static int libwrap_ask(struct request_info *r, int fd) { int a; struct sockaddr_storage sin; socklen_t len = sizeof(sin); /* XXX: old FreeBSD didn't fill sockaddr correctly against AF_UNIX */ sin.ss_family = AF_UNIX; /* is this a connection from the local host? */ if (getpeername(fd, (struct sockaddr *) &sin, &len) == 0) { if (((struct sockaddr *)&sin)->sa_family == AF_UNIX) { return 1; } } /* i hope using the sock_* functions are legal; it certainly makes this code very easy! */ request_set(r, RQ_FILE, fd, 0); sock_host(r); a = hosts_access(r); if (!a) { syslog(deny_severity, "refused connection from %s", eval_client(r)); } return a; }
static void twist_option(char *value, struct request_info *request) { if (dry_run != 0) { dry_run = 0; } else { if (resident > 0) tcpd_jump("twist option in resident process"); syslog(deny_severity, "twist %s to %s", eval_client(request), value); /* Before switching to the shell, set up stdin, stdout and stderr. */ #define maybe_dup2(from, to) ((from == to) ? to : (close(to), dup(from))) if (maybe_dup2(request->fd, 0) != 0 || maybe_dup2(request->fd, 1) != 1 || maybe_dup2(request->fd, 2) != 2) { tcpd_warn("twist_option: dup: %m"); } else { if (request->fd > 2) close(request->fd); (void) execl("/bin/sh", "sh", "-c", value, (char *) 0); tcpd_warn("twist_option: /bin/sh: %m"); } /* Something went wrong: we MUST terminate the process. */ clean_exit(request); } }
static void wrap_log_request_denied(int priority, struct request_info *request) { pr_log_pri(priority, MOD_WRAP_VERSION ": refused connection from %s", eval_client(request)); /* done */ return; }
static void wrap_log_request_denied(int severity, struct request_info *request) { int priority; /* Mask off the facility bits. */ priority = (severity & PR_LOG_PRIMASK); pr_log_pri(priority, MOD_WRAP_VERSION ": refused connection from %s", eval_client(request)); /* done */ return; }
/* * send_stats: * Accept a connection to the statistics port, and emit * the stats. */ static void send_stats(void) { FILE *fp; int s; struct sockaddr_in sockstruct; socklen_t socklen; struct request_info ri; int flags; /* Accept a connection to the statistics socket: */ socklen = sizeof sockstruct; s = accept(Status, (struct sockaddr *) &sockstruct, &socklen); if (s < 0) { if (errno == EINTR) return; logx(LOG_ERR, "accept"); return; } /* Check for access permissions: */ request_init(&ri, RQ_DAEMON, "huntd", RQ_FILE, s, 0); fromhost(&ri); if (hosts_access(&ri) == 0) { logx(LOG_INFO, "rejected connection from %s", eval_client(&ri)); close(s); return; } /* Don't allow the writes to block: */ flags = fcntl(s, F_GETFL, 0); flags |= O_NDELAY; (void) fcntl(s, F_SETFL, flags); fp = fdopen(s, "w"); if (fp == NULL) { logit(LOG_ERR, "fdopen"); (void) close(s); return; } print_stats(fp); (void) fclose(fp); }
int TcpAcceptConnection(int sock, struct sockaddr_storage *addr, int block) { int new_sock; socklen_t size = sizeof(struct sockaddr_storage); /* Accept incoming connection */ memset(addr, 0, sizeof(*addr)); if ((new_sock = accept(sock, (struct sockaddr *)addr, &size)) < 0) { Perror("%s: accept", __FUNCTION__); return (-1); } #ifdef USE_WRAP if (Enabled(&gGlobalConf.options, GLOBAL_CONF_TCPWRAPPER)) { struct request_info req; request_init(&req, RQ_DAEMON, "mpd", RQ_FILE, new_sock, NULL); fromhost(&req); if (!hosts_access(&req)) { Log(LG_ERR, ("refused connection (tcp-wrapper) from %s", eval_client(&req))); close(new_sock); return (-1); } } #endif if (!block) { (void)fcntl(new_sock, F_SETFD, 1); if (fcntl(new_sock, F_SETFL, O_NONBLOCK) < 0) { Perror("%s: fcntl", __FUNCTION__); return (-1); } } /* Done */ return (new_sock); }
char *my_eval_client(struct request_info *req) { return eval_client(req); }
int main(int argc, char* argv[]) { boost::mpi::environment env(argc, argv); boost::mpi::communicator world; int delay; std::string time_fname; namespace po = boost::program_options; po::options_description desc("Allowed options"); desc.add_options() ("help,h", "produce help message") ("delay,d", po::value<int>(&delay)->default_value(10), "delay in function eval to test speedup of parallelisation for objective functions of different computational cost (OF eval time in seconds") ("time,t", po::value<std::string>(&time_fname)->default_value("timer.txt"), "File to write elapsed time for optimiser too"); po::variables_map vm; po::store(po::command_line_parser(argc, argv). options(desc).run(), vm); po::notify(vm); DelayFON eval(delay); std::stringstream timer_info; boost::scoped_ptr<boost::timer::auto_cpu_timer> t((boost::timer::auto_cpu_timer *) nullptr); if (world.rank() == 0) { std::ofstream ofs(time_fname.c_str()); if (ofs.is_open()) { t.reset(new boost::timer::auto_cpu_timer(timer_info, 3)); } else { std::cerr << "Error: Could not open file for writing time elapsed for search, using std::cout"; t.reset(new boost::timer::auto_cpu_timer(3)); } //create evaluator server ParallelEvaluatePopServer eval_server(env, world, eval.getProblemDefinitions()); // The random number generator typedef std::mt19937 RNG; unsigned seed = std::chrono::system_clock::now().time_since_epoch().count(); RNG rng(seed); // The optimiser int max_gen = 10; NSGAII<RNG> optimiser(rng, eval_server); MaxGenCheckpoint max_gen_stop(max_gen); optimiser.add_checkpoint(max_gen_stop); // optimiser.visualise(); // Initialise population int pop_size = 128 ; PopulationSPtr pop = intialisePopulationRandomDVAssignment(pop_size, eval.getProblemDefinitions(), rng); // Run the optimisation optimiser(pop); t.reset((boost::timer::auto_cpu_timer *) nullptr); if (ofs.is_open()) { ofs << timer_info.str(); ofs.close(); } std::cout << timer_info.str() << std::endl; } else { // create evaluator client ParallelEvaluatePopClient eval_client(env, world, eval.getProblemDefinitions(), eval); eval_client(); } }
int main(int argc, char *argv[]) { struct request_info request; char path[MAXPATHNAMELEN]; /* Attempt to prevent the creation of world-writable files. */ #ifdef DAEMON_UMASK umask(DAEMON_UMASK); #endif /* * If argv[0] is an absolute path name, ignore REAL_DAEMON_DIR, and strip * argv[0] to its basename. */ if (argv[0][0] == '/') { strlcpy(path, argv[0], sizeof path); argv[0] = strrchr(argv[0], '/') + 1; } else { snprintf(path, sizeof path, "%s/%s", REAL_DAEMON_DIR, argv[0]); } /* * Open a channel to the syslog daemon. Older versions of openlog() * require only two arguments. */ #ifdef LOG_MAIL (void) openlog(argv[0], LOG_PID, FACILITY); #else (void) openlog(argv[0], LOG_PID); #endif /* * Find out the endpoint addresses of this conversation. Host name * lookups and double checks will be done on demand. */ request_init(&request, RQ_DAEMON, argv[0], RQ_FILE, STDIN_FILENO, 0); fromhost(&request); /* * Optionally look up and double check the remote host name. Sites * concerned with security may choose to refuse connections from hosts * that pretend to have someone elses host name. */ #ifdef PARANOID if (STR_EQ(eval_hostname(request.client), paranoid)) refuse(&request); #endif /* * The BSD rlogin and rsh daemons that came out after 4.3 BSD disallow * socket options at the IP level. They do so for a good reason. * Unfortunately, we cannot use this with SunOS 4.1.x because the * getsockopt() system call can panic the system. */ #ifdef KILL_IP_OPTIONS fix_options(&request); #endif /* * Check whether this host can access the service in argv[0]. The * access-control code invokes optional shell commands as specified in * the access-control tables. */ #ifdef HOSTS_ACCESS if (!hosts_access(&request)) refuse(&request); #endif /* Report request and invoke the real daemon program. */ syslog(allow_severity, "connect from %s", eval_client(&request)); closelog(); (void) execv(path, argv); syslog(LOG_ERR, "error: cannot execute %s: %m", path); clean_exit(&request); /* NOTREACHED */ }
int main(int argc, char* argv[]) { boost::filesystem::path working_dir = boost::filesystem::initial_path(); boost::mpi::environment env(argc, argv); boost::mpi::communicator world; MinMaxFON test_problem; if (world.rank() == 0) { //create evaluator server //create evaluator server std::string eval_log_fname("mpi_msgs.txt"); std::ofstream eval_strm(eval_log_fname.c_str()); ParallelEvaluatePopServerNonBlocking eval_server(env, world, test_problem.getProblemDefinitions()); if (eval_strm.is_open()) { eval_server.log(ParallelEvaluatorBase::LVL1, eval_strm); } std::stringstream timer_info; boost::scoped_ptr<boost::timer::auto_cpu_timer> t((boost::timer::auto_cpu_timer *) nullptr); std::string time_fname("run_time_fon.txt"); std::ofstream ofs(time_fname.c_str()); if (ofs.is_open()) { t.reset(new boost::timer::auto_cpu_timer(timer_info, 3)); } else { std::cerr << "Error: Could not open file for writing time elapsed for search, using std::cout"; t.reset(new boost::timer::auto_cpu_timer(3)); } // The random number generator typedef std::mt19937 RNG; unsigned seed = std::chrono::system_clock::now().time_since_epoch().count(); RNG rng(seed); // The optimiser int max_gen = 100; NSGAII<RNG> optimiser(rng, eval_server); MaxGenCheckpoint max_gen_terminate(max_gen); // SavePopCheckpoint save_pop(1, working_dir); std::vector<double> ref_point = {1, -1}; Hypervolume hvol(ref_point, working_dir, 1, Hypervolume::TERMINATION, 50); // hvol.log(); std::string mail_subj("Hypervolume of front from FON optimiser "); // MailCheckpoint mail(10, hvol, mail_subj); // std::string my_address("*****@*****.**"); // mail.addAddress(my_address); MetricLinePlot hvol_plot(hvol); PlotFrontVTK plotfront; // ResetMutXvrDebugFlags reset_flags; // SerialiseCheckpoint<NSGAII<RNG> > save_state(1, optimiser, working_dir); optimiser.add_checkpoint(max_gen_terminate); // optimiser.add_checkpoint(save_state); // optimiser.add_checkpoint(save_pop); optimiser.add_checkpoint(hvol); optimiser.add_checkpoint(hvol_plot); optimiser.add_checkpoint(plotfront); // optimiser.add_checkpoint(mail); // optimiser.add_checkpoint(reset_flags); // optimiser.visualise(); // Initialise population int pop_size = 1000; PopulationSPtr pop = intialisePopulationRandomDVAssignment(pop_size, test_problem.getProblemDefinitions(), rng); optimiser.getRealMutationOperator().setMutationInverseDVSize(pop->at(0)); // Run the optimisation optimiser(pop); t.reset((boost::timer::auto_cpu_timer *) nullptr); if (ofs.is_open()) { ofs << timer_info.str(); ofs.close(); } std::cout << timer_info.str() << std::endl; } else { // create evaluator client ParallelEvaluatePopClientNonBlocking eval_client(env, world, test_problem.getProblemDefinitions(), test_problem); //logging eval_client std::string log_filename = "evaluation_timing_worker" + std::to_string(world.rank()) + ".log"; std::ofstream eval_strm(log_filename.c_str()); if (eval_strm.is_open()) { eval_client.log(ParallelEvaluatorBase::LVL1, eval_strm); } eval_client(); } return EXIT_SUCCESS; }
/* accept the socket and do a little sanity checking */ static int dsi_tcp_open(DSI *dsi) { pid_t pid; SOCKLEN_T len; len = sizeof(dsi->client); dsi->socket = accept(dsi->serversock, (struct sockaddr *) &dsi->client, &len); #ifdef TCPWRAP { struct request_info req; request_init(&req, RQ_DAEMON, dsi->program, RQ_FILE, dsi->socket, NULL); fromhost(&req); if (!hosts_access(&req)) { LOG(deny_severity, logtype_dsi, "refused connect from %s", eval_client(&req)); close(dsi->socket); errno = ECONNREFUSED; dsi->socket = -1; } } #endif /* TCPWRAP */ if (dsi->socket < 0) return -1; getitimer(ITIMER_PROF, &itimer); if (0 == (pid = fork()) ) { /* child */ static struct itimerval timer = {{0, 0}, {DSI_TCPTIMEOUT, 0}}; struct sigaction newact, oldact; u_int8_t block[DSI_BLOCKSIZ]; size_t stored; /* Immediateyl mark globally that we're a child now */ parent_or_child = 1; /* reset signals */ server_reset_signal(); #ifndef DEBUGGING /* install an alarm to deal with non-responsive connections */ newact.sa_handler = timeout_handler; sigemptyset(&newact.sa_mask); newact.sa_flags = 0; sigemptyset(&oldact.sa_mask); oldact.sa_flags = 0; setitimer(ITIMER_PROF, &itimer, NULL); if ((sigaction(SIGALRM, &newact, &oldact) < 0) || (setitimer(ITIMER_REAL, &timer, NULL) < 0)) { LOG(log_error, logtype_dsi, "dsi_tcp_open: %s", strerror(errno)); exit(EXITERR_SYS); } #endif /* read in commands. this is similar to dsi_receive except * for the fact that we do some sanity checking to prevent * delinquent connections from causing mischief. */ /* read in the first two bytes */ len = dsi_stream_read(dsi, block, 2); if (!len ) { /* connection already closed, don't log it (normal OSX 10.3 behaviour) */ exit(EXITERR_CLNT); } if (len < 2 || (block[0] > DSIFL_MAX) || (block[1] > DSIFUNC_MAX)) { LOG(log_error, logtype_dsi, "dsi_tcp_open: invalid header"); exit(EXITERR_CLNT); } /* read in the rest of the header */ stored = 2; while (stored < DSI_BLOCKSIZ) { len = dsi_stream_read(dsi, block + stored, sizeof(block) - stored); if (len > 0) stored += len; else { LOG(log_error, logtype_dsi, "dsi_tcp_open: stream_read: %s", strerror(errno)); exit(EXITERR_CLNT); } } dsi->header.dsi_flags = block[0]; dsi->header.dsi_command = block[1]; memcpy(&dsi->header.dsi_requestID, block + 2, sizeof(dsi->header.dsi_requestID)); memcpy(&dsi->header.dsi_code, block + 4, sizeof(dsi->header.dsi_code)); memcpy(&dsi->header.dsi_len, block + 8, sizeof(dsi->header.dsi_len)); memcpy(&dsi->header.dsi_reserved, block + 12, sizeof(dsi->header.dsi_reserved)); dsi->clientID = ntohs(dsi->header.dsi_requestID); /* make sure we don't over-write our buffers. */ dsi->cmdlen = min(ntohl(dsi->header.dsi_len), DSI_CMDSIZ); stored = 0; while (stored < dsi->cmdlen) { len = dsi_stream_read(dsi, dsi->commands + stored, dsi->cmdlen - stored); if (len > 0) stored += len; else { LOG(log_error, logtype_dsi, "dsi_tcp_open: stream_read: %s", strerror(errno)); exit(EXITERR_CLNT); } } /* stop timer and restore signal handler */ #ifndef DEBUGGING memset(&timer, 0, sizeof(timer)); setitimer(ITIMER_REAL, &timer, NULL); sigaction(SIGALRM, &oldact, NULL); #endif LOG(log_info, logtype_dsi, "AFP/TCP session from %s:%u", getip_string((struct sockaddr *)&dsi->client), getip_port((struct sockaddr *)&dsi->client)); } /* send back our pid */ return pid; }
int main( int argc, char *argv[] ) { char *fn = "main()"; char f_randfile[ PATH_MAX ]; int listensd; /* socket descriptor we'll bind to */ int clientsd; /* incoming socket descriptor */ int addrlen; struct sockaddr_in srvaddr; struct sockaddr_in cliaddr; pthread_t ThreadId; /* thread id of each incoming conn */ pthread_t RecycleThread; /* used just for the recycle thread */ pthread_attr_t attr; /* generic thread attribute struct */ int rc, i, fd; unsigned int ui; pid_t pid; /* used just for a fork call */ struct linger lingerstruct; /* for the socket reuse stuff */ int flag; /* for the socket reuse stuff */ ICC_Struct *ICC_tptr; extern char *optarg; extern int optind; char ConfigFile[ MAXPATHLEN ]; /* path to our config file */ #ifdef HAVE_LIBWRAP struct request_info r; /* request struct for libwrap */ #endif flag = 1; ConfigFile[0] = '\0'; /* * Ignore signals we don't want to die from but we don't care enough * about to catch. */ signal( SIGPIPE, SIG_IGN ); signal( SIGHUP, SIG_IGN ); while (( i = getopt( argc, argv, "f:h" ) ) != EOF ) { switch( i ) { case 'f': /* user specified a config filename */ strncpy( ConfigFile, optarg, sizeof ConfigFile -1 ); ConfigFile[ sizeof ConfigFile - 1 ] = '\0'; syslog( LOG_INFO, "%s: Using configuration file '%s'", fn, ConfigFile ); break; case 'h': Usage(); exit( 0 ); case '?': Usage(); exit( 1 ); } } /* * Make sure we know which config file to use and then set our config * options. */ if ( ! ConfigFile[0] ) { strncpy( ConfigFile, DEFAULT_CONFIG_FILE, sizeof ConfigFile -1 ); ConfigFile[ sizeof ConfigFile - 1 ] = '\0'; syslog( LOG_INFO, "%s: Using default configuration file '%s'.", fn, ConfigFile ); } SetConfigOptions( ConfigFile ); SetLogOptions(); /* * Just for logging purposes, are we doing SELECT caching or not? */ if ( PC_Struct.enable_select_cache ) syslog( LOG_INFO, "%s: SELECT caching is enabled", fn ); else syslog( LOG_INFO, "%s: SELECT caching is disabled", fn ); #ifdef HAVE_LIBWRAP /* * Set our tcpd service name */ if (service = strrchr(argv[0], '/')) service++; else service = argv[0]; #endif /* * Initialize some stuff. */ rc = pthread_mutex_init(&mp, NULL); if ( rc ) { syslog(LOG_ERR, "%s: pthread_mutex_init() returned error [%d] initializing main mutex. Exiting.", fn, rc ); exit( 1 ); } rc = pthread_mutex_init(&trace, NULL); if ( rc ) { syslog(LOG_ERR, "%s: pthread_mutex_init() returned error [%d] initializing trace mutex. Exiting.", fn, rc ); exit( 1 ); } TraceUser[0] = '\0'; syslog( LOG_INFO, "%s: Allocating %d IMAP connection structures.", fn, PC_Struct.cache_size ); ICC_free = (ICC_Struct *)malloc( ( sizeof ( ICC_Struct ) ) * PC_Struct.cache_size ); if ( ! ICC_free ) { syslog(LOG_ERR, "%s: malloc() failed to allocate [%d] IMAPConnectionContext structures: %s", fn, PC_Struct.cache_size, strerror( errno ) ); exit( 1 ); } memset( ICC_free, 0, sizeof ( ICC_Struct ) * PC_Struct.cache_size ); ICC_tptr = ICC_free; /* * Bug fixed by Gary Mills <*****@*****.**>. I was pre-incrementing * ICC_tptr and then assigning. I guess gcc evaluates the expression * incorrectly, since I never had a problem with this. Gary had the * problem with cc, so it's fixed here. */ for ( ui = 0; ui < PC_Struct.cache_size - 1; ui++ ) { ICC_tptr->next = ICC_tptr + 1; ICC_tptr++; } memset( ICC_HashTable, 0, sizeof ICC_HashTable ); ServerInit(); /* detach from our parent if necessary */ if (! (getppid() == 1) && ( ! PC_Struct.foreground_mode ) ) { syslog( LOG_INFO, "%s: Configured to run in background mode.", fn ); if ( (pid = fork()) < 0) { syslog(LOG_ERR, "%s: initial call to fork() failed: %s", fn, strerror(errno)); exit( 1 ); } else if ( pid > 0) { exit( 0 ); } if (setsid() == -1) { syslog(LOG_WARNING, "%s: setsid() failed: %s", fn, strerror(errno)); } if ( (pid = fork()) < 0) { syslog(LOG_ERR, "%s: secondary call to fork() failed: %s", fn, strerror(errno)); exit( 1 ); } else if ( pid > 0) { exit( 0 ); } } else { syslog( LOG_INFO, "%s: Configured to run in foreground mode.", fn ); } SetBannerAndCapability(); if ( PC_Struct.login_disabled || PC_Struct.force_tls ) { syslog( LOG_INFO, "%s: Enabling STARTTLS.", fn ); #if HAVE_LIBSSL if ( PC_Struct.support_starttls ) { /* Initialize SSL_CTX */ SSL_library_init(); /* Need to seed PRNG, too! */ if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == f_randfile ) ? f_randfile : "/.rnd" ) ) { /* Not an EGD, so read and write it. */ if ( RAND_load_file( f_randfile, -1 ) ) RAND_write_file( f_randfile ); } SSL_load_error_strings(); tls_ctx = SSL_CTX_new( TLSv1_client_method() ); if ( tls_ctx == NULL ) { syslog(LOG_ERR, "%s: Failed to create new SSL_CTX. Exiting.", fn); exit( 1 ); } /* Work around all known bugs */ SSL_CTX_set_options( tls_ctx, SSL_OP_ALL ); if ( ! SSL_CTX_load_verify_locations( tls_ctx, PC_Struct.tls_ca_file, PC_Struct.tls_ca_path ) || ! SSL_CTX_set_default_verify_paths( tls_ctx ) ) { syslog(LOG_ERR, "%s: Failed to load CA data. Exiting.", fn); exit( 1 ); } if ( ! set_cert_stuff( tls_ctx, PC_Struct.tls_cert_file, PC_Struct.tls_key_file ) ) { syslog(LOG_ERR, "%s: Failed to load cert/key data. Exiting.", fn); exit( 1 ); } SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_NONE, verify_callback); } else #endif /* HAVE_LIBSSL */ { /* We're screwed! We won't be able to login without SASL */ syslog(LOG_ERR, "%s: IMAP server has LOGINDISABLED and we can't do STARTTLS. Exiting.", fn); exit( 1 ); } } memset( (char *) &srvaddr, 0, sizeof srvaddr ); srvaddr.sin_family = PF_INET; if ( !PC_Struct.listen_addr ) { srvaddr.sin_addr.s_addr = htonl(INADDR_ANY); } else { srvaddr.sin_addr.s_addr = inet_addr( PC_Struct.listen_addr ); if ( srvaddr.sin_addr.s_addr == -1 ) { syslog( LOG_ERR, "%s: bad bind address: '%s' specified in config file. Exiting.", fn, PC_Struct.listen_addr ); exit( 1 ); } } syslog(LOG_INFO, "%s: Binding to tcp %s:%d", fn, PC_Struct.listen_addr ? PC_Struct.listen_addr : "*", PC_Struct.listen_port ); srvaddr.sin_port = htons(PC_Struct.listen_port); listensd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); if ( listensd == -1 ) { syslog(LOG_ERR, "%s: socket() failed: %s", fn, strerror(errno)); exit( 1 ); } setsockopt(listensd, SOL_SOCKET, SO_REUSEADDR, (void *)&flag, sizeof(flag)); lingerstruct.l_onoff = 1; lingerstruct.l_linger = 5; setsockopt(listensd, SOL_SOCKET, SO_LINGER, (void *)&lingerstruct, sizeof(lingerstruct)); if ( PC_Struct.send_tcp_keepalives ) { lingerstruct.l_onoff = 1; syslog( LOG_INFO, "%s: Enabling SO_KEEPALIVE.", fn ); setsockopt( listensd, SOL_SOCKET, SO_KEEPALIVE, (void *)&lingerstruct.l_onoff, sizeof lingerstruct.l_onoff ); } if ( bind(listensd, (struct sockaddr *)&srvaddr, sizeof( srvaddr ) ) < 0 ) { syslog(LOG_ERR, "%s: bind() failed: %s", fn, strerror(errno) ); exit( 1 ); } /* * Create and mmap() our stat file while we're still root. Since it's * configurable, we want to make sure we do this as root so there's the * greatest possibility that we'll have permission to write where we * need to. */ syslog( LOG_INFO, "%s: Using global statistics file '%s'", fn, PC_Struct.stat_filename ); fd = open( PC_Struct.stat_filename, O_RDWR | O_CREAT, S_IREAD | S_IWRITE ); if ( fd == -1 ) { syslog(LOG_ERR, "%s: open() failed for '%s': %s -- Exiting.", fn, PC_Struct.stat_filename, strerror( errno ) ); exit( 1 ); } if ( ( ftruncate( fd, sizeof( IMAPCounter_Struct ) ) ) == -1 ) { syslog(LOG_ERR, "%s: ftruncate() failed: %s -- Exiting.", fn, strerror( errno ) ); exit( 1 ); } IMAPCount = ( IMAPCounter_Struct *)mmap( 0, sizeof( IMAPCounter_Struct ), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0 ); if ( IMAPCount == MAP_FAILED ) { syslog(LOG_ERR, "%s: mmap() failed: %s -- Exiting.", fn, strerror( errno ) ); exit( 1 ); } memset( IMAPCount, 0, sizeof( IMAPCounter_Struct ) ); IMAPCount->StartTime = time( 0 ); IMAPCount->CountTime = time( 0 ); if ( BecomeNonRoot() ) exit( 1 ); /* some misc thread setup */ rc = pthread_attr_init( &attr ); if ( rc ) { syslog(LOG_ERR, "%s: pthread_attr_init() failed: [%d]\n", fn, rc); exit( 1 ); } rc = pthread_attr_setdetachstate( &attr, PTHREAD_CREATE_DETACHED ); if ( rc ) { syslog(LOG_ERR, "%s: pthread_attr_setdetachstate() failed: [%d]\n", fn, rc); exit( 1 ); } /* launch a recycle thread before we loop */ pthread_create( &RecycleThread, &attr, (void *)ICC_Recycle_Loop, NULL ); syslog(LOG_INFO, "%s: Launched ICC recycle thread with id %d", fn, RecycleThread ); /* * Now start listening and accepting connections. */ if ( listen(listensd, MAX_CONN_BACKLOG) < 0) { syslog( LOG_ERR, "%s: listen() failed: %s -- Exiting", fn, strerror(errno)); exit( 1 ); } syslog( LOG_INFO, "%s: Normal server startup.", fn ); /* * Main server loop */ for ( ;; ) { /* * Bug fixed by Gary Mills <*****@*****.**>. I forgot * to initialize addrlen. */ addrlen = sizeof cliaddr; clientsd = accept( listensd, (struct sockaddr *)&cliaddr, &addrlen ); if ( clientsd == -1 ) { syslog(LOG_WARNING, "%s: accept() failed: %s -- retrying", fn, strerror(errno)); sleep( 1 ); continue; } #ifdef HAVE_LIBWRAP request_init(&r, RQ_DAEMON, service, 0); request_set(&r, RQ_FILE, clientsd, 0); sock_host(&r); if (!hosts_access(&r)) { shutdown(clientsd, SHUT_RDWR); close(clientsd); syslog(deny_severity, "refused connection from %s", eval_client(&r)); continue; } #endif IMAPCount->TotalClientConnectionsAccepted++; IMAPCount->CurrentClientConnections++; if ( IMAPCount->CurrentClientConnections > IMAPCount->PeakClientConnections ) IMAPCount->PeakClientConnections = IMAPCount->CurrentClientConnections; pthread_create( &ThreadId, &attr, (void *)HandleRequest, (void *)clientsd ); } }
void answer_first() { struct sockaddr sockstruct; int newsock; socklen_t socklen; int flags; struct request_info ri; struct spawn *sp; /* Answer the call to hunt: */ socklen = sizeof sockstruct; newsock = accept(Socket, (struct sockaddr *) &sockstruct, &socklen); if (newsock < 0) { logit(LOG_ERR, "accept"); return; } /* Check for access permissions: */ request_init(&ri, RQ_DAEMON, "huntd", RQ_FILE, newsock, 0); fromhost(&ri); if (hosts_access(&ri) == 0) { logx(LOG_INFO, "rejected connection from %s", eval_client(&ri)); close(newsock); return; } /* Remember this spawning connection: */ sp = (struct spawn *)malloc(sizeof *sp); if (sp == NULL) { logit(LOG_ERR, "malloc"); close(newsock); return; } memset(sp, '\0', sizeof *sp); /* Keep the calling machine's source addr for ident purposes: */ memcpy(&sp->source, &sockstruct, sizeof sp->source); sp->sourcelen = socklen; /* Warn if we lose connection info: */ if (socklen > sizeof Spawn->source) logx(LOG_WARNING, "struct sockaddr is not big enough! (%d > %zu)", socklen, sizeof Spawn->source); /* * Turn off blocking I/O, so a slow or dead terminal won't stop * the game. All subsequent reads check how many bytes they read. */ flags = fcntl(newsock, F_GETFL, 0); flags |= O_NDELAY; (void) fcntl(newsock, F_SETFL, flags); /* Start listening to the spawning connection */ sp->fd = newsock; FD_SET(sp->fd, &Fds_mask); if (sp->fd >= Num_fds) Num_fds = sp->fd + 1; sp->reading_msg = 0; sp->inlen = 0; /* Add to the spawning list */ if ((sp->next = Spawn) != NULL) Spawn->prevnext = &sp->next; sp->prevnext = &Spawn; Spawn = sp; }
int main( int argc, char *argv[] ) { const char *fn = "main()"; char f_randfile[ PATH_MAX ]; int listensd; /* socket descriptor we'll bind to */ int clientsd; /* incoming socket descriptor */ int sockaddrlen; struct sockaddr_storage srvaddr; struct sockaddr_storage cliaddr; pthread_t ThreadId; /* thread id of each incoming conn */ pthread_t RecycleThread; /* used just for the recycle thread */ pthread_attr_t attr; /* generic thread attribute struct */ int rc, i, fd; unsigned int ui; struct linger lingerstruct; /* for the socket reuse stuff */ int flag; /* for the socket reuse stuff */ ICC_Struct *ICC_tptr; extern char *optarg; extern int optind; char ConfigFile[ MAXPATHLEN ]; /* path to our config file */ char PidFile[ MAXPATHLEN ]; /* path to our pidfile */ #ifdef HAVE_LIBWRAP struct request_info r; /* request struct for libwrap */ #endif struct addrinfo aihints, *ai; int gaierrnum; flag = 1; ConfigFile[0] = '\0'; strncpy( PidFile, DEFAULT_PID_FILE, sizeof PidFile -1 ); /* * Ignore signals we don't want to die from but we don't care enough * about to catch. */ signal( SIGPIPE, SIG_IGN ); signal( SIGHUP, SIG_IGN ); while (( i = getopt( argc, argv, "f:p:h" ) ) != EOF ) { switch( i ) { case 'f': /* user specified a config filename */ strncpy( ConfigFile, optarg, sizeof ConfigFile -1 ); ConfigFile[ sizeof ConfigFile - 1 ] = '\0'; syslog( LOG_INFO, "%s: Using configuration file '%s'", fn, ConfigFile ); break; case 'p': /* user specified a pidfile */ strncpy( PidFile, optarg, sizeof PidFile -1 ); PidFile[ sizeof PidFile - 1 ] = '\0'; syslog( LOG_INFO, "%s: Using pidfile '%s'", fn, PidFile ); break; case 'h': Usage(); exit( 0 ); case '?': Usage(); exit( 1 ); } } /* * Make sure we know which config file to use and then set our config * options. */ if ( ! ConfigFile[0] ) { strncpy( ConfigFile, DEFAULT_CONFIG_FILE, sizeof ConfigFile -1 ); ConfigFile[ sizeof ConfigFile - 1 ] = '\0'; syslog( LOG_INFO, "%s: Using default configuration file '%s'.", fn, ConfigFile ); } SetDefaultConfigValues(&PC_Struct); SetConfigOptions( ConfigFile ); SetLogOptions(); /* * Just for logging purposes, are we doing SELECT caching or not? */ if ( PC_Struct.enable_select_cache ) syslog( LOG_INFO, "%s: SELECT caching is enabled", fn ); else syslog( LOG_INFO, "%s: SELECT caching is disabled", fn ); /* * Just for logging purposes, are the admin commands enabled or not? */ if ( PC_Struct.enable_admin_commands ) syslog( LOG_INFO, "%s: Internal admin commands are enabled", fn ); else syslog( LOG_INFO, "%s: Internal admin commands are disabled", fn ); #ifdef HAVE_LIBWRAP /* * Set our tcpd service name */ if (service = strrchr(argv[0], '/')) service++; else service = argv[0]; #endif /* * Initialize some stuff. */ rc = pthread_mutex_init(&mp, NULL); if ( rc ) { syslog(LOG_ERR, "%s: pthread_mutex_init() returned error [%d] initializing main mutex. Exiting.", fn, rc ); exit( 1 ); } rc = pthread_mutex_init(&trace, NULL); if ( rc ) { syslog(LOG_ERR, "%s: pthread_mutex_init() returned error [%d] initializing trace mutex. Exiting.", fn, rc ); exit( 1 ); } TraceUser[0] = '\0'; syslog( LOG_INFO, "%s: Allocating %d IMAP connection structures.", fn, PC_Struct.cache_size ); ICC_free = (ICC_Struct *)malloc( ( sizeof ( ICC_Struct ) ) * PC_Struct.cache_size ); if ( ! ICC_free ) { syslog(LOG_ERR, "%s: malloc() failed to allocate [%d] IMAPConnectionContext structures: %s", fn, PC_Struct.cache_size, strerror( errno ) ); exit( 1 ); } memset( ICC_free, 0, sizeof ( ICC_Struct ) * PC_Struct.cache_size ); ICC_tptr = ICC_free; /* * Bug fixed by Gary Mills <*****@*****.**>. I was pre-incrementing * ICC_tptr and then assigning. I guess gcc evaluates the expression * incorrectly, since I never had a problem with this. Gary had the * problem with cc, so it's fixed here. */ for ( ui = 0; ui < PC_Struct.cache_size - 1; ui++ ) { ICC_tptr->next = ICC_tptr + 1; ICC_tptr++; } memset( ICC_HashTable, 0, sizeof ICC_HashTable ); #if HAVE_LIBSSL /* Initialize SSL_CTX */ syslog( LOG_INFO, "%s: Enabling openssl library.", fn ); SSL_library_init(); /* Set up OpenSSL thread protection */ ssl_thread_setup(fn); /* Need to seed PRNG, too! */ if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == f_randfile ) ? f_randfile : "/.rnd" ) ) { /* Not an EGD, so read and write it. */ if ( RAND_load_file( f_randfile, -1 ) ) RAND_write_file( f_randfile ); } SSL_load_error_strings(); tls_ctx = SSL_CTX_new( TLSv1_client_method() ); if ( tls_ctx == NULL ) { syslog(LOG_ERR, "%s: Failed to create new SSL_CTX. Exiting.", fn); exit( 1 ); } /* Work around all known bugs */ SSL_CTX_set_options( tls_ctx, SSL_OP_ALL ); if ( PC_Struct.tls_ca_file != NULL || PC_Struct.tls_ca_path != NULL ) { rc = SSL_CTX_load_verify_locations( tls_ctx, PC_Struct.tls_ca_file, PC_Struct.tls_ca_path ); } else { rc = SSL_CTX_set_default_verify_paths( tls_ctx ); } if ( rc == 0 ) { syslog(LOG_ERR, "%s: Failed to load CA data. Exiting.", fn); exit( 1 ); } if ( ! set_cert_stuff( tls_ctx, PC_Struct.tls_cert_file, PC_Struct.tls_key_file ) ) { syslog(LOG_ERR, "%s: Failed to load cert/key data. Exiting.", fn); exit( 1 ); } SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_NONE, verify_callback); #endif /* HAVE_LIBSSL */ ServerInit(); /* Daemonize() would go here */ SetBannerAndCapability(); /* * We don't need to check PC_Struct.support_starttls since we * probably have refetched the capability list after a STARTTLS * if we did one; it won't ever be supported at this point. * * It also makes no difference to check PC_Struct.force_tls now * because we've either done a STARTTLS or we haven't - all that * matters is if we got LOGINDISABLED or not. * * Note that all these things *ARE* tested when checking the * server capabilities (in fact, the following check is probably * a duplicate). */ if ( PC_Struct.login_disabled ) { /* We're screwed! We can't login */ syslog(LOG_ERR, "%s: IMAP server has LOGINDISABLED. Exiting.", fn); exit( 1 ); } memset( &aihints, 0, sizeof aihints ); aihints.ai_family = AF_UNSPEC; aihints.ai_socktype = SOCK_STREAM; aihints.ai_flags = AI_PASSIVE; if ( ( gaierrnum = getaddrinfo( PC_Struct.listen_addr, PC_Struct.listen_port, &aihints, &ai ) ) ) { syslog( LOG_ERR, "%s: bad bind address: '%s' specified in config file. Exiting.", fn, PC_Struct.listen_addr ); exit( 1 ); } syslog( LOG_INFO, "%s: Binding to tcp %s:%s", fn, PC_Struct.listen_addr ? PC_Struct.listen_addr : "*", PC_Struct.listen_port ); for ( ; ai != NULL; ai = ai->ai_next ) { listensd = socket( ai->ai_family, ai->ai_socktype, ai->ai_protocol ); if ( listensd == -1 ) { syslog(LOG_WARNING, "%s: socket() failed: %s", fn, strerror(errno)); continue; } setsockopt(listensd, SOL_SOCKET, SO_REUSEADDR, (void *)&flag, sizeof(flag)); lingerstruct.l_onoff = 1; lingerstruct.l_linger = 5; setsockopt(listensd, SOL_SOCKET, SO_LINGER, (void *)&lingerstruct, sizeof(lingerstruct)); if ( PC_Struct.send_tcp_keepalives ) { lingerstruct.l_onoff = 1; syslog( LOG_INFO, "%s: Enabling SO_KEEPALIVE.", fn ); setsockopt( listensd, SOL_SOCKET, SO_KEEPALIVE, (void *)&lingerstruct.l_onoff, sizeof lingerstruct.l_onoff ); } memcpy( &srvaddr, ai->ai_addr, ai->ai_addrlen ); if ( bind( listensd, (struct sockaddr *)&srvaddr, ai->ai_addrlen ) < 0 ) { syslog(LOG_WARNING, "%s: bind() failed: %s", fn, strerror(errno) ); continue; } else break; } if ( ai == NULL ) { syslog( LOG_ERR, "%s: no useable addresses to bind to", fn ); exit( EXIT_FAILURE); } /* * Create and mmap() our stat file while we're still root. Since it's * configurable, we want to make sure we do this as root so there's the * greatest possibility that we'll have permission to write where we * need to. */ syslog( LOG_INFO, "%s: Using global statistics file '%s'", fn, PC_Struct.stat_filename ); fd = open( PC_Struct.stat_filename, O_RDWR | O_CREAT, S_IREAD | S_IWRITE ); if ( fd == -1 ) { syslog(LOG_ERR, "%s: open() failed for '%s': %s -- Exiting.", fn, PC_Struct.stat_filename, strerror( errno ) ); exit( 1 ); } if ( ( ftruncate( fd, sizeof( IMAPCounter_Struct ) ) ) == -1 ) { syslog(LOG_ERR, "%s: ftruncate() failed: %s -- Exiting.", fn, strerror( errno ) ); exit( 1 ); } IMAPCount = ( IMAPCounter_Struct *)mmap( 0, sizeof( IMAPCounter_Struct ), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0 ); if ( IMAPCount == MAP_FAILED ) { syslog(LOG_ERR, "%s: mmap() failed: %s -- Exiting.", fn, strerror( errno ) ); exit( 1 ); } memset( IMAPCount, 0, sizeof( IMAPCounter_Struct ) ); IMAPCount->StartTime = time( 0 ); IMAPCount->CountTime = time( 0 ); /* * Daemonize as late as possible, so that connection failures can be caught * and startup aborted before dettaching from parent */ Daemonize( PidFile ); if ( BecomeNonRoot() ) exit( 1 ); /* some misc thread setup */ rc = pthread_attr_init( &attr ); if ( rc ) { syslog(LOG_ERR, "%s: pthread_attr_init() failed: [%d]\n", fn, rc); exit( 1 ); } rc = pthread_attr_setdetachstate( &attr, PTHREAD_CREATE_DETACHED ); if ( rc ) { syslog(LOG_ERR, "%s: pthread_attr_setdetachstate() failed: [%d]\n", fn, rc); exit( 1 ); } /* launch a recycle thread before we loop */ pthread_create( &RecycleThread, &attr, (void *)ICC_Recycle_Loop, NULL ); syslog(LOG_INFO, "%s: Launched ICC recycle thread with id %d", fn, (int)RecycleThread ); /* * Now start listening and accepting connections. */ if ( listen(listensd, MAX_CONN_BACKLOG) < 0) { syslog( LOG_ERR, "%s: listen() failed: %s -- Exiting", fn, strerror(errno)); exit( 1 ); } syslog( LOG_INFO, "%s: squirrelmail-imap_proxy version %s normal server startup.", fn, IMAP_PROXY_VERSION ); /* * Main server loop */ for ( ;; ) { /* * Bug fixed by Gary Mills <*****@*****.**>. I forgot * to initialize sockaddrlen. */ sockaddrlen = sizeof cliaddr; clientsd = accept( listensd, (struct sockaddr *)&cliaddr, &sockaddrlen ); if ( clientsd == -1 ) { syslog(LOG_WARNING, "%s: accept() failed: %s -- retrying", fn, strerror(errno)); sleep( 1 ); continue; } #ifdef HAVE_LIBWRAP request_init(&r, RQ_DAEMON, service, 0); request_set(&r, RQ_FILE, clientsd, 0); sock_host(&r); if (!hosts_access(&r)) { shutdown(clientsd, SHUT_RDWR); close(clientsd); syslog(deny_severity, "refused connection from %s", eval_client(&r)); continue; } #endif IMAPCount->TotalClientConnectionsAccepted++; IMAPCount->CurrentClientConnections++; if ( IMAPCount->CurrentClientConnections > IMAPCount->PeakClientConnections ) IMAPCount->PeakClientConnections = IMAPCount->CurrentClientConnections; rc = pthread_create( &ThreadId, &attr, (void *)HandleRequest, (void *)clientsd ); if (rc != 0) { syslog(LOG_ERR, "%s: pthread_create() returned error [%d] for HandleRequest.", fn, rc ); close(clientsd); } } }
static void accept_connection(int sock, void *unused) { int new_sd; pid_t pid; struct sockaddr addr; struct sockaddr_in *nptr; socklen_t addrlen; int rc; #ifdef HAVE_LIBWRAP struct request_info req; #endif /* DO NOT REMOVE! 01/29/2007 single process daemon will fail if this is removed */ if (mode == SINGLE_PROCESS_DAEMON) register_read_handler(sock, accept_connection, NULL); /* wait for a connection request */ while (1) { /* we got a live one... */ if ((new_sd = accept(sock, 0, 0)) >= 0) break; /* handle the error */ else { /* bail out if necessary */ if (sigrestart == TRUE || sigshutdown == TRUE) return; /* try and handle temporary errors */ if (errno == EWOULDBLOCK || errno == EINTR || errno == ECHILD) { if (mode == MULTI_PROCESS_DAEMON) sleep(1); else return; } else break; } } /* hey, there was an error... */ if (new_sd < 0) { /* log error to syslog facility */ syslog(LOG_ERR, "Network server accept failure (%d: %s)", errno, strerror(errno)); /* close socket prior to exiting */ close(sock); if (mode == MULTI_PROCESS_DAEMON) do_exit(STATE_CRITICAL); return; } #ifdef HAVE_LIBWRAP /* Check whether or not connections are allowed from this host */ request_init(&req, RQ_DAEMON, "nsca", RQ_FILE, new_sd, 0); fromhost(&req); if (!hosts_access(&req)) { /* refuse the connection */ syslog(LOG_ERR, "refused connect from %s", eval_client(&req)); close(new_sd); return; } #endif /* fork() if we have to... */ if (mode == MULTI_PROCESS_DAEMON) { pid = fork(); if (pid) { /* parent doesn't need the new connection */ close(new_sd); return; } else { /* child does not need to listen for connections */ close(sock); } } /* find out who just connected... */ addrlen = sizeof(addr); rc = getpeername(new_sd, &addr, &addrlen); if (rc < 0) { /* log error to syslog facility */ syslog(LOG_ERR, "Error: Network server getpeername() failure (%d: %s)", errno, strerror(errno)); /* close socket prior to exiting */ close(new_sd); if (mode == MULTI_PROCESS_DAEMON) do_exit(STATE_CRITICAL); return; } nptr = (struct sockaddr_in *)&addr; /* log info to syslog facility */ if (debug == TRUE) syslog(LOG_DEBUG, "Connection from %s port %d", inet_ntoa(nptr->sin_addr), nptr->sin_port); /* handle the connection */ if (mode == SINGLE_PROCESS_DAEMON) /* mark the connection as ready to be handled */ register_write_handler(new_sd, handle_connection, NULL); else /* handle the client connection */ handle_connection(new_sd, NULL); return; }
void ssh_channel_ftcp_incoming_connection(SshIpError error, SshStream stream, void *context) { SshRemoteTcpForward fwd = (SshRemoteTcpForward)context; char ip[20], port[20]; SshBuffer buffer; SSH_DEBUG(5, ("connection to forwarded TCP/IP port")); /* We should only receive new connection notifications. */ if (error != SSH_IP_NEW_CONNECTION) ssh_fatal("ssh_channel_ftcp_incoming_connection: error %d", (int)error); /* Get remote ip address and port. */ if (!ssh_tcp_get_remote_address(stream, ip, sizeof(ip))) strcpy(ip, "UNKNOWN"); if (!ssh_tcp_get_remote_port(stream, port, sizeof(port))) strcpy(port, "UNKNOWN"); SSH_TRACE(0, ("Connection to forwarded port %s from %s:%s", fwd->port, ip, port)); ssh_log_event(fwd->common->config->log_facility, SSH_LOG_INFORMATIONAL, "Connection to forwarded port %s from %s:%s", fwd->port, fwd->common->remote_host, port); /* XXXXXXXX */ #ifdef HAVE_LIBWRAP { struct request_info req; struct servent *serv; char fwdportname[32]; void *old_handler; old_handler = signal(SIGCHLD, SIG_DFL); /* try to find port's name in /etc/services */ serv = getservbyport(atoi(fwd->port), "tcp"); if (serv == NULL) { /* not found (or faulty getservbyport) - use the number as a name */ snprintf(fwdportname, sizeof(fwdportname), "sshdfwd-%s", fwd->port); } else { snprintf(fwdportname, sizeof(fwdportname), "sshdfwd-%.20s", serv->s_name); } /* fill req struct with port name and fd number */ request_init(&req, RQ_DAEMON, fwdportname, RQ_FILE, ssh_stream_fd_get_readfd(stream), NULL); fromhost(&req); if (!hosts_access(&req)) { ssh_conn_send_debug(fwd->common->conn, TRUE, "Fwd connection from %.500s to local port " \ "%s refused by tcp_wrappers.", eval_client(&req), fwdportname); ssh_stream_destroy(stream); signal(SIGCHLD, old_handler); return; } signal(SIGCHLD, old_handler); ssh_log_event(fwd->common->config->log_facility, SSH_LOG_INFORMATIONAL, "Remote fwd connect from %.500s to local port %s", eval_client(&req), fwdportname); } #endif /* HAVE_LIBWRAP */ /* Register that we have an open channel. */ ssh_common_new_channel(fwd->common); /* Send a request to open a channel and connect it to the given port. */ ssh_buffer_init(&buffer); ssh_encode_buffer(&buffer, SSH_FORMAT_UINT32_STR, fwd->address_to_bind, strlen(fwd->address_to_bind), SSH_FORMAT_UINT32, (SshUInt32) atol(fwd->port), SSH_FORMAT_UINT32_STR, ip, strlen(ip), SSH_FORMAT_UINT32, (SshUInt32) atol(port), SSH_FORMAT_END); ssh_conn_send_channel_open(fwd->common->conn, "forwarded-tcpip", stream, TRUE, FALSE, SSH_TCPIP_WINDOW, SSH_TCPIP_PACKET_SIZE, ssh_buffer_ptr(&buffer), ssh_buffer_len(&buffer), NULL, ssh_channel_tcp_connection_destroy, (void *)fwd->common, NULL, NULL); ssh_buffer_uninit(&buffer); }
void ssh_channel_dtcp_incoming_connection(SshStreamNotification op, SshStream stream, void *context) { SshLocalTcpForward fwd = (SshLocalTcpForward)context; char ip[20], port[20]; /* We should only receive new connection notifications. */ if (op != SSH_IP_NEW_CONNECTION) ssh_fatal("ssh_channel_dtcp_incoming_connection: op %d", (int)op); /* Get remote ip address and port. */ if (!ssh_tcp_get_remote_address(stream, ip, sizeof(ip))) strcpy(ip, "UNKNOWN"); if (!ssh_tcp_get_remote_port(stream, port, sizeof(port))) strcpy(port, "UNKNOWN"); #ifdef HAVE_LIBWRAP { struct request_info req; struct servent *serv; char fwdportname[32]; void *old_handler; old_handler = signal(SIGCHLD, SIG_DFL); /* try to find port's name in /etc/services */ serv = getservbyport(atoi(fwd->port), "tcp"); if (serv == NULL) { /* not found (or faulty getservbyport) - use the number as a name */ snprintf(fwdportname, sizeof(fwdportname), "sshdfwd-%s", fwd->port); } else { snprintf(fwdportname, sizeof(fwdportname), "sshdfwd-%.20s", serv->s_name); } /* fill req struct with port name and fd number */ request_init(&req, RQ_DAEMON, fwdportname, RQ_FILE, ssh_stream_fd_get_readfd(stream), NULL); fromhost(&req); if (!hosts_access(&req)) { ssh_conn_send_debug(fwd->common->conn, TRUE, "Fwd connection from %.500s to local port %s " "refused by tcp_wrappers.", eval_client(&req), fwdportname); ssh_log_event(fwd->common->config->log_facility, SSH_LOG_WARNING, "Fwd connection from %.500s to local port %s " "refused by tcp_wrappers.", eval_client(&req), fwdportname); ssh_stream_destroy(stream); signal(SIGCHLD, old_handler); return; } signal(SIGCHLD, old_handler); ssh_log_event(fwd->common->config->log_facility, SSH_LOG_INFORMATIONAL, "direct fwd connect from %.500s to local port %s", eval_client(&req), fwdportname); } #endif /* HAVE_LIBWRAP */ /* Send a request to open a channel and connect it to the given port. */ ssh_channel_dtcp_open_to_remote(fwd->common, stream, fwd->connect_to_host, fwd->connect_to_port, ip, port); }
int main(int argc, char * argv[]) { boost::mpi::environment env(argc, argv); boost::mpi::communicator world; MetronamicaOF2Parameters params; int err = processOptions(argc, argv, params); if (err != 0) { return EXIT_SUCCESS; } // std::vector<double> real_lowerbounds = {500, -1000, 0.05, 500, -1000, 0.05, 500, -1000, 0.05, 500, -1000, 0.05, 500, -1000, 0.05, 500, -1000, 0.05, 500, -1000, 0.05, 500, -1000, 0.05, 500, -1000, 0.05, 500, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, -100, -1000, 0.05, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; // std::vector<double> real_upperbounds = {5000, 1000, 5, 5000, 1000, 5, 5000, 1000, 5, 5000, 1000, 5, 5000, 1000, 5, 5000, 1000, 5, 5000, 1000, 5, 5000, 1000, 5, 5000, 1000, 5, 5000, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 100, 1000, 5, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 }; // int num_classes = 16; params.evaluator_id = world.rank(); MetronamicaCalibrationObjectiveFunction metro_eval(params); if (world.rank() == 0) { // std::ofstream ofs(time_fname.c_str()); // if (ofs.is_open()) // { // t.reset(new boost::timer::auto_cpu_timer(timer_info, 3)); // } // else // { // std::cerr << "Error: Could not open file for writing time elapsed for search, using std::cout"; // t.reset(new boost::timer::auto_cpu_timer(3)); // } //create evaluator server boost::filesystem::path eval_log = params.save_dir.second / "evaluation_timing.log"; std::ofstream eval_strm(eval_log.c_str()); ParallelEvaluatePopServerNonBlocking eval_server(env, world, metro_eval.getProblemDefinitions()); if (eval_strm.is_open()) { eval_server.log(ParallelEvaluatorBase::LVL1, eval_strm); } // The random number generator typedef std::mt19937 RNG; if (params.search_rand_seed == -1) params.search_rand_seed = std::chrono::system_clock::now().time_since_epoch().count(); RNG rng(params.search_rand_seed); // The optimiser NSGAII<RNG> optimiser(rng, eval_server); if (eval_strm.is_open()) { optimiser.log(eval_strm, eval_log, NSGAII<RNG>::LVL1 ); } std::vector<double> ref_point = {-0.1, 1, -0.1}; std::vector<double> unitise_point = {1,0, 1}; createCheckpoints(optimiser, params, ref_point, unitise_point); // Initialise population PopulationSPtr pop(new Population); if (params.pop_file_xml.first != "none") { pop = restore_population(params.pop_file_xml.second); } else if (params.pop_file_txt.first != "none") { pop.reset(new Population(params.pop_file_txt.second, metro_eval.getProblemDefinitions())); } else { pop = intialisePopulationRandomDVAssignment(params.pop_size, metro_eval.getProblemDefinitions(), rng); } optimiser.getRealMutationOperator().setMutationInverseDVSize(pop->at(0)); // hvol(pop); // std::cout << "Hypervolume: " << hvol.getVal() << std::endl; // Run the optimisation optimiser(pop); postProcessResults(metro_eval, pop, params); } else { std::string log_file_name = "worker_" + std::to_string(world.rank()) + "_timing.log"; boost::filesystem::path eval_log = params.save_dir.second / log_file_name; std::ofstream eval_strm(eval_log.c_str()); ParallelEvaluatePopClientNonBlocking eval_client(env, world, metro_eval.getProblemDefinitions(), metro_eval); if (eval_strm.is_open()) { eval_client.log(ParallelEvaluatorBase::LVL1, eval_strm); } //logging eval_client // std::string log_filename = "evaluation_timing_worker" + std::to_string(world.rank()) + ".log"; // boost::filesystem::path eval_log = working_dir.second / log_filename; // std::ofstream eval_strm(eval_log.c_str()); // if (eval_strm.is_open()) // { // eval_client.log(ParallelEvaluatorBase::LVL1, eval_strm); // } eval_client(); } }
/* * Handle a UDP packet sent to the well known port. */ static void handle_wkport(int fd) { struct sockaddr fromaddr; socklen_t fromlen; u_int16_t query; u_int16_t response; struct request_info ri; request_init(&ri, RQ_DAEMON, "huntd", RQ_FILE, fd, 0); fromhost(&ri); fromlen = sizeof fromaddr; if (recvfrom(fd, &query, sizeof query, 0, &fromaddr, &fromlen) == -1) { logit(LOG_WARNING, "recvfrom"); return; } #ifdef DEBUG fprintf(stderr, "query %d (%s) from %s:%d\n", query, query == C_MESSAGE ? "C_MESSAGE" : query == C_SCORES ? "C_SCORES" : query == C_PLAYER ? "C_PLAYER" : query == C_MONITOR ? "C_MONITOR" : "?", inet_ntoa(((struct sockaddr_in *)&fromaddr)->sin_addr), ntohs(((struct sockaddr_in *)&fromaddr)->sin_port)); #endif /* Do we allow access? */ if (hosts_access(&ri) == 0) { logx(LOG_INFO, "rejected connection from %s", eval_client(&ri)); return; } query = ntohs(query); switch (query) { case C_MESSAGE: if (Nplayer <= 0) /* Don't bother replying if nobody to talk to: */ return; /* Return the number of people playing: */ response = Nplayer; break; case C_SCORES: /* Someone wants the statistics port: */ response = stat_port; break; case C_PLAYER: case C_MONITOR: /* Someone wants to play or watch: */ if (query == C_MONITOR && Nplayer <= 0) /* Don't bother replying if there's nothing to watch: */ return; /* Otherwise, tell them how to get to the game: */ response = sock_port; break; default: logit(LOG_INFO, "unknown udp query %d", query); return; } response = ntohs(response); if (sendto(fd, &response, sizeof response, 0, &fromaddr, sizeof fromaddr) == -1) logit(LOG_WARNING, "sendto"); }
int main(int ac, char **av) { extern char *optarg; extern int optind; int opt, sock_in, sock_out, newsock, i, pid = 0, on = 1; socklen_t aux; int remote_major, remote_minor; int perm_denied = 0; int ret; fd_set fdset; #ifdef HAVE_IPV6_SMTH struct sockaddr_in6 sin; #else struct sockaddr_in sin; #endif char buf[100]; /* Must not be larger than remote_version. */ char remote_version[100]; /* Must be at least as big as buf. */ char addr[STRLEN]; char *comment; char *ssh_remote_version_string = NULL; FILE *f; #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) struct linger linger; #endif /* SO_LINGER */ int done; chdir(BBSHOME); /* Save argv[0]. */ saved_argv = av; if (strchr(av[0], '/')) av0 = strrchr(av[0], '/') + 1; else av0 = av[0]; /* Prevent core dumps to avoid revealing sensitive information. */ signals_prevent_core(); /* Set SIGPIPE to be ignored. */ signal(SIGPIPE, SIG_IGN); /* Initialize configuration options to their default values. */ initialize_server_options(&options); addr[0]=0; /* Parse command-line arguments. */ while ((opt = getopt(ac, av, "f:a:p:b:k:h:g:diqV:")) != EOF) { switch (opt) { case 'f': config_file_name = optarg; break; case 'd': debug_flag = 1; break; case 'i': inetd_flag = 1; break; case 'q': options.quiet_mode = 1; break; case 'b': options.server_key_bits = atoi(optarg); break; case 'a': if(optarg[0]) snprintf(addr,STRLEN,"%s",optarg); break; case 'p': if(isdigit(optarg[0])) options.port=atoi(optarg); break; case 'g': options.login_grace_time = atoi(optarg); break; case 'k': options.key_regeneration_time = atoi(optarg); break; case 'h': options.host_key_file = optarg; break; case 'V': ssh_remote_version_string = optarg; break; case '?': default: #ifdef F_SECURE_COMMERCIAL #endif /* F_SECURE_COMMERCIAL */ fprintf(stderr, "sshd version %s [%s]\n", SSH_VERSION, HOSTTYPE); fprintf(stderr, "Usage: %s [options]\n", av0); fprintf(stderr, "Options:\n"); fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR); fprintf(stderr, " -d Debugging mode\n"); fprintf(stderr, " -i Started from inetd\n"); fprintf(stderr, " -q Quiet (no logging)\n"); fprintf(stderr, " -a addr Bind to the specified address (default: all)\n"); fprintf(stderr, " -p port Listen on the specified port (default: 22)\n"); fprintf(stderr, " -k seconds Regenerate server key every this many seconds (default: 3600)\n"); fprintf(stderr, " -g seconds Grace period for authentication (default: 300)\n"); fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n"); fprintf(stderr, " -h file File from which to read host key (default: %s)\n", HOST_KEY_FILE); fprintf(stderr, " -V str Remote version string already read from the socket\n"); exit(1); } } /* Read server configuration options from the configuration file. */ read_server_config(&options, config_file_name); /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); /* Check certain values for sanity. */ if (options.server_key_bits < 512 || options.server_key_bits > 32768) { fprintf(stderr, "fatal: Bad server key size.\n"); exit(1); } if (options.port < 1 || options.port > 65535) { fprintf(stderr, "fatal: Bad port number.\n"); exit(1); } if (options.umask != -1) { umask(options.umask); } /* Check that there are no remaining arguments. */ if (optind < ac) { fprintf(stderr, "fatal: Extra argument %.100s.\n", av[optind]); exit(1); } /* Initialize the log (it is reinitialized below in case we forked). */ log_init(av0, debug_flag && !inetd_flag, debug_flag || options.fascist_logging, options.quiet_mode, options.log_facility); debug("sshd version %.100s [%.100s]", SSH_VERSION, HOSTTYPE); /* Load the host key. It must have empty passphrase. */ done = load_private_key(geteuid(), options.host_key_file, "", &sensitive_data.host_key, &comment); if (!done) { if (debug_flag) { fprintf(stderr, "Could not load host key: %.200s\n", options.host_key_file); fprintf(stderr, "fatal: Please check that you have sufficient permissions and the file exists.\n"); } else { log_init(av0, !inetd_flag, 1, 0, options.log_facility); error("fatal: Could not load host key: %.200s. Check path and permissions.", options.host_key_file); } exit(1); } xfree(comment); /* If not in debugging mode, and not started from inetd, disconnect from the controlling terminal, and fork. The original process exits. */ if (!debug_flag && !inetd_flag) #ifdef HAVE_DAEMON if (daemon(0, 0) < 0) error("daemon: %.100s", strerror(errno)); chdir(BBSHOME); #else /* HAVE_DAEMON */ { #ifdef TIOCNOTTY int fd; #endif /* TIOCNOTTY */ /* Fork, and have the parent exit. The child becomes the server. */ if (fork()) exit(0); /* Redirect stdin, stdout, and stderr to /dev/null. */ freopen("/dev/null", "r", stdin); freopen("/dev/null", "w", stdout); freopen("/dev/null", "w", stderr); /* Disconnect from the controlling tty. */ #ifdef TIOCNOTTY fd = open("/dev/tty", O_RDWR | O_NOCTTY); if (fd >= 0) { (void) ioctl(fd, TIOCNOTTY, NULL); close(fd); } #endif /* TIOCNOTTY */ #ifdef HAVE_SETSID #ifdef ultrix setpgrp(0, 0); #else /* ultrix */ if (setsid() < 0) error("setsid: %.100s", strerror(errno)); #endif #endif /* HAVE_SETSID */ } #endif /* HAVE_DAEMON */ /* Reinitialize the log (because of the fork above). */ log_init(av0, debug_flag && !inetd_flag, debug_flag || options.fascist_logging, options.quiet_mode, options.log_facility); /* Check that server and host key lengths differ sufficiently. This is necessary to make double encryption work with rsaref. Oh, I hate software patents. */ if (options.server_key_bits > sensitive_data.host_key.bits - SSH_KEY_BITS_RESERVED && options.server_key_bits < sensitive_data.host_key.bits + SSH_KEY_BITS_RESERVED) { options.server_key_bits = sensitive_data.host_key.bits + SSH_KEY_BITS_RESERVED; debug("Forcing server key to %d bits to make it differ from host key.", options.server_key_bits); } /* Initialize memory allocation so that any freed MP_INT data will be zeroed. */ rsa_set_mp_memory_allocation(); /* Do not display messages to stdout in RSA code. */ rsa_set_verbose(debug_flag); /* Initialize the random number generator. */ debug("Initializing random number generator; seed file %.200s", options.random_seed_file); random_initialize(&sensitive_data.random_state, geteuid(), options.random_seed_file); /* Chdir to the root directory so that the current disk can be unmounted if desired. */ idle_timeout = options.idle_timeout; /* Start listening for a socket, unless started from inetd. */ if (inetd_flag) { int s1, s2; s1 = dup(0); /* Make sure descriptors 0, 1, and 2 are in use. */ s2 = dup(s1); sock_in = dup(0); sock_out = dup(1); /* We intentionally do not close the descriptors 0, 1, and 2 as our code for setting the descriptors won\'t work if ttyfd happens to be one of those. */ debug("inetd sockets after dupping: %d, %d", sock_in, sock_out); /* Generate an rsa key. */ log_msg("Generating %d bit RSA key.", options.server_key_bits); rsa_generate_key(&sensitive_data.private_key, &public_key, &sensitive_data.random_state, options.server_key_bits); random_save(&sensitive_data.random_state, geteuid(), options.random_seed_file); log_msg("RSA key generation complete."); } else { /* Create socket for listening. */ #ifdef HAVE_IPV6_SMTH listen_sock = socket(AF_INET6, SOCK_STREAM, 0); #else listen_sock = socket(AF_INET, SOCK_STREAM, 0); #endif if (listen_sock < 0) fatal("socket: %.100s", strerror(errno)); /* Set socket options. We try to make the port reusable and have it close as fast as possible without waiting in unnecessary wait states on close. */ setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, (void *) &on, sizeof(on)); #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) linger.l_onoff = 1; linger.l_linger = 15; setsockopt(listen_sock, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger)); #endif /* SO_LINGER */ /* Initialize the socket address. */ memset(&sin, 0, sizeof(sin)); #ifdef HAVE_IPV6_SMTH sin.sin6_family = AF_INET6; if ( inet_pton(AF_INET6, addr, &(sin.sin6_addr)) <= 0 ) sin.sin6_addr = in6addr_any; sin.sin6_port = htons(options.port); #else sin.sin_family = AF_INET; if ( inet_pton(AF_INET, addr, &(sin.sin_addr)) <= 0 ) sin.sin_addr.s_addr = htonl(INADDR_ANY); sin.sin_port = htons(options.port); #endif /* Bind the socket to the desired port. */ if (bind(listen_sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) { error("bind: %.100s", strerror(errno)); shutdown(listen_sock, 2); close(listen_sock); fatal("Bind to port %d failed: %.200s.", options.port, strerror(errno)); } /* COMMAN : setuid to bbs */ if(setgid(BBSGID)==-1) exit(8); if(setuid(BBSUID)==-1) exit(8); #if 0 /* etnlegend, 2006.10.31 ... */ if (!debug_flag) { /* Record our pid in /etc/sshd_pid to make it easier to kill the correct sshd. We don\'t want to do this before the bind above because the bind will fail if there already is a daemon, and this will overwrite any old pid in the file. */ f = fopen(options.pid_file, "w"); if (f) { fprintf(f, "%u\n", (unsigned int) getpid()); fclose(f); } } #endif /* Start listening on the port. */ log_msg("Server listening on port %d.", options.port); if (listen(listen_sock, 5) < 0) fatal("listen: %.100s", strerror(errno)); /* Generate an rsa key. */ log_msg("Generating %d bit RSA key.", options.server_key_bits); rsa_generate_key(&sensitive_data.private_key, &public_key, &sensitive_data.random_state, options.server_key_bits); random_save(&sensitive_data.random_state, geteuid(), options.random_seed_file); log_msg("RSA key generation complete."); /* Schedule server key regeneration alarm. */ signal(SIGALRM, key_regeneration_alarm); alarm(options.key_regeneration_time); /* Arrange to restart on SIGHUP. The handler needs listen_sock. */ signal(SIGHUP, sighup_handler); signal(SIGTERM, sigterm_handler); signal(SIGQUIT, sigterm_handler); /* AIX sends SIGDANGER when memory runs low. The default action is to terminate the process. This sometimes makes it difficult to log in and fix the problem. */ #ifdef SIGDANGER signal(SIGDANGER, sigdanger_handler); #endif /* SIGDANGER */ /* Arrange SIGCHLD to be caught. */ signal(SIGCHLD, main_sigchld_handler); if(!debug_flag){ if(!addr[0]) sprintf(buf,"var/sshbbsd.%d.pid",options.port); else sprintf(buf,"var/sshbbsd.%d_%s.pid",options.port,addr); if((f=fopen(buf,"w"))){ fprintf(f,"%d\n",(int)getpid()); fclose(f); } } /* Stay listening for connections until the system crashes or the daemon is killed with a signal. */ for (;;) { if (received_sighup) sighup_restart(); /* Wait in select until there is a connection. */ FD_ZERO(&fdset); FD_SET(listen_sock, &fdset); ret = select(listen_sock + 1, &fdset, NULL, NULL, NULL); if (ret < 0 || !FD_ISSET(listen_sock, &fdset)) { if (errno == EINTR) continue; error("select: %.100s", strerror(errno)); continue; } aux = sizeof(sin); newsock = accept(listen_sock, (struct sockaddr *) &sin, &aux); if (newsock < 0) { if (errno == EINTR) continue; error("accept: %.100s", strerror(errno)); continue; } /* Got connection. Fork a child to handle it, unless we are in debugging mode. */ if (debug_flag) { /* In debugging mode. Close the listening socket, and start processing the connection without forking. */ debug("Server will not fork when running in debugging mode."); close(listen_sock); sock_in = newsock; sock_out = newsock; pid = getpid(); #ifdef LIBWRAP { struct request_info req; signal(SIGCHLD, SIG_DFL); request_init(&req, RQ_DAEMON, av0, RQ_FILE, newsock, NULL); fromhost(&req); if (!hosts_access(&req)) refuse(&req); syslog(allow_severity, "connect from %s", eval_client(&req)); } #endif /* LIBWRAP */ break; } else { #ifdef CHECK_IP_LINK #ifdef HAVE_IPV6_SMTH if (check_IP_lists(sin.sin6_addr)==0) #else if (check_IP_lists(sin.sin_addr.s_addr)==0) #endif #endif /* Normal production daemon. Fork, and have the child process the connection. The parent continues listening. */ if ((pid = fork()) == 0) { /* Child. Close the listening socket, and start using the accepted socket. Reinitialize logging (since our pid has changed). We break out of the loop to handle the connection. */ close(listen_sock); sock_in = newsock; sock_out = newsock; #ifdef LIBWRAP { struct request_info req; signal(SIGCHLD, SIG_DFL); request_init(&req, RQ_DAEMON, av0, RQ_FILE, newsock, NULL); fromhost(&req); if (!hosts_access(&req)) refuse(&req); syslog(allow_severity, "connect from %s", eval_client(&req)); } #endif /* LIBWRAP */ log_init(av0, debug_flag && !inetd_flag, options.fascist_logging || debug_flag, options.quiet_mode, options.log_facility); break; } } /* Parent. Stay in the loop. */ if (pid < 0) error("fork: %.100s", strerror(errno)); else debug("Forked child %d.", pid); /* Mark that the key has been used (it was "given" to the child). */ key_used = 1; random_acquire_light_environmental_noise(&sensitive_data.random_state); /* Close the new socket (the child is now taking care of it). */ close(newsock); } } /* This is the child processing a new connection. */ /* Disable the key regeneration alarm. We will not regenerate the key since we are no longer in a position to give it to anyone. We will not restart on SIGHUP since it no longer makes sense. */ alarm(0); signal(SIGALRM, SIG_DFL); signal(SIGHUP, SIG_DFL); signal(SIGTERM, SIG_DFL); signal(SIGQUIT, SIG_DFL); signal(SIGCHLD, SIG_DFL); /* Set socket options for the connection. We want the socket to close as fast as possible without waiting for anything. If the connection is not a socket, these will do nothing. */ /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) linger.l_onoff = 1; linger.l_linger = 15; setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger)); #endif /* SO_LINGER */ /* Register our connection. This turns encryption off because we do not have a key. */ packet_set_connection(sock_in, sock_out, &sensitive_data.random_state); /* Log the connection. */ log_msg("Connection from %.100s port %d", get_remote_ipaddr(), get_remote_port()); /* Check whether logins are denied from this host. */ { const char *hostname = get_canonical_hostname(); const char *ipaddr = get_remote_ipaddr(); int i; if (options.num_deny_hosts > 0) { for (i = 0; i < options.num_deny_hosts; i++) if (match_host(hostname, ipaddr, options.deny_hosts[i])) perm_denied = 1; } if ((!perm_denied) && options.num_allow_hosts > 0) { for (i = 0; i < options.num_allow_hosts; i++) if (match_host(hostname, ipaddr, options.allow_hosts[i])) break; if (i >= options.num_allow_hosts) perm_denied = 1; } if (perm_denied && options.silent_deny) { close(sock_in); close(sock_out); exit(0); } } /* We don't want to listen forever unless the other side successfully authenticates itself. So we set up an alarm which is cleared after successful authentication. A limit of zero indicates no limit. Note that we don't set the alarm in debugging mode; it is just annoying to have the server exit just when you are about to discover the bug. */ signal(SIGALRM, grace_alarm_handler); if (!debug_flag) alarm(options.login_grace_time); if (ssh_remote_version_string == NULL) { /* Send our protocol version identification. */ snprintf(buf, sizeof(buf), "SSH-%d.%d-%.50s", PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); strcat(buf, "\n"); if (write(sock_out, buf, strlen(buf)) != strlen(buf)) fatal_severity(SYSLOG_SEVERITY_INFO, "Could not write ident string."); } if (ssh_remote_version_string == NULL) { /* Read other side\'s version identification. */ for (i = 0; i < sizeof(buf) - 1; i++) { if (read(sock_in, &buf[i], 1) != 1) fatal_severity(SYSLOG_SEVERITY_INFO, "Did not receive ident string."); if (buf[i] == '\r') { buf[i] = '\n'; buf[i + 1] = 0; break; } if (buf[i] == '\n') { /* buf[i] == '\n' */ buf[i + 1] = 0; break; } } buf[sizeof(buf) - 1] = 0; } else { strncpy(buf, ssh_remote_version_string, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; } /* Check that the versions match. In future this might accept several versions and set appropriate flags to handle them. */ if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, remote_version) != 3) { const char *s = "Protocol mismatch.\n"; (void) write(sock_out, s, strlen(s)); close(sock_in); close(sock_out); fatal_severity(SYSLOG_SEVERITY_INFO, "Bad protocol version identification: %.100s", buf); } debug("Client protocol version %d.%d; client software version %.100s", remote_major, remote_minor, remote_version); switch (check_emulation(remote_major, remote_minor, NULL, NULL)) { case EMULATE_MAJOR_VERSION_MISMATCH: { const char *s = "Protocol major versions differ.\n"; (void) write(sock_out, s, strlen(s)); close(sock_in); close(sock_out); fatal_severity(SYSLOG_SEVERITY_INFO, "Protocol major versions differ: %d vs. %d", PROTOCOL_MAJOR, remote_major); } break; case EMULATE_VERSION_TOO_OLD: packet_disconnect("Your ssh version is too old and is no " "longer supported. Please install a newer version."); break; case EMULATE_VERSION_NEWER: packet_disconnect("This server does not support your " "new ssh version."); break; case EMULATE_VERSION_OK: break; default: fatal("Unexpected return value from check_emulation."); } if (perm_denied) { const char *hostname = get_canonical_hostname(); log_msg("Connection from %.200s not allowed.\n", hostname); packet_disconnect("Sorry, you are not allowed to connect."); /*NOTREACHED*/} packet_set_nonblocking(); /* Handle the connection. We pass as argument whether the connection came from a privileged port. */ do_connection(get_remote_port() < 1024); /* The connection has been terminated. */ log_msg("Closing connection to %.100s", get_remote_ipaddr()); packet_close(); exit(0); }