Remove RPC define

PR bin/56963 Mark Davies: inetd not configured for rpc

Instead of using negative flags to turn on positive flags, set -DRPC
in the makefile. Corrects a problem where the SunRPC code in parse.c
was accidentally left disabled.

This is a prime example of why we don't like negative flags...

PR/56448: Solomon Ritzow: Various improvements.

Rate limiting code has been moved to ratelimit.c. I renamed
clear_ip_list to rl_clear_ip_list and broke the code up into more
functions. I have also made the per-IP rate limiting allocation more
efficient. IP addresses are now stored in their network format instead
of a string from getnameinfo (see inetd.h struct rl_ip_node). malloc
calls use only the space needed by the structure by using offsetof on
union members (I suppose this can be a bit dangerous if not done
correctly...). Per-IP rate limiting still supports textual comparison
using getnameinfo for address families other than AF_INET and AF_INET6, but I
don't think there are any that are actually compatible or used by inetd (I
haven't tested UNIX sockets with a remote bound to another file, but I did test
using IPv6 with the textual format by commenting out the IPv6 specific
code, and it works properly). Still potentially handy for the future.
The IP node list (se_rl_ip_list) now uses the <sys/queue.h> SLIST macros
instead of a custom list. I've broken rl_process up into helper functions
for each type of rate limiting and created a separate function for
address stringification, for use with printouts from the -d flag. I
tried to reduce stack memory use by moving printing code involving
string buffers into separate functions. I haven't tested rl_ipv6_eq on
a 32-bit system.

The code for the positional syntax has also been moved to parse.c.
Function try_biltin has been added to remove parse.c:parse_server's
dependency on the biltin structure definition.

File inetd.h has been updated with the proper function prototypes, and
the servtab structure has been update with the new IP node SLIST. I also
moved things around a bit. The way we (a peer and myself)
formatted inetd.h previously was somewhat confusing. Function and global
variable prototypes are now organized by the source file they are
defined in.

I also added a -f flag that I saw in another problem report
(https://gnats.netbsd.org/12823) that I thought could be useful. It
runs inetd in the foreground but without debug printouts or SO_DEBUG.
I'm not completely sure about the line "if (foreground) setsid()" that
I changed from "if (debug) setsid()".

inetd: prepare for lint's strict bool mode

Lint's strict bool mode considers bool incompatible with the other
scalar types. This makes the type of expressions more visible in the
code. In particular, conditions of the form '!strcmp(...)' are no
longer allowed, they have to be written as 'strcmp(...) == 0'.

The operator '!' cannot be used with sep->se_wait since that has type
pid_t, not bool.

No change to the resulting binary.

inetd: raise WARNS from 5 to 6

The necessary fixes include:
* explicit integer conversions, to get rid of mixed signedness
* function prototypes for parameterless functions

While here:
* add space after comma
* add space after 'if'
* place the '{' of a function definition on a separate line
* rename variables 'bits' and 'temp' to 'hi' and 'lo'
* in parse_quote, prefer expressions over assignments
* make hex_to_bits static

No functional change.

remove -m32 accidentally committed

fix printf formats (intmax -> j)

Inetd enhancements by James Browning, Gabe Coffland, Alex Gavin, Solomon Ritzow
Described in:
https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html
And developed in:
https://github.com/ritzow/src/pull/1

From their notes:

All new functionality should be explained by the updated manpage.

The manpage has been refactored a bit: A new section "Directives"
has been added and the information about default hostnames and
IPsec directives has been moved there, and the new file include
directive information is also there.

getconfigent has the most major changes. A newline is no longer
read immediately, but is called only by a "goto more" (inside an
if(false) block). This allows multiple definitions or directives
to exist on a single line for anything that doesn't terminate using
a newline. This means a key-values service definition can be followed
by another key-values service definition, a positional definition,
or an ipsec, hostname, or .include directive on the same line.

memset is no longer used explicitly to clear the servtab structure,
a function init_servtab() is used instead, which uses a C struct
initializer.

The servtab se_group field is its own allocation now, and not just
a pointer into the user:group string.

Refactored some stuff out of getconfigent to separate functions
for use by parse_v2.c. These functions in inetd.c are named with
the form parse_*()

parse_v2.c only has code for parsing a key-values service definition
into a provided servtab. It should not have anything that affects
global state other than line and line_number.

Some function prototypes, structures, and #defines have been moved
from inetd.c to inetd.h.

The function config_root replaces config as the function called on
a config file load/reload. The code removed from the end of
config(void) is now called in config_root, so it is not run on each
recursive config call.

setconfig(void) was removed and its code added into config_root
because that is the only place it is called, and redundant checks
for non-null globals were removed because they are always freed by
endconfig. The fseek code was also removed because the config files
are always closed by endconfig.

Rate limiting code was updated to add a per-service per-IP rate
limiting form. Some of that code was refactored out of other places
into functions with names in the form rl_*()

We have not added any of the license or version information to the
new files parse_v2.c, parse_v2.h, and inetd.h and we have not
updated the license or version info for inetd.c.

Security related:

The behavior when reading invalid IPsec strings has changed. Inetd
no longer exits, it quits reading the current config file instead.
Could this impact program security?

We have not checked for memory leaks. Solomon tried to use dmalloc
without success. getconfigent seemed to have a memory leak at each
"goto more". It seems like inetd has never free'd allocated strings
when throwing away erroneous service definitions during parsing
(i.e. when "goto more" is called when parsing fields). OpenBSD's
version calls freeconfig on "goto more"
(https://github.com/openbsd/src/blob/c5eae130d6c937080c3d30d124e8c8b86db7d625/usr.sbin/inetd/inetd.c#L1049)
but NetBSD only calls it when service definitions are no longer
needed. This has been fixed. freeconfig is called immediately before
any "goto more". There shouldn't be any time when a servtab is in
an invalid state where freeconfig would break.

Add blocklist support to libwrap which enables all programs using libwrap
to block access from hosts we deny. (libwrap support from Greg A. Woods)

Back out mDNS changes which were not discussed.
There is design work that needs to be done first.

Add mDNS Service Directory support to inetd(8).
inetd(8) can now advertize services in the mDNS-SD.
(Per service configuration option in inetd.conf(5).)

Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.

Only compile in IPv6 support if ${USE_INET6} != "no"

MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).

__ss_{len,family} #define hack is no longer necessary

CPPFLAGS, not CFLAGS, for -D.

sync with latest libipsec.
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".

dual-stack inetd. you can write "tcp6" or "tcp4" into "protocol" field.
(the style is the rough consensus among v6 implementers so it will be
the standard style)

TODO: test rpc and tcpmux on IPv6.
TODO: test identd over IPv6.

Use pidfile(3).

use CPPFLAGS instead of CFLAGS

branches: 1.13.2;
enable WARNS=1 by default, but disable in unclean 3rd party code

WARNS?=1

merge lite2 [actually, just update ucb sccs id's]

Make the previous dependent on LIBWRAP_INTERNAL, which is not defined by
default.

fix problem with restarting service after SIGHUP (PR 3093)
indicate proper invocation point and RCS ID police (PR 3098)

inetd.5 -> inetd.conf.5, from <jbernard@tater.Mines.EDU>

use the new libwrap functionality to provide tcpd-like functionality
as part of inetd. uses /etc/hosts.{allow,deny} as tcpd does, etc. it
is basically exactly like tcpd except that you don't need to change
the server to /usr/local/sbin/tcpd.

XXX should document better somewhere

specify man pages the new way.

don't need -lutil

Add RCS identifiers.

No need to link in librpc

Add support for starting RPC servers.

branches: 1.1.1;
Initial revision

s/SO_ACCEPTFITLER/SO_ACCEPTFILTER/.

inetd.8: remove trailing whitespace

inetd.8: new sentence, new line; minor formatting issues

PR/56448: Solomon Ritzow: Various improvements.

Rate limiting code has been moved to ratelimit.c. I renamed
clear_ip_list to rl_clear_ip_list and broke the code up into more
functions. I have also made the per-IP rate limiting allocation more
efficient. IP addresses are now stored in their network format instead
of a string from getnameinfo (see inetd.h struct rl_ip_node). malloc
calls use only the space needed by the structure by using offsetof on
union members (I suppose this can be a bit dangerous if not done
correctly...). Per-IP rate limiting still supports textual comparison
using getnameinfo for address families other than AF_INET and AF_INET6, but I
don't think there are any that are actually compatible or used by inetd (I
haven't tested UNIX sockets with a remote bound to another file, but I did test
using IPv6 with the textual format by commenting out the IPv6 specific
code, and it works properly). Still potentially handy for the future.
The IP node list (se_rl_ip_list) now uses the <sys/queue.h> SLIST macros
instead of a custom list. I've broken rl_process up into helper functions
for each type of rate limiting and created a separate function for
address stringification, for use with printouts from the -d flag. I
tried to reduce stack memory use by moving printing code involving
string buffers into separate functions. I haven't tested rl_ipv6_eq on
a 32-bit system.

The code for the positional syntax has also been moved to parse.c.
Function try_biltin has been added to remove parse.c:parse_server's
dependency on the biltin structure definition.

File inetd.h has been updated with the proper function prototypes, and
the servtab structure has been update with the new IP node SLIST. I also
moved things around a bit. The way we (a peer and myself)
formatted inetd.h previously was somewhat confusing. Function and global
variable prototypes are now organized by the source file they are
defined in.

I also added a -f flag that I saw in another problem report
(https://gnats.netbsd.org/12823) that I thought could be useful. It
runs inetd in the foreground but without debug printouts or SO_DEBUG.
I'm not completely sure about the line "if (foreground) setsid()" that
I changed from "if (debug) setsid()".

Use Dq.

Wording and formatting improvements.
New sentence, new line.

Inetd enhancements by James Browning, Gabe Coffland, Alex Gavin, Solomon Ritzow
Described in:
https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html
And developed in:
https://github.com/ritzow/src/pull/1

From their notes:

All new functionality should be explained by the updated manpage.

The manpage has been refactored a bit: A new section "Directives"
has been added and the information about default hostnames and
IPsec directives has been moved there, and the new file include
directive information is also there.

getconfigent has the most major changes. A newline is no longer
read immediately, but is called only by a "goto more" (inside an
if(false) block). This allows multiple definitions or directives
to exist on a single line for anything that doesn't terminate using
a newline. This means a key-values service definition can be followed
by another key-values service definition, a positional definition,
or an ipsec, hostname, or .include directive on the same line.

memset is no longer used explicitly to clear the servtab structure,
a function init_servtab() is used instead, which uses a C struct
initializer.

The servtab se_group field is its own allocation now, and not just
a pointer into the user:group string.

Refactored some stuff out of getconfigent to separate functions
for use by parse_v2.c. These functions in inetd.c are named with
the form parse_*()

parse_v2.c only has code for parsing a key-values service definition
into a provided servtab. It should not have anything that affects
global state other than line and line_number.

Some function prototypes, structures, and #defines have been moved
from inetd.c to inetd.h.

The function config_root replaces config as the function called on
a config file load/reload. The code removed from the end of
config(void) is now called in config_root, so it is not run on each
recursive config call.

setconfig(void) was removed and its code added into config_root
because that is the only place it is called, and redundant checks
for non-null globals were removed because they are always freed by
endconfig. The fseek code was also removed because the config files
are always closed by endconfig.

Rate limiting code was updated to add a per-service per-IP rate
limiting form. Some of that code was refactored out of other places
into functions with names in the form rl_*()

We have not added any of the license or version information to the
new files parse_v2.c, parse_v2.h, and inetd.h and we have not
updated the license or version info for inetd.c.

Security related:

The behavior when reading invalid IPsec strings has changed. Inetd
no longer exits, it quits reading the current config file instead.
Could this impact program security?

We have not checked for memory leaks. Solomon tried to use dmalloc
without success. getconfigent seemed to have a memory leak at each
"goto more". It seems like inetd has never free'd allocated strings
when throwing away erroneous service definitions during parsing
(i.e. when "goto more" is called when parsing fields). OpenBSD's
version calls freeconfig on "goto more"
(https://github.com/openbsd/src/blob/c5eae130d6c937080c3d30d124e8c8b86db7d625/usr.sbin/inetd/inetd.c#L1049)
but NetBSD only calls it when service definitions are no longer
needed. This has been fixed. freeconfig is called immediately before
any "goto more". There shouldn't be any time when a servtab is in
an invalid state where freeconfig would break.

Simplify.

Rework previous (and the text it modified) for clarity.

branches: 1.59.2;
New sentence, new line.

PR/52412: Edgar Pettijohn: Describe the service/port syntax.

Use more markup.

Change manpage reference from talkd to ntalkd.
(Man link does exist, but no binary.)

Back out mDNS changes which were not discussed.
There is design work that needs to be done first.

Bump date for mDNS support.

Add mDNS Service Directory support to inetd(8).
inetd(8) can now advertize services in the mDNS-SD.
(Per service configuration option in inetd.conf(5).)

New sentence, new line; remove trailing whitespace.

Fix typo; also do some minor wording adjustments nearby.

Bump date for previous.

Changed one period into a colon.

Added documentation that inetd can open UNIX-domain sockets. It's been
able to do this for over a decade but it hasn't been documented and it's
quite a nice feature.

Manual pages for accept_filters(9), from FreeBSD. Also, document syntax we
added in NetBSD for specifying accept filters in inetd.conf.

branches: 1.47.2;
Move TNF licenses to 2 clause form

branches: 1.46.4;
Tell what happens if reaches max spawn rate.

(I added this because I forgot it was ten minutes
as defined by RETRYTIME in inetd.c.)

branches: 1.45.10;
Remove useless lines. From YOMURA Masanori in private mail.
While here, remove outdated comment.

note that hosts_allow does not affect internal services

Bump date for previous, and use Em for
emphasis instead of Sy for symbolic for marking up a warning.

Document that TCP wrappers do not work on UDP services, per PR 18960

Allow quoting using single or double quotes inside inetd.conf. Closes
PR 24192 by Tyler Retzlaff.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22366, verified by myself.

.Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.

Fix typos pointed out by Igor Sobrado in PR misc/19621.

Drop some unnecessary .Pp, sort sections and SEE ALSO.

Document TCPmux internal service, per additional discussion of PR 12325.
The text was snatched directly from the comment about it in inetd.c and
modified for better clarity.

Add text to more clearly document that tcpd is not needed, per PR 10754.
Add a FILES section. Add a few more references to SEE ALSO.
Clean up nroff nits (e.g. spaces at end of line).

Mention relevant RFCs in "SEE ALSO".

Improve grammar slightly in the description for IPsec policy settings.

Document that the path to the configuration file given on the command
line must be absolute, unless the -d option is given on the command line.

Clean one paragraph.

add faithd(8) support. with "faith/tcp6" protocol specification,
it will open a socket with setsockopt(IPV6_FAITH).

typo

clarify tcp4/tcp6 interaction.

branches: 1.27.2;
sync with latest libipsec.
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".

refrain using non-standard .Sh. use .Ss.

Typos (from OpenBSD)

A colon is the preferred way to split a user and group name pair; make this
possible and depreciate the use of dot.

branches: 1.23.2;
s/acknowledgment/acknowledgement/

avoid multiple BUGS section.

clearify and woring fix.

document tcp4/tcp6 manipulation.

dual-stack inetd. you can write "tcp6" or "tcp4" into "protocol" field.
(the style is the rough consensus among v6 implementers so it will be
the standard style)

TODO: test rpc and tcpmux on IPv6.
TODO: test identd over IPv6.

More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages. Many more to
come.

Clarify the syntax a bit

Implement a new manual page category ``SECURITY CONSIDERATIONS''
(suggested by mycroft)

Add support for specifying the send and receive socket buffer sizes. This
is especially useful for TCP servers which must specify the receive
socket buffer size before the connection is made so that the connection's
window scale factor can be properly advertised.

Example /etc/inetd.conf configuration line:

shell stream tcp,rcvbuf=1m nowait root /usr/libexec/rshd rshd

That line will cause the rshd to advertise a 1 megabyte window, which could
improve the performance of an rcp in some situations.

adjust documentation to reflect reality per PR#4859

add missing .Nm sections

branches: 1.12.2;
minor .Nm cleanup

merge lite2 [actually, just update ucb sccs id's]

Rewrite of wait/nowait information in light of identd(8) use of wait.
Removed some blank linkes that made bad formatting. (PR 3647)

fix problem with restarting service after SIGHUP (PR 3093)
indicate proper invocation point and RCS ID police (PR 3098)

Get the local-address-part code in here (instead of "comsat" you can
use "127.0.0.1:comsat"). While I'm here, do trailing whitespace
cleanup, .Nm usage police in the manpage, and a couple of trivial text
typo fixes.

xref hosts_access.5 and hosts_options.5

use the new libwrap functionality to provide tcpd-like functionality
as part of inetd. uses /etc/hosts.{allow,deny} as tcpd does, etc. it
is basically exactly like tcpd except that you don't need to change
the server to /usr/local/sbin/tcpd.

XXX should document better somewhere

Fix spelling errors

Allow for a group name to be specified in the ``user'' field: user[.group]
Allow for max # of invocations to be specified; appended to ``wait''
field: wait/nowait[.max]
Allow for RPC specifications in numeric format.
Inetd now stores its pid in `/var/run/inetd.pid'.
Support for AF_UNIX family.

Add RCS indentifiers.

Add support for starting RPC servers.

branches: 1.1.1;
Initial revision

PR/56963: Mark Davies: inetd not configured for rpc
Move RPC includes to inetd.h

PR bin/56963 Mark Davies: inetd not configured for rpc

Instead of using negative flags to turn on positive flags, set -DRPC
in the makefile. Corrects a problem where the SunRPC code in parse.c
was accidentally left disabled.

This is a prime example of why we don't like negative flags...

To an alias address, or in a multihoming environment, the internal dgram
server may respond from a different address than the destination address
sent by the client.
To solve this problem, I introduce sendfromto() and recvfromto() so that
the server can reply from the correct address, i.e., the destination address
used in the request.

This change also has the aspect of a reference implementation using the
RECVDSTADDR and PKTINFO socket options.

inetd: remove trailing whitespace, add space after 'if' and 'for'

No functional change.

PR/56448: Solomon Ritzow: Various improvements.

Rate limiting code has been moved to ratelimit.c. I renamed
clear_ip_list to rl_clear_ip_list and broke the code up into more
functions. I have also made the per-IP rate limiting allocation more
efficient. IP addresses are now stored in their network format instead
of a string from getnameinfo (see inetd.h struct rl_ip_node). malloc
calls use only the space needed by the structure by using offsetof on
union members (I suppose this can be a bit dangerous if not done
correctly...). Per-IP rate limiting still supports textual comparison
using getnameinfo for address families other than AF_INET and AF_INET6, but I
don't think there are any that are actually compatible or used by inetd (I
haven't tested UNIX sockets with a remote bound to another file, but I did test
using IPv6 with the textual format by commenting out the IPv6 specific
code, and it works properly). Still potentially handy for the future.
The IP node list (se_rl_ip_list) now uses the <sys/queue.h> SLIST macros
instead of a custom list. I've broken rl_process up into helper functions
for each type of rate limiting and created a separate function for
address stringification, for use with printouts from the -d flag. I
tried to reduce stack memory use by moving printing code involving
string buffers into separate functions. I haven't tested rl_ipv6_eq on
a 32-bit system.

The code for the positional syntax has also been moved to parse.c.
Function try_biltin has been added to remove parse.c:parse_server's
dependency on the biltin structure definition.

File inetd.h has been updated with the proper function prototypes, and
the servtab structure has been update with the new IP node SLIST. I also
moved things around a bit. The way we (a peer and myself)
formatted inetd.h previously was somewhat confusing. Function and global
variable prototypes are now organized by the source file they are
defined in.

I also added a -f flag that I saw in another problem report
(https://gnats.netbsd.org/12823) that I thought could be useful. It
runs inetd in the foreground but without debug printouts or SO_DEBUG.
I'm not completely sure about the line "if (foreground) setsid()" that
I changed from "if (debug) setsid()".

inetd: remove redundant tests before calling isspace

inetd: remove redundant null check before free

No functional change.

inetd: prepare for lint's strict bool mode

Lint's strict bool mode considers bool incompatible with the other
scalar types. This makes the type of expressions more visible in the
code. In particular, conditions of the form '!strcmp(...)' are no
longer allowed, they have to be written as 'strcmp(...) == 0'.

The operator '!' cannot be used with sep->se_wait since that has type
pid_t, not bool.

No change to the resulting binary.

inetd: normalize indentation and alignment in comments

inetd: fix Clang build

error: implicit conversion changes signedness: 'service_type' to 'int'

inetd: raise WARNS from 5 to 6

The necessary fixes include:
* explicit integer conversions, to get rid of mixed signedness
* function prototypes for parameterless functions

While here:
* add space after comma
* add space after 'if'
* place the '{' of a function definition on a separate line
* rename variables 'bits' and 'temp' to 'hi' and 'lo'
* in parse_quote, prefer expressions over assignments
* make hex_to_bits static

No functional change.

inetd: remove trailing whitespace

Fix reverted logic when parsing server program.
Compare pointer with NULL not 0.

fix printf formats (intmax -> j)

Inetd enhancements by James Browning, Gabe Coffland, Alex Gavin, Solomon Ritzow
Described in:
https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html
And developed in:
https://github.com/ritzow/src/pull/1

From their notes:

All new functionality should be explained by the updated manpage.

The manpage has been refactored a bit: A new section "Directives"
has been added and the information about default hostnames and
IPsec directives has been moved there, and the new file include
directive information is also there.

getconfigent has the most major changes. A newline is no longer
read immediately, but is called only by a "goto more" (inside an
if(false) block). This allows multiple definitions or directives
to exist on a single line for anything that doesn't terminate using
a newline. This means a key-values service definition can be followed
by another key-values service definition, a positional definition,
or an ipsec, hostname, or .include directive on the same line.

memset is no longer used explicitly to clear the servtab structure,
a function init_servtab() is used instead, which uses a C struct
initializer.

The servtab se_group field is its own allocation now, and not just
a pointer into the user:group string.

Refactored some stuff out of getconfigent to separate functions
for use by parse_v2.c. These functions in inetd.c are named with
the form parse_*()

parse_v2.c only has code for parsing a key-values service definition
into a provided servtab. It should not have anything that affects
global state other than line and line_number.

Some function prototypes, structures, and #defines have been moved
from inetd.c to inetd.h.

The function config_root replaces config as the function called on
a config file load/reload. The code removed from the end of
config(void) is now called in config_root, so it is not run on each
recursive config call.

setconfig(void) was removed and its code added into config_root
because that is the only place it is called, and redundant checks
for non-null globals were removed because they are always freed by
endconfig. The fseek code was also removed because the config files
are always closed by endconfig.

Rate limiting code was updated to add a per-service per-IP rate
limiting form. Some of that code was refactored out of other places
into functions with names in the form rl_*()

We have not added any of the license or version information to the
new files parse_v2.c, parse_v2.h, and inetd.h and we have not
updated the license or version info for inetd.c.

Security related:

The behavior when reading invalid IPsec strings has changed. Inetd
no longer exits, it quits reading the current config file instead.
Could this impact program security?

We have not checked for memory leaks. Solomon tried to use dmalloc
without success. getconfigent seemed to have a memory leak at each
"goto more". It seems like inetd has never free'd allocated strings
when throwing away erroneous service definitions during parsing
(i.e. when "goto more" is called when parsing fields). OpenBSD's
version calls freeconfig on "goto more"
(https://github.com/openbsd/src/blob/c5eae130d6c937080c3d30d124e8c8b86db7d625/usr.sbin/inetd/inetd.c#L1049)
but NetBSD only calls it when service definitions are no longer
needed. This has been fixed. freeconfig is called immediately before
any "goto more". There shouldn't be any time when a servtab is in
an invalid state where freeconfig would break.

s/suport/support/

branches: 1.125.4;
Bump MAXARGV from 20 to 64 - with bozohttpd and all config on the command
line it is easy to hit the (silent) limit.

Don't setup SPs if no policy sepecifier is specified

We expect that SPs are set up iff some policy sepecifier(s) are specified.

Found on investigating an issue reported by Robert Swindells

branches: 1.123.4;
Increase buffer size reported to strlcpy() to be one larger than the
length of the string we copy in so that there is space for the '\0'.

branches: 1.122.2; 1.122.6; 1.122.10;
Use base 10 when logging the exit status or exit signal for sub-processes,
instead of hexadecimal.

branches: 1.121.6;
PR/47318: Henning Petersen: Replace (r)index with str(r)chr in inetd.c
And while here strncpy with strlcpy

branches: 1.120.6;
include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))

branches: 1.119.2;
Use __dead

RLIMIT_NOFILE stabilized in NetBSD 17 years ago, so it's safe now
to remove the #ifdef's from around code which uses it.

Nuke conditionally compiled MULOG stuff. Itojun wanted to do it
already 8 years ago when he fixed the compilation last time, and
again it hasn't been buildable in years.

Avoid SIGSEGV in forked child process for (some?) instant-disconnect clients.

Back out mDNS changes which were not discussed.
There is design work that needs to be done first.

Add mDNS Service Directory support to inetd(8).
inetd(8) can now advertize services in the mDNS-SD.
(Per service configuration option in inetd.conf(5).)

Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.

print the proper client address (ryo shimizu)

Fix -Wsign-compare issue

branches: 1.110.2;
- when we close an se_fd, set it to -1
- fix int/ssize_t/size_t/socklen_t issues
- fix casts
- remove unused variables
- fix prototypes
- fix const
- remove unneeded casts

PR/40340: Ed Ravin: Print the numeric address in addition to the hostname.

Print the numeric address of the host.

Add accept filters, ported from FreeBSD by Coyote Point Systems. Add inetd
support for specifying an accept filter for a service (mostly as a usage
example, but it can be handy for other things). Manual pages to follow
in a day or so.

OK core@.

Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.

When running a builtin service (a what? yeah, a piece of useless
legacy code), if the builtin service forks (not all do), avoid leaking
listening sockets into the child process.

If the child process were to keep copies of the listening sockets
around and then hang about for a long time, it would prevent inetd
from being able to re-bind them upon restart.

The listening sockets are tagged close-on-exec, but that doesn't help
when one doesn't exec.

Patch from my own very old PR 8253.

branches: 1.104.2;
Remove clause 3 and 4 from TNF licenses

branches: 1.103.10;
* Don't include headers twice
* Remove a few trailing whitespaces
* Rearrange and join to one #if for some headers

Patch contributed by Slava Semushin <slava.semushin@gmail.com>
in private mail.

Fixed gcc warnings about comparison between signed and unsigned, as well
as one case where a variable had been used for two different purposes
(which also required different types).

- use socklen_t where appropriate
- avoid lvalue casts

Don't ignore SIGCHLD, because we are not going to get kqueue notifications
about it if we do.

Simplify code a bit, and whitespace.

Add (unsigned char) cast to ctype functions

Add two missing `#ifdef INET6's.

Change the log that is produced when the maximum spawn count per
last 60 second interval is reached to more accurately reflect
what has happened.

Also, break up a few long strings, obey 80 columns, and remove a
superfluous newline passed to syslog(3).

Allow quoting using single or double quotes inside inetd.conf. Closes
PR 24192 by Tyler Retzlaff.

Don't assign NULL to an integer.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22366, verified by myself.

use strlcpy

"user:group=foo.bar" is weird. use colon on both sides

always configure IPV6_FAITH explicitly to avoid misconfiguring it on SIGHUP.
sync w/kame

Because signals are delivered synchronously via kqueue(2) there is no
reason to block and release them at various places.

Now that signal handling is done via kqueue(2) we need to enter
the event loop even if no sockets were created. This should fix
PR bin/20369 by Martin Husemann.

Improve kqueue(2) utilization:
- Don't invoke kevent(2) for every single event change. Instead collect
event changes and try to do them in the event loop.
- Handle signals via kevent(2) to avoid race conditions for SIGHUP (which
probably exist in the select(2) based implementation, too).

KNF.

Rewrite inetd(8) to use kqueue(2) for enhanced performance and scalability.

If we can't set FD_CLOEXEC on a listening socket, close it rather than allowing
it to be passed down to inetd's children.
Note: Setting FD_CLOEXEC can't actually fail, but we did check for the error
anyway...

correct udp-from-broadcast check. From: andre@ae-35.com

on internal udp echoback service, reject request if source address is a
broadcast address.

no need for inetd_dummy variable. from openbsd

minor KNF

cleanup main() by splitting it up in two. inspired by openbsd change

socklen_t cleanup. make MULOG code actually compile (is there anyone using
it? otherwise, i'd like to nuke it)

use setproctitle(3); from itojun.

deamon -> daemon

Convert some 'long's to 'uint32_t's. Now rdate works against an LP64 box.

Negative exit code cleanup: Replace exit(-x) with exit(x).
As seen on tech-userlevel.

convert to use getprogname()

use explicit name rather than __progname in openlog

be more paranoid about UDP-based echo services validation. namely,
reject the following sources:
0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 255.0.0.0/8
ff00::/8 ::/128
::ffff:0.0.0.0/96 and ::0.0.0.0/96 obeys IPv4 rule.
hint from deraadt.

Remove bogus typeof hack, and just use the type directly.

permit square-bracket notation (as in RFC2732) for the first element
in inetd.conf. otherwise, we'll have (minor) problem putting IPv6 address in.
sync with kame.

[::1]:ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll

explicitly check if the address family is supported, by using socket(2).

more change on getaddrinfo error handling.

XXX enami, I admit it is not a good thing to check the error code from
getaddrinfo. it is sometimes mandatory, however. gai_strerror message
can be too generic in some cases. we can't really extend getaddrinfo,
as it was not invented by kame (see RFC2553)

add faithd(8) support. with "faith/tcp6" protocol specification,
it will open a socket with setsockopt(IPV6_FAITH).

emit more friendly message on nonexistent service name.
From: enami

check for mux service by ISMUX(), not by != NORM_TYPE
(the assumption can bite us if we extend se_type to have more cases).

remove duplicated ipsec setup code. we always call setup() on
socket reinitialization (like SIGHUP).
sync with kame.

branches: 1.62.2;
Modify to support RPC over IPv6.

branches: 1.61.2;
use LOG_WARNING for syslog output for address family mismatch.
suggested by: thorpej

correct extremely unfriendly error message when the kernel does not
support the address family (like including "tcp6" in inetd.conf, on
non-IPv6 kernel).

was:
inetd[185]: ftp/tcp6: *: hostname nor servname provided, or not known
now:
inetd[315]: ftp/tcp6: *: the address family is not supported by the kernel

fix IPsec policy parser. #@ should affect multiple lines as documented.

sync with latest libipsec.
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".

make error check against getnameinfo().

call sigsetmask() on ipsec initialization failure.

A colon is the preferred way to split a user and group name pair; make this
possible and depreciate the use of dot.

branches: 1.54.2;
fix internal servers (like echo) so that they can accept AF_INET6 connections.
add AF_INET6 support for port_good_dg().

Fix PR7739: correct -DRPC rot in inetd.c

query service name properly on libwrap warnings.

NetBSD PR: 8101

se_wait stores pids; make it a pid_t.

be more friendly with non-IPsec kernel (hide warnings).

dual-stack inetd. you can write "tcp6" or "tcp4" into "protocol" field.
(the style is the rough consensus among v6 implementers so it will be
the standard style)

TODO: test rpc and tcpmux on IPv6.
TODO: test identd over IPv6.

Use pidfile(3).

Prevent sending udp data to the obvious bad ports that are used for
DoS attacks (e.g. looping packets between two echo ports).
This should "fix" PR bin/2455.
Could please anyone with an appropriate "hacker tools" check this?

Revert previous.

Make all listening sockets non-blocking.

use AF_LOCAL instead of AF_UNIX

From "buqtraq": avoid file descriptor leak if service is looping.

Add support for specifying the send and receive socket buffer sizes. This
is especially useful for TCP servers which must specify the receive
socket buffer size before the connection is made so that the connection's
window scale factor can be properly advertised.

Example /etc/inetd.conf configuration line:

shell stream tcp,rcvbuf=1m nowait root /usr/libexec/rshd rshd

That line will cause the rshd to advertise a 1 megabyte window, which could
improve the performance of an rcp in some situations.

Reset the SIGPIPE handler to SIG_DFL after forking.

PR/4837: Jeff Thieleke: inetd does not compile without libwrap.

Ignore SIGPIPE, which may be caused by non-forking internal TCP services if
the remote side closes the connection before we answer.

branches: 1.38.2;
fix use of unix domain socketname length, and signal error if this
is exceeded. from enami tsugutomo <enami@ba2.so-net.or.jp> [bin/3369]

Don't sleep if we get EINTR from select(2) (e.g. because we got
a SIGCHLD when something died). From PR 4056, by David Holland.

WARNS?=1

merge lite2 [actually, just update ucb sccs id's]

Don't do libwrap checking for UDP services; they must do it internally on
every packet to be correct.

Don't attempt to use libwrap for `stream wait' services, where
we only have the listening socket.

Oops; for waiting stream services, we don't do an accept(); we
pass down the fd of the listening socket.

Output a + line for the tcpmux `help' service, and list itself.

Move all of the libwrap checking and subprocess startup into a separate
function. Arrange for tcpmux() to be called like other builtins, and have it
call the aforementioned function recursively. This allows tcpmux to be
wrapped, and always runs it after forking, so we don't freeze everything
else.
Also, use FD_CLOEXEC to close file descriptors, rather than iterating through
them ourself.

Fix typo.

Make the previous dependent on LIBWRAP_INTERNAL, which is not defined by
default.

If we forked for an internal service, make sure we always exit afterward.

If we're using libwrap. always fork. This only affects the time and daytime
services anyway.

Slight rearrangement to forking code. Also, always close the new descriptor
after a fork failure, even for a waiting service.

Another bug fix to tcpmux.

Merge changes from Lite2 (with bug fixes). Adds tcpmux.

When rejecting a UDP connection, make sure to flush the right socket.

Oops; subprocess must exit when rejecting connection.

Do libwrap access checking *after* forking.

set proper length for sockaddr_un. fixes PR bin/3281 from Enami
Tsugutomo, but slightly differently; the code I added is basically
identical to SUN_LEN(), but avoids the unecessary strlen() call.

fix problem with restarting service after SIGHUP (PR 3093)
indicate proper invocation point and RCS ID police (PR 3098)

Per mail from Herb Peyerl, use LOG_AUTH for libwrap logging.

Get the local-address-part code in here (instead of "comsat" you can
use "127.0.0.1:comsat"). While I'm here, do trailing whitespace
cleanup, .Nm usage police in the manpage, and a couple of trivial text
typo fixes.

if se_argv[0] is NULL, use se_service.

syslog allow/deny at the right severity.

allow allow/deny severity to be compile-time configurable, use getservbyport()
correctly, and log the proto. from <jbernard@tater.Mines.EDU> in several PR's.

use the new libwrap functionality to provide tcpd-like functionality
as part of inetd. uses /etc/hosts.{allow,deny} as tcpd does, etc. it
is basically exactly like tcpd except that you don't need to change
the server to /usr/local/sbin/tcpd.

XXX should document better somewhere

Always swap most of the fields when updating a config file entry; otherwise
we can get weird lossage when deleting a field (e.g. the group).

Remove local declarations of ctime().

includes, for necessary prototypes, and avoid name collisions with the
include.

kill stupidity

Keep up with changed rlimit structure.

RLIMIT_OFILE => RLIMIT_NOFILE
Do something sensible when current RLIMIT_NOFILE turns out to be infinity.

Allow for a group name to be specified in the ``user'' field: user[.group]
Allow for max # of invocations to be specified; appended to ``wait''
field: wait/nowait[.max]
Allow for RPC specifications in numeric format.
Inetd now stores its pid in `/var/run/inetd.pid'.
Support for AF_UNIX family.

Don't core dump on blank lines.

Add RCS identifiers.

Add support for starting RPC servers.

branches: 1.1.1;
Initial revision

Fix various typos in comments.

PR/56963: Mark Davies: inetd not configured for rpc
Move RPC includes to inetd.h

inetd: remove trailing whitespace, add space after 'if' and 'for'

No functional change.

PR/56448: Solomon Ritzow: Various improvements.

Rate limiting code has been moved to ratelimit.c. I renamed
clear_ip_list to rl_clear_ip_list and broke the code up into more
functions. I have also made the per-IP rate limiting allocation more
efficient. IP addresses are now stored in their network format instead
of a string from getnameinfo (see inetd.h struct rl_ip_node). malloc
calls use only the space needed by the structure by using offsetof on
union members (I suppose this can be a bit dangerous if not done
correctly...). Per-IP rate limiting still supports textual comparison
using getnameinfo for address families other than AF_INET and AF_INET6, but I
don't think there are any that are actually compatible or used by inetd (I
haven't tested UNIX sockets with a remote bound to another file, but I did test
using IPv6 with the textual format by commenting out the IPv6 specific
code, and it works properly). Still potentially handy for the future.
The IP node list (se_rl_ip_list) now uses the <sys/queue.h> SLIST macros
instead of a custom list. I've broken rl_process up into helper functions
for each type of rate limiting and created a separate function for
address stringification, for use with printouts from the -d flag. I
tried to reduce stack memory use by moving printing code involving
string buffers into separate functions. I haven't tested rl_ipv6_eq on
a 32-bit system.

The code for the positional syntax has also been moved to parse.c.
Function try_biltin has been added to remove parse.c:parse_server's
dependency on the biltin structure definition.

File inetd.h has been updated with the proper function prototypes, and
the servtab structure has been update with the new IP node SLIST. I also
moved things around a bit. The way we (a peer and myself)
formatted inetd.h previously was somewhat confusing. Function and global
variable prototypes are now organized by the source file they are
defined in.

I also added a -f flag that I saw in another problem report
(https://gnats.netbsd.org/12823) that I thought could be useful. It
runs inetd in the foreground but without debug printouts or SO_DEBUG.
I'm not completely sure about the line "if (foreground) setsid()" that
I changed from "if (debug) setsid()".

inetd: prepare for lint's strict bool mode

Lint's strict bool mode considers bool incompatible with the other
scalar types. This makes the type of expressions more visible in the
code. In particular, conditions of the form '!strcmp(...)' are no
longer allowed, they have to be written as 'strcmp(...) == 0'.

The operator '!' cannot be used with sep->se_wait since that has type
pid_t, not bool.

No change to the resulting binary.

inetd: remove trailing whitespace

Inetd enhancements by James Browning, Gabe Coffland, Alex Gavin, Solomon Ritzow
Described in:
https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html
And developed in:
https://github.com/ritzow/src/pull/1

From their notes:

All new functionality should be explained by the updated manpage.

The manpage has been refactored a bit: A new section "Directives"
has been added and the information about default hostnames and
IPsec directives has been moved there, and the new file include
directive information is also there.

getconfigent has the most major changes. A newline is no longer
read immediately, but is called only by a "goto more" (inside an
if(false) block). This allows multiple definitions or directives
to exist on a single line for anything that doesn't terminate using
a newline. This means a key-values service definition can be followed
by another key-values service definition, a positional definition,
or an ipsec, hostname, or .include directive on the same line.

memset is no longer used explicitly to clear the servtab structure,
a function init_servtab() is used instead, which uses a C struct
initializer.

The servtab se_group field is its own allocation now, and not just
a pointer into the user:group string.

Refactored some stuff out of getconfigent to separate functions
for use by parse_v2.c. These functions in inetd.c are named with
the form parse_*()

parse_v2.c only has code for parsing a key-values service definition
into a provided servtab. It should not have anything that affects
global state other than line and line_number.

Some function prototypes, structures, and #defines have been moved
from inetd.c to inetd.h.

The function config_root replaces config as the function called on
a config file load/reload. The code removed from the end of
config(void) is now called in config_root, so it is not run on each
recursive config call.

setconfig(void) was removed and its code added into config_root
because that is the only place it is called, and redundant checks
for non-null globals were removed because they are always freed by
endconfig. The fseek code was also removed because the config files
are always closed by endconfig.

Rate limiting code was updated to add a per-service per-IP rate
limiting form. Some of that code was refactored out of other places
into functions with names in the form rl_*()

We have not added any of the license or version information to the
new files parse_v2.c, parse_v2.h, and inetd.h and we have not
updated the license or version info for inetd.c.

Security related:

The behavior when reading invalid IPsec strings has changed. Inetd
no longer exits, it quits reading the current config file instead.
Could this impact program security?

We have not checked for memory leaks. Solomon tried to use dmalloc
without success. getconfigent seemed to have a memory leak at each
"goto more". It seems like inetd has never free'd allocated strings
when throwing away erroneous service definitions during parsing
(i.e. when "goto more" is called when parsing fields). OpenBSD's
version calls freeconfig on "goto more"
(https://github.com/openbsd/src/blob/c5eae130d6c937080c3d30d124e8c8b86db7d625/usr.sbin/inetd/inetd.c#L1049)
but NetBSD only calls it when service definitions are no longer
needed. This has been fixed. freeconfig is called immediately before
any "goto more". There shouldn't be any time when a servtab is in
an invalid state where freeconfig would break.

inetd: remove redundant tests before calling isspace

inetd: prepare for lint's strict bool mode

Lint's strict bool mode considers bool incompatible with the other
scalar types. This makes the type of expressions more visible in the
code. In particular, conditions of the form '!strcmp(...)' are no
longer allowed, they have to be written as 'strcmp(...) == 0'.

The operator '!' cannot be used with sep->se_wait since that has type
pid_t, not bool.

No change to the resulting binary.

inetd: remove trailing whitespace

- don't compare pointer with \0. in this case, *pointer is wanted,
not \0 -> NULL, as we just tested pointer, and this is wanting to
be the standard "is this string NULL or nul?" idiom.

branches: 1.4.40;
include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))

branches: 1.3.8;
- when we close an se_fd, set it to -1
- fix int/ssize_t/size_t/socklen_t issues
- fix casts
- remove unused variables
- fix prototypes
- fix const
- remove unneeded casts

Add (unsigned char) cast to ctype functions

sync with latest libipsec.
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".

inetd: remove trailing whitespace

ansify - drop the K&R style prototypes & implementations.

sync with latest libipsec.
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".

PR/56963: Mark Davies: inetd not configured for rpc
Move RPC includes to inetd.h

PR bin/56963 Mark Davies: inetd not configured for rpc

Instead of using negative flags to turn on positive flags, set -DRPC
in the makefile. Corrects a problem where the SunRPC code in parse.c
was accidentally left disabled.

This is a prime example of why we don't like negative flags...

fix various small typos, mainly in comments.

inetd: remove trailing whitespace, add space after 'if' and 'for'

No functional change.

PR/56448: Solomon Ritzow: Various improvements.

Rate limiting code has been moved to ratelimit.c. I renamed
clear_ip_list to rl_clear_ip_list and broke the code up into more
functions. I have also made the per-IP rate limiting allocation more
efficient. IP addresses are now stored in their network format instead
of a string from getnameinfo (see inetd.h struct rl_ip_node). malloc
calls use only the space needed by the structure by using offsetof on
union members (I suppose this can be a bit dangerous if not done
correctly...). Per-IP rate limiting still supports textual comparison
using getnameinfo for address families other than AF_INET and AF_INET6, but I
don't think there are any that are actually compatible or used by inetd (I
haven't tested UNIX sockets with a remote bound to another file, but I did test
using IPv6 with the textual format by commenting out the IPv6 specific
code, and it works properly). Still potentially handy for the future.
The IP node list (se_rl_ip_list) now uses the <sys/queue.h> SLIST macros
instead of a custom list. I've broken rl_process up into helper functions
for each type of rate limiting and created a separate function for
address stringification, for use with printouts from the -d flag. I
tried to reduce stack memory use by moving printing code involving
string buffers into separate functions. I haven't tested rl_ipv6_eq on
a 32-bit system.

The code for the positional syntax has also been moved to parse.c.
Function try_biltin has been added to remove parse.c:parse_server's
dependency on the biltin structure definition.

File inetd.h has been updated with the proper function prototypes, and
the servtab structure has been update with the new IP node SLIST. I also
moved things around a bit. The way we (a peer and myself)
formatted inetd.h previously was somewhat confusing. Function and global
variable prototypes are now organized by the source file they are
defined in.

I also added a -f flag that I saw in another problem report
(https://gnats.netbsd.org/12823) that I thought could be useful. It
runs inetd in the foreground but without debug printouts or SO_DEBUG.
I'm not completely sure about the line "if (foreground) setsid()" that
I changed from "if (debug) setsid()".

fix misplaced or missing "e" in words with "ment" ending (argument, implement,
increment, decrement, alignment), in comments, documentation, log messages.

PR/56448: Solomon Ritzow: Various improvements.

Rate limiting code has been moved to ratelimit.c. I renamed
clear_ip_list to rl_clear_ip_list and broke the code up into more
functions. I have also made the per-IP rate limiting allocation more
efficient. IP addresses are now stored in their network format instead
of a string from getnameinfo (see inetd.h struct rl_ip_node). malloc
calls use only the space needed by the structure by using offsetof on
union members (I suppose this can be a bit dangerous if not done
correctly...). Per-IP rate limiting still supports textual comparison
using getnameinfo for address families other than AF_INET and AF_INET6, but I
don't think there are any that are actually compatible or used by inetd (I
haven't tested UNIX sockets with a remote bound to another file, but I did test
using IPv6 with the textual format by commenting out the IPv6 specific
code, and it works properly). Still potentially handy for the future.
The IP node list (se_rl_ip_list) now uses the <sys/queue.h> SLIST macros
instead of a custom list. I've broken rl_process up into helper functions
for each type of rate limiting and created a separate function for
address stringification, for use with printouts from the -d flag. I
tried to reduce stack memory use by moving printing code involving
string buffers into separate functions. I haven't tested rl_ipv6_eq on
a 32-bit system.

The code for the positional syntax has also been moved to parse.c.
Function try_biltin has been added to remove parse.c:parse_server's
dependency on the biltin structure definition.

File inetd.h has been updated with the proper function prototypes, and
the servtab structure has been update with the new IP node SLIST. I also
moved things around a bit. The way we (a peer and myself)
formatted inetd.h previously was somewhat confusing. Function and global
variable prototypes are now organized by the source file they are
defined in.

I also added a -f flag that I saw in another problem report
(https://gnats.netbsd.org/12823) that I thought could be useful. It
runs inetd in the foreground but without debug printouts or SO_DEBUG.
I'm not completely sure about the line "if (foreground) setsid()" that
I changed from "if (debug) setsid()".

inetd: prepare for lint's strict bool mode

Lint's strict bool mode considers bool incompatible with the other
scalar types. This makes the type of expressions more visible in the
code. In particular, conditions of the form '!strcmp(...)' are no
longer allowed, they have to be written as 'strcmp(...) == 0'.

The operator '!' cannot be used with sep->se_wait since that has type
pid_t, not bool.

No change to the resulting binary.

inetd: raise WARNS from 5 to 6

The necessary fixes include:
* explicit integer conversions, to get rid of mixed signedness
* function prototypes for parameterless functions

While here:
* add space after comma
* add space after 'if'
* place the '{' of a function definition on a separate line
* rename variables 'bits' and 'temp' to 'hi' and 'lo'
* in parse_quote, prefer expressions over assignments
* make hex_to_bits static

No functional change.

inetd: remove trailing whitespace

Summary: char is unsigned on arm, so use int when -1 indicates error

hex_to_bits() returns -1 on error, so declare it int, and do the same
for the variables that hold intermediate values returned by it.

Inetd enhancements by James Browning, Gabe Coffland, Alex Gavin, Solomon Ritzow
Described in:
https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html
And developed in:
https://github.com/ritzow/src/pull/1

From their notes:

All new functionality should be explained by the updated manpage.

The manpage has been refactored a bit: A new section "Directives"
has been added and the information about default hostnames and
IPsec directives has been moved there, and the new file include
directive information is also there.

getconfigent has the most major changes. A newline is no longer
read immediately, but is called only by a "goto more" (inside an
if(false) block). This allows multiple definitions or directives
to exist on a single line for anything that doesn't terminate using
a newline. This means a key-values service definition can be followed
by another key-values service definition, a positional definition,
or an ipsec, hostname, or .include directive on the same line.

memset is no longer used explicitly to clear the servtab structure,
a function init_servtab() is used instead, which uses a C struct
initializer.

The servtab se_group field is its own allocation now, and not just
a pointer into the user:group string.

Refactored some stuff out of getconfigent to separate functions
for use by parse_v2.c. These functions in inetd.c are named with
the form parse_*()

parse_v2.c only has code for parsing a key-values service definition
into a provided servtab. It should not have anything that affects
global state other than line and line_number.

Some function prototypes, structures, and #defines have been moved
from inetd.c to inetd.h.

The function config_root replaces config as the function called on
a config file load/reload. The code removed from the end of
config(void) is now called in config_root, so it is not run on each
recursive config call.

setconfig(void) was removed and its code added into config_root
because that is the only place it is called, and redundant checks
for non-null globals were removed because they are always freed by
endconfig. The fseek code was also removed because the config files
are always closed by endconfig.

Rate limiting code was updated to add a per-service per-IP rate
limiting form. Some of that code was refactored out of other places
into functions with names in the form rl_*()

We have not added any of the license or version information to the
new files parse_v2.c, parse_v2.h, and inetd.h and we have not
updated the license or version info for inetd.c.

Security related:

The behavior when reading invalid IPsec strings has changed. Inetd
no longer exits, it quits reading the current config file instead.
Could this impact program security?

We have not checked for memory leaks. Solomon tried to use dmalloc
without success. getconfigent seemed to have a memory leak at each
"goto more". It seems like inetd has never free'd allocated strings
when throwing away erroneous service definitions during parsing
(i.e. when "goto more" is called when parsing fields). OpenBSD's
version calls freeconfig on "goto more"
(https://github.com/openbsd/src/blob/c5eae130d6c937080c3d30d124e8c8b86db7d625/usr.sbin/inetd/inetd.c#L1049)
but NetBSD only calls it when service definitions are no longer
needed. This has been fixed. freeconfig is called immediately before
any "goto more". There shouldn't be any time when a servtab is in
an invalid state where freeconfig would break.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22366, verified by myself.

Use pidfile(3).

merge lite2 [actually, just update ucb sccs id's]

fix problem with restarting service after SIGHUP (PR 3093)
indicate proper invocation point and RCS ID police (PR 3098)

Allow for a group name to be specified in the ``user'' field: user[.group]
Allow for max # of invocations to be specified; appended to ``wait''
field: wait/nowait[.max]
Allow for RPC specifications in numeric format.
Inetd now stores its pid in `/var/run/inetd.pid'.
Support for AF_UNIX family.

Add RCS identifiers.

branches: 1.1.1;
Initial revision

fix a couple of "allocate too little" issues GCC 14 pointed out.

both ruptime and inetd allocate a less-than-struct-sized space and
assign it to a struct pointer. neither of them actually use more
than the allocated memory, but this is still dodgy and technically
wrong. just allocate the right size.

inetd: remove trailing whitespace, add space after 'if' and 'for'

No functional change.

PR/56448: Solomon Ritzow: Various improvements.

Rate limiting code has been moved to ratelimit.c. I renamed
clear_ip_list to rl_clear_ip_list and broke the code up into more
functions. I have also made the per-IP rate limiting allocation more
efficient. IP addresses are now stored in their network format instead
of a string from getnameinfo (see inetd.h struct rl_ip_node). malloc
calls use only the space needed by the structure by using offsetof on
union members (I suppose this can be a bit dangerous if not done
correctly...). Per-IP rate limiting still supports textual comparison
using getnameinfo for address families other than AF_INET and AF_INET6, but I
don't think there are any that are actually compatible or used by inetd (I
haven't tested UNIX sockets with a remote bound to another file, but I did test
using IPv6 with the textual format by commenting out the IPv6 specific
code, and it works properly). Still potentially handy for the future.
The IP node list (se_rl_ip_list) now uses the <sys/queue.h> SLIST macros
instead of a custom list. I've broken rl_process up into helper functions
for each type of rate limiting and created a separate function for
address stringification, for use with printouts from the -d flag. I
tried to reduce stack memory use by moving printing code involving
string buffers into separate functions. I haven't tested rl_ipv6_eq on
a 32-bit system.

The code for the positional syntax has also been moved to parse.c.
Function try_biltin has been added to remove parse.c:parse_server's
dependency on the biltin structure definition.

File inetd.h has been updated with the proper function prototypes, and
the servtab structure has been update with the new IP node SLIST. I also
moved things around a bit. The way we (a peer and myself)
formatted inetd.h previously was somewhat confusing. Function and global
variable prototypes are now organized by the source file they are
defined in.

I also added a -f flag that I saw in another problem report
(https://gnats.netbsd.org/12823) that I thought could be useful. It
runs inetd in the foreground but without debug printouts or SO_DEBUG.
I'm not completely sure about the line "if (foreground) setsid()" that
I changed from "if (debug) setsid()".