![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / identd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.40 / (download) - annotate - [select for diffs], Wed Jul 3 03:24:03 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
HEAD
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
snprintf/vsnprintf return < 0 on error, rather than -1.
Revision 1.39 / (download) - annotate - [select for diffs], Fri Jan 5 08:13:31 2018 UTC (6 years, 5 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
Remove useless <sys/socketvar.h> includes. ok kettenis@, visa@, claudio@, deraadt@
Revision 1.38 / (download) - annotate - [select for diffs], Tue Jul 4 01:09:42 2017 UTC (6 years, 11 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
consistently use the evtimer wrappers around the connection timeout. this is instead of setting the timeout up with event_set and event_add, but removing it with evtimer_del. this uses evtimer_set and evtimer_add.
Revision 1.37 / (download) - annotate - [select for diffs], Tue Jul 4 01:07:32 2017 UTC (6 years, 11 months ago) by dlg
Branch: MAIN
Changes since 1.36: +2 -1 lines
Diff to previous 1.36 (colored)
include stdarg.h explicitly instead of relying on event.h to bring it in.
Revision 1.36 / (download) - annotate - [select for diffs], Fri May 26 17:38:46 2017 UTC (7 years ago) by florian
Branch: MAIN
Changes since 1.35: +5 -5 lines
Diff to previous 1.35 (colored)
Sync the severity of the syslog_* functions shared between identd, slowcgi, tftp-proxy and tftpd to the severity used in log.c style loggers. This also fixes an issue where syslog_err and syslog_errx logged with different severities. Sure deraadt@
Revision 1.35 / (download) - annotate - [select for diffs], Tue Apr 18 03:54:27 2017 UTC (7 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.34: +1 -15 lines
Diff to previous 1.34 (colored)
removed unused function; from Edgar Pettijohn
Revision 1.34 / (download) - annotate - [select for diffs], Sun Sep 4 14:39:32 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.33: +27 -14 lines
Diff to previous 1.33 (colored)
Add format attribute to logger functions. Input & OK benno@
Revision 1.33 / (download) - annotate - [select for diffs], Sat Oct 24 15:31:00 2015 UTC (8 years, 7 months ago) by jca
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)
Fix pledge request to allow for setgroups. setgroups needed "proc" before the introduction of "id" on 2015/10/17. Initial patch from Gregor Best, from which I further removed "proc".
Revision 1.32 / (download) - annotate - [select for diffs], Fri Oct 16 05:55:23 2015 UTC (8 years, 7 months ago) by doug
Branch: MAIN
Changes since 1.31: +14 -1 lines
Diff to previous 1.31 (colored)
Pledge support for the parent/resolver in identd(8). This limits the resolver to just "stdio getpw" or "stdio getpw rpath" depending on whether ~/.noident files are checked. The child/listener cannot use pledge yet because it calls a sysctl that hasn't been whitelisted. "commit" deraadt@
Revision 1.31 / (download) - annotate - [select for diffs], Thu Aug 20 11:06:35 2015 UTC (8 years, 9 months ago) by dlg
Branch: MAIN
Changes since 1.30: +6 -13 lines
Diff to previous 1.30 (colored)
avoid ioctl FIONBIO by passing SOCK_NONBLOCK to the things we get sockets out of. for guenther@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Aug 20 10:54:35 2015 UTC (8 years, 9 months ago) by dlg
Branch: MAIN
Changes since 1.29: +9 -2 lines
Diff to previous 1.29 (colored)
ignore SIGPIPE so we can handle the write(2) failures. instead of exiting on an unknown write failure, close the client connection on EPIPE from write and warn and close the connection on any other failure. ok jmatthew@
Revision 1.29 / (download) - annotate - [select for diffs], Tue Aug 4 11:05:18 2015 UTC (8 years, 10 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.28: +13 -6 lines
Diff to previous 1.28 (colored)
consider the default failure handling for errors on socket operations to close the socket rather than kill the program. tested for a few days on the student shell box at work. based on discussion with guenther@
Revision 1.28 / (download) - annotate - [select for diffs], Fri Mar 27 07:16:38 2015 UTC (9 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.27: +4 -1 lines
Diff to previous 1.27 (colored)
f the parent builts up a list of replies for the child, it helps to readd the write event if there's still items on the list. this lets things that do a lot of requests in parallel (like npm) work betterer through a squid proxy using ident for auth. ok jmatthew@
Revision 1.27 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:17 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.26: +3 -2 lines
Diff to previous 1.26 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.26 / (download) - annotate - [select for diffs], Sun Jul 13 17:53:41 2014 UTC (9 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
Use errx() after getpwnam() failure since errno may not be set. All other privsep / privdrop daemons do this the same way. OK florian@ some time ago
Revision 1.25 / (download) - annotate - [select for diffs], Tue Jul 8 17:12:37 2014 UTC (9 years, 11 months ago) by tobias
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
Cleanup of getopt argument: -p is not supported anymore. ok deraadt@, dlg@
Revision 1.24 / (download) - annotate - [select for diffs], Tue Jan 7 00:11:11 2014 UTC (10 years, 5 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
the return from asprintf does NOT include the space used by the terminating \0 character. if i want to use it as a c string i have to take that into account. found by simon kuhnle who supplied a good bug report. prodded by deraadt@
Revision 1.23 / (download) - annotate - [select for diffs], Thu Nov 21 03:09:07 2013 UTC (10 years, 6 months ago) by dlg
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
get bytes off the wire as unsigned char so we can pass them to identd_parse() and then isspace()/isdigit() as appropriately promoted values. based on discussion with deraadt@ and guenther@
Revision 1.22 / (download) - annotate - [select for diffs], Tue Nov 12 19:47:52 2013 UTC (10 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
handle lack of prototype
Revision 1.21 / (download) - annotate - [select for diffs], Thu Oct 24 02:55:50 2013 UTC (10 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +1 -2 lines
Diff to previous 1.20 (colored)
no need for netinet/ip_var.h (and friends)
Revision 1.20 / (download) - annotate - [select for diffs], Wed Jul 17 15:38:48 2013 UTC (10 years, 10 months ago) by okan
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.19: +14 -7 lines
Diff to previous 1.19 (colored)
implement -H, which hides existing and non-existent users, as well as implying -h. feedback and ok from jmc@ and dlg@
Revision 1.19 / (download) - annotate - [select for diffs], Mon Apr 29 06:32:11 2013 UTC (11 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
add -h to usage();
Revision 1.18 / (download) - annotate - [select for diffs], Mon Apr 29 04:17:58 2013 UTC (11 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.17: +47 -9 lines
Diff to previous 1.17 (colored)
implement -h from libexec/identd, which hides usernames/uids.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Apr 23 21:18:57 2013 UTC (11 years, 1 month ago) by sthen
Branch: MAIN
Changes since 1.16: +12 -7 lines
Diff to previous 1.16 (colored)
support src/libexec/identd's -e option in src/usr.sbin/identd, ok dlg@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Apr 23 10:33:06 2013 UTC (11 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)
sizeof(&foo) isnt as good as sizeof(foo). found by sthen@
Revision 1.15 / (download) - annotate - [select for diffs], Tue Apr 23 06:17:07 2013 UTC (11 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.14: +5 -15 lines
Diff to previous 1.14 (colored)
use stat to see if ~/.noident is there to avoid reimplementing a security issue from 1988 when using open. pointed out by deraadt@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Apr 23 05:39:32 2013 UTC (11 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.13: +3 -3 lines
Diff to previous 1.13 (colored)
fix usage to reflect the currently accepted getopt things.
Revision 1.13 / (download) - annotate - [select for diffs], Tue Apr 23 05:37:35 2013 UTC (11 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.12: +2 -6 lines
Diff to previous 1.12 (colored)
remove support for specifying which port you want to run on. there's no point. well argued by deraadt@
Revision 1.12 / (download) - annotate - [select for diffs], Tue Apr 23 01:55:45 2013 UTC (11 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.11: +23 -3 lines
Diff to previous 1.11 (colored)
add support for returning uids instead of usernames via -n, like libexec identd.
Revision 1.11 / (download) - annotate - [select for diffs], Tue Apr 23 01:46:39 2013 UTC (11 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.10: +56 -10 lines
Diff to previous 1.10 (colored)
add support for -N as per libexec/identd. this lets users put .noident in their homedir to have this identd return HIDDEN-USER instead of their username.
Revision 1.10 / (download) - annotate - [select for diffs], Mon Apr 22 05:08:46 2013 UTC (11 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.9: +44 -18 lines
Diff to previous 1.9 (colored)
handle ENOBUFS on the SEQPACKET socketpair between the child and the parent procs. if this happens it would mean the parent has a backlog of work cos of slow username resolutions. in that situation the child should tell the client theres an error, but not die. this factors out a bit of code to handle generating errors for the client and closing the socket. reviewed by jmatthew@
Revision 1.9 / (download) - annotate - [select for diffs], Fri Apr 5 23:16:41 2013 UTC (11 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)
kill redundant prototype OK dlg@
Revision 1.8 / (download) - annotate - [select for diffs], Wed Mar 20 03:58:09 2013 UTC (11 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +2 -8 lines
Diff to previous 1.7 (colored)
7 #include which are not needed
Revision 1.7 / (download) - annotate - [select for diffs], Wed Mar 20 00:23:53 2013 UTC (11 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +11 -19 lines
Diff to previous 1.6 (colored)
a tiny bit of knf; mostly whitespace
Revision 1.6 / (download) - annotate - [select for diffs], Tue Mar 19 00:44:03 2013 UTC (11 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.5: +1 -3 lines
Diff to previous 1.5 (colored)
dont need to event_add the parent to child writing events twice. especially if something stops you from having something to write after the first event_add but before the second one. thank you to Henri Kemppainen for the find.
Revision 1.5 / (download) - annotate - [select for diffs], Mon Mar 18 04:53:23 2013 UTC (11 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.4: +8 -8 lines
Diff to previous 1.4 (colored)
whitespace fixes. no functional change
Revision 1.4 / (download) - annotate - [select for diffs], Mon Mar 18 04:50:01 2013 UTC (11 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.3: +14 -0 lines
Diff to previous 1.3 (colored)
limit the client to 256 bytes of input. if they send too much we just close the connection. requested by deraadt@
Revision 1.3 / (download) - annotate - [select for diffs], Mon Mar 18 04:43:55 2013 UTC (11 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.2: +43 -61 lines
Diff to previous 1.2 (colored)
switch from having a timeout after every read/write for the client connection to a timeout for the whole session. means a client cant sit there feeding us a byte at a time for long periods, consuming fds on the server. it seems to simplify the code a bit too. requested by deraadt@
Revision 1.2 / (download) - annotate - [select for diffs], Mon Mar 18 01:20:46 2013 UTC (11 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.1: +28 -7 lines
Diff to previous 1.1 (colored)
handle EMFILE/ENFILE from accept by disabling handling of events on the listeners for a second. modelled on how this has been solved in other network daemons.
Revision 1.1 / (download) - annotate - [select for diffs], Mon Mar 18 00:34:48 2013 UTC (11 years, 2 months ago) by dlg
Branch: MAIN
this is a new identd daemon to replace the libexec one that can be run from inetd. it is an event driven non-blocking implemention using libevent. it features support for privilege separation and revocation. network connections are handled by a chrooted and unprivileged process, while the username lookups are handled by an unprivileged process. the lookups can block while the network handling can continue. it also features support for handling concurrent client connections. its currently lacking support for handling dotfiles in homedirs like the libexec one, and some error handling on accept. its going into the tree so it can be worked on with a history of changes.