Commit Graph

39 Commits

Author SHA1 Message Date
Juli Mallett
8aea60beea Kill bad whitespace and do some style cleanups as a result of the protoize. 2002-06-21 11:24:21 +00:00
Juli Mallett
081713dc5b ANSI prototypes via protoize(1). 2002-06-21 11:18:42 +00:00
Dima Dorfman
76183f3453 Introduce a version field to `struct xucred' in place of one of the
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being).  Accordingly, change users of
xucred to set and check this field as appropriate.  In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former.  This also has the pleasant sideaffect of removing some
duplicate code.

Reviewed by:	rwatson
2002-02-27 04:45:37 +00:00
David Malone
20e1eb2130 o Remove old setproctitle.
o Mark unused variables.
o Set WARNS?=2
o Results in no code changes.

Submitted by:	Mike Barcroft <mike@q9media.com>
2001-07-17 07:12:57 +00:00
David Malone
b585f768e1 Fix most of the warnings given by WARNS=2. 2001-06-24 09:20:07 +00:00
David Malone
aca66ea036 Correct a comment - the time service returns seconds since 1900 not 1970.
Submitted by:	ru
2001-06-04 11:47:08 +00:00
David Malone
9a0b3389d5 This patch cleans up the ident stuff in inetd. The code which has
been patched so many times it was a bit of a mess. There are style,
code and man page cleanups. The following are the functional changes:

	The RFC only permits the returning of 4 possible error
	codes, make sure we only return these (PR 27636).

	Use MAXLOGNAME to determine the longest usernames.

	Add a -i flag, which returns the uid instead of the username
	(this is from a PR 25787, which also contained alot of the
	cleanups in this patch).

PR:		25787, 27636
Partially Submitted by:	Arne.Dag.Fidjestol@idi.ntnu.no
Reviewed by:	Arne.Dag.Fidjestol@idi.ntnu.no, green
MFC after:	3 weeks
2001-06-04 11:43:29 +00:00
David Malone
d0847e9377 Make dg_echo return up to the first 65536 bytes of a datagram.
The patch I used isn't quite the one Lars suggested, but the size
of the largest datagram you can recv isn't #defined anywhere, and
probably isn't even bounded for some protocols.

PR:		25050
Submitted by:	Lars Eggert <larse@isi.edu>
2001-05-26 14:40:39 +00:00
David Malone
d517199f44 Allow ident requests with trailing junk following the terminating "\n".
Reviewed by:	ben
Approved by:	green
2001-03-28 13:41:19 +00:00
Brian Feldman
c0511d3b58 Switch to using a struct xucred instead of a struct xucred when not
actually in the kernel.  This structure is a different size than
what is currently in -CURRENT, but should hopefully be the last time
any application breakage is caused there.  As soon as any major
inconveniences are removed, the definition of the in-kernel struct
ucred should be conditionalized upon defined(_KERNEL).

This also changes struct export_args to remove dependency on the
constantly-changing struct ucred, as well as limiting the bounds
of the size fields to the correct size.  This means: a) mountd and
friends won't break all the time, b) mountd and friends won't crash
the kernel all the time if they don't know what they're doing wrt
actual struct export_args layout.

Reviewed by:	bde
2001-02-18 13:30:20 +00:00
David Malone
38db6bf3e5 Add a -F option to the builtin ident service, which allows .fakeid files
to contain the name of other valid users.

PR:		22837
Submitted by:	Andreas Gerstenberg <andy@andy.de>
Reviewed by:	green
Reviewed by:	sheldonh
2000-12-05 13:56:01 +00:00
David Malone
13f1579a17 Tidy up some prototypes:
make sure there is exactly one prototype for each function,
        use K&R style definitions everywhere to match dominant style,
        make flag_signal take an int to avoid problems if we have
                ANSI prototypes and K&R definitions.
2000-12-03 11:32:26 +00:00
Brian Feldman
c4483bc094 Make some style changes to the ident_stream() code.
Partially submitted by:	alfred
Reviewed by:	alfred
2000-12-02 21:18:11 +00:00
Brian Feldman
6fe761c783 Security fix: correctly set groups according to the user. Previously,
root's groups' permissions were being used, so a user could read up to
16 (excluding initial whitespace) bytes of e.g. a wheel-accessible file.

Also, don't allow blocking on the opening of ~/.fakeid, so replace a fopen()
with open() and fdopen().  I knew I'd be going to hell for using C file
streams instead of POSIX syscalls...
2000-11-25 04:13:05 +00:00
David Malone
957672f9d4 Stop internal ident service spinning until the timeout if the
connection goes away. Spotted by people on -STABLE about 2 weeks
ago.

Submitted by:	Based on a patch by alfred and Maxime Henrion <mux@qualys.com>
2000-10-02 12:04:17 +00:00
David Malone
7d37a2e661 Make builtin ident service work if the request arrives in more than
one packet. Also check that the whole request has been recieved
before processing it.

The patch isn't the exact one from the PR, but a slight varient
suggested by Brian.

PR:		16086
Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by:	green
2000-07-12 20:49:06 +00:00
Brian Feldman
9e72c31886 Fix the ident server up more: use ssize_t/size_t/socklen_t/int all in the
proper places and make the fakeid parsing code a bit less stupid.  Also,
remove an "Rflag" that snuck in there (-R wouldn't be accepted by it,
anyway).
2000-05-30 22:51:05 +00:00
John Baldwin
1078172a77 Fix a 64-bit'ism in the handling of the ident service. sysctlbyname() takes
a size_t as its 3rd argument, which is 64-bits on the alpha.  The 'len'
variable used was a int, which is only 32-bits.  Use size_t as the type
for 'len' to work-around this.
2000-05-30 18:32:58 +00:00
Sheldon Hearn
a3ad0852cc Optimize those services that send only one block of data: use send(2)
with the MSG_EOF flag set instead of write(2).

Submitted by:	David Malone <dwmalone@maths.tcd.ie>
Reviewed by:	wollman
2000-03-28 09:45:19 +00:00
Brian Feldman
7ef719fb93 Allow using "-d username" without "-r". Example:
auth   stream  tcp     nowait  root    internal        auth -d "Only fools trust ident"
2000-03-28 01:10:35 +00:00
Yoshinobu Inoue
1a0760dd60 Make inetd compilable without INET6.
Approved by: jkh

Submitted by: jhb
2000-03-11 11:28:08 +00:00
Yoshinobu Inoue
a9a948a9bb Fix addr length argument value passed to sendto().
Some inetd internal udp servers didn't worked with problem.
Also fix recvfrom() "fromlen" arg type from int * to socklen_t *.

Approved by: jkh

Submitted by: bde
2000-03-09 15:07:38 +00:00
Yoshinobu Inoue
0cac72f42c several tcp apps IPv6 update
-inetd
 -rshd
 -rlogind
 -telnetd
 -rsh
 -rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-25 14:52:10 +00:00
Brian Feldman
5a5e442acd I like base-36 better. 2000-01-20 01:49:41 +00:00
Brian Feldman
18338e9e0f Implement -g and -d options in my ident code. The -g flag uses a random
garbage value for the username (hex garbage, that is), and the -d flag
provides a default username for fallback purposes if the user cannot be
looked up.  That is very useful for the case where inetd auth is
running on a NAT box.

While I'm here updating the manpage, clean up an English error and a
few small nits.
2000-01-19 22:03:12 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Brian Feldman
019893b437 Here goes, the "clear up any possible confusion" commit.
I've taken time to write up comments for the ident code tonight,
so there should no longer be any confusion about the purpouse of
whatever is in there. Wow, me commenting code... who'd have thought
that would happen?

Reviewed by:	DES
1999-07-26 07:57:35 +00:00
Brian Feldman
ecf12be032 More cleanups to ident_stream. Variables moved around, changed.
Got rid of an extra variable or two, while making corrections to
problems (that would probably not be a problem anyway, and worked.)

Partially Obtained from:	David Malone <dwmalone@maths.tcd.ie>
1999-07-25 23:15:03 +00:00
Brian Feldman
2d878a1923 More cleanups, asprintf() usage (proper, as opposed to using snprintf()),
and addition of a -n .noident-checking flag.
1999-07-24 17:06:05 +00:00
Brian Feldman
b52c43b357 Clean up to match style(9) more closely. This should fix the problem of
people having ants in their pants ;)
1999-07-24 16:24:03 +00:00
Sheldon Hearn
9a16e31ade Use comments to group functions by service more clearly. I've used the
excuse of providing the RFC numbers for the associated services.
1999-07-24 13:02:09 +00:00
Sheldon Hearn
6f426a27c5 Style nits:
* Bring memory allocation failure handling in line with that of
	the rest of the code.
      * Nestle block curlies between case statements correctly.

I've left the in-block declarations alone, since style(9) says we should
conform to the existing style within the code, and inetd already does
this. I've left the asprintf()'s in there because that's how Brian wants
it.
1999-07-24 12:35:50 +00:00
Brian Feldman
e1c77598be Ahem. Put things back a bit. I declare variables in the scope they're
used! I don't declare every variable at the top of a function because
that wastes stack space. I've clarified the error a bit (for if asprintf()
filas.)
1999-07-23 15:49:14 +00:00
Sheldon Hearn
56658bf1e6 Style cleanups for iderror() and ident_stream(). Looks like c++ hang-over.
;-)
1999-07-23 15:26:42 +00:00
Sheldon Hearn
3d1171b5b4 Fix auth -t argument handling. It was broken for the "sec.usec" case.
Add a warning for bogus -t arguments for the (debug) case.
1999-07-23 15:00:07 +00:00
Brian Feldman
e26aedfbf8 Fixed a braino: lack of spaces in sscanf caused ident parsing to fail.
Sorry, guys.
1999-07-23 03:51:52 +00:00
Brian Feldman
202a23238e "knobs are cheap". Here's a -t timeout option for the internal ident
service. It takes a number (w/ or w/out .usec) as an argument.
1999-07-22 21:42:49 +00:00
Brian Feldman
8391600e00 This commit encompasses the following changes to inetd:
1. Cleanups of ident_stream. "Evil" stdio is less used.
	2. The BSD Copyright was added to the top of builtins.c.
	3. As suggested, a timeout is now implemented in the ident
	   service. It defaults to 10 seconds. If enough people want
	   it, I'll make it configurable.

Suggested by:	msmith
1999-07-22 21:11:40 +00:00
Sheldon Hearn
5ff3afce6f Move code for all builtin services from inetd.c to builtins.c, including
the Green Piece. :-)

In future, new builtin services are less likely to need to touch the
already tangled inetd.c .
1999-07-22 14:11:26 +00:00