Commit Graph

142 Commits

Author SHA1 Message Date
ru
522216623a Prepare for mdoc(7)NG. 2000-12-27 15:30:30 +00:00
dwmalone
838492ec3b Add a -F option to the builtin ident service, which allows .fakeid files
to contain the name of other valid users.

PR:		22837
Submitted by:	Andreas Gerstenberg <andy@andy.de>
Reviewed by:	green
Reviewed by:	sheldonh
2000-12-05 13:56:01 +00:00
dwmalone
d53af3129c Tidy up some prototypes:
make sure there is exactly one prototype for each function,
        use K&R style definitions everywhere to match dominant style,
        make flag_signal take an int to avoid problems if we have
                ANSI prototypes and K&R definitions.
2000-12-03 11:32:26 +00:00
green
6ee011e12d Make some style changes to the ident_stream() code.
Partially submitted by:	alfred
Reviewed by:	alfred
2000-12-02 21:18:11 +00:00
green
24d50479eb Security fix: correctly set groups according to the user. Previously,
root's groups' permissions were being used, so a user could read up to
16 (excluding initial whitespace) bytes of e.g. a wheel-accessible file.

Also, don't allow blocking on the opening of ~/.fakeid, so replace a fopen()
with open() and fdopen().  I knew I'd be going to hell for using C file
streams instead of POSIX syscalls...
2000-11-25 04:13:05 +00:00
ru
c3189e713e mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
n_hibma
0b0d1a4306 Be explicit about the fact that you can only specify one IP address/hostname 2000-10-29 13:49:18 +00:00
dwmalone
11aa246976 Fix two typos in comments.
PR:		22268
Submitted by:	Daniel S. Lewart <d-lewart@uiuc.edu>
2000-10-24 18:47:57 +00:00
dwmalone
5e89f1a757 Claim maintainership of inetd. 2000-10-21 09:44:46 +00:00
dwmalone
4e9f258d91 Don't leak a file discriptor if a service we've called accept() for
loops.

Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
2000-10-21 09:43:12 +00:00
dwmalone
553d863ccf Make reconfiguring an external service as builtin service work.
PR:		21650
Submitted by:	ben
Tested by:	dan@ducky.nz.freebsd.org
2000-10-02 12:08:27 +00:00
dwmalone
c8e4adfd3a Stop internal ident service spinning until the timeout if the
connection goes away. Spotted by people on -STABLE about 2 weeks
ago.

Submitted by:	Based on a patch by alfred and Maxime Henrion <mux@qualys.com>
2000-10-02 12:04:17 +00:00
dwmalone
fd82d163fc Explain "-c" option more exactly and state the default in the man
page.

Add ability to run "inetd -R 0" to disable the default connection
per minute limit of 256 connections. Document this in man page.

Don't use maxchild as a boolean - instead check if it is greater
than zero.

Reviewed by:	sheldonh
Based on a patch by:	Alexander Langer <alex@big.endian.de>
2000-08-03 15:45:38 +00:00
dwmalone
41ed59dac7 specifer -> specifier 2000-08-03 15:33:39 +00:00
dwmalone
6297c879ed Sleep for a second after tcp wrappers rejects a connection, so we
don't traumatise the parent inetd.

Requested by:	wietse@porcupine.org
Approved by:	markm
2000-07-31 13:10:52 +00:00
dwmalone
f8865c312f Make builtin ident service work if the request arrives in more than
one packet. Also check that the whole request has been recieved
before processing it.

The patch isn't the exact one from the PR, but a slight varient
suggested by Brian.

PR:		16086
Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by:	green
2000-07-12 20:49:06 +00:00
green
448dde8a33 Fix the ident server up more: use ssize_t/size_t/socklen_t/int all in the
proper places and make the fakeid parsing code a bit less stupid.  Also,
remove an "Rflag" that snuck in there (-R wouldn't be accepted by it,
anyway).
2000-05-30 22:51:05 +00:00
jhb
f680096100 Fix a 64-bit'ism in the handling of the ident service. sysctlbyname() takes
a size_t as its 3rd argument, which is 64-bits on the alpha.  The 'len'
variable used was a int, which is only 32-bits.  Use size_t as the type
for 'len' to work-around this.
2000-05-30 18:32:58 +00:00
sheldonh
c0c3831957 Clarify the use of the auth service's -d option for specifying
a fallback username.

Reviewed by:	green
2000-04-26 10:40:35 +00:00
ume
526c865424 Make sure to use IPv4 mapped IPv6 address when mapped address is
requested in /etc/inetd.conf.

Reviewed by:	shin
2000-04-02 16:11:14 +00:00
sheldonh
1489ceee89 Optimize those services that send only one block of data: use send(2)
with the MSG_EOF flag set instead of write(2).

Submitted by:	David Malone <dwmalone@maths.tcd.ie>
Reviewed by:	wollman
2000-03-28 09:45:19 +00:00
green
bd9946a92b Allow using "-d username" without "-r". Example:
auth   stream  tcp     nowait  root    internal        auth -d "Only fools trust ident"
2000-03-28 01:10:35 +00:00
ru
aab1a736b1 "can received" -> "can receive". 2000-03-22 16:07:32 +00:00
shin
485d8f695c Make inetd compilable without INET6.
Approved by: jkh

Submitted by: jhb
2000-03-11 11:28:08 +00:00
shin
9a760f5a4a Fix addr length argument value passed to sendto().
Some inetd internal udp servers didn't worked with problem.
Also fix recvfrom() "fromlen" arg type from int * to socklen_t *.

Approved by: jkh

Submitted by: bde
2000-03-09 15:07:38 +00:00
sheldonh
9dd7f21ff8 Clarify the facility used for logging with and without the wrapping
options.

PR:		17017
Submitted by:	Doug Barton <Doug@gorean.org>
2000-03-01 08:20:17 +00:00
sheldonh
5a0cc347b0 Remove broken hard sentence breaks, which mess up the typeset output. 2000-02-29 17:36:44 +00:00
shin
dc6327766b Fix broken inet logging when wrapping options are not specified.
Approved by: jkh

Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
2000-02-22 00:27:53 +00:00
luigi
e3621d9996 Make inetd picobsd friendly, dont use ipsec when RELEASE_CRUNCH
is defined

Approved-by: jordan
2000-02-09 09:04:36 +00:00
shin
f5cd0f7137 Fix inetd wrong AF check for RPC services
Incorrect Address Family check is done for RPC services, and
   fail to initialize it.
   The error check is replaced to new one, which checks if IPv4
   bind is enabled or not. (It is disabled when IPv6 numeric
   addr is specified for -a bind address option.)

An review reqeust is once sent to des, but he quit MAINTAINER.

Approved by: jkh
2000-02-03 09:54:49 +00:00
des
d85b5fd47c Drop maintainership of inetd, since nobody respects it anyway. 2000-02-01 09:21:22 +00:00
shin
34581f9b10 Fix inconsistent debug output. (syslog -> warnx)
Specified by: sheldonh

Reviewed by: des
2000-01-28 20:06:15 +00:00
sheldonh
e1993e2c11 Fix English, mdoc and layout of the previous commit, as requested by
the committer (shin).  While I don't have permission for this change
from the inetd maintainer (des), I assume that shin has permission
and I'm just fixing his contribution up for him.

Okay, I couldn't resist, I made some extra changes:

	* Replace ".Tn FreeBSD" with .Fx
	* Make the illegal TCPMUX and IPSEC sections legal subsections
	  of the IMPLEMENTATION NOTES section.

Requested by:	shin
2000-01-28 10:21:19 +00:00
shin
19f3a46c2d Avoid verbose error messages when ipsec initialization for sockets failed
usually, and print it only when debug is enabled.
(This always happens when kernel is configured without IPSEC option.)
2000-01-27 14:46:15 +00:00
shin
7c069c8355 several tcp apps IPv6 update
-inetd
 -rshd
 -rlogind
 -telnetd
 -rsh
 -rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-25 14:52:10 +00:00
charnier
7bcef1732d Do not dot terminate sentences inside FILES section. Lowercase
inside error messages.
2000-01-23 20:17:41 +00:00
green
bb889d931b I like base-36 better. 2000-01-20 01:49:41 +00:00
green
2f62a36ac2 Implement -g and -d options in my ident code. The -g flag uses a random
garbage value for the username (hex garbage, that is), and the -d flag
provides a default username for fallback purposes if the user cannot be
looked up.  That is very useful for the case where inetd auth is
running on a NAT box.

While I'm here updating the manpage, clean up an English error and a
few small nits.
2000-01-19 22:03:12 +00:00
peter
9280518864 Put the listening socket into non-blocking mode before doing an
accept(2).  This is a not really problem on -current as the accept race
is fixed, however it is a MFC candidate for -stable.

This could possibly be slightly more efficient and leave the listening
socket permanently in non-blocking mode, but I wasn't certain that I
could catch all the stream/wait (not nowait) mode implications.
1999-11-17 03:32:05 +00:00
charnier
af5fbf6130 Do not dot or \n terminate syslog string. 1999-10-13 20:22:13 +00:00
peter
b6784c4210 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
des
abbc705db7 Pull on my asbestos undies and claim ownership of inetd to prevent further
flamage between our beloved messrs Hearn and Feldman. Further commits go
through me. I urge the contestants to direct their energies at cleaning
up main() in inetd.c, which has over time become a crawling horror.
1999-07-26 08:43:03 +00:00
green
6a50e3204b Here goes, the "clear up any possible confusion" commit.
I've taken time to write up comments for the ident code tonight,
so there should no longer be any confusion about the purpouse of
whatever is in there. Wow, me commenting code... who'd have thought
that would happen?

Reviewed by:	DES
1999-07-26 07:57:35 +00:00
sheldonh
10baadac8b Bring two wayward memory allocation failure messages in line with
those featured in the rest of the code.
1999-07-26 06:39:46 +00:00
green
a6d024dd6d More cleanups to ident_stream. Variables moved around, changed.
Got rid of an extra variable or two, while making corrections to
problems (that would probably not be a problem anyway, and worked.)

Partially Obtained from:	David Malone <dwmalone@maths.tcd.ie>
1999-07-25 23:15:03 +00:00
green
cd1df26040 Correct a groff error in macro usage ("foo : bar" becomes "``foo: bar''").
Document the auth -n flag.
1999-07-24 17:11:50 +00:00
green
663872d2f0 More cleanups, asprintf() usage (proper, as opposed to using snprintf()),
and addition of a -n .noident-checking flag.
1999-07-24 17:06:05 +00:00
green
2fe5cf8c6f Clean up to match style(9) more closely. This should fix the problem of
people having ants in their pants ;)
1999-07-24 16:24:03 +00:00
sheldonh
a81c542596 Use comments to group functions by service more clearly. I've used the
excuse of providing the RFC numbers for the associated services.
1999-07-24 13:02:09 +00:00
sheldonh
59225f1252 Style nits:
* Bring memory allocation failure handling in line with that of
	the rest of the code.
      * Nestle block curlies between case statements correctly.

I've left the in-block declarations alone, since style(9) says we should
conform to the existing style within the code, and inetd already does
this. I've left the asprintf()'s in there because that's how Brian wants
it.
1999-07-24 12:35:50 +00:00