MFC further inetd(8) cleanup: r356204, r356215, r356217-r356218,
r356246-r356248, r356254, r356318

r356204:
inetd: don't leak `policy` on return

sep->se_policy gets a strdup'd version of policy, so we don't need it to
stick around afterwards.

While here, remove a couple of NULL checks prior to free(policy).

r356215:
inetd: knock out some clang analyze warnings

chargen_dg: clang-analyze is convinced that endring could be non-NULL at
entry, and thus wants to assume that rs == NULL. Just independently
initialize rs if it's NULL to appease the analyzer.

getconfigent: policy leaks on return

free_connlist: reorganize the loop to make it clear that we're not going to
access `conn` after it's been freed.

cpmip/hashval: left-shifts performed will result in UB as we take
signed 0xABC3D20F and left shift it by 5.

r356217:
inetd: prefer strtonum(3) to strspn(3)+atoi(3), NFC

strtonum(3) does effectively the same validation as we had, but it's more
concise.

r356218:
inetd: prefer strlcpy to strlen(3) check + strcpy(3), NFC

This is again functionally equivalent but more concise.

r356246:
inetd: add some macros for checking child limits, NFC

The main point here is capturing the maxchild > 0 check. A future change to
inetd will start tracking all of the child pids so that it can give proper
and consistent notification of process exit/signalling.

r356247:
inetd: track all child pids, regardless of maxchild spec

Currently, child pids are only tracked if maxchildren is specified. As a
consequence, without a maxchild limit we do not get a notice in syslog on
children aborting abnormally. This turns out to be a great debugging aide at
times.

Children are now tracked in a LIST; the management interface is decidedly
less painful when there's no upper bound on the number of entries we may
have at the cost of one small allocation per connection.

r356248:
inetd: convert remaining bzero(3) to memset(3), NFC

This change is purely in the name of noise reduction from static analyzers
that want to complain that bzero(3) is obsolete in favor of memset(3).

With this, clang-analyze at least is now noise free. WARNS= 6 also appears
to have been OK for some time now, so drop the current setting and opt for
the default.

r356254:
inetd: final round of trivial cleanup, NFC

Highlights:
- Use MAX() for maxsock raising; small readability improvement IMO
- malloc(3) + memset(3) -> calloc(3) where appropriate
- stop casting the return value of malloc(3)
- mallloc(3) -> reallocarray(3) where appropriate

A future change may enter capability mode when forking for some of the
built-in handlers.

r356318:
inetd: fix WITHOUT_TCP_WRAPPERS build after r356248

After increasing WARNS, building WITHOUT_TCP_WRAPPERS failed because of
some unused variables.

MFC r310921, r311354, r315644: Light inetd(8) cleanup

r310921:
- Add static for symbols which need not to be exported.
- Clean up warnings to the WARNS=6 level.

r311354:
Fix build when WITHOUT_INET6 is defined.

r315644:
Simplify a pipe for signal handling.

Revert r330897:

This was intended to be a non-functional change. It wasn't. The commit
message was thus wrong. In addition it broke arm, and merged crypto
related code.

Revert with prejudice.

This revert skips files touched in r316370 since that commit was since
MFCed. This revert also skips files that require $FreeBSD$ property
changes.

Thank you to those who helped me get out of this mess including but not
limited to gonzo, kevans, rgrimes.

Requested by: gjb (re)

Partial merge of the SPDX changes

These changes are incomplete but are making it difficult
to determine what other changes can/should be merged.

No objections from: pfg

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Replace the use of wall clock time with monotonically increasing
clock. In general, gettimeofday() is not appropriate interface
when accounting for elasped time because it can go backward, in
which case the policy code could errornously consider the limit
as exceeded.

MFC after: 1 week
Reported by: Mahesh Arumugam
Submitted by: Dorr H. Clark via gnn
Sponsored by: Citrix / NetScaler

Removed T/TCP bits.

Revert previous commit for now, which seems to have (re)introduced some
old bugs, as well as some unwanted side effects. I will do more
investigation and fix these issues first.

Pointed out by: dwmalone

Improves and cleanups over inetd(8):

- Teach inetd(8) about kqueue, originally implemented by jmg@[1].
- Use new C99 style function prototypes instead of K&Rs.
- Raise WARNS from 2 to 6

Glanced at by: ru
MFC After: 2 weeks

[1] http://people.freebsd.org/~jmg/inetd.kq.patch,
http://people.freebsd.org/~jmg/inetd.kq.html

Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)

Add capability for limiting the maximum number of simultaneous
invocations of each service from a single IP address.

Requested by: matusita
Reviewed by: dwmalone
Tested by: matusita on snapshots.jp.FreeBSD.org
MFC after: 2 weeks

Kill __P, yuck.

Fix most of the warnings given by WARNS=2.

Give inetd the ability to manage unix domain sockets. Details of
how to use this feature are in the man page. This is based on work
by Lyndon Nerenberg.

(The only difficult part about this patch is the fact that you
can't fchown a unix domain socket, which means the sockets must be
put in a secure directory).

Reviewed by: dillon

Get rid of se_ctladdrinitok, which doesn't do anything and seemes
to have been accidently imported when ipv6 support was added to
inetd.

Approved by: ume

This patch cleans up the ident stuff in inetd. The code which has
been patched so many times it was a bit of a mess. There are style,
code and man page cleanups. The following are the functional changes:

The RFC only permits the returning of 4 possible error
codes, make sure we only return these (PR 27636).

Use MAXLOGNAME to determine the longest usernames.

Add a -i flag, which returns the uid instead of the username
(this is from a PR 25787, which also contained alot of the
cleanups in this patch).

PR: 25787, 27636
Partially Submitted by: Arne.Dag.Fidjestol@idi.ntnu.no
Reviewed by: Arne.Dag.Fidjestol@idi.ntnu.no, green
MFC after: 3 weeks

Various cleanups of inetd: Avoid shadowing variables, use socklen_t
instead of ints, don't cast to char *, clear up some remote name
handling code which had become a little odd.

Should result in no functional changes.

Tidy up some prototypes:
make sure there is exactly one prototype for each function,
use K&R style definitions everywhere to match dominant style,
make flag_signal take an int to avoid problems if we have
ANSI prototypes and K&R definitions.

Fix two typos in comments.

PR: 22268
Submitted by: Daniel S. Lewart <d-lewart@uiuc.edu>

several tcp apps IPv6 update
-inetd
-rshd
-rlogind
-telnetd
-rsh
-rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project

$Id$ -> $FreeBSD$

This commit encompasses the following changes to inetd:
1. Cleanups of ident_stream. "Evil" stdio is less used.
2. The BSD Copyright was added to the top of builtins.c.
3. As suggested, a timeout is now implemented in the ident
service. It defaults to 10 seconds. If enough people want
it, I'll make it configurable.

Suggested by: msmith

Move code for all builtin services from inetd.c to builtins.c, including
the Green Piece. :-)

In future, new builtin services are less likely to need to touch the
already tangled inetd.c .