status_e setup_environ( struct service_config *scp, struct service_config *def )
{
struct environment *ep = SC_ENV( scp ) ;
if ( ! SC_SPECIFIED( scp, A_PASSENV ) )
{
if ( ! SC_SPECIFIED( def, A_PASSENV ) )
{
if ( ! SC_SPECIFIED( scp, A_ENV ) )
{
ep->env_type = STD_ENV ;
ep->env_handle = std_env ;
return( OK ) ;
}
else
return(
make_env_with_strings( ep, std_env, SC_ENV_VAR_DEFS(scp) ) ) ;
}
else /* SC_SPECIFIED( def, A_PASSENV ) */
{
struct environment *dep = SC_ENV( def ) ;
if ( dep->env_type == NO_ENV &&
make_env_from_vars( dep, std_env,
SC_PASS_ENV_VARS(def) ) == FAILED )
return( FAILED ) ;
if ( ! SC_SPECIFIED( scp, A_ENV ) )
{
ep->env_type = DEF_ENV ;
ep->env_handle = dep->env_handle ;
return( OK ) ;
}
else
return( make_env_with_strings( ep,
dep->env_handle, SC_ENV_VAR_DEFS(scp) ) ) ;
}
}
else /* SC_SPECIFIED( scp, A_PASSENV ) */
{
if ( make_env_from_vars( ep, std_env, SC_PASS_ENV_VARS(scp) ) == FAILED )
return( FAILED ) ;
if ( ! SC_SPECIFIED( scp, A_ENV ) )
return( OK ) ;
else
{
if ( update_env_with_strings(
ep->env_handle, SC_ENV_VAR_DEFS(scp) ) == FAILED )
{
env_destroy( ep->env_handle ) ;
return( FAILED ) ;
}
return( OK ) ;
}
}
}
/*
* Free all malloc'ed memory for the specified service
*/
void sc_free( struct service_config *scp )
{
#ifdef HAVE_MDNS
COND_FREE( SC_MDNS_NAME(scp) );
xinetd_mdns_svc_free(scp);
#endif
#ifdef LIBWRAP
COND_FREE( SC_LIBWRAP(scp) );
#endif
COND_FREE( SC_NAME(scp) ) ;
COND_FREE( SC_ID(scp) ) ;
COND_FREE( SC_PROTONAME(scp) ) ;
COND_FREE( SC_SERVER(scp) ) ;
COND_FREE( (char *)SC_REDIR_ADDR(scp) ) ;
COND_FREE( (char *)SC_BIND_ADDR(scp) ) ;
COND_FREE( (char *)SC_ORIG_BIND_ADDR(scp) ) ;
COND_FREE( (char *)SC_BANNER(scp) ) ;
COND_FREE( (char *)SC_BANNER_SUCCESS(scp) ) ;
COND_FREE( (char *)SC_BANNER_FAIL(scp) ) ;
if ( SC_SERVER_ARGV(scp) )
{
char **pp ;
/*
* argv[ 0 ] is a special case because it may not have been allocated yet
*/
if ( SC_SERVER_ARGV(scp)[ 0 ] != NULL)
free( SC_SERVER_ARGV(scp)[ 0 ] ) ;
for ( pp = &SC_SERVER_ARGV(scp)[ 1 ] ; *pp != NULL ; pp++ )
free( *pp ) ;
free( (char *) SC_SERVER_ARGV(scp) ) ;
}
COND_FREE( LOG_GET_FILELOG( SC_LOG( scp ) )->fl_filename ) ;
if ( SC_ACCESS_TIMES(scp) != NULL )
{
ti_free( SC_ACCESS_TIMES(scp) ) ;
pset_destroy( SC_ACCESS_TIMES(scp) ) ;
}
if ( SC_ONLY_FROM(scp) != NULL )
{
addrlist_free( SC_ONLY_FROM(scp) ) ;
pset_destroy( SC_ONLY_FROM(scp) ) ;
}
if ( SC_NO_ACCESS(scp) != NULL )
{
addrlist_free( SC_NO_ACCESS(scp) ) ;
pset_destroy( SC_NO_ACCESS(scp) ) ;
}
if ( SC_ENV_VAR_DEFS(scp) != NULL )
release_string_pset( SC_ENV_VAR_DEFS(scp) ) ;
if ( SC_PASS_ENV_VARS(scp) != NULL )
release_string_pset( SC_PASS_ENV_VARS(scp) ) ;
if ( SC_ENV( scp )->env_type == CUSTOM_ENV &&
SC_ENV( scp )->env_handle != ENV_NULL )
env_destroy( SC_ENV( scp )->env_handle ) ;
if (SC_DISABLED(scp) )
release_string_pset( SC_DISABLED(scp) ) ;
if (SC_ENABLED(scp) )
release_string_pset( SC_ENABLED(scp) ) ;
CLEAR( *scp ) ;
FREE_SCONF( scp ) ;
}
/*
* Print info about service scp to file descriptor fd
*/
void sc_dump( struct service_config *scp,
int fd,
int tab_level,
bool_int is_defaults )
{
const struct name_value *nvp ;
unsigned u ;
char **pp ;
if ( is_defaults )
tabprint( fd, tab_level, "Service defaults\n" ) ;
else
tabprint( fd, tab_level, "Service configuration: %s\n", SC_NAME(scp) ) ;
if ( ! is_defaults )
{
tabprint( fd, tab_level+1, "id = %s\n", SC_ID(scp) ) ;
if ( ! M_ARE_ALL_CLEAR( SC_XFLAGS(scp) ) )
{
tabprint( fd, tab_level+1, "flags =" ) ;
for ( nvp = &service_flags[ 0 ] ; nvp->name != NULL ; nvp++ )
if ( M_IS_SET( SC_XFLAGS(scp), nvp->value ) )
Sprint( fd, " %s", nvp->name ) ;
Sputchar( fd, '\n' ) ;
}
if ( ! M_ARE_ALL_CLEAR( SC_TYPE(scp) ) )
{
tabprint( fd, tab_level+1, "type =" ) ;
for ( nvp = &service_types[ 0 ] ; nvp->name != NULL ; nvp++ )
if ( M_IS_SET( SC_TYPE(scp), nvp->value ) )
Sprint( fd, " %s", nvp->name ) ;
Sputchar( fd, '\n' ) ;
}
tabprint( fd, tab_level+1, "socket_type = %s\n",
nv_get_name( socket_types, SC_SOCKET_TYPE(scp) ) ) ;
tabprint( fd, tab_level+1, "Protocol (name,number) = (%s,%d)\n",
SC_PROTONAME(scp), SC_PROTOVAL(scp) ) ;
if ( SC_SPECIFIED( scp, A_PORT ) )
tabprint( fd, tab_level+1, "port = %d\n", SC_PORT(scp) ) ;
}
if ( SC_SPECIFIED( scp, A_INSTANCES ) ) {
if ( SC_INSTANCES(scp) == UNLIMITED )
tabprint( fd, tab_level+1, "Instances = UNLIMITED\n" ) ;
else
tabprint( fd, tab_level+1, "Instances = %d\n", SC_INSTANCES(scp) ) ;
}
if ( SC_SPECIFIED( scp, A_WAIT ) ) {
if ( SC_WAIT(scp) )
tabprint( fd, tab_level+1, "wait = yes\n" ) ;
else
tabprint( fd, tab_level+1, "wait = no\n" ) ;
}
if ( SC_SPECIFIED( scp, A_USER ) )
tabprint( fd, tab_level+1, "user = %d\n", SC_UID(scp) ) ;
if ( SC_SPECIFIED( scp, A_GROUP ) )
tabprint( fd, tab_level+1, "group = %d\n", SC_GID(scp) ) ;
if ( SC_SPECIFIED( scp, A_GROUPS ) )
{
if (SC_GROUPS(scp) == 1)
tabprint( fd, tab_level+1, "Groups = yes\n" );
else
tabprint( fd, tab_level+1, "Groups = no\n" );
}
if ( SC_SPECIFIED( scp, A_UMASK ) )
tabprint( fd, tab_level+1, "umask = %o\n", SC_UMASK(scp) ) ;
if ( SC_SPECIFIED( scp, A_NICE ) )
tabprint( fd, tab_level+1, "Nice = %d\n", SC_NICE(scp) ) ;
if ( SC_SPECIFIED( scp, A_CPS ) )
tabprint( fd, tab_level+1, "CPS = max conn:%lu wait:%lu\n",
SC_TIME_CONN_MAX(scp), SC_TIME_WAIT(scp) );
if ( SC_SPECIFIED( scp, A_PER_SOURCE ) )
tabprint( fd, tab_level+1, "PER_SOURCE = %d\n",
SC_PER_SOURCE(scp) );
if ( SC_SPECIFIED( scp, A_BIND ) ) {
if ( SC_BIND_ADDR(scp) ) {
char bindname[NI_MAXHOST];
unsigned int len = 0;
if( SC_BIND_ADDR(scp)->sa.sa_family == AF_INET )
len = sizeof(struct sockaddr_in);
else
len = sizeof(struct sockaddr_in6);
memset(bindname, 0, sizeof(bindname));
if( getnameinfo(&SC_BIND_ADDR(scp)->sa, len, bindname,
NI_MAXHOST, NULL, 0, 0) != 0 )
strcpy(bindname, "unknown");
tabprint( fd, tab_level+1, "Bind = %s\n", bindname );
}
else if ( SC_ORIG_BIND_ADDR(scp) ) {
tabprint( fd, tab_level+1, "Bind = %s\n",
SC_ORIG_BIND_ADDR(scp) );
}
else { /* This should NEVER happen */
msg(LOG_ERR, "sc_dump", "bad configuration for %s:",
SC_NAME(scp));
}
}
else
tabprint( fd, tab_level+1, "Bind = All addresses.\n" );
if ( ! is_defaults )
{
if ( (! SC_IS_INTERNAL( scp )) && (SC_REDIR_ADDR(scp) == NULL) )
{
tabprint( fd, tab_level+1, "Server = %s\n", SC_SERVER(scp) ) ;
tabprint( fd, tab_level+1, "Server argv =" ) ;
if ( SC_SERVER_ARGV(scp) )
{
for ( pp = SC_SERVER_ARGV(scp) ; *pp ; pp++ )
Sprint( fd, " %s", *pp ) ;
}
else
Sprint( fd, " (NULL)");
Sputchar( fd, '\n' ) ;
}
#ifdef LIBWRAP
if ( SC_LIBWRAP(scp) != NULL )
{
tabprint( fd, tab_level + 1, "Libwrap = %s\n", SC_LIBWRAP(scp) );
}
#endif
if ( SC_REDIR_ADDR(scp) != NULL )
{
char redirname[NI_MAXHOST];
unsigned int len = 0;
if( SC_REDIR_ADDR(scp)->sa.sa_family == AF_INET )
len = sizeof(struct sockaddr_in);
if( SC_REDIR_ADDR(scp)->sa.sa_family == AF_INET6 )
len = sizeof(struct sockaddr_in6);
memset(redirname, 0, sizeof(redirname));
if( getnameinfo(&SC_REDIR_ADDR(scp)->sa, len, redirname, NI_MAXHOST,
NULL, 0, 0) != 0 )
strcpy(redirname, "unknown");
tabprint( fd, tab_level+1, "Redirect = %s:%d\n", redirname,
SC_REDIR_ADDR(scp)->sa_in.sin_port );
}
if ( SC_IS_RPC( scp ) )
{
struct rpc_data *rdp = SC_RPCDATA( scp ) ;
tabprint( fd, tab_level+1, "RPC data\n" ) ;
tabprint( fd, tab_level+2,
"program number = %ld\n", rdp->rd_program_number ) ;
tabprint( fd, tab_level+2, "rpc_version = " ) ;
if ( rdp->rd_min_version == rdp->rd_max_version )
Sprint( fd, "%ld\n", rdp->rd_min_version ) ;
else
Sprint( fd, "%ld-%ld\n",
rdp->rd_min_version, rdp->rd_max_version ) ;
}
if ( SC_SPECIFIED( scp, A_ACCESS_TIMES ) )
{
tabprint( fd, tab_level+1, "Access times =" ) ;
ti_dump( SC_ACCESS_TIMES(scp), fd ) ;
Sputchar ( fd, '\n' ) ;
}
}
/* This is important enough that each service should list it. */
tabprint( fd, tab_level+1, "Only from: " ) ;
if ( SC_ONLY_FROM(scp) )
{ /* Next check is done since -= doesn't zero out lists. */
if ( pset_count(SC_ONLY_FROM(scp)) == 0)
Sprint( fd, "All sites" );
else
addrlist_dump( SC_ONLY_FROM(scp), fd ) ;
}
else
Sprint( fd, "All sites" );
Sputchar( fd, '\n' ) ;
/* This is important enough that each service should list it. */
tabprint( fd, tab_level+1, "No access: " ) ;
if ( SC_NO_ACCESS(scp) )
{ /* Next check is done since -= doesn't zero out lists. */
if ( pset_count(SC_NO_ACCESS(scp)) == 0)
Sprint( fd, "No blocked sites" );
else
addrlist_dump( SC_NO_ACCESS(scp), fd ) ;
}
else
Sprint( fd, "No blocked sites" );
Sputchar( fd, '\n' ) ;
if ( SC_SENSOR(scp) )
{
tabprint( fd, tab_level+1, "Deny Time: " ) ;
Sprint( fd, "%d\n", SC_DENY_TIME(scp));
}
dump_log_data( fd, scp, tab_level+1 ) ;
if ( SC_IS_PRESENT( scp, A_PASSENV ) )
{
tabprint( fd, tab_level+1, "Passenv =" ) ;
for ( u = 0 ; u < pset_count( SC_PASS_ENV_VARS(scp) ) ; u++ )
Sprint( fd, " %s",
(char *) pset_pointer( SC_PASS_ENV_VARS(scp), u ) ) ;
Sputchar ( fd, '\n' ) ;
}
if ( ! is_defaults )
if ( SC_SPECIFIED( scp, A_ENV ) )
{
tabprint( fd, tab_level+1, "Environment additions:\n" ) ;
for ( u = 0 ; u < pset_count( SC_ENV_VAR_DEFS(scp) ) ; u++ )
tabprint( fd, tab_level+2,
"%s\n", (char *) pset_pointer( SC_ENV_VAR_DEFS(scp), u ) ) ;
}
if ( SC_ENV( scp )->env_type == CUSTOM_ENV )
{
tabprint( fd, tab_level+1, "Environment strings:\n" ) ;
for ( pp = env_getvars( SC_ENV( scp )->env_handle ) ; *pp ; pp++ )
tabprint( fd, tab_level+2, "%s\n", *pp ) ;
}
Sflush( fd ) ;
}
/*
* This function is running in the new process
*/
void exec_server( const struct server *serp )
{
const struct service_config *scp = SVC_CONF( SERVER_SERVICE( serp ) ) ;
struct rlimit rl ;
int fd ;
int descriptor = SERVER_FD( serp ) ;
const char *server = SC_SERVER( scp ) ;
const char *func = "exec_server" ;
/*
* The following code solves a problem with post-version-4.3
* Ultrix systems (the bug was reported, and a fix was provided by
* [email protected]; a slightly modified version of this
* fix is included here).
*
* If this is a 'nowait' service, we pass the service descriptor
* to the server. Note that we have set the close-on-exec flag
* on all service descriptors. It is unclear whether the dup2()
* will create a descriptor with the close-on-exec flag set,
* so we explicitly clear the flag (since we are doing this
* after the fork, it does not affect the descriptor of the
* parent process).
*/
if ( fcntl( descriptor, F_SETFD, 0 ) == -1 )
msg( LOG_WARNING, func,
"fcntl( %d, clear close-on-exec ) failed: %m", descriptor ) ;
if ( debug.on )
msg( LOG_DEBUG, func, "duping %d", descriptor ) ;
for ( fd = 0 ; fd <= MAX_PASS_FD ; fd++ )
{
if ( dup2( descriptor, fd ) == -1 )
{
msg( LOG_ERR, func,
"dup2( %d, %d ) failed: %m", descriptor, fd ) ;
_exit( 1 ) ;
}
}
#ifdef RLIMIT_NOFILE
rl.rlim_max = ps.ros.orig_max_descriptors ;
rl.rlim_cur = ps.ros.max_descriptors ;
(void) setrlimit( RLIMIT_NOFILE, &rl ) ;
#endif
#ifdef RLIMIT_AS
if (SC_RLIM_AS (scp))
{
rl.rlim_cur = SC_RLIM_AS( scp );
rl.rlim_max = SC_RLIM_AS( scp );
(void) setrlimit( RLIMIT_AS, &rl );
}
#endif
#ifdef RLIMIT_CPU
if (SC_RLIM_CPU (scp))
{
rl.rlim_cur = SC_RLIM_CPU( scp );
rl.rlim_max = SC_RLIM_CPU( scp );
(void) setrlimit( RLIMIT_CPU, &rl );
}
#endif
#ifdef RLIMIT_DATA
if (SC_RLIM_DATA (scp))
{
rl.rlim_cur = SC_RLIM_DATA( scp );
rl.rlim_max = SC_RLIM_DATA( scp );
(void) setrlimit( RLIMIT_DATA, &rl );
}
#endif
#ifdef RLIMIT_RSS
if (SC_RLIM_RSS (scp))
{
rl.rlim_cur = SC_RLIM_RSS( scp );
rl.rlim_max = SC_RLIM_RSS( scp );
(void) setrlimit( RLIMIT_RSS, &rl );
}
#endif
#ifdef RLIMIT_STACK
if (SC_RLIM_STACK (scp))
{
rl.rlim_cur = SC_RLIM_STACK( scp );
rl.rlim_max = SC_RLIM_STACK( scp );
(void) setrlimit( RLIMIT_STACK, &rl );
}
#endif
(void) Sclose( descriptor ) ;
#ifndef solaris
no_control_tty() ;
#endif
msg_suspend() ;
(void) execve( server, SC_SERVER_ARGV( scp ),
env_getvars( SC_ENV( scp )->env_handle ) ) ;
/*
* The exec failed. Log the error and exit.
*/
msg_resume() ;
msg( LOG_ERR, func, "execv( %s ) failed: %m", server ) ;
_exit( 0 ) ;
}
/*
* This function is invoked in a forked process to run a server.
* If the service is internal the appropriate function is invoked
* otherwise the server program is exec'ed.
* This function also logs the remote user id if appropriate
*/
void child_process( struct server *serp )
{
struct service *sp = SERVER_SERVICE( serp ) ;
connection_s *cp = SERVER_CONNECTION( serp ) ;
struct service_config *scp = SVC_CONF( sp ) ;
const char *func = "child_process" ;
signal_default_state();
if ((signals_pending[0] >= 0 && Sclose(signals_pending[0])) ||
(signals_pending[1] >= 0 && Sclose(signals_pending[1])))
{
msg(LOG_ERR, func, "Failed to close the signal pipe: %m");
_exit(1);
}
signals_pending[0] = -1;
signals_pending[1] = -1;
Sclose(0);
Sclose(1);
Sclose(2);
#ifdef DEBUG_SERVER
if ( debug.on )
{
msg( LOG_DEBUG, func, "Process %d is sleeping", getpid() ) ;
sleep( 10 ) ;
}
#endif
if ( ! SC_IS_INTERCEPTED( scp ) )
{
set_credentials( scp ) ;
if ( SC_SPECIFIED( scp, A_NICE ) )
(void) nice( SC_NICE( scp ) ) ;
}
if ( svc_child_access_control(sp, cp) != OK )
exit(0);
if ( SERVER_LOGUSER( serp ) )
{
unsigned timeout ;
idresult_e result ;
/*
* We use LOGUSER_SUCCESS_TIMEOUT unless the service requires
* identification, in which case we use an infinite timeout
*/
timeout = SC_MUST_IDENTIFY( scp ) ? 0 : LOGUSER_SUCCESS_TIMEOUT ;
result = log_remote_user( serp, timeout ) ;
if ( result != IDR_OK && SC_MUST_IDENTIFY( scp ) )
{
svc_logprint( sp, NOID_ENTRY, "%s %s",
conn_addrstr( SERVER_CONNECTION( serp ) ),
idresult_explain( result ) ) ;
_exit( 0 ) ;
}
}
#ifdef HAVE_SESSIONCREATE
if ( scp->sc_sessioncreate == YES )
{
if ( SessionCreate(0, sessionHasTTY|sessionIsRemote) != noErr )
svc_logprint( sp, "SessionCreate", "SessionCreate() failed!" );
}
#endif
/* this is where the server gets executed -bbraun */
if ( ! SC_IS_INTERNAL( scp ) )
{
if( scp->sc_redir_addr != NULL )
{
redir_handler( serp );
}
else
{
#if defined(HAVE_SETENV)
char buff[1024];
strx_sprint(buff, sizeof(buff)-1, "REMOTE_HOST=%s", conn_addrstr(cp));
if( env_addstr(SC_ENV(scp)->env_handle, buff) != ENV_OK ) {
msg( LOG_ERR, func, "Error adding REMOTE_HOST variable for %s: %m", SC_NAME(scp) );
_exit( 1 ) ;
}
#endif
exec_server( serp ) ;
}
}
else
{
char name[ 180 ] ;
/*
* We don't bother to disassociate from the controlling terminal
* (we have a controlling terminal only if debug.on is TRUE)
*
* Also, for interceptor processes, we give them the name:
* <program_name> <service-id> interceptor
*/
if ( SC_IS_INTERCEPTED( scp ) )
strx_print( INT_NULL, name, sizeof( name ) - 1,
"%s %s interceptor", program_name, SC_ID( scp ) ) ;
else
{
int namelen = sizeof( name ) - 1 ; /* leave space for the NUL */
char host[NI_MAXHOST];
size_t hostlen = NI_MAXHOST;
socklen_t addrlen = 0;
union xsockaddr *sinp = CONN_XADDRESS(SERVER_CONNECTION(serp));
int len;
if( sinp == NULL )
exit(0);
if( SC_IPV6(scp) ) addrlen = sizeof(struct sockaddr_in6);
else if( SC_IPV4(scp) ) addrlen = sizeof(struct sockaddr_in);
len = strx_nprint(name, namelen, "(%s service) %s", program_name,
SC_ID( scp ) ) ;
if( getnameinfo( SA(sinp), addrlen, host, hostlen, NULL, 0, 0) != 0 )
strcpy(host, "unknown");
if ( SC_IPV6(scp) && SC_ACCEPTS_CONNECTIONS( scp ) &&
!IN6_IS_ADDR_UNSPECIFIED(&sinp->sa_in6.sin6_addr) )
strx_print( INT_NULL, &name[ len ], namelen - len, " %s" , host ) ;
if ( SC_IPV4(scp) && SC_ACCEPTS_CONNECTIONS( scp ) )
strx_print( INT_NULL, &name[ len ], namelen - len, " %s", host ) ;
}
rename_process( name ) ;
SVC_INTERNAL( sp, serp ) ;
}
_exit( 0 ) ;
/* NOTREACHED */
}
