Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Update a couple of comments relating to RFCs.

Port 37 (RFC 738) style times are supposed to be a 32 bit time since
1900 in network byte order. Use a uint32_t to calculate and send
the time, so that we don't need to know how big ints or longs are.

I used uint32_t instead of int in the patch, on the off chance
someone uses our inetd source on a system that doesnt 32 bit ints.

PR: 95290
Submitted by: Bruce Becker <hostmaster@whois.gts.net>
MFC after: 2 weeks

Fix typo: corrisponds -> corresponds

__FBSDID() strategic insertion.

Kill __P, yuck.

Mark unused variables __unused.

Built standalone, inetd(8) is WARNS=5 clean, WARNS=6 if you ignore %m fits.

Kill bad whitespace and do some style cleanups as a result of the protoize.

ANSI prototypes via protoize(1).

Introduce a version field to `struct xucred' in place of one of the
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being). Accordingly, change users of
xucred to set and check this field as appropriate. In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former. This also has the pleasant sideaffect of removing some
duplicate code.

Reviewed by: rwatson

o Remove old setproctitle.
o Mark unused variables.
o Set WARNS?=2
o Results in no code changes.

Submitted by: Mike Barcroft <mike@q9media.com>

Fix most of the warnings given by WARNS=2.

Correct a comment - the time service returns seconds since 1900 not 1970.

Submitted by: ru

This patch cleans up the ident stuff in inetd. The code which has
been patched so many times it was a bit of a mess. There are style,
code and man page cleanups. The following are the functional changes:

The RFC only permits the returning of 4 possible error
codes, make sure we only return these (PR 27636).

Use MAXLOGNAME to determine the longest usernames.

Add a -i flag, which returns the uid instead of the username
(this is from a PR 25787, which also contained alot of the
cleanups in this patch).

PR: 25787, 27636
Partially Submitted by: Arne.Dag.Fidjestol@idi.ntnu.no
Reviewed by: Arne.Dag.Fidjestol@idi.ntnu.no, green
MFC after: 3 weeks

Make dg_echo return up to the first 65536 bytes of a datagram.
The patch I used isn't quite the one Lars suggested, but the size
of the largest datagram you can recv isn't #defined anywhere, and
probably isn't even bounded for some protocols.

PR: 25050
Submitted by: Lars Eggert <larse@isi.edu>

Allow ident requests with trailing junk following the terminating "\n".

Reviewed by: ben
Approved by: green

Switch to using a struct xucred instead of a struct xucred when not
actually in the kernel. This structure is a different size than
what is currently in -CURRENT, but should hopefully be the last time
any application breakage is caused there. As soon as any major
inconveniences are removed, the definition of the in-kernel struct
ucred should be conditionalized upon defined(_KERNEL).

This also changes struct export_args to remove dependency on the
constantly-changing struct ucred, as well as limiting the bounds
of the size fields to the correct size. This means: a) mountd and
friends won't break all the time, b) mountd and friends won't crash
the kernel all the time if they don't know what they're doing wrt
actual struct export_args layout.

Reviewed by: bde

Add a -F option to the builtin ident service, which allows .fakeid files
to contain the name of other valid users.

PR: 22837
Submitted by: Andreas Gerstenberg <andy@andy.de>
Reviewed by: green
Reviewed by: sheldonh

Tidy up some prototypes:
make sure there is exactly one prototype for each function,
use K&R style definitions everywhere to match dominant style,
make flag_signal take an int to avoid problems if we have
ANSI prototypes and K&R definitions.

Make some style changes to the ident_stream() code.

Partially submitted by: alfred
Reviewed by: alfred

Security fix: correctly set groups according to the user. Previously,
root's groups' permissions were being used, so a user could read up to
16 (excluding initial whitespace) bytes of e.g. a wheel-accessible file.

Also, don't allow blocking on the opening of ~/.fakeid, so replace a fopen()
with open() and fdopen(). I knew I'd be going to hell for using C file
streams instead of POSIX syscalls...

Stop internal ident service spinning until the timeout if the
connection goes away. Spotted by people on -STABLE about 2 weeks
ago.

Submitted by: Based on a patch by alfred and Maxime Henrion <mux@qualys.com>

Make builtin ident service work if the request arrives in more than
one packet. Also check that the whole request has been recieved
before processing it.

The patch isn't the exact one from the PR, but a slight varient
suggested by Brian.

PR: 16086
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: green

Fix the ident server up more: use ssize_t/size_t/socklen_t/int all in the
proper places and make the fakeid parsing code a bit less stupid. Also,
remove an "Rflag" that snuck in there (-R wouldn't be accepted by it,
anyway).

Fix a 64-bit'ism in the handling of the ident service. sysctlbyname() takes
a size_t as its 3rd argument, which is 64-bits on the alpha. The 'len'
variable used was a int, which is only 32-bits. Use size_t as the type
for 'len' to work-around this.

Optimize those services that send only one block of data: use send(2)
with the MSG_EOF flag set instead of write(2).

Submitted by: David Malone <dwmalone@maths.tcd.ie>
Reviewed by: wollman

Allow using "-d username" without "-r". Example:
auth stream tcp nowait root internal auth -d "Only fools trust ident"

Make inetd compilable without INET6.

Approved by: jkh

Submitted by: jhb

Fix addr length argument value passed to sendto().
Some inetd internal udp servers didn't worked with problem.
Also fix recvfrom() "fromlen" arg type from int * to socklen_t *.

Approved by: jkh

Submitted by: bde

several tcp apps IPv6 update
-inetd
-rshd
-rlogind
-telnetd
-rsh
-rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project

I like base-36 better.

Implement -g and -d options in my ident code. The -g flag uses a random
garbage value for the username (hex garbage, that is), and the -d flag
provides a default username for fallback purposes if the user cannot be
looked up. That is very useful for the case where inetd auth is
running on a NAT box.

While I'm here updating the manpage, clean up an English error and a
few small nits.

$Id$ -> $FreeBSD$

Here goes, the "clear up any possible confusion" commit.
I've taken time to write up comments for the ident code tonight,
so there should no longer be any confusion about the purpouse of
whatever is in there. Wow, me commenting code... who'd have thought
that would happen?

Reviewed by: DES

More cleanups to ident_stream. Variables moved around, changed.
Got rid of an extra variable or two, while making corrections to
problems (that would probably not be a problem anyway, and worked.)

Partially Obtained from: David Malone <dwmalone@maths.tcd.ie>

More cleanups, asprintf() usage (proper, as opposed to using snprintf()),
and addition of a -n .noident-checking flag.

Clean up to match style(9) more closely. This should fix the problem of
people having ants in their pants ;)

Use comments to group functions by service more clearly. I've used the
excuse of providing the RFC numbers for the associated services.

Style nits:
* Bring memory allocation failure handling in line with that of
the rest of the code.
* Nestle block curlies between case statements correctly.

I've left the in-block declarations alone, since style(9) says we should
conform to the existing style within the code, and inetd already does
this. I've left the asprintf()'s in there because that's how Brian wants
it.

Ahem. Put things back a bit. I declare variables in the scope they're
used! I don't declare every variable at the top of a function because
that wastes stack space. I've clarified the error a bit (for if asprintf()
filas.)

Style cleanups for iderror() and ident_stream(). Looks like c++ hang-over.
;-)

Fix auth -t argument handling. It was broken for the "sec.usec" case.
Add a warning for bogus -t arguments for the (debug) case.

Fixed a braino: lack of spaces in sscanf caused ident parsing to fail.
Sorry, guys.

"knobs are cheap". Here's a -t timeout option for the internal ident
service. It takes a number (w/ or w/out .usec) as an argument.

This commit encompasses the following changes to inetd:
1. Cleanups of ident_stream. "Evil" stdio is less used.
2. The BSD Copyright was added to the top of builtins.c.
3. As suggested, a timeout is now implemented in the ident
service. It defaults to 10 seconds. If enough people want
it, I'll make it configurable.

Suggested by: msmith

Move code for all builtin services from inetd.c to builtins.c, including
the Green Piece. :-)

In future, new builtin services are less likely to need to touch the
already tangled inetd.c .