summaryrefslogtreecommitdiffstats
path: root/usr.sbin/identd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-2/+2
|
* Remove useless <sys/socketvar.h> includes.mpi2018-01-051-2/+2
| | | | ok kettenis@, visa@, claudio@, deraadt@
* consistently use the evtimer wrappers around the connection timeout.dlg2017-07-041-3/+3
| | | | | | this is instead of setting the timeout up with event_set and event_add, but removing it with evtimer_del. this uses evtimer_set and evtimer_add.
* include stdarg.h explicitly instead of relying on event.h to bring it in.dlg2017-07-041-1/+2
|
* Sync the severity of the syslog_* functions shared between identd, slowcgi,florian2017-05-261-5/+5
| | | | | | | | tftp-proxy and tftpd to the severity used in log.c style loggers. This also fixes an issue where syslog_err and syslog_errx logged with different severities. Sure deraadt@
* removed unused function; from Edgar Pettijohnderaadt2017-04-181-15/+1
|
* Different compilers and versions of compilers have different warnings.jsg2017-04-161-2/+2
| | | | | | Remove -Werror to give code a greater chance of building. ok deraadt@ florian@
* Add format attribute to logger functions.florian2016-09-041-14/+27
| | | | Input & OK benno@
* No need for SRCS, identd.c is deduced from PROG and make(1) rules.jca2016-02-011-2/+1
|
* Fix pledge request to allow for setgroups.jca2015-10-241-2/+2
| | | | | setgroups needed "proc" before the introduction of "id" on 2015/10/17. Initial patch from Gregor Best, from which I further removed "proc".
* Pledge support for the parent/resolver in identd(8).doug2015-10-161-1/+14
| | | | | | | | | | This limits the resolver to just "stdio getpw" or "stdio getpw rpath" depending on whether ~/.noident files are checked. The child/listener cannot use pledge yet because it calls a sysctl that hasn't been whitelisted. "commit" deraadt@
* avoid ioctl FIONBIO by passing SOCK_NONBLOCK to the things we getdlg2015-08-201-14/+7
| | | | | | sockets out of. for guenther@
* ignore SIGPIPE so we can handle the write(2) failures.dlg2015-08-201-2/+9
| | | | | | | | instead of exiting on an unknown write failure, close the client connection on EPIPE from write and warn and close the connection on any other failure. ok jmatthew@
* consider the default failure handling for errors on socket operations todlg2015-08-041-6/+13
| | | | | | | | close the socket rather than kill the program. tested for a few days on the student shell box at work. based on discussion with guenther@
* f the parent builts up a list of replies for the child, it helpsdlg2015-03-271-1/+4
| | | | | | | | | to readd the write event if there's still items on the list. this lets things that do a lot of requests in parallel (like npm) work betterer through a squid proxy using ident for auth. ok jmatthew@
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-2/+3
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* Use errx() after getpwnam() failure since errno may not be set.claudio2014-07-131-2/+2
| | | | | All other privsep / privdrop daemons do this the same way. OK florian@ some time ago
* Cleanup of getopt argument: -p is not supported anymore.tobias2014-07-081-2/+2
| | | | ok deraadt@, dlg@
* the return from asprintf does NOT include the space used by thedlg2014-01-071-2/+2
| | | | | | | terminating \0 character. if i want to use it as a c string i have to take that into account. found by simon kuhnle who supplied a good bug report. prodded by deraadt@
* get bytes off the wire as unsigned char so we can pass them todlg2013-11-211-2/+2
| | | | | | | identd_parse() and then isspace()/isdigit() as appropriately promoted values. based on discussion with deraadt@ and guenther@
* handle lack of prototypederaadt2013-11-121-2/+2
|
* no need for netinet/ip_var.h (and friends)deraadt2013-10-241-2/+1
|
* implement -H, which hides existing and non-existent users, as well asokan2013-07-172-10/+21
| | | | | | implying -h. feedback and ok from jmc@ and dlg@
* add -h to usage();jmc2013-04-291-2/+2
|
* implement -h from libexec/identd, which hides usernames/uids.dlg2013-04-292-12/+55
|
* support src/libexec/identd's -e option in src/usr.sbin/identd, ok dlg@sthen2013-04-232-9/+22
|
* sizeof(&foo) isnt as good as sizeof(foo).dlg2013-04-231-3/+3
| | | | found by sthen@
* use stat to see if ~/.noident is there to avoid reimplementing a securitydlg2013-04-231-15/+5
| | | | | | issue from 1988 when using open. pointed out by deraadt@
* i copied too much from the tftpd manpage. identd doesnt take a directorydlg2013-04-231-2/+1
| | | | argument.
* fix usage to reflect the currently accepted getopt things.dlg2013-04-231-3/+3
|
* i forgot to add -n and -N to the synopsisdlg2013-04-231-2/+2
|
* remove support for specifying which port you want to run on. there's nodlg2013-04-232-16/+3
| | | | | | point. well argued by deraadt@
* add support for returning uids instead of usernames via -n, like libexecdlg2013-04-232-4/+26
| | | | identd.
* add support for -N as per libexec/identd. this lets users putdlg2013-04-232-12/+66
| | | | | .noident in their homedir to have this identd return HIDDEN-USER instead of their username.
* handle ENOBUFS on the SEQPACKET socketpair between the child and the parentdlg2013-04-221-18/+44
| | | | | | | | | | | procs. if this happens it would mean the parent has a backlog of work cos of slow username resolutions. in that situation the child should tell the client theres an error, but not die. this factors out a bit of code to handle generating errors for the client and closing the socket. reviewed by jmatthew@
* kill redundant prototypeflorian2013-04-051-2/+1
| | | | OK dlg@
* 7 #include which are not neededderaadt2013-03-201-8/+2
|
* a tiny bit of knf; mostly whitespacederaadt2013-03-201-19/+11
|
* dont need to event_add the parent to child writing events twice. especiallydlg2013-03-191-3/+1
| | | | | | | if something stops you from having something to write after the first event_add but before the second one. thank you to Henri Kemppainen for the find.
* make the arg name for -t consistent, and add STANDARDS;jmc2013-03-181-3/+11
|
* jmc pointed out i didnt replace the placeholders with the year and my name.dlg2013-03-181-2/+2
|
* whitespace fixes. no functional changedlg2013-03-181-8/+8
|
* limit the client to 256 bytes of input. if they send too much we just closedlg2013-03-181-1/+15
| | | | | | the connection. requested by deraadt@
* switch from having a timeout after every read/write for the clientdlg2013-03-181-61/+43
| | | | | | | | | | connection to a timeout for the whole session. means a client cant sit there feeding us a byte at a time for long periods, consuming fds on the server. it seems to simplify the code a bit too. requested by deraadt@
* handle EMFILE/ENFILE from accept by disabling handling of events on thedlg2013-03-181-7/+28
| | | | | listeners for a second. modelled on how this has been solved in other network daemons.
* this is a new identd daemon to replace the libexec one that can be rundlg2013-03-183-0/+1153
from inetd. it is an event driven non-blocking implemention using libevent. it features support for privilege separation and revocation. network connections are handled by a chrooted and unprivileged process, while the username lookups are handled by an unprivileged process. the lookups can block while the network handling can continue. it also features support for handling concurrent client connections. its currently lacking support for handling dotfiles in homedirs like the libexec one, and some error handling on accept. its going into the tree so it can be worked on with a history of changes.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.