snprintf/vsnprintf return < 0 on error, rather than -1.

Remove useless <sys/socketvar.h> includes.

ok kettenis@, visa@, claudio@, deraadt@

consistently use the evtimer wrappers around the connection timeout.

this is instead of setting the timeout up with event_set and
event_add, but removing it with evtimer_del. this uses evtimer_set
and evtimer_add.

include stdarg.h explicitly instead of relying on event.h to bring it in.

Sync the severity of the syslog_* functions shared between identd, slowcgi,
tftp-proxy and tftpd to the severity used in log.c style loggers.
This also fixes an issue where syslog_err and syslog_errx logged with
different severities.

Sure deraadt@

removed unused function; from Edgar Pettijohn

Add format attribute to logger functions.
Input & OK benno@

Fix pledge request to allow for setgroups.

setgroups needed "proc" before the introduction of "id" on 2015/10/17.
Initial patch from Gregor Best, from which I further removed "proc".

Pledge support for the parent/resolver in identd(8).

This limits the resolver to just "stdio getpw" or "stdio getpw rpath"
depending on whether ~/.noident files are checked.

The child/listener cannot use pledge yet because it calls a sysctl that
hasn't been whitelisted.

"commit" deraadt@

avoid ioctl FIONBIO by passing SOCK_NONBLOCK to the things we get
sockets out of.

for guenther@

ignore SIGPIPE so we can handle the write(2) failures.

instead of exiting on an unknown write failure, close the client
connection on EPIPE from write and warn and close the connection
on any other failure.

ok jmatthew@

consider the default failure handling for errors on socket operations to
close the socket rather than kill the program.

tested for a few days on the student shell box at work.

based on discussion with guenther@

f the parent builts up a list of replies for the child, it helps
to readd the write event if there's still items on the list.

this lets things that do a lot of requests in parallel (like npm)
work betterer through a squid proxy using ident for auth.

ok jmatthew@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Use errx() after getpwnam() failure since errno may not be set.
All other privsep / privdrop daemons do this the same way.
OK florian@ some time ago

Cleanup of getopt argument: -p is not supported anymore.

ok deraadt@, dlg@

the return from asprintf does NOT include the space used by the
terminating \0 character. if i want to use it as a c string i have
to take that into account.

found by simon kuhnle who supplied a good bug report. prodded by deraadt@

get bytes off the wire as unsigned char so we can pass them to
identd_parse() and then isspace()/isdigit() as appropriately promoted
values.

based on discussion with deraadt@ and guenther@

handle lack of prototype

no need for netinet/ip_var.h (and friends)

implement -H, which hides existing and non-existent users, as well as
implying -h.

feedback and ok from jmc@ and dlg@

add -h to usage();

implement -h from libexec/identd, which hides usernames/uids.

support src/libexec/identd's -e option in src/usr.sbin/identd, ok dlg@

sizeof(&foo) isnt as good as sizeof(foo).

found by sthen@

use stat to see if ~/.noident is there to avoid reimplementing a security
issue from 1988 when using open.

pointed out by deraadt@

fix usage to reflect the currently accepted getopt things.

remove support for specifying which port you want to run on. there's no
point.

well argued by deraadt@

add support for returning uids instead of usernames via -n, like libexec
identd.

add support for -N as per libexec/identd. this lets users put
.noident in their homedir to have this identd return HIDDEN-USER
instead of their username.

handle ENOBUFS on the SEQPACKET socketpair between the child and the parent
procs. if this happens it would mean the parent has a backlog of work cos
of slow username resolutions. in that situation the child should tell the
client theres an error, but not die.

this factors out a bit of code to handle generating errors for the client
and closing the socket.

reviewed by jmatthew@

kill redundant prototype
OK dlg@

7 #include which are not needed

a tiny bit of knf; mostly whitespace

dont need to event_add the parent to child writing events twice. especially
if something stops you from having something to write after the first
event_add but before the second one.

thank you to Henri Kemppainen for the find.

whitespace fixes. no functional change

limit the client to 256 bytes of input. if they send too much we just close
the connection.

requested by deraadt@

switch from having a timeout after every read/write for the client
connection to a timeout for the whole session. means a client cant sit
there feeding us a byte at a time for long periods, consuming fds on the
server.

it seems to simplify the code a bit too.

requested by deraadt@

handle EMFILE/ENFILE from accept by disabling handling of events on the
listeners for a second. modelled on how this has been solved in other
network daemons.

this is a new identd daemon to replace the libexec one that can be run
from inetd. it is an event driven non-blocking implemention using libevent.

it features support for privilege separation and revocation. network
connections are handled by a chrooted and unprivileged process, while the
username lookups are handled by an unprivileged process. the lookups can
block while the network handling can continue.

it also features support for handling concurrent client connections.

its currently lacking support for handling dotfiles in homedirs like the
libexec one, and some error handling on accept. its going into the tree
so it can be worked on with a history of changes.

Remove useless <sys/socketvar.h> includes.

ok kettenis@, visa@, claudio@, deraadt@

consistently use the evtimer wrappers around the connection timeout.

this is instead of setting the timeout up with event_set and
event_add, but removing it with evtimer_del. this uses evtimer_set
and evtimer_add.

include stdarg.h explicitly instead of relying on event.h to bring it in.

Sync the severity of the syslog_* functions shared between identd, slowcgi,
tftp-proxy and tftpd to the severity used in log.c style loggers.
This also fixes an issue where syslog_err and syslog_errx logged with
different severities.

Sure deraadt@

removed unused function; from Edgar Pettijohn

Add format attribute to logger functions.
Input & OK benno@

Fix pledge request to allow for setgroups.

setgroups needed "proc" before the introduction of "id" on 2015/10/17.
Initial patch from Gregor Best, from which I further removed "proc".

Pledge support for the parent/resolver in identd(8).

This limits the resolver to just "stdio getpw" or "stdio getpw rpath"
depending on whether ~/.noident files are checked.

The child/listener cannot use pledge yet because it calls a sysctl that
hasn't been whitelisted.

"commit" deraadt@

avoid ioctl FIONBIO by passing SOCK_NONBLOCK to the things we get
sockets out of.

for guenther@

ignore SIGPIPE so we can handle the write(2) failures.

instead of exiting on an unknown write failure, close the client
connection on EPIPE from write and warn and close the connection
on any other failure.

ok jmatthew@

consider the default failure handling for errors on socket operations to
close the socket rather than kill the program.

tested for a few days on the student shell box at work.

based on discussion with guenther@

f the parent builts up a list of replies for the child, it helps
to readd the write event if there's still items on the list.

this lets things that do a lot of requests in parallel (like npm)
work betterer through a squid proxy using ident for auth.

ok jmatthew@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Use errx() after getpwnam() failure since errno may not be set.
All other privsep / privdrop daemons do this the same way.
OK florian@ some time ago

Cleanup of getopt argument: -p is not supported anymore.

ok deraadt@, dlg@

the return from asprintf does NOT include the space used by the
terminating \0 character. if i want to use it as a c string i have
to take that into account.

found by simon kuhnle who supplied a good bug report. prodded by deraadt@

get bytes off the wire as unsigned char so we can pass them to
identd_parse() and then isspace()/isdigit() as appropriately promoted
values.

based on discussion with deraadt@ and guenther@

handle lack of prototype

no need for netinet/ip_var.h (and friends)

implement -H, which hides existing and non-existent users, as well as
implying -h.

feedback and ok from jmc@ and dlg@

add -h to usage();

implement -h from libexec/identd, which hides usernames/uids.

support src/libexec/identd's -e option in src/usr.sbin/identd, ok dlg@

sizeof(&foo) isnt as good as sizeof(foo).

found by sthen@

use stat to see if ~/.noident is there to avoid reimplementing a security
issue from 1988 when using open.

pointed out by deraadt@

fix usage to reflect the currently accepted getopt things.

remove support for specifying which port you want to run on. there's no
point.

well argued by deraadt@

add support for returning uids instead of usernames via -n, like libexec
identd.

add support for -N as per libexec/identd. this lets users put
.noident in their homedir to have this identd return HIDDEN-USER
instead of their username.

handle ENOBUFS on the SEQPACKET socketpair between the child and the parent
procs. if this happens it would mean the parent has a backlog of work cos
of slow username resolutions. in that situation the child should tell the
client theres an error, but not die.

this factors out a bit of code to handle generating errors for the client
and closing the socket.

reviewed by jmatthew@

kill redundant prototype
OK dlg@

7 #include which are not needed

a tiny bit of knf; mostly whitespace

dont need to event_add the parent to child writing events twice. especially
if something stops you from having something to write after the first
event_add but before the second one.

thank you to Henri Kemppainen for the find.

whitespace fixes. no functional change

limit the client to 256 bytes of input. if they send too much we just close
the connection.

requested by deraadt@

switch from having a timeout after every read/write for the client
connection to a timeout for the whole session. means a client cant sit
there feeding us a byte at a time for long periods, consuming fds on the
server.

it seems to simplify the code a bit too.

requested by deraadt@

handle EMFILE/ENFILE from accept by disabling handling of events on the
listeners for a second. modelled on how this has been solved in other
network daemons.

this is a new identd daemon to replace the libexec one that can be run
from inetd. it is an event driven non-blocking implemention using libevent.

it features support for privilege separation and revocation. network
connections are handled by a chrooted and unprivileged process, while the
username lookups are handled by an unprivileged process. the lookups can
block while the network handling can continue.

it also features support for handling concurrent client connections.

its currently lacking support for handling dotfiles in homedirs like the
libexec one, and some error handling on accept. its going into the tree
so it can be worked on with a history of changes.