exactly the same as patch from the PR, which also exited if the
config file was missing. I didn't use Jeff's patch because I was
worried that some people might start inetd, create the config file
and then HUP inetd.
PR: 60806
Submitted by: Jeff Ito <jeffi@rcn.com>
MFC after: 2 weeks
(or possibly testing) the previous formula worked for the default
constants compiled into inetd, but if you recompiled with different
values of CHTSIZE and CHTGRAN the calculation might not have worked.
PR: 54354
Submitted by: Claus Assmann <ca@sendmail.org>
Submitted by: Jose Marcio Martins da Cruz <Jose-Marcio.Martins@ensmp.fr>
MFC after: 5 days
into a child process. Rather than closing the discriptors manually,
mark all discriptors as close-on-exec.
PR: 47694
Submitted by: Max Okumoto <okumoto@ucsd.edu>
Obtained from: NetBSD
MFC after: 2 weeks
we don't leak memory. Only one of these two cases (reconfig) actually
causes a leak because the other is usually followed by an exec.
PR: 46845
Reviewed by: David Wang <dsw@juniper.net>
MFC after: 2 weeks
rather than specifically setting the process priority and resource class;
otherwise, we improperly set other aspects of the login class. We have
a bit more to do here, but the proper fix will probably involve breaking
out MAC labels from the login class at some point, as well as further
clarifying the logic here.
Pointed out by: kuriyama, max
with a class, rather than all aspects of the class when switching
classes for an inetd service. Because we hard-code /daemon in the
current inetd implementation, using SETALL has unfortunate side-effects
involving the MAC code, and potentially other credential related
settings in the future. This change maintains the DoS-resistent
aspects of the class behavior, which is all that is promised in the
inetd man page.
A larger set of diffs providing more pluggability and configurability
was deferred for this more simple approach in the short term.
Reviewed by: ache
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
declared - it was bad style and caused a bug. v[46]bind need to be
reset whenever we go to the "more:" label.
Jean-Luc and I came up with this patch independently, so it had
better be right!
PR: 40771
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
invocations of each service from a single IP address.
Requested by: matusita
Reviewed by: dwmalone
Tested by: matusita on snapshots.jp.FreeBSD.org
MFC after: 2 weeks
is appropriate to avoid using typeof/__typeof__. It is worth noting that
SWAP() is only ever used to swap pointer values so 'void *' assumptions would
have been acceptable, but I'd gladly pay you tuesday for a cheeseburger^W
cleaner interface today.
Poked into submission by: bde
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being). Accordingly, change users of
xucred to set and check this field as appropriate. In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former. This also has the pleasant sideaffect of removing some
duplicate code.
Reviewed by: rwatson
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults. Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.
Approved by: bde
how to use this feature are in the man page. This is based on work
by Lyndon Nerenberg.
(The only difficult part about this patch is the fact that you
can't fchown a unix domain socket, which means the sockets must be
put in a secure directory).
Reviewed by: dillon
been patched so many times it was a bit of a mess. There are style,
code and man page cleanups. The following are the functional changes:
The RFC only permits the returning of 4 possible error
codes, make sure we only return these (PR 27636).
Use MAXLOGNAME to determine the longest usernames.
Add a -i flag, which returns the uid instead of the username
(this is from a PR 25787, which also contained alot of the
cleanups in this patch).
PR: 25787, 27636
Partially Submitted by: Arne.Dag.Fidjestol@idi.ntnu.no
Reviewed by: Arne.Dag.Fidjestol@idi.ntnu.no, green
MFC after: 3 weeks
it already, their syntax is not compatible with ours. It will confuse
users. So, we have compatibility with their syntex.
Approved by: dwmalone
Obtained from: NetBSD
The patch I used isn't quite the one Lars suggested, but the size
of the largest datagram you can recv isn't #defined anywhere, and
probably isn't even bounded for some protocols.
PR: 25050
Submitted by: Lars Eggert <larse@isi.edu>
actually in the kernel. This structure is a different size than
what is currently in -CURRENT, but should hopefully be the last time
any application breakage is caused there. As soon as any major
inconveniences are removed, the definition of the in-kernel struct
ucred should be conditionalized upon defined(_KERNEL).
This also changes struct export_args to remove dependency on the
constantly-changing struct ucred, as well as limiting the bounds
of the size fields to the correct size. This means: a) mountd and
friends won't break all the time, b) mountd and friends won't crash
the kernel all the time if they don't know what they're doing wrt
actual struct export_args layout.
Reviewed by: bde
make sure there is exactly one prototype for each function,
use K&R style definitions everywhere to match dominant style,
make flag_signal take an int to avoid problems if we have
ANSI prototypes and K&R definitions.
root's groups' permissions were being used, so a user could read up to
16 (excluding initial whitespace) bytes of e.g. a wheel-accessible file.
Also, don't allow blocking on the opening of ~/.fakeid, so replace a fopen()
with open() and fdopen(). I knew I'd be going to hell for using C file
streams instead of POSIX syscalls...
page.
Add ability to run "inetd -R 0" to disable the default connection
per minute limit of 256 connections. Document this in man page.
Don't use maxchild as a boolean - instead check if it is greater
than zero.
Reviewed by: sheldonh
Based on a patch by: Alexander Langer <alex@big.endian.de>
one packet. Also check that the whole request has been recieved
before processing it.
The patch isn't the exact one from the PR, but a slight varient
suggested by Brian.
PR: 16086
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: green
a size_t as its 3rd argument, which is 64-bits on the alpha. The 'len'
variable used was a int, which is only 32-bits. Use size_t as the type
for 'len' to work-around this.
