--- 1.1	1995/05/18 22:03:23
+++ Makefile	1995/05/18 22:08:18
@@ -1,4 +1,5 @@
 # @(#) Makefile 1.18 95/01/30 19:51:42
+CC=gcc
 
 what:
 	@echo
@@ -40,6 +41,7 @@
 # Uncomment the appropriate line if you are going to edit inetd.conf.
 #
 # Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
+REAL_DAEMON_DIR=/bin
 #REAL_DAEMON_DIR=/usr/etc
 #
 # SysV.4 Solaris 2.x OSF AIX
@@ -105,6 +107,12 @@
 	LIBS=-lresolv RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
 	NETGROUP=-DNETGROUP TLI= all
 
+bsdi:
+	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
+	NETGROUP= TLI= all
+
+
 # The NeXT loader needs "-m" or it barfs on redefined library functions.
 next:
 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
@@ -339,6 +347,7 @@
 #LIBS	= -lnet				# Unicos
 #LIBS	= -linet -lsyslog -ldbm
 #LIBS	= -lsyslog -lsocket -lnsl
+MYLIBS	= -lresolv -l44bsd
 
 ######################################################
 # System dependencies: system-specific compiler flags.
@@ -411,7 +420,7 @@
 # Uncomment the next definition to turn on the language extensions
 # (examples: allow, deny, banners, twist and spawn).
 # 
-#STYLE	= -DPROCESS_OPTIONS	# Enable language extensions.
+STYLE	= -DPROCESS_OPTIONS	# Enable language extensions.
 
 ################################################################
 # Optional: Changing the default disposition of logfile records
@@ -434,7 +443,7 @@
 #
 # The LOG_XXX names below are taken from the /usr/include/syslog.h file.
 
-FACILITY= LOG_MAIL	# LOG_MAIL is what most sendmail daemons use
+FACILITY= LOG_AUTH	# LOG_MAIL is what most sendmail daemons use
 
 # The syslog priority at which successful connections are logged.
 
@@ -470,7 +479,7 @@
 # still do selective username lookups as documented in the hosts_access.5
 # and hosts_options.5 manual pages (`nroff -man' format).
 #
-#AUTH	= -DALWAYS_RFC931
+AUTH	= -DALWAYS_RFC931
 #
 # The default username lookup timeout is 10 seconds. This may not be long
 # enough for slow hosts or networks, but is enough to irritate PC users.
@@ -567,7 +576,7 @@
 #
 # Uncomment the following macro definition if your getsockopt() is OK.
 #
-# KILL_OPT= -DKILL_IP_OPTIONS
+KILL_OPT= -DKILL_IP_OPTIONS
 
 ## End configuration options
 ############################
@@ -622,26 +631,26 @@
 	-$(RANLIB) $(LIB)
 
 tcpd:	tcpd.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
+	$(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(MYLIBS)
 
 miscd:	miscd.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
+	$(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(MYLIBS)
 
 safe_finger: safe_finger.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
+	$(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(MYLIBS)
 
 TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
 
 tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
-	$(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
+	$(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(MYLIBS)
 
 try-from: try-from.o fakelog.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
+	$(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(MYLIBS)
 
 TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
 
 tcpdchk: $(TCPDCHK_OBJ) $(LIB)
-	$(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
+	$(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(MYLIBS)
 
 shar:	$(KIT)
 	@shar $(KIT)
--- 1.1	1995/05/18 22:02:41
+++ options.c	1995/05/18 22:03:51
@@ -47,6 +47,7 @@
 #include <ctype.h>
 #include <setjmp.h>
 #include <string.h>
+#include <unistd.h>
 
 #ifndef MAXPATHNAMELEN
 #define MAXPATHNAMELEN  BUFSIZ
@@ -69,6 +70,7 @@
 static char *get_field();		/* chew :-delimited field off string */
 static char *chop_string();		/* strip leading and trailing blanks */
 
+
 /* List of functions that implement the options. Add yours here. */
 
 static void user_option();		/* execute "user name.group" option */
@@ -85,6 +87,12 @@
 static void allow_option();		/* execute "allow" option */
 static void deny_option();		/* execute "deny" option */
 static void banners_option();		/* execute "banners path" option */
+/* SOS BEGIN */
+static void user_option_future();       /* execute "fuser=name" option */
+static void group_option_future();      /* execute "fgroup=name" option */
+static void exec_id_option();           /* execute previous uid/gid switch */
+static void chroot_option();            /* execute "chroot" option */
+/* SOS END */
 
 /* Structure of the options table. */
 
@@ -110,6 +118,9 @@
 static struct option option_table[] = {
     "user", user_option, NEED_ARG,
     "group", group_option, NEED_ARG,
+    "fuser", user_option_future, NEED_ARG,      /* switch user id in future */
+    "fgroup", group_option_future, NEED_ARG,    /* switch group id in future */
+    "fexecute", exec_id_option, 0,              /* exec id switches */
     "umask", umask_option, NEED_ARG,
     "linger", linger_option, NEED_ARG,
     "keepalive", keepalive_option, 0,
@@ -122,6 +133,7 @@
     "allow", allow_option, USE_LAST,
     "deny", deny_option, USE_LAST,
     "banners", banners_option, NEED_ARG,
+    "chroot", chroot_option, NEED_ARG,  /* chroot(2) */
     0,
 };
 
@@ -294,6 +306,122 @@
 	tcpd_jump("bad umask value: \"%s\"", value);
     (void) umask(mask);
 }
+
+
+/* SOS BEGIN */
+
+/* user_option - switch user id in the future */
+
+/* ARGSUSED */
+
+static int future_uid_init = 0;
+static int future_uid = -1;
+
+static void user_option_future(value, request)
+char   *value;
+struct request_info *request;
+{
+    struct passwd *pwd;
+    struct passwd *getpwnam();
+    char *group;
+
+    if ((group = split_at(value, '.')) != 0)
+        group_option_future(group, request);
+    if ((pwd = getpwnam(value)) == 0) {
+        tcpd_jump("unknown user: \"%s\"", value);
+    }
+    endpwent();
+
+    future_uid = pwd->pw_uid;
+    future_uid_init = 1;
+}
+
+/* group_option - switch group id */
+
+/* ARGSUSED */
+
+static int future_gid_init = 0;
+static int future_gid = -1;
+
+static void group_option_future(value, request)
+char   *value;
+struct request_info *request;
+{
+    struct group *grp;
+    struct group *getgrnam();
+
+    if ((grp = getgrnam(value)) == 0)
+	tcpd_jump("setgid(%s): %m", value);
+
+    endgrent();
+
+    future_gid = grp->gr_gid;
+    future_gid_init = 1;
+}
+
+/* execute future UID/GUID switches */
+
+/* ARGSUSED */
+
+static void exec_id_option(value, request)
+char   *value;
+struct request_info *request;
+{
+  if (future_gid_init)
+  {
+      if (dry_run) {
+        syslog(LOG_DEBUG, "option:   group = %s", value);
+        return;
+    } else {
+        if (setgid(future_gid)) {
+          tcpd_jump("bad future_gid: \"%s\"", value);
+      }
+    }
+
+      future_gid_init = 0;
+      future_gid = -1;
+  }
+  if (future_uid_init)
+  {
+      if (dry_run) {
+        syslog(LOG_DEBUG, "option:   group = %s", value);
+        return;
+    } else {
+        if (setuid(future_uid)) {
+          tcpd_jump("bad future_gid: \"%s\"", value);
+      }
+    }
+
+      future_uid_init = 0;
+      future_uid = -1;
+  }
+}
+
+/* chroot - change the root for very secure applications (Seth Robertson) */
+
+/* ARGSUSED */
+
+static void chroot_option(value, request)
+char    *value;
+struct request_info *request;
+{
+
+  if (value) {
+    if (access(value,R_OK|X_OK) != 0) {
+      tcpd_jump("bad access value: \"%s\"", value);
+    }
+  }
+  if (dry_run) {
+    syslog(LOG_DEBUG, "option:  chroot(%s)", value);
+    return;
+  }
+
+  if (chdir(value) || chroot(value)) {
+    tcpd_jump("Cannot chdir or chroot to \"%s\"", value);
+  }
+}
+
+/* SOS END */
 
 /* spawn_option - spawn a shell command and wait */