invocations of each service from a single IP address.
Requested by: matusita
Reviewed by: dwmalone
Tested by: matusita on snapshots.jp.FreeBSD.org
MFC after: 2 weeks
how to use this feature are in the man page. This is based on work
by Lyndon Nerenberg.
(The only difficult part about this patch is the fact that you
can't fchown a unix domain socket, which means the sockets must be
put in a secure directory).
Reviewed by: dillon
been patched so many times it was a bit of a mess. There are style,
code and man page cleanups. The following are the functional changes:
The RFC only permits the returning of 4 possible error
codes, make sure we only return these (PR 27636).
Use MAXLOGNAME to determine the longest usernames.
Add a -i flag, which returns the uid instead of the username
(this is from a PR 25787, which also contained alot of the
cleanups in this patch).
PR: 25787, 27636
Partially Submitted by: Arne.Dag.Fidjestol@idi.ntnu.no
Reviewed by: Arne.Dag.Fidjestol@idi.ntnu.no, green
MFC after: 3 weeks
page.
Add ability to run "inetd -R 0" to disable the default connection
per minute limit of 256 connections. Document this in man page.
Don't use maxchild as a boolean - instead check if it is greater
than zero.
Reviewed by: sheldonh
Based on a patch by: Alexander Langer <alex@big.endian.de>
the committer (shin). While I don't have permission for this change
from the inetd maintainer (des), I assume that shin has permission
and I'm just fixing his contribution up for him.
Okay, I couldn't resist, I made some extra changes:
* Replace ".Tn FreeBSD" with .Fx
* Make the illegal TCPMUX and IPSEC sections legal subsections
of the IMPLEMENTATION NOTES section.
Requested by: shin
garbage value for the username (hex garbage, that is), and the -d flag
provides a default username for fallback purposes if the user cannot be
looked up. That is very useful for the case where inetd auth is
running on a NAT box.
While I'm here updating the manpage, clean up an English error and a
few small nits.
example of their usage in the sample config. Merge the two examples
for the green internal auth service.
This commit failed the first time around because Brian beat me to the
punch on inetd.8 . I like my descriptions better and I'm pretty sure
Brian won't mind.
internal services in inetd.conf .
The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!
Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing
configurations.
This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).
PR: 11796
Reported by: Alex Charalabidis <alex@wnm.net>
Approved by: des
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.
Change etc/defaults/rc.conf so as to encourage wrapping on new systems.
Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.
Approved by: jkh
1) Handle forking and non-forking internal services correctly.
Turn on wrapping for internal services because it works now.
2) Preserve server names for each service on HUP.
3) Honour hosts_options(5) severity option.
4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
usage and limitations.
This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.
PR: 12097
Reviewed by: markm
1)
Reported by: Pierre Beyssac <pb@fasterix.freenix.org>
2)
Submitted by: Masachika ISHIZUKA <ishizuka@ish.org>
3)
Submitted by: David Malone <dwmalone@maths.tcd.ie>