search for: libwrap

Hello, There is a small but annoying problem with linking libwrap in openssh. The library is added to LIBS which makes it be linked in to all binaries. This is unnecessary and leads to bogus dependencies if libwrap is a shared library. Following is a trivial fix that reserves a separate autoconf substitution variable LIBWRAP, which is only used for sshd. Pleas...

Hello all, after a useless discussion on the opensuse ML I had to find out that they buried the removal news of libwrap last year in some half-sentence. So this is unfortunately pretty late for the topic. Nevertheless it is pretty obvious that you did not get any feedback from people using ssh over decades in server-administration. Let me make a clear point: libwrap removal was a pretty bad idea. It is a well-used s...

Since I've been using this for maybe a year now, maybe someone else is interested in restricting IMAP and POP logins via libwrap. In addition to the attached patch (against 1.0.5) to src/login-common/main.c, src/{imap,pop3}-login/Makefile.in have to be modified to link against libwrap. Of course, the option needs to be integrated into configure in the long run. -------------- next part -------------- --- src/login-common/ma...

...y in depth," citing a case where binding to an interface isn't granular enough, but I still tend to agree with Arjen and Arnaud that ACLs are better handled by a central firewall. As a second layer of defense, how do you all feel about the "TCP wrappers" functionality in libwrap? As I understand it, the hosts.allow and hosts.deny files offer the same level of granularity that the NUT ACL functionality provided, but with the advantage of a more well-known (and hopefully well-scrutinized) codebase. Many Linux distributions have shipped libwrap for years, and it shou...

...83 Makefile.in --- Makefile.in 23 Oct 2006 21:44:47 -0000 1.283 +++ Makefile.in 24 Mar 2007 10:49:45 -0000 @@ -44,11 +44,8 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ -LIBSELINUX=@LIBSELINUX@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ -LIBPAM=@LIBPAM@ -LIBWRAP=@LIBWRAP@ AR=@AR@ AWK=@AWK@ RANLIB=@RANLIB@ @@ -139,7 +136,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $...

Hi, A few things regarding logging and libwrap.. a) PAM_RHOST patch Back in July, dean gaudet helpfully posted a patch to dovecot PAM_RHOST the remote IP. Is this going to be included in the main dovecot tree? It seems like a worthwhile addition. The more informative and concise the logging the better. See http://www.dovecot.org/list/dovec...

...not having some of its global variables defined, so linking it to anything but sshd is bad. This patch fixes Makefile.in and configure/configure.in to make this work. Thanks, David --- configure.orig Tue Dec 7 01:10:51 1999 +++ configure Wed Dec 8 12:46:12 1999 @@ -2242,7 +2242,7 @@ #define LIBWRAP 1 EOF - LIBS="$LIBS -lwrap" + LIBWRAP="-lwrap" fi @@ -2377,6 +2377,7 @@ s%@DEFS@%$DEFS%g s%@LDFLAGS@%$LDFLAGS%g s%@LIBS@%$LIBS%g +s%@LIBWRAP@%$LIBWRAP%g s%@exec_prefix@%$exec_prefix%g s%@prefix@%$prefix%g s%@program_transform_name@%$program_transform_name%g ---...

Hello there, I have been trying to make the patch work for libwrap(TCP Wrappers) posted on http://dovecot.org/patches <http://dovecot.org/patches%20Patch%20of%201.1> Patch of 1.1 but could not get it work. Any help will be highly appreciated. After compiling and running it I get error "Error: login_tcp_wrappers can't be used because Dovecot wasn...

On Thu, May 21, 2015 at 1:05 AM, Michael Stone <mstone at mathom.us> wrote: > On Wed, May 20, 2015 at 03:58:22PM +0200, Stephan von Krawczynski wrote: > >> Show me this as an example of your firewall skills and replace this >> hosts.allow entry: >> >> sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected >> me | >>

I'm trying to kickstart 2.0b3 on my NetBSD system (where 1.2.x works great!), and keep hitting: Fatal: service(tcpwrap) access(/software/dovecot-2.0beta3/libexec/dovecot/tcpwrap) failed: No such file or directory Indeed, that file doesn't exist...but I don't have nor want libwrap. It appears that doveconf includes tcpwrap... service tcpwrap { chroot = client_limit = 1 drop_priv_before_exec = no executable = tcpwrap extra_groups = group = privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = u...

...cal/lib -R/opt/local/lib -ldl -L/usr/local/lib -R/usr/local/lib -lssh -lopenbsd-compat -lwrap -lz -lsocket -lnsl -lcrypto Undefined first referenced symbol in file method_kbdint auth2.o getipnodebyname ./libwrap.a(misc.o) inet_pton ./libwrap.a(hosts_access.o) inet_ntop ./libwrap.a(socket.o) freehostent ./libwrap.a(misc.o) ld: fatal: Symbol referencing errors. No output written to sshd collect2: ld returned 1 exit status *** Error c...

Is there plans to use libwrap Or is there already some kind of access control i have missed?? What i really want is a mechanism so i can say: If The request comes from "123.121.212.0" dont offer ssl and accept plain else demand ssl and no plain I now have this (almost) in another imap server by xinetd and two ip ad...

Hi! Is there any reason why support for the libwrap code isn't included in the X11 forwarding code? I'd like to restrict access to that port. How many applications would break if the tcp port would be closed and only the unix-domain socket would be available? It's true that x11 forwardings can be considered as a security risk and th...

I have compiled dovecot2 for FreeBSD with the tcpwrap option. A tcpwrap binary gets built and resides in the FreeBSD directory /usr/local/libexec/dovecot an examination of the compiled options (using the FreeBSD pkg install dovecot2) confirms: LIBWRAP : on yet, when I adjust dovecot.conf with: login_access_sockets = tcpwrap I get the following logged error message: 20161229 17:02:49 imap-login: Error: connect(tcpwrap) failed: No such file or directory Is there any way to turn up some super logging so that I can find just what dovecot feel...

Hello I managed to compile from ports (i've used package too) icecast 1.3.12. It often works good, but sometimes i get error: [20/Oct/2002:18:43:09] Kicking unknown 11 [195.117.29.210] [Access Denied (libwrap (client connection))], connected for 6 seconds [20/Oct/2002:19:12:51] Accepted encoder on mountpoint /icy_0 from 217.98.93.59. 1 sources connected [20/Oct/2002:19:18:04] Kicking unknown 14 [217.98.93.59] [Displayed mountlist], connected for 1 seconds Fatal error 'longjmp()ing between thread con...

Hello, I try to compile openssh-2.9p1 on a SGI Origin 200 computer under IRIX 6.5 with the option --with-tcp-wrappers enable. I have also compiled tcp-wrapper and have installed the library libwrap.a in /usr/lib and the file tcpd.h in /usr/include. When i run the ./configure script i have a error. The script asked me that the libwrap is missing. How can i resolve this ? Thanks. Bests Regards Fabien Muller

I have set up entries in /etc/hosts.allow and /etc/hosts.deny as follows: /etc/hosts.allow sendmail : 10.0.0.0/255.0.0.0 sendmail : LOCAL /etc/hosts.deny sendmail : ALL When I try to connect to port 25 from an Internet host via telnet, the server still responds as usual. The only difference I see is this in my /var/log/maillog: Apr 24 15:41:49 server sendmail[20691]: m3OKfna20691: tcpwrappers

...I have compiled dovecot2 for FreeBSD with the tcpwrap option. >> >> A tcpwrap binary gets built and resides in the FreeBSD directory >> /usr/local/libexec/dovecot >> >> an examination of the compiled options (using the FreeBSD pkg install >> dovecot2) confirms: LIBWRAP : on >> >> yet, when I adjust dovecot.conf with: login_access_sockets = tcpwrap >> >> I get the following logged error message: >> >> 20161229 17:02:49 imap-login: Error: connect(tcpwrap) failed: No such file >> or directory >> >> Is there any...

...int, the effort to update for a release is about 3 minutes plus time to adapt anythhing that has changed. So I'd much rather have releases more often.) In the pkgsrc build, nut finds tcp wrappers because they are part of the base system. That's generally ok. checking whether to enable libwrap (tcp-wrappers) support... yes There is a program sockdebug.c in server: Making all in server `libparseconf.la' is up to date. CC sockdebug.o `libcommon.la' is up to date. CC upsd.o CC user.o CC conf.o CC netssl.o CC sstate...

Hi, I noticed recently that libwrap (TCP Wrappers) is supported, although disabled by default, in the current Dovecot 2.0 but doesn't seem to be mentioned anywhere on the wiki. Is this working well/at all? Anyone care with experience using this care to share their experiences? My OS is FreeBSD, I noticed on some Linux dis...