/*
* Create a configuration for one of the special services
*/
struct service_config *sc_make_special( const char *service_name,
const builtin_s *bp,
int instances )
{
struct service_config *scp ;
const char *func = "sc_make" ;
if ( ( scp = sc_alloc( service_name ) ) == NULL )
return( NULL ) ;
SC_ID(scp) = new_string( SC_NAME(scp) ) ;
if ( SC_ID(scp) == NULL )
{
out_of_memory( func ) ;
/*
* Since we're returning instead of exiting, it's probably a good idea to
* free scp
*/
sc_free( scp );
return( NULL ) ;
}
SC_SPECIFY( scp, A_ID ) ;
/*
* All special services are internal
*/
M_SET( SC_TYPE(scp), ST_SPECIAL ) ;
M_SET( SC_TYPE(scp), ST_INTERNAL ) ;
SC_BUILTIN(scp) = bp ;
SC_SPECIFY( scp, A_TYPE ) ;
M_SET( SC_XFLAGS(scp), SF_NORETRY ) ;
SC_SPECIFY( scp, A_FLAGS ) ;
SC_INSTANCES(scp) = instances ;
SC_SPECIFY( scp, A_INSTANCES ) ;
SC_WAIT(scp) = NO ;
SC_SPECIFY( scp, A_WAIT ) ;
return( scp ) ;
}
/*
* Get a service entry. Steps:
*
* 1. Parse entry attributes
* 2. Determine service id
* 3. Insert entry in table
*/
static void get_service_entry( int fd,
pset_h sconfs,
const char *name,
struct service_config *defaults )
{
struct service_config *scp ;
const char *func = "get_service_entry" ;
scp = sc_alloc( name ) ;
if ( scp == NULL )
{
skip_entry( fd ) ;
return ;
}
/* Now fill in default attributes if given. */
if ( SC_SPECIFIED( defaults, A_LOG_ON_SUCCESS ) &&
! SC_IS_PRESENT( scp, A_LOG_ON_SUCCESS) )
fill_attribute( A_LOG_ON_SUCCESS, scp, defaults ) ;
if ( SC_SPECIFIED( defaults, A_LOG_ON_FAILURE ) &&
! SC_IS_PRESENT( scp, A_LOG_ON_FAILURE ) )
fill_attribute( A_LOG_ON_FAILURE, scp, defaults ) ;
if ( SC_SPECIFIED( defaults, A_ONLY_FROM ) &&
! SC_IS_PRESENT( scp, A_ONLY_FROM ) )
fill_attribute( A_ONLY_FROM, scp, defaults ) ;
if ( SC_SPECIFIED( defaults, A_NO_ACCESS ) &&
! SC_IS_PRESENT( scp, A_NO_ACCESS ) )
fill_attribute( A_NO_ACCESS, scp, defaults ) ;
if ( SC_SPECIFIED( defaults, A_PASSENV ) &&
! SC_IS_PRESENT( scp, A_PASSENV ) )
fill_attribute( A_PASSENV, scp, defaults ) ;
if ( SC_SPECIFIED( defaults, A_ACCESS_TIMES ) &&
! SC_IS_PRESENT( scp, A_ACCESS_TIMES ) )
fill_attribute( A_ACCESS_TIMES, scp, defaults ) ;
if ( SC_SPECIFIED( defaults, A_BANNER ) &&
! SC_IS_PRESENT( scp, A_BANNER ) )
fill_attribute( A_BANNER, scp, defaults ) ;
if ( SC_SPECIFIED( defaults, A_BANNER_SUCCESS ) &&
! SC_IS_PRESENT( scp, A_BANNER_SUCCESS ) )
fill_attribute( A_BANNER_SUCCESS, scp, defaults ) ;
if ( SC_SPECIFIED( defaults, A_BANNER_FAIL ) &&
! SC_IS_PRESENT( scp, A_BANNER_FAIL ) )
fill_attribute( A_BANNER_FAIL, scp, defaults ) ;
if ( parse_entry( SERVICE_ENTRY, fd, scp ) == FAILED )
{
sc_free( scp ) ;
skip_entry( fd ) ;
return ;
}
/*
* If no service id was specified, set it equal to the service name
*/
if ( ! SC_SPECIFIED( scp, A_ID ) ) {
if ( (SC_ID(scp) = new_string( SC_NAME(scp) )) )
SC_PRESENT( scp, A_ID ) ;
else
{
out_of_memory( func ) ;
sc_free( scp ) ;
return ;
}
}
if ( ! (pset_add( sconfs, scp )) )
{
out_of_memory( func ) ;
sc_free( scp ) ;
return ;
}
}
static int get_next_inet_entry( int fd, pset_h sconfs,
struct service_config *defaults)
{
char *p;
str_h strp;
char *line = next_line(fd);
struct service_config *scp;
unsigned u, i;
const char *func = "get_next_inet_entry";
char *name = NULL, *rpcvers = NULL, *rpcproto = NULL;
char *group, *proto, *stype;
const struct name_value *nvp;
struct protoent *pep ;
struct passwd *pw ;
struct group *grp ;
const char *dot = ".";
const char *slash = "/";
pset_h args;
if( line == CHAR_NULL )
return -2;
strp = str_parse( line, " \t", STR_RETURN_ERROR, INT_NULL ) ;
if( strp == NULL )
{
parsemsg( LOG_CRIT, func, "inetd.conf - str_parse failed" ) ;
return( -1 ) ;
}
if( (args = pset_create(10,10)) == NULL )
{
out_of_memory(func);
return -1;
}
/* Break the line into components, based on spaces */
while( (p = str_component( strp )) )
{
if( pset_add(args, p) == NULL )
{
parsemsg( LOG_CRIT, func, ES_NOMEM );
pset_destroy(args);
return -1;
}
}
str_endparse( strp );
/* get the service name */
name = new_string((char *)pset_pointer( args, 0 ));
if( name == NULL ) {
parsemsg( LOG_ERR, func, "inetd.conf - Invalid service name" );
pset_destroy(args);
return -1;
}
/* Check to find the '/' for specifying RPC version numbers */
if( (rpcvers = strstr(name, slash)) != NULL ) {
*rpcvers = '\0';
rpcvers++;
}
scp = sc_alloc( name );
if( scp == NULL )
{
pset_destroy(args);
free( name );
return -1;
}
/*
* sc_alloc makes its own copy of name. At this point, sc_alloc worked
* so we will free our copy to avoid leaks.
*/
free( name );
/* Replicate inetd behavior in this regard. Also makes sure the
* service actually works on system where setgroups(0,NULL) doesn't
* work.
*/
SC_GROUPS(scp) = YES;
SC_SPECIFY( scp, A_GROUPS );
/* Get the socket type (stream dgram) */
stype = (char *)pset_pointer(args, 1);
if( stype == NULL ) {
parsemsg( LOG_ERR, func, "inetd.conf - Invalid socket type" );
pset_destroy(args);
sc_free(scp);
return -1;
}
nvp = nv_find_value( socket_types, stype );
if( nvp == NULL )
{
parsemsg( LOG_ERR, func, "inetd.conf - Bad socket type: %s", p);
pset_destroy(args);
sc_free(scp);
return -1;
}
SC_SOCKET_TYPE(scp) = nvp->value;
/* Get the protocol type */
proto = (char *)pset_pointer(args,2);
if( strstr(proto, "rpc") != NULL )
{
int rpcmin, rpcmax;
struct rpc_data *rdp = SC_RPCDATA( scp ) ;
if( rpcvers == NULL ) {
pset_destroy(args);
sc_free(scp);
return -1;
/* uh oh */
}
p = strchr(rpcvers, '-');
if( p && parse_int(rpcvers, 10, '-', &rpcmin) == 0 ) {
if( parse_base10(p + 1, &rpcmax) || rpcmin > rpcmax ) {
pset_destroy(args);
sc_free(scp);
return -1;
}
} else {
if( parse_base10(rpcvers, &rpcmin) ) {
pset_destroy(args);
sc_free(scp);
return -1;
}
rpcmax = rpcmin;
}
/* now have min and max rpc versions */
rdp->rd_min_version = rpcmin;
rdp->rd_max_version = rpcmax;
rpcproto = strstr(proto, slash);
if( rpcproto == NULL ) {
parsemsg( LOG_ERR, func, "inetd.conf - bad rpc version numbers" );
pset_destroy(args);
sc_free(scp);
return -1;
}
*rpcproto = '\0';
rpcproto++;
proto = rpcproto;
/* Set the RPC type field */
nvp = nv_find_value( service_types, "RPC" );
if ( nvp == NULL )
{
parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
M_SET(SC_TYPE(scp), nvp->value);
}
if ( ( pep = getprotobyname( proto ) ) == NULL )
{
parsemsg( LOG_ERR, func, "inetd.conf - Protocol %s not in /etc/protocols",
proto ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
SC_PROTONAME(scp) = new_string( proto ) ;
if ( SC_PROTONAME(scp) == NULL )
{
out_of_memory( func ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
SC_PROTOVAL(scp) = pep->p_proto;
SC_SPECIFY(scp, A_PROTOCOL);
/* Get the wait attribute */
p = (char *)pset_pointer(args, 3);
if ( p == NULL ) {
parsemsg( LOG_ERR, func, "inetd.conf - No value specified for wait" );
sc_free(scp);
return -1;
}
if ( EQ( p, "wait" ) )
SC_WAIT(scp) = YES ;
else if ( EQ( p, "nowait" ) )
SC_WAIT(scp) = NO ;
else
parsemsg( LOG_ERR, func, "inetd.conf - Bad value for wait: %s", p ) ;
/* Get the user to run as */
p = (char *)pset_pointer(args, 4);
if ( p == NULL ) {
parsemsg( LOG_ERR, func, "inetd.conf - No value specified for user" );
sc_free(scp);
return -1;
}
if( (group = strstr(p, dot)) )
{
*group = '\0';
group++;
grp = (struct group *)getgrnam( (char *)group ) ;
if ( grp == NULL )
{
parsemsg( LOG_ERR, func, "inetd.conf - Unknown group: %s", group ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
SC_GID(scp) = ((struct group *)grp)->gr_gid;
SC_SPECIFY( scp, A_GROUP );
}
pw = getpwnam( p );
if ( pw == NULL )
{
parsemsg( LOG_ERR, func, "inetd.conf - Unknown user: %s", p ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
str_fill( pw->pw_passwd, ' ' );
SC_UID(scp) = pw->pw_uid;
SC_USER_GID(scp) = pw->pw_gid;
/* Get server name, or flag as internal */
p = (char *)pset_pointer(args, 5);
if ( p == NULL ) {
parsemsg( LOG_ERR, func, "inetd.conf - No value specified for user" );
sc_free(scp);
return -1;
}
if( EQ( p, "internal" ) )
{
nvp = nv_find_value( service_types, "INTERNAL" );
if ( nvp == NULL )
{
parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
M_SET(SC_TYPE(scp), nvp->value);
if( EQ( SC_NAME(scp), "time" ) ) {
if( EQ( proto, "stream" ) )
SC_ID(scp) = new_string("time-stream");
else
SC_ID(scp) = new_string("time-dgram");
}
if( EQ( SC_NAME(scp), "daytime" ) ) {
if( EQ( proto, "stream" ) )
SC_ID(scp) = new_string("daytime-stream");
else
SC_ID(scp) = new_string("daytime-dgram");
}
if( EQ( SC_NAME(scp), "chargen" ) ) {
if( EQ( proto, "stream" ) )
SC_ID(scp) = new_string("chargen-stream");
else
SC_ID(scp) = new_string("chargen-dgram");
}
if( EQ( SC_NAME(scp), "echo" ) ) {
if( EQ( proto, "stream" ) )
SC_ID(scp) = new_string("echo-stream");
else
SC_ID(scp) = new_string("echo-dgram");
}
if( EQ( SC_NAME(scp), "discard" ) )
{
parsemsg(LOG_WARNING, func,
"inetd.conf - service discard not supported");
pset_destroy(args);
sc_free(scp);
return -1;
}
}
else
{
SC_SERVER(scp) = new_string( p );
if ( SC_SERVER(scp) == NULL )
{
out_of_memory( func ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
SC_SPECIFY( scp, A_SERVER);
/* Get argv */
SC_SERVER_ARGV(scp) = (char **)argv_alloc(pset_count(args)+1);
for( u = 0; u < pset_count(args)-6 ; u++ )
{
p = new_string((char *)pset_pointer(args, u+6));
if( p == NULL )
{
for ( i = 1 ; i < u ; i++ )
free( SC_SERVER_ARGV(scp)[i] );
free( SC_SERVER_ARGV(scp) );
pset_destroy(args);
sc_free(scp);
return -1;
}
SC_SERVER_ARGV(scp)[u] = p;
}
/* Set the reuse flag, as this is the default for inetd */
nvp = nv_find_value( service_flags, "REUSE" );
if ( nvp == NULL )
{
parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
M_SET(SC_XFLAGS(scp), nvp->value);
/* Set the NOLIBWRAP flag, since inetd doesn't have libwrap built in */
nvp = nv_find_value( service_flags, "NOLIBWRAP" );
if ( nvp == NULL )
{
parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
M_SET(SC_XFLAGS(scp), nvp->value);
/* Set the NAMEINARGS flag, as that's the default for inetd */
nvp = nv_find_value( service_flags, "NAMEINARGS" );
if ( nvp == NULL )
{
parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
pset_destroy(args);
sc_free(scp);
return (-1);
}
M_SET(SC_XFLAGS(scp), nvp->value);
SC_SPECIFY( scp, A_SERVER_ARGS );
if ( (SC_ID(scp) = new_string( SC_NAME(scp) )) )
SC_PRESENT( scp, A_ID ) ;
else
{
out_of_memory( func ) ;
pset_destroy(args);
sc_free(scp);
return -1;
}
}
SC_SPECIFY( scp, A_PROTOCOL );
SC_SPECIFY( scp, A_USER );
SC_SPECIFY( scp, A_SOCKET_TYPE );
SC_SPECIFY( scp, A_WAIT );
if( ! pset_add(sconfs, scp) )
{
out_of_memory( func );
pset_destroy(args);
sc_free(scp);
return -1;
}
pset_destroy(args);
parsemsg( LOG_DEBUG, func, "added service %s", SC_NAME(scp));
return 0;
}
/*
* Free all malloc'ed memory for the specified service
*/
void sc_free( struct service_config *scp )
{
#ifdef HAVE_MDNS
COND_FREE( SC_MDNS_NAME(scp) );
xinetd_mdns_svc_free(scp);
#endif
#ifdef LIBWRAP
COND_FREE( SC_LIBWRAP(scp) );
#endif
COND_FREE( SC_NAME(scp) ) ;
COND_FREE( SC_ID(scp) ) ;
COND_FREE( SC_PROTONAME(scp) ) ;
COND_FREE( SC_SERVER(scp) ) ;
COND_FREE( (char *)SC_REDIR_ADDR(scp) ) ;
COND_FREE( (char *)SC_BIND_ADDR(scp) ) ;
COND_FREE( (char *)SC_ORIG_BIND_ADDR(scp) ) ;
COND_FREE( (char *)SC_BANNER(scp) ) ;
COND_FREE( (char *)SC_BANNER_SUCCESS(scp) ) ;
COND_FREE( (char *)SC_BANNER_FAIL(scp) ) ;
if ( SC_SERVER_ARGV(scp) )
{
char **pp ;
/*
* argv[ 0 ] is a special case because it may not have been allocated yet
*/
if ( SC_SERVER_ARGV(scp)[ 0 ] != NULL)
free( SC_SERVER_ARGV(scp)[ 0 ] ) ;
for ( pp = &SC_SERVER_ARGV(scp)[ 1 ] ; *pp != NULL ; pp++ )
free( *pp ) ;
free( (char *) SC_SERVER_ARGV(scp) ) ;
}
COND_FREE( LOG_GET_FILELOG( SC_LOG( scp ) )->fl_filename ) ;
if ( SC_ACCESS_TIMES(scp) != NULL )
{
ti_free( SC_ACCESS_TIMES(scp) ) ;
pset_destroy( SC_ACCESS_TIMES(scp) ) ;
}
if ( SC_ONLY_FROM(scp) != NULL )
{
addrlist_free( SC_ONLY_FROM(scp) ) ;
pset_destroy( SC_ONLY_FROM(scp) ) ;
}
if ( SC_NO_ACCESS(scp) != NULL )
{
addrlist_free( SC_NO_ACCESS(scp) ) ;
pset_destroy( SC_NO_ACCESS(scp) ) ;
}
if ( SC_ENV_VAR_DEFS(scp) != NULL )
release_string_pset( SC_ENV_VAR_DEFS(scp) ) ;
if ( SC_PASS_ENV_VARS(scp) != NULL )
release_string_pset( SC_PASS_ENV_VARS(scp) ) ;
if ( SC_ENV( scp )->env_type == CUSTOM_ENV &&
SC_ENV( scp )->env_handle != ENV_NULL )
env_destroy( SC_ENV( scp )->env_handle ) ;
if (SC_DISABLED(scp) )
release_string_pset( SC_DISABLED(scp) ) ;
if (SC_ENABLED(scp) )
release_string_pset( SC_ENABLED(scp) ) ;
CLEAR( *scp ) ;
FREE_SCONF( scp ) ;
}
/*
* Print info about service scp to file descriptor fd
*/
void sc_dump( struct service_config *scp,
int fd,
int tab_level,
bool_int is_defaults )
{
const struct name_value *nvp ;
unsigned u ;
char **pp ;
if ( is_defaults )
tabprint( fd, tab_level, "Service defaults\n" ) ;
else
tabprint( fd, tab_level, "Service configuration: %s\n", SC_NAME(scp) ) ;
if ( ! is_defaults )
{
tabprint( fd, tab_level+1, "id = %s\n", SC_ID(scp) ) ;
if ( ! M_ARE_ALL_CLEAR( SC_XFLAGS(scp) ) )
{
tabprint( fd, tab_level+1, "flags =" ) ;
for ( nvp = &service_flags[ 0 ] ; nvp->name != NULL ; nvp++ )
if ( M_IS_SET( SC_XFLAGS(scp), nvp->value ) )
Sprint( fd, " %s", nvp->name ) ;
Sputchar( fd, '\n' ) ;
}
if ( ! M_ARE_ALL_CLEAR( SC_TYPE(scp) ) )
{
tabprint( fd, tab_level+1, "type =" ) ;
for ( nvp = &service_types[ 0 ] ; nvp->name != NULL ; nvp++ )
if ( M_IS_SET( SC_TYPE(scp), nvp->value ) )
Sprint( fd, " %s", nvp->name ) ;
Sputchar( fd, '\n' ) ;
}
tabprint( fd, tab_level+1, "socket_type = %s\n",
nv_get_name( socket_types, SC_SOCKET_TYPE(scp) ) ) ;
tabprint( fd, tab_level+1, "Protocol (name,number) = (%s,%d)\n",
SC_PROTONAME(scp), SC_PROTOVAL(scp) ) ;
if ( SC_SPECIFIED( scp, A_PORT ) )
tabprint( fd, tab_level+1, "port = %d\n", SC_PORT(scp) ) ;
}
if ( SC_SPECIFIED( scp, A_INSTANCES ) ) {
if ( SC_INSTANCES(scp) == UNLIMITED )
tabprint( fd, tab_level+1, "Instances = UNLIMITED\n" ) ;
else
tabprint( fd, tab_level+1, "Instances = %d\n", SC_INSTANCES(scp) ) ;
}
if ( SC_SPECIFIED( scp, A_WAIT ) ) {
if ( SC_WAIT(scp) )
tabprint( fd, tab_level+1, "wait = yes\n" ) ;
else
tabprint( fd, tab_level+1, "wait = no\n" ) ;
}
if ( SC_SPECIFIED( scp, A_USER ) )
tabprint( fd, tab_level+1, "user = %d\n", SC_UID(scp) ) ;
if ( SC_SPECIFIED( scp, A_GROUP ) )
tabprint( fd, tab_level+1, "group = %d\n", SC_GID(scp) ) ;
if ( SC_SPECIFIED( scp, A_GROUPS ) )
{
if (SC_GROUPS(scp) == 1)
tabprint( fd, tab_level+1, "Groups = yes\n" );
else
tabprint( fd, tab_level+1, "Groups = no\n" );
}
if ( SC_SPECIFIED( scp, A_UMASK ) )
tabprint( fd, tab_level+1, "umask = %o\n", SC_UMASK(scp) ) ;
if ( SC_SPECIFIED( scp, A_NICE ) )
tabprint( fd, tab_level+1, "Nice = %d\n", SC_NICE(scp) ) ;
if ( SC_SPECIFIED( scp, A_CPS ) )
tabprint( fd, tab_level+1, "CPS = max conn:%lu wait:%lu\n",
SC_TIME_CONN_MAX(scp), SC_TIME_WAIT(scp) );
if ( SC_SPECIFIED( scp, A_PER_SOURCE ) )
tabprint( fd, tab_level+1, "PER_SOURCE = %d\n",
SC_PER_SOURCE(scp) );
if ( SC_SPECIFIED( scp, A_BIND ) ) {
if ( SC_BIND_ADDR(scp) ) {
char bindname[NI_MAXHOST];
unsigned int len = 0;
if( SC_BIND_ADDR(scp)->sa.sa_family == AF_INET )
len = sizeof(struct sockaddr_in);
else
len = sizeof(struct sockaddr_in6);
memset(bindname, 0, sizeof(bindname));
if( getnameinfo(&SC_BIND_ADDR(scp)->sa, len, bindname,
NI_MAXHOST, NULL, 0, 0) != 0 )
strcpy(bindname, "unknown");
tabprint( fd, tab_level+1, "Bind = %s\n", bindname );
}
else if ( SC_ORIG_BIND_ADDR(scp) ) {
tabprint( fd, tab_level+1, "Bind = %s\n",
SC_ORIG_BIND_ADDR(scp) );
}
else { /* This should NEVER happen */
msg(LOG_ERR, "sc_dump", "bad configuration for %s:",
SC_NAME(scp));
}
}
else
tabprint( fd, tab_level+1, "Bind = All addresses.\n" );
if ( ! is_defaults )
{
if ( (! SC_IS_INTERNAL( scp )) && (SC_REDIR_ADDR(scp) == NULL) )
{
tabprint( fd, tab_level+1, "Server = %s\n", SC_SERVER(scp) ) ;
tabprint( fd, tab_level+1, "Server argv =" ) ;
if ( SC_SERVER_ARGV(scp) )
{
for ( pp = SC_SERVER_ARGV(scp) ; *pp ; pp++ )
Sprint( fd, " %s", *pp ) ;
}
else
Sprint( fd, " (NULL)");
Sputchar( fd, '\n' ) ;
}
#ifdef LIBWRAP
if ( SC_LIBWRAP(scp) != NULL )
{
tabprint( fd, tab_level + 1, "Libwrap = %s\n", SC_LIBWRAP(scp) );
}
#endif
if ( SC_REDIR_ADDR(scp) != NULL )
{
char redirname[NI_MAXHOST];
unsigned int len = 0;
if( SC_REDIR_ADDR(scp)->sa.sa_family == AF_INET )
len = sizeof(struct sockaddr_in);
if( SC_REDIR_ADDR(scp)->sa.sa_family == AF_INET6 )
len = sizeof(struct sockaddr_in6);
memset(redirname, 0, sizeof(redirname));
if( getnameinfo(&SC_REDIR_ADDR(scp)->sa, len, redirname, NI_MAXHOST,
NULL, 0, 0) != 0 )
strcpy(redirname, "unknown");
tabprint( fd, tab_level+1, "Redirect = %s:%d\n", redirname,
SC_REDIR_ADDR(scp)->sa_in.sin_port );
}
if ( SC_IS_RPC( scp ) )
{
struct rpc_data *rdp = SC_RPCDATA( scp ) ;
tabprint( fd, tab_level+1, "RPC data\n" ) ;
tabprint( fd, tab_level+2,
"program number = %ld\n", rdp->rd_program_number ) ;
tabprint( fd, tab_level+2, "rpc_version = " ) ;
if ( rdp->rd_min_version == rdp->rd_max_version )
Sprint( fd, "%ld\n", rdp->rd_min_version ) ;
else
Sprint( fd, "%ld-%ld\n",
rdp->rd_min_version, rdp->rd_max_version ) ;
}
if ( SC_SPECIFIED( scp, A_ACCESS_TIMES ) )
{
tabprint( fd, tab_level+1, "Access times =" ) ;
ti_dump( SC_ACCESS_TIMES(scp), fd ) ;
Sputchar ( fd, '\n' ) ;
}
}
/* This is important enough that each service should list it. */
tabprint( fd, tab_level+1, "Only from: " ) ;
if ( SC_ONLY_FROM(scp) )
{ /* Next check is done since -= doesn't zero out lists. */
if ( pset_count(SC_ONLY_FROM(scp)) == 0)
Sprint( fd, "All sites" );
else
addrlist_dump( SC_ONLY_FROM(scp), fd ) ;
}
else
Sprint( fd, "All sites" );
Sputchar( fd, '\n' ) ;
/* This is important enough that each service should list it. */
tabprint( fd, tab_level+1, "No access: " ) ;
if ( SC_NO_ACCESS(scp) )
{ /* Next check is done since -= doesn't zero out lists. */
if ( pset_count(SC_NO_ACCESS(scp)) == 0)
Sprint( fd, "No blocked sites" );
else
addrlist_dump( SC_NO_ACCESS(scp), fd ) ;
}
else
Sprint( fd, "No blocked sites" );
Sputchar( fd, '\n' ) ;
if ( SC_SENSOR(scp) )
{
tabprint( fd, tab_level+1, "Deny Time: " ) ;
Sprint( fd, "%d\n", SC_DENY_TIME(scp));
}
dump_log_data( fd, scp, tab_level+1 ) ;
if ( SC_IS_PRESENT( scp, A_PASSENV ) )
{
tabprint( fd, tab_level+1, "Passenv =" ) ;
for ( u = 0 ; u < pset_count( SC_PASS_ENV_VARS(scp) ) ; u++ )
Sprint( fd, " %s",
(char *) pset_pointer( SC_PASS_ENV_VARS(scp), u ) ) ;
Sputchar ( fd, '\n' ) ;
}
if ( ! is_defaults )
if ( SC_SPECIFIED( scp, A_ENV ) )
{
tabprint( fd, tab_level+1, "Environment additions:\n" ) ;
for ( u = 0 ; u < pset_count( SC_ENV_VAR_DEFS(scp) ) ; u++ )
tabprint( fd, tab_level+2,
"%s\n", (char *) pset_pointer( SC_ENV_VAR_DEFS(scp), u ) ) ;
}
if ( SC_ENV( scp )->env_type == CUSTOM_ENV )
{
tabprint( fd, tab_level+1, "Environment strings:\n" ) ;
for ( pp = env_getvars( SC_ENV( scp )->env_handle ) ; *pp ; pp++ )
tabprint( fd, tab_level+2, "%s\n", *pp ) ;
}
Sflush( fd ) ;
}
/*
* Activate a service.
*/
status_e svc_activate( struct service *sp )
{
struct service_config *scp = SVC_CONF( sp ) ;
status_e status ;
const char *func = "svc_activate" ;
/* No activation for MUXCLIENTS.
*/
if (SC_IS_MUXCLIENT( scp ))
{
return( OK );
}
if( SC_IPV4( scp ) ) {
SVC_FD(sp) = socket( AF_INET,
SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
} else if( SC_IPV6( scp ) ) {
SVC_FD(sp) = socket( AF_INET6,
SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
}
if ( SVC_FD(sp) == -1 )
{
msg( LOG_ERR, func,
"socket creation failed (%m). service = %s", SC_ID( scp ) ) ;
return( FAILED ) ;
}
if ( set_fd_modes( sp ) == FAILED )
{
(void) Sclose( SVC_FD(sp) ) ;
return( FAILED ) ;
}
#ifndef NO_RPC
if ( SC_IS_RPC( scp ) )
status = activate_rpc( sp ) ;
else
#endif /* ! NO_RPC */
status = activate_normal( sp ) ;
if ( status == FAILED )
{
(void) Sclose( SVC_FD(sp) ) ;
return( FAILED ) ;
}
#ifdef HAVE_MDNS
xinetd_mdns_register(scp);
#endif
if ( log_start( sp, &SVC_LOG(sp) ) == FAILED )
{
deactivate( sp ) ;
return( FAILED ) ;
}
/*
* Initialize the service data
*/
SVC_RUNNING_SERVERS(sp) = SVC_RETRIES(sp) = 0 ;
if ( SC_MUST_LISTEN( scp ) )
(void) listen( SVC_FD(sp), LISTEN_BACKLOG ) ;
ps.rws.descriptors_free-- ;
SVC_STATE(sp) = SVC_ACTIVE ;
FD_SET( SVC_FD(sp), &ps.rws.socket_mask ) ;
if ( SVC_FD(sp) > ps.rws.mask_max )
ps.rws.mask_max = SVC_FD(sp) ;
ps.rws.active_services++ ;
ps.rws.available_services++ ;
return( OK ) ;
}
static status_e activate_normal( struct service *sp )
{
union xsockaddr tsin;
int sd = SVC_FD( sp ) ;
struct service_config *scp = SVC_CONF( sp ) ;
uint16_t service_port = SC_PORT( scp ) ;
char *sid = SC_ID( scp ) ;
const char *func = "activate_normal" ;
unsigned int sin_len = sizeof(tsin);
int on = 1;
#ifdef IPV6_V6ONLY
int v6on = 0;
#endif
if( SC_BIND_ADDR(scp) != NULL )
memcpy(&tsin, SC_BIND_ADDR(scp), sin_len);
else
memset(&tsin, 0, sin_len);
if( SC_IPV4( scp ) ) {
tsin.sa_in.sin_family = AF_INET ;
tsin.sa_in.sin_port = htons( service_port ) ;
sin_len = sizeof(struct sockaddr_in);
} else if( SC_IPV6( scp ) ) {
tsin.sa_in6.sin6_family = AF_INET6;
tsin.sa_in6.sin6_port = htons( service_port );
sin_len = sizeof(struct sockaddr_in6);
}
#ifdef IPV6_V6ONLY
if( SC_IPV6(scp) ) {
if( SC_SPECIFIED(scp, A_V6ONLY) ) {
v6on = 1;
} else {
v6on = 0;
}
if( setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&v6on, sizeof(v6on)) < 0 ) {
msg( LOG_ERR, func, "Setting IPV6_V6ONLY option failed (%m)" );
}
}
#endif
if ( setsockopt( sd, SOL_SOCKET, SO_REUSEADDR,
(char *) &on, sizeof( on ) ) == -1 )
msg( LOG_WARNING, func,
"setsockopt SO_REUSEADDR failed (%m). service = %s", sid ) ;
if( SC_NODELAY( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
{
if ( setsockopt( sd, IPPROTO_TCP, TCP_NODELAY,
(char *) &on, sizeof( on ) ) == -1 )
msg( LOG_WARNING, func,
"setsockopt TCP_NODELAY failed (%m). service = %s", sid ) ;
}
if( SC_KEEPALIVE( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
{
if( setsockopt(sd, SOL_SOCKET, SO_KEEPALIVE,
(char *)&on, sizeof( on ) ) < 0 )
msg( LOG_WARNING, func,
"setsockopt SO_KEEPALIVE failed (%m). service = %s", sid ) ;
}
if ( bind( sd, &tsin.sa, sin_len ) == -1 )
{
msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
return( FAILED ) ;
}
#ifdef IN_MULTICAST
if( SC_IPV4(scp) && IN_MULTICAST( ntohl(tsin.sa_in.sin_addr.s_addr) ) ) {
struct ifaddrs *addrs, *addr;
struct ip_mreq mreq;
if (getifaddrs(&addrs) == 0) {
addr = addrs;
while (addr)
{
if (addr->ifa_addr && (addr->ifa_flags & IFF_MULTICAST))
{
mreq.imr_multiaddr.s_addr = tsin.sa_in.sin_addr.s_addr;
mreq.imr_interface.s_addr = ((struct sockaddr_in *)addr->ifa_addr)->sin_addr.s_addr;
setsockopt(sd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
}
addr = addr->ifa_next;
}
freeifaddrs(addrs);
if ( debug.on )
msg( LOG_DEBUG, func, "Adding multicast membership." );
}
else {
msg( LOG_ERR, func, "getifaddrs failed (%m). service = %s", sid );
}
}
#endif
return( OK ) ;
}
static status_e activate_rpc( struct service *sp )
{
union xsockaddr tsin;
socklen_t sin_len = sizeof(tsin);
unsigned long vers ;
struct service_config *scp = SVC_CONF( sp ) ;
struct rpc_data *rdp = SC_RPCDATA( scp ) ;
char *sid = SC_ID( scp ) ;
unsigned registered_versions = 0 ;
int sd = SVC_FD( sp ) ;
const char *func = "activate_rpc" ;
if( SC_BIND_ADDR(scp) != 0 )
memcpy( &tsin, SC_BIND_ADDR(scp), sizeof(tsin) );
else
memset( &tsin, 0, sizeof(tsin));
if ( SC_PROTOVAL ( scp ) == IPPROTO_TCP ) {
M_SET ( scp->sc_xflags, SF_NOLIBWRAP );
}
if( SC_IPV4( scp ) ) {
tsin.sa_in.sin_family = AF_INET ;
sin_len = sizeof(struct sockaddr_in);
} else if( SC_IPV6( scp ) ) {
tsin.sa_in6.sin6_family = AF_INET6 ;
sin_len = sizeof(struct sockaddr_in6);
}
if ( bind( sd, &tsin.sa, sin_len ) == -1 )
{
msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
return( FAILED ) ;
}
/*
* Find the port number that was assigned to the socket
*/
if ( getsockname( sd, &tsin.sa, &sin_len ) == -1 )
{
msg( LOG_ERR, func,
"getsockname failed (%m). service = %s", sid ) ;
return( FAILED ) ;
}
if( tsin.sa.sa_family == AF_INET )
SC_SET_PORT( scp, ntohs( tsin.sa_in.sin_port ) ) ;
else if( tsin.sa.sa_family == AF_INET6 )
SC_SET_PORT( scp, ntohs( tsin.sa_in6.sin6_port ) ) ;
/*
* Try to register as many versions as possible
*/
for ( vers = RD_MINVERS( rdp ) ; vers <= RD_MAXVERS( rdp ) ; vers++ ) {
/* Is this right? For instance, if we have both tcp and udp services,
* this will unregister the previously registered protocol.
* pmap_unset(RD_PROGNUM(rdp), vers);
*/
if ( pmap_set( RD_PROGNUM( rdp ), vers, SC_PROTOVAL( scp ),
SC_PORT( scp ) ) )
registered_versions++ ;
else
msg( LOG_ERR, func,
"pmap_set failed. service=%s program=%ld version=%ld",
sid, RD_PROGNUM( rdp ), vers ) ;
sleep(1);
}
if ( debug.on )
msg( LOG_DEBUG, func,
"Registered %d versions of %s", registered_versions, sid ) ;
return( ( registered_versions == 0 ) ? FAILED : OK ) ;
}
/*
* This function is invoked in a forked process to run a server.
* If the service is internal the appropriate function is invoked
* otherwise the server program is exec'ed.
* This function also logs the remote user id if appropriate
*/
void child_process( struct server *serp )
{
struct service *sp = SERVER_SERVICE( serp ) ;
connection_s *cp = SERVER_CONNECTION( serp ) ;
struct service_config *scp = SVC_CONF( sp ) ;
const char *func = "child_process" ;
signal_default_state();
if ((signals_pending[0] >= 0 && Sclose(signals_pending[0])) ||
(signals_pending[1] >= 0 && Sclose(signals_pending[1])))
{
msg(LOG_ERR, func, "Failed to close the signal pipe: %m");
_exit(1);
}
signals_pending[0] = -1;
signals_pending[1] = -1;
Sclose(0);
Sclose(1);
Sclose(2);
#ifdef DEBUG_SERVER
if ( debug.on )
{
msg( LOG_DEBUG, func, "Process %d is sleeping", getpid() ) ;
sleep( 10 ) ;
}
#endif
if ( ! SC_IS_INTERCEPTED( scp ) )
{
set_credentials( scp ) ;
if ( SC_SPECIFIED( scp, A_NICE ) )
(void) nice( SC_NICE( scp ) ) ;
}
if ( svc_child_access_control(sp, cp) != OK )
exit(0);
if ( SERVER_LOGUSER( serp ) )
{
unsigned timeout ;
idresult_e result ;
/*
* We use LOGUSER_SUCCESS_TIMEOUT unless the service requires
* identification, in which case we use an infinite timeout
*/
timeout = SC_MUST_IDENTIFY( scp ) ? 0 : LOGUSER_SUCCESS_TIMEOUT ;
result = log_remote_user( serp, timeout ) ;
if ( result != IDR_OK && SC_MUST_IDENTIFY( scp ) )
{
svc_logprint( sp, NOID_ENTRY, "%s %s",
conn_addrstr( SERVER_CONNECTION( serp ) ),
idresult_explain( result ) ) ;
_exit( 0 ) ;
}
}
#ifdef HAVE_SESSIONCREATE
if ( scp->sc_sessioncreate == YES )
{
if ( SessionCreate(0, sessionHasTTY|sessionIsRemote) != noErr )
svc_logprint( sp, "SessionCreate", "SessionCreate() failed!" );
}
#endif
/* this is where the server gets executed -bbraun */
if ( ! SC_IS_INTERNAL( scp ) )
{
if( scp->sc_redir_addr != NULL )
{
redir_handler( serp );
}
else
{
#if defined(HAVE_SETENV)
char buff[1024];
strx_sprint(buff, sizeof(buff)-1, "REMOTE_HOST=%s", conn_addrstr(cp));
if( env_addstr(SC_ENV(scp)->env_handle, buff) != ENV_OK ) {
msg( LOG_ERR, func, "Error adding REMOTE_HOST variable for %s: %m", SC_NAME(scp) );
_exit( 1 ) ;
}
#endif
exec_server( serp ) ;
}
}
else
{
char name[ 180 ] ;
/*
* We don't bother to disassociate from the controlling terminal
* (we have a controlling terminal only if debug.on is TRUE)
*
* Also, for interceptor processes, we give them the name:
* <program_name> <service-id> interceptor
*/
if ( SC_IS_INTERCEPTED( scp ) )
strx_print( INT_NULL, name, sizeof( name ) - 1,
"%s %s interceptor", program_name, SC_ID( scp ) ) ;
else
{
int namelen = sizeof( name ) - 1 ; /* leave space for the NUL */
char host[NI_MAXHOST];
size_t hostlen = NI_MAXHOST;
socklen_t addrlen = 0;
union xsockaddr *sinp = CONN_XADDRESS(SERVER_CONNECTION(serp));
int len;
if( sinp == NULL )
exit(0);
if( SC_IPV6(scp) ) addrlen = sizeof(struct sockaddr_in6);
else if( SC_IPV4(scp) ) addrlen = sizeof(struct sockaddr_in);
len = strx_nprint(name, namelen, "(%s service) %s", program_name,
SC_ID( scp ) ) ;
if( getnameinfo( SA(sinp), addrlen, host, hostlen, NULL, 0, 0) != 0 )
strcpy(host, "unknown");
if ( SC_IPV6(scp) && SC_ACCEPTS_CONNECTIONS( scp ) &&
!IN6_IS_ADDR_UNSPECIFIED(&sinp->sa_in6.sin6_addr) )
strx_print( INT_NULL, &name[ len ], namelen - len, " %s" , host ) ;
if ( SC_IPV4(scp) && SC_ACCEPTS_CONNECTIONS( scp ) )
strx_print( INT_NULL, &name[ len ], namelen - len, " %s", host ) ;
}
rename_process( name ) ;
SVC_INTERNAL( sp, serp ) ;
}
_exit( 0 ) ;
/* NOTREACHED */
}
static void set_credentials( const struct service_config *scp )
{
const char *func = "set_credentials" ;
if ( SC_SPECIFIED( scp, A_GROUP ) || SC_SPECIFIED( scp, A_USER ) ) {
if ( ps.ros.is_superuser )
{
gid_t gid = SC_GETGID( scp ) ;
if ( setgid( gid ) == -1 )
{
msg( LOG_ERR, func, "setgid failed: %m" ) ;
_exit( 1 ) ;
}
#ifndef NO_INITGROUPS
/*
* Bug discovered by [email protected] (a bug fix was also provided;
* a slightly modified version is included here):
* initgroups was not being invoked to set the remaining
* groups appropriately
*/
/* Solar Designer's groups fix */
if ( SC_SPECIFIED( scp, A_USER ) && SC_SPECIFIED( scp, A_GROUPS ) &&
scp->sc_groups == YES )
{
struct passwd *pwd ;
/*
* Invoke getpwuid() to get the user's name.
*
* XXX: we should not need to invoke getpwuid(); we should
* remember the user name in the configuration file.
*/
if ( ( pwd = getpwuid( SC_UID( scp ) ) ) == NULL )
{
msg( LOG_ERR, func, "getpwuid( %d ) (service=%s) failed: %m",
SC_UID( scp ), SC_ID( scp ) ) ;
_exit( 1 ) ;
}
str_fill( pwd->pw_passwd, ' ' );
if ( initgroups( pwd->pw_name, pwd->pw_gid ) == -1 )
{
msg( LOG_ERR, func, "initgroups( %s, %d ) failed: %m",
pwd->pw_name, pwd->pw_gid ) ;
_exit( 1 ) ;
}
}
else
{
if ( setgroups( 0, NULL ) )
{
msg( LOG_ERR, func, "setgroups( 0, NULL ) failed: %m" ) ;
msg( LOG_ERR, func, "Your system may require that 'groups = yes' be defined for this service: %s", scp->sc_name);
_exit( 1 ) ;
}
}
#endif /* ! NO_INITGROUPS */
}
}
if ( SC_SPECIFIED( scp, A_USER ) ) {
if ( setuid( SC_UID( scp ) ) == -1 )
{
msg( LOG_ERR, func, "setuid failed: %m" ) ;
_exit( 1 ) ;
}
}
if ( SC_SPECIFIED( scp, A_UMASK ) )
umask(scp->sc_umask);
}
/*
* This function is running in the new process
*/
void exec_server( const struct server *serp )
{
const struct service_config *scp = SVC_CONF( SERVER_SERVICE( serp ) ) ;
struct rlimit rl ;
int fd ;
int descriptor = SERVER_FD( serp ) ;
const char *server = SC_SERVER( scp ) ;
const char *func = "exec_server" ;
/*
* The following code solves a problem with post-version-4.3
* Ultrix systems (the bug was reported, and a fix was provided by
* [email protected]; a slightly modified version of this
* fix is included here).
*
* If this is a 'nowait' service, we pass the service descriptor
* to the server. Note that we have set the close-on-exec flag
* on all service descriptors. It is unclear whether the dup2()
* will create a descriptor with the close-on-exec flag set,
* so we explicitly clear the flag (since we are doing this
* after the fork, it does not affect the descriptor of the
* parent process).
*/
if ( fcntl( descriptor, F_SETFD, 0 ) == -1 )
msg( LOG_WARNING, func,
"fcntl( %d, clear close-on-exec ) failed: %m", descriptor ) ;
if ( debug.on )
msg( LOG_DEBUG, func, "duping %d", descriptor ) ;
/*
* If server_loguser flag is on, then syslog may have opened fd 0, 1, or
* 2. We call msg_suspend() now so that the logging system doesn't use
* the dup'ed descriptor.
*/
msg_suspend() ;
for ( fd = 0 ; fd <= MAX_PASS_FD ; fd++ )
{
if ( dup2( descriptor, fd ) == -1 )
{
msg_resume();
msg( LOG_ERR, func,
"dup2( %d, %d ) failed: %m", descriptor, fd ) ;
_exit( 1 ) ;
}
}
#ifdef RLIMIT_NOFILE
rl.rlim_max = ps.ros.orig_max_descriptors ;
rl.rlim_cur = ps.ros.max_descriptors ;
(void) setrlimit( RLIMIT_NOFILE, &rl ) ;
#endif
#ifdef RLIMIT_AS
if (SC_RLIM_AS (scp))
{
rl.rlim_cur = SC_RLIM_AS( scp );
rl.rlim_max = SC_RLIM_AS( scp );
(void) setrlimit( RLIMIT_AS, &rl );
}
#endif
#ifdef RLIMIT_CPU
if (SC_RLIM_CPU (scp))
{
rl.rlim_cur = SC_RLIM_CPU( scp );
rl.rlim_max = SC_RLIM_CPU( scp );
(void) setrlimit( RLIMIT_CPU, &rl );
}
#endif
#ifdef RLIMIT_DATA
if (SC_RLIM_DATA (scp))
{
rl.rlim_cur = SC_RLIM_DATA( scp );
rl.rlim_max = SC_RLIM_DATA( scp );
(void) setrlimit( RLIMIT_DATA, &rl );
}
#endif
#ifdef RLIMIT_RSS
if (SC_RLIM_RSS (scp))
{
rl.rlim_cur = SC_RLIM_RSS( scp );
rl.rlim_max = SC_RLIM_RSS( scp );
(void) setrlimit( RLIMIT_RSS, &rl );
}
#endif
#ifdef RLIMIT_STACK
if (SC_RLIM_STACK (scp))
{
rl.rlim_cur = SC_RLIM_STACK( scp );
rl.rlim_max = SC_RLIM_STACK( scp );
(void) setrlimit( RLIMIT_STACK, &rl );
}
#endif
/*
Set the context if the option was given
*/
#ifdef LABELED_NET
if (SC_LABELED_NET(scp))
{
if (set_context_from_socket( scp, descriptor ) < 0) {
msg( LOG_ERR, func,
"Changing process context failed for %s", SC_ID( scp )) ;
_exit( 1 ) ;
}
}
#endif
(void) Sclose( descriptor ) ;
#ifndef solaris
#if !defined(HAVE_SETSID)
msg_resume();
#endif
no_control_tty() ;
#if !defined(HAVE_SETSID)
msg_suspend();
#endif
#endif
(void) execve( server, SC_SERVER_ARGV( scp ),
env_getvars( SC_ENV( scp )->env_handle ) ) ;
/*
* The exec failed. Log the error and exit.
*/
msg_resume() ;
msg( LOG_ERR, func, "execv( %s ) failed: %m", server ) ;
_exit( 0 ) ;
}
