Commit Graph

264 Commits

Author SHA1 Message Date
dd
eaa6ee03b8 mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
ru
c25970b274 mdoc(7) police: fixed markup, sorted xrefs. 2001-07-05 07:37:33 +00:00
dd
40121fab55 mdoc(7) police: fix spacing and punctuation issues. 2001-07-03 21:22:09 +00:00
dwmalone
2a93d1e870 Don't add -Wall, as it's a compiler specific flag. 2001-06-24 09:20:42 +00:00
dwmalone
670077b10f Fix most of the warnings given by WARNS=2. 2001-06-24 09:20:07 +00:00
dd
04d1b1c8dd Remove duplicate words. 2001-06-24 01:34:38 +00:00
dwmalone
229831d19f Give inetd the ability to manage unix domain sockets. Details of
how to use this feature are in the man page. This is based on work
by Lyndon Nerenberg.

(The only difficult part about this patch is the fact that you
can't fchown a unix domain socket, which means the sockets must be
put in a secure directory).

Reviewed by:	dillon
2001-06-16 18:54:54 +00:00
sobomax
6c2547ab1f Correct cross-reference:
portmap.8 --> rpcbind.8

Submitted by:	.Xr testing script
2001-06-07 16:59:19 +00:00
dwmalone
45620ee4d3 Get rid of se_ctladdrinitok, which doesn't do anything and seemes
to have been accidently imported when ipv6 support was added to
inetd.

Approved by:	ume
2001-06-06 20:00:42 +00:00
dwmalone
9f564ba0bd Correct a comment - the time service returns seconds since 1900 not 1970.
Submitted by:	ru
2001-06-04 11:47:08 +00:00
dwmalone
650fe0907f This patch cleans up the ident stuff in inetd. The code which has
been patched so many times it was a bit of a mess. There are style,
code and man page cleanups. The following are the functional changes:

	The RFC only permits the returning of 4 possible error
	codes, make sure we only return these (PR 27636).

	Use MAXLOGNAME to determine the longest usernames.

	Add a -i flag, which returns the uid instead of the username
	(this is from a PR 25787, which also contained alot of the
	cleanups in this patch).

PR:		25787, 27636
Partially Submitted by:	Arne.Dag.Fidjestol@idi.ntnu.no
Reviewed by:	Arne.Dag.Fidjestol@idi.ntnu.no, green
MFC after:	3 weeks
2001-06-04 11:43:29 +00:00
ume
25beb6e957 Recently, other BSDs had faith support in inetd. Though our inetd has
it already, their syntax is not compatible with ours.  It will confuse
users.  So, we have compatibility with their syntex.

Approved by:	dwmalone
Obtained from:	NetBSD
2001-05-31 10:09:36 +00:00
dwmalone
aff3c2bc06 Make dg_echo return up to the first 65536 bytes of a datagram.
The patch I used isn't quite the one Lars suggested, but the size
of the largest datagram you can recv isn't #defined anywhere, and
probably isn't even bounded for some protocols.

PR:		25050
Submitted by:	Lars Eggert <larse@isi.edu>
2001-05-26 14:40:39 +00:00
dwmalone
c4a5325a94 Don't spell requester as requestor. 2001-05-26 14:33:47 +00:00
dwmalone
eee651a650 Allow ident requests with trailing junk following the terminating "\n".
Reviewed by:	ben
Approved by:	green
2001-03-28 13:41:19 +00:00
ru
afd506414e - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
ru
f10dc9aca1 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
ru
f4325cbb8b Eliminate mdocNG warnings caused by misplaced or extraneous macro calls. 2001-02-28 17:38:53 +00:00
green
18d474781f Switch to using a struct xucred instead of a struct xucred when not
actually in the kernel.  This structure is a different size than
what is currently in -CURRENT, but should hopefully be the last time
any application breakage is caused there.  As soon as any major
inconveniences are removed, the definition of the in-kernel struct
ucred should be conditionalized upon defined(_KERNEL).

This also changes struct export_args to remove dependency on the
constantly-changing struct ucred, as well as limiting the bounds
of the size fields to the correct size.  This means: a) mountd and
friends won't break all the time, b) mountd and friends won't crash
the kernel all the time if they don't know what they're doing wrt
actual struct export_args layout.

Reviewed by:	bde
2001-02-18 13:30:20 +00:00
ru
66cd8f698e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:44:04 +00:00
dwmalone
9d82cf01b5 Various cleanups of inetd: Avoid shadowing variables, use socklen_t
instead of ints, don't cast to char *, clear up some remote name
handling code which had become a little odd.

Should result in no functional changes.
2001-01-22 23:19:30 +00:00
dwmalone
b858cbd0d3 Don't mention /etc/protocols in inetd documentation or comments, as inetd
doesn't actually use it.

PR:		24307
Submitted by:	opentrax@email.com
2001-01-22 23:11:02 +00:00
ru
4bb5f49662 Prepare for mdoc(7)NG. 2000-12-27 15:30:30 +00:00
dwmalone
1144f3ac9a Add a -F option to the builtin ident service, which allows .fakeid files
to contain the name of other valid users.

PR:		22837
Submitted by:	Andreas Gerstenberg <andy@andy.de>
Reviewed by:	green
Reviewed by:	sheldonh
2000-12-05 13:56:01 +00:00
dwmalone
ce16361e19 Tidy up some prototypes:
make sure there is exactly one prototype for each function,
        use K&R style definitions everywhere to match dominant style,
        make flag_signal take an int to avoid problems if we have
                ANSI prototypes and K&R definitions.
2000-12-03 11:32:26 +00:00
green
990b31ea80 Make some style changes to the ident_stream() code.
Partially submitted by:	alfred
Reviewed by:	alfred
2000-12-02 21:18:11 +00:00
green
661b686de8 Security fix: correctly set groups according to the user. Previously,
root's groups' permissions were being used, so a user could read up to
16 (excluding initial whitespace) bytes of e.g. a wheel-accessible file.

Also, don't allow blocking on the opening of ~/.fakeid, so replace a fopen()
with open() and fdopen().  I knew I'd be going to hell for using C file
streams instead of POSIX syscalls...
2000-11-25 04:13:05 +00:00
ru
71e2293ad4 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
n_hibma
9c6b4f6aa9 Be explicit about the fact that you can only specify one IP address/hostname 2000-10-29 13:49:18 +00:00
dwmalone
3444fc22f5 Fix two typos in comments.
PR:		22268
Submitted by:	Daniel S. Lewart <d-lewart@uiuc.edu>
2000-10-24 18:47:57 +00:00
dwmalone
09a7099efb Claim maintainership of inetd. 2000-10-21 09:44:46 +00:00
dwmalone
f0de0321e6 Don't leak a file discriptor if a service we've called accept() for
loops.

Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
2000-10-21 09:43:12 +00:00
dwmalone
dd56a66e3b Make reconfiguring an external service as builtin service work.
PR:		21650
Submitted by:	ben
Tested by:	dan@ducky.nz.freebsd.org
2000-10-02 12:08:27 +00:00
dwmalone
3358eb5136 Stop internal ident service spinning until the timeout if the
connection goes away. Spotted by people on -STABLE about 2 weeks
ago.

Submitted by:	Based on a patch by alfred and Maxime Henrion <mux@qualys.com>
2000-10-02 12:04:17 +00:00
dwmalone
f36f8d5bae Explain "-c" option more exactly and state the default in the man
page.

Add ability to run "inetd -R 0" to disable the default connection
per minute limit of 256 connections. Document this in man page.

Don't use maxchild as a boolean - instead check if it is greater
than zero.

Reviewed by:	sheldonh
Based on a patch by:	Alexander Langer <alex@big.endian.de>
2000-08-03 15:45:38 +00:00
dwmalone
66d22fe285 specifer -> specifier 2000-08-03 15:33:39 +00:00
dwmalone
cc221d575a Sleep for a second after tcp wrappers rejects a connection, so we
don't traumatise the parent inetd.

Requested by:	wietse@porcupine.org
Approved by:	markm
2000-07-31 13:10:52 +00:00
dwmalone
6d86be7d4f Make builtin ident service work if the request arrives in more than
one packet. Also check that the whole request has been recieved
before processing it.

The patch isn't the exact one from the PR, but a slight varient
suggested by Brian.

PR:		16086
Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by:	green
2000-07-12 20:49:06 +00:00
green
52697bb5ca Fix the ident server up more: use ssize_t/size_t/socklen_t/int all in the
proper places and make the fakeid parsing code a bit less stupid.  Also,
remove an "Rflag" that snuck in there (-R wouldn't be accepted by it,
anyway).
2000-05-30 22:51:05 +00:00
jhb
d4152c7d42 Fix a 64-bit'ism in the handling of the ident service. sysctlbyname() takes
a size_t as its 3rd argument, which is 64-bits on the alpha.  The 'len'
variable used was a int, which is only 32-bits.  Use size_t as the type
for 'len' to work-around this.
2000-05-30 18:32:58 +00:00
sheldonh
a85d3a369c Clarify the use of the auth service's -d option for specifying
a fallback username.

Reviewed by:	green
2000-04-26 10:40:35 +00:00
ume
484d3fa1b1 Make sure to use IPv4 mapped IPv6 address when mapped address is
requested in /etc/inetd.conf.

Reviewed by:	shin
2000-04-02 16:11:14 +00:00
sheldonh
65439ee8c6 Optimize those services that send only one block of data: use send(2)
with the MSG_EOF flag set instead of write(2).

Submitted by:	David Malone <dwmalone@maths.tcd.ie>
Reviewed by:	wollman
2000-03-28 09:45:19 +00:00
green
5a96429bd9 Allow using "-d username" without "-r". Example:
auth   stream  tcp     nowait  root    internal        auth -d "Only fools trust ident"
2000-03-28 01:10:35 +00:00
ru
e0adbf8391 "can received" -> "can receive". 2000-03-22 16:07:32 +00:00
shin
304da3fbf2 Make inetd compilable without INET6.
Approved by: jkh

Submitted by: jhb
2000-03-11 11:28:08 +00:00
shin
4bd515c32f Fix addr length argument value passed to sendto().
Some inetd internal udp servers didn't worked with problem.
Also fix recvfrom() "fromlen" arg type from int * to socklen_t *.

Approved by: jkh

Submitted by: bde
2000-03-09 15:07:38 +00:00
sheldonh
0e6cb15cc3 Clarify the facility used for logging with and without the wrapping
options.

PR:		17017
Submitted by:	Doug Barton <Doug@gorean.org>
2000-03-01 08:20:17 +00:00
sheldonh
3c68a89c75 Remove broken hard sentence breaks, which mess up the typeset output. 2000-02-29 17:36:44 +00:00
shin
d822ff8f85 Fix broken inet logging when wrapping options are not specified.
Approved by: jkh

Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
2000-02-22 00:27:53 +00:00
luigi
0b636a9d68 Make inetd picobsd friendly, dont use ipsec when RELEASE_CRUNCH
is defined

Approved-by: jordan
2000-02-09 09:04:36 +00:00
shin
b7aacf578e Fix inetd wrong AF check for RPC services
Incorrect Address Family check is done for RPC services, and
   fail to initialize it.
   The error check is replaced to new one, which checks if IPv4
   bind is enabled or not. (It is disabled when IPv6 numeric
   addr is specified for -a bind address option.)

An review reqeust is once sent to des, but he quit MAINTAINER.

Approved by: jkh
2000-02-03 09:54:49 +00:00
des
0c151cedba Drop maintainership of inetd, since nobody respects it anyway. 2000-02-01 09:21:22 +00:00
shin
ae4a0b7c52 Fix inconsistent debug output. (syslog -> warnx)
Specified by: sheldonh

Reviewed by: des
2000-01-28 20:06:15 +00:00
sheldonh
d32ad2b60d Fix English, mdoc and layout of the previous commit, as requested by
the committer (shin).  While I don't have permission for this change
from the inetd maintainer (des), I assume that shin has permission
and I'm just fixing his contribution up for him.

Okay, I couldn't resist, I made some extra changes:

	* Replace ".Tn FreeBSD" with .Fx
	* Make the illegal TCPMUX and IPSEC sections legal subsections
	  of the IMPLEMENTATION NOTES section.

Requested by:	shin
2000-01-28 10:21:19 +00:00
shin
1427d0852c Avoid verbose error messages when ipsec initialization for sockets failed
usually, and print it only when debug is enabled.
(This always happens when kernel is configured without IPSEC option.)
2000-01-27 14:46:15 +00:00
shin
fc29f7bcf7 several tcp apps IPv6 update
-inetd
 -rshd
 -rlogind
 -telnetd
 -rsh
 -rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-25 14:52:10 +00:00
charnier
840a73c91f Do not dot terminate sentences inside FILES section. Lowercase
inside error messages.
2000-01-23 20:17:41 +00:00
green
10377a13d6 I like base-36 better. 2000-01-20 01:49:41 +00:00
green
c67a07f904 Implement -g and -d options in my ident code. The -g flag uses a random
garbage value for the username (hex garbage, that is), and the -d flag
provides a default username for fallback purposes if the user cannot be
looked up.  That is very useful for the case where inetd auth is
running on a NAT box.

While I'm here updating the manpage, clean up an English error and a
few small nits.
2000-01-19 22:03:12 +00:00
peter
bf227e9260 Put the listening socket into non-blocking mode before doing an
accept(2).  This is a not really problem on -current as the accept race
is fixed, however it is a MFC candidate for -stable.

This could possibly be slightly more efficient and leave the listening
socket permanently in non-blocking mode, but I wasn't certain that I
could catch all the stream/wait (not nowait) mode implications.
1999-11-17 03:32:05 +00:00
charnier
6fd9345dfd Do not dot or \n terminate syslog string. 1999-10-13 20:22:13 +00:00
peter
efabb9ccb1 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
des
3d0d9c2794 Pull on my asbestos undies and claim ownership of inetd to prevent further
flamage between our beloved messrs Hearn and Feldman. Further commits go
through me. I urge the contestants to direct their energies at cleaning
up main() in inetd.c, which has over time become a crawling horror.
1999-07-26 08:43:03 +00:00
green
9fb486a915 Here goes, the "clear up any possible confusion" commit.
I've taken time to write up comments for the ident code tonight,
so there should no longer be any confusion about the purpouse of
whatever is in there. Wow, me commenting code... who'd have thought
that would happen?

Reviewed by:	DES
1999-07-26 07:57:35 +00:00
sheldonh
f63981f6b2 Bring two wayward memory allocation failure messages in line with
those featured in the rest of the code.
1999-07-26 06:39:46 +00:00
green
a611aa8730 More cleanups to ident_stream. Variables moved around, changed.
Got rid of an extra variable or two, while making corrections to
problems (that would probably not be a problem anyway, and worked.)

Partially Obtained from:	David Malone <dwmalone@maths.tcd.ie>
1999-07-25 23:15:03 +00:00
green
27952eea1c Correct a groff error in macro usage ("foo : bar" becomes "``foo: bar''").
Document the auth -n flag.
1999-07-24 17:11:50 +00:00
green
c608ce2e3b More cleanups, asprintf() usage (proper, as opposed to using snprintf()),
and addition of a -n .noident-checking flag.
1999-07-24 17:06:05 +00:00
green
4a70c57660 Clean up to match style(9) more closely. This should fix the problem of
people having ants in their pants ;)
1999-07-24 16:24:03 +00:00
sheldonh
b5476660e9 Use comments to group functions by service more clearly. I've used the
excuse of providing the RFC numbers for the associated services.
1999-07-24 13:02:09 +00:00
sheldonh
6a2357f795 Style nits:
* Bring memory allocation failure handling in line with that of
	the rest of the code.
      * Nestle block curlies between case statements correctly.

I've left the in-block declarations alone, since style(9) says we should
conform to the existing style within the code, and inetd already does
this. I've left the asprintf()'s in there because that's how Brian wants
it.
1999-07-24 12:35:50 +00:00
sheldonh
6a0edb4a00 Document the -o and -t options to the internal auth service and give an
example of their usage in the sample config. Merge the two examples
for the green internal auth service.

This commit failed the first time around because Brian beat me to the
punch on inetd.8 . I like my descriptions better and I'm pretty sure
Brian won't mind.
1999-07-23 15:49:34 +00:00
green
0341c2834a Ahem. Put things back a bit. I declare variables in the scope they're
used! I don't declare every variable at the top of a function because
that wastes stack space. I've clarified the error a bit (for if asprintf()
filas.)
1999-07-23 15:49:14 +00:00
green
ff61074fae As per DES's prodding, document _all_ the arguments to inetd's auth
service. This includes the -o "operating system" argument and the -t
"timeout" argument.
1999-07-23 15:37:39 +00:00
sheldonh
4a143d8551 Style cleanups for iderror() and ident_stream(). Looks like c++ hang-over.
;-)
1999-07-23 15:26:42 +00:00
sheldonh
e86941baf1 Fix auth -t argument handling. It was broken for the "sec.usec" case.
Add a warning for bogus -t arguments for the (debug) case.
1999-07-23 15:00:07 +00:00
des
da41b19a5a Don't match up TCP services with UDP sockets. 1999-07-23 14:45:21 +00:00
green
4111d3ca7f Fixed a braino: lack of spaces in sscanf caused ident parsing to fail.
Sorry, guys.
1999-07-23 03:51:52 +00:00
green
b7d77d59f2 "knobs are cheap". Here's a -t timeout option for the internal ident
service. It takes a number (w/ or w/out .usec) as an argument.
1999-07-22 21:42:49 +00:00
green
14839d0b22 This commit encompasses the following changes to inetd:
1. Cleanups of ident_stream. "Evil" stdio is less used.
	2. The BSD Copyright was added to the top of builtins.c.
	3. As suggested, a timeout is now implemented in the ident
	   service. It defaults to 10 seconds. If enough people want
	   it, I'll make it configurable.

Suggested by:	msmith
1999-07-22 21:11:40 +00:00
sheldonh
c70bd623ea Relegate the diagnostic descriptor counter to the -DSANITY_CHECK case. 1999-07-22 16:29:48 +00:00
sheldonh
4093665e6b Remove unnecessary macro introduced in previous commit.
Also, the previous commit failed to reference:

PR:	12731
Submitted by:	dwmalone@maths.tcd.ie (David "Inetd" Malone)
1999-07-22 16:10:40 +00:00
sheldonh
ca4b80f3cf Don't leak pipe descriptor to daemons on execv(). 1999-07-22 15:57:37 +00:00
sheldonh
6f1b1c4c11 Signal handlers should use _exit(2) and not exit(3). 1999-07-22 14:47:29 +00:00
sheldonh
4f4f7569f6 Move code for all builtin services from inetd.c to builtins.c, including
the Green Piece. :-)

In future, new builtin services are less likely to need to touch the
already tangled inetd.c .
1999-07-22 14:11:26 +00:00
sheldonh
cd7ecc6fc0 Fix for the hosts_options(5) spawn option.
Restore default SIGHUP, SIGCHLD and SIGALRM handlers in forked inetd
processes. This happens to work around the fact that hosts_access()
doesn't (but should) set SIG_IGN as the handler for SIGCHLD while it
handles the spawn option, but it would make sense even if that were
not true.

This does not address the leaking descriptors issue discussed on the
same PR.

PR:	12731
Reviewed by:	des
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-07-21 16:09:45 +00:00
sheldonh
c292b216c3 Fix horribly broken comment. The submitter of the associated code sent
me the right comment and I bastardized it. :-(
1999-07-21 12:19:24 +00:00
sheldonh
b311ebd0a0 Document the new {auth,ident,tap} service and provide examples in the
configuration file.

Requested by:	green
1999-07-16 15:41:14 +00:00
green
e18ab70893 By popular demand, ident_stream now takes arguments. Ex:
# This enables the old, fake ident service.
auth    stream  tcp     nowait  root    internal
# This enables the new, real ident service.
auth	stream	tcp	nowait	root	internal	auth -r
# This enables ~/.fakeid support, too.
auth	stream	tcp	nowait	root	internal	auth -r -f
1999-07-15 17:01:43 +00:00
green
9560f2b198 This is the working internal ident service. Turn it on by setting
the make variable REAL_IDENT, and ~/.fakeid support can be added
with FAKEID set. Note that the default behavior is the same as
the old behavior.
1999-07-15 01:34:02 +00:00
green
417022436a Fix ``:''.
PR:		12589
1999-07-11 08:32:24 +00:00
sheldonh
d6c7df715c Use the proctitle to indicate that we're busy wrapping a request for a
service. Inetd already uses the process title to indicate that a request
for an internal service is being serviced, so this addition is fairly
orthogonal.

Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-07-09 11:46:45 +00:00
sheldonh
37c066a7ad Allow internal and external wrapping to be enabled independantly of
each other. Instead of allowing the -w option to be specified twice,
we now take -w (wrap external) and -W (wrap internal).

Discussed with:	markm
1999-07-09 11:19:01 +00:00
sheldonh
60d229e604 Allow service alias names from /etc/services to be used when specifying
internal services in inetd.conf .

The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!

Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing
configurations.

This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).

PR:	11796
Reported by:	Alex Charalabidis <alex@wnm.net>
Approved by:	des
1999-07-02 16:21:13 +00:00
sheldonh
70faa23160 Clarify that the services name, as specified in inetd.conf, for an
internal service should be used as the daemon name when constructing
hosts_access(5) rules.
1999-07-02 15:58:32 +00:00
sheldonh
e3cd370e12 Ommitted in previous commit message:
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-30 23:47:46 +00:00
sheldonh
fe92ab33f8 Enable wrapping for dgram services and fix logging so that -l really
does log all connections.
1999-06-30 23:36:39 +00:00
sheldonh
fa84406525 Sync usage() with the manpage.
Approved by:	mpp
1999-06-28 11:27:14 +00:00
sheldonh
b86772ac10 Fix broken logic: (!wrap || log) -> (!wrap && log) .
Reported by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-28 09:28:17 +00:00
sheldonh
9b5c2ba429 Fix the SYNOPSIS to reflect that the -w option can be specified twice.
Requested by:	obrien
Approved by:	mpp
1999-06-27 21:07:55 +00:00
sheldonh
31aade9ad1 Add command-line option (-w), specified once to enable wrapping and
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.

Change etc/defaults/rc.conf so as to encourage wrapping on new systems.

Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.

Approved by:	jkh
1999-06-27 18:05:34 +00:00
sheldonh
1d3d610bba Use Dq mdoc tag for double-quoted words. 1999-06-21 11:43:13 +00:00
sheldonh
35595e48b4 Fix handling of maximum children and connections per minute.
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-21 11:17:34 +00:00
sheldonh
e9effd7443 Various fixes for inetd's TCP Wrappers support:
1) Handle forking and non-forking internal services correctly.
	   Turn on wrapping for internal services because it works now.
	2) Preserve server names for each service on HUP.
	3) Honour hosts_options(5) severity option.
	4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
	   usage and limitations.

This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.

PR:	12097
Reviewed by:	markm
1)
Reported by:	Pierre Beyssac <pb@fasterix.freenix.org>
2)
Submitted by:	Masachika ISHIZUKA <ishizuka@ish.org>
3)
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-17 09:16:08 +00:00
des
6c65743291 Don't stop listening to the signal pipe just because you don't have
anything else to do.

PR:		10468, 11594
1999-05-11 12:50:14 +00:00
markm
752388eccd There seems to be a problem (most likely when there is no hosts.allow)
with wrapping the internal services, so do not wrap them for now.
1999-05-07 06:48:01 +00:00
obrien
c9af91f18b MFS: sort reference list and embelish history. 1999-05-01 22:03:00 +00:00
markm
9012e78ce4 Fix the "internal" wrapping as well as a nasty bug involving
the daemon name vs the path. Also fix some warnings and improve
the wrapper section of the man page.

Nice debugging work by:	Sheldon Hearn
1999-04-11 09:22:17 +00:00
markm
f15070b9ae Now inetd(8) has direct support for tcp_wrappers! Not working at the
moment is support for the internal serfvices, so these are not
enabled. Volunteers welcome!
1999-03-28 10:50:30 +00:00
danny
e27bf7f1ca Make machtime() function unsigned long instead of long.
Reviewed by:	phk
1999-01-05 11:56:35 +00:00
des
d953ead330 Style cleanups.
Requested by:	bde
1999-01-02 16:04:19 +00:00
des
b44d350f5d Back out rev. 1.42 and 1.43. Apply Graham Wheeler's signal handling patch.
Reviewed by:    jkh & eivind
Submitted by:   Graham Wheeler <gram@cdsec.com>
PR:             bin/8183
1998-12-28 15:09:43 +00:00
dillon
fac338b16a Remove signal mask prior to calling exec 1998-12-15 23:12:33 +00:00
dillon
0257da5919 Reviewed by: freebsd-current
Fix signal/library corruption by blocking all signals except during
    select().  The reported corruption was with reentrancy in the malloc lib.
1998-12-11 17:06:16 +00:00
phk
44cddad39c Add an "internal" driver for the "ident" protocol (tcp/113).
It will return "ERROR:HIDDEN-USER" for all requests.

To use it add:
	ident   stream  tcp     nowait  root    internal
to inetd.conf
1998-11-04 19:39:46 +00:00
jb
7300b9a59c Bruce says that %p is intended to format void pointers only. So use a void *
cast. There are pointers and then there are _pointers_. One day I'll
figure out which are which. 8-)
1998-08-18 02:10:05 +00:00
jb
49f35df526 Remove a cast and print the pointer value with %p instead of %x. 1998-08-17 06:16:59 +00:00
ache
1bbb61bc9b Add (struct timezone *) cast to NULL for K&R 1998-07-24 08:28:33 +00:00
ache
5b6f7049f1 Use NULL as gettimeofday arg instead of 0 cast
Add missing arg to error diagnostic
Print yet one arg of error diagnostic
1998-07-23 20:05:02 +00:00
phk
dbb03b6d18 last patch misapplied. 1998-07-22 14:24:12 +00:00
phk
39bd98f296 This may apply to all known versions of inetd.
For a tcp/nowait connection, inetd invokes accept(2) for
each pending connection; this call returns a file descriptor
associated with the new connection.

Twelve years ago, code was added to inetd to detect "failing
servers".  The heuristic that identifies a failing server is
one that has been invoked a large number of times over some
specified interval (e.g., more than 128 ftp services started
in 60 seconds may flag the ftp service as "failing").  These
compile-time constants vary depending on vendor.

The problem is that, when a failing server is detected, the
code neglects to close the file descriptor returned by the
accept(2).

Security-Implications:
I suppose someone with ample free time could orchestrate an
attack buy pummeling services until the inetd process finally
runs out of file descriptors thus rendering inetd useless to
any new connections that require a new descriptor.

PR:		7286
Reviewed by:	phk
Submitted by:	Jeff Forys <jeff@forys.cranbury.nj.us>
1998-07-22 05:53:53 +00:00
phk
7a64d46ca3 Spelling fixes.
PR:		6903
Reviewed by:	phk
Submitted by:	Josh Gilliam <josh@quick.net>
1998-06-10 12:34:27 +00:00
pb
16f8d7d58c Small typo in T/TCP patch ("speicfy" -> "specify"). 1998-05-15 19:16:35 +00:00
guido
70c2b190c2 On request of Garrett, ad a way to specify that a service should be
reachable via T/TCP
Reviewed by:	Garrett Wollman
1998-05-14 20:26:16 +00:00
bde
bfcb7bdce1 Fixed gross errors in previous commit. `sapipe' was used uninitialized
to attempt to unblock SIGCHLD, but we actually want to unignore SIGPIPE.

Obtained from:	OpenBSD

Finished conversion from sigvec to sigaction (don't assume that sa_mask
is a scalar...).  Didn't convert from sigblock to sigprocmask.  Didn't
fix missing error checking for sigaction...
1998-05-11 12:11:59 +00:00
guido
656f78b87c Unblock SIGPIPE before execv(); convert from sigvec to sigaction
Obtained from: OpenBSD
1998-05-08 19:15:44 +00:00
guido
779723654b Redo tcpmux stuff. tcpmux handling is now performed after inetd
forks. Furthermore, invalid input for tcpmux does not lead to
an exiting inetd.
This patch is recommended for people running tcpmux (which is NOT
enabled by default)
1998-05-07 18:32:00 +00:00
wollman
e131b51194 Document the requirement for TCPMUX to also be enabled as an internal
service if any external TCPMUX servers are desired.

PR: 826
1998-04-13 15:05:14 +00:00
pst
b89888f153 Make maxchild and max child-per-minute default values configurable from
the command line or Makefile.
1998-02-24 21:55:14 +00:00
dima
c811dec8d3 Add possibility to specify maximum number of connections per minute
for a given IP address.
This should be very effective against DoS attacks.
1997-10-29 21:49:04 +00:00
ache
442881c24b Implement group part now, final syntax is:
user[:group][/login-class]
1997-10-28 13:46:52 +00:00
ache
6a842ce994 Implement login classes sepcification as user[/loginclass]
By default inetd run things with the same limits as from /etc/rc
(daemon class) to not break anything as in good old days.
1997-10-27 22:03:47 +00:00
charnier
e9cad8594e Use err(3). 1997-09-19 06:27:30 +00:00
imp
b52523a54a Remove and odd sleep found by David Holland and posted to -security.
Reviewed by:	Theo de Raadt (who put it into OpenBSD)
Submitted by:	David Holland <dholland@eecs.harvard.edu>
1997-08-29 18:00:11 +00:00
davidn
f766bd31c5 login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
wollman
c63d12aeb3 Condition SO_PRIVSTATE twiddling on the definedness of SO_PRIVSTATE.
(This was done as a #ifdef to keep source compatibility between 2.2 and 3.0.)
1997-04-28 13:55:07 +00:00
imp
691010efad compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-31 05:11:47 +00:00
peter
b782f4df30 Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
julian
f061fa28f5 The "-a" option for inetd specifies a specific IP address for the
server to bind to. This works until you send it a SIGHUP with a
new service defined ... the new service is bound to INADDR_ANY.

This patch fixes this bug (in both RELENG_2_2 and -current).

This is a 2.2 candidate..(i.e. pure bug fix)

Submitted by:	Archie Cobbs (archie@whistle.com)
1997-02-05 19:50:04 +00:00
wosch
3c5e4a3bbe Sort cross references. 1997-01-20 00:03:00 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
peter
7251a7b426 Implement minimal login class support (ie: does a setusercontext()).
Enabled by defining LOGIN_CAP in Makefile, on by default.
1997-01-13 02:52:30 +00:00
julian
f447087e68 Reviewed by: Bill fenner
Submitted by:	Archie Cobbs (Archie@whistle.com)

Changes to allow inted to control the number of servers to
start on each service. This is a defence against a denial of service attack
in which the system is made unusable by
an external party. It also allows the behaviour of
small memory systems to be more accuratly predicted, by
bounding the extent to which processes can multiply.
1996-11-10 21:12:44 +00:00
julian
5278ea869e Reviewed by: Bill fenner
Submitted by:	 Archie Cobbs (archie@whistle.com)

changes to make inetd compile cleaner under -Wall
1996-11-10 21:07:27 +00:00
alex
8d80515b00 Fix incorrect length argument to memset() function. Closes PR#1937.
Submitted by:	Archie Cobbs <archie@whistle.com>
1996-11-01 01:42:08 +00:00
joerg
e9e54bcde4 Do not modify a malloc()ed pointer; instead, use memmove().
Detected by: phkmalloc - AJ :)
1996-10-28 23:02:38 +00:00
julian
53ead71d81 Reviewed by: various
Submitted by:	archie@whistle.com

changes to allow inetd to bind to a single interface
for more complicated options see xinetd in ports.

Obtained from: whistle.com
1996-08-09 22:20:24 +00:00
dg
a811461f7d Increased listen() queue-depth limit to 64. 1996-07-17 15:00:28 +00:00
gpalmer
3829b6d0e8 Add $Id$ 1996-05-07 03:16:43 +00:00