Commit 0018d742 authored by Marco d'Itri's avatar Marco d'Itri

Debian release 0.20040915-1

parent de0ab31f
CC = cc
CFLAGS = -O2 -g
OPTS = -DLIBWRAP
LDFLAGS = -lwrap
CC := gcc
CFLAGS := -O2 -g
OPTS := -DLIBWRAP
LDFLAGS := -lwrap
all: inetd
.c.o:
$(CC) $(CFLAGS) $(OPTS) -c $<
inetd: inetd.o setproctitle.o
inetd: inetd.o setproctitle.o strlcpy.o
$(CC) $(LDFLAGS) -o $@ $^
clean:
rm -f inetd inetd.o setproctitle.o
rm -f inetd inetd.o setproctitle.o strlcpy.o
update:
cvs update
......
IPv6 support
~~~~~~~~~~~~
Things you need to know if you want to enable IPv6 support for daemons
spawned by inetd:
- the tcp46/udp46 pseudo-protocol names introduced by some linux inetd
programs are silently interpreted as tcp6/udp6.
- if you use a standard kernel you must add only a tcp6 line. inetd then
listen for both IPv6 and IPv4 connections
- if you use a USAGI kernel you must add a tcp4 and/or a tcp6 line
openbsd-inetd (0.20040915-1) unstable; urgency=low
* New CVS snapshot.
+ Fixes gcc 4.0 FTBFS. (Closes: #287860)
* Made the init script source /etc/default/openbsd-inetd, if present.
(Closes: #251224)
* Documented in inetd(8) that switching between binding to INADDR_ANY and
to a specific address requires restarting the daemon. (Closes: #242392)
* Added code to create the requested type of IPv6 socket using
setsockopt(IPPROTO_IPV6). This requires a modern 2.4 or 2.6 kernel.
* Added Conflicts+Replaces+Provides: netkit-inetd to fully replace it.
prerm will unlink netkit-inetd's conffiles and the init script is
named openbsd-inetd to allow purging netkit-inetd.
Alternative solutions to both issues are welcome.
* Changed the default inetd.conf to satisfy people who think that every
listening socket is a security hole: no internal services are enabled
by default. This means that the daemon will not even be started by the
init script until some service is enabled in inetd.conf.
* Removed from the default inetd.conf the already-commented examples
of the internal services which are actually dangerous to run.
-- Marco d'Itri <md@linux.it> Sun, 2 Jan 2005 02:40:43 +0100
openbsd-inetd (0.20020802-1) unstable; urgency=low
* New package.
......
......@@ -2,12 +2,15 @@ Source: openbsd-inetd
Section: net
Priority: extra
Maintainer: Marco d'Itri <md@linux.it>
Standards-Version: 3.5.6.1
Build-Depends: debhelper (>= 4.0), libwrap0-dev
Standards-Version: 3.6.1.1
Package: openbsd-inetd
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, netkit-inetd
Depends: ${shlibs:Depends}, ${misc:Depends}, netbase
Conflicts: netkit-inetd
Replaces: netkit-inetd
Provides: netkit-inetd
Description: The OpenBSD Internet Superserver
The inetd server is a network daemon program that specializes in managing
incoming network connections. Its configuration file tells it what
......
This is a port of the original OpenBSD inetd daemon downloaded from CVS.
Some features have been merged from the NetBSD source tree.
It has a standard 4-clauses BSD license.
It has a standard 3-clauses BSD license (/usr/share/common-licenses/BSD).
setproctitle.c and discard_stupid_environment() come from netkit 0.17
setproctitle.c and discard_stupid_environment() come from netkit 0.17,
patched by the USAGI project.
strlcpy.c comes from the openbsd source tree, slightly edited.
#!/bin/sh
#!/bin/sh -e
#
# start/stop inetd super server.
# start/stop the inetd super server.
if ! [ -x /usr/sbin/inetd -o -e /etc/inetd.conf ]; then
exit 0
fi
DAEMON=/usr/sbin/inetd
[ -x $DAEMON -a -e /etc/inetd.conf ] || exit 0
[ -e /etc/default/openbsd-inetd ] && . /etc/default/openbsd-inetd
checkportmap () {
if grep -v "^ *#" /etc/inetd.conf | grep 'rpc/' >/dev/null; then
if ! [ -x /usr/bin/rpcinfo ]; then
echo
echo "WARNING: rpcinfo not available - RPC services may be unavailable!"
echo " (Commenting out the rpc services in inetd.conf will"
echo " disable this message)"
echo
elif ! /usr/bin/rpcinfo -u localhost portmapper >/dev/null 2>&1; then
echo
echo "WARNING: portmapper inactive - RPC services unavailable!"
echo " (Commenting out the rpc services in inetd.conf will"
echo " disable this message)"
echo
fi
fi
if ! grep -v -s "^ *#" /etc/inetd.conf | grep -q -s 'rpc/'; then
return 0
fi
if [ ! -x /usr/bin/rpcinfo ]; then
echo
echo "WARNING: rpcinfo not available - RPC services may be unavailable!"
echo " (Commenting out the rpc services in inetd.conf will"
echo " disable this message)"
echo
elif ! /usr/bin/rpcinfo -u localhost portmapper >/dev/null 2>&1; then
echo
echo "WARNING: portmapper inactive - RPC services unavailable!"
echo " (Commenting out the rpc services in inetd.conf will"
echo " disable this message)"
echo
fi
}
checknoservices () {
if ! grep -q "^[0-9A-Za-z/]" /etc/inetd.conf; then
echo " no services configured, inetd not started."
echo " no services enabled, inetd not started."
exit 0
fi
}
......@@ -36,36 +40,34 @@ case "$1" in
checkportmap
echo -n "Starting internet superserver:"
checknoservices
echo -n " inetd"
start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid --exec /usr/sbin/inetd
echo "."
start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid \
--exec $DAEMON -- $OPTIONS
echo " inetd."
;;
stop)
echo -n "Stopping internet superserver:"
echo -n " inetd"
start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid --exec /usr/sbin/inetd
echo "."
start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \
--exec $DAEMON --oknodo
echo " inetd."
;;
reload)
reload|force-reload)
echo -n "Reloading internet superserver:"
echo -n " inetd"
start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid --signal 1
echo "."
;;
force-reload)
$0 reload
start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \
--oknodo --signal 1
echo " inetd."
;;
restart)
echo -n "Restarting internet superserver:"
start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid
start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \
--exec $DAEMON --oknodo
checkportmap
checknoservices
echo -n " inetd"
start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid --exec /usr/sbin/inetd
echo "."
start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid \
--exec $DAEMON -- $OPTIONS
echo " inetd."
;;
*)
echo "Usage: /etc/init.d/inetd {start|stop|reload|restart}"
echo "Usage: /etc/init.d/inetd {start|stop|reload|force-reload|restart}"
exit 1
;;
esac
......
#!/bin/sh -e
case "$1" in
configure)
# remove the conffiles of the netkit-inetd package
if [ -e /etc/cron.daily/netkit-inetd ]; then
rm -f /etc/cron.daily/netkit-inetd /etc/init.d/inetd
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "$0 called with unknown argument '$1'" >&2
exit 1
;;
esac
#DEBHELPER#
#!/bin/sh -e
if [ "$1" = "install" -a -x /etc/init.d/inetd ]; then
/etc/init.d/inetd stop
fi
DIVERT="/usr/sbin/inetd /usr/share/man/man8/inetd.8.gz /usr/share/man/man5/inetd.conf.5.gz"
if [ install = "$1" -o upgrade = "$1" ]; then
for file in $DIVERT; do
dpkg-divert --package openbsd-inetd --add --rename \
--divert $file.netkit $file
done
fi
# create a new /etc/inetd.conf file if it doesn't already exist
if [ ! -f /etc/inetd.conf ]; then
cat <<EOF >/etc/inetd.conf
create_inetd() {
[ -e /etc/inetd.conf ] && return 0
cat <<EOF > /etc/inetd.conf
# /etc/inetd.conf: see inetd(8) for further informations.
#
# Internet server configuration database
# Internet superserver configuration database
#
#
# Lines starting with "#:LABEL:" or "#<off>#" should not
......@@ -32,16 +21,10 @@ if [ ! -f /etc/inetd.conf ]; then
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
#:INTERNAL: Internal services
#echo stream tcp nowait root internal
#echo dgram udp wait root internal
#chargen stream tcp nowait root internal
#chargen dgram udp wait root internal
discard stream tcp nowait root internal
discard dgram udp wait root internal
daytime stream tcp nowait root internal
#daytime dgram udp wait root internal
time stream tcp nowait root internal
#time dgram udp wait root internal
#discard stream tcp nowait root internal
#discard dgram udp wait root internal
#daytime stream tcp nowait root internal
#time stream tcp nowait root internal
#:STANDARD: These are standard services.
......@@ -51,8 +34,8 @@ time stream tcp nowait root internal
#:INFO: Info services
#:BOOT: Tftp service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers."
#:BOOT: TFTP service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers."
#:RPC: RPC based services
......@@ -61,7 +44,42 @@ time stream tcp nowait root internal
#:OTHER: Other services
EOF
chmod 644 /etc/inetd.conf
fi
##DEBHELPER##
chmod 644 /etc/inetd.conf
}
upgrade_from_old_inetd() {
if [ "$2" ] && dpkg --compare-versions "$2" ge 0.20040915-1; then
return 0
fi
# XXX the binary will change after removing the diversions, so we want
# to be sure that the daemon has been stopped by that time
start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid
# remove the diversions created by old versions of this package
DIVERT="/usr/sbin/inetd /usr/share/man/man8/inetd.8.gz /usr/share/man/man5/inetd.conf.5.gz"
for file in $DIVERT; do
[ -e $file.netkit ] || continue
rm -f $file
dpkg-divert --package openbsd-inetd --remove --divert $file.netkit $file
done
}
case "$1" in
install)
create_inetd
;;
upgrade|abort-upgrade)
upgrade_from_old_inetd "$@"
;;
*)
echo "$0 called with unknown argument '$1'" >&2
exit 1
;;
esac
#DEBHELPER#
shlibs:Depends=libc6 (>= 2.2.5-13), libwrap0
#!/bin/sh -e
# XXX to be removed when netkit-inetd is gone
[ -x /etc/init.d/inetd ] && /etc/init.d/inetd restart
##DEBHELPER##
#!/bin/sh -e
DIVERT="/usr/sbin/inetd /usr/share/man/man8/inetd.8.gz /usr/share/man/man5/inetd.conf.5.gz"
if [ remove = "$1" ]; then
for file in $DIVERT; do
dpkg-divert --package openbsd-inetd --remove --rename \
--divert $file.netkit $file
done
fi
##DEBHELPER##
#!/usr/bin/make -f
# Make the shell exit with an error if an untested command fails.
SHELL+= -e
export DH_COMPAT=4
#export DH_VERBOSE=1
D := $(shell pwd)/debian/openbsd-inetd
build:
dh_testdir
$(MAKE) -f Makefile.debian
touch build
touch $@
clean:
dh_testdir
-rm -f build
$(MAKE) -f Makefile.debian clean
-cd debian && rm -rf openbsd-inetd files* substvars *debhelper
dh_clean
binary-arch: checkroot build
dh_testdir
dh_clean -k
dh_clean
dh_installdirs usr/sbin/ usr/share/man/man5
dh_installdocs
dh_installman inetd.8
dh_installchangelogs ChangeLog
dh_link usr/share/man/man8/inetd.8.gz \
usr/share/man/man5/inetd.conf.5.gz
install --mode=755 inetd debian/openbsd-inetd/usr/sbin/
# XXX I do not want to jump the hoops needed to make every program happy, so
# until we can dump netkit-inetd this package will use its init script
# dh_installinit --init-script=inetd --update-rcd-params="defaults 20"
install --mode=755 inetd $D/usr/sbin/
dh_installinit --update-rcd-params="defaults 20" #--name=inetd
dh_strip
dh_compress
dh_fixperms
dh_shlibdeps
dh_gencontrol
dh_installdeb
dh_gencontrol
dh_builddeb
binary: binary-arch
......
......@@ -170,7 +170,7 @@ The part on the right of the
is the RPC version number.
This can simply be a single numeric argument or a range of versions.
A range is bounded by the low version to the high version -
.Dq rusers/1-3 .
.Dq rusers/1\-3 .
For
.Ux
domain sockets this field specifies the path name of the socket.
......@@ -376,7 +376,7 @@ Support for
.Tn TCP
wrappers is included with
.Nm
to provide internal tcpd-like access control functionality.
to provide built-in tcpd-like access control functionality.
An external tcpd program is not needed.
You do not need to change the
.Pa /etc/inetd.conf
......@@ -420,11 +420,14 @@ and IPv6 traffic will go to server on
If you have only one server on
.Dq tcp6 ,
only IPv6 traffic will be routed to the server.
.Pp
The special
.Dq tcp46
parameter can be used for obsolete servers which require to receive IPv4
connections mapped in an IPv6 socket. Its usage is discouraged.
.El
.Sh SEE ALSO
.Xr comsat 8 ,
.Xr fingerd 8 ,
.Xr ftp-proxy 8 ,
.Xr ftpd 8 ,
.Xr identd 8 ,
.Xr rshd 8 ,
......@@ -440,7 +443,15 @@ Support for Sun-RPC
based services is modelled after that
provided by SunOS 4.1.
IPv6 support was added by the KAME project in 1999.
.Pp
Marco d'Itri ported this code from OpenBSD in summer 2002 and added
socket buffers tuning and libwrap support from the NetBSD source tree.
.Sh BUGS
On Linux systems, the daemon cannot reload its configuration and needs
to be restarted when the host address for a service is changed between
.Dq \&*
and a specific address.
.Pp
Host address specifiers, while they make conceptual sense for RPC
services, do not work entirely correctly.
This is largely because the
......
......@@ -139,6 +139,7 @@ static const char rcsid[] = "$OpenBSD: inetd.c,v 1.122 2004/09/15 08:46:00 otto
#include <sys/un.h>
#include <sys/file.h>
#include <sys/wait.h>
#include <time.h>
#include <sys/time.h>
#include <sys/resource.h>
......@@ -351,13 +352,13 @@ main(int argc, char *argv[], char *envp[])
extern char *optarg;
extern int optind;
initsetproctitle(argc, argv, envp);
/* This must come _after_ initsetproctitle */
discard_stupid_environment();
progname = strrchr(argv[0], '/');
progname = progname ? progname + 1 : argv[0];
initsetproctitle(argc, argv, envp);
/* This must be called _after_ initsetproctitle */
discard_stupid_environment();
while ((ch = getopt(argc, argv, "dilq:R:")) != -1)
switch (ch) {
case 'd':
......@@ -607,10 +608,8 @@ dg_badinput(struct sockaddr *sa)
case 0: case 127: case 255:
goto bad;
}
#ifdef HAVE_GETIFADDRS
if (dg_broadcast(&in))
goto bad;
#endif
break;
case AF_INET6:
in6 = &((struct sockaddr_in6 *)sa)->sin6_addr;
......@@ -643,10 +642,10 @@ bad:
return (1);
}
#ifdef HAVE_GETIFADDRS
int
dg_broadcast(struct in_addr *in)
{
#ifdef HAVE_GETIFADDRS
struct ifaddrs *ifa, *ifap;
struct sockaddr_in *sin;
......@@ -663,9 +662,9 @@ dg_broadcast(struct in_addr *in)
}
}
freeifaddrs(ifap);
#endif
return (0);
}
#endif
/* ARGSUSED */
void
......@@ -885,7 +884,7 @@ doconfig(void)
if (isdigit(protoname[strlen(protoname) - 1]))
protoname[strlen(protoname) - 1] = '\0';
#else
/* tcp46 must be ignored too */
/* strip the numbers from tcp46/tcp6 */
char *p;
strncpy(protoname, sep->se_proto,
sizeof(protoname));
......@@ -1037,6 +1036,16 @@ setsockopt(fd, SOL_SOCKET, opt, &on, sizeof (on))
if (strncmp(sep->se_proto, "tcp", 3) == 0 && (options & SO_DEBUG) &&
turnon(sep->se_fd, SO_DEBUG) < 0)
syslog(LOG_ERR, "setsockopt (SO_DEBUG): %m");
else if (strncmp(sep->se_proto, "tcp6", 4) == 0) {
if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &on,
sizeof (on)) < 0)
syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m");
} else if (strncmp(sep->se_proto, "tcp46", 5) == 0) {
int off = 0;
if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &off,
sizeof (off)) < 0)
syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m");
}
if (turnon(sep->se_fd, SO_REUSEADDR) < 0)
syslog(LOG_ERR, "setsockopt (SO_REUSEADDR): %m");
#undef turnon
......@@ -1242,6 +1251,8 @@ getconfigent(void)
{
struct servtab *sep, *tsep;
char *arg, *cp, *hostdelim, *s;
char *cp0, *buf0, *buf1, *sz0, *sz1;
int val;
int argc;
sep = (struct servtab *) malloc(sizeof(struct servtab));
......
/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */
/*
* Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* (Old style prototype traslated)
*/
#include <sys/types.h>
#include <string.h>
/*
* Copy src to string dst of size siz. At most siz-1 characters
* will be copied. Always NUL terminates (unless siz == 0).
* Returns strlen(src); if retval >= siz, truncation occurred.
*/
size_t strlcpy(char *dst, const char *src, size_t siz)
{
register char *d = dst;
register const char *s = src;
register size_t n = siz;
/* Copy as many bytes as will fit */
if (n != 0 && --n != 0) {
do {
if ((*d++ = *s++) == 0)
break;
} while (--n != 0);
}
/* Not enough room in dst, add NUL and traverse rest of src */
if (n == 0) {
if (siz != 0)
*d = '\0'; /* NUL-terminate dst */
while (*s++)
;
}
return(s - src - 1); /* count does not include NUL */
}
localhost:1111 stream tcp4 nowait md /usr/sbin/tcpd /usr/sbin/try-from
#1111 stream tcp6 nowait md /usr/sbin/tcpd /usr/sbin/try-from
ip6-localhost:2222 stream tcp46 nowait md /usr/sbin/tcpd /usr/sbin/in.telnetd
2220 stream tcp46 nowait md /usr/sbin/tcpd /usr/sbin/try-from
2221 stream tcp nowait md /usr/sbin/tcpd /usr/sbin/try-from
2224 stream tcp4 nowait.3 md /usr/sbin/tcpd /usr/sbin/try-from
......@@ -8,4 +12,4 @@ ip6-localhost:2222 stream tcp46 nowait md /usr/sbin/tcpd /usr/sbin/in.telnetd
9999 stream tcp6 nowait md /bin/false false
#/tmp/sock stream unix nowait md /usr/sbin/try-from
#/tmp/sock stream unix nowait md /usr/sbin/try-from
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment