From linux_4ever at yahoo.com Wed Dec 24 07:57:04 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] crash on reconfig In-Reply-To: <3F8561DF.9CE671B2@co.ru> Message-ID: <20031224155704.36034.qmail@web9606.mail.yahoo.com> >There is another bug in xinetd. Sometimes it crashed on >reconfig with deleting services at (gdb5): Hi, This bug is finally fixed. The patch only involves reconfigure.c. Please give it a test and see if that fixes it for you. As of this patch, I don't know of any more bugs with xinetd - excluding the wait option for tcp sockets. -Steve Grubb __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ From dp at co.ru Thu Dec 25 00:13:36 2003 From: dp at co.ru (Dmitry Perfilyev) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] crash on reconfig References: <20031224155704.36034.qmail@web9606.mail.yahoo.com> Message-ID: <3FEA9C30.B05C85BD@co.ru> HI! Where is the pathch ? BTW, my xinetd installation (based on 2.3.12) includes 2 next patches: * understand numeric group - like '#65534' instead 'nogroup' ( because Solaris sometime fails on getgrnam() ) * use setpgid() and killpg() on starting and stopping tcp wait service ( to kill children of main forked process ) I think it may be usefull include this in xinetd functionality. Steve G wrote: > > >There is another bug in xinetd. Sometimes it crashed on > >reconfig with deleting services at (gdb5): > > Hi, > > This bug is finally fixed. The patch only involves reconfigure.c. > Please give it a test and see if that fixes it for you. > > As of this patch, I don't know of any more bugs with xinetd - > excluding the wait option for tcp sockets. > > -Steve Grubb > > __________________________________ > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing. > http://photos.yahoo.com/ > _______________________________________________ > xinetd mailing list > xinetd@xinetd.org > http://www.xinetd.org/mailman/listinfo/xinetd -- Dmitry Perfilyev JSC Combellga www.co.ru From linux_4ever at yahoo.com Thu Dec 25 07:28:20 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] crash on reconfig In-Reply-To: <3FEA9C30.B05C85BD@co.ru> Message-ID: <20031225152820.95125.qmail@web9609.mail.yahoo.com> >Where is the patch ? I meant to say in CVS. Here's the link to this particular patch: http://www.xinetd.org/pipermail/cvs-xinetd/2003-December/000209.html >my xinetd installation (based on 2.3.12) includes 2 patches: >* understand numeric group - like '#65534' instead 'nogroup' > ( because Solaris sometime fails on getgrnam() ) I'd be interested in seeing this one. Sounds simple & low risk. My aim at this point is simply stabilizing xinetd. As far as I know, that is done. :) -Steve Grubb __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ From dp at co.ru Thu Dec 25 23:54:14 2003 From: dp at co.ru (Dmitry Perfilyev) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] crash on reconfig References: <20031225152820.95125.qmail@web9609.mail.yahoo.com> Message-ID: <3FEBE926.C2001A47@co.ru> see attach. > >my xinetd installation (based on 2.3.12) includes 2 patches: > >* understand numeric group - like '#65534' instead 'nogroup' > > ( because Solaris sometime fails on getgrnam() ) > > I'd be interested in seeing this one. Sounds simple & low risk. > My aim at this point is simply stabilizing xinetd. As far as I > know, that is done. :) > > -Steve Grubb -- Dmitry Perfilyev -------------- next part -------------- *** parsers.c.orig ?? ??? 8 15:41:17 2003 --- parsers.c ?? ??? 15 16:36:20 2003 *************** *** 300,313 **** struct group *grp ; const char *func = "group_parser" ; ! grp = getgrnam( group_ptr ) ; ! if ( grp == NULL ) { ! parsemsg( LOG_ERR, func, "Unknown group: %s", group_ptr ) ; ! return( FAILED ) ; } - scp->sc_gid = grp->gr_gid ; return( OK ) ; } --- 300,324 ---- struct group *grp ; const char *func = "group_parser" ; ! if ( group_ptr[0] == '#' ) { ! if ( (scp->sc_gid = (gid_t) atoi( group_ptr + 1 )) <= 0 ) ! { ! parsemsg( LOG_ERR, func, "Unknown numeric group: %s", group_ptr ) ; ! return( FAILED ) ; ! } } + else + { + grp = getgrnam( group_ptr ) ; + if ( grp == NULL ) + { + parsemsg( LOG_ERR, func, "Unknown group: %s", group_ptr ) ; + return( FAILED ) ; + } + scp->sc_gid = grp->gr_gid ; + } return( OK ) ; } From linux_4ever at yahoo.com Fri Dec 26 04:28:49 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] crash on reconfig In-Reply-To: <3FEBE926.C2001A47@co.ru> Message-ID: <20031226122849.85954.qmail@web9602.mail.yahoo.com> > see attach. OK, I think I get the feel for it. I think that I would want to drop the # symbol, though. For example, port doesn't need # and it gets interpreted as a number. Do you have any problems with users or is it just with groups? If we fix groups for numeric, I think users should allow numeric, too. Thanks, -Steve Grubb __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ From dp at co.ru Fri Dec 26 07:48:06 2003 From: dp at co.ru (Dmitry Perfilyev) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] crash on reconfig References: <20031226122849.85954.qmail@web9602.mail.yahoo.com> Message-ID: <3FEC5836.38FD84F4@co.ru> Port cann't be completely numeric. And group or user can (though this is not recommended) With user I haven't any problems. But it may be usefull have numeric UIDs too. > I think that I would want to > drop the # symbol, though. For example, > port doesn't need # and > it gets interpreted as a number. > > Do you have any problems with users or is it just with groups? If > we fix groups for numeric, I think users should allow numeric, > too. -- Dmitry Perfilyev From joern at vehoff.net Tue Dec 30 02:23:56 2003 From: joern at vehoff.net (=?ISO-8859-1?Q?J=F6rn_Vehoff?=) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] only_from Message-ID: <3FF1523C.1080902@vehoff.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am using xinetd Version 2.3.4 libwrap loadavg on a Debian box to run exim. I am using the following configuration: service smtp { socket_type = stream protocol = tcp wait = no user = mail server = /usr/sbin/exim server_args = -bs interface = [MY_IP] only_from = [LIST_OF_IPs] } LIST_OF_IPs is a list of about 300 different IP addresses. They have nothing in common and might grow to 500 and more. It is simply a space separated list of individual IPs. However, I experienced that not all IPs are actually working. Only a certain number of IPs is actually allowed to access. I assume that there is a hardcoded limit on the number of IPs? Is that true? Is there an easy way to change this? Since my version of xinetd is compiled with libwrap support, would it be a better option to use hosts.allow / hosts.deny for access control? Is there a limit for these files? Thank you very much for a quick response. bye J?rn - -- :: Homepage :: http://www.joern.vehoff.net/ :: Public Key :: http://joern.vehoff.net/key.php :: Key Fingerprint :: 5BDE F9E9 C870 1038 C6C1 77CE 0240 166A BDA4 237B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/8VI8AkAWar2kI3sRAjVrAJ9DWfBrhLNvNt8X9LnZ2oljAPcflQCfVrII QnK2kp0x1iv+Szz4AIRfk4I= =opwU -----END PGP SIGNATURE----- From linux_4ever at yahoo.com Tue Dec 30 04:25:35 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] only_from In-Reply-To: <3FF1523C.1080902@vehoff.net> Message-ID: <20031230122535.79091.qmail@web9608.mail.yahoo.com> >I am using xinetd Version 2.3.4 libwrap loadavg on a Debian >box to run exim. > >However, I experienced that not all IPs are actually working. >Only a certain number of IPs is actually allowed to access. I >assume that there is a hardcoded limit on the number of IPs? As far as I know, xinetd makes a linked list and walks it from top to bottom. Because its a linked list, it can grow to any size. You should know that there were serious issues with only_from that were fixed in 2.3.6. I would not trust xinetd < 2.3.12 for anything that must be robust, either. You should be able to dump (SIGUSR1) xinetd's configuration to see if all 300 made it in. If they are, it should work...assuming you are running a newer version of xinetd. As far as the config file, only_from uses the += operator so you can have multiple only_from statements within the same service. This lets you format it for easy reading. >Since my version of xinetd is compiled with libwrap >support, would it be a better option to use hosts.allow >/ hosts.deny for access control? libwrap does a better job of trying to determine that a connection is really who it says it is. It does both a forward and reverse lookup. It is slower though since it does both. >Is there a limit for these files? No. However, it parses the whole file each time a connection is made. This also slows things down. Hope this helps... -Steve Grubb __________________________________ Do you Yahoo!? Find out what made the Top Yahoo! Searches of 2003 http://search.yahoo.com/top2003 From streiner at stargate.net Tue Dec 30 06:14:43 2003 From: streiner at stargate.net (Streiner, Justin) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] only_from In-Reply-To: <3FF1523C.1080902@vehoff.net> References: <3FF1523C.1080902@vehoff.net> Message-ID: On Tue, 30 Dec 2003, [ISO-8859-1] J?rn Vehoff wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > I am using xinetd Version 2.3.4 libwrap loadavg on a Debian box to run exim. > > I am using the following configuration: > > service smtp > { > socket_type = stream > protocol = tcp > wait = no > user = mail > server = /usr/sbin/exim > server_args = -bs > interface = [MY_IP] > > only_from = [LIST_OF_IPs] > } > > LIST_OF_IPs is a list of about 300 different IP addresses. They have > nothing in common and might grow to 500 and more. It is simply a space > separated list of individual IPs. I ran into the same problem awhile back, I would guess at 100 or 128 elements and the list looked like: only_from = 1.2.3.4 10.1.1.0/24 172.16.32.0/22 .... You can do something like this: only_from = 1.2.3.4 only_from += 10.1.1.0/24 only_from += 172.16.32.0/22 and so on... I have about 180 IP addresses or ranges in an xinetd implementation I'm running and it works fine. Hope this helps. jms From joern at vehoff.net Tue Dec 30 08:08:48 2003 From: joern at vehoff.net (=?ISO-8859-1?Q?J=F6rn_Vehoff?=) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] only_from In-Reply-To: References: <3FF1523C.1080902@vehoff.net> Message-ID: <3FF1A310.9070502@vehoff.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve and Justin, thanks very much for your help. After compiling 2.3.12 and using the only_from += ... syntax it seems to work just fine. bye J?rn - -- :: Homepage :: http://www.joern.vehoff.net/ :: Public Key :: http://joern.vehoff.net/key.php :: Key Fingerprint :: 5BDE F9E9 C870 1038 C6C1 77CE 0240 166A BDA4 237B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/8aMQAkAWar2kI3sRAqj4AJ9tZgltBNJJDkUt2qmKG43gSo7GYwCfX9rY XfnrWoSd4YVQabICiKUkEdw= =Dhvz -----END PGP SIGNATURE----- From ma+xi at dt.e-technik.uni-dortmund.de Tue Dec 30 12:08:32 2003 From: ma+xi at dt.e-technik.uni-dortmund.de (Matthias Andree) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] only_from In-Reply-To: <3FF1523C.1080902@vehoff.net> =?iso-8859-15?q?=28J=F6rn?= Vehoff's message of "Tue, 30 Dec 2003 11:23:56 +0100") References: <3FF1523C.1080902@vehoff.net> Message-ID: J?rn Vehoff writes: > I am using xinetd Version 2.3.4 libwrap loadavg on a Debian box to run > exim. Use a current xinetd version such as 2.3.12. -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95