Package: erlang-base
Version: 1:13.b.4-dfsg-5
Severity: wishlist
Tags: upstream, patch
Hello,
when used in conjunction with ejabberd, I only need to run erlang
programs on one single machine without the need for internetwide
connections. epmd unfortunately does not come with any kind of
access restriction by itself.
The following patch allows using libwrap as a kind of
minimalistic access restriction. It is lightweight and easy to
configure.
Please consider for inclusion.
Bye,
Joerg
--- erts/epmd/src/Makefile.in.orig 2010-06-10 14:19:48.000000000 +0200
+++ erts/epmd/src/Makefile.in 2010-06-10 14:20:44.000000000 +0200
@@ -54,7 +54,7 @@
WFLAGS = @WFLAGS@
CFLAGS = @CFLAGS@ @DEFS@ $(TYPE_FLAGS) $(WFLAGS)
LD = @LD@
-LIBS = @LIBS@
+LIBS = @LIBS@ -lwrap
LDFLAGS = @LDFLAGS@
--- erts/epmd/src/epmd_srv.c.orig 2010-06-09 11:20:27.000000000 +0200
+++ erts/epmd/src/epmd_srv.c 2010-06-10 14:18:52.000000000 +0200
@@ -23,6 +23,7 @@
#endif
#include "epmd.h" /* Renamed from 'epmd_r4.h' */
#include "epmd_int.h"
+#include <tcpd.h>
/*
*
@@ -393,6 +394,8 @@
int msgsock;
struct EPMD_SOCKADDR_IN icli_addr; /* workaround for QNX bug - cannot */
int icli_addr_len; /* handle NULL pointers to accept. */
+ char buf[64];
+ char *addr;
icli_addr_len = sizeof(icli_addr);
@@ -403,6 +406,15 @@
dbg_perror(g,"error in accept");
return EPMD_FALSE;
}
+#if FAMILY == AF_INET6
+ addr=inet_ntop(FAMILY, &icli_addr.sin6_addr,buf,64);
+#else
+ addr=inet_ntop(FAMILY, &icli_addr.sin_addr,buf,64);
+#enidif
+ if ((!addr) || (!hosts_ctl("epmd", STRING_UNKNOWN, buf, STRING_UNKNOWN))) {
+ close(msgsock);
+ return EPMD_FALSE;
+ }
return conn_open(g,msgsock);
}
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
