1
=== added directory '.pc'
2
=== added file '.pc/.version'
3
--- .pc/.version	1970-01-01 00:00:00 +0000
4
+++ .pc/.version	2011-06-29 11:29:23 +0000
5
@@ -0,0 +1,1 @@
6
1
2
7
0
2
8
=== added file '.pc/applied-patches'
9
--- .pc/applied-patches	1970-01-01 00:00:00 +0000
10
+++ .pc/applied-patches	2011-06-29 11:29:23 +0000
11
@@ -0,0 +1,11 @@
12
1
makefile
13
2
test
14
3
misc_portability
15
4
setproctitle
16
5
discard_env
17
6
libwrap
18
7
nodaemon
19
8
global_queuelen
20
9
print_pause_time
21
10
tcp46
22
11
buftuning
23
0
12
24
=== added directory '.pc/buftuning'
25
=== added file '.pc/buftuning/inetd.8'
26
--- .pc/buftuning/inetd.8	1970-01-01 00:00:00 +0000
27
+++ .pc/buftuning/inetd.8	2011-06-29 11:29:23 +0000
28
@@ -0,0 +1,465 @@
29
1
.\"	$OpenBSD: inetd.8,v 1.33 2008/06/28 10:54:45 sobrado Exp $
30
2
.\" Copyright (c) 1985, 1991 The Regents of the University of California.
31
3
.\" All rights reserved.
32
4
.\"
33
5
.\" Redistribution and use in source and binary forms, with or without
34
6
.\" modification, are permitted provided that the following conditions
35
7
.\" are met:
36
8
.\" 1. Redistributions of source code must retain the above copyright
37
9
.\"    notice, this list of conditions and the following disclaimer.
38
10
.\" 2. Redistributions in binary form must reproduce the above copyright
39
11
.\"    notice, this list of conditions and the following disclaimer in the
40
12
.\"    documentation and/or other materials provided with the distribution.
41
13
.\" 3. Neither the name of the University nor the names of its contributors
42
14
.\"    may be used to endorse or promote products derived from this software
43
15
.\"    without specific prior written permission.
44
16
.\"
45
17
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46
18
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47
19
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48
20
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49
21
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50
22
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51
23
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52
24
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53
25
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54
26
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55
27
.\" SUCH DAMAGE.
56
28
.\"
57
29
.\"     from: @(#)inetd.8	6.7 (Berkeley) 3/16/91
58
30
.\"
59
31
.Dd $Mdocdate: December 29 2009 $
60
32
.Dt INETD 8
61
33
.Os
62
34
.Sh NAME
63
35
.Nm inetd
64
36
.Nd internet
65
37
.Dq super-server
66
38
.Sh SYNOPSIS
67
39
.Nm inetd
68
40
.Op Fl d
69
41
.Op Fl E
70
42
.Op Fl i
71
43
.Op Fl l
72
44
.Op Fl q Ar length
73
45
.Op Fl R Ar rate
74
46
.Op Ar configuration_file
75
47
.Sh DESCRIPTION
76
48
.Nm inetd
77
49
listens for connections on certain internet sockets.
78
50
When a connection is found on one
79
51
of its sockets, it decides what service the socket
80
52
corresponds to, and invokes a program to service the request.
81
53
After the program is
82
54
finished, it continues to listen on the socket (except in some cases which
83
55
will be described below).
84
56
Essentially,
85
57
.Nm inetd
86
58
allows running one daemon to invoke several others,
87
59
reducing load on the system.
88
60
.Pp
89
61
The options are as follows:
90
62
.Bl -tag -width Ds
91
63
.It Fl d
92
64
Turns on debugging.
93
65
.It Fl E
94
66
Prevents
95
67
.Nm inetd
96
68
from laundering the environment.  Without this option a selection of
97
69
potentially harmful environent variables, including
98
70
.Pa PATH ,
99
71
will be removed and not inherited by services.
100
72
.It Fl i
101
73
Makes the program not daemonize itself.
102
74
.It Fl l
103
75
Turns on libwrap connection logging and access control.
104
76
Internal services cannot be wrapped.  When enabled,
105
77
.Pa /usr/sbin/tcpd
106
78
is silently not executed even if present in
107
79
.Pa /etc/inetd.conf
108
80
and instead libwrap is called directly by inetd.
109
81
.It Fl q Ar length
110
82
Specify the length of the
111
83
.Xr listen 2
112
84
connections queue; the default is 128.
113
85
.It Fl R Ar rate
114
86
Specify the maximum number of times a service can be invoked
115
87
in one minute; the default is 256.
116
88
If a service exceeds this limit,
117
89
.Nm
118
90
will log the problem
119
91
and stop servicing requests for the specific service for ten minutes.
120
92
See also the wait/nowait configuration fields below.
121
93
.El
122
94
.Pp
123
95
Upon execution,
124
96
.Nm inetd
125
97
reads its configuration information from a configuration
126
98
file which, by default, is
127
99
.Pa /etc/inetd.conf .
128
100
There must be an entry for each field of the configuration
129
101
file, with entries for each field separated by a tab or
130
102
a space.
131
103
Comments are denoted by a
132
104
.Dq #
133
105
at the beginning
134
106
of a line.
135
107
The fields of the configuration file are as follows:
136
108
.Bd -unfilled -offset indent
137
109
service name
138
110
socket type
139
111
protocol
140
112
wait/nowait[.max]
141
113
user[.group] or user[:group]
142
114
server program
143
115
server program arguments
144
116
.Ed
145
117
.Pp
146
118
To specify a Sun-RPC
147
119
based service, the entry would contain these fields.
148
120
.Bd -unfilled -offset indent
149
121
service name/version
150
122
socket type
151
123
rpc/protocol
152
124
wait/nowait[.max]
153
125
user[.group] or user[:group]
154
126
server program
155
127
server program arguments
156
128
.Ed
157
129
.Pp
158
130
For internet services, the first field of the line may also have a host
159
131
address specifier prefixed to it, separated from the service name by a
160
132
colon.
161
133
If this is done, the string before the colon in the first field
162
134
indicates what local address
163
135
.Nm
164
136
should use when listening for that service.
165
137
Multiple local addresses
166
138
can be specified on the same line, separated by commas.
167
139
Numeric IP
168
140
addresses in dotted-quad notation can be used as well as symbolic
169
141
hostnames.
170
142
Symbolic hostnames are looked up using
171
143
.Fn gethostbyname .
172
144
If a hostname has multiple address mappings, inetd creates a socket
173
145
to listen on each address.
174
146
.Pp
175
147
The single character
176
148
.Dq \&*
177
149
indicates
178
150
.Dv INADDR_ANY ,
179
151
meaning
180
152
.Dq all local addresses .
181
153
To avoid repeating an address that occurs frequently, a line with a
182
154
host address specifier and colon, but no further fields, causes the
183
155
host address specifier to be remembered and used for all further lines
184
156
with no explicit host specifier (until another such line or the end of
185
157
the file).
186
158
A line
187
159
.Dl *:
188
160
is implicitly provided at the top of the file; thus, traditional
189
161
configuration files (which have no host address specifiers) will be
190
162
interpreted in the traditional manner, with all services listened for
191
163
on all local addresses.
192
164
If the protocol is
193
165
.Dq unix ,
194
166
this value is ignored.
195
167
.Pp
196
168
The
197
169
.Em service name
198
170
entry is the name of a valid service in
199
171
the file
200
172
.Pa /etc/services
201
173
or a port number.
202
174
For
203
175
.Dq internal
204
176
services (discussed below), the service
205
177
name
206
178
.Em must
207
179
be the official name of the service (that is, the first entry in
208
180
.Pa /etc/services ) .
209
181
When used to specify a Sun-RPC
210
182
based service, this field is a valid RPC service name in
211
183
the file
212
184
.Pa /etc/rpc .
213
185
The part on the right of the
214
186
.Dq /
215
187
is the RPC version number.
216
188
This can simply be a single numeric argument or a range of versions.
217
189
A range is bounded by the low version to the high version -
218
190
.Dq rusers/1\-3 .
219
191
For
220
192
.Ux Ns -domain
221
193
sockets this field specifies the path name of the socket.
222
194
.Pp
223
195
The
224
196
.Em socket type
225
197
should be one of
226
198
.Dq stream ,
227
199
.Dq dgram ,
228
200
.Dq raw ,
229
201
.Dq rdm ,
230
202
or
231
203
.Dq seqpacket ,
232
204
depending on whether the socket is a stream, datagram, raw,
233
205
reliably delivered message, or sequenced packet socket.
234
206
.Pp
235
207
The
236
208
.Em protocol
237
209
must be a valid protocol as given in
238
210
.Pa /etc/protocols or
239
211
.Dq unix .
240
212
Examples might be
241
213
.Dq tcp
242
214
or
243
215
.Dq udp .
244
216
RPC based services are specified with the
245
217
.Dq rpc/tcp
246
218
or
247
219
.Dq rpc/udp
248
220
service type.
249
221
.Dq tcp
250
222
and
251
223
.Dq udp
252
224
will be recognized as
253
225
.Dq TCP or UDP over default IP version .
254
226
This is currently IPv4, but in the future it will be IPv6.
255
227
If you need to specify IPv4 or IPv6 explicitly, use something like
256
228
.Dq tcp4
257
229
or
258
230
.Dq udp6 .
259
231
A
260
232
.Em protocol
261
233
of
262
234
.Dq unix
263
235
is used to specify a socket in the
264
236
.Ux Ns -domain .
265
237
.Pp
266
238
The
267
239
.Em wait/nowait
268
240
entry is used to tell
269
241
.Nm
270
242
if it should wait for the server program to return,
271
243
or continue processing connections on the socket.
272
244
If a datagram server connects
273
245
to its peer, freeing the socket so
274
246
.Nm inetd
275
247
can receive further messages on the socket, it is said to be
276
248
a
277
249
.Dq multi-threaded
278
250
server, and should use the
279
251
.Dq nowait
280
252
entry.
281
253
For datagram servers which process all incoming datagrams
282
254
on a socket and eventually time out, the server is said to be
283
255
.Dq single-threaded
284
256
and should use a
285
257
.Dq wait
286
258
entry.
287
259
.Xr comsat 8
288
260
.Pq Xr biff 1
289
261
and
290
262
.Xr talkd 8
291
263
are both examples of the latter type of
292
264
datagram server.
293
265
.Xr tftpd 8
294
266
is an exception; it is a datagram server that establishes pseudo-connections.
295
267
It must be listed as
296
268
.Dq wait
297
269
in order to avoid a race;
298
270
the server reads the first packet, creates a new socket,
299
271
and then forks and exits to allow
300
272
.Nm inetd
301
273
to check for new service requests to spawn new servers.
302
274
The optional
303
275
.Dq max
304
276
suffix (separated from
305
277
.Dq wait
306
278
or
307
279
.Dq nowait
308
280
by a dot) specifies the maximum number of times a service can be invoked
309
281
in one minute; the default is 256.
310
282
If a service exceeds this limit,
311
283
.Nm
312
284
will log the problem
313
285
and stop servicing requests for the specific service for ten minutes.
314
286
See also the
315
287
.Fl R
316
288
option above.
317
289
.Pp
318
290
Stream servers are usually marked as
319
291
.Dq nowait
320
292
but if a single server process is to handle multiple connections, it may be
321
293
marked as
322
294
.Dq wait .
323
295
The master socket will then be passed as fd 0 to the server, which will then
324
296
need to accept the incoming connection.
325
297
The server should eventually time
326
298
out and exit when no more connections are active.
327
299
.Nm
328
300
will continue to
329
301
listen on the master socket for connections, so the server should not close
330
302
it when it exits.
331
303
.Pp
332
304
The
333
305
.Em user
334
306
entry should contain the user name of the user as whom the server
335
307
should run.
336
308
This allows for servers to be given less permission
337
309
than root.
338
310
An optional group name can be specified by appending a dot to
339
311
the user name followed by the group name.
340
312
This allows for servers to run with
341
313
a different (primary) group ID than specified in the password file.
342
314
If a group
343
315
is specified and user is not root, the supplementary groups associated with
344
316
that user will still be set.
345
317
.Pp
346
318
The
347
319
.Em server program
348
320
entry should contain the pathname of the program which is to be
349
321
executed by
350
322
.Nm inetd
351
323
when a request is found on its socket.
352
324
If
353
325
.Nm inetd
354
326
provides this service internally, this entry should
355
327
be
356
328
.Dq internal .
357
329
.Pp
358
330
The
359
331
.Em server program arguments
360
332
should be just as arguments
361
333
normally are, starting with argv[0], which is the name of
362
334
the program.
363
335
If the service is provided internally, the word
364
336
.Dq internal
365
337
should take the place of this entry.
366
338
.Pp
367
339
.Nm inetd
368
340
provides several
369
341
.Dq trivial
370
342
services internally by use of routines within itself.
371
343
These services are
372
344
.Dq echo ,
373
345
.Dq discard ,
374
346
.Dq chargen
375
347
(character generator),
376
348
.Dq daytime
377
349
(human readable time), and
378
350
.Dq time
379
351
(machine readable time,
380
352
in the form of the number of seconds since midnight, January
381
353
1, 1900).
382
354
All of these services are TCP based.
383
355
For details of these services, consult the appropriate
384
356
.Tn RFC
385
357
from the Network Information Center.
386
358
.Pp
387
359
.Nm inetd
388
360
rereads its configuration file when it receives a hangup signal,
389
361
.Dv SIGHUP .
390
362
Services may be added, deleted or modified when the configuration file
391
363
is reread.
392
364
.Nm inetd
393
365
creates a file
394
366
.Em /var/run/inetd.pid
395
367
that contains its process identifier.
396
368
.Ss libwrap
397
369
Support for
398
370
.Tn TCP
399
371
wrappers is included with
400
372
.Nm
401
373
to provide built-in tcpd-like access control functionality.
402
374
An external tcpd program is not needed.
403
375
You do not need to change the
404
376
.Pa /etc/inetd.conf
405
377
server-program entry to enable this capability.
406
378
.Nm
407
379
uses
408
380
.Pa /etc/hosts.allow
409
381
and
410
382
.Pa /etc/hosts.deny
411
383
for access control facility configurations, as described in
412
384
.Xr hosts_access 5 .
413
385
.Ss IPv6 TCP/UDP behavior
414
386
If you wish to run a server for IPv4 and IPv6 traffic,
415
387
you'll need to run two separate processes for the same server program,
416
388
specified as two separate lines in
417
389
.Pa inetd.conf ,
418
390
for
419
391
.Dq tcp4
420
392
and
421
393
.Dq tcp6 .
422
394
.Pp
423
395
Under various combinations of IPv4/v6 daemon settings,
424
396
.Nm
425
397
will behave as follows:
426
398
.Bl -bullet -compact
427
399
.It
428
400
If you have only one server on
429
401
.Dq tcp4 ,
430
402
IPv4 traffic will be routed to the server.
431
403
IPv6 traffic will not be accepted.
432
404
.It
433
405
If you have two servers on
434
406
.Dq tcp4
435
407
and
436
408
.Dq tcp6 ,
437
409
IPv4 traffic will be routed to the server on
438
410
.Dq tcp4 ,
439
411
and IPv6 traffic will go to server on
440
412
.Dq tcp6 .
441
413
.It
442
414
If you have only one server on
443
415
.Dq tcp6 ,
444
416
only IPv6 traffic will be routed to the server.
445
417
.Pp
446
418
The special
447
419
.Dq tcp46
448
420
parameter can be used for obsolete servers which require to receive IPv4
449
421
connections mapped in an IPv6 socket. Its usage is discouraged.
450
422
.El
451
423
.Sh SEE ALSO
452
424
.Xr fingerd 8 ,
453
425
.Xr ftpd 8 ,
454
426
.Xr identd 8 ,
455
427
.Xr rshd 8 ,
456
428
.Xr talkd 8 ,
457
429
.Xr tftpd 8
458
430
.Sh HISTORY
459
431
The
460
432
.Nm
461
433
command appeared in
462
434
.Bx 4.3 .
463
435
Support for Sun-RPC
464
436
based services is modelled after that
465
437
provided by SunOS 4.1.
466
438
IPv6 support was added by the KAME project in 1999.
467
439
.Pp
468
440
Marco d'Itri ported this code from OpenBSD in summer 2002 and added
469
441
socket buffers tuning and libwrap support from the NetBSD source tree.
470
442
.Sh BUGS
471
443
On Linux systems, the daemon cannot reload its configuration and needs
472
444
to be restarted when the host address for a service is changed between
473
445
.Dq \&*
474
446
and a specific address.
475
447
.Pp
476
448
Server programs used with
477
449
.Dq dgram
478
450
.Dq udp
479
451
.Dq nowait
480
452
must read from the network socket, or
481
453
.Nm inetd
482
454
will spawn processes until the maximum is reached.
483
455
.Pp
484
456
Host address specifiers, while they make conceptual sense for RPC
485
457
services, do not work entirely correctly.
486
458
This is largely because the
487
459
portmapper interface does not provide a way to register different ports
488
460
for the same service on different local addresses.
489
461
Provided you never
490
462
have more than one entry for a given RPC service, everything should
491
463
work correctly.
492
464
(Note that default host address specifiers do apply to
493
465
RPC lines with no explicit specifier.)
494
0
466
495
=== added file '.pc/buftuning/inetd.c'
496
--- .pc/buftuning/inetd.c	1970-01-01 00:00:00 +0000
497
+++ .pc/buftuning/inetd.c	2011-06-29 11:29:23 +0000
498
@@ -0,0 +1,2194 @@
499
1
/*	$OpenBSD: inetd.c,v 1.131 2009/10/27 23:59:51 deraadt Exp $	*/
500
2
501
3
/*
502
4
 * Copyright (c) 1983,1991 The Regents of the University of California.
503
5
 * All rights reserved.
504
6
 *
505
7
 * Redistribution and use in source and binary forms, with or without
506
8
 * modification, are permitted provided that the following conditions
507
9
 * are met:
508
10
 * 1. Redistributions of source code must retain the above copyright
509
11
 *    notice, this list of conditions and the following disclaimer.
510
12
 * 2. Redistributions in binary form must reproduce the above copyright
511
13
 *    notice, this list of conditions and the following disclaimer in the
512
14
 *    documentation and/or other materials provided with the distribution.
513
15
 * 3. Neither the name of the University nor the names of its contributors
514
16
 *    may be used to endorse or promote products derived from this software
515
17
 *    without specific prior written permission.
516
18
 *
517
19
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
518
20
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
519
21
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
520
22
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
521
23
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
522
24
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
523
25
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
524
26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
525
27
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
526
28
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
527
29
 * SUCH DAMAGE.
528
30
 */
529
31
530
32
/*
531
33
 * Inetd - Internet super-server
532
34
 *
533
35
 * This program invokes all internet services as needed.
534
36
 * connection-oriented services are invoked each time a
535
37
 * connection is made, by creating a process.  This process
536
38
 * is passed the connection as file descriptor 0 and is
537
39
 * expected to do a getpeername to find out the source host
538
40
 * and port.
539
41
 *
540
42
 * Datagram oriented services are invoked when a datagram
541
43
 * arrives; a process is created and passed a pending message
542
44
 * on file descriptor 0.  Datagram servers may either connect
543
45
 * to their peer, freeing up the original socket for inetd
544
46
 * to receive further messages on, or ``take over the socket'',
545
47
 * processing all arriving datagrams and, eventually, timing
546
48
 * out.	 The first type of server is said to be ``multi-threaded'';
547
49
 * the second type of server ``single-threaded''.
548
50
 *
549
51
 * Inetd uses a configuration file which is read at startup
550
52
 * and, possibly, at some later time in response to a hangup signal.
551
53
 * The configuration file is ``free format'' with fields given in the
552
54
 * order shown below.  Continuation lines for an entry must begin with
553
55
 * a space or tab.  All fields must be present in each entry.
554
56
 *
555
57
 *	service name			must be in /etc/services
556
58
 *	socket type			stream/dgram/raw/rdm/seqpacket
557
59
 *	protocol			must be in /etc/protocols
558
60
 *	wait/nowait[.max]		single-threaded/multi-threaded, max #
559
61
 *	user[.group] or user[:group]	user/group to run daemon as
560
62
 *	server program			full path name
561
63
 *	server program arguments	maximum of MAXARGS (20)
562
64
 *
563
65
 * For RPC services
564
66
 *      service name/version            must be in /etc/rpc
565
67
 *	socket type			stream/dgram/raw/rdm/seqpacket
566
68
 *	protocol			must be in /etc/protocols
567
69
 *	wait/nowait[.max]		single-threaded/multi-threaded
568
70
 *	user[.group] or user[:group]	user to run daemon as
569
71
 *	server program			full path name
570
72
 *	server program arguments	maximum of MAXARGS (20)
571
73
 *
572
74
 * For non-RPC services, the "service name" can be of the form
573
75
 * hostaddress:servicename, in which case the hostaddress is used
574
76
 * as the host portion of the address to listen on.  If hostaddress
575
77
 * consists of a single `*' character, INADDR_ANY is used.
576
78
 *
577
79
 * A line can also consist of just
578
80
 *      hostaddress:
579
81
 * where hostaddress is as in the preceding paragraph.  Such a line must
580
82
 * have no further fields; the specified hostaddress is remembered and
581
83
 * used for all further lines that have no hostaddress specified,
582
84
 * until the next such line (or EOF).  (This is why * is provided to
583
85
 * allow explicit specification of INADDR_ANY.)  A line
584
86
 *      *:
585
87
 * is implicitly in effect at the beginning of the file.
586
88
 *
587
89
 * The hostaddress specifier may (and often will) contain dots;
588
90
 * the service name must not.
589
91
 *
590
92
 * For RPC services, host-address specifiers are accepted and will
591
93
 * work to some extent; however, because of limitations in the
592
94
 * portmapper interface, it will not work to try to give more than
593
95
 * one line for any given RPC service, even if the host-address
594
96
 * specifiers are different.
595
97
 *
596
98
 * Comment lines are indicated by a `#' in column 1.
597
99
 */
598
100
599
101
/*
600
102
 * Here's the scoop concerning the user[.:]group feature:
601
103
 *
602
104
 * 1) set-group-option off.
603
105
 *
604
106
 *	a) user = root:	NO setuid() or setgid() is done
605
107
 *
606
108
 *	b) other:	setgid(primary group as found in passwd)
607
109
 *			initgroups(name, primary group)
608
110
 *			setuid()
609
111
 *
610
112
 * 2) set-group-option on.
611
113
 *
612
114
 *	a) user = root:	setgid(specified group)
613
115
 *			NO initgroups()
614
116
 *			NO setuid()
615
117
 *
616
118
 *	b) other:	setgid(specified group)
617
119
 *			initgroups(name, specified group)
618
120
 *			setuid()
619
121
 *
620
122
 */
621
123
622
124
#include <sys/param.h>
623
125
#include <sys/stat.h>
624
126
#include <sys/ioctl.h>
625
127
#include <sys/socket.h>
626
128
#include <sys/un.h>
627
129
#include <sys/file.h>
628
130
#include <sys/wait.h>
629
131
#include <time.h>
630
132
#include <sys/time.h>
631
133
#include <sys/resource.h>
632
134
633
135
#include <net/if.h>
634
136
#include <netinet/in.h>
635
137
#include <arpa/inet.h>
636
138
637
139
#include <errno.h>
638
140
#include <ctype.h>
639
141
#include <signal.h>
640
142
#include <netdb.h>
641
143
#include <syslog.h>
642
144
#include <pwd.h>
643
145
#include <grp.h>
644
146
#include <stdio.h>
645
147
#include <stdlib.h>
646
148
#include <unistd.h>
647
149
#include <string.h>
648
150
#ifdef HAVE_SETUSERCONTEXT
649
151
#include <login_cap.h>
650
152
#endif
651
153
#ifdef HAVE_GETIFADDRS
652
154
#include <ifaddrs.h>
653
155
#endif
654
156
#include <rpc/rpc.h>
655
157
#include <rpc/pmap_clnt.h>
656
158
#include "pathnames.h"
657
159
#include "setproctitle.h"
658
160
659
161
size_t strlcpy(char *, const char *, size_t);
660
162
661
163
#define	TOOMANY		256		/* don't start more than TOOMANY */
662
164
#define	CNT_INTVL	60		/* servers in CNT_INTVL sec. */
663
165
#define	RETRYTIME	(60*10)		/* retry after bind or server fail */
664
166
665
167
#ifdef LIBWRAP
666
168
# include <tcpd.h>
667
169
int lflag = 0;
668
170
#endif
669
171
670
172
int	 debug = 0;
671
173
int	 global_queuelen = 128;
672
174
int	 nsock, maxsock;
673
175
fd_set	*allsockp;
674
176
int	 allsockn;
675
177
int	 toomany = TOOMANY;
676
178
int	 options;
677
179
int	 timingout;
678
180
struct	 servent *sp;
679
181
uid_t	 uid;
680
182
sigset_t blockmask;
681
183
sigset_t emptymask;
682
184
683
185
#ifndef OPEN_MAX
684
186
#define OPEN_MAX	64
685
187
#endif
686
188
687
189
/* Reserve some descriptors, 3 stdio + at least: 1 log, 1 conf. file */
688
190
#define FD_MARGIN	(8)
689
191
rlim_t	rlim_nofile_cur = OPEN_MAX;
690
192
691
193
struct rlimit	rlim_nofile;
692
194
693
195
struct	servtab {
694
196
	char	*se_hostaddr;		/* host address to listen on */
695
197
	char	*se_service;		/* name of service */
696
198
	int	se_socktype;		/* type of socket to use */
697
199
	int	se_family;		/* address family */
698
200
	char	*se_proto;		/* protocol used */
699
201
	int	se_rpcprog;		/* rpc program number */
700
202
	int	se_rpcversl;		/* rpc program lowest version */
701
203
	int	se_rpcversh;		/* rpc program highest version */
702
204
#define isrpcservice(sep)	((sep)->se_rpcversl != 0)
703
205
	pid_t	se_wait;		/* single threaded server */
704
206
	short	se_checked;		/* looked at during merge */
705
207
	char	*se_user;		/* user name to run as */
706
208
	char	*se_group;		/* group name to run as */
707
209
	struct	biltin *se_bi;		/* if built-in, description */
708
210
	char	*se_server;		/* server program */
709
211
#define	MAXARGV 20
710
212
	char	*se_argv[MAXARGV+1];	/* program arguments */
711
213
	int	se_fd;			/* open descriptor */
712
214
	union {
713
215
		struct	sockaddr se_un_ctrladdr;
714
216
		struct	sockaddr_in se_un_ctrladdr_in;
715
217
		struct	sockaddr_in6 se_un_ctrladdr_in6;
716
218
		struct	sockaddr_un se_un_ctrladdr_un;
717
219
		struct	sockaddr_storage se_un_ctrladdr_storage;
718
220
	} se_un;			/* bound address */
719
221
#define se_ctrladdr	se_un.se_un_ctrladdr
720
222
#define se_ctrladdr_in	se_un.se_un_ctrladdr_in
721
223
#define se_ctrladdr_in6	se_un.se_un_ctrladdr_in6
722
224
#define se_ctrladdr_un	se_un.se_un_ctrladdr_un
723
225
#define se_ctrladdr_storage	se_un.se_un_ctrladdr_storage
724
226
	int	se_ctrladdr_size;
725
227
	int	se_max;			/* max # of instances of this service */
726
228
	int	se_count;		/* number started since se_time */
727
229
	struct	timeval se_time;	/* start of se_count */
728
230
	struct	servtab *se_next;
729
231
} *servtab;
730
232
731
233
void echo_stream(int, struct servtab *);
732
234
void discard_stream(int, struct servtab *);
733
235
void machtime_stream(int, struct servtab *);
734
236
void daytime_stream(int, struct servtab *);
735
237
void chargen_stream(int, struct servtab *);
736
238
void echo_dg(int, struct servtab *);
737
239
void discard_dg(int, struct servtab *);
738
240
void machtime_dg(int, struct servtab *);
739
241
void daytime_dg(int, struct servtab *);
740
242
void chargen_dg(int, struct servtab *);
741
243
742
244
struct biltin {
743
245
	char	*bi_service;		/* internally provided service name */
744
246
	int	bi_socktype;		/* type of socket supported */
745
247
	short	bi_fork;		/* 1 if should fork before call */
746
248
	short	bi_wait;		/* 1 if should wait for child */
747
249
	void	(*bi_fn)(int, struct servtab *);
748
250
} biltins[] = {
749
251
	/* Echo received data */
750
252
	{ "echo",	SOCK_STREAM,	1, 0,	echo_stream },
751
253
	{ "echo",	SOCK_DGRAM,	0, 0,	echo_dg },
752
254
753
255
	/* Internet /dev/null */
754
256
	{ "discard",	SOCK_STREAM,	1, 0,	discard_stream },
755
257
	{ "discard",	SOCK_DGRAM,	0, 0,	discard_dg },
756
258
757
259
	/* Return 32 bit time since 1900 */
758
260
	{ "time",	SOCK_STREAM,	0, 0,	machtime_stream },
759
261
	{ "time",	SOCK_DGRAM,	0, 0,	machtime_dg },
760
262
761
263
	/* Return human-readable time */
762
264
	{ "daytime",	SOCK_STREAM,	0, 0,	daytime_stream },
763
265
	{ "daytime",	SOCK_DGRAM,	0, 0,	daytime_dg },
764
266
765
267
	/* Familiar character generator */
766
268
	{ "chargen",	SOCK_STREAM,	1, 0,	chargen_stream },
767
269
	{ "chargen",	SOCK_DGRAM,	0, 0,	chargen_dg },
768
270
769
271
	{ 0 }
770
272
};
771
273
772
274
volatile sig_atomic_t wantretry;
773
275
volatile sig_atomic_t wantconfig;
774
276
volatile sig_atomic_t wantreap;
775
277
volatile sig_atomic_t wantdie;
776
278
777
279
void	config(int);
778
280
void	doconfig(void);
779
281
void	reap(int);
780
282
void	doreap(void);
781
283
void	retry(int);
782
284
void	doretry(void);
783
285
void	die(int);
784
286
void	dodie(void);
785
287
void	logpid(void);
786
288
void	spawn(struct servtab *, int);
787
289
int	gettcp(struct servtab *);
788
290
int	setconfig(void);
789
291
void	endconfig(void);
790
292
void	register_rpc(struct servtab *);
791
293
void	unregister_rpc(struct servtab *);
792
294
void	freeconfig(struct servtab *);
793
295
void	print_service(char *, struct servtab *);
794
296
void	setup(struct servtab *);
795
297
struct servtab *getconfigent(void);
796
298
int	bump_nofile(void);
797
299
struct servtab *enter(struct servtab *);
798
300
int	matchconf(struct servtab *, struct servtab *);
799
301
int	dg_broadcast(struct in_addr *in);
800
302
void	discard_stupid_environment(void);
801
303
802
304
#define NUMINT	(sizeof(intab) / sizeof(struct inent))
803
305
char	*CONFIG = _PATH_INETDCONF;
804
306
805
307
void
806
308
fd_grow(fd_set **fdsp, int *bytes, int fd)
807
309
{
808
310
	caddr_t new;
809
311
	int newbytes;
810
312
811
313
	newbytes = howmany(fd+1, NFDBITS) * sizeof(fd_mask);
812
314
	if (newbytes > *bytes) {
813
315
		newbytes *= 2;			/* optimism */
814
316
		new = realloc(*fdsp, newbytes);
815
317
		if (new == NULL) {
816
318
			syslog(LOG_ERR, "Out of memory.");
817
319
			exit(1);
818
320
		}
819
321
		memset(new + *bytes, 0, newbytes - *bytes);
820
322
		*fdsp = (fd_set *)new;
821
323
		*bytes = newbytes;
822
324
	}
823
325
}
824
326
825
327
struct sigaction sa, sapipe;
826
328
827
329
int
828
330
main(int argc, char *argv[], char *envp[])
829
331
{
830
332
	fd_set *fdsrp = NULL;
831
333
	int readablen = 0, ch;
832
334
	int keepenv = 0;
833
335
	int nodaemon = 0;
834
336
	struct servtab *sep;
835
337
	extern char *optarg;
836
338
	extern int optind;
837
339
	
838
340
	initsetproctitle(argc, argv, envp);
839
341
840
342
	while ((ch = getopt(argc, argv, "dEilq:R:")) != -1)
841
343
		switch (ch) {
842
344
		case 'd':
843
345
			debug = 1;
844
346
			break;
845
347
		case 'E':
846
348
			keepenv = 1;
847
349
			break;
848
350
		case 'i':
849
351
			nodaemon = 1;
850
352
			break;
851
353
		case 'l':
852
354
#ifdef LIBWRAP
853
355
			lflag = 1;
854
356
			break;
855
357
#else
856
358
			fprintf(stderr, "%s: libwrap support not enabled",
857
359
			    progname);
858
360
			exit(1);
859
361
#endif
860
362
		case 'q':
861
363
			global_queuelen = atoi(optarg);
862
364
			if (global_queuelen < 10)
863
365
				global_queuelen = 10;
864
366
			break;
865
367
		case 'R': {	/* invocation rate */
866
368
			char *p;
867
369
			int val;
868
370
869
371
			val = strtoul(optarg, &p, 0);
870
372
			if (val >= 1 && *p == '\0') {
871
373
				toomany = val;
872
374
				break;
873
375
			}
874
376
			syslog(LOG_ERR,
875
377
			    "-R %s: bad value for service invocation rate",
876
378
			    optarg);
877
379
			break;
878
380
		}
879
381
		case '?':
880
382
		default:
881
383
			fprintf(stderr,
882
384
			    "usage: inetd [-dEil] [-q len] [-R rate] [configuration_file]\n");
883
385
			exit(1);
884
386
		}
885
387
	argc -= optind;
886
388
	argv += optind;
887
389
888
390
	/* This must be called _after_ initsetproctitle and arg parsing */
889
391
	if (!keepenv)
890
392
		discard_stupid_environment();
891
393
892
394
	uid = getuid();
893
395
	if (uid != 0)
894
396
		CONFIG = NULL;
895
397
	if (argc > 0)
896
398
		CONFIG = argv[0];
897
399
	if (CONFIG == NULL) {
898
400
		fprintf(stderr, "inetd: non-root must specify a config file\n");
899
401
		exit(1);
900
402
	}
901
403
	if (argc > 1) {
902
404
		fprintf(stderr, "inetd: more than one argument specified\n");
903
405
		exit(1);
904
406
	}
905
407
906
408
	umask(022);
907
409
	if (debug == 0) {
908
410
		if (nodaemon == 0)
909
411
			if (daemon(0, 0) < 0) {
910
412
				syslog(LOG_ERR, "daemon(0, 0): %m");
911
413
				exit(1);
912
414
			}
913
415
#ifdef HAVE_SETLOGIN
914
416
		if (uid == 0)
915
417
			(void) setlogin("");
916
418
#endif
917
419
	}
918
420
	if (debug && uid == 0)
919
421
		options |= SO_DEBUG;
920
422
921
423
	if (uid == 0) {
922
424
		gid_t gid = getgid();
923
425
924
426
		/* If run by hand, ensure groups vector gets trashed */
925
427
		setgroups(1, &gid);
926
428
	}
927
429
928
430
	openlog("inetd", LOG_PID | LOG_NOWAIT, LOG_DAEMON);
929
431
	logpid();
930
432
931
433
	if (getrlimit(RLIMIT_NOFILE, &rlim_nofile) < 0) {
932
434
		syslog(LOG_ERR, "getrlimit: %m");
933
435
	} else {
934
436
		rlim_nofile_cur = rlim_nofile.rlim_cur;
935
437
		if (rlim_nofile_cur == RLIM_INFINITY)	/* ! */
936
438
			rlim_nofile_cur = OPEN_MAX;
937
439
	}
938
440
939
441
	sigemptyset(&emptymask);
940
442
	sigemptyset(&blockmask);
941
443
	sigaddset(&blockmask, SIGCHLD);
942
444
	sigaddset(&blockmask, SIGHUP);
943
445
	sigaddset(&blockmask, SIGALRM);
944
446
945
447
	memset(&sa, 0, sizeof(sa));
946
448
	sigemptyset(&sa.sa_mask);
947
449
	sigaddset(&sa.sa_mask, SIGALRM);
948
450
	sigaddset(&sa.sa_mask, SIGCHLD);
949
451
	sigaddset(&sa.sa_mask, SIGHUP);
950
452
	sa.sa_handler = retry;
951
453
	sigaction(SIGALRM, &sa, NULL);
952
454
	doconfig();
953
455
	sa.sa_handler = config;
954
456
	sigaction(SIGHUP, &sa, NULL);
955
457
	sa.sa_handler = reap;
956
458
	sigaction(SIGCHLD, &sa, NULL);
957
459
	sa.sa_handler = die;
958
460
	sigaction(SIGTERM, &sa, NULL);
959
461
	sa.sa_handler = die;
960
462
	sigaction(SIGINT, &sa, NULL);
961
463
	sa.sa_handler = SIG_IGN;
962
464
	sigaction(SIGPIPE, &sa, &sapipe);
963
465
964
466
	/* space for daemons to overwrite environment for ps */
965
467
	{
966
468
#define DUMMYSIZE 100
967
469
		char dummy[DUMMYSIZE];
968
470
		memset(dummy, 'x', DUMMYSIZE - 1);
969
471
		dummy[DUMMYSIZE - 1] = '\0';
970
472
		setenv("inetd_dummy", dummy, 1);
971
473
	}
972
474
973
475
	for (;;) {
974
476
		int n, ctrl = -1;
975
477
976
478
	    restart:
977
479
		if (nsock == 0) {
978
480
			(void) sigprocmask(SIG_BLOCK, &blockmask, NULL);
979
481
			while (nsock == 0) {
980
482
				if (wantretry || wantconfig || wantreap || wantdie)
981
483
					break;
982
484
				sigsuspend(&emptymask);
983
485
			}
984
486
			(void) sigprocmask(SIG_SETMASK, &emptymask, NULL);
985
487
		}
986
488
987
489
		while (wantretry || wantconfig || wantreap || wantdie) {
988
490
			if (wantretry) {
989
491
				wantretry = 0;
990
492
				doretry();
991
493
			}
992
494
			if (wantconfig) {
993
495
				wantconfig = 0;
994
496
				doconfig();
995
497
			}
996
498
			if (wantreap) {
997
499
				wantreap = 0;
998
500
				doreap();
999
501
			}
1000
502
			if (wantdie)
1001
503
				dodie();
1002
504
			goto restart;
1003
505
		}
1004
506
1005
507
		if (readablen != allsockn) {
1006
508
			if (fdsrp)
1007
509
				free(fdsrp);
1008
510
			fdsrp = (fd_set *)calloc(allsockn, 1);
1009
511
			if (fdsrp == NULL) {
1010
512
				syslog(LOG_ERR, "Out of memory.");
1011
513
				exit(1);
1012
514
			}
1013
515
			readablen = allsockn;
1014
516
		}
1015
517
		bcopy(allsockp, fdsrp, allsockn);
1016
518
1017
519
		if ((n = select(maxsock + 1, fdsrp, NULL, NULL, NULL)) <= 0) {
1018
520
			if (n < 0 && errno != EINTR) {
1019
521
				syslog(LOG_WARNING, "select: %m");
1020
522
				sleep(1);
1021
523
			}
1022
524
			continue;
1023
525
		}
1024
526
1025
527
		for (sep = servtab; n && sep; sep = sep->se_next) {
1026
528
			if (sep->se_fd != -1 &&
1027
529
			    FD_ISSET(sep->se_fd, fdsrp)) {
1028
530
				n--;
1029
531
				if (debug)
1030
532
					fprintf(stderr, "someone wants %s\n",
1031
533
					    sep->se_service);
1032
534
				if (!sep->se_wait &&
1033
535
				    sep->se_socktype == SOCK_STREAM) {
1034
536
					ctrl = gettcp(sep);
1035
537
					if (ctrl == -1)
1036
538
						continue;
1037
539
				} else
1038
540
					ctrl = sep->se_fd;
1039
541
				(void) sigprocmask(SIG_BLOCK, &blockmask, NULL);
1040
542
				spawn(sep, ctrl);	/* spawn will unblock */
1041
543
			}
1042
544
		}
1043
545
	}
1044
546
}
1045
547
1046
548
int
1047
549
gettcp(struct servtab *sep)
1048
550
{
1049
551
	int ctrl;
1050
552
1051
553
	ctrl = accept(sep->se_fd, NULL, NULL);
1052
554
	if (debug)
1053
555
		fprintf(stderr, "accept, ctrl %d\n", ctrl);
1054
556
	if (ctrl < 0) {
1055
557
		if (errno == EINTR)
1056
558
			return -1;
1057
559
		syslog(LOG_WARNING, "accept (for %s): %m", sep->se_service);
1058
560
		return -1;
1059
561
	}
1060
562
	if ((sep->se_family == AF_INET || sep->se_family == AF_INET6) &&
1061
563
	    sep->se_socktype == SOCK_STREAM) {
1062
564
		struct sockaddr_storage peer;
1063
565
		socklen_t plen = sizeof(peer);
1064
566
		char sbuf[NI_MAXSERV];
1065
567
1066
568
		if (getpeername(ctrl, (struct sockaddr *)&peer, &plen) < 0) {
1067
569
			syslog(LOG_WARNING, "could not getpeername");
1068
570
			close(ctrl);
1069
571
			return -1;
1070
572
		}
1071
573
		if (getnameinfo((struct sockaddr *)&peer, plen, NULL, 0,
1072
574
		    sbuf, sizeof(sbuf), NI_NUMERICSERV) == 0 &&
1073
575
		    atoi(sbuf) == 20) {
1074
576
			/*
1075
577
			 * ignore things that look like ftp bounce
1076
578
			 */
1077
579
			close(ctrl);
1078
580
			return -1;
1079
581
		}
1080
582
	}
1081
583
	return (ctrl);
1082
584
}
1083
585
1084
586
1085
587
int
1086
588
dg_badinput(struct sockaddr *sa)
1087
589
{
1088
590
	struct in_addr in;
1089
591
	struct in6_addr *in6;
1090
592
	u_int16_t port;
1091
593
1092
594
	switch (sa->sa_family) {
1093
595
	case AF_INET:
1094
596
		in.s_addr = ntohl(((struct sockaddr_in *)sa)->sin_addr.s_addr);
1095
597
		port = ntohs(((struct sockaddr_in *)sa)->sin_port);
1096
598
	v4chk:
1097
599
		if (IN_MULTICAST(in.s_addr))
1098
600
			goto bad;
1099
601
		switch ((in.s_addr & 0xff000000) >> 24) {
1100
602
		case 0: case 127: case 255:
1101
603
			goto bad;
1102
604
		}
1103
605
		if (dg_broadcast(&in))
1104
606
			goto bad;
1105
607
		break;
1106
608
	case AF_INET6:
1107
609
		in6 = &((struct sockaddr_in6 *)sa)->sin6_addr;
1108
610
		port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
1109
611
		if (IN6_IS_ADDR_MULTICAST(in6) || IN6_IS_ADDR_UNSPECIFIED(in6))
1110
612
			goto bad;
1111
613
		/*
1112
614
		 * OpenBSD does not support IPv4 mapped address (RFC2553
1113
615
		 * inbound behavior) at all.  We should drop it.
1114
616
		 */
1115
617
		if (IN6_IS_ADDR_V4MAPPED(in6))
1116
618
			goto bad;
1117
619
		if (IN6_IS_ADDR_V4COMPAT(in6)) {
1118
620
			memcpy(&in, &in6->s6_addr[12], sizeof(in));
1119
621
			in.s_addr = ntohl(in.s_addr);
1120
622
			goto v4chk;
1121
623
		}
1122
624
		break;
1123
625
	default:
1124
626
		/* XXX unsupported af, is it safe to assume it to be safe? */
1125
627
		return 0;
1126
628
	}
1127
629
1128
630
	return (0);
1129
631
1130
632
bad:
1131
633
	return (1);
1132
634
}
1133
635
1134
636
int
1135
637
dg_broadcast(struct in_addr *in)
1136
638
{
1137
639
#ifdef HAVE_GETIFADDRS
1138
640
	struct ifaddrs *ifa, *ifap;
1139
641
	struct sockaddr_in *sin;
1140
642
1141
643
	if (getifaddrs(&ifap) < 0)
1142
644
		return (0);
1143
645
	for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
1144
646
		if (ifa->ifa_addr->sa_family != AF_INET ||
1145
647
		    (ifa->ifa_flags & IFF_BROADCAST) == 0)
1146
648
			continue;
1147
649
		sin = (struct sockaddr_in *)ifa->ifa_broadaddr;
1148
650
		if (sin->sin_addr.s_addr == in->s_addr) {
1149
651
			freeifaddrs(ifap);
1150
652
			return (1);
1151
653
		}
1152
654
	}
1153
655
	freeifaddrs(ifap);
1154
656
#endif
1155
657
	return (0);
1156
658
}
1157
659
1158
660
/* ARGSUSED */
1159
661
void
1160
662
reap(int sig)
1161
663
{
1162
664
	wantreap = 1;
1163
665
}
1164
666
1165
667
void
1166
668
doreap(void)
1167
669
{
1168
670
	struct servtab *sep;
1169
671
	int status;
1170
672
	pid_t pid;
1171
673
1172
674
	if (debug)
1173
675
		fprintf(stderr, "reaping asked for\n");
1174
676
1175
677
	for (;;) {
1176
678
		if ((pid = wait3(&status, WNOHANG, NULL)) <= 0) {
1177
679
			if (pid == -1 && errno == EINTR)
1178
680
				continue;
1179
681
			break;
1180
682
		}
1181
683
		if (debug)
1182
684
			fprintf(stderr, "%ld reaped, status %x\n",
1183
685
			    (long)pid, status);
1184
686
		for (sep = servtab; sep; sep = sep->se_next)
1185
687
			if (sep->se_wait == pid) {
1186
688
				if (WIFEXITED(status) && WEXITSTATUS(status))
1187
689
					syslog(LOG_WARNING,
1188
690
					    "%s: exit status %d",
1189
691
					    sep->se_server, WEXITSTATUS(status));
1190
692
				else if (WIFSIGNALED(status))
1191
693
					syslog(LOG_WARNING,
1192
694
					    "%s: exit signal %d",
1193
695
					    sep->se_server, WTERMSIG(status));
1194
696
				sep->se_wait = 1;
1195
697
				fd_grow(&allsockp, &allsockn, sep->se_fd);
1196
698
				FD_SET(sep->se_fd, allsockp);
1197
699
				nsock++;
1198
700
				if (debug)
1199
701
					fprintf(stderr, "restored %s, fd %d\n",
1200
702
					    sep->se_service, sep->se_fd);
1201
703
			}
1202
704
	}
1203
705
}
1204
706
1205
707
/* ARGSUSED */
1206
708
void
1207
709
config(int sig)
1208
710
{
1209
711
	wantconfig = 1;
1210
712
}
1211
713
1212
714
void
1213
715
doconfig(void)
1214
716
{
1215
717
	struct servtab *sep, *cp, **sepp;
1216
718
	int add;
1217
719
	char protoname[10];
1218
720
	sigset_t omask;
1219
721
1220
722
	if (!setconfig()) {
1221
723
		syslog(LOG_ERR, "%s: %m", CONFIG);
1222
724
		exit(1);
1223
725
	}
1224
726
	for (sep = servtab; sep; sep = sep->se_next)
1225
727
		sep->se_checked = 0;
1226
728
	cp = getconfigent();
1227
729
	while (cp != NULL) {
1228
730
		for (sep = servtab; sep; sep = sep->se_next)
1229
731
			if (matchconf(sep, cp))
1230
732
				break;
1231
733
		add = 0;
1232
734
		if (sep != NULL) {
1233
735
			int i;
1234
736
1235
737
#define SWAP(type, a, b) {type c=(type)a; a=(type)b; b=(type)c;}
1236
738
1237
739
			sigprocmask(SIG_BLOCK, &blockmask, &omask);
1238
740
			/*
1239
741
			 * sep->se_wait may be holding the pid of a daemon
1240
742
			 * that we're waiting for.  If so, don't overwrite
1241
743
			 * it unless the config file explicitly says don't
1242
744
			 * wait.
1243
745
			 */
1244
746
			if (cp->se_bi == 0 &&
1245
747
			    (sep->se_wait == 1 || cp->se_wait == 0))
1246
748
				sep->se_wait = cp->se_wait;
1247
749
			SWAP(int, cp->se_max, sep->se_max);
1248
750
			SWAP(char *, sep->se_user, cp->se_user);
1249
751
			SWAP(char *, sep->se_group, cp->se_group);
1250
752
			SWAP(char *, sep->se_server, cp->se_server);
1251
753
			for (i = 0; i < MAXARGV; i++)
1252
754
				SWAP(char *, sep->se_argv[i], cp->se_argv[i]);
1253
755
#undef SWAP
1254
756
			if (isrpcservice(sep))
1255
757
				unregister_rpc(sep);
1256
758
			sep->se_rpcversl = cp->se_rpcversl;
1257
759
			sep->se_rpcversh = cp->se_rpcversh;
1258
760
			sigprocmask(SIG_SETMASK, &omask, NULL);
1259
761
			freeconfig(cp);
1260
762
			add = 1;
1261
763
		} else {
1262
764
			sep = enter(cp);
1263
765
		}
1264
766
		sep->se_checked = 1;
1265
767
1266
768
		switch (sep->se_family) {
1267
769
		case AF_UNIX:
1268
770
			if (sep->se_fd != -1)
1269
771
				break;
1270
772
			sep->se_ctrladdr_size =
1271
773
			    strlcpy(sep->se_ctrladdr_un.sun_path,
1272
774
			    sep->se_service,
1273
775
			    sizeof sep->se_ctrladdr_un.sun_path);
1274
776
			if (sep->se_ctrladdr_size >=
1275
777
			    sizeof sep->se_ctrladdr_un.sun_path) {
1276
778
				syslog(LOG_WARNING, "%s/%s: UNIX domain socket "
1277
779
				    "path too long", sep->se_service,
1278
780
				    sep->se_proto);
1279
781
				goto serv_unknown;
1280
782
			}
1281
783
			sep->se_ctrladdr_un.sun_family = AF_UNIX;
1282
784
			sep->se_ctrladdr_size +=
1283
785
			    1 + sizeof sep->se_ctrladdr_un.sun_family;
1284
786
			(void)unlink(sep->se_service);
1285
787
			setup(sep);
1286
788
			break;
1287
789
		case AF_INET:
1288
790
			sep->se_ctrladdr_in.sin_family = AF_INET;
1289
791
			/* se_ctrladdr_in was set in getconfigent */
1290
792
			sep->se_ctrladdr_size = sizeof sep->se_ctrladdr_in;
1291
793
1292
794
			if (isrpcservice(sep)) {
1293
795
				struct rpcent *rp;
1294
796
1295
797
				sep->se_rpcprog = atoi(sep->se_service);
1296
798
				if (sep->se_rpcprog == 0) {
1297
799
					rp = getrpcbyname(sep->se_service);
1298
800
					if (rp == 0) {
1299
801
						syslog(LOG_ERR,
1300
802
						    "%s: unknown rpc service",
1301
803
						    sep->se_service);
1302
804
						goto serv_unknown;
1303
805
					}
1304
806
					sep->se_rpcprog = rp->r_number;
1305
807
				}
1306
808
				if (sep->se_fd == -1)
1307
809
					setup(sep);
1308
810
				if (sep->se_fd != -1)
1309
811
					register_rpc(sep);
1310
812
			} else {
1311
813
				u_short port = htons(atoi(sep->se_service));
1312
814
1313
815
				if (!port) {
1314
816
					/* XXX */
1315
817
					char *p;
1316
818
					strncpy(protoname, sep->se_proto,
1317
819
						sizeof(protoname));
1318
820
					for (p = protoname; *p; p++)
1319
821
						if (isdigit(*p)) {
1320
822
							*p = '\0';
1321
823
							break;
1322
824
						}
1323
825
					sp = getservbyname(sep->se_service,
1324
826
					    protoname);
1325
827
					if (sp == 0) {
1326
828
						syslog(LOG_ERR,
1327
829
						    "%s/%s: unknown service",
1328
830
						    sep->se_service, sep->se_proto);
1329
831
						goto serv_unknown;
1330
832
					}
1331
833
					port = sp->s_port;
1332
834
				}
1333
835
				if (port != sep->se_ctrladdr_in.sin_port) {
1334
836
					sep->se_ctrladdr_in.sin_port = port;
1335
837
					if (sep->se_fd != -1) {
1336
838
						FD_CLR(sep->se_fd, allsockp);
1337
839
						nsock--;
1338
840
						(void) close(sep->se_fd);
1339
841
					}
1340
842
					sep->se_fd = -1;
1341
843
				}
1342
844
				if (sep->se_fd == -1)
1343
845
					setup(sep);
1344
846
			}
1345
847
			break;
1346
848
		case AF_INET6:
1347
849
			sep->se_ctrladdr_in6.sin6_family = AF_INET6;
1348
850
			/* se_ctrladdr_in was set in getconfigent */
1349
851
			sep->se_ctrladdr_size = sizeof sep->se_ctrladdr_in6;
1350
852
1351
853
			if (isrpcservice(sep)) {
1352
854
				struct rpcent *rp;
1353
855
1354
856
				sep->se_rpcprog = atoi(sep->se_service);
1355
857
				if (sep->se_rpcprog == 0) {
1356
858
					rp = getrpcbyname(sep->se_service);
1357
859
					if (rp == 0) {
1358
860
						syslog(LOG_ERR,
1359
861
						    "%s: unknown rpc service",
1360
862
						    sep->se_service);
1361
863
						goto serv_unknown;
1362
864
					}
1363
865
					sep->se_rpcprog = rp->r_number;
1364
866
				}
1365
867
				if (sep->se_fd == -1)
1366
868
					setup(sep);
1367
869
				if (sep->se_fd != -1)
1368
870
					register_rpc(sep);
1369
871
			} else {
1370
872
				u_short port = htons(atoi(sep->se_service));
1371
873
1372
874
				if (!port) {
1373
875
					/* XXX */
1374
876
					strncpy(protoname, sep->se_proto,
1375
877
						sizeof(protoname));
1376
878
					if (isdigit(protoname[strlen(protoname) - 1]))
1377
879
						protoname[strlen(protoname) - 1] = '\0';
1378
880
					sp = getservbyname(sep->se_service,
1379
881
					    protoname);
1380
882
					if (sp == 0) {
1381
883
						syslog(LOG_ERR,
1382
884
						    "%s/%s: unknown service",
1383
885
						    sep->se_service, sep->se_proto);
1384
886
						goto serv_unknown;
1385
887
					}
1386
888
					port = sp->s_port;
1387
889
				}
1388
890
				if (port != sep->se_ctrladdr_in6.sin6_port) {
1389
891
					sep->se_ctrladdr_in6.sin6_port = port;
1390
892
					if (sep->se_fd != -1) {
1391
893
						FD_CLR(sep->se_fd, allsockp);
1392
894
						nsock--;
1393
895
						(void) close(sep->se_fd);
1394
896
					}
1395
897
					sep->se_fd = -1;
1396
898
				}
1397
899
				if (sep->se_fd == -1)
1398
900
					setup(sep);
1399
901
			}
1400
902
			break;
1401
903
		}
1402
904
	serv_unknown:
1403
905
		if (cp->se_next != NULL) {
1404
906
			struct servtab *tmp = cp;
1405
907
1406
908
			cp = cp->se_next;
1407
909
			free(tmp);
1408
910
		} else {
1409
911
			free(cp);
1410
912
			cp = getconfigent();
1411
913
		}
1412
914
		if (debug)
1413
915
			print_service(add ? "REDO" : "ADD", sep);
1414
916
	}
1415
917
	endconfig();
1416
918
	/*
1417
919
	 * Purge anything not looked at above.
1418
920
	 */
1419
921
	sigprocmask(SIG_BLOCK, &blockmask, &omask);
1420
922
	sepp = &servtab;
1421
923
	while ((sep = *sepp)) {
1422
924
		if (sep->se_checked) {
1423
925
			sepp = &sep->se_next;
1424
926
			continue;
1425
927
		}
1426
928
		*sepp = sep->se_next;
1427
929
		if (sep->se_fd != -1) {
1428
930
			FD_CLR(sep->se_fd, allsockp);
1429
931
			nsock--;
1430
932
			(void) close(sep->se_fd);
1431
933
		}
1432
934
		if (isrpcservice(sep))
1433
935
			unregister_rpc(sep);
1434
936
		if (sep->se_family == AF_UNIX)
1435
937
			(void)unlink(sep->se_service);
1436
938
		if (debug)
1437
939
			print_service("FREE", sep);
1438
940
		freeconfig(sep);
1439
941
		free(sep);
1440
942
	}
1441
943
	sigprocmask(SIG_SETMASK, &omask, NULL);
1442
944
}
1443
945
1444
946
/* ARGSUSED */
1445
947
void
1446
948
retry(int sig)
1447
949
{
1448
950
	wantretry = 1;
1449
951
}
1450
952
1451
953
void
1452
954
doretry(void)
1453
955
{
1454
956
	struct servtab *sep;
1455
957
1456
958
	timingout = 0;
1457
959
	for (sep = servtab; sep; sep = sep->se_next) {
1458
960
		if (sep->se_fd == -1) {
1459
961
			switch (sep->se_family) {
1460
962
			case AF_UNIX:
1461
963
			case AF_INET:
1462
964
			case AF_INET6:
1463
965
				setup(sep);
1464
966
				if (sep->se_fd != -1 && isrpcservice(sep))
1465
967
					register_rpc(sep);
1466
968
				break;
1467
969
			}
1468
970
		}
1469
971
	}
1470
972
}
1471
973
1472
974
/* ARGSUSED */
1473
975
void
1474
976
die(int sig)
1475
977
{
1476
978
	wantdie = 1;
1477
979
}
1478
980
1479
981
void
1480
982
dodie(void)
1481
983
{
1482
984
	struct servtab *sep;
1483
985
1484
986
	for (sep = servtab; sep; sep = sep->se_next) {
1485
987
		if (sep->se_fd == -1)
1486
988
			continue;
1487
989
1488
990
		switch (sep->se_family) {
1489
991
		case AF_UNIX:
1490
992
			(void)unlink(sep->se_service);
1491
993
			break;
1492
994
		case AF_INET:
1493
995
		case AF_INET6:
1494
996
			if (sep->se_wait == 1 && isrpcservice(sep))
1495
997
				unregister_rpc(sep);
1496
998
			break;
1497
999
		}
1498
1000
		(void)close(sep->se_fd);
1499
1001
	}
1500
1002
	(void)unlink(_PATH_INETDPID);
1501
1003
	exit(0);
1502
1004
}
1503
1005
1504
1006
void
1505
1007
setup(struct servtab *sep)
1506
1008
{
1507
1009
	int on = 1;
1508
1010
	int r;
1509
1011
	mode_t mask = 0;
1510
1012
1511
1013
	if ((sep->se_fd = socket(sep->se_family, sep->se_socktype, 0)) < 0) {
1512
1014
		syslog(LOG_ERR, "%s/%s: socket: %m",
1513
1015
		    sep->se_service, sep->se_proto);
1514
1016
		return;
1515
1017
	}
1516
1018
	if (strncmp(sep->se_proto, "tcp6", 4) == 0) {
1517
1019
		if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &on,
1518
1020
			    sizeof (on)) < 0)
1519
1021
			syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m");
1520
1022
	} else if (strncmp(sep->se_proto, "tcp46", 5) == 0) {
1521
1023
		int off = 0;
1522
1024
		if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &off,
1523
1025
			    sizeof (off)) < 0)
1524
1026
			syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m");
1525
1027
	}
1526
1028
#define	turnon(fd, opt) \
1527
1029
setsockopt(fd, SOL_SOCKET, opt, &on, sizeof (on))
1528
1030
	if (strncmp(sep->se_proto, "tcp", 3) == 0 && (options & SO_DEBUG) &&
1529
1031
	    turnon(sep->se_fd, SO_DEBUG) < 0)
1530
1032
		syslog(LOG_ERR, "setsockopt (SO_DEBUG): %m");
1531
1033
	if (turnon(sep->se_fd, SO_REUSEADDR) < 0)
1532
1034
		syslog(LOG_ERR, "setsockopt (SO_REUSEADDR): %m");
1533
1035
#undef turnon
1534
1036
	if (isrpcservice(sep)) {
1535
1037
		struct passwd *pwd;
1536
1038
1537
1039
		/*
1538
1040
		 * for RPC services, attempt to use a reserved port
1539
1041
		 * if they are going to be running as root.
1540
1042
		 *
1541
1043
		 * Also, zero out the port for all RPC services; let bind()
1542
1044
		 * find one.
1543
1045
		 */
1544
1046
		sep->se_ctrladdr_in.sin_port = 0;
1545
1047
		if (sep->se_user && (pwd = getpwnam(sep->se_user)) &&
1546
1048
		    pwd->pw_uid == 0 && uid == 0)
1547
1049
			r = bindresvport(sep->se_fd, &sep->se_ctrladdr_in);
1548
1050
		else {
1549
1051
			r = bind(sep->se_fd, &sep->se_ctrladdr,
1550
1052
			    sep->se_ctrladdr_size);
1551
1053
			if (r == 0) {
1552
1054
				socklen_t len = sep->se_ctrladdr_size;
1553
1055
				int saveerrno = errno;
1554
1056
1555
1057
				/* update se_ctrladdr_in.sin_port */
1556
1058
				r = getsockname(sep->se_fd, &sep->se_ctrladdr,
1557
1059
				    &len);
1558
1060
				if (r <= 0)
1559
1061
					errno = saveerrno;
1560
1062
			}
1561
1063
		}
1562
1064
	} else {
1563
1065
		if (sep->se_family == AF_UNIX)
1564
1066
			mask = umask(0111);
1565
1067
		r = bind(sep->se_fd, &sep->se_ctrladdr, sep->se_ctrladdr_size);
1566
1068
		if (sep->se_family == AF_UNIX)
1567
1069
			umask(mask);
1568
1070
	}
1569
1071
	if (r < 0) {
1570
1072
		syslog(LOG_ERR, "%s/%s: bind: %m",
1571
1073
		    sep->se_service, sep->se_proto);
1572
1074
		(void) close(sep->se_fd);
1573
1075
		sep->se_fd = -1;
1574
1076
		if (!timingout) {
1575
1077
			timingout = 1;
1576
1078
			alarm(RETRYTIME);
1577
1079
		}
1578
1080
		return;
1579
1081
	}
1580
1082
	if (sep->se_socktype == SOCK_STREAM)
1581
1083
		listen(sep->se_fd, global_queuelen);
1582
1084
1583
1085
	fd_grow(&allsockp, &allsockn, sep->se_fd);
1584
1086
	FD_SET(sep->se_fd, allsockp);
1585
1087
	nsock++;
1586
1088
	if (sep->se_fd > maxsock) {
1587
1089
		maxsock = sep->se_fd;
1588
1090
		if (maxsock > rlim_nofile_cur - FD_MARGIN)
1589
1091
			bump_nofile();
1590
1092
	}
1591
1093
}
1592
1094
1593
1095
void
1594
1096
register_rpc(struct servtab *sep)
1595
1097
{
1596
1098
	socklen_t n;
1597
1099
	struct sockaddr_in sin;
1598
1100
	struct protoent *pp;
1599
1101
1600
1102
	if ((pp = getprotobyname(sep->se_proto+4)) == NULL) {
1601
1103
		syslog(LOG_ERR, "%s: getproto: %m",
1602
1104
		    sep->se_proto);
1603
1105
		return;
1604
1106
	}
1605
1107
	n = sizeof sin;
1606
1108
	if (getsockname(sep->se_fd, (struct sockaddr *)&sin, &n) < 0) {
1607
1109
		syslog(LOG_ERR, "%s/%s: getsockname: %m",
1608
1110
		    sep->se_service, sep->se_proto);
1609
1111
		return;
1610
1112
	}
1611
1113
1612
1114
	for (n = sep->se_rpcversl; n <= sep->se_rpcversh; n++) {
1613
1115
		if (debug)
1614
1116
			fprintf(stderr, "pmap_set: %u %u %u %u\n",
1615
1117
			    sep->se_rpcprog, n, pp->p_proto,
1616
1118
			    ntohs(sin.sin_port));
1617
1119
		(void)pmap_unset(sep->se_rpcprog, n);
1618
1120
		if (!pmap_set(sep->se_rpcprog, n, pp->p_proto, ntohs(sin.sin_port)))
1619
1121
			syslog(LOG_ERR, "%s %s: pmap_set: %u %u %u %u: %m",
1620
1122
			    sep->se_service, sep->se_proto,
1621
1123
			    sep->se_rpcprog, n, pp->p_proto,
1622
1124
			    ntohs(sin.sin_port));
1623
1125
	}
1624
1126
}
1625
1127
1626
1128
void
1627
1129
unregister_rpc(struct servtab *sep)
1628
1130
{
1629
1131
	int n;
1630
1132
1631
1133
	for (n = sep->se_rpcversl; n <= sep->se_rpcversh; n++) {
1632
1134
		if (debug)
1633
1135
			fprintf(stderr, "pmap_unset(%u, %u)\n",
1634
1136
			    sep->se_rpcprog, n);
1635
1137
		if (!pmap_unset(sep->se_rpcprog, n))
1636
1138
			syslog(LOG_ERR, "pmap_unset(%u, %u)",
1637
1139
			    sep->se_rpcprog, n);
1638
1140
	}
1639
1141
}
1640
1142
1641
1143
1642
1144
struct servtab *
1643
1145
enter(struct servtab *cp)
1644
1146
{
1645
1147
	struct servtab *sep;
1646
1148
	sigset_t omask;
1647
1149
1648
1150
	sep = (struct servtab *)malloc(sizeof (*sep));
1649
1151
	if (sep == NULL) {
1650
1152
		syslog(LOG_ERR, "Out of memory.");
1651
1153
		exit(1);
1652
1154
	}
1653
1155
	*sep = *cp;
1654
1156
	sep->se_fd = -1;
1655
1157
	sep->se_rpcprog = -1;
1656
1158
	sigprocmask(SIG_BLOCK, &blockmask, &omask);
1657
1159
	sep->se_next = servtab;
1658
1160
	servtab = sep;
1659
1161
	sigprocmask(SIG_SETMASK, &omask, NULL);
1660
1162
	return (sep);
1661
1163
}
1662
1164
1663
1165
int
1664
1166
matchconf(struct servtab *old, struct servtab *new)
1665
1167
{
1666
1168
	if (strcmp(old->se_service, new->se_service) != 0)
1667
1169
		return (0);
1668
1170
1669
1171
	if (strcmp(old->se_hostaddr, new->se_hostaddr) != 0)
1670
1172
		return (0);
1671
1173
1672
1174
	if (strcmp(old->se_proto, new->se_proto) != 0)
1673
1175
		return (0);
1674
1176
1675
1177
	/*
1676
1178
	 * If the new servtab is bound to a specific address, check that the
1677
1179
	 * old servtab is bound to the same entry. If the new service is not
1678
1180
	 * bound to a specific address then the check of se_hostaddr above
1679
1181
	 * is sufficient.
1680
1182
	 */
1681
1183
1682
1184
	if (old->se_family == AF_INET && new->se_family == AF_INET &&
1683
1185
	    bcmp(&old->se_ctrladdr_in.sin_addr,
1684
1186
	    &new->se_ctrladdr_in.sin_addr,
1685
1187
	    sizeof(new->se_ctrladdr_in.sin_addr)) != 0)
1686
1188
		return (0);
1687
1189
1688
1190
	if (old->se_family == AF_INET6 && new->se_family == AF_INET6 &&
1689
1191
	    bcmp(&old->se_ctrladdr_in6.sin6_addr,
1690
1192
	    &new->se_ctrladdr_in6.sin6_addr,
1691
1193
	    sizeof(new->se_ctrladdr_in6.sin6_addr)) != 0)
1692
1194
		return (0);
1693
1195
	if (old->se_family == AF_INET6 && new->se_family == AF_INET6 &&
1694
1196
	    old->se_ctrladdr_in6.sin6_scope_id !=
1695
1197
	    new->se_ctrladdr_in6.sin6_scope_id)
1696
1198
		return (0);
1697
1199
1698
1200
	return (1);
1699
1201
}
1700
1202
1701
1203
FILE		*fconfig = NULL;
1702
1204
char		line[1024];
1703
1205
char		*defhost;
1704
1206
char		*skip(char **, int);
1705
1207
char		*nextline(FILE *);
1706
1208
char		*newstr(char *);
1707
1209
struct servtab	*dupconfig(struct servtab *);
1708
1210
1709
1211
int
1710
1212
setconfig(void)
1711
1213
{
1712
1214
	if (defhost)
1713
1215
		free(defhost);
1714
1216
	defhost = newstr("*");
1715
1217
	if (fconfig != NULL) {
1716
1218
		fseek(fconfig, 0L, SEEK_SET);
1717
1219
		return (1);
1718
1220
	}
1719
1221
	fconfig = fopen(CONFIG, "r");
1720
1222
	return (fconfig != NULL);
1721
1223
}
1722
1224
1723
1225
void
1724
1226
endconfig(void)
1725
1227
{
1726
1228
	if (fconfig) {
1727
1229
		(void) fclose(fconfig);
1728
1230
		fconfig = NULL;
1729
1231
	}
1730
1232
	if (defhost) {
1731
1233
		free(defhost);
1732
1234
		defhost = 0;
1733
1235
	}
1734
1236
}
1735
1237
1736
1238
struct servtab *
1737
1239
getconfigent(void)
1738
1240
{
1739
1241
	struct servtab *sep, *tsep;
1740
1242
	char *arg, *cp, *hostdelim, *s;
1741
1243
	int argc;
1742
1244
1743
1245
	sep = (struct servtab *) malloc(sizeof(struct servtab));
1744
1246
	if (sep == NULL) {
1745
1247
		syslog(LOG_ERR, "malloc: %m");
1746
1248
		exit(1);
1747
1249
	}
1748
1250
1749
1251
	memset(sep, 0, sizeof *sep);
1750
1252
more:
1751
1253
	freeconfig(sep);
1752
1254
1753
1255
	while ((cp = nextline(fconfig)) && *cp == '#')
1754
1256
		;
1755
1257
	if (cp == NULL) {
1756
1258
		free(sep);
1757
1259
		return (NULL);
1758
1260
	}
1759
1261
1760
1262
	memset(sep, 0, sizeof *sep);
1761
1263
	arg = skip(&cp, 0);
1762
1264
	if (arg == NULL) {
1763
1265
		/* A blank line. */
1764
1266
		goto more;
1765
1267
	}
1766
1268
1767
1269
	/* Check for a host name. */
1768
1270
	hostdelim = strrchr(arg, ':');
1769
1271
	if (hostdelim) {
1770
1272
		*hostdelim = '\0';
1771
1273
		if (arg[0] == '[' && hostdelim > arg && hostdelim[-1] == ']') {
1772
1274
			hostdelim[-1] = '\0';
1773
1275
			sep->se_hostaddr = newstr(arg + 1);
1774
1276
		} else if (hostdelim == arg)
1775
1277
			sep->se_hostaddr = newstr("*");
1776
1278
		else
1777
1279
			sep->se_hostaddr = newstr(arg);
1778
1280
		arg = hostdelim + 1;
1779
1281
		/*
1780
1282
		 * If the line is of the form `host:', then just change the
1781
1283
		 * default host for the following lines.
1782
1284
		 */
1783
1285
		if (*arg == '\0') {
1784
1286
			arg = skip(&cp, 0);
1785
1287
			if (cp == NULL) {
1786
1288
				free(defhost);
1787
1289
				defhost = newstr(sep->se_hostaddr);
1788
1290
				goto more;
1789
1291
			}
1790
1292
		}
1791
1293
	} else
1792
1294
		sep->se_hostaddr = newstr(defhost);
1793
1295
1794
1296
	sep->se_service = newstr(arg);
1795
1297
	if ((arg = skip(&cp, 1)) == NULL)
1796
1298
		goto more;
1797
1299
1798
1300
	if (strcmp(arg, "stream") == 0)
1799
1301
		sep->se_socktype = SOCK_STREAM;
1800
1302
	else if (strcmp(arg, "dgram") == 0)
1801
1303
		sep->se_socktype = SOCK_DGRAM;
1802
1304
	else if (strcmp(arg, "rdm") == 0)
1803
1305
		sep->se_socktype = SOCK_RDM;
1804
1306
	else if (strcmp(arg, "seqpacket") == 0)
1805
1307
		sep->se_socktype = SOCK_SEQPACKET;
1806
1308
	else if (strcmp(arg, "raw") == 0)
1807
1309
		sep->se_socktype = SOCK_RAW;
1808
1310
	else
1809
1311
		sep->se_socktype = -1;
1810
1312
1811
1313
	if ((arg = skip(&cp, 1)) == NULL)
1812
1314
		goto more;
1813
1315
1814
1316
	sep->se_proto = newstr(arg);
1815
1317
1816
1318
	if (strcmp(sep->se_proto, "unix") == 0) {
1817
1319
		sep->se_family = AF_UNIX;
1818
1320
	} else {
1819
1321
		int s;
1820
1322
1821
1323
		sep->se_family = AF_INET;
1822
1324
		if (sep->se_proto[strlen(sep->se_proto) - 1] == '6')
1823
1325
			sep->se_family = AF_INET6;
1824
1326
1825
1327
		/* check if the family is supported */
1826
1328
		s = socket(sep->se_family, SOCK_DGRAM, 0);
1827
1329
		if (s < 0) {
1828
1330
			syslog(LOG_WARNING, "%s/%s: %s: the address family is "
1829
1331
			    "not supported by the kernel", sep->se_service,
1830
1332
			    sep->se_proto, sep->se_hostaddr);
1831
1333
			goto more;
1832
1334
		}
1833
1335
		close(s);
1834
1336
1835
1337
		if (strncmp(sep->se_proto, "rpc/", 4) == 0) {
1836
1338
			char *cp, *ccp;
1837
1339
			long l;
1838
1340
1839
1341
			cp = strchr(sep->se_service, '/');
1840
1342
			if (cp == 0) {
1841
1343
				syslog(LOG_ERR, "%s: no rpc version",
1842
1344
				    sep->se_service);
1843
1345
				goto more;
1844
1346
			}
1845
1347
			*cp++ = '\0';
1846
1348
			l = strtol(cp, &ccp, 0);
1847
1349
			if (ccp == cp || l < 0 || l > INT_MAX) {
1848
1350
		badafterall:
1849
1351
				syslog(LOG_ERR, "%s/%s: bad rpc version",
1850
1352
				    sep->se_service, cp);
1851
1353
				goto more;
1852
1354
			}
1853
1355
			sep->se_rpcversl = sep->se_rpcversh = l;
1854
1356
			if (*ccp == '-') {
1855
1357
				cp = ccp + 1;
1856
1358
				l = strtol(cp, &ccp, 0);
1857
1359
				if (ccp == cp || l < 0 || l > INT_MAX ||
1858
1360
				    l < sep->se_rpcversl || *ccp)
1859
1361
					goto badafterall;
1860
1362
				sep->se_rpcversh = l;
1861
1363
			} else if (*ccp != '\0')
1862
1364
				goto badafterall;
1863
1365
		}
1864
1366
	}
1865
1367
	arg = skip(&cp, 1);
1866
1368
	if (arg == NULL)
1867
1369
		goto more;
1868
1370
1869
1371
	s = strchr(arg, '.');
1870
1372
	if (s) {
1871
1373
		char *p;
1872
1374
1873
1375
		*s++ = '\0';
1874
1376
		sep->se_max = strtoul(s, &p, 0);
1875
1377
		if (sep->se_max < 1 || *p) {
1876
1378
			syslog(LOG_ERR,
1877
1379
			    "%s: illegal max field \"%s\", setting to %d",
1878
1380
			    sep->se_service, s, toomany);
1879
1381
			sep->se_max = toomany;
1880
1382
		}
1881
1383
	} else
1882
1384
		sep->se_max = toomany;
1883
1385
1884
1386
	sep->se_wait = strcmp(arg, "wait") == 0;
1885
1387
	if ((arg = skip(&cp, 1)) == NULL)
1886
1388
		goto more;
1887
1389
	sep->se_user = newstr(arg);
1888
1390
	arg = strchr(sep->se_user, '.');
1889
1391
	if (arg == NULL)
1890
1392
		arg = strchr(sep->se_user, ':');
1891
1393
	if (arg) {
1892
1394
		*arg++ = '\0';
1893
1395
		sep->se_group = newstr(arg);
1894
1396
	}
1895
1397
	if ((arg = skip(&cp, 1)) == NULL)
1896
1398
		goto more;
1897
1399
1898
1400
	sep->se_server = newstr(arg);
1899
1401
	if (strcmp(sep->se_server, "internal") == 0) {
1900
1402
		struct biltin *bi;
1901
1403
1902
1404
		for (bi = biltins; bi->bi_service; bi++)
1903
1405
			if (bi->bi_socktype == sep->se_socktype &&
1904
1406
			    strcmp(bi->bi_service, sep->se_service) == 0)
1905
1407
				break;
1906
1408
		if (bi->bi_service == 0) {
1907
1409
			syslog(LOG_ERR, "internal service %s unknown",
1908
1410
			    sep->se_service);
1909
1411
			goto more;
1910
1412
		}
1911
1413
		sep->se_bi = bi;
1912
1414
		sep->se_wait = bi->bi_wait;
1913
1415
	} else
1914
1416
		sep->se_bi = NULL;
1915
1417
	argc = 0;
1916
1418
	for (arg = skip(&cp, 0); cp; arg = skip(&cp, 0)) {
1917
1419
		if (argc < MAXARGV)
1918
1420
			sep->se_argv[argc++] = newstr(arg);
1919
1421
	}
1920
1422
	if (argc == 0 && sep->se_bi == NULL) {
1921
1423
		if ((arg = strrchr(sep->se_server, '/')) != NULL)
1922
1424
			arg++;
1923
1425
		else
1924
1426
			arg = sep->se_server;
1925
1427
		sep->se_argv[argc++] = newstr(arg);
1926
1428
	}
1927
1429
	while (argc <= MAXARGV)
1928
1430
		sep->se_argv[argc++] = NULL;
1929
1431
1930
1432
	/*
1931
1433
	 * Resolve each hostname in the se_hostaddr list (if any)
1932
1434
	 * and create a new entry for each resolved address.
1933
1435
	 */
1934
1436
	if (sep->se_hostaddr != NULL && strcmp(sep->se_proto, "unix") != 0) {
1935
1437
		struct addrinfo hints, *res0, *res;
1936
1438
		char *host, *hostlist0, *hostlist, *port;
1937
1439
		int error;
1938
1440
1939
1441
		hostlist = hostlist0 = sep->se_hostaddr;
1940
1442
		sep->se_hostaddr = NULL;
1941
1443
		sep->se_checked = -1;
1942
1444
		while ((host = strsep(&hostlist, ",")) != NULL) {
1943
1445
			if (*host == '\0')
1944
1446
				continue;
1945
1447
1946
1448
			memset(&hints, 0, sizeof(hints));
1947
1449
			hints.ai_family = sep->se_family;
1948
1450
			hints.ai_socktype = sep->se_socktype;
1949
1451
			hints.ai_flags = AI_PASSIVE;
1950
1452
			port = "0";
1951
1453
			/* XXX shortened IPv4 syntax is now forbidden */
1952
1454
			error = getaddrinfo(strcmp(host, "*") ? host : NULL,
1953
1455
			    port, &hints, &res0);
1954
1456
			if (error) {
1955
1457
				syslog(LOG_ERR, "%s/%s: %s: %s",
1956
1458
				    sep->se_service, sep->se_proto,
1957
1459
				    host, gai_strerror(error));
1958
1460
				continue;
1959
1461
			}
1960
1462
			for (res = res0; res; res = res->ai_next) {
1961
1463
				if (res->ai_addrlen >
1962
1464
				    sizeof(sep->se_ctrladdr_storage))
1963
1465
					continue;
1964
1466
				/*
1965
1467
				 * If sep is unused, store host in there.
1966
1468
				 * Otherwise, dup a new entry and prepend it.
1967
1469
				 */
1968
1470
				if (sep->se_checked == -1) {
1969
1471
					sep->se_checked = 0;
1970
1472
				} else {
1971
1473
					tsep = dupconfig(sep);
1972
1474
					tsep->se_next = sep;
1973
1475
					sep = tsep;
1974
1476
				}
1975
1477
				sep->se_hostaddr = newstr(host);
1976
1478
				memcpy(&sep->se_ctrladdr_storage,
1977
1479
				    res->ai_addr, res->ai_addrlen);
1978
1480
				sep->se_ctrladdr_size = res->ai_addrlen;
1979
1481
			}
1980
1482
			freeaddrinfo(res0);
1981
1483
		}
1982
1484
		free(hostlist0);
1983
1485
		if (sep->se_checked == -1)
1984
1486
			goto more;	/* no resolvable names/addresses */
1985
1487
	}
1986
1488
1987
1489
	return (sep);
1988
1490
}
1989
1491
1990
1492
void
1991
1493
freeconfig(struct servtab *cp)
1992
1494
{
1993
1495
	int i;
1994
1496
1995
1497
	free(cp->se_hostaddr);
1996
1498
	cp->se_hostaddr = NULL;
1997
1499
	free(cp->se_service);
1998
1500
	cp->se_service = NULL;
1999
1501
	free(cp->se_proto);
2000
1502
	cp->se_proto = NULL;
2001
1503
	free(cp->se_user);
2002
1504
	cp->se_user = NULL;
2003
1505
	free(cp->se_group);
2004
1506
	cp->se_group = NULL;
2005
1507
	free(cp->se_server);
2006
1508
	cp->se_server = NULL;
2007
1509
	for (i = 0; i < MAXARGV; i++) {
2008
1510
		free(cp->se_argv[i]);
2009
1511
		cp->se_argv[i] = NULL;
2010
1512
	}
2011
1513
}
2012
1514
2013
1515
char *
2014
1516
skip(char **cpp, int report)
2015
1517
{
2016
1518
	char *cp = *cpp;
2017
1519
	char *start;
2018
1520
2019
1521
erp:
2020
1522
	if (*cpp == NULL) {
2021
1523
		if (report)
2022
1524
			syslog(LOG_ERR, "syntax error in inetd config file");
2023
1525
		return (NULL);
2024
1526
	}
2025
1527
2026
1528
again:
2027
1529
	while (*cp == ' ' || *cp == '\t')
2028
1530
		cp++;
2029
1531
	if (*cp == '\0') {
2030
1532
		int c;
2031
1533
2032
1534
		c = getc(fconfig);
2033
1535
		(void) ungetc(c, fconfig);
2034
1536
		if (c == ' ' || c == '\t')
2035
1537
			if ((cp = nextline(fconfig)))
2036
1538
				goto again;
2037
1539
		*cpp = NULL;
2038
1540
		goto erp;
2039
1541
	}
2040
1542
	start = cp;
2041
1543
	while (*cp && *cp != ' ' && *cp != '\t')
2042
1544
		cp++;
2043
1545
	if (*cp != '\0')
2044
1546
		*cp++ = '\0';
2045
1547
	if ((*cpp = cp) == NULL)
2046
1548
		goto erp;
2047
1549
2048
1550
	return (start);
2049
1551
}
2050
1552
2051
1553
char *
2052
1554
nextline(FILE *fd)
2053
1555
{
2054
1556
	if (fgets(line, sizeof (line), fd) == NULL)
2055
1557
		return (NULL);
2056
1558
	line[strcspn(line, "\n")] = '\0';
2057
1559
	return (line);
2058
1560
}
2059
1561
2060
1562
char *
2061
1563
newstr(char *cp)
2062
1564
{
2063
1565
	if ((cp = strdup(cp ? cp : "")))
2064
1566
		return(cp);
2065
1567
	syslog(LOG_ERR, "strdup: %m");
2066
1568
	exit(1);
2067
1569
}
2068
1570
2069
1571
struct servtab *
2070
1572
dupconfig(struct servtab *sep)
2071
1573
{
2072
1574
	struct servtab *newtab;
2073
1575
	int argc;
2074
1576
2075
1577
	newtab = (struct servtab *) malloc(sizeof(struct servtab));
2076
1578
2077
1579
	if (newtab == NULL) {
2078
1580
		syslog(LOG_ERR, "malloc: %m");
2079
1581
		exit(1);
2080
1582
	}
2081
1583
2082
1584
	memset(newtab, 0, sizeof(struct servtab));
2083
1585
2084
1586
	newtab->se_service = sep->se_service ? newstr(sep->se_service) : NULL;
2085
1587
	newtab->se_socktype = sep->se_socktype;
2086
1588
	newtab->se_family = sep->se_family;
2087
1589
	newtab->se_proto = sep->se_proto ? newstr(sep->se_proto) : NULL;
2088
1590
	newtab->se_rpcprog = sep->se_rpcprog;
2089
1591
	newtab->se_rpcversl = sep->se_rpcversl;
2090
1592
	newtab->se_rpcversh = sep->se_rpcversh;
2091
1593
	newtab->se_wait = sep->se_wait;
2092
1594
	newtab->se_user = sep->se_user ? newstr(sep->se_user) : NULL;
2093
1595
	newtab->se_group = sep->se_group ? newstr(sep->se_group) : NULL;
2094
1596
	newtab->se_bi = sep->se_bi;
2095
1597
	newtab->se_server = sep->se_server ? newstr(sep->se_server) : 0;
2096
1598
2097
1599
	for (argc = 0; argc <= MAXARGV; argc++)
2098
1600
		newtab->se_argv[argc] = sep->se_argv[argc] ?
2099
1601
		    newstr(sep->se_argv[argc]) : NULL;
2100
1602
	newtab->se_max = sep->se_max;
2101
1603
2102
1604
	return (newtab);
2103
1605
}
2104
1606
2105
1607
void
2106
1608
inetd_setproctitle(char *a, int s)
2107
1609
{
2108
1610
	socklen_t size;
2109
1611
	struct sockaddr_storage ss;
2110
1612
	char hbuf[NI_MAXHOST];
2111
1613
2112
1614
	size = sizeof(ss);
2113
1615
	if (getpeername(s, (struct sockaddr *)&ss, &size) == 0) {
2114
1616
		if (getnameinfo((struct sockaddr *)&ss, size, hbuf,
2115
1617
		    sizeof(hbuf), NULL, 0, NI_NUMERICHOST) == 0)
2116
1618
			setproctitle("-%s [%s]", a, hbuf);
2117
1619
		else
2118
1620
			setproctitle("-%s [?]", a);
2119
1621
	} else
2120
1622
		setproctitle("-%s", a);
2121
1623
}
2122
1624
2123
1625
void
2124
1626
logpid(void)
2125
1627
{
2126
1628
	FILE *fp;
2127
1629
2128
1630
	if ((fp = fopen(_PATH_INETDPID, "w")) != NULL) {
2129
1631
		fprintf(fp, "%ld\n", (long)getpid());
2130
1632
		(void)fclose(fp);
2131
1633
	}
2132
1634
}
2133
1635
2134
1636
int
2135
1637
bump_nofile(void)
2136
1638
{
2137
1639
#define FD_CHUNK	32
2138
1640
2139
1641
	struct rlimit rl;
2140
1642
2141
1643
	if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
2142
1644
		syslog(LOG_ERR, "getrlimit: %m");
2143
1645
		return -1;
2144
1646
	}
2145
1647
	rl.rlim_cur = MIN(rl.rlim_max, rl.rlim_cur + FD_CHUNK);
2146
1648
	rl.rlim_cur = MIN(FD_SETSIZE, rl.rlim_cur + FD_CHUNK);
2147
1649
	if (rl.rlim_cur <= rlim_nofile_cur) {
2148
1650
		syslog(LOG_ERR,
2149
1651
		    "bump_nofile: cannot extend file limit, max = %d",
2150
1652
		    (int)rl.rlim_cur);
2151
1653
		return -1;
2152
1654
	}
2153
1655
2154
1656
	if (setrlimit(RLIMIT_NOFILE, &rl) < 0) {
2155
1657
		syslog(LOG_ERR, "setrlimit: %m");
2156
1658
		return -1;
2157
1659
	}
2158
1660
2159
1661
	rlim_nofile_cur = rl.rlim_cur;
2160
1662
	return 0;
2161
1663
}
2162
1664
2163
1665
/*
2164
1666
 * Internet services provided internally by inetd:
2165
1667
 */
2166
1668
#define	BUFSIZE	4096
2167
1669
2168
1670
/* ARGSUSED */
2169
1671
void
2170
1672
echo_stream(int s, struct servtab *sep)
2171
1673
{
2172
1674
	char buffer[BUFSIZE];
2173
1675
	int i;
2174
1676
2175
1677
	inetd_setproctitle(sep->se_service, s);
2176
1678
	while ((i = read(s, buffer, sizeof(buffer))) > 0 &&
2177
1679
	    write(s, buffer, i) > 0)
2178
1680
		;
2179
1681
	exit(0);
2180
1682
}
2181
1683
2182
1684
/* ARGSUSED */
2183
1685
void
2184
1686
echo_dg(int s, struct servtab *sep)
2185
1687
{
2186
1688
	char buffer[BUFSIZE];
2187
1689
	int i;
2188
1690
	socklen_t size;
2189
1691
	struct sockaddr_storage ss;
2190
1692
2191
1693
	size = sizeof(ss);
2192
1694
	if ((i = recvfrom(s, buffer, sizeof(buffer), 0,
2193
1695
	    (struct sockaddr *)&ss, &size)) < 0)
2194
1696
		return;
2195
1697
	if (dg_badinput((struct sockaddr *)&ss))
2196
1698
		return;
2197
1699
	(void) sendto(s, buffer, i, 0, (struct sockaddr *)&ss, size);
2198
1700
}
2199
1701
2200
1702
/* ARGSUSED */
2201
1703
void
2202
1704
discard_stream(int s, struct servtab *sep)
2203
1705
{
2204
1706
	char buffer[BUFSIZE];
2205
1707
2206
1708
	inetd_setproctitle(sep->se_service, s);
2207
1709
	while ((errno = 0, read(s, buffer, sizeof(buffer)) > 0) ||
2208
1710
	    errno == EINTR)
2209
1711
		;
2210
1712
	exit(0);
2211
1713
}
2212
1714
2213
1715
/* ARGSUSED */
2214
1716
void
2215
1717
discard_dg(int s, struct servtab *sep)
2216
1718
{
2217
1719
	char buffer[BUFSIZE];
2218
1720
2219
1721
	(void) read(s, buffer, sizeof(buffer));
2220
1722
}
2221
1723
2222
1724
#include <ctype.h>
2223
1725
#define LINESIZ 72
2224
1726
char ring[128];
2225
1727
char *endring;
2226
1728
2227
1729
void
2228
1730
initring(void)
2229
1731
{
2230
1732
	int i;
2231
1733
2232
1734
	endring = ring;
2233
1735
2234
1736
	for (i = 0; i <= sizeof ring; ++i)
2235
1737
		if (isprint(i))
2236
1738
			*endring++ = i;
2237
1739
}
2238
1740
2239
1741
/* ARGSUSED */
2240
1742
void
2241
1743
chargen_stream(int s, struct servtab *sep)
2242
1744
{
2243
1745
	char *rs;
2244
1746
	int len;
2245
1747
	char text[LINESIZ+2];
2246
1748
2247
1749
	inetd_setproctitle(sep->se_service, s);
2248
1750
2249
1751
	if (!endring) {
2250
1752
		initring();
2251
1753
		rs = ring;
2252
1754
	}
2253
1755
2254
1756
	text[LINESIZ] = '\r';
2255
1757
	text[LINESIZ + 1] = '\n';
2256
1758
	for (rs = ring;;) {
2257
1759
		if ((len = endring - rs) >= LINESIZ)
2258
1760
			memmove(text, rs, LINESIZ);
2259
1761
		else {
2260
1762
			memmove(text, rs, len);
2261
1763
			memmove(text + len, ring, LINESIZ - len);
2262
1764
		}
2263
1765
		if (++rs == endring)
2264
1766
			rs = ring;
2265
1767
		if (write(s, text, sizeof(text)) != sizeof(text))
2266
1768
			break;
2267
1769
	}
2268
1770
	exit(0);
2269
1771
}
2270
1772
2271
1773
/* ARGSUSED */
2272
1774
void
2273
1775
chargen_dg(int s, struct servtab *sep)
2274
1776
{
2275
1777
	struct sockaddr_storage ss;
2276
1778
	static char *rs;
2277
1779
	int len;
2278
1780
	socklen_t size;
2279
1781
	char text[LINESIZ+2];
2280
1782
2281
1783
	if (endring == 0) {
2282
1784
		initring();
2283
1785
		rs = ring;
2284
1786
	}
2285
1787
2286
1788
	size = sizeof(ss);
2287
1789
	if (recvfrom(s, text, sizeof(text), 0, (struct sockaddr *)&ss,
2288
1790
	    &size) < 0)
2289
1791
		return;
2290
1792
	if (dg_badinput((struct sockaddr *)&ss))
2291
1793
		return;
2292
1794
2293
1795
	if ((len = endring - rs) >= LINESIZ)
2294
1796
		memmove(text, rs, LINESIZ);
2295
1797
	else {
2296
1798
		memmove(text, rs, len);
2297
1799
		memmove(text + len, ring, LINESIZ - len);
2298
1800
	}
2299
1801
	if (++rs == endring)
2300
1802
		rs = ring;
2301
1803
	text[LINESIZ] = '\r';
2302
1804
	text[LINESIZ + 1] = '\n';
2303
1805
	(void) sendto(s, text, sizeof(text), 0, (struct sockaddr *)&ss, size);
2304
1806
}
2305
1807
2306
1808
/*
2307
1809
 * Return a machine readable date and time, in the form of the
2308
1810
 * number of seconds since midnight, Jan 1, 1900.  Since gettimeofday
2309
1811
 * returns the number of seconds since midnight, Jan 1, 1970,
2310
1812
 * we must add 2208988800 seconds to this figure to make up for
2311
1813
 * some seventy years Bell Labs was asleep.
2312
1814
 */
2313
1815
u_int32_t
2314
1816
machtime(void)
2315
1817
{
2316
1818
	struct timeval tv;
2317
1819
2318
1820
	if (gettimeofday(&tv, NULL) < 0)
2319
1821
		return (0L);
2320
1822
2321
1823
	return (htonl((u_int32_t)tv.tv_sec + 2208988800UL));
2322
1824
}
2323
1825
2324
1826
/* ARGSUSED */
2325
1827
void
2326
1828
machtime_stream(s, sep)
2327
1829
	int s;
2328
1830
	struct servtab *sep;
2329
1831
{
2330
1832
	u_int32_t result;
2331
1833
2332
1834
	result = machtime();
2333
1835
	(void) write(s, &result, sizeof(result));
2334
1836
}
2335
1837
2336
1838
/* ARGSUSED */
2337
1839
void
2338
1840
machtime_dg(int s, struct servtab *sep)
2339
1841
{
2340
1842
	u_int32_t result;
2341
1843
	struct sockaddr_storage ss;
2342
1844
	socklen_t size;
2343
1845
2344
1846
	size = sizeof(ss);
2345
1847
	if (recvfrom(s, &result, sizeof(result), 0,
2346
1848
	    (struct sockaddr *)&ss, &size) < 0)
2347
1849
		return;
2348
1850
	if (dg_badinput((struct sockaddr *)&ss))
2349
1851
		return;
2350
1852
	result = machtime();
2351
1853
	(void) sendto(s, &result, sizeof(result), 0,
2352
1854
	    (struct sockaddr *)&ss, size);
2353
1855
}
2354
1856
2355
1857
/* Return human-readable time of day */
2356
1858
/* ARGSUSED */
2357
1859
void
2358
1860
daytime_stream(int s, struct servtab *sep)
2359
1861
{
2360
1862
	char buffer[256];
2361
1863
	time_t clock;
2362
1864
2363
1865
	clock = time(NULL);
2364
1866
2365
1867
	(void) snprintf(buffer, sizeof buffer, "%.24s\r\n", ctime(&clock));
2366
1868
	(void) write(s, buffer, strlen(buffer));
2367
1869
}
2368
1870
2369
1871
/* Return human-readable time of day */
2370
1872
/* ARGSUSED */
2371
1873
void
2372
1874
daytime_dg(int s, struct servtab *sep)
2373
1875
{
2374
1876
	char buffer[256];
2375
1877
	time_t clock;
2376
1878
	struct sockaddr_storage ss;
2377
1879
	socklen_t size;
2378
1880
2379
1881
	clock = time(NULL);
2380
1882
2381
1883
	size = sizeof(ss);
2382
1884
	if (recvfrom(s, buffer, sizeof(buffer), 0, (struct sockaddr *)&ss,
2383
1885
	    &size) < 0)
2384
1886
		return;
2385
1887
	if (dg_badinput((struct sockaddr *)&ss))
2386
1888
		return;
2387
1889
	(void) snprintf(buffer, sizeof buffer, "%.24s\r\n", ctime(&clock));
2388
1890
	(void) sendto(s, buffer, strlen(buffer), 0, (struct sockaddr *)&ss,
2389
1891
	    size);
2390
1892
}
2391
1893
2392
1894
/*
2393
1895
 * print_service:
2394
1896
 *	Dump relevant information to stderr
2395
1897
 */
2396
1898
void
2397
1899
print_service(char *action, struct servtab *sep)
2398
1900
{
2399
1901
	if (strcmp(sep->se_hostaddr, "*") == 0)
2400
1902
		fprintf(stderr, "%s: %s ", action, sep->se_service);
2401
1903
	else
2402
1904
		fprintf(stderr, "%s: %s:%s ", action, sep->se_hostaddr,
2403
1905
		    sep->se_service);
2404
1906
2405
1907
	if (isrpcservice(sep))
2406
1908
		fprintf(stderr, "rpcprog=%d, rpcvers=%d/%d, proto=%s,",
2407
1909
		    sep->se_rpcprog, sep->se_rpcversh,
2408
1910
		    sep->se_rpcversl, sep->se_proto);
2409
1911
	else
2410
1912
		fprintf(stderr, "proto=%s,", sep->se_proto);
2411
1913
2412
1914
	fprintf(stderr,
2413
1915
	    " wait.max=%hd.%d user:group=%s:%s builtin=%lx server=%s\n",
2414
1916
	    sep->se_wait, sep->se_max, sep->se_user,
2415
1917
	    sep->se_group ? sep->se_group : "(default)",
2416
1918
	    (long)sep->se_bi, sep->se_server);
2417
1919
}
2418
1920
2419
1921
void
2420
1922
spawn(struct servtab *sep, int ctrl)
2421
1923
{
2422
1924
	struct passwd *pwd;
2423
1925
	int tmpint, dofork;
2424
1926
	struct group *grp = NULL;
2425
1927
	char buf[50];
2426
1928
	pid_t pid;
2427
1929
2428
1930
	pid = 0;
2429
1931
	dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork);
2430
1932
	if (dofork) {
2431
1933
		if (sep->se_count++ == 0)
2432
1934
		    (void)gettimeofday(&sep->se_time, NULL);
2433
1935
		else if (sep->se_count >= sep->se_max) {
2434
1936
			struct timeval now;
2435
1937
2436
1938
			(void)gettimeofday(&now, NULL);
2437
1939
			if (now.tv_sec - sep->se_time.tv_sec >
2438
1940
			    CNT_INTVL) {
2439
1941
				sep->se_time = now;
2440
1942
				sep->se_count = 1;
2441
1943
			} else {
2442
1944
				if (!sep->se_wait &&
2443
1945
				    sep->se_socktype == SOCK_STREAM)
2444
1946
					close(ctrl);
2445
1947
				if (sep->se_family == AF_INET &&
2446
1948
				    ntohs(sep->se_ctrladdr_in.sin_port) >=
2447
1949
				    IPPORT_RESERVED) {
2448
1950
					/*
2449
1951
					 * Cannot close it -- there are
2450
1952
					 * thieves on the system.
2451
1953
					 * Simply ignore the connection.
2452
1954
					 */
2453
1955
					--sep->se_count;
2454
1956
					sigprocmask(SIG_SETMASK, &emptymask,
2455
1957
					    NULL);
2456
1958
					return;
2457
1959
				}
2458
1960
				syslog(LOG_ERR,
2459
1961
				    "%s/%s server failing (looping), service terminated for %d min",
2460
1962
				    sep->se_service, sep->se_proto,
2461
1963
				    RETRYTIME/60);
2462
1964
				if (!sep->se_wait &&
2463
1965
				    sep->se_socktype == SOCK_STREAM)
2464
1966
					close(ctrl);
2465
1967
				FD_CLR(sep->se_fd, allsockp);
2466
1968
				(void) close(sep->se_fd);
2467
1969
				sep->se_fd = -1;
2468
1970
				sep->se_count = 0;
2469
1971
				nsock--;
2470
1972
				sigprocmask(SIG_SETMASK, &emptymask,
2471
1973
				    NULL);
2472
1974
				if (!timingout) {
2473
1975
					timingout = 1;
2474
1976
					alarm(RETRYTIME);
2475
1977
				}
2476
1978
				return;
2477
1979
			}
2478
1980
		}
2479
1981
		pid = fork();
2480
1982
	}
2481
1983
	if (pid < 0) {
2482
1984
		syslog(LOG_ERR, "fork: %m");
2483
1985
		if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
2484
1986
			close(ctrl);
2485
1987
		sigprocmask(SIG_SETMASK, &emptymask, NULL);
2486
1988
		sleep(1);
2487
1989
		return;
2488
1990
	}
2489
1991
	if (pid && sep->se_wait) {
2490
1992
		sep->se_wait = pid;
2491
1993
		FD_CLR(sep->se_fd, allsockp);
2492
1994
		nsock--;
2493
1995
	}
2494
1996
	sigprocmask(SIG_SETMASK, &emptymask, NULL);
2495
1997
	if (pid == 0) {
2496
1998
#ifdef LIBWRAP
2497
1999
		if (lflag && !sep->se_wait && sep->se_socktype == SOCK_STREAM) {
2498
2000
			struct request_info req;
2499
2001
			char *service;
2500
2002
2501
2003
			/* do not execute tcpd if it is in the config */
2502
2004
			if (strcmp(sep->se_server, "/usr/sbin/tcpd") == 0) {
2503
2005
				char *p, *name;
2504
2006
2505
2007
				free(sep->se_server);
2506
2008
				name = sep->se_server = sep->se_argv[0];
2507
2009
				for (p = name; *p; p++)
2508
2010
					if (*p == '/')
2509
2011
						name = p + 1;
2510
2012
				sep->se_argv[0] = newstr(name);
2511
2013
			}
2512
2014
2513
2015
			request_init(&req, RQ_DAEMON, sep->se_argv[0],
2514
2016
			    RQ_FILE, ctrl, NULL);
2515
2017
			fromhost(&req);
2516
2018
			if (getnameinfo(&sep->se_ctrladdr,
2517
2019
			    sizeof(sep->se_ctrladdr), NULL, 0, buf,
2518
2020
			    sizeof(buf), 0) != 0) {
2519
2021
				/* shouldn't happen */
2520
2022
				snprintf(buf, sizeof buf, "%d",
2521
2023
				    ntohs(sep->se_ctrladdr_in.sin_port));
2522
2024
			}
2523
2025
			service = buf;
2524
2026
			if (!hosts_access(&req)) {
2525
2027
				syslog(deny_severity, "refused connection"
2526
2028
				    " from %.500s, service %s (%s)",
2527
2029
				    eval_client(&req), service, sep->se_proto);
2528
2030
				if (sep->se_socktype != SOCK_STREAM)
2529
2031
					recv(0, buf, sizeof (buf), 0);
2530
2032
				exit(1);
2531
2033
			}
2532
2034
			syslog(allow_severity,
2533
2035
			    "connection from %.500s, service %s (%s)",
2534
2036
			    eval_client(&req), service, sep->se_proto);
2535
2037
		}
2536
2038
#endif
2537
2039
		if (sep->se_bi)
2538
2040
			(*sep->se_bi->bi_fn)(ctrl, sep);
2539
2041
		else {
2540
2042
			if ((pwd = getpwnam(sep->se_user)) == NULL) {
2541
2043
				syslog(LOG_ERR,
2542
2044
				    "getpwnam: %s: No such user",
2543
2045
				    sep->se_user);
2544
2046
				if (sep->se_socktype != SOCK_STREAM)
2545
2047
					recv(0, buf, sizeof (buf), 0);
2546
2048
				exit(1);
2547
2049
			}
2548
2050
			if (setsid() <0)
2549
2051
				syslog(LOG_ERR, "%s: setsid: %m",
2550
2052
				    sep->se_service);
2551
2053
			if (sep->se_group &&
2552
2054
			    (grp = getgrnam(sep->se_group)) == NULL) {
2553
2055
				syslog(LOG_ERR,
2554
2056
				    "getgrnam: %s: No such group",
2555
2057
				    sep->se_group);
2556
2058
				if (sep->se_socktype != SOCK_STREAM)
2557
2059
					recv(0, buf, sizeof (buf), 0);
2558
2060
				exit(1);
2559
2061
			}
2560
2062
			if (uid != 0) {
2561
2063
				/* a user running private inetd */
2562
2064
				if (uid != pwd->pw_uid)
2563
2065
					exit(1);
2564
2066
			} else {
2565
2067
#ifdef HAVE_SETUSERCONTEXT
2566
2068
				tmpint = LOGIN_SETALL &
2567
2069
				    ~(LOGIN_SETGROUP|LOGIN_SETLOGIN);
2568
2070
				if (pwd->pw_uid)
2569
2071
					tmpint |= LOGIN_SETGROUP|LOGIN_SETLOGIN;
2570
2072
				if (sep->se_group) {
2571
2073
					pwd->pw_gid = grp->gr_gid;
2572
2074
					tmpint |= LOGIN_SETGROUP;
2573
2075
				}
2574
2076
				if (setusercontext(NULL, pwd, pwd->pw_uid,
2575
2077
				    tmpint) < 0) {
2576
2078
					syslog(LOG_ERR,
2577
2079
					    "%s/%s: setusercontext: %m",
2578
2080
					    sep->se_service, sep->se_proto);
2579
2081
					exit(1);
2580
2082
				}
2581
2083
#else
2582
2084
				/* what about setpriority(2), setrlimit(2),
2583
2085
				 * and umask(2)? The $PATH is cleared.
2584
2086
				 */
2585
2087
				if (pwd->pw_uid) {
2586
2088
				    if (sep->se_group)
2587
2089
					pwd->pw_gid = grp->gr_gid;
2588
2090
				    if (setgid(pwd->pw_gid) < 0) {
2589
2091
					syslog(LOG_ERR,
2590
2092
					    "%s/%s: can't set gid %d: %m",
2591
2093
					    sep->se_service, sep->se_proto,
2592
2094
					    pwd->pw_gid);
2593
2095
					exit(1);
2594
2096
				    }
2595
2097
				    if (initgroups(pwd->pw_name, pwd->pw_gid)
2596
2098
					    < 0) {
2597
2099
					syslog(LOG_ERR,
2598
2100
					    "%s/%s: can't initgroups(%s): %m",
2599
2101
					    sep->se_service, sep->se_proto,
2600
2102
					    pwd->pw_name);
2601
2103
					exit(1);
2602
2104
				    }
2603
2105
				    if (setuid(pwd->pw_uid) < 0) {
2604
2106
					syslog(LOG_ERR,
2605
2107
						"%s/%s: can't set uid %d: %m",
2606
2108
						sep->se_service, sep->se_proto,
2607
2109
						pwd->pw_uid);
2608
2110
					exit(1);
2609
2111
				    }
2610
2112
				} else if (sep->se_group) {
2611
2113
				    if (setgid(pwd->pw_gid) < 0) {
2612
2114
					syslog(LOG_ERR,
2613
2115
					    "%s/%s: can't set gid %d: %m",
2614
2116
					    sep->se_service, sep->se_proto,
2615
2117
					    pwd->pw_gid);
2616
2118
					exit(1);
2617
2119
				    }
2618
2120
				    if (initgroups(pwd->pw_name, pwd->pw_gid)
2619
2121
					    < 0) {
2620
2122
					syslog(LOG_ERR,
2621
2123
					    "%s/%s: can't initgroups(%s): %m",
2622
2124
					    sep->se_service, sep->se_proto,
2623
2125
					    pwd->pw_name);
2624
2126
					exit(1);
2625
2127
				    }
2626
2128
				}
2627
2129
#endif
2628
2130
			}
2629
2131
			if (debug)
2630
2132
				fprintf(stderr, "%ld execv %s\n",
2631
2133
				    (long)getpid(), sep->se_server);
2632
2134
			if (ctrl != STDIN_FILENO) {
2633
2135
				dup2(ctrl, STDIN_FILENO);
2634
2136
				close(ctrl);
2635
2137
			}
2636
2138
			dup2(STDIN_FILENO, STDOUT_FILENO);
2637
2139
			dup2(STDIN_FILENO, STDERR_FILENO);
2638
2140
			closelog();
2639
2141
			closefrom(3);
2640
2142
			sigaction(SIGPIPE, &sapipe, NULL);
2641
2143
			execv(sep->se_server, sep->se_argv);
2642
2144
			if (sep->se_socktype != SOCK_STREAM)
2643
2145
				recv(0, buf, sizeof (buf), 0);
2644
2146
			syslog(LOG_ERR, "execv %s: %m", sep->se_server);
2645
2147
			exit(1);
2646
2148
		}
2647
2149
	}
2648
2150
	if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
2649
2151
		close(ctrl);
2650
2152
}
2651
2153
2652
2154
/* from netkit+USAGI */
2653
2155
void
2654
2156
discard_stupid_environment(void)
2655
2157
{
2656
2158
	static const char *const junk[] = {
2657
2159
		/* these are prefixes */
2658
2160
		"CVS",
2659
2161
		"DISPLAY=",
2660
2162
		"EDITOR=",
2661
2163
		"GROUP=",
2662
2164
		"HOME=",
2663
2165
		"IFS=",
2664
2166
		"LD_",
2665
2167
		"LOGNAME=",
2666
2168
		"MAIL=",
2667
2169
		"PATH=",
2668
2170
		"PRINTER=",
2669
2171
		"PWD=",
2670
2172
		"SHELL=",
2671
2173
		"SHLVL=",
2672
2174
		"SSH",
2673
2175
		"TERM",
2674
2176
		"TMP",
2675
2177
		"USER=",
2676
2178
		"VISUAL=",
2677
2179
		NULL
2678
2180
		};
2679
2181
2680
2182
	int i, k = 0;
2681
2183
2682
2184
	for (i = 0; __environ[i]; i++) {
2683
2185
		int found = 0, j;
2684
2186
2685
2187
		for (j = 0; junk[j]; j++)
2686
2188
			if (!strncmp(__environ[i], junk[j], strlen(junk[j])))
2687
2189
				found = 1;
2688
2190
		if (!found)
2689
2191
			__environ[k++] = __environ[i];
2690
2192
	}
2691
2193
	__environ[k] = NULL;
2692
2194
}
2693
0
2195
2694
=== added directory '.pc/discard_env'
2695
=== added file '.pc/discard_env/inetd.8'
2696
--- .pc/discard_env/inetd.8	1970-01-01 00:00:00 +0000
2697
+++ .pc/discard_env/inetd.8	2011-06-29 11:29:23 +0000
2698
@@ -0,0 +1,419 @@
2699
1
.\"	$OpenBSD: inetd.8,v 1.33 2008/06/28 10:54:45 sobrado Exp $
2700
2
.\" Copyright (c) 1985, 1991 The Regents of the University of California.
2701
3
.\" All rights reserved.
2702
4
.\"
2703
5
.\" Redistribution and use in source and binary forms, with or without
2704
6
.\" modification, are permitted provided that the following conditions
2705
7
.\" are met:
2706
8
.\" 1. Redistributions of source code must retain the above copyright
2707
9
.\"    notice, this list of conditions and the following disclaimer.
2708
10
.\" 2. Redistributions in binary form must reproduce the above copyright
2709
11
.\"    notice, this list of conditions and the following disclaimer in the
2710
12
.\"    documentation and/or other materials provided with the distribution.
2711
13
.\" 3. Neither the name of the University nor the names of its contributors
2712
14
.\"    may be used to endorse or promote products derived from this software
2713
15
.\"    without specific prior written permission.
2714
16
.\"
2715
17
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
2716
18
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2717
19
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2718
20
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
2719
21
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2720
22
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2721
23
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2722
24
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2723
25
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2724
26
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2725
27
.\" SUCH DAMAGE.
2726
28
.\"
2727
29
.\"     from: @(#)inetd.8	6.7 (Berkeley) 3/16/91
2728
30
.\"
2729
31
.Dd $Mdocdate: December 29 2009 $
2730
32
.Dt INETD 8
2731
33
.Os
2732
34
.Sh NAME
2733
35
.Nm inetd
2734
36
.Nd internet
2735
37
.Dq super-server
2736
38
.Sh SYNOPSIS
2737
39
.Nm inetd
2738
40
.Op Fl d
2739
41
.Op Fl R Ar rate
2740
42
.Op Ar configuration_file
2741
43
.Sh DESCRIPTION
2742
44
.Nm inetd
2743
45
listens for connections on certain internet sockets.
2744
46
When a connection is found on one
2745
47
of its sockets, it decides what service the socket
2746
48
corresponds to, and invokes a program to service the request.
2747
49
After the program is
2748
50
finished, it continues to listen on the socket (except in some cases which
2749
51
will be described below).
2750
52
Essentially,
2751
53
.Nm inetd
2752
54
allows running one daemon to invoke several others,
2753
55
reducing load on the system.
2754
56
.Pp
2755
57
The options are as follows:
2756
58
.Bl -tag -width Ds
2757
59
.It Fl d
2758
60
Turns on debugging.
2759
61
.It Fl R Ar rate
2760
62
Specify the maximum number of times a service can be invoked
2761
63
in one minute; the default is 256.
2762
64
If a service exceeds this limit,
2763
65
.Nm
2764
66
will log the problem
2765
67
and stop servicing requests for the specific service for ten minutes.
2766
68
See also the wait/nowait configuration fields below.
2767
69
.El
2768
70
.Pp
2769
71
Upon execution,
2770
72
.Nm inetd
2771
73
reads its configuration information from a configuration
2772
74
file which, by default, is
2773
75
.Pa /etc/inetd.conf .
2774
76
There must be an entry for each field of the configuration
2775
77
file, with entries for each field separated by a tab or
2776
78
a space.
2777
79
Comments are denoted by a
2778
80
.Dq #
2779
81
at the beginning
2780
82
of a line.
2781
83
The fields of the configuration file are as follows:
2782
84
.Bd -unfilled -offset indent
2783
85
service name
2784
86
socket type
2785
87
protocol
2786
88
wait/nowait[.max]
2787
89
user[.group] or user[:group]
2788
90
server program
2789
91
server program arguments
2790
92
.Ed
2791
93
.Pp
2792
94
To specify a Sun-RPC
2793
95
based service, the entry would contain these fields.
2794
96
.Bd -unfilled -offset indent
2795
97
service name/version
2796
98
socket type
2797
99
rpc/protocol
2798
100
wait/nowait[.max]
2799
101
user[.group] or user[:group]
2800
102
server program
2801
103
server program arguments
2802
104
.Ed
2803
105
.Pp
2804
106
For internet services, the first field of the line may also have a host
2805
107
address specifier prefixed to it, separated from the service name by a
2806
108
colon.
2807
109
If this is done, the string before the colon in the first field
2808
110
indicates what local address
2809
111
.Nm
2810
112
should use when listening for that service.
2811
113
Multiple local addresses
2812
114
can be specified on the same line, separated by commas.
2813
115
Numeric IP
2814
116
addresses in dotted-quad notation can be used as well as symbolic
2815
117
hostnames.
2816
118
Symbolic hostnames are looked up using
2817
119
.Fn gethostbyname .
2818
120
If a hostname has multiple address mappings, inetd creates a socket
2819
121
to listen on each address.
2820
122
.Pp
2821
123
The single character
2822
124
.Dq \&*
2823
125
indicates
2824
126
.Dv INADDR_ANY ,
2825
127
meaning
2826
128
.Dq all local addresses .
2827
129
To avoid repeating an address that occurs frequently, a line with a
2828
130
host address specifier and colon, but no further fields, causes the
2829
131
host address specifier to be remembered and used for all further lines
2830
132
with no explicit host specifier (until another such line or the end of
2831
133
the file).
2832
134
A line
2833
135
.Dl *:
2834
136
is implicitly provided at the top of the file; thus, traditional
2835
137
configuration files (which have no host address specifiers) will be
2836
138
interpreted in the traditional manner, with all services listened for
2837
139
on all local addresses.
2838
140
If the protocol is
2839
141
.Dq unix ,
2840
142
this value is ignored.
2841
143
.Pp
2842
144
The
2843
145
.Em service name
2844
146
entry is the name of a valid service in
2845
147
the file
2846
148
.Pa /etc/services
2847
149
or a port number.
2848
150
For
2849
151
.Dq internal
2850
152
services (discussed below), the service
2851
153
name
2852
154
.Em must
2853
155
be the official name of the service (that is, the first entry in
2854
156
.Pa /etc/services ) .
2855
157
When used to specify a Sun-RPC
2856
158
based service, this field is a valid RPC service name in
2857
159
the file
2858
160
.Pa /etc/rpc .
2859
161
The part on the right of the
2860
162
.Dq /
2861
163
is the RPC version number.
2862
164
This can simply be a single numeric argument or a range of versions.
2863
165
A range is bounded by the low version to the high version -
2864
166
.Dq rusers/1\-3 .
2865
167
For
2866
168
.Ux Ns -domain
2867
169
sockets this field specifies the path name of the socket.
2868
170
.Pp
2869
171
The
2870
172
.Em socket type
2871
173
should be one of
2872
174
.Dq stream ,
2873
175
.Dq dgram ,
2874
176
.Dq raw ,
2875
177
.Dq rdm ,
2876
178
or
2877
179
.Dq seqpacket ,
2878
180
depending on whether the socket is a stream, datagram, raw,
2879
181
reliably delivered message, or sequenced packet socket.
2880
182
.Pp
2881
183
The
2882
184
.Em protocol
2883
185
must be a valid protocol as given in
2884
186
.Pa /etc/protocols or
2885
187
.Dq unix .
2886
188
Examples might be
2887
189
.Dq tcp
2888
190
or
2889
191
.Dq udp .
2890
192
RPC based services are specified with the
2891
193
.Dq rpc/tcp
2892
194
or
2893
195
.Dq rpc/udp
2894
196
service type.
2895
197
.Dq tcp
2896
198
and
2897
199
.Dq udp
2898
200
will be recognized as
2899
201
.Dq TCP or UDP over default IP version .
2900
202
This is currently IPv4, but in the future it will be IPv6.
2901
203
If you need to specify IPv4 or IPv6 explicitly, use something like
2902
204
.Dq tcp4
2903
205
or
2904
206
.Dq udp6 .
2905
207
A
2906
208
.Em protocol
2907
209
of
2908
210
.Dq unix
2909
211
is used to specify a socket in the
2910
212
.Ux Ns -domain .
2911
213
.Pp
2912
214
The
2913
215
.Em wait/nowait
2914
216
entry is used to tell
2915
217
.Nm
2916
218
if it should wait for the server program to return,
2917
219
or continue processing connections on the socket.
2918
220
If a datagram server connects
2919
221
to its peer, freeing the socket so
2920
222
.Nm inetd
2921
223
can receive further messages on the socket, it is said to be
2922
224
a
2923
225
.Dq multi-threaded
2924
226
server, and should use the
2925
227
.Dq nowait
2926
228
entry.
2927
229
For datagram servers which process all incoming datagrams
2928
230
on a socket and eventually time out, the server is said to be
2929
231
.Dq single-threaded
2930
232
and should use a
2931
233
.Dq wait
2932
234
entry.
2933
235
.Xr comsat 8
2934
236
.Pq Xr biff 1
2935
237
and
2936
238
.Xr talkd 8
2937
239
are both examples of the latter type of
2938
240
datagram server.
2939
241
.Xr tftpd 8
2940
242
is an exception; it is a datagram server that establishes pseudo-connections.
2941
243
It must be listed as
2942
244
.Dq wait
2943
245
in order to avoid a race;
2944
246
the server reads the first packet, creates a new socket,
2945
247
and then forks and exits to allow
2946
248
.Nm inetd
2947
249
to check for new service requests to spawn new servers.
2948
250
The optional
2949
251
.Dq max
2950
252
suffix (separated from
2951
253
.Dq wait
2952
254
or
2953
255
.Dq nowait
2954
256
by a dot) specifies the maximum number of times a service can be invoked
2955
257
in one minute; the default is 256.
2956
258
If a service exceeds this limit,
2957
259
.Nm
2958
260
will log the problem
2959
261
and stop servicing requests for the specific service for ten minutes.
2960
262
See also the
2961
263
.Fl R
2962
264
option above.
2963
265
.Pp
2964
266
Stream servers are usually marked as
2965
267
.Dq nowait
2966
268
but if a single server process is to handle multiple connections, it may be
2967
269
marked as
2968
270
.Dq wait .
2969
271
The master socket will then be passed as fd 0 to the server, which will then
2970
272
need to accept the incoming connection.
2971
273
The server should eventually time
2972
274
out and exit when no more connections are active.
2973
275
.Nm
2974
276
will continue to
2975
277
listen on the master socket for connections, so the server should not close
2976
278
it when it exits.
2977
279
.Pp
2978
280
The
2979
281
.Em user
2980
282
entry should contain the user name of the user as whom the server
2981
283
should run.
2982
284
This allows for servers to be given less permission
2983
285
than root.
2984
286
An optional group name can be specified by appending a dot to
2985
287
the user name followed by the group name.
2986
288
This allows for servers to run with
2987
289
a different (primary) group ID than specified in the password file.
2988
290
If a group
2989
291
is specified and user is not root, the supplementary groups associated with
2990
292
that user will still be set.
2991
293
.Pp
2992
294
The
2993
295
.Em server program
2994
296
entry should contain the pathname of the program which is to be
2995
297
executed by
2996
298
.Nm inetd
2997
299
when a request is found on its socket.
2998
300
If
2999
301
.Nm inetd
3000
302
provides this service internally, this entry should
3001
303
be
3002
304
.Dq internal .
3003
305
.Pp
3004
306
The
3005
307
.Em server program arguments
3006
308
should be just as arguments
3007
309
normally are, starting with argv[0], which is the name of
3008
310
the program.
3009
311
If the service is provided internally, the word
3010
312
.Dq internal
3011
313
should take the place of this entry.
3012
314
.Pp
3013
315
.Nm inetd
3014
316
provides several
3015
317
.Dq trivial
3016
318
services internally by use of routines within itself.
3017
319
These services are
3018
320
.Dq echo ,
3019
321
.Dq discard ,
3020
322
.Dq chargen
3021
323
(character generator),
3022
324
.Dq daytime
3023
325
(human readable time), and
3024
326
.Dq time
3025
327
(machine readable time,
3026
328
in the form of the number of seconds since midnight, January
3027
329
1, 1900).
3028
330
All of these services are TCP based.
3029
331
For details of these services, consult the appropriate
3030
332
.Tn RFC
3031
333
from the Network Information Center.
3032
334
.Pp
3033
335
.Nm inetd
3034
336
rereads its configuration file when it receives a hangup signal,
3035
337
.Dv SIGHUP .
3036
338
Services may be added, deleted or modified when the configuration file
3037
339
is reread.
3038
340
.Nm inetd
3039
341
creates a file
3040
342
.Em /var/run/inetd.pid
3041
343
that contains its process identifier.
3042
344
.Ss IPv6 TCP/UDP behavior
3043
345
If you wish to run a server for IPv4 and IPv6 traffic,
3044
346
you'll need to run two separate processes for the same server program,
3045
347
specified as two separate lines in
3046
348
.Pa inetd.conf ,
3047
349
for
3048
350
.Dq tcp4
3049
351
and
3050
352
.Dq tcp6 .
3051
353
.Pp
3052
354
Under various combinations of IPv4/v6 daemon settings,
3053
355
.Nm
3054
356
will behave as follows:
3055
357
.Bl -bullet -compact
3056
358
.It
3057
359
If you have only one server on
3058
360
.Dq tcp4 ,
3059
361
IPv4 traffic will be routed to the server.
3060
362
IPv6 traffic will not be accepted.
3061
363
.It
3062
364
If you have two servers on
3063
365
.Dq tcp4
3064
366
and
3065
367
.Dq tcp6 ,
3066
368
IPv4 traffic will be routed to the server on
3067
369
.Dq tcp4 ,
3068
370
and IPv6 traffic will go to server on
3069
371
.Dq tcp6 .
3070
372
.It
3071
373
If you have only one server on
3072
374
.Dq tcp6 ,
3073
375
only IPv6 traffic will be routed to the server.
3074
376
.El
3075
377
.Sh SEE ALSO
3076
378
.Xr fingerd 8 ,
3077
379
.Xr ftpd 8 ,
3078
380
.Xr identd 8 ,
3079
381
.Xr rshd 8 ,
3080
382
.Xr talkd 8 ,
3081
383
.Xr tftpd 8
3082
384
.Sh HISTORY
3083
385
The
3084
386
.Nm
3085
387
command appeared in
3086
388
.Bx 4.3 .
3087
389
Support for Sun-RPC
3088
390
based services is modelled after that
3089
391
provided by SunOS 4.1.
3090
392
IPv6 support was added by the KAME project in 1999.
3091
393
.Pp
3092
394
Marco d'Itri ported this code from OpenBSD in summer 2002 and added
3093
395
socket buffers tuning and libwrap support from the NetBSD source tree.
3094
396
.Sh BUGS
3095
397
On Linux systems, the daemon cannot reload its configuration and needs
3096
398
to be restarted when the host address for a service is changed between
3097
399
.Dq \&*
3098
400
and a specific address.
3099
401
.Pp
3100
402
Server programs used with
3101
403
.Dq dgram
3102
404
.Dq udp
3103
405
.Dq nowait
3104
406
must read from the network socket, or
3105
407
.Nm inetd
3106
408
will spawn processes until the maximum is reached.
3107
409
.Pp
3108
410
Host address specifiers, while they make conceptual sense for RPC
3109
411
services, do not work entirely correctly.
3110
412
This is largely because the
3111
413
portmapper interface does not provide a way to register different ports
3112
414
for the same service on different local addresses.
3113
415
Provided you never
3114
416
have more than one entry for a given RPC service, everything should
3115
417
work correctly.
3116
418
(Note that default host address specifiers do apply to
3117
419
RPC lines with no explicit specifier.)
3118
0
420
3119
=== added file '.pc/discard_env/inetd.c'
3120
--- .pc/discard_env/inetd.c	1970-01-01 00:00:00 +0000
3121
+++ .pc/discard_env/inetd.c	2011-06-29 11:29:23 +0000
3122
@@ -0,0 +1,2059 @@
3123
1
/*	$OpenBSD: inetd.c,v 1.131 2009/10/27 23:59:51 deraadt Exp $	*/
3124
2
3125
3
/*
3126
4
 * Copyright (c) 1983,1991 The Regents of the University of California.
3127
5
 * All rights reserved.
3128
6
 *
3129
7
 * Redistribution and use in source and binary forms, with or without
3130
8
 * modification, are permitted provided that the following conditions
3131
9
 * are met:
3132
10
 * 1. Redistributions of source code must retain the above copyright
3133
11
 *    notice, this list of conditions and the following disclaimer.
3134
12
 * 2. Redistributions in binary form must reproduce the above copyright
3135
13
 *    notice, this list of conditions and the following disclaimer in the
3136
14
 *    documentation and/or other materials provided with the distribution.
3137
15
 * 3. Neither the name of the University nor the names of its contributors
3138
16
 *    may be used to endorse or promote products derived from this software
3139
17
 *    without specific prior written permission.
3140
18
 *
3141
19
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
3142
20
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3143
21
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3144
22
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
3145
23
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
3146
24
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
3147
25
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3148
26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3149
27
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3150
28
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3151
29
 * SUCH DAMAGE.
3152
30
 */
3153
31
3154
32
/*
3155
33
 * Inetd - Internet super-server
3156
34
 *
3157
35
 * This program invokes all internet services as needed.
3158
36
 * connection-oriented services are invoked each time a
3159
37
 * connection is made, by creating a process.  This process
3160
38
 * is passed the connection as file descriptor 0 and is
3161
39
 * expected to do a getpeername to find out the source host
3162
40
 * and port.
3163
41
 *
3164
42
 * Datagram oriented services are invoked when a datagram
3165
43
 * arrives; a process is created and passed a pending message
3166
44
 * on file descriptor 0.  Datagram servers may either connect
3167
45
 * to their peer, freeing up the original socket for inetd
3168
46
 * to receive further messages on, or ``take over the socket'',
3169
47
 * processing all arriving datagrams and, eventually, timing
3170
48
 * out.	 The first type of server is said to be ``multi-threaded'';
3171
49
 * the second type of server ``single-threaded''.
3172
50
 *
3173
51
 * Inetd uses a configuration file which is read at startup
3174
52
 * and, possibly, at some later time in response to a hangup signal.
3175
53
 * The configuration file is ``free format'' with fields given in the
3176
54
 * order shown below.  Continuation lines for an entry must begin with
3177
55
 * a space or tab.  All fields must be present in each entry.
3178
56
 *
3179
57
 *	service name			must be in /etc/services
3180
58
 *	socket type			stream/dgram/raw/rdm/seqpacket
3181
59
 *	protocol			must be in /etc/protocols
3182
60
 *	wait/nowait[.max]		single-threaded/multi-threaded, max #
3183
61
 *	user[.group] or user[:group]	user/group to run daemon as
3184
62
 *	server program			full path name
3185
63
 *	server program arguments	maximum of MAXARGS (20)
3186
64
 *
3187
65
 * For RPC services
3188
66
 *      service name/version            must be in /etc/rpc
3189
67
 *	socket type			stream/dgram/raw/rdm/seqpacket
3190
68
 *	protocol			must be in /etc/protocols
3191
69
 *	wait/nowait[.max]		single-threaded/multi-threaded
3192
70
 *	user[.group] or user[:group]	user to run daemon as
3193
71
 *	server program			full path name
3194
72
 *	server program arguments	maximum of MAXARGS (20)
3195
73
 *
3196
74
 * For non-RPC services, the "service name" can be of the form
3197
75
 * hostaddress:servicename, in which case the hostaddress is used
3198
76
 * as the host portion of the address to listen on.  If hostaddress
3199
77
 * consists of a single `*' character, INADDR_ANY is used.
3200
78
 *
3201
79
 * A line can also consist of just
3202
80
 *      hostaddress:
3203
81
 * where hostaddress is as in the preceding paragraph.  Such a line must
3204
82
 * have no further fields; the specified hostaddress is remembered and
3205
83
 * used for all further lines that have no hostaddress specified,
3206
84
 * until the next such line (or EOF).  (This is why * is provided to
3207
85
 * allow explicit specification of INADDR_ANY.)  A line
3208
86
 *      *:
3209
87
 * is implicitly in effect at the beginning of the file.
3210
88
 *
3211
89
 * The hostaddress specifier may (and often will) contain dots;
3212
90
 * the service name must not.
3213
91
 *
3214
92
 * For RPC services, host-address specifiers are accepted and will
3215
93
 * work to some extent; however, because of limitations in the
3216
94
 * portmapper interface, it will not work to try to give more than
3217
95
 * one line for any given RPC service, even if the host-address
3218
96
 * specifiers are different.
3219
97
 *
3220
98
 * Comment lines are indicated by a `#' in column 1.
3221
99
 */
3222
100
3223
101
/*
3224
102
 * Here's the scoop concerning the user[.:]group feature:
3225
103
 *
3226
104
 * 1) set-group-option off.
3227
105
 *
3228
106
 *	a) user = root:	NO setuid() or setgid() is done
3229
107
 *
3230
108
 *	b) other:	setgid(primary group as found in passwd)
3231
109
 *			initgroups(name, primary group)
3232
110
 *			setuid()
3233
111
 *
3234
112
 * 2) set-group-option on.
3235
113
 *
3236
114
 *	a) user = root:	setgid(specified group)
3237
115
 *			NO initgroups()
3238
116
 *			NO setuid()
3239
117
 *
3240
118
 *	b) other:	setgid(specified group)
3241
119
 *			initgroups(name, specified group)
3242
120
 *			setuid()
3243
121
 *
3244
122
 */
3245
123
3246
124
#include <sys/param.h>
3247
125
#include <sys/stat.h>
3248
126
#include <sys/ioctl.h>
3249
127
#include <sys/socket.h>
3250
128
#include <sys/un.h>
3251
129
#include <sys/file.h>
3252
130
#include <sys/wait.h>
3253
131
#include <time.h>
3254
132
#include <sys/time.h>
3255
133
#include <sys/resource.h>
3256
134
3257
135
#include <net/if.h>
3258
136
#include <netinet/in.h>
3259
137
#include <arpa/inet.h>
3260
138
3261
139
#include <errno.h>
3262
140
#include <ctype.h>
3263
141
#include <signal.h>
3264
142
#include <netdb.h>
3265
143
#include <syslog.h>
3266
144
#include <pwd.h>
3267
145
#include <grp.h>
3268
146
#include <stdio.h>
3269
147
#include <stdlib.h>
3270
148
#include <unistd.h>
3271
149
#include <string.h>
3272
150
#ifdef HAVE_SETUSERCONTEXT
3273
151
#include <login_cap.h>
3274
152
#endif
3275
153
#ifdef HAVE_GETIFADDRS
3276
154
#include <ifaddrs.h>
3277
155
#endif
3278
156
#include <rpc/rpc.h>
3279
157
#include <rpc/pmap_clnt.h>
3280
158
#include "pathnames.h"
3281
159
#include "setproctitle.h"
3282
160
3283
161
size_t strlcpy(char *, const char *, size_t);
3284
162
3285
163
#define	TOOMANY		256		/* don't start more than TOOMANY */
3286
164
#define	CNT_INTVL	60		/* servers in CNT_INTVL sec. */
3287
165
#define	RETRYTIME	(60*10)		/* retry after bind or server fail */
3288
166
3289
167
int	 debug = 0;
3290
168
int	 nsock, maxsock;
3291
169
fd_set	*allsockp;
3292
170
int	 allsockn;
3293
171
int	 toomany = TOOMANY;
3294
172
int	 options;
3295
173
int	 timingout;
3296
174
struct	 servent *sp;
3297
175
uid_t	 uid;
3298
176
sigset_t blockmask;
3299
177
sigset_t emptymask;
3300
178
3301
179
#ifndef OPEN_MAX
3302
180
#define OPEN_MAX	64
3303
181
#endif
3304
182
3305
183
/* Reserve some descriptors, 3 stdio + at least: 1 log, 1 conf. file */
3306
184
#define FD_MARGIN	(8)
3307
185
rlim_t	rlim_nofile_cur = OPEN_MAX;
3308
186
3309
187
struct rlimit	rlim_nofile;
3310
188
3311
189
struct	servtab {
3312
190
	char	*se_hostaddr;		/* host address to listen on */
3313
191
	char	*se_service;		/* name of service */
3314
192
	int	se_socktype;		/* type of socket to use */
3315
193
	int	se_family;		/* address family */
3316
194
	char	*se_proto;		/* protocol used */
3317
195
	int	se_rpcprog;		/* rpc program number */
3318
196
	int	se_rpcversl;		/* rpc program lowest version */
3319
197
	int	se_rpcversh;		/* rpc program highest version */
3320
198
#define isrpcservice(sep)	((sep)->se_rpcversl != 0)
3321
199
	pid_t	se_wait;		/* single threaded server */
3322
200
	short	se_checked;		/* looked at during merge */
3323
201
	char	*se_user;		/* user name to run as */
3324
202
	char	*se_group;		/* group name to run as */
3325
203
	struct	biltin *se_bi;		/* if built-in, description */
3326
204
	char	*se_server;		/* server program */
3327
205
#define	MAXARGV 20
3328
206
	char	*se_argv[MAXARGV+1];	/* program arguments */
3329
207
	int	se_fd;			/* open descriptor */
3330
208
	union {
3331
209
		struct	sockaddr se_un_ctrladdr;
3332
210
		struct	sockaddr_in se_un_ctrladdr_in;
3333
211
		struct	sockaddr_in6 se_un_ctrladdr_in6;
3334
212
		struct	sockaddr_un se_un_ctrladdr_un;
3335
213
		struct	sockaddr_storage se_un_ctrladdr_storage;
3336
214
	} se_un;			/* bound address */
3337
215
#define se_ctrladdr	se_un.se_un_ctrladdr
3338
216
#define se_ctrladdr_in	se_un.se_un_ctrladdr_in
3339
217
#define se_ctrladdr_in6	se_un.se_un_ctrladdr_in6
3340
218
#define se_ctrladdr_un	se_un.se_un_ctrladdr_un
3341
219
#define se_ctrladdr_storage	se_un.se_un_ctrladdr_storage
3342
220
	int	se_ctrladdr_size;
3343
221
	int	se_max;			/* max # of instances of this service */
3344
222
	int	se_count;		/* number started since se_time */
3345
223
	struct	timeval se_time;	/* start of se_count */
3346
224
	struct	servtab *se_next;
3347
225
} *servtab;
3348
226
3349
227
void echo_stream(int, struct servtab *);
3350
228
void discard_stream(int, struct servtab *);
3351
229
void machtime_stream(int, struct servtab *);
3352
230
void daytime_stream(int, struct servtab *);
3353
231
void chargen_stream(int, struct servtab *);
3354
232
void echo_dg(int, struct servtab *);
3355
233
void discard_dg(int, struct servtab *);
3356
234
void machtime_dg(int, struct servtab *);
3357
235
void daytime_dg(int, struct servtab *);
3358
236
void chargen_dg(int, struct servtab *);
3359
237
3360
238
struct biltin {
3361
239
	char	*bi_service;		/* internally provided service name */
3362
240
	int	bi_socktype;		/* type of socket supported */
3363
241
	short	bi_fork;		/* 1 if should fork before call */
3364
242
	short	bi_wait;		/* 1 if should wait for child */
3365
243
	void	(*bi_fn)(int, struct servtab *);
3366
244
} biltins[] = {
3367
245
	/* Echo received data */
3368
246
	{ "echo",	SOCK_STREAM,	1, 0,	echo_stream },
3369
247
	{ "echo",	SOCK_DGRAM,	0, 0,	echo_dg },
3370
248
3371
249
	/* Internet /dev/null */
3372
250
	{ "discard",	SOCK_STREAM,	1, 0,	discard_stream },
3373
251
	{ "discard",	SOCK_DGRAM,	0, 0,	discard_dg },
3374
252
3375
253
	/* Return 32 bit time since 1900 */
3376
254
	{ "time",	SOCK_STREAM,	0, 0,	machtime_stream },
3377
255
	{ "time",	SOCK_DGRAM,	0, 0,	machtime_dg },
3378
256
3379
257
	/* Return human-readable time */
3380
258
	{ "daytime",	SOCK_STREAM,	0, 0,	daytime_stream },
3381
259
	{ "daytime",	SOCK_DGRAM,	0, 0,	daytime_dg },
3382
260
3383
261
	/* Familiar character generator */
3384
262
	{ "chargen",	SOCK_STREAM,	1, 0,	chargen_stream },
3385
263
	{ "chargen",	SOCK_DGRAM,	0, 0,	chargen_dg },
3386
264
3387
265
	{ 0 }
3388
266
};
3389
267
3390
268
volatile sig_atomic_t wantretry;
3391
269
volatile sig_atomic_t wantconfig;
3392
270
volatile sig_atomic_t wantreap;
3393
271
volatile sig_atomic_t wantdie;
3394
272
3395
273
void	config(int);
3396
274
void	doconfig(void);
3397
275
void	reap(int);
3398
276
void	doreap(void);
3399
277
void	retry(int);
3400
278
void	doretry(void);
3401
279
void	die(int);
3402
280
void	dodie(void);
3403
281
void	logpid(void);
3404
282
void	spawn(struct servtab *, int);
3405
283
int	gettcp(struct servtab *);
3406
284
int	setconfig(void);
3407
285
void	endconfig(void);
3408
286
void	register_rpc(struct servtab *);
3409
287
void	unregister_rpc(struct servtab *);
3410
288
void	freeconfig(struct servtab *);
3411
289
void	print_service(char *, struct servtab *);
3412
290
void	setup(struct servtab *);
3413
291
struct servtab *getconfigent(void);
3414
292
int	bump_nofile(void);
3415
293
struct servtab *enter(struct servtab *);
3416
294
int	matchconf(struct servtab *, struct servtab *);
3417
295
int	dg_broadcast(struct in_addr *in);
3418
296
3419
297
#define NUMINT	(sizeof(intab) / sizeof(struct inent))
3420
298
char	*CONFIG = _PATH_INETDCONF;
3421
299
3422
300
void
3423
301
fd_grow(fd_set **fdsp, int *bytes, int fd)
3424
302
{
3425
303
	caddr_t new;
3426
304
	int newbytes;
3427
305
3428
306
	newbytes = howmany(fd+1, NFDBITS) * sizeof(fd_mask);
3429
307
	if (newbytes > *bytes) {
3430
308
		newbytes *= 2;			/* optimism */
3431
309
		new = realloc(*fdsp, newbytes);
3432
310
		if (new == NULL) {
3433
311
			syslog(LOG_ERR, "Out of memory.");
3434
312
			exit(1);
3435
313
		}
3436
314
		memset(new + *bytes, 0, newbytes - *bytes);
3437
315
		*fdsp = (fd_set *)new;
3438
316
		*bytes = newbytes;
3439
317
	}
3440
318
}
3441
319
3442
320
struct sigaction sa, sapipe;
3443
321
3444
322
int
3445
323
main(int argc, char *argv[], char *envp[])
3446
324
{
3447
325
	fd_set *fdsrp = NULL;
3448
326
	int readablen = 0, ch;
3449
327
	struct servtab *sep;
3450
328
	extern char *optarg;
3451
329
	extern int optind;
3452
330
	
3453
331
	initsetproctitle(argc, argv, envp);
3454
332
3455
333
	while ((ch = getopt(argc, argv, "dR:")) != -1)
3456
334
		switch (ch) {
3457
335
		case 'd':
3458
336
			debug = 1;
3459
337
			break;
3460
338
		case 'R': {	/* invocation rate */
3461
339
			char *p;
3462
340
			int val;
3463
341
3464
342
			val = strtoul(optarg, &p, 0);
3465
343
			if (val >= 1 && *p == '\0') {
3466
344
				toomany = val;
3467
345
				break;
3468
346
			}
3469
347
			syslog(LOG_ERR,
3470
348
			    "-R %s: bad value for service invocation rate",
3471
349
			    optarg);
3472
350
			break;
3473
351
		}
3474
352
		case '?':
3475
353
		default:
3476
354
			fprintf(stderr,
3477
355
			    "usage: inetd [-d] [-R rate] [configuration_file]\n");
3478
356
			exit(1);
3479
357
		}
3480
358
	argc -= optind;
3481
359
	argv += optind;
3482
360
3483
361
	uid = getuid();
3484
362
	if (uid != 0)
3485
363
		CONFIG = NULL;
3486
364
	if (argc > 0)
3487
365
		CONFIG = argv[0];
3488
366
	if (CONFIG == NULL) {
3489
367
		fprintf(stderr, "inetd: non-root must specify a config file\n");
3490
368
		exit(1);
3491
369
	}
3492
370
	if (argc > 1) {
3493
371
		fprintf(stderr, "inetd: more than one argument specified\n");
3494
372
		exit(1);
3495
373
	}
3496
374
3497
375
	umask(022);
3498
376
	if (debug == 0) {
3499
377
		daemon(0, 0);
3500
378
#ifdef HAVE_SETLOGIN
3501
379
		if (uid == 0)
3502
380
			(void) setlogin("");
3503
381
#endif
3504
382
	}
3505
383
	if (debug && uid == 0)
3506
384
		options |= SO_DEBUG;
3507
385
3508
386
	if (uid == 0) {
3509
387
		gid_t gid = getgid();
3510
388
3511
389
		/* If run by hand, ensure groups vector gets trashed */
3512
390
		setgroups(1, &gid);
3513
391
	}
3514
392
3515
393
	openlog("inetd", LOG_PID | LOG_NOWAIT, LOG_DAEMON);
3516
394
	logpid();
3517
395
3518
396
	if (getrlimit(RLIMIT_NOFILE, &rlim_nofile) < 0) {
3519
397
		syslog(LOG_ERR, "getrlimit: %m");
3520
398
	} else {
3521
399
		rlim_nofile_cur = rlim_nofile.rlim_cur;
3522
400
		if (rlim_nofile_cur == RLIM_INFINITY)	/* ! */
3523
401
			rlim_nofile_cur = OPEN_MAX;
3524
402
	}
3525
403
3526
404
	sigemptyset(&emptymask);
3527
405
	sigemptyset(&blockmask);
3528
406
	sigaddset(&blockmask, SIGCHLD);
3529
407
	sigaddset(&blockmask, SIGHUP);
3530
408
	sigaddset(&blockmask, SIGALRM);
3531
409
3532
410
	memset(&sa, 0, sizeof(sa));
3533
411
	sigemptyset(&sa.sa_mask);
3534
412
	sigaddset(&sa.sa_mask, SIGALRM);
3535
413
	sigaddset(&sa.sa_mask, SIGCHLD);
3536
414
	sigaddset(&sa.sa_mask, SIGHUP);
3537
415
	sa.sa_handler = retry;
3538
416
	sigaction(SIGALRM, &sa, NULL);
3539
417
	doconfig();
3540
418
	sa.sa_handler = config;
3541
419
	sigaction(SIGHUP, &sa, NULL);
3542
420
	sa.sa_handler = reap;
3543
421
	sigaction(SIGCHLD, &sa, NULL);
3544
422
	sa.sa_handler = die;
3545
423
	sigaction(SIGTERM, &sa, NULL);
3546
424
	sa.sa_handler = die;
3547
425
	sigaction(SIGINT, &sa, NULL);
3548
426
	sa.sa_handler = SIG_IGN;
3549
427
	sigaction(SIGPIPE, &sa, &sapipe);
3550
428
3551
429
	/* space for daemons to overwrite environment for ps */
3552
430
	{
3553
431
#define DUMMYSIZE 100
3554
432
		char dummy[DUMMYSIZE];
3555
433
		memset(dummy, 'x', DUMMYSIZE - 1);
3556
434
		dummy[DUMMYSIZE - 1] = '\0';
3557
435
		setenv("inetd_dummy", dummy, 1);
3558
436
	}
3559
437
3560
438
	for (;;) {
3561
439
		int n, ctrl = -1;
3562
440
3563
441
	    restart:
3564
442
		if (nsock == 0) {
3565
443
			(void) sigprocmask(SIG_BLOCK, &blockmask, NULL);
3566
444
			while (nsock == 0) {
3567
445
				if (wantretry || wantconfig || wantreap || wantdie)
3568
446
					break;
3569
447
				sigsuspend(&emptymask);
3570
448
			}
3571
449
			(void) sigprocmask(SIG_SETMASK, &emptymask, NULL);
3572
450
		}
3573
451
3574
452
		while (wantretry || wantconfig || wantreap || wantdie) {
3575
453
			if (wantretry) {
3576
454
				wantretry = 0;
3577
455
				doretry();
3578
456
			}
3579
457
			if (wantconfig) {
3580
458
				wantconfig = 0;
3581
459
				doconfig();
3582
460
			}
3583
461
			if (wantreap) {
3584
462
				wantreap = 0;
3585
463
				doreap();
3586
464
			}
3587
465
			if (wantdie)
3588
466
				dodie();
3589
467
			goto restart;
3590
468
		}
3591
469
3592
470
		if (readablen != allsockn) {
3593
471
			if (fdsrp)
3594
472
				free(fdsrp);
3595
473
			fdsrp = (fd_set *)calloc(allsockn, 1);
3596
474
			if (fdsrp == NULL) {
3597
475
				syslog(LOG_ERR, "Out of memory.");
3598
476
				exit(1);
3599
477
			}
3600
478
			readablen = allsockn;
3601
479
		}
3602
480
		bcopy(allsockp, fdsrp, allsockn);
3603
481
3604
482
		if ((n = select(maxsock + 1, fdsrp, NULL, NULL, NULL)) <= 0) {
3605
483
			if (n < 0 && errno != EINTR) {
3606
484
				syslog(LOG_WARNING, "select: %m");
3607
485
				sleep(1);
3608
486
			}
3609
487
			continue;
3610
488
		}
3611
489
3612
490
		for (sep = servtab; n && sep; sep = sep->se_next) {
3613
491
			if (sep->se_fd != -1 &&
3614
492
			    FD_ISSET(sep->se_fd, fdsrp)) {
3615
493
				n--;
3616
494
				if (debug)
3617
495
					fprintf(stderr, "someone wants %s\n",
3618
496
					    sep->se_service);
3619
497
				if (!sep->se_wait &&
3620
498
				    sep->se_socktype == SOCK_STREAM) {
3621
499
					ctrl = gettcp(sep);
3622
500
					if (ctrl == -1)
3623
501
						continue;
3624
502
				} else
3625
503
					ctrl = sep->se_fd;
3626
504
				(void) sigprocmask(SIG_BLOCK, &blockmask, NULL);
3627
505
				spawn(sep, ctrl);	/* spawn will unblock */
3628
506
			}
3629
507
		}
3630
508
	}
3631
509
}
3632
510
3633
511
int
3634
512
gettcp(struct servtab *sep)
3635
513
{
3636
514
	int ctrl;
3637
515
3638
516
	ctrl = accept(sep->se_fd, NULL, NULL);
3639
517
	if (debug)
3640
518
		fprintf(stderr, "accept, ctrl %d\n", ctrl);
3641
519
	if (ctrl < 0) {
3642
520
		if (errno == EINTR)
3643
521
			return -1;
3644
522
		syslog(LOG_WARNING, "accept (for %s): %m", sep->se_service);
3645
523
		return -1;
3646
524
	}
3647
525
	if ((sep->se_family == AF_INET || sep->se_family == AF_INET6) &&
3648
526
	    sep->se_socktype == SOCK_STREAM) {
3649
527
		struct sockaddr_storage peer;
3650
528
		socklen_t plen = sizeof(peer);
3651
529
		char sbuf[NI_MAXSERV];
3652
530
3653
531
		if (getpeername(ctrl, (struct sockaddr *)&peer, &plen) < 0) {
3654
532
			syslog(LOG_WARNING, "could not getpeername");
3655
533
			close(ctrl);
3656
534
			return -1;
3657
535
		}
3658
536
		if (getnameinfo((struct sockaddr *)&peer, plen, NULL, 0,
3659
537
		    sbuf, sizeof(sbuf), NI_NUMERICSERV) == 0 &&
3660
538
		    atoi(sbuf) == 20) {
3661
539
			/*
3662
540
			 * ignore things that look like ftp bounce
3663
541
			 */
3664
542
			close(ctrl);
3665
543
			return -1;
3666
544
		}
3667
545
	}
3668
546
	return (ctrl);
3669
547
}
3670
548
3671
549
3672
550
int
3673
551
dg_badinput(struct sockaddr *sa)
3674
552
{
3675
553
	struct in_addr in;
3676
554
	struct in6_addr *in6;
3677
555
	u_int16_t port;
3678
556
3679
557
	switch (sa->sa_family) {
3680
558
	case AF_INET:
3681
559
		in.s_addr = ntohl(((struct sockaddr_in *)sa)->sin_addr.s_addr);
3682
560
		port = ntohs(((struct sockaddr_in *)sa)->sin_port);
3683
561
	v4chk:
3684
562
		if (IN_MULTICAST(in.s_addr))
3685
563
			goto bad;
3686
564
		switch ((in.s_addr & 0xff000000) >> 24) {
3687
565
		case 0: case 127: case 255:
3688
566
			goto bad;
3689
567
		}
3690
568
		if (dg_broadcast(&in))
3691
569
			goto bad;
3692
570
		break;
3693
571
	case AF_INET6:
3694
572
		in6 = &((struct sockaddr_in6 *)sa)->sin6_addr;
3695
573
		port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
3696
574
		if (IN6_IS_ADDR_MULTICAST(in6) || IN6_IS_ADDR_UNSPECIFIED(in6))
3697
575
			goto bad;
3698
576
		/*
3699
577
		 * OpenBSD does not support IPv4 mapped address (RFC2553
3700
578
		 * inbound behavior) at all.  We should drop it.
3701
579
		 */
3702
580
		if (IN6_IS_ADDR_V4MAPPED(in6))
3703
581
			goto bad;
3704
582
		if (IN6_IS_ADDR_V4COMPAT(in6)) {
3705
583
			memcpy(&in, &in6->s6_addr[12], sizeof(in));
3706
584
			in.s_addr = ntohl(in.s_addr);
3707
585
			goto v4chk;
3708
586
		}
3709
587
		break;
3710
588
	default:
3711
589
		/* XXX unsupported af, is it safe to assume it to be safe? */
3712
590
		return 0;
3713
591
	}
3714
592
3715
593
	return (0);
3716
594
3717
595
bad:
3718
596
	return (1);
3719
597
}
3720
598
3721
599
int
3722
600
dg_broadcast(struct in_addr *in)
3723
601
{
3724
602
#ifdef HAVE_GETIFADDRS
3725
603
	struct ifaddrs *ifa, *ifap;
3726
604
	struct sockaddr_in *sin;
3727
605
3728
606
	if (getifaddrs(&ifap) < 0)
3729
607
		return (0);
3730
608
	for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
3731
609
		if (ifa->ifa_addr->sa_family != AF_INET ||
3732
610
		    (ifa->ifa_flags & IFF_BROADCAST) == 0)
3733
611
			continue;
3734
612
		sin = (struct sockaddr_in *)ifa->ifa_broadaddr;
3735
613
		if (sin->sin_addr.s_addr == in->s_addr) {
3736
614
			freeifaddrs(ifap);
3737
615
			return (1);
3738
616
		}
3739
617
	}
3740
618
	freeifaddrs(ifap);
3741
619
#endif
3742
620
	return (0);
3743
621
}
3744
622
3745
623
/* ARGSUSED */
3746
624
void
3747
625
reap(int sig)
3748
626
{
3749
627
	wantreap = 1;
3750
628
}
3751
629
3752
630
void
3753
631
doreap(void)
3754
632
{
3755
633
	struct servtab *sep;
3756
634
	int status;
3757
635
	pid_t pid;
3758
636
3759
637
	if (debug)
3760
638
		fprintf(stderr, "reaping asked for\n");
3761
639
3762
640
	for (;;) {
3763
641
		if ((pid = wait3(&status, WNOHANG, NULL)) <= 0) {
3764
642
			if (pid == -1 && errno == EINTR)
3765
643
				continue;
3766
644
			break;
3767
645
		}
3768
646
		if (debug)
3769
647
			fprintf(stderr, "%ld reaped, status %x\n",
3770
648
			    (long)pid, status);
3771
649
		for (sep = servtab; sep; sep = sep->se_next)
3772
650
			if (sep->se_wait == pid) {
3773
651
				if (WIFEXITED(status) && WEXITSTATUS(status))
3774
652
					syslog(LOG_WARNING,
3775
653
					    "%s: exit status %d",
3776
654
					    sep->se_server, WEXITSTATUS(status));
3777
655
				else if (WIFSIGNALED(status))
3778
656
					syslog(LOG_WARNING,
3779
657
					    "%s: exit signal %d",
3780
658
					    sep->se_server, WTERMSIG(status));
3781
659
				sep->se_wait = 1;
3782
660
				fd_grow(&allsockp, &allsockn, sep->se_fd);
3783
661
				FD_SET(sep->se_fd, allsockp);
3784
662
				nsock++;
3785
663
				if (debug)
3786
664
					fprintf(stderr, "restored %s, fd %d\n",
3787
665
					    sep->se_service, sep->se_fd);
3788
666
			}
3789
667
	}
3790
668
}
3791
669
3792
670
/* ARGSUSED */
3793
671
void
3794
672
config(int sig)
3795
673
{
3796
674
	wantconfig = 1;
3797
675
}
3798
676
3799
677
void
3800
678
doconfig(void)
3801
679
{
3802
680
	struct servtab *sep, *cp, **sepp;
3803
681
	int add;
3804
682
	char protoname[10];
3805
683
	sigset_t omask;
3806
684
3807
685
	if (!setconfig()) {
3808
686
		syslog(LOG_ERR, "%s: %m", CONFIG);
3809
687
		exit(1);
3810
688
	}
3811
689
	for (sep = servtab; sep; sep = sep->se_next)
3812
690
		sep->se_checked = 0;
3813
691
	cp = getconfigent();
3814
692
	while (cp != NULL) {
3815
693
		for (sep = servtab; sep; sep = sep->se_next)
3816
694
			if (matchconf(sep, cp))
3817
695
				break;
3818
696
		add = 0;
3819
697
		if (sep != NULL) {
3820
698
			int i;
3821
699
3822
700
#define SWAP(type, a, b) {type c=(type)a; a=(type)b; b=(type)c;}
3823
701
3824
702
			sigprocmask(SIG_BLOCK, &blockmask, &omask);
3825
703
			/*
3826
704
			 * sep->se_wait may be holding the pid of a daemon
3827
705
			 * that we're waiting for.  If so, don't overwrite
3828
706
			 * it unless the config file explicitly says don't
3829
707
			 * wait.
3830
708
			 */
3831
709
			if (cp->se_bi == 0 &&
3832
710
			    (sep->se_wait == 1 || cp->se_wait == 0))
3833
711
				sep->se_wait = cp->se_wait;
3834
712
			SWAP(int, cp->se_max, sep->se_max);
3835
713
			SWAP(char *, sep->se_user, cp->se_user);
3836
714
			SWAP(char *, sep->se_group, cp->se_group);
3837
715
			SWAP(char *, sep->se_server, cp->se_server);
3838
716
			for (i = 0; i < MAXARGV; i++)
3839
717
				SWAP(char *, sep->se_argv[i], cp->se_argv[i]);
3840
718
#undef SWAP
3841
719
			if (isrpcservice(sep))
3842
720
				unregister_rpc(sep);
3843
721
			sep->se_rpcversl = cp->se_rpcversl;
3844
722
			sep->se_rpcversh = cp->se_rpcversh;
3845
723
			sigprocmask(SIG_SETMASK, &omask, NULL);
3846
724
			freeconfig(cp);
3847
725
			add = 1;
3848
726
		} else {
3849
727
			sep = enter(cp);
3850
728
		}
3851
729
		sep->se_checked = 1;
3852
730
3853
731
		switch (sep->se_family) {
3854
732
		case AF_UNIX:
3855
733
			if (sep->se_fd != -1)
3856
734
				break;
3857
735
			sep->se_ctrladdr_size =
3858
736
			    strlcpy(sep->se_ctrladdr_un.sun_path,
3859
737
			    sep->se_service,
3860
738
			    sizeof sep->se_ctrladdr_un.sun_path);
3861
739
			if (sep->se_ctrladdr_size >=
3862
740
			    sizeof sep->se_ctrladdr_un.sun_path) {
3863
741
				syslog(LOG_WARNING, "%s/%s: UNIX domain socket "
3864
742
				    "path too long", sep->se_service,
3865
743
				    sep->se_proto);
3866
744
				goto serv_unknown;
3867
745
			}
3868
746
			sep->se_ctrladdr_un.sun_family = AF_UNIX;
3869
747
			sep->se_ctrladdr_size +=
3870
748
			    1 + sizeof sep->se_ctrladdr_un.sun_family;
3871
749
			(void)unlink(sep->se_service);
3872
750
			setup(sep);
3873
751
			break;
3874
752
		case AF_INET:
3875
753
			sep->se_ctrladdr_in.sin_family = AF_INET;
3876
754
			/* se_ctrladdr_in was set in getconfigent */
3877
755
			sep->se_ctrladdr_size = sizeof sep->se_ctrladdr_in;
3878
756
3879
757
			if (isrpcservice(sep)) {
3880
758
				struct rpcent *rp;
3881
759
3882
760
				sep->se_rpcprog = atoi(sep->se_service);
3883
761
				if (sep->se_rpcprog == 0) {
3884
762
					rp = getrpcbyname(sep->se_service);
3885
763
					if (rp == 0) {
3886
764
						syslog(LOG_ERR,
3887
765
						    "%s: unknown rpc service",
3888
766
						    sep->se_service);
3889
767
						goto serv_unknown;
3890
768
					}
3891
769
					sep->se_rpcprog = rp->r_number;
3892
770
				}
3893
771
				if (sep->se_fd == -1)
3894
772
					setup(sep);
3895
773
				if (sep->se_fd != -1)
3896
774
					register_rpc(sep);
3897
775
			} else {
3898
776
				u_short port = htons(atoi(sep->se_service));
3899
777
3900
778
				if (!port) {
3901
779
					/* XXX */
3902
780
					strncpy(protoname, sep->se_proto,
3903
781
						sizeof(protoname));
3904
782
					if (isdigit(protoname[strlen(protoname) - 1]))
3905
783
						protoname[strlen(protoname) - 1] = '\0';
3906
784
					sp = getservbyname(sep->se_service,
3907
785
					    protoname);
3908
786
					if (sp == 0) {
3909
787
						syslog(LOG_ERR,
3910
788
						    "%s/%s: unknown service",
3911
789
						    sep->se_service, sep->se_proto);
3912
790
						goto serv_unknown;
3913
791
					}
3914
792
					port = sp->s_port;
3915
793
				}
3916
794
				if (port != sep->se_ctrladdr_in.sin_port) {
3917
795
					sep->se_ctrladdr_in.sin_port = port;
3918
796
					if (sep->se_fd != -1) {
3919
797
						FD_CLR(sep->se_fd, allsockp);
3920
798
						nsock--;
3921
799
						(void) close(sep->se_fd);
3922
800
					}
3923
801
					sep->se_fd = -1;
3924
802
				}
3925
803
				if (sep->se_fd == -1)
3926
804
					setup(sep);
3927
805
			}
3928
806
			break;
3929
807
		case AF_INET6:
3930
808
			sep->se_ctrladdr_in6.sin6_family = AF_INET6;
3931
809
			/* se_ctrladdr_in was set in getconfigent */
3932
810
			sep->se_ctrladdr_size = sizeof sep->se_ctrladdr_in6;
3933
811
3934
812
			if (isrpcservice(sep)) {
3935
813
				struct rpcent *rp;
3936
814
3937
815
				sep->se_rpcprog = atoi(sep->se_service);
3938
816
				if (sep->se_rpcprog == 0) {
3939
817
					rp = getrpcbyname(sep->se_service);
3940
818
					if (rp == 0) {
3941
819
						syslog(LOG_ERR,
3942
820
						    "%s: unknown rpc service",
3943
821
						    sep->se_service);
3944
822
						goto serv_unknown;
3945
823
					}
3946
824
					sep->se_rpcprog = rp->r_number;
3947
825
				}
3948
826
				if (sep->se_fd == -1)
3949
827
					setup(sep);
3950
828
				if (sep->se_fd != -1)
3951
829
					register_rpc(sep);
3952
830
			} else {
3953
831
				u_short port = htons(atoi(sep->se_service));
3954
832
3955
833
				if (!port) {
3956
834
					/* XXX */
3957
835
					strncpy(protoname, sep->se_proto,
3958
836
						sizeof(protoname));
3959
837
					if (isdigit(protoname[strlen(protoname) - 1]))
3960
838
						protoname[strlen(protoname) - 1] = '\0';
3961
839
					sp = getservbyname(sep->se_service,
3962
840
					    protoname);
3963
841
					if (sp == 0) {
3964
842
						syslog(LOG_ERR,
3965
843
						    "%s/%s: unknown service",
3966
844
						    sep->se_service, sep->se_proto);
3967
845
						goto serv_unknown;
3968
846
					}
3969
847
					port = sp->s_port;
3970
848
				}
3971
849
				if (port != sep->se_ctrladdr_in6.sin6_port) {
3972
850
					sep->se_ctrladdr_in6.sin6_port = port;
3973
851
					if (sep->se_fd != -1) {
3974
852
						FD_CLR(sep->se_fd, allsockp);
3975
853
						nsock--;
3976
854
						(void) close(sep->se_fd);
3977
855
					}
3978
856
					sep->se_fd = -1;
3979
857
				}
3980
858
				if (sep->se_fd == -1)
3981
859
					setup(sep);
3982
860
			}
3983
861
			break;
3984
862
		}
3985
863
	serv_unknown:
3986
864
		if (cp->se_next != NULL) {
3987
865
			struct servtab *tmp = cp;
3988
866
3989
867
			cp = cp->se_next;
3990
868
			free(tmp);
3991
869
		} else {
3992
870
			free(cp);
3993
871
			cp = getconfigent();
3994
872
		}
3995
873
		if (debug)
3996
874
			print_service(add ? "REDO" : "ADD", sep);
3997
875
	}
3998
876
	endconfig();
3999
877
	/*
4000
878
	 * Purge anything not looked at above.
4001
879
	 */
4002
880
	sigprocmask(SIG_BLOCK, &blockmask, &omask);
4003
881
	sepp = &servtab;
4004
882
	while ((sep = *sepp)) {
4005
883
		if (sep->se_checked) {
4006
884
			sepp = &sep->se_next;
4007
885
			continue;
4008
886
		}
4009
887
		*sepp = sep->se_next;
4010
888
		if (sep->se_fd != -1) {
4011
889
			FD_CLR(sep->se_fd, allsockp);
4012
890
			nsock--;
4013
891
			(void) close(sep->se_fd);
4014
892
		}
4015
893
		if (isrpcservice(sep))
4016
894
			unregister_rpc(sep);
4017
895
		if (sep->se_family == AF_UNIX)
4018
896
			(void)unlink(sep->se_service);
4019
897
		if (debug)
4020
898
			print_service("FREE", sep);
4021
899
		freeconfig(sep);
4022
900
		free(sep);
4023
901
	}
4024
902
	sigprocmask(SIG_SETMASK, &omask, NULL);
4025
903
}
4026
904
4027
905
/* ARGSUSED */
4028
906
void
4029
907
retry(int sig)
4030
908
{
4031
909
	wantretry = 1;
4032
910
}
4033
911
4034
912
void
4035
913
doretry(void)
4036
914
{
4037
915
	struct servtab *sep;
4038
916
4039
917
	timingout = 0;
4040
918
	for (sep = servtab; sep; sep = sep->se_next) {
4041
919
		if (sep->se_fd == -1) {
4042
920
			switch (sep->se_family) {
4043
921
			case AF_UNIX:
4044
922
			case AF_INET:
4045
923
			case AF_INET6:
4046
924
				setup(sep);
4047
925
				if (sep->se_fd != -1 && isrpcservice(sep))
4048
926
					register_rpc(sep);
4049
927
				break;
4050
928
			}
4051
929
		}
4052
930
	}
4053
931
}
4054
932
4055
933
/* ARGSUSED */
4056
934
void
4057
935
die(int sig)
4058
936
{
4059
937
	wantdie = 1;
4060
938
}
4061
939
4062
940
void
4063
941
dodie(void)
4064
942
{
4065
943
	struct servtab *sep;
4066
944
4067
945
	for (sep = servtab; sep; sep = sep->se_next) {
4068
946
		if (sep->se_fd == -1)
4069
947
			continue;
4070
948
4071
949
		switch (sep->se_family) {
4072
950
		case AF_UNIX:
4073
951
			(void)unlink(sep->se_service);
4074
952
			break;
4075
953
		case AF_INET:
4076
954
		case AF_INET6:
4077
955
			if (sep->se_wait == 1 && isrpcservice(sep))
4078
956
				unregister_rpc(sep);
4079
957
			break;
4080
958
		}
4081
959
		(void)close(sep->se_fd);
4082
960
	}
4083
961
	(void)unlink(_PATH_INETDPID);
4084
962
	exit(0);
4085
963
}
4086
964
4087
965
void
4088
966
setup(struct servtab *sep)
4089
967
{
4090
968
	int on = 1;
4091
969
	int r;
4092
970
	mode_t mask = 0;
4093
971
4094
972
	if ((sep->se_fd = socket(sep->se_family, sep->se_socktype, 0)) < 0) {
4095
973
		syslog(LOG_ERR, "%s/%s: socket: %m",
4096
974
		    sep->se_service, sep->se_proto);
4097
975
		return;
4098
976
	}
4099
977
#define	turnon(fd, opt) \
4100
978
setsockopt(fd, SOL_SOCKET, opt, &on, sizeof (on))
4101
979
	if (strncmp(sep->se_proto, "tcp", 3) == 0 && (options & SO_DEBUG) &&
4102
980
	    turnon(sep->se_fd, SO_DEBUG) < 0)
4103
981
		syslog(LOG_ERR, "setsockopt (SO_DEBUG): %m");
4104
982
	if (turnon(sep->se_fd, SO_REUSEADDR) < 0)
4105
983
		syslog(LOG_ERR, "setsockopt (SO_REUSEADDR): %m");
4106
984
#undef turnon
4107
985
	if (isrpcservice(sep)) {
4108
986
		struct passwd *pwd;
4109
987
4110
988
		/*
4111
989
		 * for RPC services, attempt to use a reserved port
4112
990
		 * if they are going to be running as root.
4113
991
		 *
4114
992
		 * Also, zero out the port for all RPC services; let bind()
4115
993
		 * find one.
4116
994
		 */
4117
995
		sep->se_ctrladdr_in.sin_port = 0;
4118
996
		if (sep->se_user && (pwd = getpwnam(sep->se_user)) &&
4119
997
		    pwd->pw_uid == 0 && uid == 0)
4120
998
			r = bindresvport(sep->se_fd, &sep->se_ctrladdr_in);
4121
999
		else {
4122
1000
			r = bind(sep->se_fd, &sep->se_ctrladdr,
4123
1001
			    sep->se_ctrladdr_size);
4124
1002
			if (r == 0) {
4125
1003
				socklen_t len = sep->se_ctrladdr_size;
4126
1004
				int saveerrno = errno;
4127
1005
4128
1006
				/* update se_ctrladdr_in.sin_port */
4129
1007
				r = getsockname(sep->se_fd, &sep->se_ctrladdr,
4130
1008
				    &len);
4131
1009
				if (r <= 0)
4132
1010
					errno = saveerrno;
4133
1011
			}
4134
1012
		}
4135
1013
	} else {
4136
1014
		if (sep->se_family == AF_UNIX)
4137
1015
			mask = umask(0111);
4138
1016
		r = bind(sep->se_fd, &sep->se_ctrladdr, sep->se_ctrladdr_size);
4139
1017
		if (sep->se_family == AF_UNIX)
4140
1018
			umask(mask);
4141
1019
	}
4142
1020
	if (r < 0) {
4143
1021
		syslog(LOG_ERR, "%s/%s: bind: %m",
4144
1022
		    sep->se_service, sep->se_proto);
4145
1023
		(void) close(sep->se_fd);
4146
1024
		sep->se_fd = -1;
4147
1025
		if (!timingout) {
4148
1026
			timingout = 1;
4149
1027
			alarm(RETRYTIME);
4150
1028
		}
4151
1029
		return;
4152
1030
	}
4153
1031
	if (sep->se_socktype == SOCK_STREAM)
4154
1032
		listen(sep->se_fd, 10);
4155
1033
4156
1034
	fd_grow(&allsockp, &allsockn, sep->se_fd);
4157
1035
	FD_SET(sep->se_fd, allsockp);
4158
1036
	nsock++;
4159
1037
	if (sep->se_fd > maxsock) {
4160
1038
		maxsock = sep->se_fd;
4161
1039
		if (maxsock > rlim_nofile_cur - FD_MARGIN)
4162
1040
			bump_nofile();
4163
1041
	}
4164
1042
}
4165
1043
4166
1044
void
4167
1045
register_rpc(struct servtab *sep)
4168
1046
{
4169
1047
	socklen_t n;
4170
1048
	struct sockaddr_in sin;
4171
1049
	struct protoent *pp;
4172
1050
4173
1051
	if ((pp = getprotobyname(sep->se_proto+4)) == NULL) {
4174
1052
		syslog(LOG_ERR, "%s: getproto: %m",
4175
1053
		    sep->se_proto);
4176
1054
		return;
4177
1055
	}
4178
1056
	n = sizeof sin;
4179
1057
	if (getsockname(sep->se_fd, (struct sockaddr *)&sin, &n) < 0) {
4180
1058
		syslog(LOG_ERR, "%s/%s: getsockname: %m",
4181
1059
		    sep->se_service, sep->se_proto);
4182
1060
		return;
4183
1061
	}
4184
1062
4185
1063
	for (n = sep->se_rpcversl; n <= sep->se_rpcversh; n++) {
4186
1064
		if (debug)
4187
1065
			fprintf(stderr, "pmap_set: %u %u %u %u\n",
4188
1066
			    sep->se_rpcprog, n, pp->p_proto,
4189
1067
			    ntohs(sin.sin_port));
4190
1068
		(void)pmap_unset(sep->se_rpcprog, n);
4191
1069
		if (!pmap_set(sep->se_rpcprog, n, pp->p_proto, ntohs(sin.sin_port)))
4192
1070
			syslog(LOG_ERR, "%s %s: pmap_set: %u %u %u %u: %m",
4193
1071
			    sep->se_service, sep->se_proto,
4194
1072
			    sep->se_rpcprog, n, pp->p_proto,
4195
1073
			    ntohs(sin.sin_port));
4196
1074
	}
4197
1075
}
4198
1076
4199
1077
void
4200
1078
unregister_rpc(struct servtab *sep)
4201
1079
{
4202
1080
	int n;
4203
1081
4204
1082
	for (n = sep->se_rpcversl; n <= sep->se_rpcversh; n++) {
4205
1083
		if (debug)
4206
1084
			fprintf(stderr, "pmap_unset(%u, %u)\n",
4207
1085
			    sep->se_rpcprog, n);
4208
1086
		if (!pmap_unset(sep->se_rpcprog, n))
4209
1087
			syslog(LOG_ERR, "pmap_unset(%u, %u)",
4210
1088
			    sep->se_rpcprog, n);
4211
1089
	}
4212
1090
}
4213
1091
4214
1092
4215
1093
struct servtab *
4216
1094
enter(struct servtab *cp)
4217
1095
{
4218
1096
	struct servtab *sep;
4219
1097
	sigset_t omask;
4220
1098
4221
1099
	sep = (struct servtab *)malloc(sizeof (*sep));
4222
1100
	if (sep == NULL) {
4223
1101
		syslog(LOG_ERR, "Out of memory.");
4224
1102
		exit(1);
4225
1103
	}
4226
1104
	*sep = *cp;
4227
1105
	sep->se_fd = -1;
4228
1106
	sep->se_rpcprog = -1;
4229
1107
	sigprocmask(SIG_BLOCK, &blockmask, &omask);
4230
1108
	sep->se_next = servtab;
4231
1109
	servtab = sep;
4232
1110
	sigprocmask(SIG_SETMASK, &omask, NULL);
4233
1111
	return (sep);
4234
1112
}
4235
1113
4236
1114
int
4237
1115
matchconf(struct servtab *old, struct servtab *new)
4238
1116
{
4239
1117
	if (strcmp(old->se_service, new->se_service) != 0)
4240
1118
		return (0);
4241
1119
4242
1120
	if (strcmp(old->se_hostaddr, new->se_hostaddr) != 0)
4243
1121
		return (0);
4244
1122
4245
1123
	if (strcmp(old->se_proto, new->se_proto) != 0)
4246
1124
		return (0);
4247
1125
4248
1126
	/*
4249
1127
	 * If the new servtab is bound to a specific address, check that the
4250
1128
	 * old servtab is bound to the same entry. If the new service is not
4251
1129
	 * bound to a specific address then the check of se_hostaddr above
4252
1130
	 * is sufficient.
4253
1131
	 */
4254
1132
4255
1133
	if (old->se_family == AF_INET && new->se_family == AF_INET &&
4256
1134
	    bcmp(&old->se_ctrladdr_in.sin_addr,
4257
1135
	    &new->se_ctrladdr_in.sin_addr,
4258
1136
	    sizeof(new->se_ctrladdr_in.sin_addr)) != 0)
4259
1137
		return (0);
4260
1138
4261
1139
	if (old->se_family == AF_INET6 && new->se_family == AF_INET6 &&
4262
1140
	    bcmp(&old->se_ctrladdr_in6.sin6_addr,
4263
1141
	    &new->se_ctrladdr_in6.sin6_addr,
4264
1142
	    sizeof(new->se_ctrladdr_in6.sin6_addr)) != 0)
4265
1143
		return (0);
4266
1144
	if (old->se_family == AF_INET6 && new->se_family == AF_INET6 &&
4267
1145
	    old->se_ctrladdr_in6.sin6_scope_id !=
4268
1146
	    new->se_ctrladdr_in6.sin6_scope_id)
4269
1147
		return (0);
4270
1148
4271
1149
	return (1);
4272
1150
}
4273
1151
4274
1152
FILE		*fconfig = NULL;
4275
1153
char		line[1024];
4276
1154
char		*defhost;
4277
1155
char		*skip(char **, int);
4278
1156
char		*nextline(FILE *);
4279
1157
char		*newstr(char *);
4280
1158
struct servtab	*dupconfig(struct servtab *);
4281
1159
4282
1160
int
4283
1161
setconfig(void)
4284
1162
{
4285
1163
	if (defhost)
4286
1164
		free(defhost);
4287
1165
	defhost = newstr("*");
4288
1166
	if (fconfig != NULL) {
4289
1167
		fseek(fconfig, 0L, SEEK_SET);
4290
1168
		return (1);
4291
1169
	}
4292
1170
	fconfig = fopen(CONFIG, "r");
4293
1171
	return (fconfig != NULL);
4294
1172
}
4295
1173
4296
1174
void
4297
1175
endconfig(void)
4298
1176
{
4299
1177
	if (fconfig) {
4300
1178
		(void) fclose(fconfig);
4301
1179
		fconfig = NULL;
4302
1180
	}
4303
1181
	if (defhost) {
4304
1182
		free(defhost);
4305
1183
		defhost = 0;
4306
1184
	}
4307
1185
}
4308
1186
4309
1187
struct servtab *
4310
1188
getconfigent(void)
4311
1189
{
4312
1190
	struct servtab *sep, *tsep;
4313
1191
	char *arg, *cp, *hostdelim, *s;
4314
1192
	int argc;
4315
1193
4316
1194
	sep = (struct servtab *) malloc(sizeof(struct servtab));
4317
1195
	if (sep == NULL) {
4318
1196
		syslog(LOG_ERR, "malloc: %m");
4319
1197
		exit(1);
4320
1198
	}
4321
1199
4322
1200
	memset(sep, 0, sizeof *sep);
4323
1201
more:
4324
1202
	freeconfig(sep);
4325
1203
4326
1204
	while ((cp = nextline(fconfig)) && *cp == '#')
4327
1205
		;
4328
1206
	if (cp == NULL) {
4329
1207
		free(sep);
4330
1208
		return (NULL);
4331
1209
	}
4332
1210
4333
1211
	memset(sep, 0, sizeof *sep);
4334
1212
	arg = skip(&cp, 0);
4335
1213
	if (arg == NULL) {
4336
1214
		/* A blank line. */
4337
1215
		goto more;
4338
1216
	}
4339
1217
4340
1218
	/* Check for a host name. */
4341
1219
	hostdelim = strrchr(arg, ':');
4342
1220
	if (hostdelim) {
4343
1221
		*hostdelim = '\0';
4344
1222
		if (arg[0] == '[' && hostdelim > arg && hostdelim[-1] == ']') {
4345
1223
			hostdelim[-1] = '\0';
4346
1224
			sep->se_hostaddr = newstr(arg + 1);
4347
1225
		} else if (hostdelim == arg)
4348
1226
			sep->se_hostaddr = newstr("*");
4349
1227
		else
4350
1228
			sep->se_hostaddr = newstr(arg);
4351
1229
		arg = hostdelim + 1;
4352
1230
		/*
4353
1231
		 * If the line is of the form `host:', then just change the
4354
1232
		 * default host for the following lines.
4355
1233
		 */
4356
1234
		if (*arg == '\0') {
4357
1235
			arg = skip(&cp, 0);
4358
1236
			if (cp == NULL) {
4359
1237
				free(defhost);
4360
1238
				defhost = newstr(sep->se_hostaddr);
4361
1239
				goto more;
4362
1240
			}
4363
1241
		}
4364
1242
	} else
4365
1243
		sep->se_hostaddr = newstr(defhost);
4366
1244
4367
1245
	sep->se_service = newstr(arg);
4368
1246
	if ((arg = skip(&cp, 1)) == NULL)
4369
1247
		goto more;
4370
1248
4371
1249
	if (strcmp(arg, "stream") == 0)
4372
1250
		sep->se_socktype = SOCK_STREAM;
4373
1251
	else if (strcmp(arg, "dgram") == 0)
4374
1252
		sep->se_socktype = SOCK_DGRAM;
4375
1253
	else if (strcmp(arg, "rdm") == 0)
4376
1254
		sep->se_socktype = SOCK_RDM;
4377
1255
	else if (strcmp(arg, "seqpacket") == 0)
4378
1256
		sep->se_socktype = SOCK_SEQPACKET;
4379
1257
	else if (strcmp(arg, "raw") == 0)
4380
1258
		sep->se_socktype = SOCK_RAW;
4381
1259
	else
4382
1260
		sep->se_socktype = -1;
4383
1261
4384
1262
	if ((arg = skip(&cp, 1)) == NULL)
4385
1263
		goto more;
4386
1264
4387
1265
	sep->se_proto = newstr(arg);
4388
1266
4389
1267
	if (strcmp(sep->se_proto, "unix") == 0) {
4390
1268
		sep->se_family = AF_UNIX;
4391
1269
	} else {
4392
1270
		int s;
4393
1271
4394
1272
		sep->se_family = AF_INET;
4395
1273
		if (sep->se_proto[strlen(sep->se_proto) - 1] == '6')
4396
1274
			sep->se_family = AF_INET6;
4397
1275
4398
1276
		/* check if the family is supported */
4399
1277
		s = socket(sep->se_family, SOCK_DGRAM, 0);
4400
1278
		if (s < 0) {
4401
1279
			syslog(LOG_WARNING, "%s/%s: %s: the address family is "
4402
1280
			    "not supported by the kernel", sep->se_service,
4403
1281
			    sep->se_proto, sep->se_hostaddr);
4404
1282
			goto more;
4405
1283
		}
4406
1284
		close(s);
4407
1285
4408
1286
		if (strncmp(sep->se_proto, "rpc/", 4) == 0) {
4409
1287
			char *cp, *ccp;
4410
1288
			long l;
4411
1289
4412
1290
			cp = strchr(sep->se_service, '/');
4413
1291
			if (cp == 0) {
4414
1292
				syslog(LOG_ERR, "%s: no rpc version",
4415
1293
				    sep->se_service);
4416
1294
				goto more;
4417
1295
			}
4418
1296
			*cp++ = '\0';
4419
1297
			l = strtol(cp, &ccp, 0);
4420
1298
			if (ccp == cp || l < 0 || l > INT_MAX) {
4421
1299
		badafterall:
4422
1300
				syslog(LOG_ERR, "%s/%s: bad rpc version",
4423
1301
				    sep->se_service, cp);
4424
1302
				goto more;
4425
1303
			}
4426
1304
			sep->se_rpcversl = sep->se_rpcversh = l;
4427
1305
			if (*ccp == '-') {
4428
1306
				cp = ccp + 1;
4429
1307
				l = strtol(cp, &ccp, 0);
4430
1308
				if (ccp == cp || l < 0 || l > INT_MAX ||
4431
1309
				    l < sep->se_rpcversl || *ccp)
4432
1310
					goto badafterall;
4433
1311
				sep->se_rpcversh = l;
4434
1312
			} else if (*ccp != '\0')
4435
1313
				goto badafterall;
4436
1314
		}
4437
1315
	}
4438
1316
	arg = skip(&cp, 1);
4439
1317
	if (arg == NULL)
4440
1318
		goto more;
4441
1319
4442
1320
	s = strchr(arg, '.');
4443
1321
	if (s) {
4444
1322
		char *p;
4445
1323
4446
1324
		*s++ = '\0';
4447
1325
		sep->se_max = strtoul(s, &p, 0);
4448
1326
		if (sep->se_max < 1 || *p) {
4449
1327
			syslog(LOG_ERR,
4450
1328
			    "%s: illegal max field \"%s\", setting to %d",
4451
1329
			    sep->se_service, s, toomany);
4452
1330
			sep->se_max = toomany;
4453
1331
		}
4454
1332
	} else
4455
1333
		sep->se_max = toomany;
4456
1334
4457
1335
	sep->se_wait = strcmp(arg, "wait") == 0;
4458
1336
	if ((arg = skip(&cp, 1)) == NULL)
4459
1337
		goto more;
4460
1338
	sep->se_user = newstr(arg);
4461
1339
	arg = strchr(sep->se_user, '.');
4462
1340
	if (arg == NULL)
4463
1341
		arg = strchr(sep->se_user, ':');
4464
1342
	if (arg) {
4465
1343
		*arg++ = '\0';
4466
1344
		sep->se_group = newstr(arg);
4467
1345
	}
4468
1346
	if ((arg = skip(&cp, 1)) == NULL)
4469
1347
		goto more;
4470
1348
4471
1349
	sep->se_server = newstr(arg);
4472
1350
	if (strcmp(sep->se_server, "internal") == 0) {
4473
1351
		struct biltin *bi;
4474
1352
4475
1353
		for (bi = biltins; bi->bi_service; bi++)
4476
1354
			if (bi->bi_socktype == sep->se_socktype &&
4477
1355
			    strcmp(bi->bi_service, sep->se_service) == 0)
4478
1356
				break;
4479
1357
		if (bi->bi_service == 0) {
4480
1358
			syslog(LOG_ERR, "internal service %s unknown",
4481
1359
			    sep->se_service);
4482
1360
			goto more;
4483
1361
		}
4484
1362
		sep->se_bi = bi;
4485
1363
		sep->se_wait = bi->bi_wait;
4486
1364
	} else
4487
1365
		sep->se_bi = NULL;
4488
1366
	argc = 0;
4489
1367
	for (arg = skip(&cp, 0); cp; arg = skip(&cp, 0)) {
4490
1368
		if (argc < MAXARGV)
4491
1369
			sep->se_argv[argc++] = newstr(arg);
4492
1370
	}
4493
1371
	if (argc == 0 && sep->se_bi == NULL) {
4494
1372
		if ((arg = strrchr(sep->se_server, '/')) != NULL)
4495
1373
			arg++;
4496
1374
		else
4497
1375
			arg = sep->se_server;
4498
1376
		sep->se_argv[argc++] = newstr(arg);
4499
1377
	}
4500
1378
	while (argc <= MAXARGV)
4501
1379
		sep->se_argv[argc++] = NULL;
4502
1380
4503
1381
	/*
4504
1382
	 * Resolve each hostname in the se_hostaddr list (if any)
4505
1383
	 * and create a new entry for each resolved address.
4506
1384
	 */
4507
1385
	if (sep->se_hostaddr != NULL && strcmp(sep->se_proto, "unix") != 0) {
4508
1386
		struct addrinfo hints, *res0, *res;
4509
1387
		char *host, *hostlist0, *hostlist, *port;
4510
1388
		int error;
4511
1389
4512
1390
		hostlist = hostlist0 = sep->se_hostaddr;
4513
1391
		sep->se_hostaddr = NULL;
4514
1392
		sep->se_checked = -1;
4515
1393
		while ((host = strsep(&hostlist, ",")) != NULL) {
4516
1394
			if (*host == '\0')
4517
1395
				continue;
4518
1396
4519
1397
			memset(&hints, 0, sizeof(hints));
4520
1398
			hints.ai_family = sep->se_family;
4521
1399
			hints.ai_socktype = sep->se_socktype;
4522
1400
			hints.ai_flags = AI_PASSIVE;
4523
1401
			port = "0";
4524
1402
			/* XXX shortened IPv4 syntax is now forbidden */
4525
1403
			error = getaddrinfo(strcmp(host, "*") ? host : NULL,
4526
1404
			    port, &hints, &res0);
4527
1405
			if (error) {
4528
1406
				syslog(LOG_ERR, "%s/%s: %s: %s",
4529
1407
				    sep->se_service, sep->se_proto,
4530
1408
				    host, gai_strerror(error));
4531
1409
				continue;
4532
1410
			}
4533
1411
			for (res = res0; res; res = res->ai_next) {
4534
1412
				if (res->ai_addrlen >
4535
1413
				    sizeof(sep->se_ctrladdr_storage))
4536
1414
					continue;
4537
1415
				/*
4538
1416
				 * If sep is unused, store host in there.
4539
1417
				 * Otherwise, dup a new entry and prepend it.
4540
1418
				 */
4541
1419
				if (sep->se_checked == -1) {
4542
1420
					sep->se_checked = 0;
4543
1421
				} else {
4544
1422
					tsep = dupconfig(sep);
4545
1423
					tsep->se_next = sep;
4546
1424
					sep = tsep;
4547
1425
				}
4548
1426
				sep->se_hostaddr = newstr(host);
4549
1427
				memcpy(&sep->se_ctrladdr_storage,
4550
1428
				    res->ai_addr, res->ai_addrlen);
4551
1429
				sep->se_ctrladdr_size = res->ai_addrlen;
4552
1430
			}
4553
1431
			freeaddrinfo(res0);
4554
1432
		}
4555
1433
		free(hostlist0);
4556
1434
		if (sep->se_checked == -1)
4557
1435
			goto more;	/* no resolvable names/addresses */
4558
1436
	}
4559
1437
4560
1438
	return (sep);
4561
1439
}
4562
1440
4563
1441
void
4564
1442
freeconfig(struct servtab *cp)
4565
1443
{
4566
1444
	int i;
4567
1445
4568
1446
	free(cp->se_hostaddr);
4569
1447
	cp->se_hostaddr = NULL;
4570
1448
	free(cp->se_service);
4571
1449
	cp->se_service = NULL;
4572
1450
	free(cp->se_proto);
4573
1451
	cp->se_proto = NULL;
4574
1452
	free(cp->se_user);
4575
1453
	cp->se_user = NULL;
4576
1454
	free(cp->se_group);
4577
1455
	cp->se_group = NULL;
4578
1456
	free(cp->se_server);
4579
1457
	cp->se_server = NULL;
4580
1458
	for (i = 0; i < MAXARGV; i++) {
4581
1459
		free(cp->se_argv[i]);
4582
1460
		cp->se_argv[i] = NULL;
4583
1461
	}
4584
1462
}
4585
1463
4586
1464
char *
4587
1465
skip(char **cpp, int report)
4588
1466
{
4589
1467
	char *cp = *cpp;
4590
1468
	char *start;
4591
1469
4592
1470
erp:
4593
1471
	if (*cpp == NULL) {
4594
1472
		if (report)
4595
1473
			syslog(LOG_ERR, "syntax error in inetd config file");
4596
1474
		return (NULL);
4597
1475
	}
4598
1476
4599
1477
again:
4600
1478
	while (*cp == ' ' || *cp == '\t')
4601
1479
		cp++;
4602
1480
	if (*cp == '\0') {
4603
1481
		int c;
4604
1482
4605
1483
		c = getc(fconfig);
4606
1484
		(void) ungetc(c, fconfig);
4607
1485
		if (c == ' ' || c == '\t')
4608
1486
			if ((cp = nextline(fconfig)))
4609
1487
				goto again;
4610
1488
		*cpp = NULL;
4611
1489
		goto erp;
4612
1490
	}
4613
1491
	start = cp;
4614
1492
	while (*cp && *cp != ' ' && *cp != '\t')
4615
1493
		cp++;
4616
1494
	if (*cp != '\0')
4617
1495
		*cp++ = '\0';
4618
1496
	if ((*cpp = cp) == NULL)
4619
1497
		goto erp;
4620
1498
4621
1499
	return (start);
4622
1500
}
4623
1501
4624
1502
char *
4625
1503
nextline(FILE *fd)
4626
1504
{
4627
1505
	if (fgets(line, sizeof (line), fd) == NULL)
4628
1506
		return (NULL);
4629
1507
	line[strcspn(line, "\n")] = '\0';
4630
1508
	return (line);
4631
1509
}
4632
1510
4633
1511
char *
4634
1512
newstr(char *cp)
4635
1513
{
4636
1514
	if ((cp = strdup(cp ? cp : "")))
4637
1515
		return(cp);
4638
1516
	syslog(LOG_ERR, "strdup: %m");
4639
1517
	exit(1);
4640
1518
}
4641
1519
4642
1520
struct servtab *
4643
1521
dupconfig(struct servtab *sep)
4644
1522
{
4645
1523
	struct servtab *newtab;
4646
1524
	int argc;
4647
1525
4648
1526
	newtab = (struct servtab *) malloc(sizeof(struct servtab));
4649
1527
4650
1528
	if (newtab == NULL) {
4651
1529
		syslog(LOG_ERR, "malloc: %m");
4652
1530
		exit(1);
4653
1531
	}
4654
1532
4655
1533
	memset(newtab, 0, sizeof(struct servtab));
4656
1534
4657
1535
	newtab->se_service = sep->se_service ? newstr(sep->se_service) : NULL;
4658
1536
	newtab->se_socktype = sep->se_socktype;
4659
1537
	newtab->se_family = sep->se_family;
4660
1538
	newtab->se_proto = sep->se_proto ? newstr(sep->se_proto) : NULL;
4661
1539
	newtab->se_rpcprog = sep->se_rpcprog;
4662
1540
	newtab->se_rpcversl = sep->se_rpcversl;
4663
1541
	newtab->se_rpcversh = sep->se_rpcversh;
4664
1542
	newtab->se_wait = sep->se_wait;
4665
1543
	newtab->se_user = sep->se_user ? newstr(sep->se_user) : NULL;
4666
1544
	newtab->se_group = sep->se_group ? newstr(sep->se_group) : NULL;
4667
1545
	newtab->se_bi = sep->se_bi;
4668
1546
	newtab->se_server = sep->se_server ? newstr(sep->se_server) : 0;
4669
1547
4670
1548
	for (argc = 0; argc <= MAXARGV; argc++)
4671
1549
		newtab->se_argv[argc] = sep->se_argv[argc] ?
4672
1550
		    newstr(sep->se_argv[argc]) : NULL;
4673
1551
	newtab->se_max = sep->se_max;
4674
1552
4675
1553
	return (newtab);
4676
1554
}
4677
1555
4678
1556
void
4679
1557
inetd_setproctitle(char *a, int s)
4680
1558
{
4681
1559
	socklen_t size;
4682
1560
	struct sockaddr_storage ss;
4683
1561
	char hbuf[NI_MAXHOST];
4684
1562
4685
1563
	size = sizeof(ss);
4686
1564
	if (getpeername(s, (struct sockaddr *)&ss, &size) == 0) {
4687
1565
		if (getnameinfo((struct sockaddr *)&ss, size, hbuf,
4688
1566
		    sizeof(hbuf), NULL, 0, NI_NUMERICHOST) == 0)
4689
1567
			setproctitle("-%s [%s]", a, hbuf);
4690
1568
		else
4691
1569
			setproctitle("-%s [?]", a);
4692
1570
	} else
4693
1571
		setproctitle("-%s", a);
4694
1572
}
4695
1573
4696
1574
void
4697
1575
logpid(void)
4698
1576
{
4699
1577
	FILE *fp;
4700
1578
4701
1579
	if ((fp = fopen(_PATH_INETDPID, "w")) != NULL) {
4702
1580
		fprintf(fp, "%ld\n", (long)getpid());
4703
1581
		(void)fclose(fp);
4704
1582
	}
4705
1583
}
4706
1584
4707
1585
int
4708
1586
bump_nofile(void)
4709
1587
{
4710
1588
#define FD_CHUNK	32
4711
1589
4712
1590
	struct rlimit rl;
4713
1591
4714
1592
	if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
4715
1593
		syslog(LOG_ERR, "getrlimit: %m");
4716
1594
		return -1;
4717
1595
	}
4718
1596
	rl.rlim_cur = MIN(rl.rlim_max, rl.rlim_cur + FD_CHUNK);
4719
1597
	rl.rlim_cur = MIN(FD_SETSIZE, rl.rlim_cur + FD_CHUNK);
4720
1598
	if (rl.rlim_cur <= rlim_nofile_cur) {
4721
1599
		syslog(LOG_ERR,
4722
1600
		    "bump_nofile: cannot extend file limit, max = %d",
4723
1601
		    (int)rl.rlim_cur);
4724
1602
		return -1;
4725
1603
	}
4726
1604
4727
1605
	if (setrlimit(RLIMIT_NOFILE, &rl) < 0) {
4728
1606
		syslog(LOG_ERR, "setrlimit: %m");
4729
1607
		return -1;
4730
1608
	}
4731
1609
4732
1610
	rlim_nofile_cur = rl.rlim_cur;
4733
1611
	return 0;
4734
1612
}
4735
1613
4736
1614
/*
4737
1615
 * Internet services provided internally by inetd:
4738
1616
 */
4739
1617
#define	BUFSIZE	4096
4740
1618
4741
1619
/* ARGSUSED */
4742
1620
void
4743
1621
echo_stream(int s, struct servtab *sep)
4744
1622
{
4745
1623
	char buffer[BUFSIZE];
4746
1624
	int i;
4747
1625
4748
1626
	inetd_setproctitle(sep->se_service, s);
4749
1627
	while ((i = read(s, buffer, sizeof(buffer))) > 0 &&
4750
1628
	    write(s, buffer, i) > 0)
4751
1629
		;
4752
1630
	exit(0);
4753
1631
}
4754
1632
4755
1633
/* ARGSUSED */
4756
1634
void
4757
1635
echo_dg(int s, struct servtab *sep)
4758
1636
{
4759
1637
	char buffer[BUFSIZE];
4760
1638
	int i;
4761
1639
	socklen_t size;
4762
1640
	struct sockaddr_storage ss;
4763
1641
4764
1642
	size = sizeof(ss);
4765
1643
	if ((i = recvfrom(s, buffer, sizeof(buffer), 0,
4766
1644
	    (struct sockaddr *)&ss, &size)) < 0)
4767
1645
		return;
4768
1646
	if (dg_badinput((struct sockaddr *)&ss))
4769
1647
		return;
4770
1648
	(void) sendto(s, buffer, i, 0, (struct sockaddr *)&ss, size);
4771
1649
}
4772
1650
4773
1651
/* ARGSUSED */
4774
1652
void
4775
1653
discard_stream(int s, struct servtab *sep)
4776
1654
{
4777
1655
	char buffer[BUFSIZE];
4778
1656
4779
1657
	inetd_setproctitle(sep->se_service, s);
4780
1658
	while ((errno = 0, read(s, buffer, sizeof(buffer)) > 0) ||
4781
1659
	    errno == EINTR)
4782
1660
		;
4783
1661
	exit(0);
4784
1662
}
4785
1663
4786
1664
/* ARGSUSED */
4787
1665
void
4788
1666
discard_dg(int s, struct servtab *sep)
4789
1667
{
4790
1668
	char buffer[BUFSIZE];
4791
1669
4792
1670
	(void) read(s, buffer, sizeof(buffer));
4793
1671
}
4794
1672
4795
1673
#include <ctype.h>
4796
1674
#define LINESIZ 72
4797
1675
char ring[128];
4798
1676
char *endring;
4799
1677
4800
1678
void
4801
1679
initring(void)
4802
1680
{
4803
1681
	int i;
4804
1682
4805
1683
	endring = ring;
4806
1684
4807
1685
	for (i = 0; i <= sizeof ring; ++i)
4808
1686
		if (isprint(i))
4809
1687
			*endring++ = i;
4810
1688
}
4811
1689
4812
1690
/* ARGSUSED */
4813
1691
void
4814
1692
chargen_stream(int s, struct servtab *sep)
4815
1693
{
4816
1694
	char *rs;
4817
1695
	int len;
4818
1696
	char text[LINESIZ+2];
4819
1697
4820
1698
	inetd_setproctitle(sep->se_service, s);
4821
1699
4822
1700
	if (!endring) {
4823
1701
		initring();
4824
1702
		rs = ring;
4825
1703
	}
4826
1704
4827
1705
	text[LINESIZ] = '\r';
4828
1706
	text[LINESIZ + 1] = '\n';
4829
1707
	for (rs = ring;;) {
4830
1708
		if ((len = endring - rs) >= LINESIZ)
4831
1709
			memmove(text, rs, LINESIZ);
4832
1710
		else {
4833
1711
			memmove(text, rs, len);
4834
1712
			memmove(text + len, ring, LINESIZ - len);
4835
1713
		}
4836
1714
		if (++rs == endring)
4837
1715
			rs = ring;
4838
1716
		if (write(s, text, sizeof(text)) != sizeof(text))
4839
1717
			break;
4840
1718
	}
4841
1719
	exit(0);
4842
1720
}
4843
1721
4844
1722
/* ARGSUSED */
4845
1723
void
4846
1724
chargen_dg(int s, struct servtab *sep)
4847
1725
{
4848
1726
	struct sockaddr_storage ss;
4849
1727
	static char *rs;
4850
1728
	int len;
4851
1729
	socklen_t size;
4852
1730
	char text[LINESIZ+2];
4853
1731
4854
1732
	if (endring == 0) {
4855
1733
		initring();
4856
1734
		rs = ring;
4857
1735
	}
4858
1736
4859
1737
	size = sizeof(ss);
4860
1738
	if (recvfrom(s, text, sizeof(text), 0, (struct sockaddr *)&ss,
4861
1739
	    &size) < 0)
4862
1740
		return;
4863
1741
	if (dg_badinput((struct sockaddr *)&ss))
4864
1742
		return;
4865
1743
4866
1744
	if ((len = endring - rs) >= LINESIZ)
4867
1745
		memmove(text, rs, LINESIZ);
4868
1746
	else {
4869
1747
		memmove(text, rs, len);
4870
1748
		memmove(text + len, ring, LINESIZ - len);
4871
1749
	}
4872
1750
	if (++rs == endring)
4873
1751
		rs = ring;
4874
1752
	text[LINESIZ] = '\r';
4875
1753
	text[LINESIZ + 1] = '\n';
4876
1754
	(void) sendto(s, text, sizeof(text), 0, (struct sockaddr *)&ss, size);
4877
1755
}
4878
1756
4879
1757
/*
4880
1758
 * Return a machine readable date and time, in the form of the
4881
1759
 * number of seconds since midnight, Jan 1, 1900.  Since gettimeofday
4882
1760
 * returns the number of seconds since midnight, Jan 1, 1970,
4883
1761
 * we must add 2208988800 seconds to this figure to make up for
4884
1762
 * some seventy years Bell Labs was asleep.
4885
1763
 */
4886
1764
u_int32_t
4887
1765
machtime(void)
4888
1766
{
4889
1767
	struct timeval tv;
4890
1768
4891
1769
	if (gettimeofday(&tv, NULL) < 0)
4892
1770
		return (0L);
4893
1771
4894
1772
	return (htonl((u_int32_t)tv.tv_sec + 2208988800UL));
4895
1773
}
4896
1774
4897
1775
/* ARGSUSED */
4898
1776
void
4899
1777
machtime_stream(s, sep)
4900
1778
	int s;
4901
1779
	struct servtab *sep;
4902
1780
{
4903
1781
	u_int32_t result;
4904
1782
4905
1783
	result = machtime();
4906
1784
	(void) write(s, &result, sizeof(result));
4907
1785
}
4908
1786
4909
1787
/* ARGSUSED */
4910
1788
void
4911
1789
machtime_dg(int s, struct servtab *sep)
4912
1790
{
4913
1791
	u_int32_t result;
4914
1792
	struct sockaddr_storage ss;
4915
1793
	socklen_t size;
4916
1794
4917
1795
	size = sizeof(ss);
4918
1796
	if (recvfrom(s, &result, sizeof(result), 0,
4919
1797
	    (struct sockaddr *)&ss, &size) < 0)
4920
1798
		return;
4921
1799
	if (dg_badinput((struct sockaddr *)&ss))
4922
1800
		return;
4923
1801
	result = machtime();
4924
1802
	(void) sendto(s, &result, sizeof(result), 0,
4925
1803
	    (struct sockaddr *)&ss, size);
4926
1804
}
4927
1805
4928
1806
/* Return human-readable time of day */
4929
1807
/* ARGSUSED */
4930
1808
void
4931
1809
daytime_stream(int s, struct servtab *sep)
4932
1810
{
4933
1811
	char buffer[256];
4934
1812
	time_t clock;
4935
1813
4936
1814
	clock = time(NULL);
4937
1815
4938
1816
	(void) snprintf(buffer, sizeof buffer, "%.24s\r\n", ctime(&clock));
4939
1817
	(void) write(s, buffer, strlen(buffer));
4940
1818
}
4941
1819
4942
1820
/* Return human-readable time of day */
4943
1821
/* ARGSUSED */
4944
1822
void
4945
1823
daytime_dg(int s, struct servtab *sep)
4946
1824
{
4947
1825
	char buffer[256];
4948
1826
	time_t clock;
4949
1827
	struct sockaddr_storage ss;
4950
1828
	socklen_t size;
4951
1829
4952
1830
	clock = time(NULL);
4953
1831
4954
1832
	size = sizeof(ss);
4955
1833
	if (recvfrom(s, buffer, sizeof(buffer), 0, (struct sockaddr *)&ss,
4956
1834
	    &size) < 0)
4957
1835
		return;
4958
1836
	if (dg_badinput((struct sockaddr *)&ss))
4959
1837
		return;
4960
1838
	(void) snprintf(buffer, sizeof buffer, "%.24s\r\n", ctime(&clock));
4961
1839
	(void) sendto(s, buffer, strlen(buffer), 0, (struct sockaddr *)&ss,
4962
1840
	    size);
4963
1841
}
4964
1842
4965
1843
/*
4966
1844
 * print_service:
4967
1845
 *	Dump relevant information to stderr
4968
1846
 */
4969
1847
void
4970
1848
print_service(char *action, struct servtab *sep)
4971
1849
{
4972
1850
	if (strcmp(sep->se_hostaddr, "*") == 0)
4973
1851
		fprintf(stderr, "%s: %s ", action, sep->se_service);
4974
1852
	else
4975
1853
		fprintf(stderr, "%s: %s:%s ", action, sep->se_hostaddr,
4976
1854
		    sep->se_service);
4977
1855
4978
1856
	if (isrpcservice(sep))
4979
1857
		fprintf(stderr, "rpcprog=%d, rpcvers=%d/%d, proto=%s,",
4980
1858
		    sep->se_rpcprog, sep->se_rpcversh,
4981
1859
		    sep->se_rpcversl, sep->se_proto);
4982
1860
	else
4983
1861
		fprintf(stderr, "proto=%s,", sep->se_proto);
4984
1862
4985
1863
	fprintf(stderr,
4986
1864
	    " wait.max=%hd.%d user:group=%s:%s builtin=%lx server=%s\n",
4987
1865
	    sep->se_wait, sep->se_max, sep->se_user,
4988
1866
	    sep->se_group ? sep->se_group : "(default)",
4989
1867
	    (long)sep->se_bi, sep->se_server);
4990
1868
}
4991
1869
4992
1870
void
4993
1871
spawn(struct servtab *sep, int ctrl)
4994
1872
{
4995
1873
	struct passwd *pwd;
4996
1874
	int tmpint, dofork;
4997
1875
	struct group *grp = NULL;
4998
1876
	char buf[50];
4999
1877
	pid_t pid;
5000
1878
Status:	Merged
Merged at revision:	11
Proposed branch:	lp:~gandelman-a/ubuntu/oneiric/openbsd-inetd/merge
Merge into:	lp:ubuntu/oneiric/openbsd-inetd
Diff against target:	24426 lines (+23302/-164) 44 files modified .pc/.version (+1/-0) .pc/applied-patches (+11/-0) .pc/buftuning/inetd.8 (+465/-0) .pc/buftuning/inetd.c (+2194/-0) .pc/discard_env/inetd.8 (+419/-0) .pc/discard_env/inetd.c (+2059/-0) .pc/global_queuelen/inetd.8 (+455/-0) .pc/global_queuelen/inetd.c (+2173/-0) .pc/libwrap/inetd.8 (+427/-0) .pc/libwrap/inetd.c (+2110/-0) .pc/misc_portability/inetd.8 (+407/-0) .pc/misc_portability/inetd.c (+1991/-0) .pc/nodaemon/inetd.8 (+452/-0) .pc/nodaemon/inetd.c (+2165/-0) .pc/print_pause_time/inetd.c (+2179/-0) .pc/setproctitle/inetd.c (+2056/-0) .pc/tcp46/inetd.8 (+460/-0) .pc/tcp46/inetd.c (+2180/-0) ChangeLog (+37/-0) Makefile.debian (+16/-0) bsd-closefrom.c (+115/-0) debian/changelog (+17/-0) debian/control (+1/-0) debian/copyright (+26/-1) debian/openbsd-inetd.postrm (+10/-0) debian/openbsd-inetd.preinst (+0/-19) debian/patches/buftuning (+6/-6) debian/patches/discard_env (+8/-10) debian/patches/global_queuelen (+30/-9) debian/patches/libwrap (+10/-10) debian/patches/makefile (+1/-1) debian/patches/misc_portability (+150/-19) debian/patches/nodaemon (+10/-11) debian/patches/print_pause_time (+1/-1) debian/patches/setproctitle (+6/-6) debian/patches/tcp46 (+2/-2) debian/rules (+7/-9) debian/source/format (+1/-0) inetd.8 (+100/-19) inetd.c (+316/-41) setproctitle.c (+146/-0) setproctitle.h (+4/-0) strlcpy.c (+63/-0) test.conf (+15/-0)
To merge this branch:	bzr merge lp:~gandelman-a/ubuntu/oneiric/openbsd-inetd/merge
Related bugs:	Link a bug report
Reviewer	Review Type	Date Requested	Status
Ubuntu branches		2011-06-29	Pending
Review via email: mp+66281@code.launchpad.net