Commit Graph

247 Commits

Author SHA1 Message Date
Baptiste Daroussin
c6db8143ed Convert usr.sbin to LIBADD
Reduce overlinking
2014-11-25 16:57:27 +00:00
Alexander V. Chernikov
603eaf792b Renove faith(4) and faithd(8) from base. It looks like industry
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.

No objections from:	net@
2014-11-09 21:33:01 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Andrey Zonov
ec89b1f97c - Force inetd to have listen queue size to be set to the value of
kern.ipc.somaxconn instead of hardcoded value 64.

Submitted by:	Andrey Ignatov <rdna@rdna.ru>
MFC after:	2 weeks
2013-01-20 19:44:33 +00:00
Ed Schouten
902d9eafbf Rework all non-contributed files that use `struct timezone'.
This structure is not part of POSIX. According to POSIX, gettimeofday()
has the following prototype:

	int gettimeofday(struct timeval *restrict tp, void *restrict tzp);

Also, POSIX states that gettimeofday() shall return 0 (as long as tzp is
not used). Remove dead error handling code. Also use NULL for a
nul-pointer instead of integer 0.

While there, change all pieces of code that only use tv_sec to use
time(3), as this provides less overhead.
2012-09-01 14:45:15 +00:00
Xin LI
4f985ef6b9 Replace the use of wall clock time with monotonically increasing
clock.  In general, gettimeofday() is not appropriate interface
when accounting for elasped time because it can go backward, in
which case the policy code could errornously consider the limit
as exceeded.

MFC after:	1 week
Reported by:	Mahesh Arumugam
Submitted by:	Dorr H. Clark via gnn
Sponsored by:	Citrix / NetScaler
2012-06-04 18:02:09 +00:00
Ed Schouten
b3608ae18f Replace index() and rindex() calls with strchr() and strrchr().
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
2012-01-03 18:51:58 +00:00
Ulrich Spörlein
3df5ecac8c Spelling fixes for usr.sbin/ 2011-12-30 10:58:14 +00:00
Ed Schouten
71ccf09269 The last big commit: let usr.sbin/ use WARNS=6 by default. 2010-01-02 11:07:44 +00:00
Ed Schouten
9a958de54c ANSIfy some more tools in usr.sbin/.
Most of these tools build with WARNS=6, except for their use of K&R
function declarations.
2010-01-02 11:05:34 +00:00
Attilio Rao
7a7043c787 Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.

Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.

Obtained from:	Sandvine Incorporated
Reviewed by:	emaste, arch@
Sponsored by:	Sandvine Incorporated
MFC:		1 month
2009-11-25 15:12:24 +00:00
Xin LI
882284ccd1 Sync comment with actual configuration format. 2009-02-13 22:48:05 +00:00
Maxim Konovalov
30e95be8ce o inetd(8) requires wait/nowait column in inetd.conf for
ONC services as well.

PR:		bin/119203
Submitted by:	Peter Jeremy
MFC atfer:	1 week
2008-01-12 21:09:48 +00:00
Bjoern A. Zeeb
53bf725ae1 Remove the -DFAST_IPSEC from Makefiles again.
This was needed during the IPSEC->FAST_IPSEC->IPSEC transition
period to not break the build after picking up netipsec header
files. Now that the FAST_IPSEC kernel option is gone and the
default is IPSEC again those defines are superfluous.

Approved by:	re (rwatson)
2007-07-05 08:56:46 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
David Malone
7149ee1696 Don't try to apply connection-per-ip rate limiting to unix domain
sockets.  Instead of rejecting all unix domain connections when the
-C flag is given, allow them instead. Aragon tested an earlier
version of the patch.

PR:		109315
MFC after:	2 weeks
Tested-by:	Aragon Gouveia <aragon@phat.za.net>
2007-03-11 16:30:49 +00:00
Ruslan Ermilov
906c8a734c Removed T/TCP bits. 2006-09-14 08:36:53 +00:00
Yaroslav Tykhiy
af73d4e69e inetd and telnetd are not included in the standard release
crunched floppies, but they can be included as options in
src/release/picobsd (omitted by default though.)  Therefore
preserve the RELEASE_CRUNCH knob in their Makefiles, but
tell its real purpose in a comment.
2006-07-31 19:15:10 +00:00
Yaroslav Tykhiy
6884810944 Obey MK_INET6_SUPPORT. 2006-07-27 14:52:12 +00:00
David Malone
6a4d12ad81 Update a couple of comments relating to RFCs. 2006-04-17 19:55:25 +00:00
David Malone
f3c6fec05f Back out a Makefile change that accidently snook in. 2006-04-17 19:52:00 +00:00
David Malone
e90fa6a937 Port 37 (RFC 738) style times are supposed to be a 32 bit time since
1900 in network byte order. Use a uint32_t to calculate and send
the time, so that we don't need to know how big ints or longs are.

I used uint32_t instead of int in the patch, on the off chance
someone uses our inetd source on a system that doesnt 32 bit ints.

PR:		95290
Submitted by:	Bruce Becker <hostmaster@whois.gts.net>
MFC after:	2 weeks
2006-04-17 18:35:58 +00:00
Ceri Davies
f6ffc14649 Perform minor rewording and grammatical improvement. Add a missing Xr. 2006-02-04 22:17:38 +00:00
Xin LI
b512f01068 Revert previous commit for now, which seems to have (re)introduced some
old bugs, as well as some unwanted side effects.  I will do more
investigation and fix these issues first.

Pointed out by:	dwmalone
2006-01-18 19:38:43 +00:00
Xin LI
4d115fef9e Improves and cleanups over inetd(8):
- Teach inetd(8) about kqueue, originally implemented by jmg@[1].
 - Use new C99 style function prototypes instead of K&Rs.
 - Raise WARNS from 2 to 6

Glanced at by:	ru
MFC After:	2 weeks

[1] http://people.freebsd.org/~jmg/inetd.kq.patch,
    http://people.freebsd.org/~jmg/inetd.kq.html
2006-01-18 07:47:46 +00:00
Ceri Davies
ca2d2c73ef inetd(8) requires that /etc/netconfig be present, and contain entries
for each of udp and tcp (and their IPv6 equivalents when INET6 is
enabled).  Note that dependency here.

PR:		docs/90435
Submitted by:	Dmitry Kazarov <kazarov at mcm dot ru>
Pointed out by:	Daniel Gerzo <danger at rulez dot sk>
MFC after:	8 days
2005-12-30 13:16:15 +00:00
Pawel Jakub Dawidek
8b28aef238 Pidfiles should be created with permission preventing users from opening
them for reading. When user can open file for reading, he can also
flock(2) it, which can lead to confusions.

Pointed out by:	green
2005-09-16 11:24:28 +00:00
Pawel Jakub Dawidek
f670195163 Use pidfile(3) in inetd(8). 2005-08-24 19:04:21 +00:00
Jacques Vidrine
a8e0b2e8ab Remove rexecd(8), a server that implements a particularly insecure
method of executing commands remotely.  There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat.  It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
2005-06-10 20:52:36 +00:00
Hajimu UMEMOTO
4f10131848 NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.
2005-05-13 16:31:11 +00:00
Stefan Farfeleder
80c4c0db4f Prefer C99's __func__ over GCC's __FUNCTION__.
Approved by:	dwmalone
2004-09-26 13:47:25 +00:00
Warner Losh
486c8cc4c6 Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)
2004-08-07 04:28:56 +00:00
Ruslan Ermilov
07bfccd71e Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
Brooks Davis
44501e8cfd Remove the requirement that the "discard" service be defined in the
services database.  Now only services that are actually used need to be
defined.

Submitted by:	ume
2004-04-20 23:34:39 +00:00
David Malone
48135410c1 The list of (key,value) pairs to request_init is terminated by a 0 key,
not NULL.

Submitted by:	Stefan Farfeleder <stefan@fafoe.narf.at>
MFC after:	3 days
2004-04-04 21:32:23 +00:00
David Malone
bcd4c5746a On startup, warn if inetd's config file doesn't exist. This isn't
exactly the same as patch from the PR, which also exited if the
config file was missing. I didn't use Jeff's patch because I was
worried that some people might start inetd, create the config file
and then HUP inetd.

PR:		60806
Submitted by:	Jeff Ito <jeffi@rcn.com>
MFC after:	2 weeks
2004-03-22 12:01:23 +00:00
Philippe Charnier
5904b6fdcc Revert previous change. The effect of -w or -W option is described in
another paragraph.
Obtained from:	David Malone <dwmalone@maths.tcd.ie>
2004-02-29 15:49:26 +00:00
Philippe Charnier
59b4f7f45e According to source code, under certain conditions, logging goes to the
"auth" facility not "daemon".
Submitted by: "Bill Richter (7X22KEY)" <richterb@binkley.foothill.net>
2004-02-25 20:31:00 +00:00
Peter Wemm
e2c617744f Rather than use the gcc -fno-builtin-log flag, just rename the 'int log'
variable.
2003-10-30 22:56:44 +00:00
Hajimu UMEMOTO
47f0776134 Since semantic of IPV6_PKTINFO was changed in RFC3542, we need to
use IPV6_RECVPKTINFO instead.

Reported by:	someone (I had removed the mail wrongly, sorry)
2003-10-26 06:11:31 +00:00
Peter Wemm
3bda2f43af Use -fno-builtin-log so gcc doesn't get ideas about using a math function
to log data.  Clean up an unused variable that was hidden by the WARNS?=2
being commented out.  Uncomment it now that it compiles cleanly again.
2003-10-26 05:54:07 +00:00
David Malone
936664b119 Move my inetd maintainer note to src/MAINTAINERS. 2003-07-15 16:52:22 +00:00
David Malone
d2be82dad7 Get the connections per minute calculation right. By good fortune
(or possibly testing) the previous formula worked for the default
constants compiled into inetd, but if you recompiled with different
values of CHTSIZE and CHTGRAN the calculation might not have worked.

PR:		54354
Submitted by:	Claus Assmann <ca@sendmail.org>
Submitted by:	Jose Marcio Martins da Cruz <Jose-Marcio.Martins@ensmp.fr>
MFC after:	5 days
2003-07-15 16:46:45 +00:00
Philippe Charnier
49f90486ce The .Xr utility 2003-06-08 14:06:45 +00:00
David Malone
cbdbb7252f Under some unusual conditions, inetd can leak a open file discriptor
into a child process. Rather than closing the discriptors manually,
mark all discriptors as close-on-exec.

PR:		47694
Submitted by:	Max Okumoto <okumoto@ucsd.edu>
Obtained from:	NetBSD
MFC after:	2 weeks
2003-02-23 16:54:19 +00:00
David Malone
c40f2eef16 After calling login_getclass, be sure to call login_close so that
we don't leak memory. Only one of these two cases (reconfig) actually
causes a leak because the other is usually followed by an exec.

PR:		46845
Reviewed by:	David Wang <dsw@juniper.net>
MFC after:	2 weeks
2003-02-23 16:49:14 +00:00
Hajimu UMEMOTO
6431ecd0a1 The tcp_wrappers function `fromhost()' can fail. In such
cases, the `struct sockaddr' will not be allocated.

Reported by:	nectar
MFC after:	2 days
2003-02-13 17:08:23 +00:00
Robert Watson
42c0e331cd Using LOGIN_SETALL &~LOGIN_SETMAC to avoid setting the MAC label improperly,
rather than specifically setting the process priority and resource class;
otherwise, we improperly set other aspects of the login class.  We have
a bit more to do here, but the proper fix will probably involve breaking
out MAC labels from the login class at some point, as well as further
clarifying the logic here.

Pointed out by:	kuriyama, max
2003-01-16 03:41:57 +00:00
Robert Watson
15e90ad4c5 For now, set only the resource limits and process priority associated
with a class, rather than all aspects of the class when switching
classes for an inetd service.  Because we hard-code /daemon in the
current inetd implementation, using SETALL has unfortunate side-effects
involving the MAC code, and potentially other credential related
settings in the future.  This change maintains the DoS-resistent
aspects of the class behavior, which is all that is promised in the
inetd man page.

A larger set of diffs providing more pluggability and configurability
was deferred for this more simple approach in the short term.

Reviewed by:	ache
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-01-08 17:10:11 +00:00
Garrett Wollman
cd9a4d5d7a Add used #include <limits.h>. 2002-10-27 17:46:53 +00:00