Commit Graph

242 Commits

Author SHA1 Message Date
delphij
8c1e854769 Replace the use of wall clock time with monotonically increasing
clock.  In general, gettimeofday() is not appropriate interface
when accounting for elasped time because it can go backward, in
which case the policy code could errornously consider the limit
as exceeded.

MFC after:	1 week
Reported by:	Mahesh Arumugam
Submitted by:	Dorr H. Clark via gnn
Sponsored by:	Citrix / NetScaler
2012-06-04 18:02:09 +00:00
ed
e7e5b53bf1 Replace index() and rindex() calls with strchr() and strrchr().
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
2012-01-03 18:51:58 +00:00
uqs
415a3a9b96 Spelling fixes for usr.sbin/ 2011-12-30 10:58:14 +00:00
ed
073cafdd42 The last big commit: let usr.sbin/ use WARNS=6 by default. 2010-01-02 11:07:44 +00:00
ed
ec19ea84b8 ANSIfy some more tools in usr.sbin/.
Most of these tools build with WARNS=6, except for their use of K&R
function declarations.
2010-01-02 11:05:34 +00:00
attilio
99524169bf Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.

Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.

Obtained from:	Sandvine Incorporated
Reviewed by:	emaste, arch@
Sponsored by:	Sandvine Incorporated
MFC:		1 month
2009-11-25 15:12:24 +00:00
delphij
17086da402 Sync comment with actual configuration format. 2009-02-13 22:48:05 +00:00
maxim
85af0f2b2d o inetd(8) requires wait/nowait column in inetd.conf for
ONC services as well.

PR:		bin/119203
Submitted by:	Peter Jeremy
MFC atfer:	1 week
2008-01-12 21:09:48 +00:00
bz
6aeecf59e8 Remove the -DFAST_IPSEC from Makefiles again.
This was needed during the IPSEC->FAST_IPSEC->IPSEC transition
period to not break the build after picking up netipsec header
files. Now that the FAST_IPSEC kernel option is gone and the
default is IPSEC again those defines are superfluous.

Approved by:	re (rwatson)
2007-07-05 08:56:46 +00:00
gnn
f5875f045c Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
dwmalone
8355c667d5 Don't try to apply connection-per-ip rate limiting to unix domain
sockets.  Instead of rejecting all unix domain connections when the
-C flag is given, allow them instead. Aragon tested an earlier
version of the patch.

PR:		109315
MFC after:	2 weeks
Tested-by:	Aragon Gouveia <aragon@phat.za.net>
2007-03-11 16:30:49 +00:00
ru
c58b7af845 Removed T/TCP bits. 2006-09-14 08:36:53 +00:00
yar
73ebfe88f6 inetd and telnetd are not included in the standard release
crunched floppies, but they can be included as options in
src/release/picobsd (omitted by default though.)  Therefore
preserve the RELEASE_CRUNCH knob in their Makefiles, but
tell its real purpose in a comment.
2006-07-31 19:15:10 +00:00
yar
ead3193586 Obey MK_INET6_SUPPORT. 2006-07-27 14:52:12 +00:00
dwmalone
25c425eec7 Update a couple of comments relating to RFCs. 2006-04-17 19:55:25 +00:00
dwmalone
494f348f04 Back out a Makefile change that accidently snook in. 2006-04-17 19:52:00 +00:00
dwmalone
665da7e9a1 Port 37 (RFC 738) style times are supposed to be a 32 bit time since
1900 in network byte order. Use a uint32_t to calculate and send
the time, so that we don't need to know how big ints or longs are.

I used uint32_t instead of int in the patch, on the off chance
someone uses our inetd source on a system that doesnt 32 bit ints.

PR:		95290
Submitted by:	Bruce Becker <hostmaster@whois.gts.net>
MFC after:	2 weeks
2006-04-17 18:35:58 +00:00
ceri
3f00bfdb42 Perform minor rewording and grammatical improvement. Add a missing Xr. 2006-02-04 22:17:38 +00:00
delphij
7ab11dec1c Revert previous commit for now, which seems to have (re)introduced some
old bugs, as well as some unwanted side effects.  I will do more
investigation and fix these issues first.

Pointed out by:	dwmalone
2006-01-18 19:38:43 +00:00
delphij
55eb0335a6 Improves and cleanups over inetd(8):
- Teach inetd(8) about kqueue, originally implemented by jmg@[1].
 - Use new C99 style function prototypes instead of K&Rs.
 - Raise WARNS from 2 to 6

Glanced at by:	ru
MFC After:	2 weeks

[1] http://people.freebsd.org/~jmg/inetd.kq.patch,
    http://people.freebsd.org/~jmg/inetd.kq.html
2006-01-18 07:47:46 +00:00
ceri
eaf278394d inetd(8) requires that /etc/netconfig be present, and contain entries
for each of udp and tcp (and their IPv6 equivalents when INET6 is
enabled).  Note that dependency here.

PR:		docs/90435
Submitted by:	Dmitry Kazarov <kazarov at mcm dot ru>
Pointed out by:	Daniel Gerzo <danger at rulez dot sk>
MFC after:	8 days
2005-12-30 13:16:15 +00:00
pjd
c71407b589 Pidfiles should be created with permission preventing users from opening
them for reading. When user can open file for reading, he can also
flock(2) it, which can lead to confusions.

Pointed out by:	green
2005-09-16 11:24:28 +00:00
pjd
da18f6ae6c Use pidfile(3) in inetd(8). 2005-08-24 19:04:21 +00:00
nectar
a23214e059 Remove rexecd(8), a server that implements a particularly insecure
method of executing commands remotely.  There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat.  It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
2005-06-10 20:52:36 +00:00
ume
e33ba03345 NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.
2005-05-13 16:31:11 +00:00
stefanf
b8a02a7b76 Prefer C99's __func__ over GCC's __FUNCTION__.
Approved by:	dwmalone
2004-09-26 13:47:25 +00:00
imp
9fbed704d5 Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)
2004-08-07 04:28:56 +00:00
ru
6294018a20 Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
brooks
b5d0f56361 Remove the requirement that the "discard" service be defined in the
services database.  Now only services that are actually used need to be
defined.

Submitted by:	ume
2004-04-20 23:34:39 +00:00
dwmalone
5c9d10d927 The list of (key,value) pairs to request_init is terminated by a 0 key,
not NULL.

Submitted by:	Stefan Farfeleder <stefan@fafoe.narf.at>
MFC after:	3 days
2004-04-04 21:32:23 +00:00
dwmalone
a7b0bf2151 On startup, warn if inetd's config file doesn't exist. This isn't
exactly the same as patch from the PR, which also exited if the
config file was missing. I didn't use Jeff's patch because I was
worried that some people might start inetd, create the config file
and then HUP inetd.

PR:		60806
Submitted by:	Jeff Ito <jeffi@rcn.com>
MFC after:	2 weeks
2004-03-22 12:01:23 +00:00
charnier
3a11da683d Revert previous change. The effect of -w or -W option is described in
another paragraph.
Obtained from:	David Malone <dwmalone@maths.tcd.ie>
2004-02-29 15:49:26 +00:00
charnier
821b77eba3 According to source code, under certain conditions, logging goes to the
"auth" facility not "daemon".
Submitted by: "Bill Richter (7X22KEY)" <richterb@binkley.foothill.net>
2004-02-25 20:31:00 +00:00
peter
282762c918 Rather than use the gcc -fno-builtin-log flag, just rename the 'int log'
variable.
2003-10-30 22:56:44 +00:00
ume
2472b3136c Since semantic of IPV6_PKTINFO was changed in RFC3542, we need to
use IPV6_RECVPKTINFO instead.

Reported by:	someone (I had removed the mail wrongly, sorry)
2003-10-26 06:11:31 +00:00
peter
84984af725 Use -fno-builtin-log so gcc doesn't get ideas about using a math function
to log data.  Clean up an unused variable that was hidden by the WARNS?=2
being commented out.  Uncomment it now that it compiles cleanly again.
2003-10-26 05:54:07 +00:00
dwmalone
650c360569 Move my inetd maintainer note to src/MAINTAINERS. 2003-07-15 16:52:22 +00:00
dwmalone
48243b0d55 Get the connections per minute calculation right. By good fortune
(or possibly testing) the previous formula worked for the default
constants compiled into inetd, but if you recompiled with different
values of CHTSIZE and CHTGRAN the calculation might not have worked.

PR:		54354
Submitted by:	Claus Assmann <ca@sendmail.org>
Submitted by:	Jose Marcio Martins da Cruz <Jose-Marcio.Martins@ensmp.fr>
MFC after:	5 days
2003-07-15 16:46:45 +00:00
charnier
9f740d6ffa The .Xr utility 2003-06-08 14:06:45 +00:00
dwmalone
dff9ad9d44 Under some unusual conditions, inetd can leak a open file discriptor
into a child process. Rather than closing the discriptors manually,
mark all discriptors as close-on-exec.

PR:		47694
Submitted by:	Max Okumoto <okumoto@ucsd.edu>
Obtained from:	NetBSD
MFC after:	2 weeks
2003-02-23 16:54:19 +00:00
dwmalone
1825d6d17d After calling login_getclass, be sure to call login_close so that
we don't leak memory. Only one of these two cases (reconfig) actually
causes a leak because the other is usually followed by an exec.

PR:		46845
Reviewed by:	David Wang <dsw@juniper.net>
MFC after:	2 weeks
2003-02-23 16:49:14 +00:00
ume
3d252cd886 The tcp_wrappers function `fromhost()' can fail. In such
cases, the `struct sockaddr' will not be allocated.

Reported by:	nectar
MFC after:	2 days
2003-02-13 17:08:23 +00:00
rwatson
b622dadf70 Using LOGIN_SETALL &~LOGIN_SETMAC to avoid setting the MAC label improperly,
rather than specifically setting the process priority and resource class;
otherwise, we improperly set other aspects of the login class.  We have
a bit more to do here, but the proper fix will probably involve breaking
out MAC labels from the login class at some point, as well as further
clarifying the logic here.

Pointed out by:	kuriyama, max
2003-01-16 03:41:57 +00:00
rwatson
45a3623193 For now, set only the resource limits and process priority associated
with a class, rather than all aspects of the class when switching
classes for an inetd service.  Because we hard-code /daemon in the
current inetd implementation, using SETALL has unfortunate side-effects
involving the MAC code, and potentially other credential related
settings in the future.  This change maintains the DoS-resistent
aspects of the class behavior, which is all that is promised in the
inetd man page.

A larger set of diffs providing more pluggability and configurability
was deferred for this more simple approach in the short term.

Reviewed by:	ache
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-01-08 17:10:11 +00:00
wollman
bd4df2f808 Add used #include <limits.h>. 2002-10-27 17:46:53 +00:00
dwmalone
31656d5090 When printing the wait status, break it down into a signal and a exit status.
PR:		41912
Submitted by:	Aaron Smith <aaron@mutex.org>
MFC after:	2 weeks
2002-09-04 21:00:45 +00:00
dwmalone
a8ad3be6d5 Swap sense of no_v[46]bind variables and rename as v[46]bind_ok -
this avoids some double negatives which are a bit difficult to
parse.

Always tread v[46]bind{,_ok} as booleans.
2002-09-04 20:31:53 +00:00
dwmalone
d766507fcc Fix parsing of unix domain entries after addition of IPv6 RPC support.
PR:		40771
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-09-04 20:15:20 +00:00
dwmalone
f72048605b Don't initialise policy, v4bind and v6bind where the variables are
declared - it was bad style and caused a bug. v[46]bind need to be
reset whenever we go to the "more:" label.

Jean-Luc and I came up with this patch independently, so it had
better be right!

PR:		40771
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-09-02 20:07:14 +00:00
dwmalone
7161284200 tpc -> tcp in an error message.
PR:		40771
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-09-02 20:00:46 +00:00