Commit Graph

101 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
5dcb6878e1 Pull on my asbestos undies and claim ownership of inetd to prevent further
flamage between our beloved messrs Hearn and Feldman. Further commits go
through me. I urge the contestants to direct their energies at cleaning
up main() in inetd.c, which has over time become a crawling horror.
1999-07-26 08:43:03 +00:00
Brian Feldman
019893b437 Here goes, the "clear up any possible confusion" commit.
I've taken time to write up comments for the ident code tonight,
so there should no longer be any confusion about the purpouse of
whatever is in there. Wow, me commenting code... who'd have thought
that would happen?

Reviewed by:	DES
1999-07-26 07:57:35 +00:00
Sheldon Hearn
daae13874a Bring two wayward memory allocation failure messages in line with
those featured in the rest of the code.
1999-07-26 06:39:46 +00:00
Brian Feldman
ecf12be032 More cleanups to ident_stream. Variables moved around, changed.
Got rid of an extra variable or two, while making corrections to
problems (that would probably not be a problem anyway, and worked.)

Partially Obtained from:	David Malone <dwmalone@maths.tcd.ie>
1999-07-25 23:15:03 +00:00
Brian Feldman
2404a15a12 Correct a groff error in macro usage ("foo : bar" becomes "``foo: bar''").
Document the auth -n flag.
1999-07-24 17:11:50 +00:00
Brian Feldman
2d878a1923 More cleanups, asprintf() usage (proper, as opposed to using snprintf()),
and addition of a -n .noident-checking flag.
1999-07-24 17:06:05 +00:00
Brian Feldman
b52c43b357 Clean up to match style(9) more closely. This should fix the problem of
people having ants in their pants ;)
1999-07-24 16:24:03 +00:00
Sheldon Hearn
9a16e31ade Use comments to group functions by service more clearly. I've used the
excuse of providing the RFC numbers for the associated services.
1999-07-24 13:02:09 +00:00
Sheldon Hearn
6f426a27c5 Style nits:
* Bring memory allocation failure handling in line with that of
	the rest of the code.
      * Nestle block curlies between case statements correctly.

I've left the in-block declarations alone, since style(9) says we should
conform to the existing style within the code, and inetd already does
this. I've left the asprintf()'s in there because that's how Brian wants
it.
1999-07-24 12:35:50 +00:00
Sheldon Hearn
3467b84849 Document the -o and -t options to the internal auth service and give an
example of their usage in the sample config. Merge the two examples
for the green internal auth service.

This commit failed the first time around because Brian beat me to the
punch on inetd.8 . I like my descriptions better and I'm pretty sure
Brian won't mind.
1999-07-23 15:49:34 +00:00
Brian Feldman
e1c77598be Ahem. Put things back a bit. I declare variables in the scope they're
used! I don't declare every variable at the top of a function because
that wastes stack space. I've clarified the error a bit (for if asprintf()
filas.)
1999-07-23 15:49:14 +00:00
Brian Feldman
763c487788 As per DES's prodding, document _all_ the arguments to inetd's auth
service. This includes the -o "operating system" argument and the -t
"timeout" argument.
1999-07-23 15:37:39 +00:00
Sheldon Hearn
56658bf1e6 Style cleanups for iderror() and ident_stream(). Looks like c++ hang-over.
;-)
1999-07-23 15:26:42 +00:00
Sheldon Hearn
3d1171b5b4 Fix auth -t argument handling. It was broken for the "sec.usec" case.
Add a warning for bogus -t arguments for the (debug) case.
1999-07-23 15:00:07 +00:00
Dag-Erling Smørgrav
fc2cff3185 Don't match up TCP services with UDP sockets. 1999-07-23 14:45:21 +00:00
Brian Feldman
e26aedfbf8 Fixed a braino: lack of spaces in sscanf caused ident parsing to fail.
Sorry, guys.
1999-07-23 03:51:52 +00:00
Brian Feldman
202a23238e "knobs are cheap". Here's a -t timeout option for the internal ident
service. It takes a number (w/ or w/out .usec) as an argument.
1999-07-22 21:42:49 +00:00
Brian Feldman
8391600e00 This commit encompasses the following changes to inetd:
1. Cleanups of ident_stream. "Evil" stdio is less used.
	2. The BSD Copyright was added to the top of builtins.c.
	3. As suggested, a timeout is now implemented in the ident
	   service. It defaults to 10 seconds. If enough people want
	   it, I'll make it configurable.

Suggested by:	msmith
1999-07-22 21:11:40 +00:00
Sheldon Hearn
f6389f4b62 Relegate the diagnostic descriptor counter to the -DSANITY_CHECK case. 1999-07-22 16:29:48 +00:00
Sheldon Hearn
db6da75556 Remove unnecessary macro introduced in previous commit.
Also, the previous commit failed to reference:

PR:	12731
Submitted by:	dwmalone@maths.tcd.ie (David "Inetd" Malone)
1999-07-22 16:10:40 +00:00
Sheldon Hearn
0a418352f9 Don't leak pipe descriptor to daemons on execv(). 1999-07-22 15:57:37 +00:00
Sheldon Hearn
dd09a74de7 Signal handlers should use _exit(2) and not exit(3). 1999-07-22 14:47:29 +00:00
Sheldon Hearn
5ff3afce6f Move code for all builtin services from inetd.c to builtins.c, including
the Green Piece. :-)

In future, new builtin services are less likely to need to touch the
already tangled inetd.c .
1999-07-22 14:11:26 +00:00
Sheldon Hearn
a9ed85ec46 Fix for the hosts_options(5) spawn option.
Restore default SIGHUP, SIGCHLD and SIGALRM handlers in forked inetd
processes. This happens to work around the fact that hosts_access()
doesn't (but should) set SIG_IGN as the handler for SIGCHLD while it
handles the spawn option, but it would make sense even if that were
not true.

This does not address the leaking descriptors issue discussed on the
same PR.

PR:	12731
Reviewed by:	des
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-07-21 16:09:45 +00:00
Sheldon Hearn
6134dbe0ac Fix horribly broken comment. The submitter of the associated code sent
me the right comment and I bastardized it. :-(
1999-07-21 12:19:24 +00:00
Sheldon Hearn
2ab0563dfe Document the new {auth,ident,tap} service and provide examples in the
configuration file.

Requested by:	green
1999-07-16 15:41:14 +00:00
Brian Feldman
b81a43e288 By popular demand, ident_stream now takes arguments. Ex:
# This enables the old, fake ident service.
auth    stream  tcp     nowait  root    internal
# This enables the new, real ident service.
auth	stream	tcp	nowait	root	internal	auth -r
# This enables ~/.fakeid support, too.
auth	stream	tcp	nowait	root	internal	auth -r -f
1999-07-15 17:01:43 +00:00
Brian Feldman
d33eb4c802 This is the working internal ident service. Turn it on by setting
the make variable REAL_IDENT, and ~/.fakeid support can be added
with FAKEID set. Note that the default behavior is the same as
the old behavior.
1999-07-15 01:34:02 +00:00
Brian Feldman
715400fa2a Fix ``:''.
PR:		12589
1999-07-11 08:32:24 +00:00
Sheldon Hearn
499067071c Use the proctitle to indicate that we're busy wrapping a request for a
service. Inetd already uses the process title to indicate that a request
for an internal service is being serviced, so this addition is fairly
orthogonal.

Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-07-09 11:46:45 +00:00
Sheldon Hearn
10d03f50ad Allow internal and external wrapping to be enabled independantly of
each other. Instead of allowing the -w option to be specified twice,
we now take -w (wrap external) and -W (wrap internal).

Discussed with:	markm
1999-07-09 11:19:01 +00:00
Sheldon Hearn
eb0fde47f8 Allow service alias names from /etc/services to be used when specifying
internal services in inetd.conf .

The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!

Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing
configurations.

This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).

PR:	11796
Reported by:	Alex Charalabidis <alex@wnm.net>
Approved by:	des
1999-07-02 16:21:13 +00:00
Sheldon Hearn
27fd1dba4e Clarify that the services name, as specified in inetd.conf, for an
internal service should be used as the daemon name when constructing
hosts_access(5) rules.
1999-07-02 15:58:32 +00:00
Sheldon Hearn
1efeefd521 Ommitted in previous commit message:
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-30 23:47:46 +00:00
Sheldon Hearn
c48c2d6d38 Enable wrapping for dgram services and fix logging so that -l really
does log all connections.
1999-06-30 23:36:39 +00:00
Sheldon Hearn
9735000dd4 Sync usage() with the manpage.
Approved by:	mpp
1999-06-28 11:27:14 +00:00
Sheldon Hearn
8d0fe86993 Fix broken logic: (!wrap || log) -> (!wrap && log) .
Reported by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-28 09:28:17 +00:00
Sheldon Hearn
6e4989b255 Fix the SYNOPSIS to reflect that the -w option can be specified twice.
Requested by:	obrien
Approved by:	mpp
1999-06-27 21:07:55 +00:00
Sheldon Hearn
54f5ebed00 Add command-line option (-w), specified once to enable wrapping and
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.

Change etc/defaults/rc.conf so as to encourage wrapping on new systems.

Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.

Approved by:	jkh
1999-06-27 18:05:34 +00:00
Sheldon Hearn
274811a772 Use Dq mdoc tag for double-quoted words. 1999-06-21 11:43:13 +00:00
Sheldon Hearn
7aad173232 Fix handling of maximum children and connections per minute.
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-21 11:17:34 +00:00
Sheldon Hearn
1181cf3c52 Various fixes for inetd's TCP Wrappers support:
1) Handle forking and non-forking internal services correctly.
	   Turn on wrapping for internal services because it works now.
	2) Preserve server names for each service on HUP.
	3) Honour hosts_options(5) severity option.
	4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
	   usage and limitations.

This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.

PR:	12097
Reviewed by:	markm
1)
Reported by:	Pierre Beyssac <pb@fasterix.freenix.org>
2)
Submitted by:	Masachika ISHIZUKA <ishizuka@ish.org>
3)
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-17 09:16:08 +00:00
Dag-Erling Smørgrav
b180b6de88 Don't stop listening to the signal pipe just because you don't have
anything else to do.

PR:		10468, 11594
1999-05-11 12:50:14 +00:00
Mark Murray
4e69f92838 There seems to be a problem (most likely when there is no hosts.allow)
with wrapping the internal services, so do not wrap them for now.
1999-05-07 06:48:01 +00:00
David E. O'Brien
fad9a47729 MFS: sort reference list and embelish history. 1999-05-01 22:03:00 +00:00
Mark Murray
d06590a52b Fix the "internal" wrapping as well as a nasty bug involving
the daemon name vs the path. Also fix some warnings and improve
the wrapper section of the man page.

Nice debugging work by:	Sheldon Hearn
1999-04-11 09:22:17 +00:00
Mark Murray
9980037e50 Now inetd(8) has direct support for tcp_wrappers! Not working at the
moment is support for the internal serfvices, so these are not
enabled. Volunteers welcome!
1999-03-28 10:50:30 +00:00
Daniel O'Callaghan
552b1ded8b Make machtime() function unsigned long instead of long.
Reviewed by:	phk
1999-01-05 11:56:35 +00:00
Dag-Erling Smørgrav
87cef388ff Style cleanups.
Requested by:	bde
1999-01-02 16:04:19 +00:00
Dag-Erling Smørgrav
e20e25db62 Back out rev. 1.42 and 1.43. Apply Graham Wheeler's signal handling patch.
Reviewed by:    jkh & eivind
Submitted by:   Graham Wheeler <gram@cdsec.com>
PR:             bin/8183
1998-12-28 15:09:43 +00:00