diff options
author | sheldonh <sheldonh@FreeBSD.org> | 1999-06-27 18:05:34 +0000 |
---|---|---|
committer | sheldonh <sheldonh@FreeBSD.org> | 1999-06-27 18:05:34 +0000 |
commit | 31aade9ad12eccc1744d769c7477e81f3a9fcf8c (patch) | |
tree | 89721a778510d42e88eca9f91ed04128285c4f23 /usr.sbin/inetd | |
parent | 32a079dfa9ef6333b7da250e2ccc897157881ed7 (diff) | |
download | FreeBSD-src-31aade9ad12eccc1744d769c7477e81f3a9fcf8c.zip FreeBSD-src-31aade9ad12eccc1744d769c7477e81f3a9fcf8c.tar.gz |
Add command-line option (-w), specified once to enable wrapping and
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.
Change etc/defaults/rc.conf so as to encourage wrapping on new systems.
Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.
Approved by: jkh
Diffstat (limited to 'usr.sbin/inetd')
-rw-r--r-- | usr.sbin/inetd/Makefile | 4 | ||||
-rw-r--r-- | usr.sbin/inetd/inetd.8 | 32 | ||||
-rw-r--r-- | usr.sbin/inetd/inetd.c | 46 |
3 files changed, 45 insertions, 37 deletions
diff --git a/usr.sbin/inetd/Makefile b/usr.sbin/inetd/Makefile index ddb15c5..7af0b63 100644 --- a/usr.sbin/inetd/Makefile +++ b/usr.sbin/inetd/Makefile @@ -1,11 +1,11 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 -# $Id: Makefile,v 1.8 1999/05/07 06:48:01 markm Exp $ +# $Id: Makefile,v 1.9 1999/06/17 09:16:06 sheldonh Exp $ PROG= inetd MAN8= inetd.8 MLINKS= inetd.8 inetd.conf.5 -COPTS+= -Wall -DLOGIN_CAP -DLIBWRAP -DLIBWRAP_INTERNAL +COPTS+= -Wall -DLOGIN_CAP #COPTS+= -DSANITY_CHECK DPADD+= ${LIBUTIL} ${LIBWRAP} diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index 3bcd3db..10d30e5 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 -.\" $Id: inetd.8,v 1.26 1999/06/17 09:16:07 sheldonh Exp $ +.\" $Id: inetd.8,v 1.27 1999/06/21 11:43:13 sheldonh Exp $ .\" .Dd February 7, 1996 .Dt INETD 8 @@ -43,6 +43,7 @@ .Nm inetd .Op Fl d .Op Fl l +.Op Fl w .Op Fl c Ar maximum .Op Fl C Ar rate .Op Fl a Ar address @@ -78,6 +79,11 @@ The following options are available: Turn on debugging. .It Fl l Turn on logging. +.It Fl w +Turn on TCP Wrapping. If this option is specified twice, internal +services will also be wrapped. See the +.Sx "IMPLEMENTATION NOTES" +section for more information on TCP Wrappers support. .It Fl c Ar maximum Specify the default maximum number of services that can be invoked. May be overridden on a per-service basis with the "max-child" @@ -401,16 +407,26 @@ records its process ID in the file .Pa /var/run/inetd.pid to assist in reconfiguration. .Sh IMPLEMENTATION NOTES +When given the +.Fl w +option, +.Nm +will wrap all services specified as +.Dq stream tcp nowait +except for +.Dq internal +services. If the +.Fl w +option is given twice, such +.Dq internal +services will be wrapped as well. .Pp -Support is provided for TCP Wrappers; see the relevant documentation ( -.Xr hosts_access 5 -). -The +When wrapping is enabled, the .Pa tcpd daemon is not required, as that functionality is builtin. -Only stream-based services, including -.Dq internal -services, may be wrapped. +For more information on TCP Wrappers; see the relevant documentation ( +.Xr hosts_access 5 +). .Sh TCPMUX .Pp .Tn RFC 1078 diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index 16494f3..b75fd16 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)from: inetd.c 8.4 (Berkeley) 4/13/94"; #endif static const char rcsid[] = - "$Id: inetd.c,v 1.50 1999/06/17 09:16:08 sheldonh Exp $"; + "$Id: inetd.c,v 1.51 1999/06/21 11:17:34 sheldonh Exp $"; #endif /* not lint */ /* @@ -128,12 +128,11 @@ static const char rcsid[] = #include <stdlib.h> #include <string.h> #include <syslog.h> +#include <tcpd.h> #include <unistd.h> #include <libutil.h> #include <sysexits.h> -#ifdef LIBWRAP -# include <tcpd.h> #ifndef LIBWRAP_ALLOW_FACILITY # define LIBWRAP_ALLOW_FACILITY LOG_AUTH #endif @@ -146,9 +145,6 @@ static const char rcsid[] = #ifndef LIBWRAP_DENY_SEVERITY # define LIBWRAP_DENY_SEVERITY LOG_WARNING #endif -int allow_severity; -int deny_severity; -#endif #ifdef LOGIN_CAP #include <login_cap.h> @@ -178,6 +174,10 @@ int deny_severity; #define SIGBLOCK (sigmask(SIGCHLD)|sigmask(SIGHUP)|sigmask(SIGALRM)) +int allow_severity; +int deny_severity; +int wrap = 0; +int wrap_bi = 0; int debug = 0; int log = 0; int nsock, maxsock; @@ -347,14 +347,11 @@ main(argc, argv, envp) #ifdef LOGIN_CAP login_cap_t *lc = NULL; #endif -#ifdef LIBWRAP struct request_info req; int denied; char *service = NULL; -#else struct sockaddr_in peer; int i; -#endif #ifdef OLD_SETPROCTITLE @@ -369,7 +366,7 @@ main(argc, argv, envp) openlog("inetd", LOG_PID | LOG_NOWAIT, LOG_DAEMON); bind_address.s_addr = htonl(INADDR_ANY); - while ((ch = getopt(argc, argv, "dlR:a:c:C:p:")) != -1) + while ((ch = getopt(argc, argv, "dlwR:a:c:C:p:")) != -1) switch(ch) { case 'd': debug = 1; @@ -400,10 +397,14 @@ main(argc, argv, envp) case 'p': pid_file = optarg; break; + case 'w': + if (wrap++) + wrap_bi++; + break; case '?': default: syslog(LOG_ERR, - "usage: inetd [-dl] [-a address] [-R rate]" + "usage: inetd [-dlw] [-a address] [-R rate]" " [-c maximum] [-C rate]" " [-p pidfile] [conf-file]"); exit(EX_USAGE); @@ -539,8 +540,7 @@ main(argc, argv, envp) close(ctrl); continue; } -#ifndef LIBWRAP - if (log) { + if (!wrap || log) { i = sizeof peer; if (getpeername(ctrl, (struct sockaddr *) &peer, &i)) { @@ -554,20 +554,18 @@ main(argc, argv, envp) sep->se_service, inet_ntoa(peer.sin_addr)); } -#endif } else ctrl = sep->se_fd; (void) sigblock(SIGBLOCK); pid = 0; -#ifdef LIBWRAP_INTERNAL /* * When builtins are wrapped, avoid a minor optimization * that breaks hosts_options(5) twist. */ - dofork = 1; -#else - dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork); -#endif + if (wrap_bi) + dofork = 1; + else + dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork); if (dofork) { if (sep->se_count++ == 0) (void)gettimeofday(&sep->se_time, (struct timezone *)NULL); @@ -625,11 +623,8 @@ main(argc, argv, envp) _exit(0); } } -#ifdef LIBWRAP -#ifndef LIBWRAP_INTERNAL - if (sep->se_bi == 0) -#endif - if (sep->se_accept + if ((wrap && (!sep->se_bi || wrap_bi)) + && sep->se_accept && sep->se_socktype == SOCK_STREAM) { service = sep->se_server_name ? sep->se_server_name : sep->se_service; @@ -650,7 +645,6 @@ main(argc, argv, envp) eval_client(&req), service, sep->se_proto); } } -#endif /* LIBWRAP */ if (sep->se_bi) { (*sep->se_bi->bi_fn)(ctrl, sep); /* NOTREACHED */ @@ -740,9 +734,7 @@ main(argc, argv, envp) execv(sep->se_server, sep->se_argv); syslog(LOG_ERR, "cannot execute %s: %m", sep->se_server); -#ifdef LIBWRAP reject: -#endif if (sep->se_socktype != SOCK_STREAM) recv(0, buf, sizeof (buf), 0); } |