1 /*
2 * (c) Copyright 1992 by Panagiotis Tsirigotis
3 * (c) Sections Copyright 1998-2001 by Rob Braun
4 * All rights reserved. The file named COPYRIGHT specifies the terms
5 * and conditions for redistribution.
6 */
7
8 #include "config.h"
9 #include <sys/types.h>
10 #include <sys/socket.h>
11 #include <netinet/in.h>
12 #include <netdb.h>
13 #include <syslog.h>
14 #include <fcntl.h>
15 #include <netinet/tcp.h>
16 #include <stdlib.h>
17 #include <unistd.h>
18 #include <signal.h>
19 #include <time.h>
20 #include <errno.h>
21 #include <netinet/in.h>
22 #include <stdio.h>
23 #ifdef HAVE_MDNS
24 #include "xmdns.h"
25 #endif
26 #ifndef NO_RPC
27 #ifdef HAVE_RPC_PMAP_CLNT_H
28 #ifdef __sun
29 #include <rpc/types.h>
30 #include <rpc/auth.h>
31 #endif
32 #include <rpc/types.h>
33 #include <rpc/xdr.h>
34 #include <rpc/auth.h>
35 #include <rpc/clnt.h>
36 #include <rpc/pmap_clnt.h>
37 #endif
38 #include <rpc/rpc.h>
39 #endif
40
41 #ifdef HAVE_SYS_FILE_H
42 #include <sys/file.h>
43 #endif
44
45 #include "sio.h"
46 #include "service.h"
47 #include "util.h"
48 #include "main.h"
49 #include "sconf.h"
50 #include "msg.h"
51 #include "logctl.h"
52 #include "xconfig.h"
53 #include "special.h"
54
55
56 #define NEW_SVC() NEW( struct service )
57 #define FREE_SVC( sp ) FREE( sp )
58
59 #define DISABLE( sp ) SVC_STATE((sp)) = SVC_DISABLED
60
61 static void deactivate( const struct service *sp );
62 static int banner_always( const struct service *sp, const connection_s *cp );
63
64 static const struct name_value service_states[] =
65 {
66 { "Not started", (int) SVC_NOT_STARTED },
67 { "Active", (int) SVC_ACTIVE },
68 { "Disabled", (int) SVC_DISABLED },
69 { "Suspended", (int) SVC_SUSPENDED },
70 { NULL, 1 },
71 { "BAD STATE", 0 }
72 } ;
73
74
75
76 /*
77 * Allocate a new struct service and initialize it from scp
78 */
svc_new(struct service_config * scp)79 struct service *svc_new( struct service_config *scp )
80 {
81 struct service *sp ;
82 const char *func = "svc_new" ;
83
84 sp = NEW_SVC() ;
85 if ( sp == NULL )
86 {
87 out_of_memory( func ) ;
88 return( NULL ) ;
89 }
90 CLEAR( *sp ) ;
91
92 SVC_CONF(sp) = scp ;
93 return( sp ) ;
94 }
95
96
svc_make_special(struct service_config * scp)97 struct service *svc_make_special( struct service_config *scp )
98 {
99 struct service *sp ;
100 const char *func = "svc_make_special" ;
101
102 if ( ( sp = svc_new( scp ) ) == NULL )
103 {
104 out_of_memory( func ) ;
105 return( NULL ) ;
106 }
107
108 SVC_NOT_GENERIC(sp) = 1 ;
109 SVC_LOG(sp) = ps.rws.program_log ;
110 SVC_REFCOUNT(sp) = 1 ;
111 SVC_STATE(sp) = SVC_ACTIVE ;
112 return( sp ) ;
113 }
114
115
svc_free(struct service * sp)116 void svc_free( struct service *sp )
117 {
118 sc_free( SVC_CONF(sp) ) ;
119 CLEAR( *sp ) ;
120 FREE_SVC( sp ) ;
121 }
122
123
set_fd_modes(struct service * sp)124 static status_e set_fd_modes( struct service *sp )
125 {
126 int sd = SVC_FD( sp ) ;
127 const char *func = "set_fd_modes" ;
128
129 /*
130 * There is a possibility of blocking on a send/write if
131 *
132 * the service does not require forking (==> is internal) AND
133 * it does not accept connections
134 *
135 * To avoid this, we put the descriptor in FNDELAY mode.
136 * (if the service accepts connections, we still need to put the
137 * 'accepted' connection in FNDELAY mode but this is done elsewhere)
138 */
139 if ( ! SVC_FORKS( sp ) && ! SVC_ACCEPTS_CONNECTIONS( sp ) &&
140 fcntl( sd, F_SETFL, FNDELAY ) == -1 )
141 {
142 msg( LOG_ERR, func,
143 "fcntl failed (%m) for FNDELAY. service = %s", SVC_ID( sp ) ) ;
144 return( FAILED ) ;
145 }
146
147 /*
148 * Always set the close-on-exec flag
149 */
150 if ( fcntl( sd, F_SETFD, FD_CLOEXEC ) == -1 )
151 {
152 msg( LOG_ERR, func,
153 "fcntl failed (%m) for close-on-exec. service = %s", SVC_ID( sp ) ) ;
154 return( FAILED ) ;
155 }
156 return( OK ) ;
157 }
158
159
160 #ifndef NO_RPC
161
activate_rpc(struct service * sp)162 static status_e activate_rpc( struct service *sp )
163 {
164 union xsockaddr tsin;
165 socklen_t sin_len = sizeof(tsin);
166 unsigned long vers ;
167 struct service_config *scp = SVC_CONF( sp ) ;
168 struct rpc_data *rdp = SC_RPCDATA( scp ) ;
169 char *sid = SC_ID( scp ) ;
170 unsigned registered_versions = 0 ;
171 int sd = SVC_FD( sp ) ;
172 const char *func = "activate_rpc" ;
173
174 if( SC_BIND_ADDR(scp) != 0 )
175 memcpy( &tsin, SC_BIND_ADDR(scp), sizeof(tsin) );
176 else
177 memset( &tsin, 0, sizeof(tsin));
178
179 if ( SC_PROTOVAL ( scp ) == IPPROTO_TCP ) {
180 M_SET ( scp->sc_xflags, SF_NOLIBWRAP );
181 }
182 if( SC_IPV4( scp ) ) {
183 tsin.sa_in.sin_family = AF_INET ;
184 sin_len = sizeof(struct sockaddr_in);
185 } else if( SC_IPV6( scp ) ) {
186 tsin.sa_in6.sin6_family = AF_INET6 ;
187 sin_len = sizeof(struct sockaddr_in6);
188 }
189
190 if ( bind( sd, &tsin.sa, sin_len ) == -1 )
191 {
192 msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
193 return( FAILED ) ;
194 }
195
196 /*
197 * Find the port number that was assigned to the socket
198 */
199 if ( getsockname( sd, &tsin.sa, &sin_len ) == -1 )
200 {
201 msg( LOG_ERR, func,
202 "getsockname failed (%m). service = %s", sid ) ;
203 return( FAILED ) ;
204 }
205
206 if( tsin.sa.sa_family == AF_INET )
207 SC_SET_PORT( scp, ntohs( tsin.sa_in.sin_port ) ) ;
208 else if( tsin.sa.sa_family == AF_INET6 )
209 SC_SET_PORT( scp, ntohs( tsin.sa_in6.sin6_port ) ) ;
210
211 /*
212 * Try to register as many versions as possible
213 */
214 for ( vers = RD_MINVERS( rdp ) ; vers <= RD_MAXVERS( rdp ) ; vers++ ) {
215 /* Is this right? For instance, if we have both tcp and udp services,
216 * this will unregister the previously registered protocol.
217 * pmap_unset(RD_PROGNUM(rdp), vers);
218 */
219 if ( pmap_set( RD_PROGNUM( rdp ), vers, SC_PROTOVAL( scp ),
220 SC_PORT( scp ) ) )
221 registered_versions++ ;
222 else
223 msg( LOG_ERR, func,
224 "pmap_set failed. service=%s program=%ld version=%ld",
225 sid, RD_PROGNUM( rdp ), vers ) ;
226 sleep(1);
227 }
228
229 if ( debug.on )
230 msg( LOG_DEBUG, func,
231 "Registered %d versions of %s", registered_versions, sid ) ;
232
233 return( ( registered_versions == 0 ) ? FAILED : OK ) ;
234 }
235
236 #endif /* ! NO_RPC */
237
activate_normal(struct service * sp)238 static status_e activate_normal( struct service *sp )
239 {
240 union xsockaddr tsin;
241 int sd = SVC_FD( sp ) ;
242 struct service_config *scp = SVC_CONF( sp ) ;
243 uint16_t service_port = SC_PORT( scp ) ;
244 char *sid = SC_ID( scp ) ;
245 const char *func = "activate_normal" ;
246 unsigned int sin_len = sizeof(tsin);
247 int on = 1;
248 #ifdef IPV6_V6ONLY
249 int v6on = 0;
250 #endif
251
252 if( SC_BIND_ADDR(scp) != NULL )
253 memcpy(&tsin, SC_BIND_ADDR(scp), sin_len);
254 else
255 memset(&tsin, 0, sin_len);
256
257 if( SC_IPV4( scp ) ) {
258 tsin.sa_in.sin_family = AF_INET ;
259 tsin.sa_in.sin_port = htons( service_port ) ;
260 sin_len = sizeof(struct sockaddr_in);
261 } else if( SC_IPV6( scp ) ) {
262 tsin.sa_in6.sin6_family = AF_INET6;
263 tsin.sa_in6.sin6_port = htons( service_port );
264 sin_len = sizeof(struct sockaddr_in6);
265 }
266
267 #ifdef IPV6_V6ONLY
268 if( SC_IPV6(scp) ) {
269 if( SC_SPECIFIED(scp, A_V6ONLY) ) {
270 v6on = 1;
271 } else {
272 v6on = 0;
273 }
274 if( setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&v6on, sizeof(v6on)) < 0 ) {
275 msg( LOG_ERR, func, "Setting IPV6_V6ONLY option failed (%m)" );
276 }
277 }
278 #endif
279
280 if ( setsockopt( sd, SOL_SOCKET, SO_REUSEADDR,
281 (char *) &on, sizeof( on ) ) == -1 )
282 msg( LOG_WARNING, func,
283 "setsockopt SO_REUSEADDR failed (%m). service = %s", sid ) ;
284
285 if( SC_NODELAY( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
286 {
287 if ( setsockopt( sd, IPPROTO_TCP, TCP_NODELAY,
288 (char *) &on, sizeof( on ) ) == -1 )
289 msg( LOG_WARNING, func,
290 "setsockopt TCP_NODELAY failed (%m). service = %s", sid ) ;
291 }
292
293 if( SC_KEEPALIVE( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
294 {
295 if( setsockopt(sd, SOL_SOCKET, SO_KEEPALIVE,
296 (char *)&on, sizeof( on ) ) < 0 )
297 msg( LOG_WARNING, func,
298 "setsockopt SO_KEEPALIVE failed (%m). service = %s", sid ) ;
299 }
300
301 if ( bind( sd, &tsin.sa, sin_len ) == -1 )
302 {
303 msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
304 return( FAILED ) ;
305 }
306
307 #ifdef IN_MULTICAST
308 if( SC_IPV4(scp) && IN_MULTICAST(tsin.sa_in.sin_addr.s_addr) ) {
309 struct ip_mreq mreq;
310 mreq.imr_multiaddr.s_addr = tsin.sa_in.sin_addr.s_addr;
311 mreq.imr_interface.s_addr = htonl(INADDR_ANY);
312 setsockopt(sd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
313 if ( debug.on )
314 msg( LOG_DEBUG, func, "Adding multicast membership." );
315 }
316 #endif
317
318 return( OK ) ;
319 }
320
321
322 /*
323 * Activate a service.
324 */
svc_activate(struct service * sp)325 status_e svc_activate( struct service *sp )
326 {
327 struct service_config *scp = SVC_CONF( sp ) ;
328 status_e status ;
329 const char *func = "svc_activate" ;
330
331 /* No activation for MUXCLIENTS.
332 */
333
334 if (SC_IS_MUXCLIENT( scp ))
335 {
336 return( OK );
337 }
338
339 if( SC_IPV4( scp ) ) {
340 SVC_FD(sp) = socket( AF_INET,
341 SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
342 } else if( SC_IPV6( scp ) ) {
343 SVC_FD(sp) = socket( AF_INET6,
344 SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
345 }
346
347 if ( SVC_FD(sp) == -1 )
348 {
349 msg( LOG_ERR, func,
350 "socket creation failed (%m). service = %s", SC_ID( scp ) ) ;
351 return( FAILED ) ;
352 }
353
354 if ( set_fd_modes( sp ) == FAILED )
355 {
356 (void) Sclose( SVC_FD(sp) ) ;
357 return( FAILED ) ;
358 }
359
360 #ifndef NO_RPC
361 if ( SC_IS_RPC( scp ) )
362 status = activate_rpc( sp ) ;
363 else
364 #endif /* ! NO_RPC */
365 status = activate_normal( sp ) ;
366
367 if ( status == FAILED )
368 {
369 (void) Sclose( SVC_FD(sp) ) ;
370 return( FAILED ) ;
371 }
372
373 #ifdef HAVE_MDNS
374 xinetd_mdns_register(scp);
375 #endif
376
377 if ( log_start( sp, &SVC_LOG(sp) ) == FAILED )
378 {
379 deactivate( sp ) ;
380 return( FAILED ) ;
381 }
382
383 /*
384 * Initialize the service data
385 */
386 SVC_RUNNING_SERVERS(sp) = SVC_RETRIES(sp) = 0 ;
387
388 if ( SC_MUST_LISTEN( scp ) )
389 (void) listen( SVC_FD(sp), LISTEN_BACKLOG ) ;
390
391 ps.rws.descriptors_free-- ;
392
393 SVC_STATE(sp) = SVC_ACTIVE ;
394
395 FD_SET( SVC_FD(sp), &ps.rws.socket_mask ) ;
396 if ( SVC_FD(sp) > ps.rws.mask_max )
397 ps.rws.mask_max = SVC_FD(sp) ;
398
399 ps.rws.active_services++ ;
400 ps.rws.available_services++ ;
401
402 return( OK ) ;
403 }
404
405
deactivate(const struct service * sp)406 static void deactivate( const struct service *sp )
407 {
408 (void) Sclose( SVC_FD( sp ) ) ;
409
410 #ifdef HAVE_MDNS
411 xinetd_mdns_deregister(SVC_CONF(sp));
412 #endif
413
414 if (debug.on)
415 msg(LOG_DEBUG, "deactivate", "%d Service %s deactivated",
416 getpid(), SC_NAME( SVC_CONF(sp) ) );
417
418 #ifndef NO_RPC
419 if ( SC_IS_RPC( SVC_CONF( sp ) ) )
420 {
421 unsigned long vers ;
422 const struct rpc_data *rdp = SC_RPCDATA( SVC_CONF( sp ) ) ;
423
424 for ( vers = RD_MINVERS( rdp ) ; vers <= RD_MAXVERS( rdp ) ; vers++ ) {
425 (void) pmap_unset( RD_PROGNUM( rdp ), vers ) ;
426 }
427 }
428 #endif /* ! NO_RPC */
429 }
430
431
432 /*
433 * Close the service descriptor.
434 * If this is an RPC service, deregister it.
435 * Close the log.
436 */
svc_deactivate(struct service * sp)437 void svc_deactivate( struct service *sp )
438 {
439 if ( ! SVC_IS_AVAILABLE( sp ) )
440 return ;
441
442 deactivate( sp ) ;
443 ps.rws.descriptors_free++ ;
444
445 if ( SVC_IS_ACTIVE( sp ) )
446 {
447 FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
448 ps.rws.active_services-- ;
449 }
450
451 ps.rws.available_services-- ;
452
453 DISABLE( sp ) ;
454 }
455
456
457 /*
458 * Suspend a service
459 */
svc_suspend(struct service * sp)460 void svc_suspend( struct service *sp )
461 {
462 const char *func = "svc_suspend" ;
463
464 if ( ! SVC_IS_ACTIVE( sp ) )
465 {
466 msg( LOG_ERR, func, "service %s is not active", SVC_ID( sp ) ) ;
467 return ;
468 }
469
470 FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
471 ps.rws.active_services-- ;
472 if ( debug.on )
473 msg( LOG_DEBUG, func, "Suspended service %s", SVC_ID( sp ) ) ;
474
475 SUSPEND( sp ) ;
476 }
477
478
479 /*
480 * Resume a suspended service.
481 */
svc_resume(struct service * sp)482 void svc_resume( struct service *sp )
483 {
484 const char *func = "svc_resume" ;
485
486 FD_SET( SVC_FD( sp ), &ps.rws.socket_mask ) ;
487 ps.rws.active_services++ ;
488 if ( debug.on )
489 msg( LOG_DEBUG, func, "Resumed service %s", SVC_ID( sp ) ) ;
490 RESUME( sp ) ;
491 }
492
493
494 /*
495 * Steps:
496 * 1. Deactivate the service
497 * 2. Free all memory used by the service and free the service itself
498 *
499 * Since this function may free all memory associated with the service as
500 * well as the memory pointed by sp, only the value of sp should be used
501 * after this call if the return value is 0 (i.e. no dereferencing of sp).
502 *
503 * Special services are never deactivated.
504 */
svc_release(struct service * sp)505 int svc_release( struct service *sp )
506 {
507 char *sid = SVC_ID( sp ) ;
508 const char *func = "svc_release" ;
509
510 if ( SVC_REFCOUNT(sp) == 0 )
511 {
512 msg( LOG_ERR, func, "%s: svc_release with 0 count", sid ) ;
513 return( 0 ) ;
514 }
515
516 SVC_REFCOUNT(sp)-- ;
517 if ( SVC_REFCOUNT(sp) == 0 )
518 {
519 if ( debug.on )
520 msg( LOG_DEBUG, func, "ref count of service %s dropped to 0", sid ) ;
521 if ( ! SC_IS_SPECIAL( SVC_CONF( sp ) ) )
522 {
523 if ( SVC_LOG(sp) )
524 log_end( SC_LOG( SVC_CONF( sp ) ), SVC_LOG(sp) ) ;
525 svc_deactivate( sp ) ;
526 svc_free( sp ) ;
527 sp = NULL;
528 }
529 else /* this shouldn't happen */
530 msg( LOG_WARNING, func,
531 "ref count of special service %s dropped to 0", sid ) ;
532 return( 0 ) ;
533 }
534 else
535 return( SVC_REFCOUNT(sp) ) ;
536 }
537
538
svc_dump(const struct service * sp,int fd)539 void svc_dump( const struct service *sp, int fd )
540 {
541 tabprint( fd, 0, "Service = %s\n", SC_NAME( SVC_CONF( sp ) ) ) ;
542 tabprint( fd, 1, "State = %s\n",
543 nv_get_name( service_states, (int) SVC_STATE(sp) ) ) ;
544
545 sc_dump( SVC_CONF( sp ), fd, 1, FALSE ) ;
546
547 if ( SVC_IS_ACTIVE(sp) )
548 {
549 tabprint( fd, 1, "running servers = %d\n", SVC_RUNNING_SERVERS(sp) ) ;
550 tabprint( fd, 1, "retry servers = %d\n", SVC_RETRIES(sp) ) ;
551 tabprint( fd, 1, "attempts = %d\n", SVC_ATTEMPTS(sp) ) ;
552 tabprint( fd, 1, "service fd = %d\n", SVC_FD(sp) ) ;
553 }
554 Sputchar( fd, '\n' ) ;
555 }
556
557
svc_request(struct service * sp)558 void svc_request( struct service *sp )
559 {
560 connection_s *cp ;
561 status_e ret_code;
562
563 cp = conn_new( sp ) ;
564 if ( cp == CONN_NULL )
565 return ;
566
567 /*
568 * Output the banner now that the connection is established. The
569 * other banners come later.
570 */
571 banner_always(sp, cp);
572
573 if (SVC_NOT_GENERIC(sp))
574 ret_code = spec_service_handler(sp, cp);
575 else
576 ret_code = svc_generic_handler(sp, cp);
577
578 if( (SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM) && (SVC_IS_ACTIVE( sp )) )
579 drain( cp->co_descriptor ) ; /* Prevents looping next time */
580
581 if ( ret_code != OK )
582 {
583 if ( SVC_LOGS_USERID_ON_FAILURE( sp ) ) {
584 if( spec_service_handler( LOG_SERVICE( ps ), cp ) == FAILED )
585 conn_free( cp, 1 ) ;
586 else if (!SC_WAITS( SVC_CONF( sp ) ) ) {
587 /* The logging service will gen SIGCHLD thus freeing connection */
588 CONN_CLOSE(cp) ;
589 }
590 return;
591 }
592 if (!SC_WAITS( SVC_CONF( sp ) ))
593 conn_free( cp, 1 );
594 else {
595 if( (SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM) && (SVC_IS_ACTIVE( sp )) )
596 drain( cp->co_descriptor ) ; /* Prevents looping next time */
597 free( cp );
598 }
599 }
600 else if ((SVC_NOT_GENERIC(sp)) || (!SC_FORKS( SVC_CONF( sp ) ) ) )
601 free( cp );
602 }
603
604
svc_generic_handler(struct service * sp,connection_s * cp)605 status_e svc_generic_handler( struct service *sp, connection_s *cp )
606 {
607 if ( svc_parent_access_control( sp, cp ) == OK ) {
608 return( server_run( sp, cp ) ) ;
609 }
610
611 return( FAILED ) ;
612 }
613
614 #define TMPSIZE 1024
615 /* Print the banner that is supposed to always be printed */
banner_always(const struct service * sp,const connection_s * cp)616 static int banner_always( const struct service *sp, const connection_s *cp )
617 {
618 const char *func = "banner_always";
619 const struct service_config *scp = SVC_CONF( sp ) ;
620
621 /* print the banner regardless of access control */
622 if ( SC_BANNER(scp) != NULL ) {
623 char tmpbuf[TMPSIZE];
624 ssize_t retval;
625 int bannerfd = open(SC_BANNER(scp), O_RDONLY);
626
627 if( bannerfd < 0 ) {
628 msg( LOG_ERR, func, "service = %s, open of banner %s failed",
629 SVC_ID( sp ), SC_BANNER(scp));
630 return(-1);
631 }
632
633 while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
634 if (retval == (ssize_t)-1)
635 {
636 if (errno == EINTR)
637 continue;
638 else
639 {
640 msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
641 SVC_ID( sp ), SC_BANNER(scp));
642 break;
643 }
644 }
645 Swrite(cp->co_descriptor, tmpbuf, retval);
646 }
647
648 Sclose(bannerfd);
649 Sflush ( cp->co_descriptor );
650 }
651
652 return(0);
653 }
654
banner_fail(const struct service * sp,const connection_s * cp)655 static int banner_fail( const struct service *sp, const connection_s *cp )
656 {
657 const char *func = "banner_fail";
658 const struct service_config *scp = SVC_CONF( sp ) ;
659
660
661 if ( SC_BANNER_FAIL(scp) != NULL )
662 {
663 char tmpbuf[TMPSIZE];
664 int retval;
665 int bannerfd = open(SC_BANNER_FAIL(scp), O_RDONLY);
666
667 if( bannerfd < 0 )
668 {
669 msg( LOG_ERR, func, "service = %s, open of banner %s failed",
670 SVC_ID( sp ), SC_BANNER_FAIL(scp));
671 return(-1);
672 }
673
674 while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
675 if (retval == -1)
676 {
677 if (errno == EINTR)
678 continue;
679 else
680 {
681 msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
682 SVC_ID( sp ), SC_BANNER(scp));
683 break;
684 }
685 }
686 Swrite(cp->co_descriptor, tmpbuf, retval);
687 }
688
689 Sclose(bannerfd);
690 Sflush ( cp->co_descriptor );
691 }
692
693 return(0);
694 }
695
banner_success(const struct service * sp,const connection_s * cp)696 static int banner_success( const struct service *sp, const connection_s *cp )
697 {
698 const char *func = "banner_success";
699 const struct service_config *scp = SVC_CONF( sp ) ;
700
701 /* print the access granted banner */
702 if ( SC_BANNER_SUCCESS(scp) != NULL ) {
703 char tmpbuf[TMPSIZE];
704 int retval;
705 int bannerfd = open(SC_BANNER_SUCCESS(scp), O_RDONLY);
706
707 if( bannerfd < 0 ) {
708 msg( LOG_ERR, func, "service = %s, open of banner %s failed",
709 SVC_ID( sp ), SC_BANNER_SUCCESS(scp));
710 return(-1);
711 }
712
713 while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
714 if (retval == -1)
715 {
716 if (errno == EINTR)
717 continue;
718 else
719 {
720 msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
721 SVC_ID( sp ), SC_BANNER(scp));
722 break;
723 }
724 }
725 Swrite(cp->co_descriptor, tmpbuf, retval);
726 }
727
728 Sclose(bannerfd);
729 Sflush ( cp->co_descriptor );
730 }
731 return(0);
732 }
733
failed_service(struct service * sp,connection_s * cp,access_e result)734 static status_e failed_service(struct service *sp,
735 connection_s *cp,
736 access_e result)
737 {
738 struct service_config *scp = SVC_CONF( sp ) ;
739
740 if ( result != AC_OK )
741 {
742 bool_int report_failure = TRUE ;
743
744 /*
745 * Try to avoid reporting multiple times a failed attempt to access
746 * a datagram-based service from a bad address. We do this because
747 * the clients of such services usually send multiple datagrams
748 * before reporting a timeout (we have no way of telling them that
749 * their request has been denied).
750 */
751 if ( result == AC_ADDRESS && SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM )
752 {
753 if( SC_IPV4( scp ) ) {
754 struct sockaddr_in *sinp = SAIN(CONN_ADDRESS( cp )) ;
755 struct sockaddr_in *last = SAIN(SVC_LAST_DGRAM_ADDR(sp)) ;
756 time_t current_time ;
757
758 if (sinp == NULL )
759 return FAILED;
760
761 if ( last == NULL ) {
762 last = SAIN( calloc( 1, sizeof(union xsockaddr) ) );
763 SVC_LAST_DGRAM_ADDR(sp) = (union xsockaddr *)last;
764 }
765
766 (void) time( ¤t_time ) ;
767 if ( sinp->sin_addr.s_addr == last->sin_addr.s_addr &&
768 sinp->sin_port == last->sin_port )
769 {
770 if( current_time - SVC_LAST_DGRAM_TIME(sp) <= DGRAM_IGNORE_TIME )
771 report_failure = FALSE ;
772 else
773 SVC_LAST_DGRAM_TIME(sp) = current_time ;
774 }
775 else
776 {
777 memcpy(SVC_LAST_DGRAM_ADDR(sp), sinp,sizeof(struct sockaddr_in));
778 SVC_LAST_DGRAM_TIME(sp) = current_time ;
779 }
780 } else if( SC_IPV6( scp ) ) {
781 struct sockaddr_in6 *sinp = SAIN6(CONN_ADDRESS( cp )) ;
782 struct sockaddr_in6 *last = SAIN6(SVC_LAST_DGRAM_ADDR(sp)) ;
783 time_t current_time ;
784
785 if (sinp == NULL )
786 return FAILED;
787
788 if( last == NULL ) {
789 last = SAIN6(calloc( 1, sizeof(union xsockaddr) ) );
790 SVC_LAST_DGRAM_ADDR( sp ) = (union xsockaddr *)last;
791 }
792
793 (void) time( ¤t_time ) ;
794 if ( IN6_ARE_ADDR_EQUAL(&(sinp->sin6_addr), &(last->sin6_addr)) &&
795 sinp->sin6_port == last->sin6_port )
796 {
797 if((current_time - SVC_LAST_DGRAM_TIME(sp)) <= DGRAM_IGNORE_TIME)
798 report_failure = FALSE ;
799 else
800 SVC_LAST_DGRAM_TIME(sp) = current_time ;
801 }
802 else
803 {
804 memcpy(SVC_LAST_DGRAM_ADDR(sp),sinp,sizeof(struct sockaddr_in6));
805 SVC_LAST_DGRAM_TIME(sp) = current_time ;
806 }
807 }
808 }
809
810 if ( report_failure )
811 svc_log_failure( sp, cp, result ) ;
812
813 banner_fail(sp, cp);
814
815 return( FAILED ) ;
816 }
817
818 return( OK );
819 }
820
821 /* Do the "light weight" access control here */
svc_parent_access_control(struct service * sp,connection_s * cp)822 status_e svc_parent_access_control( struct service *sp, connection_s *cp )
823 {
824 access_e result;
825
826 result = parent_access_control( sp, cp );
827 if( failed_service(sp, cp, result) == FAILED )
828 return(FAILED);
829
830 return (OK);
831 }
832
svc_child_access_control(struct service * sp,connection_s * cp)833 status_e svc_child_access_control( struct service *sp, connection_s *cp )
834 {
835 access_e result ;
836
837 result = access_control( sp, cp, MASK_NULL ) ;
838 if( failed_service(sp, cp, result) == FAILED )
839 return(FAILED);
840
841 banner_success(sp, cp);
842
843 return( OK ) ;
844 }
845
846 /*
847 * Invoked when a server of the specified service dies
848 */
svc_postmortem(struct service * sp,struct server * serp)849 void svc_postmortem( struct service *sp, struct server *serp )
850 {
851 struct service *co_sp = SERVER_CONNSERVICE( serp ) ;
852 connection_s *cp = SERVER_CONNECTION( serp ) ;
853 const char *func = "svc_postmortem" ;
854
855 SVC_DEC_RUNNING_SERVERS( sp ) ;
856
857 /*
858 * Log information about the server that died
859 */
860 if ( SVC_IS_LOGGING( sp ) )
861 {
862 if ( SERVER_WRITES_TO_LOG(serp) )
863 {
864 if ( debug.on )
865 msg( LOG_DEBUG, func,
866 "Checking log size of %s service", SVC_ID( sp ) ) ;
867 xlog_control( SVC_LOG( sp ), XLOG_SIZECHECK ) ;
868 }
869 svc_log_exit( sp, serp ) ;
870 }
871
872 /*
873 * Now check if we have to check the log size of the service that owns
874 * the connection
875 */
876 if ( co_sp != sp && SVC_IS_LOGGING( co_sp ) )
877 xlog_control( SVC_LOG( co_sp ), XLOG_SIZECHECK ) ;
878
879 if (!SVC_WAITS(sp)) {
880 conn_free( cp, 1 ) ;
881 cp = NULL;
882 } else {
883 if (cp) {
884 if ( SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM )
885 drain( cp->co_descriptor ) ;
886 free(cp);
887 cp = NULL;
888 if( SVC_RELE( sp ) == 0 )
889 svc_release( sp ); /* shouldn't be 0, but should remove from
890 * pset if it is... */
891 }
892 svc_resume(sp);
893 }
894 }
895
896 /*
897 * This function closes all service descriptors. This should be called
898 * for all child processes that fork, but do not exec. This includes
899 * redirect, builtins, and tcpmux. The close on exec flag takes care of
900 * child processes that call exec. Without calling this, the listening
901 * fd's are not closed and reconfig will fail.
902 */
close_all_svc_descriptors(void)903 void close_all_svc_descriptors(void)
904 {
905 psi_h iter ;
906 struct service *osp ;
907
908 /* Have to close all other descriptors here */
909 iter = psi_create( SERVICES( ps ) ) ;
910 if ( iter == NULL )
911 out_of_memory( "close_all_svc_descriptors" ) ;
912
913 for ( osp = SP( psi_start( iter ) ) ; osp ; osp = SP( psi_next( iter ) ) )
914 (void) Sclose( SVC_FD( osp ) ) ;
915
916 psi_destroy( iter ) ;
917 }
918
919