[Pkg-erlang-devel] Bug#585416: Please make epmd support tcpwrappers

[Joerg Dorchain]

Package: erlang-base
Version: 1:13.b.4-dfsg-5
Severity: wishlist
Tags: upstream, patch

Hello,

when used in conjunction with ejabberd, I only need to run erlang
programs on one single machine without the need for internetwide
connections. epmd unfortunately does not come with any kind of
access restriction by itself.

The following patch allows using libwrap as a kind of
minimalistic access restriction. It is lightweight and easy to
configure.

Please consider for inclusion.

Bye,

Joerg

--- erts/epmd/src/Makefile.in.orig	2010-06-10 14:19:48.000000000 +0200
+++ erts/epmd/src/Makefile.in	2010-06-10 14:20:44.000000000 +0200
@@ -54,7 +54,7 @@
 WFLAGS  = @WFLAGS@
 CFLAGS  = @CFLAGS@ @DEFS@ $(TYPE_FLAGS) $(WFLAGS)
 LD      = @LD@
-LIBS    = @LIBS@
+LIBS    = @LIBS@ -lwrap
 LDFLAGS = @LDFLAGS@
 
 
--- erts/epmd/src/epmd_srv.c.orig	2010-06-09 11:20:27.000000000 +0200
+++ erts/epmd/src/epmd_srv.c	2010-06-10 14:18:52.000000000 +0200
@@ -23,6 +23,7 @@
 #endif
 #include "epmd.h"     /* Renamed from 'epmd_r4.h' */
 #include "epmd_int.h"
+#include <tcpd.h>
 
 /*
  *  
@@ -393,6 +394,8 @@
     int msgsock;
     struct EPMD_SOCKADDR_IN icli_addr; /* workaround for QNX bug - cannot */
     int icli_addr_len;            /* handle NULL pointers to accept.  */
+    char buf[64];
+    char *addr;
 
     icli_addr_len = sizeof(icli_addr);
 
@@ -403,6 +406,15 @@
         dbg_perror(g,"error in accept");
 	return EPMD_FALSE;
     }
+#if FAMILY == AF_INET6
+    addr=inet_ntop(FAMILY, &icli_addr.sin6_addr,buf,64);
+#else
+    addr=inet_ntop(FAMILY, &icli_addr.sin_addr,buf,64);
+#enidif
+    if ((!addr) || (!hosts_ctl("epmd", STRING_UNKNOWN, buf, STRING_UNKNOWN))) {
+    	close(msgsock);
+	return EPMD_FALSE;
+    }
 
     return conn_open(g,msgsock);
 }