Commit Graph

198 Commits

Author SHA1 Message Date
ru
f10dc9aca1 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
ru
f4325cbb8b Eliminate mdocNG warnings caused by misplaced or extraneous macro calls. 2001-02-28 17:38:53 +00:00
green
18d474781f Switch to using a struct xucred instead of a struct xucred when not
actually in the kernel.  This structure is a different size than
what is currently in -CURRENT, but should hopefully be the last time
any application breakage is caused there.  As soon as any major
inconveniences are removed, the definition of the in-kernel struct
ucred should be conditionalized upon defined(_KERNEL).

This also changes struct export_args to remove dependency on the
constantly-changing struct ucred, as well as limiting the bounds
of the size fields to the correct size.  This means: a) mountd and
friends won't break all the time, b) mountd and friends won't crash
the kernel all the time if they don't know what they're doing wrt
actual struct export_args layout.

Reviewed by:	bde
2001-02-18 13:30:20 +00:00
ru
66cd8f698e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:44:04 +00:00
dwmalone
9d82cf01b5 Various cleanups of inetd: Avoid shadowing variables, use socklen_t
instead of ints, don't cast to char *, clear up some remote name
handling code which had become a little odd.

Should result in no functional changes.
2001-01-22 23:19:30 +00:00
dwmalone
b858cbd0d3 Don't mention /etc/protocols in inetd documentation or comments, as inetd
doesn't actually use it.

PR:		24307
Submitted by:	opentrax@email.com
2001-01-22 23:11:02 +00:00
ru
4bb5f49662 Prepare for mdoc(7)NG. 2000-12-27 15:30:30 +00:00
dwmalone
1144f3ac9a Add a -F option to the builtin ident service, which allows .fakeid files
to contain the name of other valid users.

PR:		22837
Submitted by:	Andreas Gerstenberg <andy@andy.de>
Reviewed by:	green
Reviewed by:	sheldonh
2000-12-05 13:56:01 +00:00
dwmalone
ce16361e19 Tidy up some prototypes:
make sure there is exactly one prototype for each function,
        use K&R style definitions everywhere to match dominant style,
        make flag_signal take an int to avoid problems if we have
                ANSI prototypes and K&R definitions.
2000-12-03 11:32:26 +00:00
green
990b31ea80 Make some style changes to the ident_stream() code.
Partially submitted by:	alfred
Reviewed by:	alfred
2000-12-02 21:18:11 +00:00
green
661b686de8 Security fix: correctly set groups according to the user. Previously,
root's groups' permissions were being used, so a user could read up to
16 (excluding initial whitespace) bytes of e.g. a wheel-accessible file.

Also, don't allow blocking on the opening of ~/.fakeid, so replace a fopen()
with open() and fdopen().  I knew I'd be going to hell for using C file
streams instead of POSIX syscalls...
2000-11-25 04:13:05 +00:00
ru
71e2293ad4 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
n_hibma
9c6b4f6aa9 Be explicit about the fact that you can only specify one IP address/hostname 2000-10-29 13:49:18 +00:00
dwmalone
3444fc22f5 Fix two typos in comments.
PR:		22268
Submitted by:	Daniel S. Lewart <d-lewart@uiuc.edu>
2000-10-24 18:47:57 +00:00
dwmalone
09a7099efb Claim maintainership of inetd. 2000-10-21 09:44:46 +00:00
dwmalone
f0de0321e6 Don't leak a file discriptor if a service we've called accept() for
loops.

Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
2000-10-21 09:43:12 +00:00
dwmalone
dd56a66e3b Make reconfiguring an external service as builtin service work.
PR:		21650
Submitted by:	ben
Tested by:	dan@ducky.nz.freebsd.org
2000-10-02 12:08:27 +00:00
dwmalone
3358eb5136 Stop internal ident service spinning until the timeout if the
connection goes away. Spotted by people on -STABLE about 2 weeks
ago.

Submitted by:	Based on a patch by alfred and Maxime Henrion <mux@qualys.com>
2000-10-02 12:04:17 +00:00
dwmalone
f36f8d5bae Explain "-c" option more exactly and state the default in the man
page.

Add ability to run "inetd -R 0" to disable the default connection
per minute limit of 256 connections. Document this in man page.

Don't use maxchild as a boolean - instead check if it is greater
than zero.

Reviewed by:	sheldonh
Based on a patch by:	Alexander Langer <alex@big.endian.de>
2000-08-03 15:45:38 +00:00
dwmalone
66d22fe285 specifer -> specifier 2000-08-03 15:33:39 +00:00
dwmalone
cc221d575a Sleep for a second after tcp wrappers rejects a connection, so we
don't traumatise the parent inetd.

Requested by:	wietse@porcupine.org
Approved by:	markm
2000-07-31 13:10:52 +00:00
dwmalone
6d86be7d4f Make builtin ident service work if the request arrives in more than
one packet. Also check that the whole request has been recieved
before processing it.

The patch isn't the exact one from the PR, but a slight varient
suggested by Brian.

PR:		16086
Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by:	green
2000-07-12 20:49:06 +00:00
green
52697bb5ca Fix the ident server up more: use ssize_t/size_t/socklen_t/int all in the
proper places and make the fakeid parsing code a bit less stupid.  Also,
remove an "Rflag" that snuck in there (-R wouldn't be accepted by it,
anyway).
2000-05-30 22:51:05 +00:00
jhb
d4152c7d42 Fix a 64-bit'ism in the handling of the ident service. sysctlbyname() takes
a size_t as its 3rd argument, which is 64-bits on the alpha.  The 'len'
variable used was a int, which is only 32-bits.  Use size_t as the type
for 'len' to work-around this.
2000-05-30 18:32:58 +00:00
sheldonh
a85d3a369c Clarify the use of the auth service's -d option for specifying
a fallback username.

Reviewed by:	green
2000-04-26 10:40:35 +00:00
ume
484d3fa1b1 Make sure to use IPv4 mapped IPv6 address when mapped address is
requested in /etc/inetd.conf.

Reviewed by:	shin
2000-04-02 16:11:14 +00:00
sheldonh
65439ee8c6 Optimize those services that send only one block of data: use send(2)
with the MSG_EOF flag set instead of write(2).

Submitted by:	David Malone <dwmalone@maths.tcd.ie>
Reviewed by:	wollman
2000-03-28 09:45:19 +00:00
green
5a96429bd9 Allow using "-d username" without "-r". Example:
auth   stream  tcp     nowait  root    internal        auth -d "Only fools trust ident"
2000-03-28 01:10:35 +00:00
ru
e0adbf8391 "can received" -> "can receive". 2000-03-22 16:07:32 +00:00
shin
304da3fbf2 Make inetd compilable without INET6.
Approved by: jkh

Submitted by: jhb
2000-03-11 11:28:08 +00:00
shin
4bd515c32f Fix addr length argument value passed to sendto().
Some inetd internal udp servers didn't worked with problem.
Also fix recvfrom() "fromlen" arg type from int * to socklen_t *.

Approved by: jkh

Submitted by: bde
2000-03-09 15:07:38 +00:00
sheldonh
0e6cb15cc3 Clarify the facility used for logging with and without the wrapping
options.

PR:		17017
Submitted by:	Doug Barton <Doug@gorean.org>
2000-03-01 08:20:17 +00:00
sheldonh
3c68a89c75 Remove broken hard sentence breaks, which mess up the typeset output. 2000-02-29 17:36:44 +00:00
shin
d822ff8f85 Fix broken inet logging when wrapping options are not specified.
Approved by: jkh

Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
2000-02-22 00:27:53 +00:00
luigi
0b636a9d68 Make inetd picobsd friendly, dont use ipsec when RELEASE_CRUNCH
is defined

Approved-by: jordan
2000-02-09 09:04:36 +00:00
shin
b7aacf578e Fix inetd wrong AF check for RPC services
Incorrect Address Family check is done for RPC services, and
   fail to initialize it.
   The error check is replaced to new one, which checks if IPv4
   bind is enabled or not. (It is disabled when IPv6 numeric
   addr is specified for -a bind address option.)

An review reqeust is once sent to des, but he quit MAINTAINER.

Approved by: jkh
2000-02-03 09:54:49 +00:00
des
0c151cedba Drop maintainership of inetd, since nobody respects it anyway. 2000-02-01 09:21:22 +00:00
shin
ae4a0b7c52 Fix inconsistent debug output. (syslog -> warnx)
Specified by: sheldonh

Reviewed by: des
2000-01-28 20:06:15 +00:00
sheldonh
d32ad2b60d Fix English, mdoc and layout of the previous commit, as requested by
the committer (shin).  While I don't have permission for this change
from the inetd maintainer (des), I assume that shin has permission
and I'm just fixing his contribution up for him.

Okay, I couldn't resist, I made some extra changes:

	* Replace ".Tn FreeBSD" with .Fx
	* Make the illegal TCPMUX and IPSEC sections legal subsections
	  of the IMPLEMENTATION NOTES section.

Requested by:	shin
2000-01-28 10:21:19 +00:00
shin
1427d0852c Avoid verbose error messages when ipsec initialization for sockets failed
usually, and print it only when debug is enabled.
(This always happens when kernel is configured without IPSEC option.)
2000-01-27 14:46:15 +00:00
shin
fc29f7bcf7 several tcp apps IPv6 update
-inetd
 -rshd
 -rlogind
 -telnetd
 -rsh
 -rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-25 14:52:10 +00:00
charnier
840a73c91f Do not dot terminate sentences inside FILES section. Lowercase
inside error messages.
2000-01-23 20:17:41 +00:00
green
10377a13d6 I like base-36 better. 2000-01-20 01:49:41 +00:00
green
c67a07f904 Implement -g and -d options in my ident code. The -g flag uses a random
garbage value for the username (hex garbage, that is), and the -d flag
provides a default username for fallback purposes if the user cannot be
looked up.  That is very useful for the case where inetd auth is
running on a NAT box.

While I'm here updating the manpage, clean up an English error and a
few small nits.
2000-01-19 22:03:12 +00:00
peter
bf227e9260 Put the listening socket into non-blocking mode before doing an
accept(2).  This is a not really problem on -current as the accept race
is fixed, however it is a MFC candidate for -stable.

This could possibly be slightly more efficient and leave the listening
socket permanently in non-blocking mode, but I wasn't certain that I
could catch all the stream/wait (not nowait) mode implications.
1999-11-17 03:32:05 +00:00
charnier
6fd9345dfd Do not dot or \n terminate syslog string. 1999-10-13 20:22:13 +00:00
peter
efabb9ccb1 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
des
3d0d9c2794 Pull on my asbestos undies and claim ownership of inetd to prevent further
flamage between our beloved messrs Hearn and Feldman. Further commits go
through me. I urge the contestants to direct their energies at cleaning
up main() in inetd.c, which has over time become a crawling horror.
1999-07-26 08:43:03 +00:00
green
9fb486a915 Here goes, the "clear up any possible confusion" commit.
I've taken time to write up comments for the ident code tonight,
so there should no longer be any confusion about the purpouse of
whatever is in there. Wow, me commenting code... who'd have thought
that would happen?

Reviewed by:	DES
1999-07-26 07:57:35 +00:00
sheldonh
f63981f6b2 Bring two wayward memory allocation failure messages in line with
those featured in the rest of the code.
1999-07-26 06:39:46 +00:00
green
a611aa8730 More cleanups to ident_stream. Variables moved around, changed.
Got rid of an extra variable or two, while making corrections to
problems (that would probably not be a problem anyway, and worked.)

Partially Obtained from:	David Malone <dwmalone@maths.tcd.ie>
1999-07-25 23:15:03 +00:00
green
27952eea1c Correct a groff error in macro usage ("foo : bar" becomes "``foo: bar''").
Document the auth -n flag.
1999-07-24 17:11:50 +00:00
green
c608ce2e3b More cleanups, asprintf() usage (proper, as opposed to using snprintf()),
and addition of a -n .noident-checking flag.
1999-07-24 17:06:05 +00:00
green
4a70c57660 Clean up to match style(9) more closely. This should fix the problem of
people having ants in their pants ;)
1999-07-24 16:24:03 +00:00
sheldonh
b5476660e9 Use comments to group functions by service more clearly. I've used the
excuse of providing the RFC numbers for the associated services.
1999-07-24 13:02:09 +00:00
sheldonh
6a2357f795 Style nits:
* Bring memory allocation failure handling in line with that of
	the rest of the code.
      * Nestle block curlies between case statements correctly.

I've left the in-block declarations alone, since style(9) says we should
conform to the existing style within the code, and inetd already does
this. I've left the asprintf()'s in there because that's how Brian wants
it.
1999-07-24 12:35:50 +00:00
sheldonh
6a0edb4a00 Document the -o and -t options to the internal auth service and give an
example of their usage in the sample config. Merge the two examples
for the green internal auth service.

This commit failed the first time around because Brian beat me to the
punch on inetd.8 . I like my descriptions better and I'm pretty sure
Brian won't mind.
1999-07-23 15:49:34 +00:00
green
0341c2834a Ahem. Put things back a bit. I declare variables in the scope they're
used! I don't declare every variable at the top of a function because
that wastes stack space. I've clarified the error a bit (for if asprintf()
filas.)
1999-07-23 15:49:14 +00:00
green
ff61074fae As per DES's prodding, document _all_ the arguments to inetd's auth
service. This includes the -o "operating system" argument and the -t
"timeout" argument.
1999-07-23 15:37:39 +00:00
sheldonh
4a143d8551 Style cleanups for iderror() and ident_stream(). Looks like c++ hang-over.
;-)
1999-07-23 15:26:42 +00:00
sheldonh
e86941baf1 Fix auth -t argument handling. It was broken for the "sec.usec" case.
Add a warning for bogus -t arguments for the (debug) case.
1999-07-23 15:00:07 +00:00
des
da41b19a5a Don't match up TCP services with UDP sockets. 1999-07-23 14:45:21 +00:00
green
4111d3ca7f Fixed a braino: lack of spaces in sscanf caused ident parsing to fail.
Sorry, guys.
1999-07-23 03:51:52 +00:00
green
b7d77d59f2 "knobs are cheap". Here's a -t timeout option for the internal ident
service. It takes a number (w/ or w/out .usec) as an argument.
1999-07-22 21:42:49 +00:00
green
14839d0b22 This commit encompasses the following changes to inetd:
1. Cleanups of ident_stream. "Evil" stdio is less used.
	2. The BSD Copyright was added to the top of builtins.c.
	3. As suggested, a timeout is now implemented in the ident
	   service. It defaults to 10 seconds. If enough people want
	   it, I'll make it configurable.

Suggested by:	msmith
1999-07-22 21:11:40 +00:00
sheldonh
c70bd623ea Relegate the diagnostic descriptor counter to the -DSANITY_CHECK case. 1999-07-22 16:29:48 +00:00
sheldonh
4093665e6b Remove unnecessary macro introduced in previous commit.
Also, the previous commit failed to reference:

PR:	12731
Submitted by:	dwmalone@maths.tcd.ie (David "Inetd" Malone)
1999-07-22 16:10:40 +00:00
sheldonh
ca4b80f3cf Don't leak pipe descriptor to daemons on execv(). 1999-07-22 15:57:37 +00:00
sheldonh
6f1b1c4c11 Signal handlers should use _exit(2) and not exit(3). 1999-07-22 14:47:29 +00:00
sheldonh
4f4f7569f6 Move code for all builtin services from inetd.c to builtins.c, including
the Green Piece. :-)

In future, new builtin services are less likely to need to touch the
already tangled inetd.c .
1999-07-22 14:11:26 +00:00
sheldonh
cd7ecc6fc0 Fix for the hosts_options(5) spawn option.
Restore default SIGHUP, SIGCHLD and SIGALRM handlers in forked inetd
processes. This happens to work around the fact that hosts_access()
doesn't (but should) set SIG_IGN as the handler for SIGCHLD while it
handles the spawn option, but it would make sense even if that were
not true.

This does not address the leaking descriptors issue discussed on the
same PR.

PR:	12731
Reviewed by:	des
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-07-21 16:09:45 +00:00
sheldonh
c292b216c3 Fix horribly broken comment. The submitter of the associated code sent
me the right comment and I bastardized it. :-(
1999-07-21 12:19:24 +00:00
sheldonh
b311ebd0a0 Document the new {auth,ident,tap} service and provide examples in the
configuration file.

Requested by:	green
1999-07-16 15:41:14 +00:00
green
e18ab70893 By popular demand, ident_stream now takes arguments. Ex:
# This enables the old, fake ident service.
auth    stream  tcp     nowait  root    internal
# This enables the new, real ident service.
auth	stream	tcp	nowait	root	internal	auth -r
# This enables ~/.fakeid support, too.
auth	stream	tcp	nowait	root	internal	auth -r -f
1999-07-15 17:01:43 +00:00
green
9560f2b198 This is the working internal ident service. Turn it on by setting
the make variable REAL_IDENT, and ~/.fakeid support can be added
with FAKEID set. Note that the default behavior is the same as
the old behavior.
1999-07-15 01:34:02 +00:00
green
417022436a Fix ``:''.
PR:		12589
1999-07-11 08:32:24 +00:00
sheldonh
d6c7df715c Use the proctitle to indicate that we're busy wrapping a request for a
service. Inetd already uses the process title to indicate that a request
for an internal service is being serviced, so this addition is fairly
orthogonal.

Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-07-09 11:46:45 +00:00
sheldonh
37c066a7ad Allow internal and external wrapping to be enabled independantly of
each other. Instead of allowing the -w option to be specified twice,
we now take -w (wrap external) and -W (wrap internal).

Discussed with:	markm
1999-07-09 11:19:01 +00:00
sheldonh
60d229e604 Allow service alias names from /etc/services to be used when specifying
internal services in inetd.conf .

The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!

Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing
configurations.

This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).

PR:	11796
Reported by:	Alex Charalabidis <alex@wnm.net>
Approved by:	des
1999-07-02 16:21:13 +00:00
sheldonh
70faa23160 Clarify that the services name, as specified in inetd.conf, for an
internal service should be used as the daemon name when constructing
hosts_access(5) rules.
1999-07-02 15:58:32 +00:00
sheldonh
e3cd370e12 Ommitted in previous commit message:
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-30 23:47:46 +00:00
sheldonh
fe92ab33f8 Enable wrapping for dgram services and fix logging so that -l really
does log all connections.
1999-06-30 23:36:39 +00:00
sheldonh
fa84406525 Sync usage() with the manpage.
Approved by:	mpp
1999-06-28 11:27:14 +00:00
sheldonh
b86772ac10 Fix broken logic: (!wrap || log) -> (!wrap && log) .
Reported by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-28 09:28:17 +00:00
sheldonh
9b5c2ba429 Fix the SYNOPSIS to reflect that the -w option can be specified twice.
Requested by:	obrien
Approved by:	mpp
1999-06-27 21:07:55 +00:00
sheldonh
31aade9ad1 Add command-line option (-w), specified once to enable wrapping and
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.

Change etc/defaults/rc.conf so as to encourage wrapping on new systems.

Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.

Approved by:	jkh
1999-06-27 18:05:34 +00:00
sheldonh
1d3d610bba Use Dq mdoc tag for double-quoted words. 1999-06-21 11:43:13 +00:00
sheldonh
35595e48b4 Fix handling of maximum children and connections per minute.
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-21 11:17:34 +00:00
sheldonh
e9effd7443 Various fixes for inetd's TCP Wrappers support:
1) Handle forking and non-forking internal services correctly.
	   Turn on wrapping for internal services because it works now.
	2) Preserve server names for each service on HUP.
	3) Honour hosts_options(5) severity option.
	4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
	   usage and limitations.

This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.

PR:	12097
Reviewed by:	markm
1)
Reported by:	Pierre Beyssac <pb@fasterix.freenix.org>
2)
Submitted by:	Masachika ISHIZUKA <ishizuka@ish.org>
3)
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-06-17 09:16:08 +00:00
des
6c65743291 Don't stop listening to the signal pipe just because you don't have
anything else to do.

PR:		10468, 11594
1999-05-11 12:50:14 +00:00
markm
752388eccd There seems to be a problem (most likely when there is no hosts.allow)
with wrapping the internal services, so do not wrap them for now.
1999-05-07 06:48:01 +00:00
obrien
c9af91f18b MFS: sort reference list and embelish history. 1999-05-01 22:03:00 +00:00
markm
9012e78ce4 Fix the "internal" wrapping as well as a nasty bug involving
the daemon name vs the path. Also fix some warnings and improve
the wrapper section of the man page.

Nice debugging work by:	Sheldon Hearn
1999-04-11 09:22:17 +00:00
markm
f15070b9ae Now inetd(8) has direct support for tcp_wrappers! Not working at the
moment is support for the internal serfvices, so these are not
enabled. Volunteers welcome!
1999-03-28 10:50:30 +00:00
danny
e27bf7f1ca Make machtime() function unsigned long instead of long.
Reviewed by:	phk
1999-01-05 11:56:35 +00:00
des
d953ead330 Style cleanups.
Requested by:	bde
1999-01-02 16:04:19 +00:00
des
b44d350f5d Back out rev. 1.42 and 1.43. Apply Graham Wheeler's signal handling patch.
Reviewed by:    jkh & eivind
Submitted by:   Graham Wheeler <gram@cdsec.com>
PR:             bin/8183
1998-12-28 15:09:43 +00:00
dillon
fac338b16a Remove signal mask prior to calling exec 1998-12-15 23:12:33 +00:00
dillon
0257da5919 Reviewed by: freebsd-current
Fix signal/library corruption by blocking all signals except during
    select().  The reported corruption was with reentrancy in the malloc lib.
1998-12-11 17:06:16 +00:00
phk
44cddad39c Add an "internal" driver for the "ident" protocol (tcp/113).
It will return "ERROR:HIDDEN-USER" for all requests.

To use it add:
	ident   stream  tcp     nowait  root    internal
to inetd.conf
1998-11-04 19:39:46 +00:00