| Age | Commit message (Collapse) | Author |
|---|
|
sockets out of.
for guenther@
|
|
instead of exiting on an unknown write failure, close the client
connection on EPIPE from write and warn and close the connection
on any other failure.
ok jmatthew@
|
|
close the socket rather than kill the program.
tested for a few days on the student shell box at work.
based on discussion with guenther@
|
|
to readd the write event if there's still items on the list.
this lets things that do a lot of requests in parallel (like npm)
work betterer through a squid proxy using ident for auth.
ok jmatthew@
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
All other privsep / privdrop daemons do this the same way.
OK florian@ some time ago
|
|
ok deraadt@, dlg@
|
|
terminating \0 character. if i want to use it as a c string i have
to take that into account.
found by simon kuhnle who supplied a good bug report. prodded by deraadt@
|
|
identd_parse() and then isspace()/isdigit() as appropriately promoted
values.
based on discussion with deraadt@ and guenther@
|
|
|
|
|
|
implying -h.
feedback and ok from jmc@ and dlg@
|
|
|
|
|
|
|
|
found by sthen@
|
|
issue from 1988 when using open.
pointed out by deraadt@
|
|
argument.
|
|
|
|
|
|
point.
well argued by deraadt@
|
|
identd.
|
|
.noident in their homedir to have this identd return HIDDEN-USER
instead of their username.
|
|
procs. if this happens it would mean the parent has a backlog of work cos
of slow username resolutions. in that situation the child should tell the
client theres an error, but not die.
this factors out a bit of code to handle generating errors for the client
and closing the socket.
reviewed by jmatthew@
|
|
OK dlg@
|
|
|
|
|
|
if something stops you from having something to write after the first
event_add but before the second one.
thank you to Henri Kemppainen for the find.
|
|
|
|
|
|
|
|
the connection.
requested by deraadt@
|
|
connection to a timeout for the whole session. means a client cant sit
there feeding us a byte at a time for long periods, consuming fds on the
server.
it seems to simplify the code a bit too.
requested by deraadt@
|
|
listeners for a second. modelled on how this has been solved in other
network daemons.
|
|
from inetd. it is an event driven non-blocking implemention using libevent.
it features support for privilege separation and revocation. network
connections are handled by a chrooted and unprivileged process, while the
username lookups are handled by an unprivileged process. the lookups can
block while the network handling can continue.
it also features support for handling concurrent client connections.
its currently lacking support for handling dotfiles in homedirs like the
libexec one, and some error handling on accept. its going into the tree
so it can be worked on with a history of changes.
|
