| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
| |
invocations of each service from a single IP address.
Requested by: matusita
Reviewed by: dwmalone
Tested by: matusita on snapshots.jp.FreeBSD.org
MFC after: 2 weeks
|
|
|
|
| |
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
|
| |
|
| |
|
|
|
|
| |
Reported by: Jurrien Koopmans <jjkoopmans@home.nl>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
how to use this feature are in the man page. This is based on work
by Lyndon Nerenberg.
(The only difficult part about this patch is the fact that you
can't fchown a unix domain socket, which means the sockets must be
put in a secure directory).
Reviewed by: dillon
|
|
|
|
|
|
| |
portmap.8 --> rpcbind.8
Submitted by: .Xr testing script
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
been patched so many times it was a bit of a mess. There are style,
code and man page cleanups. The following are the functional changes:
The RFC only permits the returning of 4 possible error
codes, make sure we only return these (PR 27636).
Use MAXLOGNAME to determine the longest usernames.
Add a -i flag, which returns the uid instead of the username
(this is from a PR 25787, which also contained alot of the
cleanups in this patch).
PR: 25787, 27636
Partially Submitted by: Arne.Dag.Fidjestol@idi.ntnu.no
Reviewed by: Arne.Dag.Fidjestol@idi.ntnu.no, green
MFC after: 3 weeks
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
doesn't actually use it.
PR: 24307
Submitted by: opentrax@email.com
|
| |
|
|
|
|
|
|
|
|
|
| |
to contain the name of other valid users.
PR: 22837
Submitted by: Andreas Gerstenberg <andy@andy.de>
Reviewed by: green
Reviewed by: sheldonh
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
page.
Add ability to run "inetd -R 0" to disable the default connection
per minute limit of 256 connections. Document this in man page.
Don't use maxchild as a boolean - instead check if it is greater
than zero.
Reviewed by: sheldonh
Based on a patch by: Alexander Langer <alex@big.endian.de>
|
| |
|
|
|
|
|
|
| |
a fallback username.
Reviewed by: green
|
|
|
|
| |
auth stream tcp nowait root internal auth -d "Only fools trust ident"
|
| |
|
|
|
|
|
|
|
| |
options.
PR: 17017
Submitted by: Doug Barton <Doug@gorean.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the committer (shin). While I don't have permission for this change
from the inetd maintainer (des), I assume that shin has permission
and I'm just fixing his contribution up for him.
Okay, I couldn't resist, I made some extra changes:
* Replace ".Tn FreeBSD" with .Fx
* Make the illegal TCPMUX and IPSEC sections legal subsections
of the IMPLEMENTATION NOTES section.
Requested by: shin
|
|
|
|
|
|
|
|
|
|
|
|
| |
-inetd
-rshd
-rlogind
-telnetd
-rsh
-rlogin
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|
|
|
|
| |
inside error messages.
|
|
|
|
|
|
|
|
|
|
| |
garbage value for the username (hex garbage, that is), and the -d flag
provides a default username for fallback purposes if the user cannot be
looked up. That is very useful for the case where inetd auth is
running on a NAT box.
While I'm here updating the manpage, clean up an English error and a
few small nits.
|
| |
|
|
|
|
| |
Document the auth -n flag.
|
|
|
|
|
|
|
|
|
| |
example of their usage in the sample config. Merge the two examples
for the green internal auth service.
This commit failed the first time around because Brian beat me to the
punch on inetd.8 . I like my descriptions better and I'm pretty sure
Brian won't mind.
|
|
|
|
|
| |
service. This includes the -o "operating system" argument and the -t
"timeout" argument.
|
|
|
|
|
|
| |
configuration file.
Requested by: green
|
|
|
|
| |
PR: 12589
|
|
|
|
|
|
|
| |
each other. Instead of allowing the -w option to be specified twice,
we now take -w (wrap external) and -W (wrap internal).
Discussed with: markm
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
internal services in inetd.conf .
The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!
Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing
configurations.
This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).
PR: 11796
Reported by: Alex Charalabidis <alex@wnm.net>
Approved by: des
|
|
|
|
|
| |
internal service should be used as the daemon name when constructing
hosts_access(5) rules.
|
|
|
|
| |
Submitted by: David Malone <dwmalone@maths.tcd.ie>
|
|
|
|
| |
does log all connections.
|
|
|
|
|
| |
Requested by: obrien
Approved by: mpp
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.
Change etc/defaults/rc.conf so as to encourage wrapping on new systems.
Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.
Approved by: jkh
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Handle forking and non-forking internal services correctly.
Turn on wrapping for internal services because it works now.
2) Preserve server names for each service on HUP.
3) Honour hosts_options(5) severity option.
4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
usage and limitations.
This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.
PR: 12097
Reviewed by: markm
1)
Reported by: Pierre Beyssac <pb@fasterix.freenix.org>
2)
Submitted by: Masachika ISHIZUKA <ishizuka@ish.org>
3)
Submitted by: David Malone <dwmalone@maths.tcd.ie>
|