xref: /dragonfly/usr.sbin/inetd/builtins.c (revision fe08e20d)
1 /*-
2  * Copyright (c) 1983, 1991, 1993, 1994
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  * $FreeBSD: src/usr.sbin/inetd/builtins.c,v 1.19.2.7 2002/07/22 14:05:56 fanf Exp $
27  *
28  */
29 
30 #include <sys/filio.h>
31 #include <sys/param.h>
32 #include <sys/stat.h>
33 #include <sys/socket.h>
34 #include <sys/sysctl.h>
35 #include <sys/ucred.h>
36 #include <sys/uio.h>
37 #include <sys/utsname.h>
38 
39 #include <ctype.h>
40 #include <err.h>
41 #include <errno.h>
42 #include <fcntl.h>
43 #include <limits.h>
44 #include <pwd.h>
45 #include <signal.h>
46 #include <stdlib.h>
47 #include <string.h>
48 #include <sysexits.h>
49 #include <syslog.h>
50 #include <unistd.h>
51 
52 #include "inetd.h"
53 
54 void		chargen_dg(int, struct servtab *);
55 void		chargen_stream(int, struct servtab *) __dead2;
56 void		daytime_dg(int, struct servtab *);
57 void		daytime_stream(int, struct servtab *);
58 void		discard_dg(int, struct servtab *);
59 void		discard_stream(int, struct servtab *) __dead2;
60 void		echo_dg(int, struct servtab *);
61 void		echo_stream(int, struct servtab *) __dead2;
62 static int	get_line(int, char *, int);
63 void		iderror(int, int, int, const char *) __dead2;
64 void		ident_stream(int, struct servtab *) __dead2;
65 void		initring(void);
66 unsigned long	machtime(void);
67 void		machtime_dg(int, struct servtab *);
68 void		machtime_stream(int, struct servtab *);
69 
70 char ring[128];
71 char *endring;
72 
73 
74 struct biltin biltins[] = {
75 	/* Echo received data */
76 	{ "echo",	SOCK_STREAM,	1, -1,	echo_stream },
77 	{ "echo",	SOCK_DGRAM,	0, 1,	echo_dg },
78 
79 	/* Internet /dev/null */
80 	{ "discard",	SOCK_STREAM,	1, -1,	discard_stream },
81 	{ "discard",	SOCK_DGRAM,	0, 1,	discard_dg },
82 
83 	/* Return 32 bit time since 1900 */
84 	{ "time",	SOCK_STREAM,	0, -1,	machtime_stream },
85 	{ "time",	SOCK_DGRAM,	0, 1,	machtime_dg },
86 
87 	/* Return human-readable time */
88 	{ "daytime",	SOCK_STREAM,	0, -1,	daytime_stream },
89 	{ "daytime",	SOCK_DGRAM,	0, 1,	daytime_dg },
90 
91 	/* Familiar character generator */
92 	{ "chargen",	SOCK_STREAM,	1, -1,	chargen_stream },
93 	{ "chargen",	SOCK_DGRAM,	0, 1,	chargen_dg },
94 
95 	{ "tcpmux",	SOCK_STREAM,	1, -1,	(bi_fn_t *)tcpmux },
96 
97 	{ "auth",	SOCK_STREAM,	1, -1,	ident_stream },
98 
99 	{ NULL,		0,		0, 0,	NULL }
100 };
101 
102 /*
103  * RFC864 Character Generator Protocol. Generates character data without
104  * any regard for input.
105  */
106 
107 void
initring(void)108 initring(void)
109 {
110 	int i;
111 
112 	endring = ring;
113 
114 	for (i = 0; i <= 128; ++i)
115 		if (isprint(i))
116 			*endring++ = i;
117 }
118 
119 /* ARGSUSED */
120 void
chargen_dg(int s,struct servtab * sep)121 chargen_dg(int s, struct servtab *sep)		/* Character generator */
122 {
123 	struct sockaddr_storage ss;
124 	static char *rs;
125 	int len;
126 	socklen_t size;
127 	char text[LINESIZ+2];
128 
129 	if (endring == NULL) {
130 		initring();
131 		rs = ring;
132 	}
133 
134 	size = sizeof(ss);
135 	if (recvfrom(s, text, sizeof(text), 0,
136 		     (struct sockaddr *)&ss, &size) < 0)
137 		return;
138 
139 	if (check_loop((struct sockaddr *)&ss, sep))
140 		return;
141 
142 	if ((len = endring - rs) >= LINESIZ)
143 		memmove(text, rs, LINESIZ);
144 	else {
145 		memmove(text, rs, len);
146 		memmove(text + len, ring, LINESIZ - len);
147 	}
148 	if (++rs == endring)
149 		rs = ring;
150 	text[LINESIZ] = '\r';
151 	text[LINESIZ + 1] = '\n';
152 	sendto(s, text, sizeof(text), 0, (struct sockaddr *)&ss, size);
153 }
154 
155 /* ARGSUSED */
156 void
chargen_stream(int s,struct servtab * sep)157 chargen_stream(int s, struct servtab *sep)		/* Character generator */
158 {
159 	int len;
160 	char *rs, text[LINESIZ+2];
161 
162 	inetd_setproctitle(sep->se_service, s);
163 
164 	if (!endring) {
165 		initring();
166 		rs = ring;
167 	}
168 
169 	text[LINESIZ] = '\r';
170 	text[LINESIZ + 1] = '\n';
171 	for (rs = ring;;) {
172 		if ((len = endring - rs) >= LINESIZ)
173 			memmove(text, rs, LINESIZ);
174 		else {
175 			memmove(text, rs, len);
176 			memmove(text + len, ring, LINESIZ - len);
177 		}
178 		if (++rs == endring)
179 			rs = ring;
180 		if (write(s, text, sizeof(text)) != sizeof(text))
181 			break;
182 	}
183 	exit(0);
184 }
185 
186 /*
187  * RFC867 Daytime Protocol. Sends the current date and time as an ascii
188  * character string without any regard for input.
189  */
190 
191 /* ARGSUSED */
192 void
daytime_dg(int s,struct servtab * sep)193 daytime_dg(int s, struct servtab *sep)		/* Return human-readable time of day */
194 {
195 	char buffer[256];
196 	time_t now;
197 	struct sockaddr_storage ss;
198 	socklen_t size;
199 
200 	now = time(NULL);
201 
202 	size = sizeof(ss);
203 	if (recvfrom(s, buffer, sizeof(buffer), 0,
204 		     (struct sockaddr *)&ss, &size) < 0)
205 		return;
206 
207 	if (check_loop((struct sockaddr *)&ss, sep))
208 		return;
209 
210 	sprintf(buffer, "%.24s\r\n", ctime(&now));
211 	sendto(s, buffer, strlen(buffer), 0, (struct sockaddr *)&ss, size);
212 }
213 
214 /* ARGSUSED */
215 void
daytime_stream(int s,struct servtab * sep __unused)216 daytime_stream(int s, struct servtab *sep __unused) /* Return human-readable time of day */
217 {
218 	char buffer[256];
219 	time_t now;
220 
221 	now = time(NULL);
222 
223 	sprintf(buffer, "%.24s\r\n", ctime(&now));
224 	send(s, buffer, strlen(buffer), MSG_EOF);
225 }
226 
227 /*
228  * RFC863 Discard Protocol. Any data received is thrown away and no response
229  * is sent.
230  */
231 
232 /* ARGSUSED */
233 void
discard_dg(int s,struct servtab * sep __unused)234 discard_dg(int s, struct servtab *sep __unused) /* Discard service -- ignore data */
235 {
236 	char buffer[BUFSIZE];
237 
238 	read(s, buffer, sizeof(buffer));
239 }
240 
241 /* ARGSUSED */
242 void
discard_stream(int s,struct servtab * sep)243 discard_stream(int s, struct servtab *sep) /* Discard service -- ignore data */
244 {
245 	int ret;
246 	char buffer[BUFSIZE];
247 
248 	inetd_setproctitle(sep->se_service, s);
249 	while (1) {
250 		while ((ret = read(s, buffer, sizeof(buffer))) > 0)
251 			;
252 		if (ret == 0 || errno != EINTR)
253 			break;
254 	}
255 	exit(0);
256 }
257 
258 /*
259  * RFC862 Echo Protocol. Any data received is sent back to the sender as
260  * received.
261  */
262 
263 /* ARGSUSED */
264 void
echo_dg(int s,struct servtab * sep)265 echo_dg(int s, struct servtab *sep) /* Echo service -- echo data back */
266 {
267 	char buffer[65536]; /* Should be sizeof(max datagram). */
268 	int i;
269 	socklen_t size;
270 	struct sockaddr_storage ss;
271 
272 	size = sizeof(ss);
273 	if ((i = recvfrom(s, buffer, sizeof(buffer), 0,
274 			  (struct sockaddr *)&ss, &size)) < 0)
275 		return;
276 
277 	if (check_loop((struct sockaddr *)&ss, sep))
278 		return;
279 
280 	sendto(s, buffer, i, 0, (struct sockaddr *)&ss, size);
281 }
282 
283 /* ARGSUSED */
284 void
echo_stream(int s,struct servtab * sep)285 echo_stream(int s, struct servtab *sep)		/* Echo service -- echo data back */
286 {
287 	char buffer[BUFSIZE];
288 	int i;
289 
290 	inetd_setproctitle(sep->se_service, s);
291 	while ((i = read(s, buffer, sizeof(buffer))) > 0 &&
292 	    write(s, buffer, i) > 0)
293 		;
294 	exit(0);
295 }
296 
297 /*
298  * RFC1413 Identification Protocol. Given a TCP port number pair, return a
299  * character string which identifies the owner of that connection on the
300  * server's system. Extended to allow for ~/.fakeid support and ~/.noident
301  * support.
302  */
303 
304 /* RFC 1413 says the following are the only errors you can return. */
305 #define ID_INVALID	"INVALID-PORT"	/* Port number improperly specified. */
306 #define ID_NOUSER	"NO-USER"	/* Port not in use/not identifable. */
307 #define ID_HIDDEN	"HIDDEN-USER"	/* Hiden at user's request. */
308 #define ID_UNKNOWN	"UNKNOWN-ERROR"	/* Everything else. */
309 
310 /* ARGSUSED */
311 void
iderror(int lport,int fport,int s,const char * er)312 iderror(int lport, int fport, int s, const char *er)	/* Generic ident_stream error-sending func */
313 {
314 	char *p;
315 
316 	asprintf(&p, "%d , %d : ERROR : %s\r\n", lport, fport, er);
317 	if (p == NULL) {
318 		syslog(LOG_ERR, "asprintf: %m");
319 		exit(EX_OSERR);
320 	}
321 	send(s, p, strlen(p), MSG_EOF);
322 	free(p);
323 
324 	exit(0);
325 }
326 
327 /* ARGSUSED */
328 void
ident_stream(int s,struct servtab * sep)329 ident_stream(int s, struct servtab *sep)		/* Ident service (AKA "auth") */
330 {
331 	struct utsname un;
332 	struct stat sb;
333 	struct sockaddr_in sin4[2];
334 #ifdef INET6
335 	struct sockaddr_in6 sin6[2];
336 #endif
337 	struct sockaddr_storage ss[2];
338 	struct ucred uc;
339 	struct timeval tv = {
340 		10,
341 		0
342 	}, to;
343 	struct passwd *pw = NULL;
344 	fd_set fdset;
345 	char buf[BUFSIZE], *p, **av, *osname = NULL, e;
346 	char idbuf[MAXLOGNAME] = ""; /* Big enough to hold uid in decimal. */
347 	socklen_t socklen;
348 	ssize_t ssize;
349 	size_t size, bufsiz;
350 	int c, fflag = 0, nflag = 0, rflag = 0, argc = 0;
351 	int gflag = 0, iflag = 0, Fflag = 0, getcredfail = 0, onreadlen;
352 	u_short lport, fport;
353 
354 	inetd_setproctitle(sep->se_service, s);
355 	/*
356 	 * Reset getopt() since we are a fork() but not an exec() from
357 	 * a parent which used getopt() already.
358 	 */
359 	optind = 1;
360 	optreset = 1;
361 	/*
362 	 * Take the internal argument vector and count it out to make an
363 	 * argument count for getopt. This can be used for any internal
364 	 * service to read arguments and use getopt() easily.
365 	 */
366 	for (av = sep->se_argv; *av; av++)
367 		argc++;
368 	if (argc) {
369 		int sec, usec;
370 		size_t i;
371 		u_int32_t rnd32;
372 
373 		while ((c = getopt(argc, sep->se_argv, "d:fFgino:rt:")) != -1)
374 			switch (c) {
375 			case 'd':
376 				if (!gflag)
377 					strlcpy(idbuf, optarg, sizeof(idbuf));
378 				break;
379 			case 'f':
380 				fflag = 1;
381 				break;
382 			case 'F':
383 				fflag = 1;
384 				Fflag=1;
385 				break;
386 			case 'g':
387 				gflag = 1;
388 				rnd32 = 0;	/* Shush, compiler. */
389 				/*
390 				 * The number of bits in "rnd32" divided
391 				 * by the number of bits needed per iteration
392 				 * gives a more optimal way to reload the
393 				 * random number only when necessary.
394 				 *
395 				 * 32 bits from arc4random corresponds to
396 				 * about 6 base-36 digits, so we reseed evey 6.
397 				 */
398 				for (i = 0; i < sizeof(idbuf) - 1; i++) {
399 					static const char *const base36 =
400 					    "0123456789"
401 					    "abcdefghijklmnopqrstuvwxyz";
402 					if (i % 6 == 0)
403 						rnd32 = arc4random();
404 					idbuf[i] = base36[rnd32 % 36];
405 					rnd32 /= 36;
406 				}
407 				idbuf[i] = '\0';
408 				break;
409 			case 'i':
410 				iflag = 1;
411 				break;
412 			case 'n':
413 				nflag = 1;
414 				break;
415 			case 'o':
416 				osname = optarg;
417 				break;
418 			case 'r':
419 				rflag = 1;
420 				break;
421 			case 't':
422 				switch (sscanf(optarg, "%d.%d", &sec, &usec)) {
423 				case 2:
424 					tv.tv_usec = usec;
425 					/* FALLTHROUGH */
426 				case 1:
427 					tv.tv_sec = sec;
428 					break;
429 				default:
430 					if (debug)
431 						warnx("bad -t argument");
432 					break;
433 				}
434 				break;
435 			default:
436 				break;
437 			}
438 	}
439 	if (osname == NULL) {
440 		if (uname(&un) == -1)
441 			iderror(0, 0, s, ID_UNKNOWN);
442 		osname = un.sysname;
443 	}
444 
445 	/*
446 	 * We're going to prepare for and execute reception of a
447 	 * packet of data from the user. The data is in the format
448 	 * "local_port , foreign_port\r\n" (with local being the
449 	 * server's port and foreign being the client's.)
450 	 */
451 	gettimeofday(&to, NULL);
452 	to.tv_sec += tv.tv_sec;
453 	to.tv_usec += tv.tv_usec;
454 	if (to.tv_usec >= 1000000) {
455 		to.tv_usec -= 1000000;
456 		to.tv_sec++;
457 	}
458 
459 	size = 0;
460 	bufsiz = sizeof(buf) - 1;
461 	FD_ZERO(&fdset);
462  	while (bufsiz > 0) {
463 		gettimeofday(&tv, NULL);
464 		tv.tv_sec = to.tv_sec - tv.tv_sec;
465 		tv.tv_usec = to.tv_usec - tv.tv_usec;
466 		if (tv.tv_usec < 0) {
467 			tv.tv_usec += 1000000;
468 			tv.tv_sec--;
469 		}
470 		if (tv.tv_sec < 0)
471 			break;
472 		FD_SET(s, &fdset);
473 		if (select(s + 1, &fdset, NULL, NULL, &tv) == -1)
474 			iderror(0, 0, s, ID_UNKNOWN);
475 		if (ioctl(s, FIONREAD, &onreadlen) == -1)
476 			iderror(0, 0, s, ID_UNKNOWN);
477 		if ((size_t)onreadlen > bufsiz)
478 			onreadlen = bufsiz;
479 		ssize = read(s, &buf[size], (size_t)onreadlen);
480 		if (ssize == -1)
481 			iderror(0, 0, s, ID_UNKNOWN);
482 		else if (ssize == 0)
483 			break;
484 		bufsiz -= ssize;
485 		size += ssize;
486 		if (memchr(&buf[size - ssize], '\n', ssize) != NULL)
487 			break;
488  	}
489 	buf[size] = '\0';
490 	/* Read two characters, and check for a delimiting character */
491 	if (sscanf(buf, "%hu , %hu%c", &lport, &fport, &e) != 3 || isdigit(e))
492 		iderror(0, 0, s, ID_INVALID);
493 
494 	/* Send garbage? */
495 	if (gflag)
496 		goto printit;
497 
498 	/*
499 	 * If not "real" (-r), send a HIDDEN-USER error for everything.
500 	 * If -d is used to set a fallback username, this is used to
501 	 * override it, and the fallback is returned instead.
502 	 */
503 	if (!rflag) {
504 		if (*idbuf == '\0')
505 			iderror(lport, fport, s, ID_HIDDEN);
506 		goto printit;
507 	}
508 
509 	/*
510 	 * We take the input and construct an array of two sockaddr_ins
511 	 * which contain the local address information and foreign
512 	 * address information, respectively, used to look up the
513 	 * credentials for the socket (which are returned by the
514 	 * sysctl "net.inet.tcp.getcred" when we call it.)
515 	 */
516 	socklen = sizeof(ss[0]);
517 	if (getsockname(s, (struct sockaddr *)&ss[0], &socklen) == -1)
518 		iderror(lport, fport, s, ID_UNKNOWN);
519 	socklen = sizeof(ss[1]);
520 	if (getpeername(s, (struct sockaddr *)&ss[1], &socklen) == -1)
521 		iderror(lport, fport, s, ID_UNKNOWN);
522 	if (ss[0].ss_family != ss[1].ss_family)
523 		iderror(lport, fport, s, ID_UNKNOWN);
524 	size = sizeof(uc);
525 	switch (ss[0].ss_family) {
526 	case AF_INET:
527 		sin4[0] = *(struct sockaddr_in *)&ss[0];
528 		sin4[0].sin_port = htons(lport);
529 		sin4[1] = *(struct sockaddr_in *)&ss[1];
530 		sin4[1].sin_port = htons(fport);
531 		if (sysctlbyname("net.inet.tcp.getcred", &uc, &size, sin4,
532 				 sizeof(sin4)) == -1)
533 			getcredfail = errno;
534 		break;
535 #ifdef INET6
536 	case AF_INET6:
537 		sin6[0] = *(struct sockaddr_in6 *)&ss[0];
538 		sin6[0].sin6_port = htons(lport);
539 		sin6[1] = *(struct sockaddr_in6 *)&ss[1];
540 		sin6[1].sin6_port = htons(fport);
541 		if (sysctlbyname("net.inet6.tcp6.getcred", &uc, &size, sin6,
542 				 sizeof(sin6)) == -1)
543 			getcredfail = errno;
544 		break;
545 #endif
546 	default: /* should not reach here */
547 		getcredfail = EAFNOSUPPORT;
548 		break;
549 	}
550 	if (getcredfail != 0) {
551 		if (*idbuf == '\0')
552 			iderror(lport, fport, s,
553 			    getcredfail == ENOENT ? ID_NOUSER : ID_UNKNOWN);
554 		goto printit;
555 	}
556 
557 	/* Look up the pw to get the username and home directory*/
558 	errno = 0;
559 	pw = getpwuid(uc.cr_uid);
560 	if (pw == NULL)
561 		iderror(lport, fport, s, errno == 0 ? ID_NOUSER : ID_UNKNOWN);
562 
563 	if (iflag)
564 		snprintf(idbuf, sizeof(idbuf), "%u", (unsigned)pw->pw_uid);
565 	else
566 		strlcpy(idbuf, pw->pw_name, sizeof(idbuf));
567 
568 	/*
569 	 * If enabled, we check for a file named ".noident" in the user's
570 	 * home directory. If found, we return HIDDEN-USER.
571 	 */
572 	if (nflag) {
573 		if (asprintf(&p, "%s/.noident", pw->pw_dir) == -1)
574 			iderror(lport, fport, s, ID_UNKNOWN);
575 		if (lstat(p, &sb) == 0) {
576 			free(p);
577 			iderror(lport, fport, s, ID_HIDDEN);
578 		}
579 		free(p);
580 	}
581 
582 	/*
583 	 * Here, if enabled, we read a user's ".fakeid" file in their
584 	 * home directory. It consists of a line containing the name
585 	 * they want.
586 	 */
587 	if (fflag) {
588 		int fakeid_fd;
589 
590 		/*
591 		 * Here we set ourself to effectively be the user, so we don't
592 		 * open any files we have no permission to open, especially
593 		 * symbolic links to sensitive root-owned files or devices.
594 		 */
595 		if (initgroups(pw->pw_name, pw->pw_gid) == -1)
596 			iderror(lport, fport, s, ID_UNKNOWN);
597 		if (seteuid(pw->pw_uid) == -1)
598 			iderror(lport, fport, s, ID_UNKNOWN);
599 		/*
600 		 * We can't stat() here since that would be a race
601 		 * condition.
602 		 * Therefore, we open the file we have permissions to open
603 		 * and if it's not a regular file, we close it and end up
604 		 * returning the user's real username.
605 		 */
606 		if (asprintf(&p, "%s/.fakeid", pw->pw_dir) == -1)
607 			iderror(lport, fport, s, ID_UNKNOWN);
608 		fakeid_fd = open(p, O_RDONLY | O_NONBLOCK);
609 		free(p);
610 		if (fakeid_fd == -1 || fstat(fakeid_fd, &sb) == -1 ||
611 		    !S_ISREG(sb.st_mode))
612 			goto fakeid_fail;
613 
614 		if ((ssize = read(fakeid_fd, buf, sizeof(buf) - 1)) < 0)
615 			goto fakeid_fail;
616 		buf[ssize] = '\0';
617 
618 		/*
619 		 * Usually, the file will have the desired identity
620 		 * in the form "identity\n". Allow for leading white
621 		 * space and trailing white space/end of line.
622 		 */
623 		p = buf;
624 		p += strspn(p, " \t");
625 		p[strcspn(p, " \t\r\n")] = '\0';
626 		if (strlen(p) > MAXLOGNAME - 1) /* Too long (including nul)? */
627 			p[MAXLOGNAME - 1] = '\0';
628 
629 		/*
630 		 * If the name is a zero-length string or matches it
631 		 * the id or name of another user (unless permitted by -F)
632 		 * then it is invalid.
633 		 */
634 		if (*p == '\0')
635 			goto fakeid_fail;
636 		if (!Fflag) {
637 			if (iflag) {
638 				if (p[strspn(p, "0123456789")] == '\0' &&
639 				    getpwuid(atoi(p)) != NULL)
640 					goto fakeid_fail;
641 			} else {
642 				if (getpwnam(p) != NULL)
643 					goto fakeid_fail;
644 			}
645 		}
646 
647 		strlcpy(idbuf, p, sizeof(idbuf));
648 
649 fakeid_fail:
650 		if (fakeid_fd != -1)
651 			close(fakeid_fd);
652 	}
653 
654 printit:
655 	/* Finally, we make and send the reply. */
656 	if (asprintf(&p, "%d , %d : USERID : %s : %s\r\n", lport, fport, osname,
657 	    idbuf) == -1) {
658 		syslog(LOG_ERR, "asprintf: %m");
659 		exit(EX_OSERR);
660 	}
661 	send(s, p, strlen(p), MSG_EOF);
662 	free(p);
663 
664 	exit(0);
665 }
666 
667 /*
668  * RFC738 Time Server.
669  * Return a machine readable date and time, in the form of the
670  * number of seconds since midnight, Jan 1, 1900.  Since gettimeofday
671  * returns the number of seconds since midnight, Jan 1, 1970,
672  * we must add 2208988800 seconds to this figure to make up for
673  * some seventy years Bell Labs was asleep.
674  */
675 
676 unsigned long
machtime(void)677 machtime(void)
678 {
679 	struct timeval tv;
680 
681 	if (gettimeofday(&tv, NULL) < 0) {
682 		if (debug)
683 			warnx("unable to get time of day");
684 		return (0L);
685 	}
686 #define	OFFSET ((u_long)25567 * 24*60*60)
687 	return (htonl((long)(tv.tv_sec + OFFSET)));
688 #undef OFFSET
689 }
690 
691 /* ARGSUSED */
692 void
machtime_dg(int s,struct servtab * sep)693 machtime_dg(int s, struct servtab *sep)
694 {
695 	unsigned long result;
696 	struct sockaddr_storage ss;
697 	socklen_t size;
698 
699 	size = sizeof(ss);
700 	if (recvfrom(s, (char *)&result, sizeof(result), 0,
701 		     (struct sockaddr *)&ss, &size) < 0)
702 		return;
703 
704 	if (check_loop((struct sockaddr *)&ss, sep))
705 		return;
706 
707 	result = machtime();
708 	sendto(s, (char *) &result, sizeof(result), 0,
709 		      (struct sockaddr *)&ss, size);
710 }
711 
712 /* ARGSUSED */
713 void
machtime_stream(int s,struct servtab * sep __unused)714 machtime_stream(int s, struct servtab *sep __unused)
715 {
716 	unsigned long result;
717 
718 	result = machtime();
719 	send(s, (char *) &result, sizeof(result), MSG_EOF);
720 }
721 
722 /*
723  * RFC1078 TCP Port Service Multiplexer (TCPMUX). Service connections to
724  * services based on the service name sent.
725  *
726  *  Based on TCPMUX.C by Mark K. Lottor November 1988
727  *  sri-nic::ps:<mkl>tcpmux.c
728  */
729 
730 #define MAX_SERV_LEN	(256+2)		/* 2 bytes for \r\n */
731 #define strwrite(fd, buf)	write(fd, buf, sizeof(buf)-1)
732 
733 static int		/* # of characters upto \r,\n or \0 */
get_line(int fd,char * buf,int len)734 get_line(int fd, char *buf, int len)
735 {
736 	int count = 0, n;
737 	struct sigaction sa;
738 
739 	sa.sa_flags = 0;
740 	sigemptyset(&sa.sa_mask);
741 	sa.sa_handler = SIG_DFL;
742 	sigaction(SIGALRM, &sa, NULL);
743 	do {
744 		alarm(10);
745 		n = read(fd, buf, len-count);
746 		alarm(0);
747 		if (n == 0)
748 			return (count);
749 		if (n < 0)
750 			return (-1);
751 		while (--n >= 0) {
752 			if (*buf == '\r' || *buf == '\n' || *buf == '\0')
753 				return (count);
754 			count++;
755 			buf++;
756 		}
757 	} while (count < len);
758 	return (count);
759 }
760 
761 struct servtab *
tcpmux(int s)762 tcpmux(int s)
763 {
764 	struct servtab *sep;
765 	char service[MAX_SERV_LEN+1];
766 	int len;
767 
768 	/* Get requested service name */
769 	if ((len = get_line(s, service, MAX_SERV_LEN)) < 0) {
770 		strwrite(s, "-Error reading service name\r\n");
771 		return (NULL);
772 	}
773 	service[len] = '\0';
774 
775 	if (debug)
776 		warnx("tcpmux: someone wants %s", service);
777 
778 	/*
779 	 * Help is a required command, and lists available services,
780 	 * one per line.
781 	 */
782 	if (!strcasecmp(service, "help")) {
783 		for (sep = servtab; sep; sep = sep->se_next) {
784 			if (!ISMUX(sep))
785 				continue;
786 			write(s,sep->se_service,strlen(sep->se_service));
787 			strwrite(s, "\r\n");
788 		}
789 		return (NULL);
790 	}
791 
792 	/* Try matching a service in inetd.conf with the request */
793 	for (sep = servtab; sep; sep = sep->se_next) {
794 		if (!ISMUX(sep))
795 			continue;
796 		if (!strcasecmp(service, sep->se_service)) {
797 			if (ISMUXPLUS(sep)) {
798 				strwrite(s, "+Go\r\n");
799 			}
800 			return (sep);
801 		}
802 	}
803 	strwrite(s, "-Service not available\r\n");
804 	return (NULL);
805 }
806