summaryrefslogtreecommitdiffstats
path: root/usr.sbin/inetd
Commit message (Collapse)AuthorAgeFilesLines
...
* Allow service alias names from /etc/services to be used when specifyingsheldonh1999-07-022-6/+26
| | | | | | | | | | | | | | | | | | | | | internal services in inetd.conf . The inetd(8) manpage used to say that the official name of a service _must_ be used, yet inetd itself was hardcoded to used a service alias for the auth service, namely ident! Rather than change inetd.conf and break existing configurations on next upgrade, we now allow service aliases as well as official names. This allows the software to work as expected and still support existing configurations. This should not breaking existing wrapped configurations either and the inetd(8) manpage already states that it is the service name specified in inetd.conf that is used for calls to hosts_access(3). PR: 11796 Reported by: Alex Charalabidis <alex@wnm.net> Approved by: des
* Clarify that the services name, as specified in inetd.conf, for ansheldonh1999-07-021-1/+9
| | | | | internal service should be used as the daemon name when constructing hosts_access(5) rules.
* Ommitted in previous commit message:sheldonh1999-06-302-2/+2
| | | | Submitted by: David Malone <dwmalone@maths.tcd.ie>
* Enable wrapping for dgram services and fix logging so that -l reallysheldonh1999-06-302-33/+51
| | | | does log all connections.
* Sync usage() with the manpage.sheldonh1999-06-281-2/+3
| | | | Approved by: mpp
* Fix broken logic: (!wrap || log) -> (!wrap && log) .sheldonh1999-06-281-2/+2
| | | | Reported by: David Malone <dwmalone@maths.tcd.ie>
* Fix the SYNOPSIS to reflect that the -w option can be specified twice.sheldonh1999-06-271-2/+2
| | | | | Requested by: obrien Approved by: mpp
* Add command-line option (-w), specified once to enable wrapping andsheldonh1999-06-273-37/+45
| | | | | | | | | | | | | twice to enable wrapping for internal wrapping as well. If the option is not specified wrapping is turned off so that inetd will behave exactly as it used to before TCP Wrappers was imported. Change etc/defaults/rc.conf so as to encourage wrapping on new systems. Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the manual page. Approved by: jkh
* Use Dq mdoc tag for double-quoted words.sheldonh1999-06-211-12/+33
|
* Fix handling of maximum children and connections per minute.sheldonh1999-06-211-20/+28
| | | | Submitted by: David Malone <dwmalone@maths.tcd.ie>
* Various fixes for inetd's TCP Wrappers support:sheldonh1999-06-173-24/+26
| | | | | | | | | | | | | | | | | | | | | 1) Handle forking and non-forking internal services correctly. Turn on wrapping for internal services because it works now. 2) Preserve server names for each service on HUP. 3) Honour hosts_options(5) severity option. 4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers usage and limitations. This change may cause previously allowed builtin services (e.g. daytime) to be denied in existing configurations. PR: 12097 Reviewed by: markm 1) Reported by: Pierre Beyssac <pb@fasterix.freenix.org> 2) Submitted by: Masachika ISHIZUKA <ishizuka@ish.org> 3) Submitted by: David Malone <dwmalone@maths.tcd.ie>
* Don't stop listening to the signal pipe just because you don't havedes1999-05-111-6/+6
| | | | | | anything else to do. PR: 10468, 11594
* There seems to be a problem (most likely when there is no hosts.allow)markm1999-05-071-2/+2
| | | | with wrapping the internal services, so do not wrap them for now.
* MFS: sort reference list and embelish history.obrien1999-05-011-5/+9
|
* Fix the "internal" wrapping as well as a nasty bug involvingmarkm1999-04-113-9/+17
| | | | | | | the daemon name vs the path. Also fix some warnings and improve the wrapper section of the man page. Nice debugging work by: Sheldon Hearn
* Now inetd(8) has direct support for tcp_wrappers! Not working at themarkm1999-03-283-9/+80
| | | | | moment is support for the internal serfvices, so these are not enabled. Volunteers welcome!
* Make machtime() function unsigned long instead of long.danny1999-01-051-5/+5
| | | | Reviewed by: phk
* Style cleanups.des1999-01-021-42/+33
| | | | Requested by: bde
* Back out rev. 1.42 and 1.43. Apply Graham Wheeler's signal handling patch.des1998-12-281-73/+115
| | | | | | Reviewed by: jkh & eivind Submitted by: Graham Wheeler <gram@cdsec.com> PR: bin/8183
* Remove signal mask prior to calling execdillon1998-12-151-1/+2
|
* Reviewed by: freebsd-currentdillon1998-12-111-27/+63
| | | | | Fix signal/library corruption by blocking all signals except during select(). The reported corruption was with reentrancy in the malloc lib.
* Add an "internal" driver for the "ident" protocol (tcp/113).phk1998-11-041-1/+31
| | | | | | | | It will return "ERROR:HIDDEN-USER" for all requests. To use it add: ident stream tcp nowait root internal to inetd.conf
* Bruce says that %p is intended to format void pointers only. So use a void *jb1998-08-181-2/+2
| | | | | cast. There are pointers and then there are _pointers_. One day I'll figure out which are which. 8-)
* Remove a cast and print the pointer value with %p instead of %x.jb1998-08-171-4/+4
|
* Add (struct timezone *) cast to NULL for K&Rache1998-07-241-4/+4
|
* Use NULL as gettimeofday arg instead of 0 castache1998-07-231-8/+8
| | | | | Add missing arg to error diagnostic Print yet one arg of error diagnostic
* last patch misapplied.phk1998-07-221-2/+2
|
* This may apply to all known versions of inetd.phk1998-07-221-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | For a tcp/nowait connection, inetd invokes accept(2) for each pending connection; this call returns a file descriptor associated with the new connection. Twelve years ago, code was added to inetd to detect "failing servers". The heuristic that identifies a failing server is one that has been invoked a large number of times over some specified interval (e.g., more than 128 ftp services started in 60 seconds may flag the ftp service as "failing"). These compile-time constants vary depending on vendor. The problem is that, when a failing server is detected, the code neglects to close the file descriptor returned by the accept(2). Security-Implications: I suppose someone with ample free time could orchestrate an attack buy pummeling services until the inetd process finally runs out of file descriptors thus rendering inetd useless to any new connections that require a new descriptor. PR: 7286 Reviewed by: phk Submitted by: Jeff Forys <jeff@forys.cranbury.nj.us>
* Spelling fixes.phk1998-06-101-2/+2
| | | | | | PR: 6903 Reviewed by: phk Submitted by: Josh Gilliam <josh@quick.net>
* Small typo in T/TCP patch ("speicfy" -> "specify").pb1998-05-151-2/+2
|
* On request of Garrett, ad a way to specify that a service should beguido1998-05-142-3/+20
| | | | | reachable via T/TCP Reviewed by: Garrett Wollman
* Fixed gross errors in previous commit. `sapipe' was used uninitializedbde1998-05-111-7/+11
| | | | | | | | | | to attempt to unblock SIGCHLD, but we actually want to unignore SIGPIPE. Obtained from: OpenBSD Finished conversion from sigvec to sigaction (don't assume that sa_mask is a scalar...). Didn't convert from sigblock to sigprocmask. Didn't fix missing error checking for sigaction...
* Unblock SIGPIPE before execv(); convert from sigvec to sigactionguido1998-05-081-16/+18
| | | | Obtained from: OpenBSD
* Redo tcpmux stuff. tcpmux handling is now performed after inetdguido1998-05-071-15/+20
| | | | | | | forks. Furthermore, invalid input for tcpmux does not lead to an exiting inetd. This patch is recommended for people running tcpmux (which is NOT enabled by default)
* Document the requirement for TCPMUX to also be enabled as an internalwollman1998-04-131-1/+12
| | | | | | service if any external TCPMUX servers are desired. PR: 826
* Make maxchild and max child-per-minute default values configurable frompst1998-02-242-20/+62
| | | | the command line or Makefile.
* Add possibility to specify maximum number of connections per minutedima1997-10-292-8/+132
| | | | | for a given IP address. This should be very effective against DoS attacks.
* Implement group part now, final syntax is:ache1997-10-282-17/+49
| | | | user[:group][/login-class]
* Implement login classes sepcification as user[/loginclass]ache1997-10-272-10/+56
| | | | | By default inetd run things with the same limits as from /etc/rc (daemon class) to not break anything as in good old days.
* Use err(3).charnier1997-09-192-50/+49
|
* Remove and odd sleep found by David Holland and posted to -security.imp1997-08-291-3/+4
| | | | | Reviewed by: Theo de Raadt (who put it into OpenBSD) Submitted by: David Holland <dholland@eecs.harvard.edu>
* login_getclass() -> login_getpwclass().davidn1997-05-101-3/+2
|
* Condition SO_PRIVSTATE twiddling on the definedness of SO_PRIVSTATE.wollman1997-04-281-1/+3
| | | | (This was done as a #ifdef to keep source compatibility between 2.2 and 3.0.)
* compare return value from getopt against -1 rather than EOF, per the finalimp1997-03-311-2/+2
| | | | posix standard on the topic.
* Revert $FreeBSD$ to $Id$peter1997-02-223-3/+3
|
* The "-a" option for inetd specifies a specific IP address for thejulian1997-02-051-0/+1
| | | | | | | | | | | server to bind to. This works until you send it a SIGHUP with a new service defined ... the new service is bound to INADDR_ANY. This patch fixes this bug (in both RELENG_2_2 and -current). This is a 2.2 candidate..(i.e. pure bug fix) Submitted by: Archie Cobbs (archie@whistle.com)
* Sort cross references.wosch1997-01-201-2/+2
|
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-143-3/+3
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Implement minimal login class support (ie: does a setusercontext()).peter1997-01-132-2/+27
| | | | Enabled by defining LOGIN_CAP in Makefile, on by default.
* Reviewed by: Bill fennerjulian1996-11-103-76/+227
| | | | | | | | | | | Submitted by: Archie Cobbs (Archie@whistle.com) Changes to allow inted to control the number of servers to start on each service. This is a defence against a denial of service attack in which the system is made unusable by an external party. It also allows the behaviour of small memory systems to be more accuratly predicted, by bounding the extent to which processes can multiply.
OpenPOWER on IntegriCloud