Commit Graph

40 Commits

Author SHA1 Message Date
peter
efabb9ccb1 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
green
27952eea1c Correct a groff error in macro usage ("foo : bar" becomes "``foo: bar''").
Document the auth -n flag.
1999-07-24 17:11:50 +00:00
sheldonh
6a0edb4a00 Document the -o and -t options to the internal auth service and give an
example of their usage in the sample config. Merge the two examples
for the green internal auth service.

This commit failed the first time around because Brian beat me to the
punch on inetd.8 . I like my descriptions better and I'm pretty sure
Brian won't mind.
1999-07-23 15:49:34 +00:00
green
ff61074fae As per DES's prodding, document _all_ the arguments to inetd's auth
service. This includes the -o "operating system" argument and the -t
"timeout" argument.
1999-07-23 15:37:39 +00:00
sheldonh
b311ebd0a0 Document the new {auth,ident,tap} service and provide examples in the
configuration file.

Requested by:	green
1999-07-16 15:41:14 +00:00
green
417022436a Fix ``:''.
PR:		12589
1999-07-11 08:32:24 +00:00
sheldonh
37c066a7ad Allow internal and external wrapping to be enabled independantly of
each other. Instead of allowing the -w option to be specified twice,
we now take -w (wrap external) and -W (wrap internal).

Discussed with:	markm
1999-07-09 11:19:01 +00:00
sheldonh
60d229e604 Allow service alias names from /etc/services to be used when specifying
internal services in inetd.conf .

The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!

Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing
configurations.

This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).

PR:	11796
Reported by:	Alex Charalabidis <alex@wnm.net>
Approved by:	des
1999-07-02 16:21:13 +00:00
sheldonh
70faa23160 Clarify that the services name, as specified in inetd.conf, for an
internal service should be used as the daemon name when constructing
hosts_access(5) rules.
1999-07-02 15:58:32 +00:00
sheldonh
e3cd370e12 Ommitted in previous commit message:
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-30 23:47:46 +00:00
sheldonh
fe92ab33f8 Enable wrapping for dgram services and fix logging so that -l really
does log all connections.
1999-06-30 23:36:39 +00:00
sheldonh
9b5c2ba429 Fix the SYNOPSIS to reflect that the -w option can be specified twice.
Requested by:	obrien
Approved by:	mpp
1999-06-27 21:07:55 +00:00
sheldonh
31aade9ad1 Add command-line option (-w), specified once to enable wrapping and
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.

Change etc/defaults/rc.conf so as to encourage wrapping on new systems.

Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.

Approved by:	jkh
1999-06-27 18:05:34 +00:00
sheldonh
1d3d610bba Use Dq mdoc tag for double-quoted words. 1999-06-21 11:43:13 +00:00
sheldonh
e9effd7443 Various fixes for inetd's TCP Wrappers support:
1) Handle forking and non-forking internal services correctly.
	   Turn on wrapping for internal services because it works now.
	2) Preserve server names for each service on HUP.
	3) Honour hosts_options(5) severity option.
	4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
	   usage and limitations.

This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.

PR:	12097
Reviewed by:	markm
1)
Reported by:	Pierre Beyssac <pb@fasterix.freenix.org>
2)
Submitted by:	Masachika ISHIZUKA <ishizuka@ish.org>
3)
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-17 09:16:08 +00:00
obrien
c9af91f18b MFS: sort reference list and embelish history. 1999-05-01 22:03:00 +00:00
markm
9012e78ce4 Fix the "internal" wrapping as well as a nasty bug involving
the daemon name vs the path. Also fix some warnings and improve
the wrapper section of the man page.

Nice debugging work by:	Sheldon Hearn
1999-04-11 09:22:17 +00:00
markm
f15070b9ae Now inetd(8) has direct support for tcp_wrappers! Not working at the
moment is support for the internal serfvices, so these are not
enabled. Volunteers welcome!
1999-03-28 10:50:30 +00:00
phk
7a64d46ca3 Spelling fixes.
PR:		6903
Reviewed by:	phk
Submitted by:	Josh Gilliam <josh@quick.net>
1998-06-10 12:34:27 +00:00
pb
16f8d7d58c Small typo in T/TCP patch ("speicfy" -> "specify"). 1998-05-15 19:16:35 +00:00
guido
70c2b190c2 On request of Garrett, ad a way to specify that a service should be
reachable via T/TCP
Reviewed by:	Garrett Wollman
1998-05-14 20:26:16 +00:00
wollman
e131b51194 Document the requirement for TCPMUX to also be enabled as an internal
service if any external TCPMUX servers are desired.

PR: 826
1998-04-13 15:05:14 +00:00
pst
b89888f153 Make maxchild and max child-per-minute default values configurable from
the command line or Makefile.
1998-02-24 21:55:14 +00:00
dima
c811dec8d3 Add possibility to specify maximum number of connections per minute
for a given IP address.
This should be very effective against DoS attacks.
1997-10-29 21:49:04 +00:00
ache
442881c24b Implement group part now, final syntax is:
user[:group][/login-class]
1997-10-28 13:46:52 +00:00
ache
6a842ce994 Implement login classes sepcification as user[/loginclass]
By default inetd run things with the same limits as from /etc/rc
(daemon class) to not break anything as in good old days.
1997-10-27 22:03:47 +00:00
charnier
e9cad8594e Use err(3). 1997-09-19 06:27:30 +00:00
peter
b782f4df30 Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
wosch
3c5e4a3bbe Sort cross references. 1997-01-20 00:03:00 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
julian
f447087e68 Reviewed by: Bill fenner
Submitted by:	Archie Cobbs (Archie@whistle.com)

Changes to allow inted to control the number of servers to
start on each service. This is a defence against a denial of service attack
in which the system is made unusable by
an external party. It also allows the behaviour of
small memory systems to be more accuratly predicted, by
bounding the extent to which processes can multiply.
1996-11-10 21:12:44 +00:00
julian
53ead71d81 Reviewed by: various
Submitted by:	archie@whistle.com

changes to allow inetd to bind to a single interface
for more complicated options see xinetd in ports.

Obtained from: whistle.com
1996-08-09 22:20:24 +00:00
wollman
41f00ad7a0 Call setsockopt(SO_PRIVSTATE) to renounce SS_PRIV on all the sockets
we create.  (Nothing being called from inetd should use it anyway,
but you can never be too careful.)

Translate the man page back into -mdoc.
1996-02-07 17:15:01 +00:00
mpp
511d4f82b2 Fix a bunch of spelling errors in a bunch of man pages. 1996-01-30 13:52:50 +00:00
wollman
4012c9269a Record PID in /var/run/inetd.pid and document same. 1995-10-12 16:43:27 +00:00
dg
78aea1ad2e Correct the "default rate" - it's 256/minute not 1000/minute. 1995-10-09 23:34:07 +00:00
wollman
d067a90a1c Disable UDP service looping attack. 1994-12-21 19:08:45 +00:00
csgr
f146ba5a9b - increase TOOMANY, in line with 1.x
- add logging option from 1.x
1994-09-11 11:16:32 +00:00
csgr
88dbb490c7 Bring in handling of RPC services from 1.x
(Guess who forgot to replace his inetd until today ;-)
1994-09-11 10:48:02 +00:00
rgrimes
862fdf11a2 BSD 4.4 Lite usr.sbin Sources 1994-05-26 05:23:31 +00:00