1 /* 2 * Routines to parse an inetd.conf or tlid.conf file. This would be a great 3 * job for a PERL script. 4 * 5 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 6 */ 7 8 #ifndef lint 9 static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23"; 10 #endif 11 12 #include <sys/types.h> 13 #include <sys/stat.h> 14 #include <stdio.h> 15 #include <errno.h> 16 #include <string.h> 17 18 extern void exit(); 19 20 #include "tcpd.h" 21 #include "inetcf.h" 22 23 /* 24 * Network configuration files may live in unusual places. Here are some 25 * guesses. Shorter names follow longer ones. 26 */ 27 char *inet_files[] = { 28 "/private/etc/inetd.conf", /* NEXT */ 29 "/etc/inet/inetd.conf", /* SYSV4 */ 30 "/usr/etc/inetd.conf", /* IRIX?? */ 31 "/etc/inetd.conf", /* BSD */ 32 "/etc/net/tlid.conf", /* SYSV4?? */ 33 "/etc/saf/tlid.conf", /* SYSV4?? */ 34 "/etc/tlid.conf", /* SYSV4?? */ 35 0, 36 }; 37 38 static void inet_chk(); 39 static char *base_name(); 40 41 /* 42 * Structure with everything we know about a service. 43 */ 44 struct inet_ent { 45 struct inet_ent *next; 46 int type; 47 char name[1]; 48 }; 49 50 static struct inet_ent *inet_list = 0; 51 52 static char whitespace[] = " \t\r\n"; 53 54 /* inet_conf - read in and examine inetd.conf (or tlid.conf) entries */ 55 56 char *inet_cfg(conf) 57 char *conf; 58 { 59 char buf[BUFSIZ]; 60 FILE *fp; 61 char *service; 62 char *protocol; 63 char *user; 64 char *path; 65 char *arg0; 66 char *arg1; 67 struct tcpd_context saved_context; 68 char *percent_m(); 69 int i; 70 struct stat st; 71 72 saved_context = tcpd_context; 73 74 /* 75 * The inetd.conf (or tlid.conf) information is so useful that we insist 76 * on its availability. When no file is given run a series of educated 77 * guesses. 78 */ 79 if (conf != 0) { 80 if ((fp = fopen(conf, "r")) == 0) { 81 fprintf(stderr, percent_m(buf, "open %s: %m\n"), conf); 82 exit(1); 83 } 84 } else { 85 for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "r")) == 0; i++) 86 /* void */ ; 87 if (fp == 0) { 88 fprintf(stderr, "Cannot find your inetd.conf or tlid.conf file.\n"); 89 fprintf(stderr, "Please specify its location.\n"); 90 exit(1); 91 } 92 conf = inet_files[i]; 93 check_path(conf, &st); 94 } 95 96 /* 97 * Process the file. After the 7.0 wrapper release it became clear that 98 * there are many more inetd.conf formats than the 8 systems that I had 99 * studied. EP/IX uses a two-line specification for rpc services; HP-UX 100 * permits long lines to be broken with backslash-newline. 101 */ 102 tcpd_context.file = conf; 103 tcpd_context.line = 0; 104 while (xgets(buf, sizeof(buf), fp)) { 105 service = strtok(buf, whitespace); /* service */ 106 if (service == 0 || *service == '#') 107 continue; 108 if (STR_NE(service, "stream") && STR_NE(service, "dgram")) 109 strtok((char *) 0, whitespace); /* endpoint */ 110 protocol = strtok((char *) 0, whitespace); 111 (void) strtok((char *) 0, whitespace); /* wait */ 112 if ((user = strtok((char *) 0, whitespace)) == 0) 113 continue; 114 if (user[0] == '/') { /* user */ 115 path = user; 116 } else { /* path */ 117 if ((path = strtok((char *) 0, whitespace)) == 0) 118 continue; 119 } 120 if (path[0] == '?') /* IRIX optional service */ 121 path++; 122 if (STR_EQ(path, "internal")) 123 continue; 124 if (path[strspn(path, "-0123456789")] == 0) { 125 126 /* 127 * ConvexOS puts RPC version numbers before path names. Jukka 128 * Ukkonen <ukkonen@csc.fi>. 129 */ 130 if ((path = strtok((char *) 0, whitespace)) == 0) 131 continue; 132 } 133 if ((arg0 = strtok((char *) 0, whitespace)) == 0) { 134 tcpd_warn("incomplete line"); 135 continue; 136 } 137 if (arg0[strspn(arg0, "0123456789")] == 0) { 138 139 /* 140 * We're reading a tlid.conf file, the format is: 141 * 142 * ...stuff... path arg_count arguments mod_count modules 143 */ 144 if ((arg0 = strtok((char *) 0, whitespace)) == 0) { 145 tcpd_warn("incomplete line"); 146 continue; 147 } 148 } 149 if ((arg1 = strtok((char *) 0, whitespace)) == 0) 150 arg1 = ""; 151 152 inet_chk(protocol, path, arg0, arg1); 153 } 154 fclose(fp); 155 tcpd_context = saved_context; 156 return (conf); 157 } 158 159 /* inet_chk - examine one inetd.conf (tlid.conf?) entry */ 160 161 static void inet_chk(protocol, path, arg0, arg1) 162 char *protocol; 163 char *path; 164 char *arg0; 165 char *arg1; 166 { 167 char daemon[BUFSIZ]; 168 struct stat st; 169 int wrap_status = WR_MAYBE; 170 char *base_name_path = base_name(path); 171 char *tcpd_proc_name = (arg0[0] == '/' ? base_name(arg0) : arg0); 172 173 /* 174 * Always warn when the executable does not exist or when it is not 175 * executable. 176 */ 177 if (check_path(path, &st) < 0) { 178 tcpd_warn("%s: not found: %m", path); 179 } else if ((st.st_mode & 0100) == 0) { 180 tcpd_warn("%s: not executable", path); 181 } 182 183 /* 184 * Cheat on the miscd tests, nobody uses it anymore. 185 */ 186 if (STR_EQ(base_name_path, "miscd")) { 187 inet_set(arg0, WR_YES); 188 return; 189 } 190 191 /* 192 * While we are here... 193 */ 194 if (STR_EQ(tcpd_proc_name, "rexd") || STR_EQ(tcpd_proc_name, "rpc.rexd")) 195 tcpd_warn("%s may be an insecure service", tcpd_proc_name); 196 197 /* 198 * The tcpd program gets most of the attention. 199 */ 200 if (STR_EQ(base_name_path, "tcpd")) { 201 202 if (STR_EQ(tcpd_proc_name, "tcpd")) 203 tcpd_warn("%s is recursively calling itself", tcpd_proc_name); 204 205 wrap_status = WR_YES; 206 207 /* 208 * Check: some sites install the wrapper set-uid. 209 */ 210 if ((st.st_mode & 06000) != 0) 211 tcpd_warn("%s: file is set-uid or set-gid", path); 212 213 /* 214 * Check: some sites insert tcpd in inetd.conf, instead of replacing 215 * the daemon pathname. 216 */ 217 if (arg0[0] == '/' && STR_EQ(tcpd_proc_name, base_name(arg1))) 218 tcpd_warn("%s inserted before %s", path, arg0); 219 220 /* 221 * Check: make sure files exist and are executable. On some systems 222 * the network daemons are set-uid so we cannot complain. Note that 223 * tcpd takes the basename only in case of absolute pathnames. 224 */ 225 if (arg0[0] == '/') { /* absolute path */ 226 if (check_path(arg0, &st) < 0) { 227 tcpd_warn("%s: not found: %m", arg0); 228 } else if ((st.st_mode & 0100) == 0) { 229 tcpd_warn("%s: not executable", arg0); 230 } 231 } else { /* look in REAL_DAEMON_DIR */ 232 sprintf(daemon, "%s/%s", REAL_DAEMON_DIR, arg0); 233 if (check_path(daemon, &st) < 0) { 234 tcpd_warn("%s: not found in %s: %m", 235 arg0, REAL_DAEMON_DIR); 236 } else if ((st.st_mode & 0100) == 0) { 237 tcpd_warn("%s: not executable", daemon); 238 } 239 } 240 241 } else { 242 243 /* 244 * No tcpd program found. Perhaps they used the "simple installation" 245 * recipe. Look for a file with the same basename in REAL_DAEMON_DIR. 246 * Draw some conservative conclusions when a distinct file is found. 247 */ 248 sprintf(daemon, "%s/%s", REAL_DAEMON_DIR, arg0); 249 if (STR_EQ(path, daemon)) { 250 #ifdef __FreeBSD__ 251 wrap_status = WR_MAYBE; 252 #else 253 wrap_status = WR_NOT; 254 #endif 255 } else if (check_path(daemon, &st) >= 0) { 256 wrap_status = WR_MAYBE; 257 } else if (errno == ENOENT) { 258 wrap_status = WR_NOT; 259 } else { 260 tcpd_warn("%s: file lookup: %m", daemon); 261 wrap_status = WR_MAYBE; 262 } 263 } 264 265 /* 266 * Alas, we cannot wrap rpc/tcp services. 267 */ 268 if (wrap_status == WR_YES && STR_EQ(protocol, "rpc/tcp")) 269 tcpd_warn("%s: cannot wrap rpc/tcp services", tcpd_proc_name); 270 271 inet_set(tcpd_proc_name, wrap_status); 272 } 273 274 /* inet_set - remember service status */ 275 276 void inet_set(name, type) 277 char *name; 278 int type; 279 { 280 struct inet_ent *ip = 281 (struct inet_ent *) malloc(sizeof(struct inet_ent) + strlen(name)); 282 283 if (ip == 0) { 284 fprintf(stderr, "out of memory\n"); 285 exit(1); 286 } 287 ip->next = inet_list; 288 strcpy(ip->name, name); 289 ip->type = type; 290 inet_list = ip; 291 } 292 293 /* inet_get - look up service status */ 294 295 int inet_get(name) 296 char *name; 297 { 298 struct inet_ent *ip; 299 300 if (inet_list == 0) 301 return (WR_MAYBE); 302 303 for (ip = inet_list; ip; ip = ip->next) 304 if (STR_EQ(ip->name, name)) 305 return (ip->type); 306 307 return (-1); 308 } 309 310 /* base_name - compute last pathname component */ 311 312 static char *base_name(path) 313 char *path; 314 { 315 char *cp; 316 317 if ((cp = strrchr(path, '/')) != 0) 318 path = cp + 1; 319 return (path); 320 } 321