diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c index 41a890789a4b..56ffedede1e7 100644 --- a/usr.sbin/sade/config.c +++ b/usr.sbin/sade/config.c @@ -954,6 +954,39 @@ configPCNFSD(dialogMenuItem *self) return ret; } +int +configInetd(dialogMenuItem *self) +{ + char cmd[256]; + + WINDOW *w = savescr(); + + if (msgYesNo("The Internet Super Server (inetd) allows a number of simple Internet\n" + "services to be enabled, including finger, ftp, and telnetd. Enabling\n" + "these services may increase risk of security problems by increasing\n" + "the exposure of your system.\n\n" + "With this in mind, do you wish to enable inetd?\n")) { + variable_set2("inetd_enable", "NO", 1); + } else { + /* If inetd is enabled, we'll need an inetd.conf */ + + if (!msgYesNo("inetd(8) relies on its configuration file, /etc/inetd.conf, to determine\n" + "which of its Internet services will be available. The default FreeBSD\n" + "inetd.conf(5) leaves all services disabled by default, so they must be\n" + "specifically enabled in the configuration file before they will\n" + "function, even once inetd(8) is enabled. Note that services for\n" + "IPv6 must be seperately enabled from IPv4 services.\n\n" + "Select [Yes] now to invoke an editor on /etc/inetd.conf, or [No] to\n" + "use the current settings.\n")) { + sprintf(cmd, "%s /etc/inetd.conf", variable_get(VAR_EDITOR)); + dialog_clear(); + systemExecute(cmd); + variable_set2("inetd_enable", "YES", 1); + } + } + restorescr(w); +} + int configNFSServer(dialogMenuItem *self) { diff --git a/usr.sbin/sade/dispatch.c b/usr.sbin/sade/dispatch.c index 0d1a67ca40d5..cc87f2be726e 100644 --- a/usr.sbin/sade/dispatch.c +++ b/usr.sbin/sade/dispatch.c @@ -52,6 +52,7 @@ static struct _word { } resWords[] = { { "configAnonFTP", configAnonFTP }, { "configRouter", configRouter }, + { "configInetd", configInetd }, { "configNFSServer", configNFSServer }, { "configNTP", configNTP }, { "configPCNFSD", configPCNFSD }, diff --git a/usr.sbin/sade/install.c b/usr.sbin/sade/install.c index b53cb48ddc73..fa9231d06e7d 100644 --- a/usr.sbin/sade/install.c +++ b/usr.sbin/sade/install.c @@ -572,6 +572,10 @@ installStandard(dialogMenuItem *self) if (!msgNoYes("Do you want this machine to function as a network gateway?")) variable_set2("gateway_enable", "YES", 1); + dialog_clear_norefresh(); + if (!msgNoYes("Do you want to configure inetd and simple internet services?")) + configInetd(self); + dialog_clear_norefresh(); if (!msgNoYes("Do you want to have anonymous FTP access to this machine?")) configAnonFTP(self); diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c index abc223fbc7ce..5e3750c98bdd 100644 --- a/usr.sbin/sade/menus.c +++ b/usr.sbin/sade/menus.c @@ -235,6 +235,7 @@ DMenu MenuIndex = { { " FTP sites", "The FTP mirror site listing.", NULL, dmenuSubmenu, NULL, &MenuMediaFTP }, { " Gateway", "Set flag to route packets between interfaces.", dmenuVarCheck, dmenuToggleVariable, NULL, "gateway=YES" }, { " HTML Docs", "The HTML documentation menu", NULL, docBrowser }, + { " inetd Configuration", "Configure inetd and simple internet services.", dmenuVarCheck, configInetd, NULL, "inetd_enable=YES" }, { " Install, Standard", "A standard system installation.", NULL, installStandard }, { " Install, Express", "An express system installation.", NULL, installExpress }, { " Install, Custom", "The custom installation menu", NULL, dmenuSubmenu, NULL, &MenuInstallCustom }, @@ -1332,7 +1333,7 @@ DMenu MenuNetworking = { { " Gateway", "This machine will route packets between interfaces", dmenuVarCheck, dmenuToggleVariable, NULL, "gateway_enable=YES" }, { " inetd", "This machine wants to run the inet daemon", - dmenuVarCheck, dmenuToggleVariable, NULL, "inetd_enable=YES" }, + dmenuVarCheck, configInetd, NULL, "inetd_enable=YES" }, { " NFS client", "This machine will be an NFS client", dmenuVarCheck, dmenuToggleVariable, NULL, "nfs_client_enable=YES" }, { " NFS server", "This machine will be an NFS server", diff --git a/usr.sbin/sade/sade.h b/usr.sbin/sade/sade.h index 6c9ed8f4aaba..14d1b953e225 100644 --- a/usr.sbin/sade/sade.h +++ b/usr.sbin/sade/sade.h @@ -447,6 +447,7 @@ extern int configXSetup(dialogMenuItem *self); extern int configXDesktop(dialogMenuItem *self); extern int configRouter(dialogMenuItem *self); extern int configPCNFSD(dialogMenuItem *self); +extern int configInetd(dialogMenuItem *self); extern int configNFSServer(dialogMenuItem *self); extern int configWriteRC_conf(dialogMenuItem *self); extern int configSecurityProfile(dialogMenuItem *self); diff --git a/usr.sbin/sysinstall/anonFTP.c b/usr.sbin/sysinstall/anonFTP.c index 5291207bed8d..7606be23494f 100644 --- a/usr.sbin/sysinstall/anonFTP.c +++ b/usr.sbin/sysinstall/anonFTP.c @@ -238,6 +238,19 @@ int configAnonFTP(dialogMenuItem *self) { int i; + + + if (msgYesNo("Anonymous FTP permits un-authenticated users to connect to the system\n" + "FTP server, if FTP service is enabled. Anonymous users are\n" + "restricted to a specific subset of the file system, and the default\n" + "configuration provides a drop-box incoming directory to which uploads\n" + "are permitted. You must seperately enable both inetd(8), and enable\n" + "ftpd(8) in inetd.conf(5) for FTP services to be available. If you\n" + "did not do so earlier, you will have the opportunity to enable inetd(8)\n" + "again later.\n\n" + "Do you wish to continue configuring anonymous FTP?")) { + return DITEM_FAILURE; + } /* Be optimistic */ i = DITEM_SUCCESS; diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c index 41a890789a4b..56ffedede1e7 100644 --- a/usr.sbin/sysinstall/config.c +++ b/usr.sbin/sysinstall/config.c @@ -954,6 +954,39 @@ configPCNFSD(dialogMenuItem *self) return ret; } +int +configInetd(dialogMenuItem *self) +{ + char cmd[256]; + + WINDOW *w = savescr(); + + if (msgYesNo("The Internet Super Server (inetd) allows a number of simple Internet\n" + "services to be enabled, including finger, ftp, and telnetd. Enabling\n" + "these services may increase risk of security problems by increasing\n" + "the exposure of your system.\n\n" + "With this in mind, do you wish to enable inetd?\n")) { + variable_set2("inetd_enable", "NO", 1); + } else { + /* If inetd is enabled, we'll need an inetd.conf */ + + if (!msgYesNo("inetd(8) relies on its configuration file, /etc/inetd.conf, to determine\n" + "which of its Internet services will be available. The default FreeBSD\n" + "inetd.conf(5) leaves all services disabled by default, so they must be\n" + "specifically enabled in the configuration file before they will\n" + "function, even once inetd(8) is enabled. Note that services for\n" + "IPv6 must be seperately enabled from IPv4 services.\n\n" + "Select [Yes] now to invoke an editor on /etc/inetd.conf, or [No] to\n" + "use the current settings.\n")) { + sprintf(cmd, "%s /etc/inetd.conf", variable_get(VAR_EDITOR)); + dialog_clear(); + systemExecute(cmd); + variable_set2("inetd_enable", "YES", 1); + } + } + restorescr(w); +} + int configNFSServer(dialogMenuItem *self) { diff --git a/usr.sbin/sysinstall/dispatch.c b/usr.sbin/sysinstall/dispatch.c index 0d1a67ca40d5..cc87f2be726e 100644 --- a/usr.sbin/sysinstall/dispatch.c +++ b/usr.sbin/sysinstall/dispatch.c @@ -52,6 +52,7 @@ static struct _word { } resWords[] = { { "configAnonFTP", configAnonFTP }, { "configRouter", configRouter }, + { "configInetd", configInetd }, { "configNFSServer", configNFSServer }, { "configNTP", configNTP }, { "configPCNFSD", configPCNFSD }, diff --git a/usr.sbin/sysinstall/install.c b/usr.sbin/sysinstall/install.c index b53cb48ddc73..fa9231d06e7d 100644 --- a/usr.sbin/sysinstall/install.c +++ b/usr.sbin/sysinstall/install.c @@ -572,6 +572,10 @@ installStandard(dialogMenuItem *self) if (!msgNoYes("Do you want this machine to function as a network gateway?")) variable_set2("gateway_enable", "YES", 1); + dialog_clear_norefresh(); + if (!msgNoYes("Do you want to configure inetd and simple internet services?")) + configInetd(self); + dialog_clear_norefresh(); if (!msgNoYes("Do you want to have anonymous FTP access to this machine?")) configAnonFTP(self); diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c index abc223fbc7ce..5e3750c98bdd 100644 --- a/usr.sbin/sysinstall/menus.c +++ b/usr.sbin/sysinstall/menus.c @@ -235,6 +235,7 @@ DMenu MenuIndex = { { " FTP sites", "The FTP mirror site listing.", NULL, dmenuSubmenu, NULL, &MenuMediaFTP }, { " Gateway", "Set flag to route packets between interfaces.", dmenuVarCheck, dmenuToggleVariable, NULL, "gateway=YES" }, { " HTML Docs", "The HTML documentation menu", NULL, docBrowser }, + { " inetd Configuration", "Configure inetd and simple internet services.", dmenuVarCheck, configInetd, NULL, "inetd_enable=YES" }, { " Install, Standard", "A standard system installation.", NULL, installStandard }, { " Install, Express", "An express system installation.", NULL, installExpress }, { " Install, Custom", "The custom installation menu", NULL, dmenuSubmenu, NULL, &MenuInstallCustom }, @@ -1332,7 +1333,7 @@ DMenu MenuNetworking = { { " Gateway", "This machine will route packets between interfaces", dmenuVarCheck, dmenuToggleVariable, NULL, "gateway_enable=YES" }, { " inetd", "This machine wants to run the inet daemon", - dmenuVarCheck, dmenuToggleVariable, NULL, "inetd_enable=YES" }, + dmenuVarCheck, configInetd, NULL, "inetd_enable=YES" }, { " NFS client", "This machine will be an NFS client", dmenuVarCheck, dmenuToggleVariable, NULL, "nfs_client_enable=YES" }, { " NFS server", "This machine will be an NFS server", diff --git a/usr.sbin/sysinstall/sysinstall.h b/usr.sbin/sysinstall/sysinstall.h index 6c9ed8f4aaba..14d1b953e225 100644 --- a/usr.sbin/sysinstall/sysinstall.h +++ b/usr.sbin/sysinstall/sysinstall.h @@ -447,6 +447,7 @@ extern int configXSetup(dialogMenuItem *self); extern int configXDesktop(dialogMenuItem *self); extern int configRouter(dialogMenuItem *self); extern int configPCNFSD(dialogMenuItem *self); +extern int configInetd(dialogMenuItem *self); extern int configNFSServer(dialogMenuItem *self); extern int configWriteRC_conf(dialogMenuItem *self); extern int configSecurityProfile(dialogMenuItem *self);