diff options
-rw-r--r-- | usr.sbin/inetd/builtins.c | 16 | ||||
-rw-r--r-- | usr.sbin/inetd/inetd.8 | 9 |
2 files changed, 20 insertions, 5 deletions
diff --git a/usr.sbin/inetd/builtins.c b/usr.sbin/inetd/builtins.c index b49ecba..fae9d17 100644 --- a/usr.sbin/inetd/builtins.c +++ b/usr.sbin/inetd/builtins.c @@ -469,8 +469,20 @@ ident_stream(s, sep) /* Ident service (AKA "auth") */ goto printit; } - if (!rflag) /* Send HIDDEN-USER immediately if not "real" */ - iderror(lport, fport, s, -1); + /* + * If not "real" (-r), send a HIDDEN-USER error for everything. + * If -d is used to set a fallback username, this is used to + * override it, and the fallback is returned instead. + */ + if (!rflag) { + if (fallback == NULL) + iderror(lport, fport, s, -1); + else { + cp = fallback; + goto printit; + } + } + /* * We take the input and construct an array of two sockaddr_ins * which contain the local address information and foreign diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index 38ed541..62b2726 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -436,11 +436,14 @@ Without options, the service will always return The available arguments to this service that alter its behavior are: .Bl -tag -width indent .It Fl d Ar fallback -Instead of returning an error if getting the socket credentials or +If the real ident service is enabled, return this user for every +request. +If the real ident service is disabled, then this flag, instead of +returning an error if getting the socket credentials or looking up the user name fails, return a default .Ar fallback -user name to the requesting ident client. This is primarily useful -when running this service on a NAT machine. +user name to the requesting ident client. +This is primarily useful when running this service on a NAT machine. .It Fl t Ar sec[.usec] Specify a timeout for the service. The default timeout is 10.0 seconds. |