123 # It is a good idea to edit your /etc/rc* files so that they begin with
124 # an explicit umask setting. On our site we use `umask 022' because it
125 # does not break anything yet gives adequate protection against tampering.
127 # The following macro specifies the default umask for processes run under
128 # control of the daemon wrappers. Comment it out only if you are certain
129 # that inetd and its children are started with a safe umask value.
131 UMASK = -DDAEMON_UMASK=022
133 #######################################
134 # Optional: Turning off access control
136 # By default, host access control is enabled. To disable host access
137 # control, comment out the following definition. Host access control
138 # can also be turned off at runtime by providing no or empty access
139 # control tables.
141 ACCESS = -DHOSTS_ACCESS
143 ####################################################
144 # Optional: dealing with host name/address conflicts
146 # By default, the software tries to protect against hosts that claim to
147 # have someone elses host name. This is relevant for network services
148 # whose authentication depends on host names, such as rsh and rlogin.
150 # With paranoid mode on, connections will be rejected when the host name
151 # does not match the host address. Connections will also be rejected when
152 # the host name is available but cannot be verified.
154 # Comment out the following definition if you want more control over such
155 # requests. When paranoid mode is off and a host name double check fails,
156 # the client can be matched with the PARANOID access control pattern.
158 # Paranoid mode implies hostname lookup. In order to disable hostname
159 # lookups altogether, see the next section.
161 PARANOID= -DPARANOID
163 # The default username lookup timeout is 10 seconds. This may not be long
164 # enough for slow hosts or networks, but is enough to irritate PC users.
166 RFC931_TIMEOUT = 10
168 ########################################################
169 # Optional: Changing the access control table pathnames
171 # The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
172 # look for access control information. Watch out for the quotes and
173 # backslashes when you make changes.
175 TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
177 #############################################
178 # Optional: Turning on host ADDRESS checking
180 # Optionally, the software tries to protect against hosts that pretend to
181 # have someone elses host address. This is relevant for network services
182 # whose authentication depends on host names, such as rsh and rlogin,
183 # because the network address is used to look up the remote host name.
185 # The protection is to refuse TCP connections with IP source routing
186 # options.
188 # This feature cannot be used with SunOS 4.x because of a kernel bug in
189 # the implementation of the getsockopt() system call. Kernel panics have
190 # been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
191 # fault" while executing the tcp_ctloutput() kernel function.
193 # Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
195 # Uncomment the following macro definition if your getsockopt() is OK.
197 # -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
198 # source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
199 # Solaris 2.x, and Linux. See your system documentation for details.
201 # KILL_OPT= -DKILL_IP_OPTIONS
203 ## End configuration options
204 ############################