manpage improvements

diff --git a/authbind-helper.8 b/authbind-helper.8
index 835c97f84dc4bd7ae4ff8ddc615822256baac72a..b9c25e8637da2c2636632219ee4db872955f37c4 100644 (file)
--- a/authbind-helper.8
+++ b/authbind-helper.8
@@ -45,17 +45,23 @@ the caller desires that the socket be bound, and the address family
 (ommitted for IPv4; the fixed string
 .B 6
 for IPv6).
-The address and port should be hex strings,
+.I addr4-hex
+and
+.I port-hex
+should be hex strings,
 .I without
 leading
 .BR 0x ,
-of exactly the right length (8 or 32, and 4, digits, respectively), being
-a pairs of hex digits for each byte in the address or port number when
+of exactly the right length (8 and 4 digits, respectively), being
+a pair of hex digits for each byte in the address or port number when
 expressed in host byte order.  For example, the port argument is the
 result of something like
 .B sprintf(arg,
 .B """%04X"",
 .BR sin.sin_port) .
+.I addr6-hex
+should be a string of 32 hex digits, being a pair for each byte in
+the address, in network byte order.
 .SH EXIT STATUS
 .B helper
 will exit with code 0 on success.

diff --git a/authbind.1 b/authbind.1
index 46abb3ab132b5d04b2759a8838bb216c68daf713..74d44d727d9ec00931c4bd6ec1dc601a5b5c5066 100644 (file)
--- a/authbind.1
+++ b/authbind.1
@@ -89,13 +89,22 @@ Secondly, if that test fails to resolve the matter,
 is tested, in the same manner as above.  Here
 .I addr
 is as from
-.BR inet_ntop .
-Since this is not completely predictable for IPv6,
-for IPv6 a variant of
+.BR inet_ntop ,
+and
+.I port
+is the (local) TCP or UDP port number, expressed as an unsigned
+integer in the minimal non-zero number of digits.
+.PP
+Thirdly, for IPv6 only: since the textual representation from
+.B inet_ntop
+is complicated to predict, a variant of
 .I addr
-is also tested which does not contain any ommitted zeroes or colons.
+is also tested which does not use the double colon abbreviation:
+each 16-byte chunk expressed in the minimal nonzero number
+of hex digits (i.e. with leading zeroes removed), the chunks
+being separated by colons as is conventional.
 .PP
-Thirdly, if the question is still unresolved, the file
+Fourthly, if the question is still unresolved, the file
 .BI /etc/authbind/byuid/ uid
 will be opened and read.  If the file does not exist then the binding
 is not authorised and
@@ -130,12 +139,6 @@ will fail with
 .B ENOENT
 .RI ( "No such file or directory" ).
 .PP
-In each case above,
-.TP
-.I port
-is the (local) TCP or UDP port number, expressed as an unsigned
-integer in the minimal non-zero number of digits, and
-.PP
 If a read error occurs, or the directory
 .B /etc/authbind
 cannot be accessed, then not only will
@@ -144,10 +147,10 @@ fail, but an error message will be printed to stderr.  Unrecognised
 lines in
 .BI /etc/authbind/byuid/ uid
 files are silently ignored (as are lines whose
-.I addr4
+.I addr
 has non-zero bits more than
 .I length
-from the top) or where
+from the top) or where some
 .I min
 is larger than
 .IR max .

diff --git a/debian/changelog b/debian/changelog
index c9fa8bc2401e26133803047dce3d9645206582f2..6eadfcf084fca29f5ca172321b6ee01fc8b36246 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+authbind (2.1.0~~iwj) unstable; urgency=low
+
+  * Permissions file lines can contain IPv6 mask/length.
+  * Permissions file lines need only contain one port number.
+  * Manpage improvements.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sun, 03 Jun 2012 12:27:49 +0100
+
 authbind (2.0.1) unstable; urgency=low
 
   Bugfix: