| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt | |
| possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol) | |||
| 2014-07-13 | Use errx() after getpwnam() failure since errno may not be set. | Claudio Jeker | |
| All other privsep / privdrop daemons do this the same way. OK florian@ some time ago | |||
| 2014-07-08 | Cleanup of getopt argument: -p is not supported anymore. | Tobias Stoeckmann | |
| ok deraadt@, dlg@ | |||
| 2014-01-07 | the return from asprintf does NOT include the space used by the | David Gwynne | |
| terminating \0 character. if i want to use it as a c string i have to take that into account. found by simon kuhnle who supplied a good bug report. prodded by deraadt@ | |||
| 2013-11-21 | get bytes off the wire as unsigned char so we can pass them to | David Gwynne | |
| identd_parse() and then isspace()/isdigit() as appropriately promoted values. based on discussion with deraadt@ and guenther@ | |||
| 2013-11-12 | handle lack of prototype | Theo de Raadt | |
| 2013-10-24 | no need for netinet/ip_var.h (and friends) | Theo de Raadt | |
| 2013-07-17 | implement -H, which hides existing and non-existent users, as well as | Okan Demirmen | |
| implying -h. feedback and ok from jmc@ and dlg@ | |||
| 2013-04-29 | add -h to usage(); | Jason McIntyre | |
| 2013-04-29 | implement -h from libexec/identd, which hides usernames/uids. | David Gwynne | |
| 2013-04-23 | support src/libexec/identd's -e option in src/usr.sbin/identd, ok dlg@ | Stuart Henderson | |
| 2013-04-23 | sizeof(&foo) isnt as good as sizeof(foo). | David Gwynne | |
| found by sthen@ | |||
| 2013-04-23 | use stat to see if ~/.noident is there to avoid reimplementing a security | David Gwynne | |
| issue from 1988 when using open. pointed out by deraadt@ | |||
| 2013-04-23 | i copied too much from the tftpd manpage. identd doesnt take a directory | David Gwynne | |
| argument. | |||
| 2013-04-23 | fix usage to reflect the currently accepted getopt things. | David Gwynne | |
| 2013-04-23 | i forgot to add -n and -N to the synopsis | David Gwynne | |
| 2013-04-23 | remove support for specifying which port you want to run on. there's no | David Gwynne | |
| point. well argued by deraadt@ | |||
| 2013-04-23 | add support for returning uids instead of usernames via -n, like libexec | David Gwynne | |
| identd. | |||
| 2013-04-23 | add support for -N as per libexec/identd. this lets users put | David Gwynne | |
| .noident in their homedir to have this identd return HIDDEN-USER instead of their username. | |||
| 2013-04-22 | handle ENOBUFS on the SEQPACKET socketpair between the child and the parent | David Gwynne | |
| procs. if this happens it would mean the parent has a backlog of work cos of slow username resolutions. in that situation the child should tell the client theres an error, but not die. this factors out a bit of code to handle generating errors for the client and closing the socket. reviewed by jmatthew@ | |||
| 2013-04-05 | kill redundant prototype | Florian Obser | |
| OK dlg@ | |||
| 2013-03-20 | 7 #include which are not needed | Theo de Raadt | |
| 2013-03-20 | a tiny bit of knf; mostly whitespace | Theo de Raadt | |
| 2013-03-19 | dont need to event_add the parent to child writing events twice. especially | David Gwynne | |
| if something stops you from having something to write after the first event_add but before the second one. thank you to Henri Kemppainen for the find. | |||
| 2013-03-18 | make the arg name for -t consistent, and add STANDARDS; | Jason McIntyre | |
| 2013-03-18 | jmc pointed out i didnt replace the placeholders with the year and my name. | David Gwynne | |
| 2013-03-18 | whitespace fixes. no functional change | David Gwynne | |
| 2013-03-18 | limit the client to 256 bytes of input. if they send too much we just close | David Gwynne | |
| the connection. requested by deraadt@ | |||
| 2013-03-18 | switch from having a timeout after every read/write for the client | David Gwynne | |
| connection to a timeout for the whole session. means a client cant sit there feeding us a byte at a time for long periods, consuming fds on the server. it seems to simplify the code a bit too. requested by deraadt@ | |||
| 2013-03-18 | handle EMFILE/ENFILE from accept by disabling handling of events on the | David Gwynne | |
| listeners for a second. modelled on how this has been solved in other network daemons. | |||
| 2013-03-18 | this is a new identd daemon to replace the libexec one that can be run | David Gwynne | |
| from inetd. it is an event driven non-blocking implemention using libevent. it features support for privilege separation and revocation. network connections are handled by a chrooted and unprivileged process, while the username lookups are handled by an unprivileged process. the lookups can block while the network handling can continue. it also features support for handling concurrent client connections. its currently lacking support for handling dotfiles in homedirs like the libexec one, and some error handling on accept. its going into the tree so it can be worked on with a history of changes. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |