1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-30 12:04:07 +00:00
Commit Graph

203 Commits

Author SHA1 Message Date
David Malone
cbdbb7252f Under some unusual conditions, inetd can leak a open file discriptor
into a child process. Rather than closing the discriptors manually,
mark all discriptors as close-on-exec.

PR:		47694
Submitted by:	Max Okumoto <okumoto@ucsd.edu>
Obtained from:	NetBSD
MFC after:	2 weeks
2003-02-23 16:54:19 +00:00
David Malone
c40f2eef16 After calling login_getclass, be sure to call login_close so that
we don't leak memory. Only one of these two cases (reconfig) actually
causes a leak because the other is usually followed by an exec.

PR:		46845
Reviewed by:	David Wang <dsw@juniper.net>
MFC after:	2 weeks
2003-02-23 16:49:14 +00:00
Hajimu UMEMOTO
6431ecd0a1 The tcp_wrappers function `fromhost()' can fail. In such
cases, the `struct sockaddr' will not be allocated.

Reported by:	nectar
MFC after:	2 days
2003-02-13 17:08:23 +00:00
Robert Watson
42c0e331cd Using LOGIN_SETALL &~LOGIN_SETMAC to avoid setting the MAC label improperly,
rather than specifically setting the process priority and resource class;
otherwise, we improperly set other aspects of the login class.  We have
a bit more to do here, but the proper fix will probably involve breaking
out MAC labels from the login class at some point, as well as further
clarifying the logic here.

Pointed out by:	kuriyama, max
2003-01-16 03:41:57 +00:00
Robert Watson
15e90ad4c5 For now, set only the resource limits and process priority associated
with a class, rather than all aspects of the class when switching
classes for an inetd service.  Because we hard-code /daemon in the
current inetd implementation, using SETALL has unfortunate side-effects
involving the MAC code, and potentially other credential related
settings in the future.  This change maintains the DoS-resistent
aspects of the class behavior, which is all that is promised in the
inetd man page.

A larger set of diffs providing more pluggability and configurability
was deferred for this more simple approach in the short term.

Reviewed by:	ache
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-01-08 17:10:11 +00:00
Garrett Wollman
cd9a4d5d7a Add used #include <limits.h>. 2002-10-27 17:46:53 +00:00
David Malone
7718f45c22 When printing the wait status, break it down into a signal and a exit status.
PR:		41912
Submitted by:	Aaron Smith <aaron@mutex.org>
MFC after:	2 weeks
2002-09-04 21:00:45 +00:00
David Malone
85d28cb43f Swap sense of no_v[46]bind variables and rename as v[46]bind_ok -
this avoids some double negatives which are a bit difficult to
parse.

Always tread v[46]bind{,_ok} as booleans.
2002-09-04 20:31:53 +00:00
David Malone
6d4129d240 Fix parsing of unix domain entries after addition of IPv6 RPC support.
PR:		40771
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-09-04 20:15:20 +00:00
David Malone
60c1ef970b Don't initialise policy, v4bind and v6bind where the variables are
declared - it was bad style and caused a bug. v[46]bind need to be
reset whenever we go to the "more:" label.

Jean-Luc and I came up with this patch independently, so it had
better be right!

PR:		40771
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-09-02 20:07:14 +00:00
David Malone
d0c55c69c9 tpc -> tcp in an error message.
PR:		40771
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-09-02 20:00:46 +00:00
David Malone
fa11816b52 Clear up a few warnings (unused variable, rpc versions are usigned so use %u,
rename a parameter to avoid shadowing a global).

MFC after:	1 month
2002-09-02 19:58:15 +00:00
Ruslan Ermilov
a654c53e16 mdoc(7) police: Removed redundant .Ns calls. 2002-08-13 16:07:28 +00:00
Hajimu UMEMOTO
09b1c35707 Add capability for limiting the maximum number of simultaneous
invocations of each service from a single IP address.

Requested by:	matusita
Reviewed by:	dwmalone
Tested by:	matusita on snapshots.jp.FreeBSD.org
MFC after:	2 weeks
2002-08-07 17:03:14 +00:00
Hajimu UMEMOTO
fc99a00c7f use IPV6_V6ONLY instead of non standard IPV6_BINDV6ONLY.
MFC after:	1 week
2002-07-22 15:22:53 +00:00
Tony Finch
ae5fafd8c8 Fix typo: corrisponds -> corresponds 2002-07-22 13:58:58 +00:00
Alfred Perlstein
d14ca883cb add support for rpc IPv6 (rpc/udp/46 ...)
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-07-15 19:09:33 +00:00
Philippe Charnier
490d5836b5 The .Nm utility 2002-07-14 14:47:15 +00:00
Juli Mallett
0ec563a548 Replace the SWAP(var0,var1) macro with SWAP(type,var0,var1) and use it as
is appropriate to avoid using typeof/__typeof__.  It is worth noting that
SWAP() is only ever used to swap pointer values so 'void *' assumptions would
have been acceptable, but I'd gladly pay you tuesday for a cheeseburger^W
cleaner interface today.

Poked into submission by:	bde
2002-06-22 10:44:47 +00:00
Juli Mallett
d3a4920c06 Unused macro. 2002-06-22 10:34:08 +00:00
Juli Mallett
35ea397030 __FBSDID() strategic insertion. 2002-06-21 11:52:59 +00:00
Juli Mallett
edb616bbdc Kill __P, yuck. 2002-06-21 11:42:37 +00:00
Juli Mallett
2306f8e98f Mark unused variables __unused.
Built standalone, inetd(8) is WARNS=5 clean, WARNS=6 if you ignore %m fits.
2002-06-21 11:40:03 +00:00
Juli Mallett
0e23eb871d Use __typeof__ instead of typeof. 2002-06-21 11:25:11 +00:00
Juli Mallett
8aea60beea Kill bad whitespace and do some style cleanups as a result of the protoize. 2002-06-21 11:24:21 +00:00
Juli Mallett
081713dc5b ANSI prototypes via protoize(1). 2002-06-21 11:18:42 +00:00
John W. De Boskey
24aaa74c83 Log invalid config entries. Make the -d option actually log to
the terminal(-d fix from dwmalone).

Approved by:	dwmalone
MFC after:	2 weeks
2002-05-26 04:43:26 +00:00
Hajimu UMEMOTO
89511d9db3 Make compilable without -DINET6. 2002-05-08 17:20:08 +00:00
Hajimu UMEMOTO
7f59d20d17 Log address family of a connection.
Requested by:	matusita
Reviewed by:	matusita
2002-05-08 16:39:58 +00:00
Dima Dorfman
cce4c4fd8b Correct spacing. 2002-04-16 09:56:28 +00:00
Dima Dorfman
76183f3453 Introduce a version field to `struct xucred' in place of one of the
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being).  Accordingly, change users of
xucred to set and check this field as appropriate.  In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former.  This also has the pleasant sideaffect of removing some
duplicate code.

Reviewed by:	rwatson
2002-02-27 04:45:37 +00:00
Sheldon Hearn
fa4ec4a5c2 Fix a typo.
Reported by:	Jurrien Koopmans <jjkoopmans@home.nl>
2001-12-11 13:14:48 +00:00
Dima Dorfman
f328d583a2 Use CFLAGS, not COPTS, in the Makefile. bsd.prog.mk conveniently adds
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults.  Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.

Approved by:	bde
2001-09-05 20:10:59 +00:00
Ruslan Ermilov
753d686d34 mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
David E. O'Brien
90e655ea4e Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
2001-07-20 06:20:32 +00:00
David Malone
b14326ea9a Turn off WARNS stuff. When combined with -nostdinc and system header
files that aren't WARNS clean it causes trouble.
2001-07-17 19:00:47 +00:00
David Malone
20e1eb2130 o Remove old setproctitle.
o Mark unused variables.
o Set WARNS?=2
o Results in no code changes.

Submitted by:	Mike Barcroft <mike@q9media.com>
2001-07-17 07:12:57 +00:00
Dima Dorfman
f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Ruslan Ermilov
a4c37c816b mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 15:12:08 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Ruslan Ermilov
5cdd6aaac6 mdoc(7) police: fixed markup, sorted xrefs. 2001-07-05 07:37:33 +00:00
Dima Dorfman
b63a058632 mdoc(7) police: fix spacing and punctuation issues. 2001-07-03 21:22:09 +00:00
David Malone
a933327c4b Don't add -Wall, as it's a compiler specific flag. 2001-06-24 09:20:42 +00:00
David Malone
b585f768e1 Fix most of the warnings given by WARNS=2. 2001-06-24 09:20:07 +00:00
Dima Dorfman
a910f192bb Remove duplicate words. 2001-06-24 01:34:38 +00:00
David Malone
1c8d1174b7 Give inetd the ability to manage unix domain sockets. Details of
how to use this feature are in the man page. This is based on work
by Lyndon Nerenberg.

(The only difficult part about this patch is the fact that you
can't fchown a unix domain socket, which means the sockets must be
put in a secure directory).

Reviewed by:	dillon
2001-06-16 18:54:54 +00:00
Maxim Sobolev
8657581bfd Correct cross-reference:
portmap.8 --> rpcbind.8

Submitted by:	.Xr testing script
2001-06-07 16:59:19 +00:00
David Malone
d57dbd1615 Get rid of se_ctladdrinitok, which doesn't do anything and seemes
to have been accidently imported when ipv6 support was added to
inetd.

Approved by:	ume
2001-06-06 20:00:42 +00:00
David Malone
aca66ea036 Correct a comment - the time service returns seconds since 1900 not 1970.
Submitted by:	ru
2001-06-04 11:47:08 +00:00
David Malone
9a0b3389d5 This patch cleans up the ident stuff in inetd. The code which has
been patched so many times it was a bit of a mess. There are style,
code and man page cleanups. The following are the functional changes:

	The RFC only permits the returning of 4 possible error
	codes, make sure we only return these (PR 27636).

	Use MAXLOGNAME to determine the longest usernames.

	Add a -i flag, which returns the uid instead of the username
	(this is from a PR 25787, which also contained alot of the
	cleanups in this patch).

PR:		25787, 27636
Partially Submitted by:	Arne.Dag.Fidjestol@idi.ntnu.no
Reviewed by:	Arne.Dag.Fidjestol@idi.ntnu.no, green
MFC after:	3 weeks
2001-06-04 11:43:29 +00:00