mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-14 10:09:48 +00:00
8a16b7a18f
Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
2564 lines
64 KiB
C
2564 lines
64 KiB
C
/*-
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*
|
|
* Copyright (c) 1983, 1991, 1993, 1994
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#ifndef lint
|
|
static const char copyright[] =
|
|
"@(#) Copyright (c) 1983, 1991, 1993, 1994\n\
|
|
The Regents of the University of California. All rights reserved.\n";
|
|
#endif /* not lint */
|
|
|
|
#ifndef lint
|
|
#if 0
|
|
static char sccsid[] = "@(#)from: inetd.c 8.4 (Berkeley) 4/13/94";
|
|
#endif
|
|
#endif /* not lint */
|
|
|
|
#include <sys/cdefs.h>
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
/*
|
|
* Inetd - Internet super-server
|
|
*
|
|
* This program invokes all internet services as needed. Connection-oriented
|
|
* services are invoked each time a connection is made, by creating a process.
|
|
* This process is passed the connection as file descriptor 0 and is expected
|
|
* to do a getpeername to find out the source host and port.
|
|
*
|
|
* Datagram oriented services are invoked when a datagram
|
|
* arrives; a process is created and passed a pending message
|
|
* on file descriptor 0. Datagram servers may either connect
|
|
* to their peer, freeing up the original socket for inetd
|
|
* to receive further messages on, or ``take over the socket'',
|
|
* processing all arriving datagrams and, eventually, timing
|
|
* out. The first type of server is said to be ``multi-threaded'';
|
|
* the second type of server ``single-threaded''.
|
|
*
|
|
* Inetd uses a configuration file which is read at startup
|
|
* and, possibly, at some later time in response to a hangup signal.
|
|
* The configuration file is ``free format'' with fields given in the
|
|
* order shown below. Continuation lines for an entry must begin with
|
|
* a space or tab. All fields must be present in each entry.
|
|
*
|
|
* service name must be in /etc/services
|
|
* or name a tcpmux service
|
|
* or specify a unix domain socket
|
|
* socket type stream/dgram/raw/rdm/seqpacket
|
|
* protocol tcp[4][6], udp[4][6], unix
|
|
* wait/nowait single-threaded/multi-threaded
|
|
* user[:group][/login-class] user/group/login-class to run daemon as
|
|
* server program full path name
|
|
* server program arguments maximum of MAXARGS (20)
|
|
*
|
|
* TCP services without official port numbers are handled with the
|
|
* RFC1078-based tcpmux internal service. Tcpmux listens on port 1 for
|
|
* requests. When a connection is made from a foreign host, the service
|
|
* requested is passed to tcpmux, which looks it up in the servtab list
|
|
* and returns the proper entry for the service. Tcpmux returns a
|
|
* negative reply if the service doesn't exist, otherwise the invoked
|
|
* server is expected to return the positive reply if the service type in
|
|
* inetd.conf file has the prefix "tcpmux/". If the service type has the
|
|
* prefix "tcpmux/+", tcpmux will return the positive reply for the
|
|
* process; this is for compatibility with older server code, and also
|
|
* allows you to invoke programs that use stdin/stdout without putting any
|
|
* special server code in them. Services that use tcpmux are "nowait"
|
|
* because they do not have a well-known port and hence cannot listen
|
|
* for new requests.
|
|
*
|
|
* For RPC services
|
|
* service name/version must be in /etc/rpc
|
|
* socket type stream/dgram/raw/rdm/seqpacket
|
|
* protocol rpc/tcp[4][6], rpc/udp[4][6]
|
|
* wait/nowait single-threaded/multi-threaded
|
|
* user[:group][/login-class] user/group/login-class to run daemon as
|
|
* server program full path name
|
|
* server program arguments maximum of MAXARGS
|
|
*
|
|
* Comment lines are indicated by a `#' in column 1.
|
|
*
|
|
* #ifdef IPSEC
|
|
* Comment lines that start with "#@" denote IPsec policy string, as described
|
|
* in ipsec_set_policy(3). This will affect all the following items in
|
|
* inetd.conf(8). To reset the policy, just use "#@" line. By default,
|
|
* there's no IPsec policy.
|
|
* #endif
|
|
*/
|
|
#include <sys/param.h>
|
|
#include <sys/ioctl.h>
|
|
#include <sys/mman.h>
|
|
#include <sys/wait.h>
|
|
#include <sys/time.h>
|
|
#include <sys/resource.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/un.h>
|
|
|
|
#include <netinet/in.h>
|
|
#include <netinet/tcp.h>
|
|
#include <arpa/inet.h>
|
|
#include <rpc/rpc.h>
|
|
#include <rpc/pmap_clnt.h>
|
|
|
|
#include <ctype.h>
|
|
#include <errno.h>
|
|
#include <err.h>
|
|
#include <fcntl.h>
|
|
#include <grp.h>
|
|
#include <libutil.h>
|
|
#include <limits.h>
|
|
#include <netdb.h>
|
|
#include <pwd.h>
|
|
#include <signal.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sysexits.h>
|
|
#include <syslog.h>
|
|
#ifdef LIBWRAP
|
|
#include <tcpd.h>
|
|
#endif
|
|
#include <unistd.h>
|
|
|
|
#include "inetd.h"
|
|
#include "pathnames.h"
|
|
|
|
#ifdef IPSEC
|
|
#include <netipsec/ipsec.h>
|
|
#ifndef IPSEC_POLICY_IPSEC /* no ipsec support on old ipsec */
|
|
#undef IPSEC
|
|
#endif
|
|
#endif
|
|
|
|
#ifndef LIBWRAP_ALLOW_FACILITY
|
|
# define LIBWRAP_ALLOW_FACILITY LOG_AUTH
|
|
#endif
|
|
#ifndef LIBWRAP_ALLOW_SEVERITY
|
|
# define LIBWRAP_ALLOW_SEVERITY LOG_INFO
|
|
#endif
|
|
#ifndef LIBWRAP_DENY_FACILITY
|
|
# define LIBWRAP_DENY_FACILITY LOG_AUTH
|
|
#endif
|
|
#ifndef LIBWRAP_DENY_SEVERITY
|
|
# define LIBWRAP_DENY_SEVERITY LOG_WARNING
|
|
#endif
|
|
|
|
#define ISWRAP(sep) \
|
|
( ((wrap_ex && !(sep)->se_bi) || (wrap_bi && (sep)->se_bi)) \
|
|
&& (sep->se_family == AF_INET || sep->se_family == AF_INET6) \
|
|
&& ( ((sep)->se_accept && (sep)->se_socktype == SOCK_STREAM) \
|
|
|| (sep)->se_socktype == SOCK_DGRAM))
|
|
|
|
#ifdef LOGIN_CAP
|
|
#include <login_cap.h>
|
|
|
|
/* see init.c */
|
|
#define RESOURCE_RC "daemon"
|
|
|
|
#endif
|
|
|
|
#ifndef MAXCHILD
|
|
#define MAXCHILD -1 /* maximum number of this service
|
|
< 0 = no limit */
|
|
#endif
|
|
|
|
#ifndef MAXCPM
|
|
#define MAXCPM -1 /* rate limit invocations from a
|
|
single remote address,
|
|
< 0 = no limit */
|
|
#endif
|
|
|
|
#ifndef MAXPERIP
|
|
#define MAXPERIP -1 /* maximum number of this service
|
|
from a single remote address,
|
|
< 0 = no limit */
|
|
#endif
|
|
|
|
#ifndef TOOMANY
|
|
#define TOOMANY 256 /* don't start more than TOOMANY */
|
|
#endif
|
|
#define CNT_INTVL 60 /* servers in CNT_INTVL sec. */
|
|
#define RETRYTIME (60*10) /* retry after bind or server fail */
|
|
#define MAX_MAXCHLD 32767 /* max allowable max children */
|
|
|
|
#define SIGBLOCK (sigmask(SIGCHLD)|sigmask(SIGHUP)|sigmask(SIGALRM))
|
|
|
|
#define satosin(sa) ((struct sockaddr_in *)(void *)sa)
|
|
#define csatosin(sa) ((const struct sockaddr_in *)(const void *)sa)
|
|
#ifdef INET6
|
|
#define satosin6(sa) ((struct sockaddr_in6 *)(void *)sa)
|
|
#define csatosin6(sa) ((const struct sockaddr_in6 *)(const void *)sa)
|
|
#endif
|
|
static void close_sep(struct servtab *);
|
|
static void flag_signal(int);
|
|
static void config(void);
|
|
static int cpmip(const struct servtab *, int);
|
|
static void endconfig(void);
|
|
static struct servtab *enter(struct servtab *);
|
|
static void freeconfig(struct servtab *);
|
|
static struct servtab *getconfigent(void);
|
|
static int matchservent(const char *, const char *, const char *);
|
|
static char *nextline(FILE *);
|
|
static void addchild(struct servtab *, int);
|
|
static void reapchild(void);
|
|
static void enable(struct servtab *);
|
|
static void disable(struct servtab *);
|
|
static void retry(void);
|
|
static int setconfig(void);
|
|
static void setup(struct servtab *);
|
|
#ifdef IPSEC
|
|
static void ipsecsetup(struct servtab *);
|
|
#endif
|
|
static void unregisterrpc(register struct servtab *sep);
|
|
static struct conninfo *search_conn(struct servtab *sep, int ctrl);
|
|
static int room_conn(struct servtab *sep, struct conninfo *conn);
|
|
static void addchild_conn(struct conninfo *conn, pid_t pid);
|
|
static void reapchild_conn(pid_t pid);
|
|
static void free_conn(struct conninfo *conn);
|
|
static void resize_conn(struct servtab *sep, int maxperip);
|
|
static void free_connlist(struct servtab *sep);
|
|
static void free_proc(struct procinfo *);
|
|
static struct procinfo *search_proc(pid_t pid, int add);
|
|
static int hashval(char *p, int len);
|
|
static char *skip(char **);
|
|
static char *sskip(char **);
|
|
static char *newstr(const char *);
|
|
static void print_service(const char *, const struct servtab *);
|
|
|
|
/* tcpd.h */
|
|
int allow_severity;
|
|
int deny_severity;
|
|
|
|
static int wrap_ex = 0;
|
|
static int wrap_bi = 0;
|
|
int debug = 0;
|
|
static int dolog = 0;
|
|
static int maxsock; /* highest-numbered descriptor */
|
|
static fd_set allsock;
|
|
static int options;
|
|
static int timingout;
|
|
static int toomany = TOOMANY;
|
|
static int maxchild = MAXCHILD;
|
|
static int maxcpm = MAXCPM;
|
|
static int maxperip = MAXPERIP;
|
|
static struct servent *sp;
|
|
static struct rpcent *rpc;
|
|
static char *hostname = NULL;
|
|
static struct sockaddr_in *bind_sa4;
|
|
static int v4bind_ok = 0;
|
|
#ifdef INET6
|
|
static struct sockaddr_in6 *bind_sa6;
|
|
static int v6bind_ok = 0;
|
|
#endif
|
|
static int signalpipe[2];
|
|
#ifdef SANITY_CHECK
|
|
static int nsock;
|
|
#endif
|
|
static uid_t euid;
|
|
static gid_t egid;
|
|
static mode_t mask;
|
|
|
|
struct servtab *servtab;
|
|
|
|
static const char *CONFIG = _PATH_INETDCONF;
|
|
static const char *pid_file = _PATH_INETDPID;
|
|
static struct pidfh *pfh = NULL;
|
|
|
|
static struct netconfig *udpconf, *tcpconf, *udp6conf, *tcp6conf;
|
|
|
|
static LIST_HEAD(, procinfo) proctable[PERIPSIZE];
|
|
|
|
static int
|
|
getvalue(const char *arg, int *value, const char *whine)
|
|
{
|
|
int tmp;
|
|
char *p;
|
|
|
|
tmp = strtol(arg, &p, 0);
|
|
if (tmp < 0 || *p) {
|
|
syslog(LOG_ERR, whine, arg);
|
|
return 1; /* failure */
|
|
}
|
|
*value = tmp;
|
|
return 0; /* success */
|
|
}
|
|
|
|
#ifdef LIBWRAP
|
|
static sa_family_t
|
|
whichaf(struct request_info *req)
|
|
{
|
|
struct sockaddr *sa;
|
|
|
|
sa = (struct sockaddr *)req->client->sin;
|
|
if (sa == NULL)
|
|
return AF_UNSPEC;
|
|
#ifdef INET6
|
|
if (sa->sa_family == AF_INET6 &&
|
|
IN6_IS_ADDR_V4MAPPED(&satosin6(sa)->sin6_addr))
|
|
return AF_INET;
|
|
#endif
|
|
return sa->sa_family;
|
|
}
|
|
#endif
|
|
|
|
int
|
|
main(int argc, char **argv)
|
|
{
|
|
struct servtab *sep;
|
|
struct passwd *pwd;
|
|
struct group *grp;
|
|
struct sigaction sa, saalrm, sachld, sahup, sapipe;
|
|
int ch, dofork;
|
|
pid_t pid;
|
|
char buf[50];
|
|
#ifdef LOGIN_CAP
|
|
login_cap_t *lc = NULL;
|
|
#endif
|
|
#ifdef LIBWRAP
|
|
struct request_info req;
|
|
int denied;
|
|
char *service = NULL;
|
|
#endif
|
|
struct sockaddr_storage peer;
|
|
int i;
|
|
struct addrinfo hints, *res;
|
|
const char *servname;
|
|
int error;
|
|
struct conninfo *conn;
|
|
|
|
openlog("inetd", LOG_PID | LOG_NOWAIT | LOG_PERROR, LOG_DAEMON);
|
|
|
|
while ((ch = getopt(argc, argv, "dlwWR:a:c:C:p:s:")) != -1)
|
|
switch(ch) {
|
|
case 'd':
|
|
debug = 1;
|
|
options |= SO_DEBUG;
|
|
break;
|
|
case 'l':
|
|
dolog = 1;
|
|
break;
|
|
case 'R':
|
|
getvalue(optarg, &toomany,
|
|
"-R %s: bad value for service invocation rate");
|
|
break;
|
|
case 'c':
|
|
getvalue(optarg, &maxchild,
|
|
"-c %s: bad value for maximum children");
|
|
break;
|
|
case 'C':
|
|
getvalue(optarg, &maxcpm,
|
|
"-C %s: bad value for maximum children/minute");
|
|
break;
|
|
case 'a':
|
|
hostname = optarg;
|
|
break;
|
|
case 'p':
|
|
pid_file = optarg;
|
|
break;
|
|
case 's':
|
|
getvalue(optarg, &maxperip,
|
|
"-s %s: bad value for maximum children per source address");
|
|
break;
|
|
case 'w':
|
|
wrap_ex++;
|
|
break;
|
|
case 'W':
|
|
wrap_bi++;
|
|
break;
|
|
case '?':
|
|
default:
|
|
syslog(LOG_ERR,
|
|
"usage: inetd [-dlwW] [-a address] [-R rate]"
|
|
" [-c maximum] [-C rate]"
|
|
" [-p pidfile] [conf-file]");
|
|
exit(EX_USAGE);
|
|
}
|
|
/*
|
|
* Initialize Bind Addrs.
|
|
* When hostname is NULL, wild card bind addrs are obtained from
|
|
* getaddrinfo(). But getaddrinfo() requires at least one of
|
|
* hostname or servname is non NULL.
|
|
* So when hostname is NULL, set dummy value to servname.
|
|
* Since getaddrinfo() doesn't accept numeric servname, and
|
|
* we doesn't use ai_socktype of struct addrinfo returned
|
|
* from getaddrinfo(), we set dummy value to ai_socktype.
|
|
*/
|
|
servname = (hostname == NULL) ? "0" /* dummy */ : NULL;
|
|
|
|
bzero(&hints, sizeof(struct addrinfo));
|
|
hints.ai_flags = AI_PASSIVE;
|
|
hints.ai_family = AF_UNSPEC;
|
|
hints.ai_socktype = SOCK_STREAM; /* dummy */
|
|
error = getaddrinfo(hostname, servname, &hints, &res);
|
|
if (error != 0) {
|
|
syslog(LOG_ERR, "-a %s: %s", hostname, gai_strerror(error));
|
|
if (error == EAI_SYSTEM)
|
|
syslog(LOG_ERR, "%s", strerror(errno));
|
|
exit(EX_USAGE);
|
|
}
|
|
do {
|
|
if (res->ai_addr == NULL) {
|
|
syslog(LOG_ERR, "-a %s: getaddrinfo failed", hostname);
|
|
exit(EX_USAGE);
|
|
}
|
|
switch (res->ai_addr->sa_family) {
|
|
case AF_INET:
|
|
if (v4bind_ok)
|
|
continue;
|
|
bind_sa4 = satosin(res->ai_addr);
|
|
/* init port num in case servname is dummy */
|
|
bind_sa4->sin_port = 0;
|
|
v4bind_ok = 1;
|
|
continue;
|
|
#ifdef INET6
|
|
case AF_INET6:
|
|
if (v6bind_ok)
|
|
continue;
|
|
bind_sa6 = satosin6(res->ai_addr);
|
|
/* init port num in case servname is dummy */
|
|
bind_sa6->sin6_port = 0;
|
|
v6bind_ok = 1;
|
|
continue;
|
|
#endif
|
|
}
|
|
if (v4bind_ok
|
|
#ifdef INET6
|
|
&& v6bind_ok
|
|
#endif
|
|
)
|
|
break;
|
|
} while ((res = res->ai_next) != NULL);
|
|
if (!v4bind_ok
|
|
#ifdef INET6
|
|
&& !v6bind_ok
|
|
#endif
|
|
) {
|
|
syslog(LOG_ERR, "-a %s: unknown address family", hostname);
|
|
exit(EX_USAGE);
|
|
}
|
|
|
|
euid = geteuid();
|
|
egid = getegid();
|
|
umask(mask = umask(0777));
|
|
|
|
argc -= optind;
|
|
argv += optind;
|
|
|
|
if (argc > 0)
|
|
CONFIG = argv[0];
|
|
if (access(CONFIG, R_OK) < 0)
|
|
syslog(LOG_ERR, "Accessing %s: %m, continuing anyway.", CONFIG);
|
|
if (debug == 0) {
|
|
pid_t otherpid;
|
|
|
|
pfh = pidfile_open(pid_file, 0600, &otherpid);
|
|
if (pfh == NULL) {
|
|
if (errno == EEXIST) {
|
|
syslog(LOG_ERR, "%s already running, pid: %d",
|
|
getprogname(), otherpid);
|
|
exit(EX_OSERR);
|
|
}
|
|
syslog(LOG_WARNING, "pidfile_open() failed: %m");
|
|
}
|
|
|
|
if (daemon(0, 0) < 0) {
|
|
syslog(LOG_WARNING, "daemon(0,0) failed: %m");
|
|
}
|
|
/* From now on we don't want syslog messages going to stderr. */
|
|
closelog();
|
|
openlog("inetd", LOG_PID | LOG_NOWAIT, LOG_DAEMON);
|
|
/*
|
|
* In case somebody has started inetd manually, we need to
|
|
* clear the logname, so that old servers run as root do not
|
|
* get the user's logname..
|
|
*/
|
|
if (setlogin("") < 0) {
|
|
syslog(LOG_WARNING, "cannot clear logname: %m");
|
|
/* no big deal if it fails.. */
|
|
}
|
|
if (pfh != NULL && pidfile_write(pfh) == -1) {
|
|
syslog(LOG_WARNING, "pidfile_write(): %m");
|
|
}
|
|
}
|
|
|
|
if (madvise(NULL, 0, MADV_PROTECT) != 0)
|
|
syslog(LOG_WARNING, "madvise() failed: %s", strerror(errno));
|
|
|
|
for (i = 0; i < PERIPSIZE; ++i)
|
|
LIST_INIT(&proctable[i]);
|
|
|
|
if (v4bind_ok) {
|
|
udpconf = getnetconfigent("udp");
|
|
tcpconf = getnetconfigent("tcp");
|
|
if (udpconf == NULL || tcpconf == NULL) {
|
|
syslog(LOG_ERR, "unknown rpc/udp or rpc/tcp");
|
|
exit(EX_USAGE);
|
|
}
|
|
}
|
|
#ifdef INET6
|
|
if (v6bind_ok) {
|
|
udp6conf = getnetconfigent("udp6");
|
|
tcp6conf = getnetconfigent("tcp6");
|
|
if (udp6conf == NULL || tcp6conf == NULL) {
|
|
syslog(LOG_ERR, "unknown rpc/udp6 or rpc/tcp6");
|
|
exit(EX_USAGE);
|
|
}
|
|
}
|
|
#endif
|
|
|
|
sa = (struct sigaction){
|
|
.sa_flags = 0,
|
|
.sa_handler = flag_signal,
|
|
};
|
|
sigemptyset(&sa.sa_mask);
|
|
sigaddset(&sa.sa_mask, SIGALRM);
|
|
sigaddset(&sa.sa_mask, SIGCHLD);
|
|
sigaddset(&sa.sa_mask, SIGHUP);
|
|
sigaction(SIGALRM, &sa, &saalrm);
|
|
config();
|
|
sigaction(SIGHUP, &sa, &sahup);
|
|
sigaction(SIGCHLD, &sa, &sachld);
|
|
sa.sa_handler = SIG_IGN;
|
|
sigaction(SIGPIPE, &sa, &sapipe);
|
|
|
|
{
|
|
/* space for daemons to overwrite environment for ps */
|
|
#define DUMMYSIZE 100
|
|
char dummy[DUMMYSIZE];
|
|
|
|
(void)memset(dummy, 'x', DUMMYSIZE - 1);
|
|
dummy[DUMMYSIZE - 1] = '\0';
|
|
(void)setenv("inetd_dummy", dummy, 1);
|
|
}
|
|
|
|
if (pipe2(signalpipe, O_CLOEXEC) != 0) {
|
|
syslog(LOG_ERR, "pipe: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
FD_SET(signalpipe[0], &allsock);
|
|
#ifdef SANITY_CHECK
|
|
nsock++;
|
|
#endif
|
|
if (signalpipe[0] > maxsock)
|
|
maxsock = signalpipe[0];
|
|
if (signalpipe[1] > maxsock)
|
|
maxsock = signalpipe[1];
|
|
|
|
for (;;) {
|
|
int n, ctrl;
|
|
fd_set readable;
|
|
|
|
#ifdef SANITY_CHECK
|
|
if (nsock == 0) {
|
|
syslog(LOG_ERR, "%s: nsock=0", __func__);
|
|
exit(EX_SOFTWARE);
|
|
}
|
|
#endif
|
|
readable = allsock;
|
|
if ((n = select(maxsock + 1, &readable, (fd_set *)0,
|
|
(fd_set *)0, (struct timeval *)0)) <= 0) {
|
|
if (n < 0 && errno != EINTR) {
|
|
syslog(LOG_WARNING, "select: %m");
|
|
sleep(1);
|
|
}
|
|
continue;
|
|
}
|
|
/* handle any queued signal flags */
|
|
if (FD_ISSET(signalpipe[0], &readable)) {
|
|
int nsig, signo;
|
|
|
|
if (ioctl(signalpipe[0], FIONREAD, &nsig) != 0) {
|
|
syslog(LOG_ERR, "ioctl: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
nsig /= sizeof(signo);
|
|
while (--nsig >= 0) {
|
|
size_t len;
|
|
|
|
len = read(signalpipe[0], &signo, sizeof(signo));
|
|
if (len != sizeof(signo)) {
|
|
syslog(LOG_ERR, "read: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
if (debug)
|
|
warnx("handling signal flag %d", signo);
|
|
switch (signo) {
|
|
case SIGALRM:
|
|
retry();
|
|
break;
|
|
case SIGCHLD:
|
|
reapchild();
|
|
break;
|
|
case SIGHUP:
|
|
config();
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
for (sep = servtab; n && sep; sep = sep->se_next)
|
|
if (sep->se_fd != -1 && FD_ISSET(sep->se_fd, &readable)) {
|
|
n--;
|
|
if (debug)
|
|
warnx("someone wants %s", sep->se_service);
|
|
dofork = !sep->se_bi || sep->se_bi->bi_fork || ISWRAP(sep);
|
|
conn = NULL;
|
|
if (sep->se_accept && sep->se_socktype == SOCK_STREAM) {
|
|
i = 1;
|
|
if (ioctl(sep->se_fd, FIONBIO, &i) < 0)
|
|
syslog(LOG_ERR, "ioctl (FIONBIO, 1): %m");
|
|
ctrl = accept(sep->se_fd, (struct sockaddr *)0,
|
|
(socklen_t *)0);
|
|
if (debug)
|
|
warnx("accept, ctrl %d", ctrl);
|
|
if (ctrl < 0) {
|
|
if (errno != EINTR)
|
|
syslog(LOG_WARNING,
|
|
"accept (for %s): %m",
|
|
sep->se_service);
|
|
if (sep->se_accept &&
|
|
sep->se_socktype == SOCK_STREAM)
|
|
close(ctrl);
|
|
continue;
|
|
}
|
|
i = 0;
|
|
if (ioctl(sep->se_fd, FIONBIO, &i) < 0)
|
|
syslog(LOG_ERR, "ioctl1(FIONBIO, 0): %m");
|
|
if (ioctl(ctrl, FIONBIO, &i) < 0)
|
|
syslog(LOG_ERR, "ioctl2(FIONBIO, 0): %m");
|
|
if (cpmip(sep, ctrl) < 0) {
|
|
close(ctrl);
|
|
continue;
|
|
}
|
|
if (dofork &&
|
|
(conn = search_conn(sep, ctrl)) != NULL &&
|
|
!room_conn(sep, conn)) {
|
|
close(ctrl);
|
|
continue;
|
|
}
|
|
} else
|
|
ctrl = sep->se_fd;
|
|
if (dolog && !ISWRAP(sep)) {
|
|
char pname[NI_MAXHOST] = "unknown";
|
|
socklen_t sl;
|
|
sl = sizeof(peer);
|
|
if (getpeername(ctrl, (struct sockaddr *)
|
|
&peer, &sl)) {
|
|
sl = sizeof(peer);
|
|
if (recvfrom(ctrl, buf, sizeof(buf),
|
|
MSG_PEEK,
|
|
(struct sockaddr *)&peer,
|
|
&sl) >= 0) {
|
|
getnameinfo((struct sockaddr *)&peer,
|
|
peer.ss_len,
|
|
pname, sizeof(pname),
|
|
NULL, 0, NI_NUMERICHOST);
|
|
}
|
|
} else {
|
|
getnameinfo((struct sockaddr *)&peer,
|
|
peer.ss_len,
|
|
pname, sizeof(pname),
|
|
NULL, 0, NI_NUMERICHOST);
|
|
}
|
|
syslog(LOG_INFO,"%s from %s", sep->se_service, pname);
|
|
}
|
|
(void) sigblock(SIGBLOCK);
|
|
pid = 0;
|
|
/*
|
|
* Fork for all external services, builtins which need to
|
|
* fork and anything we're wrapping (as wrapping might
|
|
* block or use hosts_options(5) twist).
|
|
*/
|
|
if (dofork) {
|
|
if (sep->se_count++ == 0)
|
|
(void)clock_gettime(CLOCK_MONOTONIC_FAST, &sep->se_time);
|
|
else if (toomany > 0 && sep->se_count >= toomany) {
|
|
struct timespec now;
|
|
|
|
(void)clock_gettime(CLOCK_MONOTONIC_FAST, &now);
|
|
if (now.tv_sec - sep->se_time.tv_sec >
|
|
CNT_INTVL) {
|
|
sep->se_time = now;
|
|
sep->se_count = 1;
|
|
} else {
|
|
syslog(LOG_ERR,
|
|
"%s/%s server failing (looping), service terminated",
|
|
sep->se_service, sep->se_proto);
|
|
if (sep->se_accept &&
|
|
sep->se_socktype == SOCK_STREAM)
|
|
close(ctrl);
|
|
close_sep(sep);
|
|
free_conn(conn);
|
|
sigsetmask(0L);
|
|
if (!timingout) {
|
|
timingout = 1;
|
|
alarm(RETRYTIME);
|
|
}
|
|
continue;
|
|
}
|
|
}
|
|
pid = fork();
|
|
}
|
|
if (pid < 0) {
|
|
syslog(LOG_ERR, "fork: %m");
|
|
if (sep->se_accept &&
|
|
sep->se_socktype == SOCK_STREAM)
|
|
close(ctrl);
|
|
free_conn(conn);
|
|
sigsetmask(0L);
|
|
sleep(1);
|
|
continue;
|
|
}
|
|
if (pid) {
|
|
addchild_conn(conn, pid);
|
|
addchild(sep, pid);
|
|
}
|
|
sigsetmask(0L);
|
|
if (pid == 0) {
|
|
pidfile_close(pfh);
|
|
if (dofork) {
|
|
sigaction(SIGALRM, &saalrm, (struct sigaction *)0);
|
|
sigaction(SIGCHLD, &sachld, (struct sigaction *)0);
|
|
sigaction(SIGHUP, &sahup, (struct sigaction *)0);
|
|
/* SIGPIPE reset before exec */
|
|
}
|
|
/*
|
|
* Call tcpmux to find the real service to exec.
|
|
*/
|
|
if (sep->se_bi &&
|
|
sep->se_bi->bi_fn == (bi_fn_t *) tcpmux) {
|
|
sep = tcpmux(ctrl);
|
|
if (sep == NULL) {
|
|
close(ctrl);
|
|
_exit(0);
|
|
}
|
|
}
|
|
#ifdef LIBWRAP
|
|
if (ISWRAP(sep)) {
|
|
inetd_setproctitle("wrapping", ctrl);
|
|
service = sep->se_server_name ?
|
|
sep->se_server_name : sep->se_service;
|
|
request_init(&req, RQ_DAEMON, service, RQ_FILE, ctrl, 0);
|
|
fromhost(&req);
|
|
deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
|
|
allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
|
|
denied = !hosts_access(&req);
|
|
if (denied) {
|
|
syslog(deny_severity,
|
|
"refused connection from %.500s, service %s (%s%s)",
|
|
eval_client(&req), service, sep->se_proto,
|
|
(whichaf(&req) == AF_INET6) ? "6" : "");
|
|
if (sep->se_socktype != SOCK_STREAM)
|
|
recv(ctrl, buf, sizeof (buf), 0);
|
|
if (dofork) {
|
|
sleep(1);
|
|
_exit(0);
|
|
}
|
|
}
|
|
if (dolog) {
|
|
syslog(allow_severity,
|
|
"connection from %.500s, service %s (%s%s)",
|
|
eval_client(&req), service, sep->se_proto,
|
|
(whichaf(&req) == AF_INET6) ? "6" : "");
|
|
}
|
|
}
|
|
#endif
|
|
if (sep->se_bi) {
|
|
(*sep->se_bi->bi_fn)(ctrl, sep);
|
|
} else {
|
|
if (debug)
|
|
warnx("%d execl %s",
|
|
getpid(), sep->se_server);
|
|
/* Clear close-on-exec. */
|
|
if (fcntl(ctrl, F_SETFD, 0) < 0) {
|
|
syslog(LOG_ERR,
|
|
"%s/%s: fcntl (F_SETFD, 0): %m",
|
|
sep->se_service, sep->se_proto);
|
|
_exit(EX_OSERR);
|
|
}
|
|
if (ctrl != 0) {
|
|
dup2(ctrl, 0);
|
|
close(ctrl);
|
|
}
|
|
dup2(0, 1);
|
|
dup2(0, 2);
|
|
if ((pwd = getpwnam(sep->se_user)) == NULL) {
|
|
syslog(LOG_ERR,
|
|
"%s/%s: %s: no such user",
|
|
sep->se_service, sep->se_proto,
|
|
sep->se_user);
|
|
if (sep->se_socktype != SOCK_STREAM)
|
|
recv(0, buf, sizeof (buf), 0);
|
|
_exit(EX_NOUSER);
|
|
}
|
|
grp = NULL;
|
|
if ( sep->se_group != NULL
|
|
&& (grp = getgrnam(sep->se_group)) == NULL
|
|
) {
|
|
syslog(LOG_ERR,
|
|
"%s/%s: %s: no such group",
|
|
sep->se_service, sep->se_proto,
|
|
sep->se_group);
|
|
if (sep->se_socktype != SOCK_STREAM)
|
|
recv(0, buf, sizeof (buf), 0);
|
|
_exit(EX_NOUSER);
|
|
}
|
|
if (grp != NULL)
|
|
pwd->pw_gid = grp->gr_gid;
|
|
#ifdef LOGIN_CAP
|
|
if ((lc = login_getclass(sep->se_class)) == NULL) {
|
|
/* error syslogged by getclass */
|
|
syslog(LOG_ERR,
|
|
"%s/%s: %s: login class error",
|
|
sep->se_service, sep->se_proto,
|
|
sep->se_class);
|
|
if (sep->se_socktype != SOCK_STREAM)
|
|
recv(0, buf, sizeof (buf), 0);
|
|
_exit(EX_NOUSER);
|
|
}
|
|
#endif
|
|
if (setsid() < 0) {
|
|
syslog(LOG_ERR,
|
|
"%s: can't setsid(): %m",
|
|
sep->se_service);
|
|
/* _exit(EX_OSERR); not fatal yet */
|
|
}
|
|
#ifdef LOGIN_CAP
|
|
if (setusercontext(lc, pwd, pwd->pw_uid,
|
|
LOGIN_SETALL & ~LOGIN_SETMAC)
|
|
!= 0) {
|
|
syslog(LOG_ERR,
|
|
"%s: can't setusercontext(..%s..): %m",
|
|
sep->se_service, sep->se_user);
|
|
_exit(EX_OSERR);
|
|
}
|
|
login_close(lc);
|
|
#else
|
|
if (pwd->pw_uid) {
|
|
if (setlogin(sep->se_user) < 0) {
|
|
syslog(LOG_ERR,
|
|
"%s: can't setlogin(%s): %m",
|
|
sep->se_service, sep->se_user);
|
|
/* _exit(EX_OSERR); not yet */
|
|
}
|
|
if (setgid(pwd->pw_gid) < 0) {
|
|
syslog(LOG_ERR,
|
|
"%s: can't set gid %d: %m",
|
|
sep->se_service, pwd->pw_gid);
|
|
_exit(EX_OSERR);
|
|
}
|
|
(void) initgroups(pwd->pw_name,
|
|
pwd->pw_gid);
|
|
if (setuid(pwd->pw_uid) < 0) {
|
|
syslog(LOG_ERR,
|
|
"%s: can't set uid %d: %m",
|
|
sep->se_service, pwd->pw_uid);
|
|
_exit(EX_OSERR);
|
|
}
|
|
}
|
|
#endif
|
|
sigaction(SIGPIPE, &sapipe,
|
|
(struct sigaction *)0);
|
|
execv(sep->se_server, sep->se_argv);
|
|
syslog(LOG_ERR,
|
|
"cannot execute %s: %m", sep->se_server);
|
|
if (sep->se_socktype != SOCK_STREAM)
|
|
recv(0, buf, sizeof (buf), 0);
|
|
}
|
|
if (dofork)
|
|
_exit(0);
|
|
}
|
|
if (sep->se_accept && sep->se_socktype == SOCK_STREAM)
|
|
close(ctrl);
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Add a signal flag to the signal flag queue for later handling
|
|
*/
|
|
|
|
static void
|
|
flag_signal(int signo)
|
|
{
|
|
size_t len;
|
|
|
|
len = write(signalpipe[1], &signo, sizeof(signo));
|
|
if (len != sizeof(signo)) {
|
|
syslog(LOG_ERR, "write: %m");
|
|
_exit(EX_OSERR);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Record a new child pid for this service. If we've reached the
|
|
* limit on children, then stop accepting incoming requests.
|
|
*/
|
|
|
|
static void
|
|
addchild(struct servtab *sep, pid_t pid)
|
|
{
|
|
if (sep->se_maxchild <= 0)
|
|
return;
|
|
#ifdef SANITY_CHECK
|
|
if (sep->se_numchild >= sep->se_maxchild) {
|
|
syslog(LOG_ERR, "%s: %d >= %d",
|
|
__func__, sep->se_numchild, sep->se_maxchild);
|
|
exit(EX_SOFTWARE);
|
|
}
|
|
#endif
|
|
sep->se_pids[sep->se_numchild++] = pid;
|
|
if (sep->se_numchild == sep->se_maxchild)
|
|
disable(sep);
|
|
}
|
|
|
|
static void
|
|
reapchild(void)
|
|
{
|
|
int k, status;
|
|
pid_t pid;
|
|
struct servtab *sep;
|
|
|
|
for (;;) {
|
|
pid = wait3(&status, WNOHANG, (struct rusage *)0);
|
|
if (pid <= 0)
|
|
break;
|
|
if (debug)
|
|
warnx("%d reaped, %s %u", pid,
|
|
WIFEXITED(status) ? "status" : "signal",
|
|
WIFEXITED(status) ? WEXITSTATUS(status)
|
|
: WTERMSIG(status));
|
|
for (sep = servtab; sep; sep = sep->se_next) {
|
|
for (k = 0; k < sep->se_numchild; k++)
|
|
if (sep->se_pids[k] == pid)
|
|
break;
|
|
if (k == sep->se_numchild)
|
|
continue;
|
|
if (sep->se_numchild == sep->se_maxchild)
|
|
enable(sep);
|
|
sep->se_pids[k] = sep->se_pids[--sep->se_numchild];
|
|
if (WIFSIGNALED(status) || WEXITSTATUS(status))
|
|
syslog(LOG_WARNING,
|
|
"%s[%d]: exited, %s %u",
|
|
sep->se_server, pid,
|
|
WIFEXITED(status) ? "status" : "signal",
|
|
WIFEXITED(status) ? WEXITSTATUS(status)
|
|
: WTERMSIG(status));
|
|
break;
|
|
}
|
|
reapchild_conn(pid);
|
|
}
|
|
}
|
|
|
|
static void
|
|
config(void)
|
|
{
|
|
struct servtab *sep, *new, **sepp;
|
|
long omask;
|
|
int new_nomapped;
|
|
#ifdef LOGIN_CAP
|
|
login_cap_t *lc = NULL;
|
|
#endif
|
|
|
|
if (!setconfig()) {
|
|
syslog(LOG_ERR, "%s: %m", CONFIG);
|
|
return;
|
|
}
|
|
for (sep = servtab; sep; sep = sep->se_next)
|
|
sep->se_checked = 0;
|
|
while ((new = getconfigent())) {
|
|
if (getpwnam(new->se_user) == NULL) {
|
|
syslog(LOG_ERR,
|
|
"%s/%s: no such user '%s', service ignored",
|
|
new->se_service, new->se_proto, new->se_user);
|
|
continue;
|
|
}
|
|
if (new->se_group && getgrnam(new->se_group) == NULL) {
|
|
syslog(LOG_ERR,
|
|
"%s/%s: no such group '%s', service ignored",
|
|
new->se_service, new->se_proto, new->se_group);
|
|
continue;
|
|
}
|
|
#ifdef LOGIN_CAP
|
|
if ((lc = login_getclass(new->se_class)) == NULL) {
|
|
/* error syslogged by getclass */
|
|
syslog(LOG_ERR,
|
|
"%s/%s: %s: login class error, service ignored",
|
|
new->se_service, new->se_proto, new->se_class);
|
|
continue;
|
|
}
|
|
login_close(lc);
|
|
#endif
|
|
new_nomapped = new->se_nomapped;
|
|
for (sep = servtab; sep; sep = sep->se_next)
|
|
if (strcmp(sep->se_service, new->se_service) == 0 &&
|
|
strcmp(sep->se_proto, new->se_proto) == 0 &&
|
|
sep->se_rpc == new->se_rpc &&
|
|
sep->se_socktype == new->se_socktype &&
|
|
sep->se_family == new->se_family)
|
|
break;
|
|
if (sep != 0) {
|
|
int i;
|
|
|
|
#define SWAP(t,a, b) { t c = a; a = b; b = c; }
|
|
omask = sigblock(SIGBLOCK);
|
|
if (sep->se_nomapped != new->se_nomapped) {
|
|
/* for rpc keep old nommaped till unregister */
|
|
if (!sep->se_rpc)
|
|
sep->se_nomapped = new->se_nomapped;
|
|
sep->se_reset = 1;
|
|
}
|
|
/* copy over outstanding child pids */
|
|
if (sep->se_maxchild > 0 && new->se_maxchild > 0) {
|
|
new->se_numchild = sep->se_numchild;
|
|
if (new->se_numchild > new->se_maxchild)
|
|
new->se_numchild = new->se_maxchild;
|
|
memcpy(new->se_pids, sep->se_pids,
|
|
new->se_numchild * sizeof(*new->se_pids));
|
|
}
|
|
SWAP(pid_t *, sep->se_pids, new->se_pids);
|
|
sep->se_maxchild = new->se_maxchild;
|
|
sep->se_numchild = new->se_numchild;
|
|
sep->se_maxcpm = new->se_maxcpm;
|
|
resize_conn(sep, new->se_maxperip);
|
|
sep->se_maxperip = new->se_maxperip;
|
|
sep->se_bi = new->se_bi;
|
|
/* might need to turn on or off service now */
|
|
if (sep->se_fd >= 0) {
|
|
if (sep->se_maxchild > 0
|
|
&& sep->se_numchild == sep->se_maxchild) {
|
|
if (FD_ISSET(sep->se_fd, &allsock))
|
|
disable(sep);
|
|
} else {
|
|
if (!FD_ISSET(sep->se_fd, &allsock))
|
|
enable(sep);
|
|
}
|
|
}
|
|
sep->se_accept = new->se_accept;
|
|
SWAP(char *, sep->se_user, new->se_user);
|
|
SWAP(char *, sep->se_group, new->se_group);
|
|
#ifdef LOGIN_CAP
|
|
SWAP(char *, sep->se_class, new->se_class);
|
|
#endif
|
|
SWAP(char *, sep->se_server, new->se_server);
|
|
SWAP(char *, sep->se_server_name, new->se_server_name);
|
|
for (i = 0; i < MAXARGV; i++)
|
|
SWAP(char *, sep->se_argv[i], new->se_argv[i]);
|
|
#ifdef IPSEC
|
|
SWAP(char *, sep->se_policy, new->se_policy);
|
|
ipsecsetup(sep);
|
|
#endif
|
|
sigsetmask(omask);
|
|
freeconfig(new);
|
|
if (debug)
|
|
print_service("REDO", sep);
|
|
} else {
|
|
sep = enter(new);
|
|
if (debug)
|
|
print_service("ADD ", sep);
|
|
}
|
|
sep->se_checked = 1;
|
|
if (ISMUX(sep)) {
|
|
sep->se_fd = -1;
|
|
continue;
|
|
}
|
|
switch (sep->se_family) {
|
|
case AF_INET:
|
|
if (!v4bind_ok) {
|
|
sep->se_fd = -1;
|
|
continue;
|
|
}
|
|
break;
|
|
#ifdef INET6
|
|
case AF_INET6:
|
|
if (!v6bind_ok) {
|
|
sep->se_fd = -1;
|
|
continue;
|
|
}
|
|
break;
|
|
#endif
|
|
}
|
|
if (!sep->se_rpc) {
|
|
if (sep->se_family != AF_UNIX) {
|
|
sp = getservbyname(sep->se_service, sep->se_proto);
|
|
if (sp == 0) {
|
|
syslog(LOG_ERR, "%s/%s: unknown service",
|
|
sep->se_service, sep->se_proto);
|
|
sep->se_checked = 0;
|
|
continue;
|
|
}
|
|
}
|
|
switch (sep->se_family) {
|
|
case AF_INET:
|
|
if (sp->s_port != sep->se_ctrladdr4.sin_port) {
|
|
sep->se_ctrladdr4.sin_port =
|
|
sp->s_port;
|
|
sep->se_reset = 1;
|
|
}
|
|
break;
|
|
#ifdef INET6
|
|
case AF_INET6:
|
|
if (sp->s_port !=
|
|
sep->se_ctrladdr6.sin6_port) {
|
|
sep->se_ctrladdr6.sin6_port =
|
|
sp->s_port;
|
|
sep->se_reset = 1;
|
|
}
|
|
break;
|
|
#endif
|
|
}
|
|
if (sep->se_reset != 0 && sep->se_fd >= 0)
|
|
close_sep(sep);
|
|
} else {
|
|
rpc = getrpcbyname(sep->se_service);
|
|
if (rpc == 0) {
|
|
syslog(LOG_ERR, "%s/%s unknown RPC service",
|
|
sep->se_service, sep->se_proto);
|
|
if (sep->se_fd != -1)
|
|
(void) close(sep->se_fd);
|
|
sep->se_fd = -1;
|
|
continue;
|
|
}
|
|
if (sep->se_reset != 0 ||
|
|
rpc->r_number != sep->se_rpc_prog) {
|
|
if (sep->se_rpc_prog)
|
|
unregisterrpc(sep);
|
|
sep->se_rpc_prog = rpc->r_number;
|
|
if (sep->se_fd != -1)
|
|
(void) close(sep->se_fd);
|
|
sep->se_fd = -1;
|
|
}
|
|
sep->se_nomapped = new_nomapped;
|
|
}
|
|
sep->se_reset = 0;
|
|
if (sep->se_fd == -1)
|
|
setup(sep);
|
|
}
|
|
endconfig();
|
|
/*
|
|
* Purge anything not looked at above.
|
|
*/
|
|
omask = sigblock(SIGBLOCK);
|
|
sepp = &servtab;
|
|
while ((sep = *sepp)) {
|
|
if (sep->se_checked) {
|
|
sepp = &sep->se_next;
|
|
continue;
|
|
}
|
|
*sepp = sep->se_next;
|
|
if (sep->se_fd >= 0)
|
|
close_sep(sep);
|
|
if (debug)
|
|
print_service("FREE", sep);
|
|
if (sep->se_rpc && sep->se_rpc_prog > 0)
|
|
unregisterrpc(sep);
|
|
freeconfig(sep);
|
|
free(sep);
|
|
}
|
|
(void) sigsetmask(omask);
|
|
}
|
|
|
|
static void
|
|
unregisterrpc(struct servtab *sep)
|
|
{
|
|
u_int i;
|
|
struct servtab *sepp;
|
|
long omask;
|
|
struct netconfig *netid4, *netid6;
|
|
|
|
omask = sigblock(SIGBLOCK);
|
|
netid4 = sep->se_socktype == SOCK_DGRAM ? udpconf : tcpconf;
|
|
netid6 = sep->se_socktype == SOCK_DGRAM ? udp6conf : tcp6conf;
|
|
if (sep->se_family == AF_INET)
|
|
netid6 = NULL;
|
|
else if (sep->se_nomapped)
|
|
netid4 = NULL;
|
|
/*
|
|
* Conflict if same prog and protocol - In that case one should look
|
|
* to versions, but it is not interesting: having separate servers for
|
|
* different versions does not work well.
|
|
* Therefore one do not unregister if there is a conflict.
|
|
* There is also transport conflict if destroying INET when INET46
|
|
* exists, or destroying INET46 when INET exists
|
|
*/
|
|
for (sepp = servtab; sepp; sepp = sepp->se_next) {
|
|
if (sepp == sep)
|
|
continue;
|
|
if (sepp->se_checked == 0 ||
|
|
!sepp->se_rpc ||
|
|
strcmp(sep->se_proto, sepp->se_proto) != 0 ||
|
|
sep->se_rpc_prog != sepp->se_rpc_prog)
|
|
continue;
|
|
if (sepp->se_family == AF_INET)
|
|
netid4 = NULL;
|
|
if (sepp->se_family == AF_INET6) {
|
|
netid6 = NULL;
|
|
if (!sep->se_nomapped)
|
|
netid4 = NULL;
|
|
}
|
|
if (netid4 == NULL && netid6 == NULL)
|
|
return;
|
|
}
|
|
if (debug)
|
|
print_service("UNREG", sep);
|
|
for (i = sep->se_rpc_lowvers; i <= sep->se_rpc_highvers; i++) {
|
|
if (netid4)
|
|
rpcb_unset(sep->se_rpc_prog, i, netid4);
|
|
if (netid6)
|
|
rpcb_unset(sep->se_rpc_prog, i, netid6);
|
|
}
|
|
if (sep->se_fd != -1)
|
|
(void) close(sep->se_fd);
|
|
sep->se_fd = -1;
|
|
(void) sigsetmask(omask);
|
|
}
|
|
|
|
static void
|
|
retry(void)
|
|
{
|
|
struct servtab *sep;
|
|
|
|
timingout = 0;
|
|
for (sep = servtab; sep; sep = sep->se_next)
|
|
if (sep->se_fd == -1 && !ISMUX(sep))
|
|
setup(sep);
|
|
}
|
|
|
|
static void
|
|
setup(struct servtab *sep)
|
|
{
|
|
int on = 1;
|
|
|
|
/* Set all listening sockets to close-on-exec. */
|
|
if ((sep->se_fd = socket(sep->se_family,
|
|
sep->se_socktype | SOCK_CLOEXEC, 0)) < 0) {
|
|
if (debug)
|
|
warn("socket failed on %s/%s",
|
|
sep->se_service, sep->se_proto);
|
|
syslog(LOG_ERR, "%s/%s: socket: %m",
|
|
sep->se_service, sep->se_proto);
|
|
return;
|
|
}
|
|
#define turnon(fd, opt) \
|
|
setsockopt(fd, SOL_SOCKET, opt, (char *)&on, sizeof (on))
|
|
if (strcmp(sep->se_proto, "tcp") == 0 && (options & SO_DEBUG) &&
|
|
turnon(sep->se_fd, SO_DEBUG) < 0)
|
|
syslog(LOG_ERR, "setsockopt (SO_DEBUG): %m");
|
|
if (turnon(sep->se_fd, SO_REUSEADDR) < 0)
|
|
syslog(LOG_ERR, "setsockopt (SO_REUSEADDR): %m");
|
|
#ifdef SO_PRIVSTATE
|
|
if (turnon(sep->se_fd, SO_PRIVSTATE) < 0)
|
|
syslog(LOG_ERR, "setsockopt (SO_PRIVSTATE): %m");
|
|
#endif
|
|
/* tftpd opens a new connection then needs more infos */
|
|
#ifdef INET6
|
|
if ((sep->se_family == AF_INET6) &&
|
|
(strcmp(sep->se_proto, "udp") == 0) &&
|
|
(sep->se_accept == 0) &&
|
|
(setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
|
|
(char *)&on, sizeof (on)) < 0))
|
|
syslog(LOG_ERR, "setsockopt (IPV6_RECVPKTINFO): %m");
|
|
if (sep->se_family == AF_INET6) {
|
|
int flag = sep->se_nomapped ? 1 : 0;
|
|
if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY,
|
|
(char *)&flag, sizeof (flag)) < 0)
|
|
syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m");
|
|
}
|
|
#endif
|
|
#undef turnon
|
|
#ifdef IPSEC
|
|
ipsecsetup(sep);
|
|
#endif
|
|
if (sep->se_family == AF_UNIX) {
|
|
(void) unlink(sep->se_ctrladdr_un.sun_path);
|
|
umask(0777); /* Make socket with conservative permissions */
|
|
}
|
|
if (bind(sep->se_fd, (struct sockaddr *)&sep->se_ctrladdr,
|
|
sep->se_ctrladdr_size) < 0) {
|
|
if (debug)
|
|
warn("bind failed on %s/%s",
|
|
sep->se_service, sep->se_proto);
|
|
syslog(LOG_ERR, "%s/%s: bind: %m",
|
|
sep->se_service, sep->se_proto);
|
|
(void) close(sep->se_fd);
|
|
sep->se_fd = -1;
|
|
if (!timingout) {
|
|
timingout = 1;
|
|
alarm(RETRYTIME);
|
|
}
|
|
if (sep->se_family == AF_UNIX)
|
|
umask(mask);
|
|
return;
|
|
}
|
|
if (sep->se_family == AF_UNIX) {
|
|
/* Ick - fch{own,mod} don't work on Unix domain sockets */
|
|
if (chown(sep->se_service, sep->se_sockuid, sep->se_sockgid) < 0)
|
|
syslog(LOG_ERR, "chown socket: %m");
|
|
if (chmod(sep->se_service, sep->se_sockmode) < 0)
|
|
syslog(LOG_ERR, "chmod socket: %m");
|
|
umask(mask);
|
|
}
|
|
if (sep->se_rpc) {
|
|
u_int i;
|
|
socklen_t len = sep->se_ctrladdr_size;
|
|
struct netconfig *netid, *netid2 = NULL;
|
|
#ifdef INET6
|
|
struct sockaddr_in sock;
|
|
#endif
|
|
struct netbuf nbuf, nbuf2;
|
|
|
|
if (getsockname(sep->se_fd,
|
|
(struct sockaddr*)&sep->se_ctrladdr, &len) < 0){
|
|
syslog(LOG_ERR, "%s/%s: getsockname: %m",
|
|
sep->se_service, sep->se_proto);
|
|
(void) close(sep->se_fd);
|
|
sep->se_fd = -1;
|
|
return;
|
|
}
|
|
nbuf.buf = &sep->se_ctrladdr;
|
|
nbuf.len = sep->se_ctrladdr.sa_len;
|
|
if (sep->se_family == AF_INET)
|
|
netid = sep->se_socktype==SOCK_DGRAM? udpconf:tcpconf;
|
|
#ifdef INET6
|
|
else {
|
|
netid = sep->se_socktype==SOCK_DGRAM? udp6conf:tcp6conf;
|
|
if (!sep->se_nomapped) { /* INET and INET6 */
|
|
netid2 = netid==udp6conf? udpconf:tcpconf;
|
|
memset(&sock, 0, sizeof sock); /* ADDR_ANY */
|
|
nbuf2.buf = &sock;
|
|
nbuf2.len = sock.sin_len = sizeof sock;
|
|
sock.sin_family = AF_INET;
|
|
sock.sin_port = sep->se_ctrladdr6.sin6_port;
|
|
}
|
|
}
|
|
#endif
|
|
if (debug)
|
|
print_service("REG ", sep);
|
|
for (i = sep->se_rpc_lowvers; i <= sep->se_rpc_highvers; i++) {
|
|
rpcb_unset(sep->se_rpc_prog, i, netid);
|
|
rpcb_set(sep->se_rpc_prog, i, netid, &nbuf);
|
|
if (netid2) {
|
|
rpcb_unset(sep->se_rpc_prog, i, netid2);
|
|
rpcb_set(sep->se_rpc_prog, i, netid2, &nbuf2);
|
|
}
|
|
}
|
|
}
|
|
if (sep->se_socktype == SOCK_STREAM)
|
|
listen(sep->se_fd, -1);
|
|
enable(sep);
|
|
if (debug) {
|
|
warnx("registered %s on %d",
|
|
sep->se_server, sep->se_fd);
|
|
}
|
|
}
|
|
|
|
#ifdef IPSEC
|
|
static void
|
|
ipsecsetup(struct servtab *sep)
|
|
{
|
|
char *buf;
|
|
char *policy_in = NULL;
|
|
char *policy_out = NULL;
|
|
int level;
|
|
int opt;
|
|
|
|
switch (sep->se_family) {
|
|
case AF_INET:
|
|
level = IPPROTO_IP;
|
|
opt = IP_IPSEC_POLICY;
|
|
break;
|
|
#ifdef INET6
|
|
case AF_INET6:
|
|
level = IPPROTO_IPV6;
|
|
opt = IPV6_IPSEC_POLICY;
|
|
break;
|
|
#endif
|
|
default:
|
|
return;
|
|
}
|
|
|
|
if (!sep->se_policy || sep->se_policy[0] == '\0') {
|
|
static char def_in[] = "in entrust", def_out[] = "out entrust";
|
|
policy_in = def_in;
|
|
policy_out = def_out;
|
|
} else {
|
|
if (!strncmp("in", sep->se_policy, 2))
|
|
policy_in = sep->se_policy;
|
|
else if (!strncmp("out", sep->se_policy, 3))
|
|
policy_out = sep->se_policy;
|
|
else {
|
|
syslog(LOG_ERR, "invalid security policy \"%s\"",
|
|
sep->se_policy);
|
|
return;
|
|
}
|
|
}
|
|
|
|
if (policy_in != NULL) {
|
|
buf = ipsec_set_policy(policy_in, strlen(policy_in));
|
|
if (buf != NULL) {
|
|
if (setsockopt(sep->se_fd, level, opt,
|
|
buf, ipsec_get_policylen(buf)) < 0 &&
|
|
debug != 0)
|
|
warnx("%s/%s: ipsec initialization failed; %s",
|
|
sep->se_service, sep->se_proto,
|
|
policy_in);
|
|
free(buf);
|
|
} else
|
|
syslog(LOG_ERR, "invalid security policy \"%s\"",
|
|
policy_in);
|
|
}
|
|
if (policy_out != NULL) {
|
|
buf = ipsec_set_policy(policy_out, strlen(policy_out));
|
|
if (buf != NULL) {
|
|
if (setsockopt(sep->se_fd, level, opt,
|
|
buf, ipsec_get_policylen(buf)) < 0 &&
|
|
debug != 0)
|
|
warnx("%s/%s: ipsec initialization failed; %s",
|
|
sep->se_service, sep->se_proto,
|
|
policy_out);
|
|
free(buf);
|
|
} else
|
|
syslog(LOG_ERR, "invalid security policy \"%s\"",
|
|
policy_out);
|
|
}
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* Finish with a service and its socket.
|
|
*/
|
|
static void
|
|
close_sep(struct servtab *sep)
|
|
{
|
|
if (sep->se_fd >= 0) {
|
|
if (FD_ISSET(sep->se_fd, &allsock))
|
|
disable(sep);
|
|
(void) close(sep->se_fd);
|
|
sep->se_fd = -1;
|
|
}
|
|
sep->se_count = 0;
|
|
sep->se_numchild = 0; /* forget about any existing children */
|
|
}
|
|
|
|
static int
|
|
matchservent(const char *name1, const char *name2, const char *proto)
|
|
{
|
|
char **alias, *p;
|
|
struct servent *se;
|
|
|
|
if (strcmp(proto, "unix") == 0) {
|
|
if ((p = strrchr(name1, '/')) != NULL)
|
|
name1 = p + 1;
|
|
if ((p = strrchr(name2, '/')) != NULL)
|
|
name2 = p + 1;
|
|
}
|
|
if (strcmp(name1, name2) == 0)
|
|
return(1);
|
|
if ((se = getservbyname(name1, proto)) != NULL) {
|
|
if (strcmp(name2, se->s_name) == 0)
|
|
return(1);
|
|
for (alias = se->s_aliases; *alias; alias++)
|
|
if (strcmp(name2, *alias) == 0)
|
|
return(1);
|
|
}
|
|
return(0);
|
|
}
|
|
|
|
static struct servtab *
|
|
enter(struct servtab *cp)
|
|
{
|
|
struct servtab *sep;
|
|
long omask;
|
|
|
|
sep = (struct servtab *)malloc(sizeof (*sep));
|
|
if (sep == (struct servtab *)0) {
|
|
syslog(LOG_ERR, "malloc: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
*sep = *cp;
|
|
sep->se_fd = -1;
|
|
omask = sigblock(SIGBLOCK);
|
|
sep->se_next = servtab;
|
|
servtab = sep;
|
|
sigsetmask(omask);
|
|
return (sep);
|
|
}
|
|
|
|
static void
|
|
enable(struct servtab *sep)
|
|
{
|
|
if (debug)
|
|
warnx(
|
|
"enabling %s, fd %d", sep->se_service, sep->se_fd);
|
|
#ifdef SANITY_CHECK
|
|
if (sep->se_fd < 0) {
|
|
syslog(LOG_ERR,
|
|
"%s: %s: bad fd", __func__, sep->se_service);
|
|
exit(EX_SOFTWARE);
|
|
}
|
|
if (ISMUX(sep)) {
|
|
syslog(LOG_ERR,
|
|
"%s: %s: is mux", __func__, sep->se_service);
|
|
exit(EX_SOFTWARE);
|
|
}
|
|
if (FD_ISSET(sep->se_fd, &allsock)) {
|
|
syslog(LOG_ERR,
|
|
"%s: %s: not off", __func__, sep->se_service);
|
|
exit(EX_SOFTWARE);
|
|
}
|
|
nsock++;
|
|
#endif
|
|
FD_SET(sep->se_fd, &allsock);
|
|
if (sep->se_fd > maxsock)
|
|
maxsock = sep->se_fd;
|
|
}
|
|
|
|
static void
|
|
disable(struct servtab *sep)
|
|
{
|
|
if (debug)
|
|
warnx(
|
|
"disabling %s, fd %d", sep->se_service, sep->se_fd);
|
|
#ifdef SANITY_CHECK
|
|
if (sep->se_fd < 0) {
|
|
syslog(LOG_ERR,
|
|
"%s: %s: bad fd", __func__, sep->se_service);
|
|
exit(EX_SOFTWARE);
|
|
}
|
|
if (ISMUX(sep)) {
|
|
syslog(LOG_ERR,
|
|
"%s: %s: is mux", __func__, sep->se_service);
|
|
exit(EX_SOFTWARE);
|
|
}
|
|
if (!FD_ISSET(sep->se_fd, &allsock)) {
|
|
syslog(LOG_ERR,
|
|
"%s: %s: not on", __func__, sep->se_service);
|
|
exit(EX_SOFTWARE);
|
|
}
|
|
if (nsock == 0) {
|
|
syslog(LOG_ERR, "%s: nsock=0", __func__);
|
|
exit(EX_SOFTWARE);
|
|
}
|
|
nsock--;
|
|
#endif
|
|
FD_CLR(sep->se_fd, &allsock);
|
|
if (sep->se_fd == maxsock)
|
|
maxsock--;
|
|
}
|
|
|
|
static FILE *fconfig = NULL;
|
|
static struct servtab serv;
|
|
static char line[LINE_MAX];
|
|
|
|
static int
|
|
setconfig(void)
|
|
{
|
|
|
|
if (fconfig != NULL) {
|
|
fseek(fconfig, 0L, SEEK_SET);
|
|
return (1);
|
|
}
|
|
fconfig = fopen(CONFIG, "r");
|
|
return (fconfig != NULL);
|
|
}
|
|
|
|
static void
|
|
endconfig(void)
|
|
{
|
|
if (fconfig) {
|
|
(void) fclose(fconfig);
|
|
fconfig = NULL;
|
|
}
|
|
}
|
|
|
|
static struct servtab *
|
|
getconfigent(void)
|
|
{
|
|
struct servtab *sep = &serv;
|
|
int argc;
|
|
char *cp, *arg, *s;
|
|
char *versp;
|
|
static char TCPMUX_TOKEN[] = "tcpmux/";
|
|
#define MUX_LEN (sizeof(TCPMUX_TOKEN)-1)
|
|
#ifdef IPSEC
|
|
char *policy;
|
|
#endif
|
|
int v4bind;
|
|
#ifdef INET6
|
|
int v6bind;
|
|
#endif
|
|
int i;
|
|
|
|
#ifdef IPSEC
|
|
policy = NULL;
|
|
#endif
|
|
more:
|
|
v4bind = 0;
|
|
#ifdef INET6
|
|
v6bind = 0;
|
|
#endif
|
|
while ((cp = nextline(fconfig)) != NULL) {
|
|
#ifdef IPSEC
|
|
/* lines starting with #@ is not a comment, but the policy */
|
|
if (cp[0] == '#' && cp[1] == '@') {
|
|
char *p;
|
|
for (p = cp + 2; p && *p && isspace(*p); p++)
|
|
;
|
|
if (*p == '\0') {
|
|
if (policy)
|
|
free(policy);
|
|
policy = NULL;
|
|
} else if (ipsec_get_policylen(p) >= 0) {
|
|
if (policy)
|
|
free(policy);
|
|
policy = newstr(p);
|
|
} else {
|
|
syslog(LOG_ERR,
|
|
"%s: invalid ipsec policy \"%s\"",
|
|
CONFIG, p);
|
|
exit(EX_CONFIG);
|
|
}
|
|
}
|
|
#endif
|
|
if (*cp == '#' || *cp == '\0')
|
|
continue;
|
|
break;
|
|
}
|
|
if (cp == NULL)
|
|
return ((struct servtab *)0);
|
|
/*
|
|
* clear the static buffer, since some fields (se_ctrladdr,
|
|
* for example) don't get initialized here.
|
|
*/
|
|
memset(sep, 0, sizeof *sep);
|
|
arg = skip(&cp);
|
|
if (cp == NULL) {
|
|
/* got an empty line containing just blanks/tabs. */
|
|
goto more;
|
|
}
|
|
if (arg[0] == ':') { /* :user:group:perm: */
|
|
char *user, *group, *perm;
|
|
struct passwd *pw;
|
|
struct group *gr;
|
|
user = arg+1;
|
|
if ((group = strchr(user, ':')) == NULL) {
|
|
syslog(LOG_ERR, "no group after user '%s'", user);
|
|
goto more;
|
|
}
|
|
*group++ = '\0';
|
|
if ((perm = strchr(group, ':')) == NULL) {
|
|
syslog(LOG_ERR, "no mode after group '%s'", group);
|
|
goto more;
|
|
}
|
|
*perm++ = '\0';
|
|
if ((pw = getpwnam(user)) == NULL) {
|
|
syslog(LOG_ERR, "no such user '%s'", user);
|
|
goto more;
|
|
}
|
|
sep->se_sockuid = pw->pw_uid;
|
|
if ((gr = getgrnam(group)) == NULL) {
|
|
syslog(LOG_ERR, "no such user '%s'", group);
|
|
goto more;
|
|
}
|
|
sep->se_sockgid = gr->gr_gid;
|
|
sep->se_sockmode = strtol(perm, &arg, 8);
|
|
if (*arg != ':') {
|
|
syslog(LOG_ERR, "bad mode '%s'", perm);
|
|
goto more;
|
|
}
|
|
*arg++ = '\0';
|
|
} else {
|
|
sep->se_sockuid = euid;
|
|
sep->se_sockgid = egid;
|
|
sep->se_sockmode = 0200;
|
|
}
|
|
if (strncmp(arg, TCPMUX_TOKEN, MUX_LEN) == 0) {
|
|
char *c = arg + MUX_LEN;
|
|
if (*c == '+') {
|
|
sep->se_type = MUXPLUS_TYPE;
|
|
c++;
|
|
} else
|
|
sep->se_type = MUX_TYPE;
|
|
sep->se_service = newstr(c);
|
|
} else {
|
|
sep->se_service = newstr(arg);
|
|
sep->se_type = NORM_TYPE;
|
|
}
|
|
arg = sskip(&cp);
|
|
if (strcmp(arg, "stream") == 0)
|
|
sep->se_socktype = SOCK_STREAM;
|
|
else if (strcmp(arg, "dgram") == 0)
|
|
sep->se_socktype = SOCK_DGRAM;
|
|
else if (strcmp(arg, "rdm") == 0)
|
|
sep->se_socktype = SOCK_RDM;
|
|
else if (strcmp(arg, "seqpacket") == 0)
|
|
sep->se_socktype = SOCK_SEQPACKET;
|
|
else if (strcmp(arg, "raw") == 0)
|
|
sep->se_socktype = SOCK_RAW;
|
|
else
|
|
sep->se_socktype = -1;
|
|
|
|
arg = sskip(&cp);
|
|
if (strncmp(arg, "tcp", 3) == 0) {
|
|
sep->se_proto = newstr(strsep(&arg, "/"));
|
|
if (arg != NULL && (strcmp(arg, "faith") == 0)) {
|
|
syslog(LOG_ERR, "faith has been deprecated");
|
|
goto more;
|
|
}
|
|
} else {
|
|
if (sep->se_type == NORM_TYPE &&
|
|
strncmp(arg, "faith/", 6) == 0) {
|
|
syslog(LOG_ERR, "faith has been deprecated");
|
|
goto more;
|
|
}
|
|
sep->se_proto = newstr(arg);
|
|
}
|
|
if (strncmp(sep->se_proto, "rpc/", 4) == 0) {
|
|
memmove(sep->se_proto, sep->se_proto + 4,
|
|
strlen(sep->se_proto) + 1 - 4);
|
|
sep->se_rpc = 1;
|
|
sep->se_rpc_prog = sep->se_rpc_lowvers =
|
|
sep->se_rpc_highvers = 0;
|
|
if ((versp = strrchr(sep->se_service, '/'))) {
|
|
*versp++ = '\0';
|
|
switch (sscanf(versp, "%u-%u",
|
|
&sep->se_rpc_lowvers,
|
|
&sep->se_rpc_highvers)) {
|
|
case 2:
|
|
break;
|
|
case 1:
|
|
sep->se_rpc_highvers =
|
|
sep->se_rpc_lowvers;
|
|
break;
|
|
default:
|
|
syslog(LOG_ERR,
|
|
"bad RPC version specifier; %s",
|
|
sep->se_service);
|
|
freeconfig(sep);
|
|
goto more;
|
|
}
|
|
}
|
|
else {
|
|
sep->se_rpc_lowvers =
|
|
sep->se_rpc_highvers = 1;
|
|
}
|
|
}
|
|
sep->se_nomapped = 0;
|
|
if (strcmp(sep->se_proto, "unix") == 0) {
|
|
sep->se_family = AF_UNIX;
|
|
} else {
|
|
while (isdigit(sep->se_proto[strlen(sep->se_proto) - 1])) {
|
|
#ifdef INET6
|
|
if (sep->se_proto[strlen(sep->se_proto) - 1] == '6') {
|
|
sep->se_proto[strlen(sep->se_proto) - 1] = '\0';
|
|
v6bind = 1;
|
|
continue;
|
|
}
|
|
#endif
|
|
if (sep->se_proto[strlen(sep->se_proto) - 1] == '4') {
|
|
sep->se_proto[strlen(sep->se_proto) - 1] = '\0';
|
|
v4bind = 1;
|
|
continue;
|
|
}
|
|
/* illegal version num */
|
|
syslog(LOG_ERR, "bad IP version for %s", sep->se_proto);
|
|
freeconfig(sep);
|
|
goto more;
|
|
}
|
|
#ifdef INET6
|
|
if (v6bind && !v6bind_ok) {
|
|
syslog(LOG_INFO, "IPv6 bind is ignored for %s",
|
|
sep->se_service);
|
|
if (v4bind && v4bind_ok)
|
|
v6bind = 0;
|
|
else {
|
|
freeconfig(sep);
|
|
goto more;
|
|
}
|
|
}
|
|
if (v6bind) {
|
|
sep->se_family = AF_INET6;
|
|
if (!v4bind || !v4bind_ok)
|
|
sep->se_nomapped = 1;
|
|
} else
|
|
#endif
|
|
{ /* default to v4 bind if not v6 bind */
|
|
if (!v4bind_ok) {
|
|
syslog(LOG_NOTICE, "IPv4 bind is ignored for %s",
|
|
sep->se_service);
|
|
freeconfig(sep);
|
|
goto more;
|
|
}
|
|
sep->se_family = AF_INET;
|
|
}
|
|
}
|
|
/* init ctladdr */
|
|
switch(sep->se_family) {
|
|
case AF_INET:
|
|
memcpy(&sep->se_ctrladdr4, bind_sa4,
|
|
sizeof(sep->se_ctrladdr4));
|
|
sep->se_ctrladdr_size = sizeof(sep->se_ctrladdr4);
|
|
break;
|
|
#ifdef INET6
|
|
case AF_INET6:
|
|
memcpy(&sep->se_ctrladdr6, bind_sa6,
|
|
sizeof(sep->se_ctrladdr6));
|
|
sep->se_ctrladdr_size = sizeof(sep->se_ctrladdr6);
|
|
break;
|
|
#endif
|
|
case AF_UNIX:
|
|
if (strlen(sep->se_service) >= sizeof(sep->se_ctrladdr_un.sun_path)) {
|
|
syslog(LOG_ERR,
|
|
"domain socket pathname too long for service %s",
|
|
sep->se_service);
|
|
goto more;
|
|
}
|
|
memset(&sep->se_ctrladdr, 0, sizeof(sep->se_ctrladdr));
|
|
sep->se_ctrladdr_un.sun_family = sep->se_family;
|
|
sep->se_ctrladdr_un.sun_len = strlen(sep->se_service);
|
|
strcpy(sep->se_ctrladdr_un.sun_path, sep->se_service);
|
|
sep->se_ctrladdr_size = SUN_LEN(&sep->se_ctrladdr_un);
|
|
}
|
|
arg = sskip(&cp);
|
|
if (!strncmp(arg, "wait", 4))
|
|
sep->se_accept = 0;
|
|
else if (!strncmp(arg, "nowait", 6))
|
|
sep->se_accept = 1;
|
|
else {
|
|
syslog(LOG_ERR,
|
|
"%s: bad wait/nowait for service %s",
|
|
CONFIG, sep->se_service);
|
|
goto more;
|
|
}
|
|
sep->se_maxchild = -1;
|
|
sep->se_maxcpm = -1;
|
|
sep->se_maxperip = -1;
|
|
if ((s = strchr(arg, '/')) != NULL) {
|
|
char *eptr;
|
|
u_long val;
|
|
|
|
val = strtoul(s + 1, &eptr, 10);
|
|
if (eptr == s + 1 || val > MAX_MAXCHLD) {
|
|
syslog(LOG_ERR,
|
|
"%s: bad max-child for service %s",
|
|
CONFIG, sep->se_service);
|
|
goto more;
|
|
}
|
|
if (debug)
|
|
if (!sep->se_accept && val != 1)
|
|
warnx("maxchild=%lu for wait service %s"
|
|
" not recommended", val, sep->se_service);
|
|
sep->se_maxchild = val;
|
|
if (*eptr == '/')
|
|
sep->se_maxcpm = strtol(eptr + 1, &eptr, 10);
|
|
if (*eptr == '/')
|
|
sep->se_maxperip = strtol(eptr + 1, &eptr, 10);
|
|
/*
|
|
* explicitly do not check for \0 for future expansion /
|
|
* backwards compatibility
|
|
*/
|
|
}
|
|
if (ISMUX(sep)) {
|
|
/*
|
|
* Silently enforce "nowait" mode for TCPMUX services
|
|
* since they don't have an assigned port to listen on.
|
|
*/
|
|
sep->se_accept = 1;
|
|
if (strcmp(sep->se_proto, "tcp")) {
|
|
syslog(LOG_ERR,
|
|
"%s: bad protocol for tcpmux service %s",
|
|
CONFIG, sep->se_service);
|
|
goto more;
|
|
}
|
|
if (sep->se_socktype != SOCK_STREAM) {
|
|
syslog(LOG_ERR,
|
|
"%s: bad socket type for tcpmux service %s",
|
|
CONFIG, sep->se_service);
|
|
goto more;
|
|
}
|
|
}
|
|
sep->se_user = newstr(sskip(&cp));
|
|
#ifdef LOGIN_CAP
|
|
if ((s = strrchr(sep->se_user, '/')) != NULL) {
|
|
*s = '\0';
|
|
sep->se_class = newstr(s + 1);
|
|
} else
|
|
sep->se_class = newstr(RESOURCE_RC);
|
|
#endif
|
|
if ((s = strrchr(sep->se_user, ':')) != NULL) {
|
|
*s = '\0';
|
|
sep->se_group = newstr(s + 1);
|
|
} else
|
|
sep->se_group = NULL;
|
|
sep->se_server = newstr(sskip(&cp));
|
|
if ((sep->se_server_name = strrchr(sep->se_server, '/')))
|
|
sep->se_server_name++;
|
|
if (strcmp(sep->se_server, "internal") == 0) {
|
|
struct biltin *bi;
|
|
|
|
for (bi = biltins; bi->bi_service; bi++)
|
|
if (bi->bi_socktype == sep->se_socktype &&
|
|
matchservent(bi->bi_service, sep->se_service,
|
|
sep->se_proto))
|
|
break;
|
|
if (bi->bi_service == 0) {
|
|
syslog(LOG_ERR, "internal service %s unknown",
|
|
sep->se_service);
|
|
goto more;
|
|
}
|
|
sep->se_accept = 1; /* force accept mode for built-ins */
|
|
sep->se_bi = bi;
|
|
} else
|
|
sep->se_bi = NULL;
|
|
if (sep->se_maxperip < 0)
|
|
sep->se_maxperip = maxperip;
|
|
if (sep->se_maxcpm < 0)
|
|
sep->se_maxcpm = maxcpm;
|
|
if (sep->se_maxchild < 0) { /* apply default max-children */
|
|
if (sep->se_bi && sep->se_bi->bi_maxchild >= 0)
|
|
sep->se_maxchild = sep->se_bi->bi_maxchild;
|
|
else if (sep->se_accept)
|
|
sep->se_maxchild = MAX(maxchild, 0);
|
|
else
|
|
sep->se_maxchild = 1;
|
|
}
|
|
if (sep->se_maxchild > 0) {
|
|
sep->se_pids = malloc(sep->se_maxchild * sizeof(*sep->se_pids));
|
|
if (sep->se_pids == NULL) {
|
|
syslog(LOG_ERR, "malloc: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
}
|
|
argc = 0;
|
|
for (arg = skip(&cp); cp; arg = skip(&cp))
|
|
if (argc < MAXARGV) {
|
|
sep->se_argv[argc++] = newstr(arg);
|
|
} else {
|
|
syslog(LOG_ERR,
|
|
"%s: too many arguments for service %s",
|
|
CONFIG, sep->se_service);
|
|
goto more;
|
|
}
|
|
while (argc <= MAXARGV)
|
|
sep->se_argv[argc++] = NULL;
|
|
for (i = 0; i < PERIPSIZE; ++i)
|
|
LIST_INIT(&sep->se_conn[i]);
|
|
#ifdef IPSEC
|
|
sep->se_policy = policy ? newstr(policy) : NULL;
|
|
#endif
|
|
return (sep);
|
|
}
|
|
|
|
static void
|
|
freeconfig(struct servtab *cp)
|
|
{
|
|
int i;
|
|
|
|
if (cp->se_service)
|
|
free(cp->se_service);
|
|
if (cp->se_proto)
|
|
free(cp->se_proto);
|
|
if (cp->se_user)
|
|
free(cp->se_user);
|
|
if (cp->se_group)
|
|
free(cp->se_group);
|
|
#ifdef LOGIN_CAP
|
|
if (cp->se_class)
|
|
free(cp->se_class);
|
|
#endif
|
|
if (cp->se_server)
|
|
free(cp->se_server);
|
|
if (cp->se_pids)
|
|
free(cp->se_pids);
|
|
for (i = 0; i < MAXARGV; i++)
|
|
if (cp->se_argv[i])
|
|
free(cp->se_argv[i]);
|
|
free_connlist(cp);
|
|
#ifdef IPSEC
|
|
if (cp->se_policy)
|
|
free(cp->se_policy);
|
|
#endif
|
|
}
|
|
|
|
|
|
/*
|
|
* Safe skip - if skip returns null, log a syntax error in the
|
|
* configuration file and exit.
|
|
*/
|
|
static char *
|
|
sskip(char **cpp)
|
|
{
|
|
char *cp;
|
|
|
|
cp = skip(cpp);
|
|
if (cp == NULL) {
|
|
syslog(LOG_ERR, "%s: syntax error", CONFIG);
|
|
exit(EX_DATAERR);
|
|
}
|
|
return (cp);
|
|
}
|
|
|
|
static char *
|
|
skip(char **cpp)
|
|
{
|
|
char *cp = *cpp;
|
|
char *start;
|
|
char quote = '\0';
|
|
|
|
again:
|
|
while (*cp == ' ' || *cp == '\t')
|
|
cp++;
|
|
if (*cp == '\0') {
|
|
int c;
|
|
|
|
c = getc(fconfig);
|
|
(void) ungetc(c, fconfig);
|
|
if (c == ' ' || c == '\t')
|
|
if ((cp = nextline(fconfig)))
|
|
goto again;
|
|
*cpp = (char *)0;
|
|
return ((char *)0);
|
|
}
|
|
if (*cp == '"' || *cp == '\'')
|
|
quote = *cp++;
|
|
start = cp;
|
|
if (quote)
|
|
while (*cp && *cp != quote)
|
|
cp++;
|
|
else
|
|
while (*cp && *cp != ' ' && *cp != '\t')
|
|
cp++;
|
|
if (*cp != '\0')
|
|
*cp++ = '\0';
|
|
*cpp = cp;
|
|
return (start);
|
|
}
|
|
|
|
static char *
|
|
nextline(FILE *fd)
|
|
{
|
|
char *cp;
|
|
|
|
if (fgets(line, sizeof (line), fd) == NULL)
|
|
return ((char *)0);
|
|
cp = strchr(line, '\n');
|
|
if (cp)
|
|
*cp = '\0';
|
|
return (line);
|
|
}
|
|
|
|
static char *
|
|
newstr(const char *cp)
|
|
{
|
|
char *cr;
|
|
|
|
if ((cr = strdup(cp != NULL ? cp : "")))
|
|
return (cr);
|
|
syslog(LOG_ERR, "strdup: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
|
|
void
|
|
inetd_setproctitle(const char *a, int s)
|
|
{
|
|
socklen_t size;
|
|
struct sockaddr_storage ss;
|
|
char buf[80], pbuf[NI_MAXHOST];
|
|
|
|
size = sizeof(ss);
|
|
if (getpeername(s, (struct sockaddr *)&ss, &size) == 0) {
|
|
getnameinfo((struct sockaddr *)&ss, size, pbuf, sizeof(pbuf),
|
|
NULL, 0, NI_NUMERICHOST);
|
|
(void) sprintf(buf, "%s [%s]", a, pbuf);
|
|
} else
|
|
(void) sprintf(buf, "%s", a);
|
|
setproctitle("%s", buf);
|
|
}
|
|
|
|
int
|
|
check_loop(const struct sockaddr *sa, const struct servtab *sep)
|
|
{
|
|
struct servtab *se2;
|
|
char pname[NI_MAXHOST];
|
|
|
|
for (se2 = servtab; se2; se2 = se2->se_next) {
|
|
if (!se2->se_bi || se2->se_socktype != SOCK_DGRAM)
|
|
continue;
|
|
|
|
switch (se2->se_family) {
|
|
case AF_INET:
|
|
if (csatosin(sa)->sin_port ==
|
|
se2->se_ctrladdr4.sin_port)
|
|
goto isloop;
|
|
continue;
|
|
#ifdef INET6
|
|
case AF_INET6:
|
|
if (csatosin6(sa)->sin6_port ==
|
|
se2->se_ctrladdr6.sin6_port)
|
|
goto isloop;
|
|
continue;
|
|
#endif
|
|
default:
|
|
continue;
|
|
}
|
|
isloop:
|
|
getnameinfo(sa, sa->sa_len, pname, sizeof(pname), NULL, 0,
|
|
NI_NUMERICHOST);
|
|
syslog(LOG_WARNING, "%s/%s:%s/%s loop request REFUSED from %s",
|
|
sep->se_service, sep->se_proto,
|
|
se2->se_service, se2->se_proto,
|
|
pname);
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* print_service:
|
|
* Dump relevant information to stderr
|
|
*/
|
|
static void
|
|
print_service(const char *action, const struct servtab *sep)
|
|
{
|
|
fprintf(stderr,
|
|
"%s: %s proto=%s accept=%d max=%d user=%s group=%s"
|
|
#ifdef LOGIN_CAP
|
|
"class=%s"
|
|
#endif
|
|
" builtin=%p server=%s"
|
|
#ifdef IPSEC
|
|
" policy=\"%s\""
|
|
#endif
|
|
"\n",
|
|
action, sep->se_service, sep->se_proto,
|
|
sep->se_accept, sep->se_maxchild, sep->se_user, sep->se_group,
|
|
#ifdef LOGIN_CAP
|
|
sep->se_class,
|
|
#endif
|
|
(void *) sep->se_bi, sep->se_server
|
|
#ifdef IPSEC
|
|
, (sep->se_policy ? sep->se_policy : "")
|
|
#endif
|
|
);
|
|
}
|
|
|
|
#define CPMHSIZE 256
|
|
#define CPMHMASK (CPMHSIZE-1)
|
|
#define CHTGRAN 10
|
|
#define CHTSIZE 6
|
|
|
|
typedef struct CTime {
|
|
unsigned long ct_Ticks;
|
|
int ct_Count;
|
|
} CTime;
|
|
|
|
typedef struct CHash {
|
|
union {
|
|
struct in_addr c4_Addr;
|
|
struct in6_addr c6_Addr;
|
|
} cu_Addr;
|
|
#define ch_Addr4 cu_Addr.c4_Addr
|
|
#define ch_Addr6 cu_Addr.c6_Addr
|
|
int ch_Family;
|
|
time_t ch_LTime;
|
|
char *ch_Service;
|
|
CTime ch_Times[CHTSIZE];
|
|
} CHash;
|
|
|
|
static CHash CHashAry[CPMHSIZE];
|
|
|
|
static int
|
|
cpmip(const struct servtab *sep, int ctrl)
|
|
{
|
|
struct sockaddr_storage rss;
|
|
socklen_t rssLen = sizeof(rss);
|
|
int r = 0;
|
|
|
|
/*
|
|
* If getpeername() fails, just let it through (if logging is
|
|
* enabled the condition is caught elsewhere)
|
|
*/
|
|
|
|
if (sep->se_maxcpm > 0 &&
|
|
(sep->se_family == AF_INET || sep->se_family == AF_INET6) &&
|
|
getpeername(ctrl, (struct sockaddr *)&rss, &rssLen) == 0 ) {
|
|
time_t t = time(NULL);
|
|
int hv = 0xABC3D20F;
|
|
int i;
|
|
int cnt = 0;
|
|
CHash *chBest = NULL;
|
|
unsigned int ticks = t / CHTGRAN;
|
|
struct sockaddr_in *sin4;
|
|
#ifdef INET6
|
|
struct sockaddr_in6 *sin6;
|
|
#endif
|
|
|
|
sin4 = (struct sockaddr_in *)&rss;
|
|
#ifdef INET6
|
|
sin6 = (struct sockaddr_in6 *)&rss;
|
|
#endif
|
|
{
|
|
char *p;
|
|
int addrlen;
|
|
|
|
switch (rss.ss_family) {
|
|
case AF_INET:
|
|
p = (char *)&sin4->sin_addr;
|
|
addrlen = sizeof(struct in_addr);
|
|
break;
|
|
#ifdef INET6
|
|
case AF_INET6:
|
|
p = (char *)&sin6->sin6_addr;
|
|
addrlen = sizeof(struct in6_addr);
|
|
break;
|
|
#endif
|
|
default:
|
|
/* should not happen */
|
|
return -1;
|
|
}
|
|
|
|
for (i = 0; i < addrlen; ++i, ++p) {
|
|
hv = (hv << 5) ^ (hv >> 23) ^ *p;
|
|
}
|
|
hv = (hv ^ (hv >> 16));
|
|
}
|
|
for (i = 0; i < 5; ++i) {
|
|
CHash *ch = &CHashAry[(hv + i) & CPMHMASK];
|
|
|
|
if (rss.ss_family == AF_INET &&
|
|
ch->ch_Family == AF_INET &&
|
|
sin4->sin_addr.s_addr == ch->ch_Addr4.s_addr &&
|
|
ch->ch_Service && strcmp(sep->se_service,
|
|
ch->ch_Service) == 0) {
|
|
chBest = ch;
|
|
break;
|
|
}
|
|
#ifdef INET6
|
|
if (rss.ss_family == AF_INET6 &&
|
|
ch->ch_Family == AF_INET6 &&
|
|
IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
|
|
&ch->ch_Addr6) != 0 &&
|
|
ch->ch_Service && strcmp(sep->se_service,
|
|
ch->ch_Service) == 0) {
|
|
chBest = ch;
|
|
break;
|
|
}
|
|
#endif
|
|
if (chBest == NULL || ch->ch_LTime == 0 ||
|
|
ch->ch_LTime < chBest->ch_LTime) {
|
|
chBest = ch;
|
|
}
|
|
}
|
|
if ((rss.ss_family == AF_INET &&
|
|
(chBest->ch_Family != AF_INET ||
|
|
sin4->sin_addr.s_addr != chBest->ch_Addr4.s_addr)) ||
|
|
chBest->ch_Service == NULL ||
|
|
strcmp(sep->se_service, chBest->ch_Service) != 0) {
|
|
chBest->ch_Family = sin4->sin_family;
|
|
chBest->ch_Addr4 = sin4->sin_addr;
|
|
if (chBest->ch_Service)
|
|
free(chBest->ch_Service);
|
|
chBest->ch_Service = strdup(sep->se_service);
|
|
bzero(chBest->ch_Times, sizeof(chBest->ch_Times));
|
|
}
|
|
#ifdef INET6
|
|
if ((rss.ss_family == AF_INET6 &&
|
|
(chBest->ch_Family != AF_INET6 ||
|
|
IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
|
|
&chBest->ch_Addr6) == 0)) ||
|
|
chBest->ch_Service == NULL ||
|
|
strcmp(sep->se_service, chBest->ch_Service) != 0) {
|
|
chBest->ch_Family = sin6->sin6_family;
|
|
chBest->ch_Addr6 = sin6->sin6_addr;
|
|
if (chBest->ch_Service)
|
|
free(chBest->ch_Service);
|
|
chBest->ch_Service = strdup(sep->se_service);
|
|
bzero(chBest->ch_Times, sizeof(chBest->ch_Times));
|
|
}
|
|
#endif
|
|
chBest->ch_LTime = t;
|
|
{
|
|
CTime *ct = &chBest->ch_Times[ticks % CHTSIZE];
|
|
if (ct->ct_Ticks != ticks) {
|
|
ct->ct_Ticks = ticks;
|
|
ct->ct_Count = 0;
|
|
}
|
|
++ct->ct_Count;
|
|
}
|
|
for (i = 0; i < CHTSIZE; ++i) {
|
|
CTime *ct = &chBest->ch_Times[i];
|
|
if (ct->ct_Ticks <= ticks &&
|
|
ct->ct_Ticks >= ticks - CHTSIZE) {
|
|
cnt += ct->ct_Count;
|
|
}
|
|
}
|
|
if ((cnt * 60) / (CHTSIZE * CHTGRAN) > sep->se_maxcpm) {
|
|
char pname[NI_MAXHOST];
|
|
|
|
getnameinfo((struct sockaddr *)&rss,
|
|
((struct sockaddr *)&rss)->sa_len,
|
|
pname, sizeof(pname), NULL, 0,
|
|
NI_NUMERICHOST);
|
|
r = -1;
|
|
syslog(LOG_ERR,
|
|
"%s from %s exceeded counts/min (limit %d/min)",
|
|
sep->se_service, pname,
|
|
sep->se_maxcpm);
|
|
}
|
|
}
|
|
return(r);
|
|
}
|
|
|
|
static struct conninfo *
|
|
search_conn(struct servtab *sep, int ctrl)
|
|
{
|
|
struct sockaddr_storage ss;
|
|
socklen_t sslen = sizeof(ss);
|
|
struct conninfo *conn;
|
|
int hv;
|
|
char pname[NI_MAXHOST], pname2[NI_MAXHOST];
|
|
|
|
if (sep->se_maxperip <= 0)
|
|
return NULL;
|
|
|
|
/*
|
|
* If getpeername() fails, just let it through (if logging is
|
|
* enabled the condition is caught elsewhere)
|
|
*/
|
|
if (getpeername(ctrl, (struct sockaddr *)&ss, &sslen) != 0)
|
|
return NULL;
|
|
|
|
switch (ss.ss_family) {
|
|
case AF_INET:
|
|
hv = hashval((char *)&((struct sockaddr_in *)&ss)->sin_addr,
|
|
sizeof(struct in_addr));
|
|
break;
|
|
#ifdef INET6
|
|
case AF_INET6:
|
|
hv = hashval((char *)&((struct sockaddr_in6 *)&ss)->sin6_addr,
|
|
sizeof(struct in6_addr));
|
|
break;
|
|
#endif
|
|
default:
|
|
/*
|
|
* Since we only support AF_INET and AF_INET6, just
|
|
* let other than AF_INET and AF_INET6 through.
|
|
*/
|
|
return NULL;
|
|
}
|
|
|
|
if (getnameinfo((struct sockaddr *)&ss, sslen, pname, sizeof(pname),
|
|
NULL, 0, NI_NUMERICHOST) != 0)
|
|
return NULL;
|
|
|
|
LIST_FOREACH(conn, &sep->se_conn[hv], co_link) {
|
|
if (getnameinfo((struct sockaddr *)&conn->co_addr,
|
|
conn->co_addr.ss_len, pname2, sizeof(pname2), NULL, 0,
|
|
NI_NUMERICHOST) == 0 &&
|
|
strcmp(pname, pname2) == 0)
|
|
break;
|
|
}
|
|
|
|
if (conn == NULL) {
|
|
if ((conn = malloc(sizeof(struct conninfo))) == NULL) {
|
|
syslog(LOG_ERR, "malloc: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
conn->co_proc = malloc(sep->se_maxperip * sizeof(*conn->co_proc));
|
|
if (conn->co_proc == NULL) {
|
|
syslog(LOG_ERR, "malloc: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
memcpy(&conn->co_addr, (struct sockaddr *)&ss, sslen);
|
|
conn->co_numchild = 0;
|
|
LIST_INSERT_HEAD(&sep->se_conn[hv], conn, co_link);
|
|
}
|
|
|
|
/*
|
|
* Since a child process is not invoked yet, we cannot
|
|
* determine a pid of a child. So, co_proc and co_numchild
|
|
* should be filled leter.
|
|
*/
|
|
|
|
return conn;
|
|
}
|
|
|
|
static int
|
|
room_conn(struct servtab *sep, struct conninfo *conn)
|
|
{
|
|
char pname[NI_MAXHOST];
|
|
|
|
if (conn->co_numchild >= sep->se_maxperip) {
|
|
getnameinfo((struct sockaddr *)&conn->co_addr,
|
|
conn->co_addr.ss_len, pname, sizeof(pname), NULL, 0,
|
|
NI_NUMERICHOST);
|
|
syslog(LOG_ERR, "%s from %s exceeded counts (limit %d)",
|
|
sep->se_service, pname, sep->se_maxperip);
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
static void
|
|
addchild_conn(struct conninfo *conn, pid_t pid)
|
|
{
|
|
struct procinfo *proc;
|
|
|
|
if (conn == NULL)
|
|
return;
|
|
|
|
if ((proc = search_proc(pid, 1)) != NULL) {
|
|
if (proc->pr_conn != NULL) {
|
|
syslog(LOG_ERR,
|
|
"addchild_conn: child already on process list");
|
|
exit(EX_OSERR);
|
|
}
|
|
proc->pr_conn = conn;
|
|
}
|
|
|
|
conn->co_proc[conn->co_numchild++] = proc;
|
|
}
|
|
|
|
static void
|
|
reapchild_conn(pid_t pid)
|
|
{
|
|
struct procinfo *proc;
|
|
struct conninfo *conn;
|
|
int i;
|
|
|
|
if ((proc = search_proc(pid, 0)) == NULL)
|
|
return;
|
|
if ((conn = proc->pr_conn) == NULL)
|
|
return;
|
|
for (i = 0; i < conn->co_numchild; ++i)
|
|
if (conn->co_proc[i] == proc) {
|
|
conn->co_proc[i] = conn->co_proc[--conn->co_numchild];
|
|
break;
|
|
}
|
|
free_proc(proc);
|
|
free_conn(conn);
|
|
}
|
|
|
|
static void
|
|
resize_conn(struct servtab *sep, int maxpip)
|
|
{
|
|
struct conninfo *conn;
|
|
int i, j;
|
|
|
|
if (sep->se_maxperip <= 0)
|
|
return;
|
|
if (maxpip <= 0) {
|
|
free_connlist(sep);
|
|
return;
|
|
}
|
|
for (i = 0; i < PERIPSIZE; ++i) {
|
|
LIST_FOREACH(conn, &sep->se_conn[i], co_link) {
|
|
for (j = maxpip; j < conn->co_numchild; ++j)
|
|
free_proc(conn->co_proc[j]);
|
|
conn->co_proc = realloc(conn->co_proc,
|
|
maxpip * sizeof(*conn->co_proc));
|
|
if (conn->co_proc == NULL) {
|
|
syslog(LOG_ERR, "realloc: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
if (conn->co_numchild > maxpip)
|
|
conn->co_numchild = maxpip;
|
|
}
|
|
}
|
|
}
|
|
|
|
static void
|
|
free_connlist(struct servtab *sep)
|
|
{
|
|
struct conninfo *conn;
|
|
int i, j;
|
|
|
|
for (i = 0; i < PERIPSIZE; ++i) {
|
|
while ((conn = LIST_FIRST(&sep->se_conn[i])) != NULL) {
|
|
for (j = 0; j < conn->co_numchild; ++j)
|
|
free_proc(conn->co_proc[j]);
|
|
conn->co_numchild = 0;
|
|
free_conn(conn);
|
|
}
|
|
}
|
|
}
|
|
|
|
static void
|
|
free_conn(struct conninfo *conn)
|
|
{
|
|
if (conn == NULL)
|
|
return;
|
|
if (conn->co_numchild <= 0) {
|
|
LIST_REMOVE(conn, co_link);
|
|
free(conn->co_proc);
|
|
free(conn);
|
|
}
|
|
}
|
|
|
|
static struct procinfo *
|
|
search_proc(pid_t pid, int add)
|
|
{
|
|
struct procinfo *proc;
|
|
int hv;
|
|
|
|
hv = hashval((char *)&pid, sizeof(pid));
|
|
LIST_FOREACH(proc, &proctable[hv], pr_link) {
|
|
if (proc->pr_pid == pid)
|
|
break;
|
|
}
|
|
if (proc == NULL && add) {
|
|
if ((proc = malloc(sizeof(struct procinfo))) == NULL) {
|
|
syslog(LOG_ERR, "malloc: %m");
|
|
exit(EX_OSERR);
|
|
}
|
|
proc->pr_pid = pid;
|
|
proc->pr_conn = NULL;
|
|
LIST_INSERT_HEAD(&proctable[hv], proc, pr_link);
|
|
}
|
|
return proc;
|
|
}
|
|
|
|
static void
|
|
free_proc(struct procinfo *proc)
|
|
{
|
|
if (proc == NULL)
|
|
return;
|
|
LIST_REMOVE(proc, pr_link);
|
|
free(proc);
|
|
}
|
|
|
|
static int
|
|
hashval(char *p, int len)
|
|
{
|
|
int i, hv = 0xABC3D20F;
|
|
|
|
for (i = 0; i < len; ++i, ++p)
|
|
hv = (hv << 5) ^ (hv >> 23) ^ *p;
|
|
hv = (hv ^ (hv >> 16)) & (PERIPSIZE - 1);
|
|
return hv;
|
|
}
|