freedt: GPL-licensed clones of some of Dan Bernstein's utilities. Copyright 2001, 2002, 2003, 2009 Adam Sampson Please report bugs to . These tools were written from the descriptions at as they stood at version 0.70, and as they stood at version 0.88. They share no code with the originals, and are licensed under the terms of the GNU General Public License version 2 or, at your option, any later version, as published by the Free Software Foundation; see COPYING for more information. These tools almost certainly aren't production quality yet; if you want that, use djb's versions (or send me patches!). I don't use djb's libraries, since they weren't public domain when I started porting this, and I wanted to implement it entirely from scratch. (Version 0.1 of freedt used stdio; later versions use my iolib.) The tools should be portable across POSIX/SUS-ish systems. fghack, multilog, tai64n and tai64nlocal are not included. (I'm unlikely to clone either of the first two, but tai support for dumblog is quite possible in the future.) recordio is implemented as a script calling ratelimit. All the tools can be invoked as "sometool -V" to print their version number, or "sometool -?" to print simple usage information. dumblog is a simple logging daemon; a simple replacement for multilog. It writes to a single file, adding ctime(3) timestamps to the start of lines if invoked with the -c option. Upon receipt of SIGHUP, it will write out any data it has already received, and then close and reopen its log file (this can be used for log rolling---rename(2) the log file and then hup dumblog). Upon receipt of SIGTERM, it will write out any buffered data and close its log file. If you want a tcpserver-like program (and you will, if you want to run anonidentd), then have a look at my "onenetd" program. anonidentd provides a "dummy" implementation of the RFC1413 Identification Protocol, returning a HIDDEN-USER error by default or if "-n" is specified, or a UNIX userid of your choice if one is specified with "-c userid". It logs requests to stderr. If the environment variables UID or GID are specified, anonidentd will change to the given UID and/or GID as setuidgid does. If the environment variable ROOT is set, anonidentd will chroot() to it immediately upon startup (before doing any network IO). A typical service run script for anonidentd might look like: #!/bin/sh ROOT=/service/anonidentd/root export ROOT exec 2>&1 exec envuidgid identd onenetd 0 113 anonidentd -c trustnobody mkservice will create an svscan service directory with logging, which can then be edited as required and linked into /service. ratelimit runs a program, limiting the rate at which it can perform input and output according to the "-i" or "-o" options, which specify limits in bytes per second. The "-r" option makes ratelimit record input and output in the same way that djb's recordio does. ratelimit runs as a child process of the process it's limiting, and exits when it's seen the end of its output (yes, this is odd, but it's what recordio does according to the manual, and it does make sense when you're using it for bandwidth limiting under tcpserver). To do: - merge my cdb reimplementation - implement seperate programs for tcprules, hostname lookups, ident lookups Differences from djb's implementations: - error messages are somewhat different - svc supports a -X flag to cause supervise to quit immediately - supervise's control protocol and status file are in a different format to the djb version (since the djb version's internals are not documented) - supervise calls setsid() before running its client process so if the client process nukes everything in its process group (like pppd) it doesn't take out supervise and svscan too; we therefore don't need pgrphack. - svscan starts logging services as "supervise x/log" rather than "cd x; supervise log", so they show up more sensibly in ps Other replacements for djb tools that are out there: - postfix is vaguely like qmail; turn on the setuid helper program to avoid problems with world-writable directories - courier is very qmail-ish (in the way it delivers mail, anyway) - sock can be used as a simple replacement for tcpserver/tcpclient, but doesn't have most of their features; however, it does work for UDP, which allows Samba's nmbd to be run under supervise: sock -dlu :137 nmbd - my onenetd is almost a drop-in replacement for tcpserver - ipsvd is much like tcpserver, but with far more features (UDP, more flexible rules, etc.) - couriertcpd from courier-imap is a feature-equivalent (but not drop-in) replacement for tcpserver (and the pop3d in the same package is a replacement for qmail-pop3d)