1 /*
2 * (c) Copyright 1992 by Panagiotis Tsirigotis
3 * (c) Sections Copyright 1998-2001 by Rob Braun
4 * All rights reserved. The file named COPYRIGHT specifies the terms
5 * and conditions for redistribution.
6 */
7
8 #include "config.h"
9 #include <sys/types.h>
10 #include <syslog.h>
11 #include <string.h>
12 #include <netinet/in.h>
13 #include <stdlib.h>
14 #include <fcntl.h>
15 #include <unistd.h>
16
17 #ifdef HAVE_RPC_RPC_H
18 #include <rpc/rpc.h>
19 #endif
20
21 #ifdef HAVE_RPC_RPCENT_H
22 #include <rpc/rpcent.h>
23 #endif
24
25 #ifdef HAVE_NETDB_H
26 #include <netdb.h>
27 #endif
28
29 #include "str.h"
30 #include "sio.h"
31 #include "confparse.h"
32 #include "msg.h"
33 #include "xconfig.h"
34 #include "parse.h"
35 #include "special.h"
36 #include "sconst.h"
37 #include "env.h"
38 #include "sconf.h"
39 #include "sensor.h"
40 #include "inet.h"
41 #include "main.h"
42
43 extern int inetd_compat;
44
45 /*
46 * Pset iterator used by functions in this file.
47 * It lives only when get_configuration is called (i.e. it is created and
48 * destroyed each time). This is because the pset it is iterating on
49 * changes.
50 */
51 static psi_h iter ;
52
fix_server_argv(struct service_config * scp)53 static status_e fix_server_argv( struct service_config *scp )
54 {
55 char *server_name ;
56 const char *func = "fix_server_argv" ;
57
58 if( SC_SERVER(scp) == NULL )
59 {
60 msg( LOG_ERR, func,
61 "Must specify a server in %s", SC_NAME(scp));
62 return( FAILED );
63 }
64
65 if( SC_NAMEINARGS( scp ) ) {
66 if( !SC_SPECIFIED(scp, A_SERVER_ARGS ) ){
67 msg( LOG_ERR, func,
68 "Must specify server args if using NAMEINARGS flag");
69 return( FAILED );
70 }
71
72 return ( OK );
73 }
74
75 /*
76 * Check if the user specified any server arguments.
77 * If not, then the server_argv has not been allocated yet,
78 * so malloc it (size 2)
79 * Put in argv[ 0 ] the last component of the server pathname
80 */
81 if ( ! SC_SPECIFIED( scp, A_SERVER_ARGS ) )
82 {
83 SC_SERVER_ARGV(scp) = (char **) malloc( 2 * sizeof( char * ) ) ;
84 if ( SC_SERVER_ARGV(scp) == NULL )
85 {
86 out_of_memory( func ) ;
87 return( FAILED ) ;
88 }
89 SC_SERVER_ARGV(scp)[ 0 ] = NULL ;
90 SC_SERVER_ARGV(scp)[ 1 ] = NULL ;
91 SC_PRESENT( scp, A_SERVER_ARGS ) ;
92 }
93
94 /*
95 * Determine server name
96 */
97 server_name = strrchr( SC_SERVER(scp), '/' ) ;
98 if ( server_name == NULL )
99 server_name = SC_SERVER(scp) ;
100 else
101 server_name++ ; /* skip the '/' */
102
103 /*
104 * Place it in argv[ 0 ]
105 */
106 SC_SERVER_ARGV(scp)[ 0 ] = new_string( server_name ) ;
107 if ( SC_SERVER_ARGV(scp)[ 0 ] == NULL )
108 {
109 out_of_memory( func ) ;
110 return( FAILED ) ;
111 }
112 return( OK ) ;
113 }
114
115
116
117 #define USE_DEFAULT( scp, def, attr_id ) \
118 ( ! SC_SPECIFIED( scp, attr_id ) && SC_SPECIFIED( def, attr_id ) )
119
120 /*
121 * Fill the service configuration with attributes that were not
122 * explicitly specified. These can be:
123 * 1) implied attributes (like the server name in argv[0])
124 * 2) attributes from 'defaults' so that we won't need to check
125 * 'defaults' anymore.
126 * 3) default values (like the service instance limit)
127 */
service_fill(struct service_config * scp,struct service_config * def)128 static status_e service_fill( struct service_config *scp,
129 struct service_config *def )
130 {
131 const char *func = "service_fill" ;
132
133 /* Note: if the service was specified, it won't be honored. */
134 if( (SC_REDIR_ADDR(scp) != NULL) ) {
135 if ( SC_SPECIFIED( scp, A_SERVER ) && SC_SERVER(scp))
136 free(SC_SERVER(scp));
137 SC_SERVER(scp) = new_string( "/bin/true" );
138 SC_SPECIFY(scp, A_SERVER);
139 }
140
141 if ( ! SC_IS_INTERNAL( scp ) && fix_server_argv( scp ) == FAILED )
142 return( FAILED ) ;
143
144 /*
145 * FIXME: Should all these set SPECIFY or PRESENT ?
146 * PRESENT means that either a default or specified value.
147 * SPECIFIED means that the user specified a value.
148 * PRESENT makes more sense for default values. -SG
149 */
150 if ( ! SC_SPECIFIED( scp, A_INSTANCES ) )
151 {
152 SC_INSTANCES(scp) = SC_SPECIFIED( def, A_INSTANCES ) ? SC_INSTANCES(def)
153 : DEFAULT_INSTANCE_LIMIT ;
154 SC_PRESENT( scp, A_INSTANCES ) ;
155 }
156
157 if ( (! SC_SPECIFIED( scp, A_UMASK )) && SC_SPECIFIED( def, A_UMASK ) )
158 {
159 SC_UMASK(scp) = SC_UMASK(def);
160 SC_SPECIFY( scp, A_UMASK );
161 }
162
163 if ( ! SC_SPECIFIED( scp, A_PER_SOURCE ) )
164 {
165 SC_PER_SOURCE(scp) = SC_SPECIFIED( def, A_PER_SOURCE ) ?
166 SC_PER_SOURCE(def) : DEFAULT_INSTANCE_LIMIT ;
167 SC_SPECIFY( scp, A_PER_SOURCE ) ;
168 }
169
170 #ifdef HAVE_MDNS
171 if ( ! SC_SPECIFIED( scp, A_MDNS ) )
172 {
173 SC_MDNS(scp) = SC_SPECIFIED( def, A_MDNS ) ? SC_MDNS(def) : YES;
174 SC_SPECIFY( scp, A_MDNS );
175 }
176 #endif
177
178 if ( ! SC_SPECIFIED( scp, A_GROUPS ) )
179 {
180 SC_GROUPS(scp) = SC_SPECIFIED( def, A_GROUPS ) ? SC_GROUPS(def) : NO;
181 SC_SPECIFY( scp, A_GROUPS );
182 }
183
184 if ( ! SC_SPECIFIED( scp, A_CPS ) )
185 {
186 SC_TIME_CONN_MAX(scp) = SC_SPECIFIED( def, A_CPS ) ?
187 SC_TIME_CONN_MAX(def) : DEFAULT_LOOP_RATE;
188 SC_TIME_WAIT(scp) = SC_SPECIFIED( def, A_CPS ) ?
189 SC_TIME_WAIT(def) : DEFAULT_LOOP_TIME;
190 SC_TIME_REENABLE(scp) = 0;
191 }
192
193 #ifdef HAVE_LOADAVG
194 if ( ! SC_SPECIFIED( scp, A_MAX_LOAD ) ) {
195 SC_MAX_LOAD(scp) = SC_SPECIFIED( def, A_MAX_LOAD ) ? SC_MAX_LOAD(def) : 0;
196 SC_SPECIFY( scp, A_MAX_LOAD ) ;
197 }
198 #endif
199
200 /*
201 * we need to check a few things. A_BIND can be specified & sc_bind_addr
202 * is NULL. This means the address couldn't be determined in bind_parser
203 * and it was stored into sc_orig_bind_addr. We unset the attribute
204 * so that its processed correctly.
205 */
206 if (SC_SPECIFIED( scp, A_BIND ) && SC_BIND_ADDR(scp) == NULL)
207 M_CLEAR( scp->sc_specified_attributes, A_BIND ) ;
208
209 if ( (! SC_SPECIFIED( scp, A_BIND )) && (SC_ORIG_BIND_ADDR(scp) == 0) ) {
210 if ( SC_SPECIFIED( def, A_BIND ) ) {
211 SC_BIND_ADDR(scp) = (union xsockaddr *)malloc(sizeof(union xsockaddr));
212 if( SC_BIND_ADDR(scp) == NULL ) {
213 msg(LOG_ERR, func, "can't allocate space for bind addr");
214 return( FAILED );
215 }
216 memcpy(SC_BIND_ADDR(scp), SC_BIND_ADDR(def), sizeof(union xsockaddr));
217 SC_SPECIFY( scp, A_BIND ) ;
218 }
219 else if ( SC_ORIG_BIND_ADDR(def) )
220 SC_ORIG_BIND_ADDR(scp) = new_string( SC_ORIG_BIND_ADDR(def) );
221 }
222
223 if ( ! SC_SPECIFIED( scp, A_V6ONLY ) ) {
224 SC_V6ONLY(scp) = SC_SPECIFIED( def, A_V6ONLY ) ? SC_V6ONLY(def) : NO;
225 }
226
227 if ( ! SC_SPECIFIED( scp, A_DENY_TIME ) )
228 {
229 SC_DENY_TIME(scp) = SC_SPECIFIED( def, A_DENY_TIME ) ?
230 SC_DENY_TIME(def) : 0 ;
231 SC_SPECIFY( scp, A_DENY_TIME ) ;
232 }
233
234 if ( (!SC_IPV4( scp )) && (!SC_IPV6( scp )) )
235 {
236 /*
237 * If bind is specified, check the address and see what family is
238 * available. If not, then use default.
239 */
240 if ( SC_SPECIFIED( scp, A_BIND ) && !SC_ORIG_BIND_ADDR(scp) )
241 {
242 if ( SAIN(SC_BIND_ADDR(scp))->sin_family == AF_INET )
243 M_SET(SC_XFLAGS(scp), SF_IPV4);
244 else
245 M_SET(SC_XFLAGS(scp), SF_IPV6);
246 }
247 else
248 M_SET(SC_XFLAGS(scp), SF_IPV4);
249 }
250
251 if (SC_ORIG_BIND_ADDR(scp))
252 {
253 /*
254 * If we are here, we have a dual stack machine with multiple
255 * entries for a domain name. We can finally use the flags for
256 * a hint to see which one to use.
257 */
258 struct addrinfo hints, *res;
259
260 memset(&hints, 0, sizeof(hints));
261 hints.ai_flags = AI_CANONNAME;
262 if (SC_IPV6(scp))
263 hints.ai_family = AF_INET6;
264 else
265 hints.ai_family = AF_INET;
266
267 if( getaddrinfo(SC_ORIG_BIND_ADDR(scp), NULL, &hints, &res) < 0 )
268 {
269 msg(LOG_ERR, func, "bad address given for: %s", SC_NAME(scp));
270 return( FAILED );
271 }
272
273 if( (res == NULL) || (res->ai_addr == NULL) )
274 {
275 msg(LOG_ERR, func, "no addresses returned for: %s", SC_NAME(scp));
276 return( FAILED );
277 }
278
279 if( (res->ai_family == AF_INET) || (res->ai_family == AF_INET6) )
280 {
281 SC_BIND_ADDR(scp) = (union xsockaddr *)
282 malloc(sizeof(union xsockaddr));
283 if( SC_BIND_ADDR(scp) == NULL )
284 {
285 msg(LOG_ERR, func, "can't allocate space for bind addr of: %s",
286 SC_NAME(scp));
287 return( FAILED );
288 }
289 memset(SC_BIND_ADDR(scp), 0, sizeof(union xsockaddr));
290 memcpy(SC_BIND_ADDR(scp), res->ai_addr, res->ai_addrlen);
291 free(SC_ORIG_BIND_ADDR(scp));
292 SC_ORIG_BIND_ADDR(scp) = 0;
293 SC_SPECIFY( scp, A_BIND );
294 }
295 freeaddrinfo(res);
296 }
297
298 /* This should be removed if sock_stream is ever something other than TCP,
299 * or sock_dgram is ever something other than UDP.
300 */
301 if ( (! SC_SPECIFIED( scp, A_PROTOCOL )) &&
302 ( SC_SPECIFIED( scp, A_SOCKET_TYPE ) ) )
303 {
304 struct protoent *pep ;
305
306 if( SC_SOCKET_TYPE(scp) == SOCK_STREAM ) {
307 if( (pep = getprotobyname( "tcp" )) != NULL ) {
308 SC_PROTONAME(scp) = new_string ( "tcp" );
309 if( SC_PROTONAME(scp) == NULL )
310 return( FAILED );
311 SC_PROTOVAL(scp) = pep->p_proto ;
312 SC_SPECIFY(scp, A_PROTOCOL);
313 }
314 }
315
316 if( SC_SOCKET_TYPE(scp) == SOCK_DGRAM ) {
317 if( (pep = getprotobyname( "udp" )) != NULL ) {
318 SC_PROTONAME(scp) = new_string ( "udp" );
319 if( SC_PROTONAME(scp) == NULL )
320 return( FAILED );
321 SC_PROTOVAL(scp) = pep->p_proto ;
322 SC_SPECIFY(scp, A_PROTOCOL);
323 }
324 }
325 }
326 if ( ( SC_SPECIFIED( scp, A_PROTOCOL )) &&
327 (! SC_SPECIFIED( scp, A_SOCKET_TYPE ) ) )
328 {
329 if( (SC_PROTONAME(scp) != NULL) && EQ("tcp", SC_PROTONAME(scp)) )
330 {
331 SC_SOCKET_TYPE(scp) = SOCK_STREAM;
332 SC_SPECIFY(scp, A_SOCKET_TYPE);
333 }
334
335 if( (SC_PROTONAME(scp) != NULL) && EQ("udp", SC_PROTONAME(scp)) )
336 {
337 SC_SOCKET_TYPE(scp) = SOCK_DGRAM;
338 SC_SPECIFY(scp, A_SOCKET_TYPE);
339 }
340 }
341
342 /*
343 * Next assign a port based on service name if not specified. Based
344 * on the code immediately before this, if either a socket_type or a
345 * protocol is specied, the other gets set appropriately. We will only
346 * use protocol for this code.
347 */
348 if (! SC_SPECIFIED( scp, A_PORT ) && ! SC_IS_MUXCLIENT( scp ) &&
349 ! SC_IS_RPC( scp )) {
350 if ( SC_IS_UNLISTED( scp ) ) {
351 msg(LOG_ERR, func, "Unlisted service: %s must have a port entry",
352 SC_NAME(scp));
353 return(FAILED);
354 }
355 if ( SC_SPECIFIED( scp, A_PROTOCOL ) ) {
356 /*
357 * Look up the service based on the protocol and service name.
358 * If not found, don't worry. Message will be emitted in
359 * check_entry().
360 */
361 struct servent *sep = getservbyname( SC_NAME(scp),
362 SC_PROTONAME(scp) ) ;
363 if ( sep != NULL ) {
364 /* s_port is in network-byte-order */
365 SC_PORT(scp) = ntohs(sep->s_port);
366 SC_SPECIFY(scp, A_PORT);
367 }
368 else {
369 msg(LOG_ERR, func,
370 "Port not specified and can't find service: %s with getservbyname",
371 SC_NAME(scp));
372 return(FAILED);
373 }
374 }
375 else {
376 msg(LOG_ERR, func,
377 "Port not specified for service: %s and no protocol given",
378 SC_NAME(scp));
379 return(FAILED);
380 }
381 }
382
383 if ( USE_DEFAULT( scp, def, A_LOG_ON_SUCCESS ) )
384 {
385 SC_LOG_ON_SUCCESS(scp) = SC_LOG_ON_SUCCESS(def) ;
386 SC_SPECIFY( scp, A_LOG_ON_SUCCESS ) ;
387 }
388
389 if ( USE_DEFAULT( scp, def, A_LOG_ON_FAILURE ) )
390 {
391 SC_LOG_ON_FAILURE(scp) = SC_LOG_ON_FAILURE(def) ;
392 SC_SPECIFY( scp, A_LOG_ON_FAILURE ) ;
393 }
394
395 if ( USE_DEFAULT( scp, def, A_LOG_TYPE ) )
396 {
397 struct log *dlp = SC_LOG( def ) ;
398 struct log *slp = SC_LOG( scp ) ;
399
400 switch ( LOG_GET_TYPE( dlp ) )
401 {
402 case L_NONE:
403 LOG_SET_TYPE( slp, L_NONE ) ;
404 break ;
405
406 case L_SYSLOG:
407 *slp = *dlp ;
408 break ;
409
410 case L_FILE:
411 LOG_SET_TYPE( slp, L_COMMON_FILE ) ;
412 break ;
413
414 default:
415 msg( LOG_ERR, func,
416 "bad log type: %d", (int) LOG_GET_TYPE( dlp ) ) ;
417 return( FAILED ) ;
418 }
419 SC_SPECIFY( scp, A_LOG_TYPE ) ;
420 }
421 if ( setup_environ( scp, def ) == FAILED )
422 return( FAILED ) ;
423 return( OK ) ;
424 }
425
426
remove_disabled_services(struct configuration * confp)427 static void remove_disabled_services( struct configuration *confp )
428 {
429 pset_h disabled_services ;
430 pset_h enabled_services ;
431 struct service_config *scp ;
432 struct service_config *defaults = confp->cnf_defaults ;
433
434 if( SC_SPECIFIED( defaults, A_ENABLED ) ) {
435 enabled_services = SC_ENABLED(defaults) ;
436
437
438 /* Mark all the services disabled */
439 for ( scp = SCP( psi_start( iter ) ) ; scp ; scp = SCP( psi_next(iter) ) )
440 SC_DISABLE( scp );
441
442 /* Enable the selected services */
443 for ( scp = SCP( psi_start( iter ) ) ; scp ; scp = SCP( psi_next(iter) ) )
444 {
445 register char *sid = SC_ID( scp ) ;
446 register unsigned u ;
447
448 for ( u = 0 ; u < pset_count( enabled_services ) ; u++ ) {
449 if ( EQ( sid, (char *) pset_pointer( enabled_services, u ) ) ) {
450 SC_ENABLE( scp );
451 break;
452 }
453 }
454 }
455 }
456
457 /* Remove any services that are left marked disabled */
458 for ( scp = SCP( psi_start( iter ) ) ; scp ; scp = SCP( psi_next(iter)) ){
459 if( SC_IS_DISABLED( scp ) ) {
460 msg(LOG_DEBUG, "remove_disabled_services", "removing %s", SC_NAME(scp));
461 SC_DISABLE( scp );
462 sc_free(scp);
463 psi_remove(iter);
464 }
465 }
466
467 if ( ! SC_SPECIFIED( defaults, A_DISABLED ) )
468 return ;
469
470 disabled_services = SC_DISABLED(defaults) ;
471
472 for ( scp = SCP( psi_start( iter ) ) ; scp ; scp = SCP( psi_next( iter ) ) )
473 {
474 register char *sid = SC_ID( scp ) ;
475 register unsigned u ;
476
477 for ( u = 0 ; u < pset_count( disabled_services ) ; u++ )
478 if ( EQ( sid, (char *) pset_pointer( disabled_services, u ) ) )
479 {
480 sc_free( scp ) ;
481 psi_remove( iter ) ;
482 break ;
483 }
484 }
485 }
486
487
488 /*
489 * Check if all required attributes have been specified
490 */
service_attr_check(struct service_config * scp)491 static status_e service_attr_check( struct service_config *scp )
492 {
493 mask_t necessary_and_specified ;
494 mask_t necessary_and_missing ;
495 mask_t must_specify = NECESSARY_ATTRS ; /* socket_type & wait */
496 unsigned int attr_id ;
497 const char *attr_name ;
498 const char *func = "service_attr_check" ;
499
500 /*
501 * Determine what attributes must be specified
502 */
503 if ( ! SC_IS_INTERNAL( scp ) )
504 { /* user & server */
505 M_OR( must_specify, must_specify, NECESSARY_ATTRS_EXTERNAL ) ;
506 if ( SC_IS_UNLISTED( scp ) )
507 {
508 if ( ! SC_IS_MUXCLIENT( scp ) ) /* protocol, & port */
509 {
510 M_OR( must_specify, must_specify, NECESSARY_ATTRS_UNLISTED ) ;
511 }
512 else /* Don't need port for TCPMUX CLIENT */
513 {
514 M_OR( must_specify, must_specify, NECESSARY_ATTRS_UNLISTED_MUX ) ;
515 }
516 }
517 }
518
519 if ( SC_IS_RPC( scp ) )
520 {
521 M_CLEAR( must_specify, A_PORT ); /* port is already known for RPC */
522 /* protocol & rpc_version */
523 M_OR( must_specify, must_specify, NECESSARY_ATTRS_RPC ) ;
524 if ( SC_IS_UNLISTED( scp ) ) /* rpc_number */
525 M_OR( must_specify, must_specify, NECESSARY_ATTRS_RPC_UNLISTED ) ;
526 }
527 else
528 {
529 if ( SC_SPECIFIED( scp, A_REDIR ) )
530 M_CLEAR( must_specify, A_SERVER ); /* server isn't used */
531 }
532
533 if( SC_IPV4( scp ) && SC_IPV6( scp ) ) {
534 msg( LOG_ERR, func,
535 "Service %s specified as both IPv4 and IPv6 - DISABLING",
536 SC_NAME(scp));
537 return FAILED ;
538 }
539
540 /*
541 * Check if all necessary attributes have been specified
542 *
543 * NOTE: None of the necessary attributes can belong to "defaults"
544 * This is why we use the sc_attributes_specified mask instead
545 * of the sc_attributes_present mask.
546 */
547
548 M_AND( necessary_and_specified,
549 scp->sc_specified_attributes, must_specify ) ;
550 M_XOR( necessary_and_missing, necessary_and_specified, must_specify ) ;
551
552 if ( M_ARE_ALL_CLEAR( necessary_and_missing) )
553 return OK ;
554
555 /*
556 * Print names of missing attributes
557 */
558 for ( attr_id = 0 ; attr_id < SERVICE_ATTRIBUTES ; attr_id++ )
559 if ( M_IS_SET( necessary_and_missing, attr_id ) &&
560 ( attr_name = attr_name_lookup( attr_id ) ) != NULL )
561 {
562 msg( LOG_ERR, func,
563 "Service %s missing attribute %s - DISABLING",
564 SC_ID(scp), attr_name ) ;
565 }
566 return FAILED ;
567 }
568
569
570 /*
571 * Perform validity checks on the whole entry. At this point, all
572 * attributes have been read and we can do an integrated check that
573 * all parameters make sense.
574 *
575 * Also does the following:
576 * 1. If this is an internal service, it finds the function that
577 * implements it
578 * 2. For RPC services, it finds the program number
579 * 3. For non-RPC services, it finds the port number.
580 */
check_entry(struct service_config * scp,const struct configuration * confp)581 static status_e check_entry( struct service_config *scp,
582 const struct configuration *confp )
583 {
584 const char *func = "check_entry" ;
585 unsigned int u;
586 const pset_h sconfs = CNF_SERVICE_CONFS( confp ) ;
587
588 /*
589 * Make sure the service id is unique
590 */
591 for ( u = 0 ; u < pset_count( sconfs ) ; u++ )
592 {
593 int diff = 1;
594 const struct service_config *tmp_scp = SCP( pset_pointer( sconfs, u ) );
595 if (tmp_scp == scp)
596 break; /* Don't check ourselves, or anything after us */
597 if ( EQ( SC_ID(tmp_scp), SC_ID(scp) ) )
598 {
599 diff = 0;
600 }
601 if( SC_BIND_ADDR(tmp_scp) == NULL)
602 continue; /* problem entry, skip it */
603 if ( (SC_PORT(scp) != SC_PORT(tmp_scp)) ||
604 (SC_PROTOVAL(scp) != SC_PROTOVAL(tmp_scp)) )
605 continue; /* if port or protocol are different, its OK */
606 if (SC_BIND_ADDR(scp) != NULL)
607 {
608 if (SC_BIND_ADDR(scp)->sa.sa_family !=
609 SC_BIND_ADDR(tmp_scp)->sa.sa_family)
610 continue;
611 if (SC_BIND_ADDR(scp)->sa.sa_family == AF_INET)
612 {
613 if (memcmp(&SC_BIND_ADDR(scp)->sa_in.sin_addr,
614 &SC_BIND_ADDR(tmp_scp)->sa_in.sin_addr,
615 sizeof(struct in_addr) ) )
616 continue;
617 }
618 else /* We assume that all bad address families are weeded out */
619 {
620 if (memcmp(&SC_BIND_ADDR(scp)->sa_in6.sin6_addr,
621 &SC_BIND_ADDR(tmp_scp)->sa_in6.sin6_addr,
622 sizeof(struct in6_addr) ) )
623 continue;
624 }
625 }
626 if( SC_IS_DISABLED( tmp_scp ) ||
627 SC_IS_DISABLED(scp) )
628 {
629 /*
630 * Allow multiple configs, as long as all but one are
631 * disabled.
632 */
633 continue;
634 }
635 #if defined(HAVE_RPC_RPCENT_H) || defined(HAVE_NETDB_H)
636 if ( SC_IS_RPC( scp ) && SC_IS_RPC ( tmp_scp ) )
637 {
638 const struct rpc_data *rdp1 = SC_RPCDATA( scp ) ;
639 const struct rpc_data *rdp2 = SC_RPCDATA( tmp_scp ) ;
640 if ( rdp1->rd_program_number != rdp2->rd_program_number )
641 continue;
642 if ( rdp1->rd_min_version > rdp2->rd_max_version ||
643 rdp1->rd_max_version < rdp2->rd_min_version )
644 continue;
645 }
646 #endif
647 if (diff)
648 msg( LOG_ERR, func,
649 "service: %s id: %s is unique but its identical to "
650 "service: %s id: %s - DISABLING",
651 SC_NAME(scp), SC_ID(scp), SC_NAME(tmp_scp), SC_ID(tmp_scp) ) ;
652 else
653 msg( LOG_ERR, func,
654 "service: %s id: %s not unique or is a duplicate - DISABLING",
655 SC_NAME(scp), SC_ID(scp) ) ;
656 return FAILED ;
657 } /* for */
658
659 /*
660 * Currently, we cannot intercept:
661 * 1) internal services
662 * 2) multi-threaded services
663 * We clear the INTERCEPT flag without disabling the service.
664 */
665 if ( SC_IS_INTERCEPTED( scp ) )
666 {
667 if ( SC_IS_INTERNAL( scp ) )
668 {
669 msg( LOG_ERR, func,
670 "Internal services cannot be intercepted: %s ", SC_ID(scp) ) ;
671 M_CLEAR( SC_XFLAGS(scp), SF_INTERCEPT ) ;
672 }
673 if ( SC_WAIT(scp) == NO )
674 {
675 msg( LOG_ERR, func,
676 "Multi-threaded services cannot be intercepted: %s", SC_ID(scp) ) ;
677 M_CLEAR( SC_XFLAGS(scp), SF_INTERCEPT ) ;
678 }
679 }
680
681 /* Steer the lost sheep home */
682 if ( SC_SENSOR( scp ) )
683 M_SET( SC_TYPE(scp), ST_INTERNAL );
684
685 if ( SC_IS_INTERNAL( scp ) )
686 { /* If SENSOR flagged redirect to internal builtin function. */
687 if ( SC_SENSOR( scp ) )
688 {
689 init_sensor();
690 SC_BUILTIN(scp) =
691 builtin_find( "sensor", SC_SOCKET_TYPE(scp) );
692 }
693 else
694 SC_BUILTIN(scp) =
695 builtin_find( SC_NAME(scp), SC_SOCKET_TYPE(scp) );
696 if (SC_BUILTIN(scp) == NULL )
697 return( FAILED ) ;
698 }
699
700 #ifdef LABELED_NET
701 if (SC_LABELED_NET(scp)) {
702 if ( SC_IS_INTERNAL( scp ) ) {
703 msg( LOG_ERR, func,
704 "Internal services cannot support labeled networking: %s",
705 SC_ID(scp) ) ;
706 return( FAILED ) ;
707 }
708 if ( SC_SOCKET_TYPE(scp) != SOCK_STREAM ) {
709 msg( LOG_ERR, func,
710 "Non-stream socket types cannot support labeled networking: %s",
711 SC_ID(scp) ) ;
712 return( FAILED ) ;
713 }
714 if ( SC_WAITS( scp ) ) {
715 msg( LOG_ERR, func,
716 "Tcp wait services cannot support labeled networking: %s",
717 SC_ID(scp) ) ;
718 return( FAILED ) ;
719 }
720 if ( SC_REDIR_ADDR( scp ) != NULL) {
721 msg( LOG_ERR, func,
722 "Redirected services cannot support labeled networking: %s",
723 SC_ID(scp) ) ;
724 return( FAILED ) ;
725 }
726 }
727 #endif
728
729 if ( SC_IS_MUXCLIENT( scp ) )
730 {
731 if ( !SC_IS_UNLISTED( scp ) )
732 {
733 msg(LOG_ERR, func,
734 "Service: %s (tcpmux) should have UNLISTED in type.",
735 SC_NAME(scp));
736 return( FAILED );
737 }
738
739 if (!EQ("tcp", SC_PROTONAME(scp)))
740 {
741 msg(LOG_ERR, func,
742 "Service: %s (tcpmux) should have tcp in protocol.",
743 SC_NAME(scp));
744 return( FAILED );
745 }
746 }
747
748 /* #ifndef NO_RPC */
749 #if defined(HAVE_RPC_RPCENT_H) || defined(HAVE_NETDB_H)
750 if ( SC_IS_RPC( scp ) && !SC_IS_UNLISTED( scp ) )
751 {
752 struct rpcent *rep = (struct rpcent *)getrpcbyname( SC_NAME(scp) ) ;
753
754 if ( rep == NULL )
755 {
756 msg( LOG_ERR, func, "unknown RPC service: %s", SC_NAME(scp) ) ;
757 return( FAILED ) ;
758 }
759 SC_RPCDATA( scp )->rd_program_number = rep->r_number ;
760 }
761 else
762 #endif /* ! NO_RPC */
763 {
764 if ( !SC_IS_UNLISTED( scp ) )
765 {
766 uint16_t service_port ;
767 struct servent *sep ;
768
769 /*
770 * Check if a protocol was specified. Based on the code in
771 * service_fill, if either socket_type or protocol is specified,
772 * the other one is filled in. Protocol should therefore always
773 * be filled in unless they made a mistake. Then verify it is the
774 * proper protocol for the given service.
775 * We don't need to check MUXCLIENTs - they aren't in /etc/services.
776 */
777 if ( SC_SPECIFIED( scp, A_PROTOCOL ) )
778 {
779 sep = getservbyname( SC_NAME(scp), SC_PROTONAME(scp) ) ;
780 if ( (sep == NULL) )
781 {
782 msg( LOG_ERR, func,
783 "service/protocol combination not in /etc/services: %s/%s",
784 SC_NAME(scp), SC_PROTONAME(scp) ) ;
785 return( FAILED ) ;
786 }
787 }
788 else
789 {
790 msg( LOG_ERR, func,
791 "A protocol or a socket_type must be specified for service: %s.",
792 SC_NAME(scp) ) ;
793 return( FAILED ) ;
794 }
795
796 /* s_port is in network-byte-order */
797 service_port = ntohs(sep->s_port);
798
799 /*
800 * If a port was specified, it must be the right one
801 */
802 if ( SC_SPECIFIED( scp, A_PORT ) &&
803 SC_PORT(scp) != service_port )
804 {
805 msg( LOG_ERR, func, "Service %s expects port %d, not %d",
806 SC_NAME(scp), service_port, SC_PORT(scp) ) ;
807 return( FAILED ) ;
808 }
809 } /* if not unlisted */
810 }
811 if ( SC_SPECIFIED( scp, A_REDIR ))
812 {
813 if ( SC_SOCKET_TYPE( scp ) != SOCK_STREAM )
814 {
815 msg( LOG_ERR, func,
816 "Only tcp sockets are supported for redirected service %s",
817 SC_NAME(scp));
818 return FAILED;
819 }
820 if ( SC_WAITS( scp ) )
821 {
822 msg( LOG_ERR, func,
823 "Redirected service %s must not wait", SC_NAME(scp));
824 return FAILED;
825 }
826 if ( SC_NAMEINARGS( scp ) )
827 {
828 msg( LOG_ERR, func,
829 "Redirected service %s should not have NAMEINARGS flag set",
830 SC_NAME(scp));
831 return FAILED;
832 }
833 }
834 else /* Not a redirected service */
835 {
836 if( M_IS_SET( SC_LOG_ON_SUCCESS(scp), LO_TRAFFIC ) )
837 {
838 msg( LOG_ERR, func,
839 "Service %s should not have TRAFFIC flag set since its"
840 " not redirected", SC_NAME(scp));
841 return FAILED;
842 }
843 }
844
845 if ( SC_NAMEINARGS(scp) )
846 {
847 if (SC_IS_INTERNAL( scp ) )
848 {
849 msg( LOG_ERR, func,
850 "Service %s is INTERNAL and has NAMEINARGS flag set",
851 SC_NAME(scp) );
852 return FAILED;
853 }
854 else if (!SC_SPECIFIED( scp, A_SERVER_ARGS) )
855 {
856 msg( LOG_ERR, func,
857 "Service %s has NAMEINARGS flag set and no server_args",
858 SC_NAME(scp) );
859 return FAILED;
860 }
861 }
862
863 if ( service_attr_check( scp ) == FAILED )
864 return( FAILED ) ;
865
866 return( OK ) ;
867 }
868
869 /*
870 * Get a configuration from the specified file.
871 */
get_conf(int fd,struct configuration * confp)872 static status_e get_conf( int fd, struct configuration *confp )
873 {
874 parse_conf_file( fd, confp, ps.ros.config_file ) ;
875 parse_end() ;
876 return( OK ) ;
877 }
878
879
880 #define CHECK_AND_CLEAR( scp, mask, mask_name ) \
881 if ( M_IS_SET( mask, LO_USERID ) ) \
882 { \
883 msg( LOG_WARNING, func, \
884 "%s service: clearing USERID option from %s", SC_ID(scp), mask_name ) ; \
885 M_CLEAR( mask, LO_USERID ) ; \
886 }
887
888 /*
889 * Get a configuration by reading the configuration file.
890 */
cnf_get(struct configuration * confp)891 status_e cnf_get( struct configuration *confp )
892 {
893 int config_fd ;
894 struct service_config *scp ;
895 const char *func = "get_configuration" ;
896
897 if ( cnf_init( confp, &config_fd, &iter ) == FAILED )
898 return( FAILED ) ;
899
900 else if ( get_conf( config_fd, confp ) == FAILED )
901 {
902 Sclose( config_fd ) ;
903 cnf_free( confp ) ;
904 psi_destroy( iter ) ;
905 return( FAILED ) ;
906 }
907
908 /* get_conf eventually calls Srdline, try Sclosing to unmmap memory. */
909 Sclose( config_fd );
910 if( inetd_compat ) {
911 current_file = "/etc/inetd.conf";
912 config_fd = open(current_file, O_RDONLY);
913 if( config_fd >= 0 ) {
914 parse_inet_conf_file( config_fd, confp );
915 parse_end() ;
916 /*
917 * parse_inet_conf eventually calls Srdline, try Sclosing to
918 * unmmap memory.
919 */
920 Sclose(config_fd);
921 }
922 }
923
924 remove_disabled_services( confp ) ;
925
926 for ( scp = SCP( psi_start( iter ) ) ; scp ; scp = SCP( psi_next( iter ) ) )
927 {
928 /*
929 * Fill the service configuration from the defaults.
930 * We do this so that we don't have to look at the defaults any more.
931 */
932 if ( service_fill( scp, confp->cnf_defaults ) == FAILED )
933 {
934 sc_free( scp ) ;
935 psi_remove( iter ) ;
936 continue ;
937 }
938
939 if ( check_entry( scp, confp ) == FAILED )
940 {
941 sc_free( scp ) ;
942 psi_remove( iter ) ;
943 continue ;
944 }
945
946 /*
947 * If the INTERCEPT flag is set, change this service to an internal
948 * service using the special INTERCEPT builtin.
949 */
950 if ( SC_IS_INTERCEPTED( scp ) )
951 {
952 const builtin_s *bp ;
953
954 bp = spec_find( INTERCEPT_SERVICE_NAME, SC_SOCKET_TYPE(scp) ) ;
955 if ( bp == NULL )
956 {
957 msg( LOG_ERR, func, "removing service %s", SC_ID( scp ) ) ;
958 sc_free( scp ) ;
959 psi_remove( iter ) ;
960 continue ;
961 }
962
963 SC_BUILTIN(scp) = bp ;
964 M_SET( SC_TYPE(scp), ST_INTERNAL ) ;
965 }
966
967 /*
968 * Clear the USERID flag for the identity service because
969 * it may lead to loops (for example, remote xinetd issues request,
970 * local xinetd issues request to remote xinetd etc.)
971 * We identify the identity service by its (protocol,port) combination.
972 */
973 if ( SC_PORT(scp) == IDENTITY_SERVICE_PORT &&
974 SC_PROTOVAL(scp) == IPPROTO_TCP )
975 {
976 CHECK_AND_CLEAR( scp, SC_LOG_ON_SUCCESS(scp), "log_on_success" ) ;
977 CHECK_AND_CLEAR( scp, SC_LOG_ON_FAILURE(scp), "log_on_failure" ) ;
978 }
979 }
980
981 psi_destroy( iter ) ;
982
983 if ( debug.on && debug.fd != -1 )
984 cnf_dump( confp, debug.fd ) ;
985
986 endservent() ;
987 endprotoent() ;
988 #ifndef NO_RPC
989 endrpcent() ;
990 #endif
991 return( OK ) ;
992 }
993
994