Commit Graph

241 Commits

Author SHA1 Message Date
Brian Feldman
e1c77598be Ahem. Put things back a bit. I declare variables in the scope they're
used! I don't declare every variable at the top of a function because
that wastes stack space. I've clarified the error a bit (for if asprintf()
filas.)
1999-07-23 15:49:14 +00:00
Brian Feldman
763c487788 As per DES's prodding, document _all_ the arguments to inetd's auth
service. This includes the -o "operating system" argument and the -t
"timeout" argument.
1999-07-23 15:37:39 +00:00
Sheldon Hearn
56658bf1e6 Style cleanups for iderror() and ident_stream(). Looks like c++ hang-over.
;-)
1999-07-23 15:26:42 +00:00
Sheldon Hearn
3d1171b5b4 Fix auth -t argument handling. It was broken for the "sec.usec" case.
Add a warning for bogus -t arguments for the (debug) case.
1999-07-23 15:00:07 +00:00
Dag-Erling Smørgrav
fc2cff3185 Don't match up TCP services with UDP sockets. 1999-07-23 14:45:21 +00:00
Brian Feldman
e26aedfbf8 Fixed a braino: lack of spaces in sscanf caused ident parsing to fail.
Sorry, guys.
1999-07-23 03:51:52 +00:00
Brian Feldman
202a23238e "knobs are cheap". Here's a -t timeout option for the internal ident
service. It takes a number (w/ or w/out .usec) as an argument.
1999-07-22 21:42:49 +00:00
Brian Feldman
8391600e00 This commit encompasses the following changes to inetd:
1. Cleanups of ident_stream. "Evil" stdio is less used.
	2. The BSD Copyright was added to the top of builtins.c.
	3. As suggested, a timeout is now implemented in the ident
	   service. It defaults to 10 seconds. If enough people want
	   it, I'll make it configurable.

Suggested by:	msmith
1999-07-22 21:11:40 +00:00
Sheldon Hearn
f6389f4b62 Relegate the diagnostic descriptor counter to the -DSANITY_CHECK case. 1999-07-22 16:29:48 +00:00
Sheldon Hearn
db6da75556 Remove unnecessary macro introduced in previous commit.
Also, the previous commit failed to reference:

PR:	12731
Submitted by:	dwmalone@maths.tcd.ie (David "Inetd" Malone)
1999-07-22 16:10:40 +00:00
Sheldon Hearn
0a418352f9 Don't leak pipe descriptor to daemons on execv(). 1999-07-22 15:57:37 +00:00
Sheldon Hearn
dd09a74de7 Signal handlers should use _exit(2) and not exit(3). 1999-07-22 14:47:29 +00:00
Sheldon Hearn
5ff3afce6f Move code for all builtin services from inetd.c to builtins.c, including
the Green Piece. :-)

In future, new builtin services are less likely to need to touch the
already tangled inetd.c .
1999-07-22 14:11:26 +00:00
Sheldon Hearn
a9ed85ec46 Fix for the hosts_options(5) spawn option.
Restore default SIGHUP, SIGCHLD and SIGALRM handlers in forked inetd
processes. This happens to work around the fact that hosts_access()
doesn't (but should) set SIG_IGN as the handler for SIGCHLD while it
handles the spawn option, but it would make sense even if that were
not true.

This does not address the leaking descriptors issue discussed on the
same PR.

PR:	12731
Reviewed by:	des
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-07-21 16:09:45 +00:00
Sheldon Hearn
6134dbe0ac Fix horribly broken comment. The submitter of the associated code sent
me the right comment and I bastardized it. :-(
1999-07-21 12:19:24 +00:00
Sheldon Hearn
2ab0563dfe Document the new {auth,ident,tap} service and provide examples in the
configuration file.

Requested by:	green
1999-07-16 15:41:14 +00:00
Brian Feldman
b81a43e288 By popular demand, ident_stream now takes arguments. Ex:
# This enables the old, fake ident service.
auth    stream  tcp     nowait  root    internal
# This enables the new, real ident service.
auth	stream	tcp	nowait	root	internal	auth -r
# This enables ~/.fakeid support, too.
auth	stream	tcp	nowait	root	internal	auth -r -f
1999-07-15 17:01:43 +00:00
Brian Feldman
d33eb4c802 This is the working internal ident service. Turn it on by setting
the make variable REAL_IDENT, and ~/.fakeid support can be added
with FAKEID set. Note that the default behavior is the same as
the old behavior.
1999-07-15 01:34:02 +00:00
Brian Feldman
715400fa2a Fix ``:''.
PR:		12589
1999-07-11 08:32:24 +00:00
Sheldon Hearn
499067071c Use the proctitle to indicate that we're busy wrapping a request for a
service. Inetd already uses the process title to indicate that a request
for an internal service is being serviced, so this addition is fairly
orthogonal.

Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-07-09 11:46:45 +00:00
Sheldon Hearn
10d03f50ad Allow internal and external wrapping to be enabled independantly of
each other. Instead of allowing the -w option to be specified twice,
we now take -w (wrap external) and -W (wrap internal).

Discussed with:	markm
1999-07-09 11:19:01 +00:00
Sheldon Hearn
eb0fde47f8 Allow service alias names from /etc/services to be used when specifying
internal services in inetd.conf .

The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!

Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing
configurations.

This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).

PR:	11796
Reported by:	Alex Charalabidis <alex@wnm.net>
Approved by:	des
1999-07-02 16:21:13 +00:00
Sheldon Hearn
27fd1dba4e Clarify that the services name, as specified in inetd.conf, for an
internal service should be used as the daemon name when constructing
hosts_access(5) rules.
1999-07-02 15:58:32 +00:00
Sheldon Hearn
1efeefd521 Ommitted in previous commit message:
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-30 23:47:46 +00:00
Sheldon Hearn
c48c2d6d38 Enable wrapping for dgram services and fix logging so that -l really
does log all connections.
1999-06-30 23:36:39 +00:00
Sheldon Hearn
9735000dd4 Sync usage() with the manpage.
Approved by:	mpp
1999-06-28 11:27:14 +00:00
Sheldon Hearn
8d0fe86993 Fix broken logic: (!wrap || log) -> (!wrap && log) .
Reported by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-28 09:28:17 +00:00
Sheldon Hearn
6e4989b255 Fix the SYNOPSIS to reflect that the -w option can be specified twice.
Requested by:	obrien
Approved by:	mpp
1999-06-27 21:07:55 +00:00
Sheldon Hearn
54f5ebed00 Add command-line option (-w), specified once to enable wrapping and
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.

Change etc/defaults/rc.conf so as to encourage wrapping on new systems.

Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.

Approved by:	jkh
1999-06-27 18:05:34 +00:00
Sheldon Hearn
274811a772 Use Dq mdoc tag for double-quoted words. 1999-06-21 11:43:13 +00:00
Sheldon Hearn
7aad173232 Fix handling of maximum children and connections per minute.
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-21 11:17:34 +00:00
Sheldon Hearn
1181cf3c52 Various fixes for inetd's TCP Wrappers support:
1) Handle forking and non-forking internal services correctly.
	   Turn on wrapping for internal services because it works now.
	2) Preserve server names for each service on HUP.
	3) Honour hosts_options(5) severity option.
	4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
	   usage and limitations.

This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.

PR:	12097
Reviewed by:	markm
1)
Reported by:	Pierre Beyssac <pb@fasterix.freenix.org>
2)
Submitted by:	Masachika ISHIZUKA <ishizuka@ish.org>
3)
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-17 09:16:08 +00:00
Dag-Erling Smørgrav
b180b6de88 Don't stop listening to the signal pipe just because you don't have
anything else to do.

PR:		10468, 11594
1999-05-11 12:50:14 +00:00
Mark Murray
4e69f92838 There seems to be a problem (most likely when there is no hosts.allow)
with wrapping the internal services, so do not wrap them for now.
1999-05-07 06:48:01 +00:00
David E. O'Brien
fad9a47729 MFS: sort reference list and embelish history. 1999-05-01 22:03:00 +00:00
Mark Murray
d06590a52b Fix the "internal" wrapping as well as a nasty bug involving
the daemon name vs the path. Also fix some warnings and improve
the wrapper section of the man page.

Nice debugging work by:	Sheldon Hearn
1999-04-11 09:22:17 +00:00
Mark Murray
9980037e50 Now inetd(8) has direct support for tcp_wrappers! Not working at the
moment is support for the internal serfvices, so these are not
enabled. Volunteers welcome!
1999-03-28 10:50:30 +00:00
Daniel O'Callaghan
552b1ded8b Make machtime() function unsigned long instead of long.
Reviewed by:	phk
1999-01-05 11:56:35 +00:00
Dag-Erling Smørgrav
87cef388ff Style cleanups.
Requested by:	bde
1999-01-02 16:04:19 +00:00
Dag-Erling Smørgrav
e20e25db62 Back out rev. 1.42 and 1.43. Apply Graham Wheeler's signal handling patch.
Reviewed by:    jkh & eivind
Submitted by:   Graham Wheeler <gram@cdsec.com>
PR:             bin/8183
1998-12-28 15:09:43 +00:00
Matthew Dillon
73df45e228 Remove signal mask prior to calling exec 1998-12-15 23:12:33 +00:00
Matthew Dillon
5177c2936a Reviewed by: freebsd-current
Fix signal/library corruption by blocking all signals except during
    select().  The reported corruption was with reentrancy in the malloc lib.
1998-12-11 17:06:16 +00:00
Poul-Henning Kamp
3c97a31c2f Add an "internal" driver for the "ident" protocol (tcp/113).
It will return "ERROR:HIDDEN-USER" for all requests.

To use it add:
	ident   stream  tcp     nowait  root    internal
to inetd.conf
1998-11-04 19:39:46 +00:00
John Birrell
4b82d708ae Bruce says that %p is intended to format void pointers only. So use a void *
cast. There are pointers and then there are _pointers_. One day I'll
figure out which are which. 8-)
1998-08-18 02:10:05 +00:00
John Birrell
44ab8b53f2 Remove a cast and print the pointer value with %p instead of %x. 1998-08-17 06:16:59 +00:00
Andrey A. Chernov
a07f318f8c Add (struct timezone *) cast to NULL for K&R 1998-07-24 08:28:33 +00:00
Andrey A. Chernov
19ce94466c Use NULL as gettimeofday arg instead of 0 cast
Add missing arg to error diagnostic
Print yet one arg of error diagnostic
1998-07-23 20:05:02 +00:00
Poul-Henning Kamp
d4676e5ad7 last patch misapplied. 1998-07-22 14:24:12 +00:00
Poul-Henning Kamp
02c589d9e9 This may apply to all known versions of inetd.
For a tcp/nowait connection, inetd invokes accept(2) for
each pending connection; this call returns a file descriptor
associated with the new connection.

Twelve years ago, code was added to inetd to detect "failing
servers".  The heuristic that identifies a failing server is
one that has been invoked a large number of times over some
specified interval (e.g., more than 128 ftp services started
in 60 seconds may flag the ftp service as "failing").  These
compile-time constants vary depending on vendor.

The problem is that, when a failing server is detected, the
code neglects to close the file descriptor returned by the
accept(2).

Security-Implications:
I suppose someone with ample free time could orchestrate an
attack buy pummeling services until the inetd process finally
runs out of file descriptors thus rendering inetd useless to
any new connections that require a new descriptor.

PR:		7286
Reviewed by:	phk
Submitted by:	Jeff Forys <jeff@forys.cranbury.nj.us>
1998-07-22 05:53:53 +00:00
Poul-Henning Kamp
1499abeef4 Spelling fixes.
PR:		6903
Reviewed by:	phk
Submitted by:	Josh Gilliam <josh@quick.net>
1998-06-10 12:34:27 +00:00
Pierre Beyssac
40907429e4 Small typo in T/TCP patch ("speicfy" -> "specify"). 1998-05-15 19:16:35 +00:00
Guido van Rooij
c6c38f1d7f On request of Garrett, ad a way to specify that a service should be
reachable via T/TCP
Reviewed by:	Garrett Wollman
1998-05-14 20:26:16 +00:00
Bruce Evans
6543414337 Fixed gross errors in previous commit. `sapipe' was used uninitialized
to attempt to unblock SIGCHLD, but we actually want to unignore SIGPIPE.

Obtained from:	OpenBSD

Finished conversion from sigvec to sigaction (don't assume that sa_mask
is a scalar...).  Didn't convert from sigblock to sigprocmask.  Didn't
fix missing error checking for sigaction...
1998-05-11 12:11:59 +00:00
Guido van Rooij
e523d5ae25 Unblock SIGPIPE before execv(); convert from sigvec to sigaction
Obtained from: OpenBSD
1998-05-08 19:15:44 +00:00
Guido van Rooij
34b32a7cb4 Redo tcpmux stuff. tcpmux handling is now performed after inetd
forks. Furthermore, invalid input for tcpmux does not lead to
an exiting inetd.
This patch is recommended for people running tcpmux (which is NOT
enabled by default)
1998-05-07 18:32:00 +00:00
Garrett Wollman
10ad031e1d Document the requirement for TCPMUX to also be enabled as an internal
service if any external TCPMUX servers are desired.

PR: 826
1998-04-13 15:05:14 +00:00
Paul Traina
ffb7094ed2 Make maxchild and max child-per-minute default values configurable from
the command line or Makefile.
1998-02-24 21:55:14 +00:00
Dima Ruban
3e2e58f12e Add possibility to specify maximum number of connections per minute
for a given IP address.
This should be very effective against DoS attacks.
1997-10-29 21:49:04 +00:00
Andrey A. Chernov
b34683ca29 Implement group part now, final syntax is:
user[:group][/login-class]
1997-10-28 13:46:52 +00:00
Andrey A. Chernov
186a5319ff Implement login classes sepcification as user[/loginclass]
By default inetd run things with the same limits as from /etc/rc
(daemon class) to not break anything as in good old days.
1997-10-27 22:03:47 +00:00
Philippe Charnier
c1a2e93e94 Use err(3). 1997-09-19 06:27:30 +00:00
Warner Losh
83eea89664 Remove and odd sleep found by David Holland and posted to -security.
Reviewed by:	Theo de Raadt (who put it into OpenBSD)
Submitted by:	David Holland <dholland@eecs.harvard.edu>
1997-08-29 18:00:11 +00:00
David Nugent
5d0bfe39ec login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
Garrett Wollman
aeb83a466a Condition SO_PRIVSTATE twiddling on the definedness of SO_PRIVSTATE.
(This was done as a #ifdef to keep source compatibility between 2.2 and 3.0.)
1997-04-28 13:55:07 +00:00
Warner Losh
6c3f552a31 compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-31 05:11:47 +00:00
Peter Wemm
476602a9d0 Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
Julian Elischer
fb42516541 The "-a" option for inetd specifies a specific IP address for the
server to bind to. This works until you send it a SIGHUP with a
new service defined ... the new service is bound to INADDR_ANY.

This patch fixes this bug (in both RELENG_2_2 and -current).

This is a 2.2 candidate..(i.e. pure bug fix)

Submitted by:	Archie Cobbs (archie@whistle.com)
1997-02-05 19:50:04 +00:00
Wolfram Schneider
bfd34a4a60 Sort cross references. 1997-01-20 00:03:00 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Peter Wemm
fbc2342cca Implement minimal login class support (ie: does a setusercontext()).
Enabled by defining LOGIN_CAP in Makefile, on by default.
1997-01-13 02:52:30 +00:00
Julian Elischer
0661be0b5d Reviewed by: Bill fenner
Submitted by:	Archie Cobbs (Archie@whistle.com)

Changes to allow inted to control the number of servers to
start on each service. This is a defence against a denial of service attack
in which the system is made unusable by
an external party. It also allows the behaviour of
small memory systems to be more accuratly predicted, by
bounding the extent to which processes can multiply.
1996-11-10 21:12:44 +00:00
Julian Elischer
6467602bb5 Reviewed by: Bill fenner
Submitted by:	 Archie Cobbs (archie@whistle.com)

changes to make inetd compile cleaner under -Wall
1996-11-10 21:07:27 +00:00
Alexander Langer
9e375707a5 Fix incorrect length argument to memset() function. Closes PR#1937.
Submitted by:	Archie Cobbs <archie@whistle.com>
1996-11-01 01:42:08 +00:00
Joerg Wunsch
d4788da623 Do not modify a malloc()ed pointer; instead, use memmove().
Detected by: phkmalloc - AJ :)
1996-10-28 23:02:38 +00:00
Julian Elischer
7356460fe3 Reviewed by: various
Submitted by:	archie@whistle.com

changes to allow inetd to bind to a single interface
for more complicated options see xinetd in ports.

Obtained from: whistle.com
1996-08-09 22:20:24 +00:00
David Greenman
e289453542 Increased listen() queue-depth limit to 64. 1996-07-17 15:00:28 +00:00
Gary Palmer
ac52e6af45 Add $Id$ 1996-05-07 03:16:43 +00:00
Garrett Wollman
e50d775901 Call setsockopt(SO_PRIVSTATE) to renounce SS_PRIV on all the sockets
we create.  (Nothing being called from inetd should use it anyway,
but you can never be too careful.)

Translate the man page back into -mdoc.
1996-02-07 17:15:01 +00:00
Mike Pritchard
4a8d02835c Fix a bunch of spelling errors in a bunch of man pages. 1996-01-30 13:52:50 +00:00
Peter Wemm
c128302002 Make inetd use setproctitle from libutil instead of it's own version.
The old code can probably still be compiled with #define OLD_SETPROCTITLE
1996-01-01 08:42:23 +00:00
Peter Wemm
84c60f0d3f Workaround for the setlogin()-in-same-session-as-inetd bug.
This causes:
1: inetd to clear it's getlogin() name at startup (in case the sysadmin
	logged in and su'ed to root and restarted inetd)
2: inetd to start each spawned process in it's own session.
3: inetd to call setlogin() on non-root processes (eg: uucp for uucico)
4: log failures more extensively

This means that root spawned processes from inetd remain responsible for
setting their login name if they change their uid. (eg: rshd, login, etc).

If they do not do so, it is safer for them to have no "login name" than a
wrong one (like "root") because the getlogin() system call is documented
as "secure" on 4.4BSD.  inetd when started from /etc/rc would have no login
name anyway, so this isn't really a change - it's making it consistant with
the bootup state...

The setsid() change *may* cause something to break that is doing a setsid()
itself and checking the result - it will fail now because it's already been
done.  The consensis seems to be that this is unlikely. David G. thinks
this is acceptable as it is cleaner from an architectural point of view.
1995-11-03 09:30:13 +00:00
Adam David
32b505b222 Implement simple quoting for command args.
Previously "abc xyz" became 2 args split at the space.
1995-10-30 14:03:00 +00:00
Garrett Wollman
9fe96cbb6d Record PID in /var/run/inetd.pid and document same. 1995-10-12 16:43:27 +00:00
David Greenman
ee812eb286 Correct the "default rate" - it's 256/minute not 1000/minute. 1995-10-09 23:34:07 +00:00
Rodney W. Grimes
d3628763db Merge RELENG_2_0_5 into HEAD 1995-06-11 19:33:05 +00:00
Rodney W. Grimes
709e8f9ae1 Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
Garrett Wollman
71704f34b1 Disable UDP service looping attack. 1994-12-21 19:08:45 +00:00
Geoff Rehmet
bee39b42f3 - increase TOOMANY, in line with 1.x
- add logging option from 1.x
1994-09-11 11:16:32 +00:00
Geoff Rehmet
55b91f3ab6 Bring in handling of RPC services from 1.x
(Guess who forgot to replace his inetd until today ;-)
1994-09-11 10:48:02 +00:00
Garrett Wollman
84e59eb50d Get rid of update. Make man page installation work with our scheme
(and rename a few in the process).
1994-08-05 16:31:05 +00:00
Rodney W. Grimes
dea673e932 BSD 4.4 Lite usr.sbin Sources 1994-05-26 05:23:31 +00:00