Contents of /trunk/mkinitrd-magellan/busybox/networking/inetd.c
Parent Directory | Revision Log
Revision 1123 -
(show annotations)
(download)
Wed Aug 18 21:56:57 2010 UTC (14 years, 1 month ago) by niro
File MIME type: text/plain
File size: 47873 byte(s)
Wed Aug 18 21:56:57 2010 UTC (14 years, 1 month ago) by niro
File MIME type: text/plain
File size: 47873 byte(s)
-updated to busybox-1.17.1
1 | /* vi: set sw=4 ts=4: */ |
2 | /* $Slackware: inetd.c 1.79s 2001/02/06 13:18:00 volkerdi Exp $ */ |
3 | /* $OpenBSD: inetd.c,v 1.79 2001/01/30 08:30:57 deraadt Exp $ */ |
4 | /* $NetBSD: inetd.c,v 1.11 1996/02/22 11:14:41 mycroft Exp $ */ |
5 | /* Busybox port by Vladimir Oleynik (C) 2001-2005 <dzo@simtreas.ru> */ |
6 | /* IPv6 support, many bug fixes by Denys Vlasenko (c) 2008 */ |
7 | /* |
8 | * Copyright (c) 1983,1991 The Regents of the University of California. |
9 | * All rights reserved. |
10 | * |
11 | * Redistribution and use in source and binary forms, with or without |
12 | * modification, are permitted provided that the following conditions |
13 | * are met: |
14 | * 1. Redistributions of source code must retain the above copyright |
15 | * notice, this list of conditions and the following disclaimer. |
16 | * 2. Redistributions in binary form must reproduce the above copyright |
17 | * notice, this list of conditions and the following disclaimer in the |
18 | * documentation and/or other materials provided with the distribution. |
19 | * 3. All advertising materials mentioning features or use of this software |
20 | * must display the following acknowledgement: |
21 | * This product includes software developed by the University of |
22 | * California, Berkeley and its contributors. |
23 | * 4. Neither the name of the University nor the names of its contributors |
24 | * may be used to endorse or promote products derived from this software |
25 | * without specific prior written permission. |
26 | * |
27 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND |
28 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
29 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
30 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
31 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
32 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
33 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
34 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
35 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
36 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
37 | * SUCH DAMAGE. |
38 | */ |
39 | |
40 | /* Inetd - Internet super-server |
41 | * |
42 | * This program invokes configured services when a connection |
43 | * from a peer is established or a datagram arrives. |
44 | * Connection-oriented services are invoked each time a |
45 | * connection is made, by creating a process. This process |
46 | * is passed the connection as file descriptor 0 and is |
47 | * expected to do a getpeername to find out peer's host |
48 | * and port. |
49 | * Datagram oriented services are invoked when a datagram |
50 | * arrives; a process is created and passed a pending message |
51 | * on file descriptor 0. peer's address can be obtained |
52 | * using recvfrom. |
53 | * |
54 | * Inetd uses a configuration file which is read at startup |
55 | * and, possibly, at some later time in response to a hangup signal. |
56 | * The configuration file is "free format" with fields given in the |
57 | * order shown below. Continuation lines for an entry must begin with |
58 | * a space or tab. All fields must be present in each entry. |
59 | * |
60 | * service_name must be in /etc/services |
61 | * socket_type stream/dgram/raw/rdm/seqpacket |
62 | * protocol must be in /etc/protocols |
63 | * (usually "tcp" or "udp") |
64 | * wait/nowait[.max] single-threaded/multi-threaded, max # |
65 | * user[.group] or user[:group] user/group to run daemon as |
66 | * server_program full path name |
67 | * server_program_arguments maximum of MAXARGS (20) |
68 | * |
69 | * For RPC services |
70 | * service_name/version must be in /etc/rpc |
71 | * socket_type stream/dgram/raw/rdm/seqpacket |
72 | * rpc/protocol "rpc/tcp" etc |
73 | * wait/nowait[.max] single-threaded/multi-threaded |
74 | * user[.group] or user[:group] user to run daemon as |
75 | * server_program full path name |
76 | * server_program_arguments maximum of MAXARGS (20) |
77 | * |
78 | * For non-RPC services, the "service name" can be of the form |
79 | * hostaddress:servicename, in which case the hostaddress is used |
80 | * as the host portion of the address to listen on. If hostaddress |
81 | * consists of a single '*' character, INADDR_ANY is used. |
82 | * |
83 | * A line can also consist of just |
84 | * hostaddress: |
85 | * where hostaddress is as in the preceding paragraph. Such a line must |
86 | * have no further fields; the specified hostaddress is remembered and |
87 | * used for all further lines that have no hostaddress specified, |
88 | * until the next such line (or EOF). (This is why * is provided to |
89 | * allow explicit specification of INADDR_ANY.) A line |
90 | * *: |
91 | * is implicitly in effect at the beginning of the file. |
92 | * |
93 | * The hostaddress specifier may (and often will) contain dots; |
94 | * the service name must not. |
95 | * |
96 | * For RPC services, host-address specifiers are accepted and will |
97 | * work to some extent; however, because of limitations in the |
98 | * portmapper interface, it will not work to try to give more than |
99 | * one line for any given RPC service, even if the host-address |
100 | * specifiers are different. |
101 | * |
102 | * Comment lines are indicated by a '#' in column 1. |
103 | */ |
104 | |
105 | /* inetd rules for passing file descriptors to children |
106 | * (http://www.freebsd.org/cgi/man.cgi?query=inetd): |
107 | * |
108 | * The wait/nowait entry specifies whether the server that is invoked by |
109 | * inetd will take over the socket associated with the service access point, |
110 | * and thus whether inetd should wait for the server to exit before listen- |
111 | * ing for new service requests. Datagram servers must use "wait", as |
112 | * they are always invoked with the original datagram socket bound to the |
113 | * specified service address. These servers must read at least one datagram |
114 | * from the socket before exiting. If a datagram server connects to its |
115 | * peer, freeing the socket so inetd can receive further messages on the |
116 | * socket, it is said to be a "multi-threaded" server; it should read one |
117 | * datagram from the socket and create a new socket connected to the peer. |
118 | * It should fork, and the parent should then exit to allow inetd to check |
119 | * for new service requests to spawn new servers. Datagram servers which |
120 | * process all incoming datagrams on a socket and eventually time out are |
121 | * said to be "single-threaded". The comsat(8), biff(1) and talkd(8) |
122 | * utilities are both examples of the latter type of datagram server. The |
123 | * tftpd(8) utility is an example of a multi-threaded datagram server. |
124 | * |
125 | * Servers using stream sockets generally are multi-threaded and use the |
126 | * "nowait" entry. Connection requests for these services are accepted by |
127 | * inetd, and the server is given only the newly-accepted socket connected |
128 | * to a client of the service. Most stream-based services operate in this |
129 | * manner. Stream-based servers that use "wait" are started with the lis- |
130 | * tening service socket, and must accept at least one connection request |
131 | * before exiting. Such a server would normally accept and process incoming |
132 | * connection requests until a timeout. |
133 | */ |
134 | |
135 | /* Despite of above doc saying that dgram services must use "wait", |
136 | * "udp nowait" servers are implemented in busyboxed inetd. |
137 | * IPv6 addresses are also implemented. However, they may look ugly - |
138 | * ":::service..." means "address '::' (IPv6 wildcard addr)":"service"... |
139 | * You have to put "tcp6"/"udp6" in protocol field to select IPv6. |
140 | */ |
141 | |
142 | /* Here's the scoop concerning the user[:group] feature: |
143 | * 1) group is not specified: |
144 | * a) user = root: NO setuid() or setgid() is done |
145 | * b) other: initgroups(name, primary group) |
146 | * setgid(primary group as found in passwd) |
147 | * setuid() |
148 | * 2) group is specified: |
149 | * a) user = root: setgid(specified group) |
150 | * NO initgroups() |
151 | * NO setuid() |
152 | * b) other: initgroups(name, specified group) |
153 | * setgid(specified group) |
154 | * setuid() |
155 | */ |
156 | |
157 | #include <syslog.h> |
158 | #include <sys/un.h> |
159 | |
160 | #include "libbb.h" |
161 | |
162 | #if ENABLE_FEATURE_INETD_RPC |
163 | #include <rpc/rpc.h> |
164 | #include <rpc/pmap_clnt.h> |
165 | #endif |
166 | |
167 | #if !BB_MMU |
168 | /* stream version of chargen is forking but not execing, |
169 | * can't do that (easily) on NOMMU */ |
170 | #undef ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN |
171 | #define ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN 0 |
172 | #endif |
173 | |
174 | #define _PATH_INETDPID "/var/run/inetd.pid" |
175 | |
176 | #define CNT_INTERVAL 60 /* servers in CNT_INTERVAL sec. */ |
177 | #define RETRYTIME 60 /* retry after bind or server fail */ |
178 | |
179 | // TODO: explain, or get rid of setrlimit games |
180 | |
181 | #ifndef RLIMIT_NOFILE |
182 | #define RLIMIT_NOFILE RLIMIT_OFILE |
183 | #endif |
184 | |
185 | #ifndef OPEN_MAX |
186 | #define OPEN_MAX 64 |
187 | #endif |
188 | |
189 | /* Reserve some descriptors, 3 stdio + at least: 1 log, 1 conf. file */ |
190 | #define FD_MARGIN 8 |
191 | |
192 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD \ |
193 | || ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_ECHO \ |
194 | || ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN \ |
195 | || ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_TIME \ |
196 | || ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME |
197 | # define INETD_BUILTINS_ENABLED |
198 | #endif |
199 | |
200 | typedef struct servtab_t { |
201 | /* The most frequently referenced one: */ |
202 | int se_fd; /* open descriptor */ |
203 | /* NB: 'biggest fields last' saves on code size (~250 bytes) */ |
204 | /* [addr:]service socktype proto wait user[:group] prog [args] */ |
205 | char *se_local_hostname; /* addr to listen on */ |
206 | char *se_service; /* "80" or "www" or "mount/2[-3]" */ |
207 | /* socktype is in se_socktype */ /* "stream" "dgram" "raw" "rdm" "seqpacket" */ |
208 | char *se_proto; /* "unix" or "[rpc/]tcp[6]" */ |
209 | #if ENABLE_FEATURE_INETD_RPC |
210 | int se_rpcprog; /* rpc program number */ |
211 | int se_rpcver_lo; /* rpc program lowest version */ |
212 | int se_rpcver_hi; /* rpc program highest version */ |
213 | #define is_rpc_service(sep) ((sep)->se_rpcver_lo != 0) |
214 | #else |
215 | #define is_rpc_service(sep) 0 |
216 | #endif |
217 | pid_t se_wait; /* 0:"nowait", 1:"wait", >1:"wait" */ |
218 | /* and waiting for this pid */ |
219 | socktype_t se_socktype; /* SOCK_STREAM/DGRAM/RDM/... */ |
220 | family_t se_family; /* AF_UNIX/INET[6] */ |
221 | /* se_proto_no is used by RPC code only... hmm */ |
222 | smallint se_proto_no; /* IPPROTO_TCP/UDP, n/a for AF_UNIX */ |
223 | smallint se_checked; /* looked at during merge */ |
224 | unsigned se_max; /* allowed instances per minute */ |
225 | unsigned se_count; /* number started since se_time */ |
226 | unsigned se_time; /* when we started counting */ |
227 | char *se_user; /* user name to run as */ |
228 | char *se_group; /* group name to run as, can be NULL */ |
229 | #ifdef INETD_BUILTINS_ENABLED |
230 | const struct builtin *se_builtin; /* if built-in, description */ |
231 | #endif |
232 | struct servtab_t *se_next; |
233 | len_and_sockaddr *se_lsa; |
234 | char *se_program; /* server program */ |
235 | #define MAXARGV 20 |
236 | char *se_argv[MAXARGV + 1]; /* program arguments */ |
237 | } servtab_t; |
238 | |
239 | #ifdef INETD_BUILTINS_ENABLED |
240 | /* Echo received data */ |
241 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_ECHO |
242 | static void FAST_FUNC echo_stream(int, servtab_t *); |
243 | static void FAST_FUNC echo_dg(int, servtab_t *); |
244 | #endif |
245 | /* Internet /dev/null */ |
246 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD |
247 | static void FAST_FUNC discard_stream(int, servtab_t *); |
248 | static void FAST_FUNC discard_dg(int, servtab_t *); |
249 | #endif |
250 | /* Return 32 bit time since 1900 */ |
251 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_TIME |
252 | static void FAST_FUNC machtime_stream(int, servtab_t *); |
253 | static void FAST_FUNC machtime_dg(int, servtab_t *); |
254 | #endif |
255 | /* Return human-readable time */ |
256 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME |
257 | static void FAST_FUNC daytime_stream(int, servtab_t *); |
258 | static void FAST_FUNC daytime_dg(int, servtab_t *); |
259 | #endif |
260 | /* Familiar character generator */ |
261 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN |
262 | static void FAST_FUNC chargen_stream(int, servtab_t *); |
263 | static void FAST_FUNC chargen_dg(int, servtab_t *); |
264 | #endif |
265 | |
266 | struct builtin { |
267 | /* NB: not necessarily NUL terminated */ |
268 | char bi_service7[7]; /* internally provided service name */ |
269 | uint8_t bi_fork; /* 1 if stream fn should run in child */ |
270 | void (*bi_stream_fn)(int, servtab_t *) FAST_FUNC; |
271 | void (*bi_dgram_fn)(int, servtab_t *) FAST_FUNC; |
272 | }; |
273 | |
274 | static const struct builtin builtins[] = { |
275 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_ECHO |
276 | { "echo", 1, echo_stream, echo_dg }, |
277 | #endif |
278 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD |
279 | { "discard", 1, discard_stream, discard_dg }, |
280 | #endif |
281 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN |
282 | { "chargen", 1, chargen_stream, chargen_dg }, |
283 | #endif |
284 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_TIME |
285 | { "time", 0, machtime_stream, machtime_dg }, |
286 | #endif |
287 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME |
288 | { "daytime", 0, daytime_stream, daytime_dg }, |
289 | #endif |
290 | }; |
291 | #endif /* INETD_BUILTINS_ENABLED */ |
292 | |
293 | struct globals { |
294 | rlim_t rlim_ofile_cur; |
295 | struct rlimit rlim_ofile; |
296 | servtab_t *serv_list; |
297 | int global_queuelen; |
298 | int maxsock; /* max fd# in allsock, -1: unknown */ |
299 | /* whenever maxsock grows, prev_maxsock is set to new maxsock, |
300 | * but if maxsock is set to -1, prev_maxsock is not changed */ |
301 | int prev_maxsock; |
302 | unsigned max_concurrency; |
303 | smallint alarm_armed; |
304 | uid_t real_uid; /* user ID who ran us */ |
305 | const char *config_filename; |
306 | parser_t *parser; |
307 | char *default_local_hostname; |
308 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN |
309 | char *end_ring; |
310 | char *ring_pos; |
311 | char ring[128]; |
312 | #endif |
313 | fd_set allsock; |
314 | /* Used in next_line(), and as scratch read buffer */ |
315 | char line[256]; /* _at least_ 256, see LINE_SIZE */ |
316 | } FIX_ALIASING; |
317 | #define G (*(struct globals*)&bb_common_bufsiz1) |
318 | enum { LINE_SIZE = COMMON_BUFSIZE - offsetof(struct globals, line) }; |
319 | struct BUG_G_too_big { |
320 | char BUG_G_too_big[sizeof(G) <= COMMON_BUFSIZE ? 1 : -1]; |
321 | }; |
322 | #define rlim_ofile_cur (G.rlim_ofile_cur ) |
323 | #define rlim_ofile (G.rlim_ofile ) |
324 | #define serv_list (G.serv_list ) |
325 | #define global_queuelen (G.global_queuelen) |
326 | #define maxsock (G.maxsock ) |
327 | #define prev_maxsock (G.prev_maxsock ) |
328 | #define max_concurrency (G.max_concurrency) |
329 | #define alarm_armed (G.alarm_armed ) |
330 | #define real_uid (G.real_uid ) |
331 | #define config_filename (G.config_filename) |
332 | #define parser (G.parser ) |
333 | #define default_local_hostname (G.default_local_hostname) |
334 | #define first_ps_byte (G.first_ps_byte ) |
335 | #define last_ps_byte (G.last_ps_byte ) |
336 | #define end_ring (G.end_ring ) |
337 | #define ring_pos (G.ring_pos ) |
338 | #define ring (G.ring ) |
339 | #define allsock (G.allsock ) |
340 | #define line (G.line ) |
341 | #define INIT_G() do { \ |
342 | rlim_ofile_cur = OPEN_MAX; \ |
343 | global_queuelen = 128; \ |
344 | config_filename = "/etc/inetd.conf"; \ |
345 | } while (0) |
346 | |
347 | static void maybe_close(int fd) |
348 | { |
349 | if (fd >= 0) |
350 | close(fd); |
351 | } |
352 | |
353 | // TODO: move to libbb? |
354 | static len_and_sockaddr *xzalloc_lsa(int family) |
355 | { |
356 | len_and_sockaddr *lsa; |
357 | int sz; |
358 | |
359 | sz = sizeof(struct sockaddr_in); |
360 | if (family == AF_UNIX) |
361 | sz = sizeof(struct sockaddr_un); |
362 | #if ENABLE_FEATURE_IPV6 |
363 | if (family == AF_INET6) |
364 | sz = sizeof(struct sockaddr_in6); |
365 | #endif |
366 | lsa = xzalloc(LSA_LEN_SIZE + sz); |
367 | lsa->len = sz; |
368 | lsa->u.sa.sa_family = family; |
369 | return lsa; |
370 | } |
371 | |
372 | static void rearm_alarm(void) |
373 | { |
374 | if (!alarm_armed) { |
375 | alarm_armed = 1; |
376 | alarm(RETRYTIME); |
377 | } |
378 | } |
379 | |
380 | static void block_CHLD_HUP_ALRM(sigset_t *m) |
381 | { |
382 | sigemptyset(m); |
383 | sigaddset(m, SIGCHLD); |
384 | sigaddset(m, SIGHUP); |
385 | sigaddset(m, SIGALRM); |
386 | sigprocmask(SIG_BLOCK, m, m); /* old sigmask is stored in m */ |
387 | } |
388 | |
389 | static void restore_sigmask(sigset_t *m) |
390 | { |
391 | sigprocmask(SIG_SETMASK, m, NULL); |
392 | } |
393 | |
394 | #if ENABLE_FEATURE_INETD_RPC |
395 | static void register_rpc(servtab_t *sep) |
396 | { |
397 | int n; |
398 | struct sockaddr_in ir_sin; |
399 | socklen_t size; |
400 | |
401 | size = sizeof(ir_sin); |
402 | if (getsockname(sep->se_fd, (struct sockaddr *) &ir_sin, &size) < 0) { |
403 | bb_perror_msg("getsockname"); |
404 | return; |
405 | } |
406 | |
407 | for (n = sep->se_rpcver_lo; n <= sep->se_rpcver_hi; n++) { |
408 | pmap_unset(sep->se_rpcprog, n); |
409 | if (!pmap_set(sep->se_rpcprog, n, sep->se_proto_no, ntohs(ir_sin.sin_port))) |
410 | bb_perror_msg("%s %s: pmap_set(%u,%u,%u,%u)", |
411 | sep->se_service, sep->se_proto, |
412 | sep->se_rpcprog, n, sep->se_proto_no, ntohs(ir_sin.sin_port)); |
413 | } |
414 | } |
415 | |
416 | static void unregister_rpc(servtab_t *sep) |
417 | { |
418 | int n; |
419 | |
420 | for (n = sep->se_rpcver_lo; n <= sep->se_rpcver_hi; n++) { |
421 | if (!pmap_unset(sep->se_rpcprog, n)) |
422 | bb_perror_msg("pmap_unset(%u,%u)", sep->se_rpcprog, n); |
423 | } |
424 | } |
425 | #endif /* FEATURE_INETD_RPC */ |
426 | |
427 | static void bump_nofile(void) |
428 | { |
429 | enum { FD_CHUNK = 32 }; |
430 | struct rlimit rl; |
431 | |
432 | /* Never fails under Linux (except if you pass it bad arguments) */ |
433 | getrlimit(RLIMIT_NOFILE, &rl); |
434 | rl.rlim_cur = MIN(rl.rlim_max, rl.rlim_cur + FD_CHUNK); |
435 | rl.rlim_cur = MIN(FD_SETSIZE, rl.rlim_cur + FD_CHUNK); |
436 | if (rl.rlim_cur <= rlim_ofile_cur) { |
437 | bb_error_msg("can't extend file limit, max = %d", |
438 | (int) rl.rlim_cur); |
439 | return; |
440 | } |
441 | |
442 | if (setrlimit(RLIMIT_NOFILE, &rl) < 0) { |
443 | bb_perror_msg("setrlimit"); |
444 | return; |
445 | } |
446 | |
447 | rlim_ofile_cur = rl.rlim_cur; |
448 | } |
449 | |
450 | static void remove_fd_from_set(int fd) |
451 | { |
452 | if (fd >= 0) { |
453 | FD_CLR(fd, &allsock); |
454 | maxsock = -1; |
455 | } |
456 | } |
457 | |
458 | static void add_fd_to_set(int fd) |
459 | { |
460 | if (fd >= 0) { |
461 | FD_SET(fd, &allsock); |
462 | if (maxsock >= 0 && fd > maxsock) { |
463 | prev_maxsock = maxsock = fd; |
464 | if ((rlim_t)fd > rlim_ofile_cur - FD_MARGIN) |
465 | bump_nofile(); |
466 | } |
467 | } |
468 | } |
469 | |
470 | static void recalculate_maxsock(void) |
471 | { |
472 | int fd = 0; |
473 | |
474 | /* We may have no services, in this case maxsock should still be >= 0 |
475 | * (code elsewhere is not happy with maxsock == -1) */ |
476 | maxsock = 0; |
477 | while (fd <= prev_maxsock) { |
478 | if (FD_ISSET(fd, &allsock)) |
479 | maxsock = fd; |
480 | fd++; |
481 | } |
482 | prev_maxsock = maxsock; |
483 | if ((rlim_t)maxsock > rlim_ofile_cur - FD_MARGIN) |
484 | bump_nofile(); |
485 | } |
486 | |
487 | static void prepare_socket_fd(servtab_t *sep) |
488 | { |
489 | int r, fd; |
490 | |
491 | fd = socket(sep->se_family, sep->se_socktype, 0); |
492 | if (fd < 0) { |
493 | bb_perror_msg("socket"); |
494 | return; |
495 | } |
496 | setsockopt_reuseaddr(fd); |
497 | |
498 | #if ENABLE_FEATURE_INETD_RPC |
499 | if (is_rpc_service(sep)) { |
500 | struct passwd *pwd; |
501 | |
502 | /* zero out the port for all RPC services; let bind() |
503 | * find one. */ |
504 | set_nport(sep->se_lsa, 0); |
505 | |
506 | /* for RPC services, attempt to use a reserved port |
507 | * if they are going to be running as root. */ |
508 | if (real_uid == 0 && sep->se_family == AF_INET |
509 | && (pwd = getpwnam(sep->se_user)) != NULL |
510 | && pwd->pw_uid == 0 |
511 | ) { |
512 | r = bindresvport(fd, &sep->se_lsa->u.sin); |
513 | } else { |
514 | r = bind(fd, &sep->se_lsa->u.sa, sep->se_lsa->len); |
515 | } |
516 | if (r == 0) { |
517 | int saveerrno = errno; |
518 | /* update lsa with port# */ |
519 | getsockname(fd, &sep->se_lsa->u.sa, &sep->se_lsa->len); |
520 | errno = saveerrno; |
521 | } |
522 | } else |
523 | #endif |
524 | { |
525 | if (sep->se_family == AF_UNIX) { |
526 | struct sockaddr_un *sun; |
527 | sun = (struct sockaddr_un*)&(sep->se_lsa->u.sa); |
528 | unlink(sun->sun_path); |
529 | } |
530 | r = bind(fd, &sep->se_lsa->u.sa, sep->se_lsa->len); |
531 | } |
532 | if (r < 0) { |
533 | bb_perror_msg("%s/%s: bind", |
534 | sep->se_service, sep->se_proto); |
535 | close(fd); |
536 | rearm_alarm(); |
537 | return; |
538 | } |
539 | if (sep->se_socktype == SOCK_STREAM) |
540 | listen(fd, global_queuelen); |
541 | |
542 | add_fd_to_set(fd); |
543 | sep->se_fd = fd; |
544 | } |
545 | |
546 | static int reopen_config_file(void) |
547 | { |
548 | free(default_local_hostname); |
549 | default_local_hostname = xstrdup("*"); |
550 | if (parser != NULL) |
551 | config_close(parser); |
552 | parser = config_open(config_filename); |
553 | return (parser != NULL); |
554 | } |
555 | |
556 | static void close_config_file(void) |
557 | { |
558 | if (parser) { |
559 | config_close(parser); |
560 | parser = NULL; |
561 | } |
562 | } |
563 | |
564 | static void free_servtab_strings(servtab_t *cp) |
565 | { |
566 | int i; |
567 | |
568 | free(cp->se_local_hostname); |
569 | free(cp->se_service); |
570 | free(cp->se_proto); |
571 | free(cp->se_user); |
572 | free(cp->se_group); |
573 | free(cp->se_lsa); /* not a string in fact */ |
574 | free(cp->se_program); |
575 | for (i = 0; i < MAXARGV; i++) |
576 | free(cp->se_argv[i]); |
577 | } |
578 | |
579 | static servtab_t *new_servtab(void) |
580 | { |
581 | servtab_t *newtab = xzalloc(sizeof(servtab_t)); |
582 | newtab->se_fd = -1; /* paranoia */ |
583 | return newtab; |
584 | } |
585 | |
586 | static servtab_t *dup_servtab(servtab_t *sep) |
587 | { |
588 | servtab_t *newtab; |
589 | int argc; |
590 | |
591 | newtab = new_servtab(); |
592 | *newtab = *sep; /* struct copy */ |
593 | /* deep-copying strings */ |
594 | newtab->se_service = xstrdup(newtab->se_service); |
595 | newtab->se_proto = xstrdup(newtab->se_proto); |
596 | newtab->se_user = xstrdup(newtab->se_user); |
597 | newtab->se_group = xstrdup(newtab->se_group); |
598 | newtab->se_program = xstrdup(newtab->se_program); |
599 | for (argc = 0; argc <= MAXARGV; argc++) |
600 | newtab->se_argv[argc] = xstrdup(newtab->se_argv[argc]); |
601 | /* NB: se_fd, se_hostaddr and se_next are always |
602 | * overwrittend by callers, so we don't bother resetting them |
603 | * to NULL/0/-1 etc */ |
604 | |
605 | return newtab; |
606 | } |
607 | |
608 | /* gcc generates much more code if this is inlined */ |
609 | static servtab_t *parse_one_line(void) |
610 | { |
611 | int argc; |
612 | char *token[6+MAXARGV]; |
613 | char *p, *arg; |
614 | char *hostdelim; |
615 | servtab_t *sep; |
616 | servtab_t *nsep; |
617 | new: |
618 | sep = new_servtab(); |
619 | more: |
620 | argc = config_read(parser, token, 6+MAXARGV, 1, "# \t", PARSE_NORMAL); |
621 | if (!argc) { |
622 | free(sep); |
623 | return NULL; |
624 | } |
625 | |
626 | /* [host:]service socktype proto wait user[:group] prog [args] */ |
627 | /* Check for "host:...." line */ |
628 | arg = token[0]; |
629 | hostdelim = strrchr(arg, ':'); |
630 | if (hostdelim) { |
631 | *hostdelim = '\0'; |
632 | sep->se_local_hostname = xstrdup(arg); |
633 | arg = hostdelim + 1; |
634 | if (*arg == '\0' && argc == 1) { |
635 | /* Line has just "host:", change the |
636 | * default host for the following lines. */ |
637 | free(default_local_hostname); |
638 | default_local_hostname = sep->se_local_hostname; |
639 | goto more; |
640 | } |
641 | } else |
642 | sep->se_local_hostname = xstrdup(default_local_hostname); |
643 | |
644 | /* service socktype proto wait user[:group] prog [args] */ |
645 | sep->se_service = xstrdup(arg); |
646 | |
647 | /* socktype proto wait user[:group] prog [args] */ |
648 | if (argc < 6) { |
649 | parse_err: |
650 | bb_error_msg("parse error on line %u, line is ignored", |
651 | parser->lineno); |
652 | free_servtab_strings(sep); |
653 | /* Just "goto more" can make sep to carry over e.g. |
654 | * "rpc"-ness (by having se_rpcver_lo != 0). |
655 | * We will be more paranoid: */ |
656 | free(sep); |
657 | goto new; |
658 | } |
659 | |
660 | { |
661 | static const int8_t SOCK_xxx[] ALIGN1 = { |
662 | -1, |
663 | SOCK_STREAM, SOCK_DGRAM, SOCK_RDM, |
664 | SOCK_SEQPACKET, SOCK_RAW |
665 | }; |
666 | sep->se_socktype = SOCK_xxx[1 + index_in_strings( |
667 | "stream""\0" "dgram""\0" "rdm""\0" |
668 | "seqpacket""\0" "raw""\0" |
669 | , token[1])]; |
670 | } |
671 | |
672 | /* {unix,[rpc/]{tcp,udp}[6]} wait user[:group] prog [args] */ |
673 | sep->se_proto = arg = xstrdup(token[2]); |
674 | if (strcmp(arg, "unix") == 0) { |
675 | sep->se_family = AF_UNIX; |
676 | } else { |
677 | char *six; |
678 | sep->se_family = AF_INET; |
679 | six = last_char_is(arg, '6'); |
680 | if (six) { |
681 | #if ENABLE_FEATURE_IPV6 |
682 | *six = '\0'; |
683 | sep->se_family = AF_INET6; |
684 | #else |
685 | bb_error_msg("%s: no support for IPv6", sep->se_proto); |
686 | goto parse_err; |
687 | #endif |
688 | } |
689 | if (strncmp(arg, "rpc/", 4) == 0) { |
690 | #if ENABLE_FEATURE_INETD_RPC |
691 | unsigned n; |
692 | arg += 4; |
693 | p = strchr(sep->se_service, '/'); |
694 | if (p == NULL) { |
695 | bb_error_msg("no rpc version: '%s'", sep->se_service); |
696 | goto parse_err; |
697 | } |
698 | *p++ = '\0'; |
699 | n = bb_strtou(p, &p, 10); |
700 | if (n > INT_MAX) { |
701 | bad_ver_spec: |
702 | bb_error_msg("bad rpc version"); |
703 | goto parse_err; |
704 | } |
705 | sep->se_rpcver_lo = sep->se_rpcver_hi = n; |
706 | if (*p == '-') { |
707 | p++; |
708 | n = bb_strtou(p, &p, 10); |
709 | if (n > INT_MAX || (int)n < sep->se_rpcver_lo) |
710 | goto bad_ver_spec; |
711 | sep->se_rpcver_hi = n; |
712 | } |
713 | if (*p != '\0') |
714 | goto bad_ver_spec; |
715 | #else |
716 | bb_error_msg("no support for rpc services"); |
717 | goto parse_err; |
718 | #endif |
719 | } |
720 | /* we don't really need getprotobyname()! */ |
721 | if (strcmp(arg, "tcp") == 0) |
722 | sep->se_proto_no = IPPROTO_TCP; /* = 6 */ |
723 | if (strcmp(arg, "udp") == 0) |
724 | sep->se_proto_no = IPPROTO_UDP; /* = 17 */ |
725 | if (six) |
726 | *six = '6'; |
727 | if (!sep->se_proto_no) /* not tcp/udp?? */ |
728 | goto parse_err; |
729 | } |
730 | |
731 | /* [no]wait[.max] user[:group] prog [args] */ |
732 | arg = token[3]; |
733 | sep->se_max = max_concurrency; |
734 | p = strchr(arg, '.'); |
735 | if (p) { |
736 | *p++ = '\0'; |
737 | sep->se_max = bb_strtou(p, NULL, 10); |
738 | if (errno) |
739 | goto parse_err; |
740 | } |
741 | sep->se_wait = (arg[0] != 'n' || arg[1] != 'o'); |
742 | if (!sep->se_wait) /* "no" seen */ |
743 | arg += 2; |
744 | if (strcmp(arg, "wait") != 0) |
745 | goto parse_err; |
746 | |
747 | /* user[:group] prog [args] */ |
748 | sep->se_user = xstrdup(token[4]); |
749 | arg = strchr(sep->se_user, '.'); |
750 | if (arg == NULL) |
751 | arg = strchr(sep->se_user, ':'); |
752 | if (arg) { |
753 | *arg++ = '\0'; |
754 | sep->se_group = xstrdup(arg); |
755 | } |
756 | |
757 | /* prog [args] */ |
758 | sep->se_program = xstrdup(token[5]); |
759 | #ifdef INETD_BUILTINS_ENABLED |
760 | if (strcmp(sep->se_program, "internal") == 0 |
761 | && strlen(sep->se_service) <= 7 |
762 | && (sep->se_socktype == SOCK_STREAM |
763 | || sep->se_socktype == SOCK_DGRAM) |
764 | ) { |
765 | unsigned i; |
766 | for (i = 0; i < ARRAY_SIZE(builtins); i++) |
767 | if (strncmp(builtins[i].bi_service7, sep->se_service, 7) == 0) |
768 | goto found_bi; |
769 | bb_error_msg("unknown internal service %s", sep->se_service); |
770 | goto parse_err; |
771 | found_bi: |
772 | sep->se_builtin = &builtins[i]; |
773 | /* stream builtins must be "nowait", dgram must be "wait" */ |
774 | if (sep->se_wait != (sep->se_socktype == SOCK_DGRAM)) |
775 | goto parse_err; |
776 | } |
777 | #endif |
778 | argc = 0; |
779 | while ((arg = token[6+argc]) != NULL && argc < MAXARGV) |
780 | sep->se_argv[argc++] = xstrdup(arg); |
781 | |
782 | /* catch mixups. "<service> stream udp ..." == wtf */ |
783 | if (sep->se_socktype == SOCK_STREAM) { |
784 | if (sep->se_proto_no == IPPROTO_UDP) |
785 | goto parse_err; |
786 | } |
787 | if (sep->se_socktype == SOCK_DGRAM) { |
788 | if (sep->se_proto_no == IPPROTO_TCP) |
789 | goto parse_err; |
790 | } |
791 | |
792 | // bb_info_msg( |
793 | // "ENTRY[%s][%s][%s][%d][%d][%d][%d][%d][%s][%s][%s]", |
794 | // sep->se_local_hostname, sep->se_service, sep->se_proto, sep->se_wait, sep->se_proto_no, |
795 | // sep->se_max, sep->se_count, sep->se_time, sep->se_user, sep->se_group, sep->se_program); |
796 | |
797 | /* check if the hostname specifier is a comma separated list |
798 | * of hostnames. we'll make new entries for each address. */ |
799 | while ((hostdelim = strrchr(sep->se_local_hostname, ',')) != NULL) { |
800 | nsep = dup_servtab(sep); |
801 | /* NUL terminate the hostname field of the existing entry, |
802 | * and make a dup for the new entry. */ |
803 | *hostdelim++ = '\0'; |
804 | nsep->se_local_hostname = xstrdup(hostdelim); |
805 | nsep->se_next = sep->se_next; |
806 | sep->se_next = nsep; |
807 | } |
808 | |
809 | /* was doing it here: */ |
810 | /* DNS resolution, create copies for each IP address */ |
811 | /* IPv6-ization destroyed it :( */ |
812 | |
813 | return sep; |
814 | } |
815 | |
816 | static servtab_t *insert_in_servlist(servtab_t *cp) |
817 | { |
818 | servtab_t *sep; |
819 | sigset_t omask; |
820 | |
821 | sep = new_servtab(); |
822 | *sep = *cp; /* struct copy */ |
823 | sep->se_fd = -1; |
824 | #if ENABLE_FEATURE_INETD_RPC |
825 | sep->se_rpcprog = -1; |
826 | #endif |
827 | block_CHLD_HUP_ALRM(&omask); |
828 | sep->se_next = serv_list; |
829 | serv_list = sep; |
830 | restore_sigmask(&omask); |
831 | return sep; |
832 | } |
833 | |
834 | static int same_serv_addr_proto(servtab_t *old, servtab_t *new) |
835 | { |
836 | if (strcmp(old->se_local_hostname, new->se_local_hostname) != 0) |
837 | return 0; |
838 | if (strcmp(old->se_service, new->se_service) != 0) |
839 | return 0; |
840 | if (strcmp(old->se_proto, new->se_proto) != 0) |
841 | return 0; |
842 | return 1; |
843 | } |
844 | |
845 | static void reread_config_file(int sig UNUSED_PARAM) |
846 | { |
847 | servtab_t *sep, *cp, **sepp; |
848 | len_and_sockaddr *lsa; |
849 | sigset_t omask; |
850 | unsigned n; |
851 | uint16_t port; |
852 | int save_errno = errno; |
853 | |
854 | if (!reopen_config_file()) |
855 | goto ret; |
856 | for (sep = serv_list; sep; sep = sep->se_next) |
857 | sep->se_checked = 0; |
858 | |
859 | goto first_line; |
860 | while (1) { |
861 | if (cp == NULL) { |
862 | first_line: |
863 | cp = parse_one_line(); |
864 | if (cp == NULL) |
865 | break; |
866 | } |
867 | for (sep = serv_list; sep; sep = sep->se_next) |
868 | if (same_serv_addr_proto(sep, cp)) |
869 | goto equal_servtab; |
870 | /* not an "equal" servtab */ |
871 | sep = insert_in_servlist(cp); |
872 | goto after_check; |
873 | equal_servtab: |
874 | { |
875 | int i; |
876 | |
877 | block_CHLD_HUP_ALRM(&omask); |
878 | #if ENABLE_FEATURE_INETD_RPC |
879 | if (is_rpc_service(sep)) |
880 | unregister_rpc(sep); |
881 | sep->se_rpcver_lo = cp->se_rpcver_lo; |
882 | sep->se_rpcver_hi = cp->se_rpcver_hi; |
883 | #endif |
884 | if (cp->se_wait == 0) { |
885 | /* New config says "nowait". If old one |
886 | * was "wait", we currently may be waiting |
887 | * for a child (and not accepting connects). |
888 | * Stop waiting, start listening again. |
889 | * (if it's not true, this op is harmless) */ |
890 | add_fd_to_set(sep->se_fd); |
891 | } |
892 | sep->se_wait = cp->se_wait; |
893 | sep->se_max = cp->se_max; |
894 | /* string fields need more love - we don't want to leak them */ |
895 | #define SWAP(type, a, b) do { type c = (type)a; a = (type)b; b = (type)c; } while (0) |
896 | SWAP(char*, sep->se_user, cp->se_user); |
897 | SWAP(char*, sep->se_group, cp->se_group); |
898 | SWAP(char*, sep->se_program, cp->se_program); |
899 | for (i = 0; i < MAXARGV; i++) |
900 | SWAP(char*, sep->se_argv[i], cp->se_argv[i]); |
901 | #undef SWAP |
902 | restore_sigmask(&omask); |
903 | free_servtab_strings(cp); |
904 | } |
905 | after_check: |
906 | /* cp->string_fields are consumed by insert_in_servlist() |
907 | * or freed at this point, cp itself is not yet freed. */ |
908 | sep->se_checked = 1; |
909 | |
910 | /* create new len_and_sockaddr */ |
911 | switch (sep->se_family) { |
912 | struct sockaddr_un *sun; |
913 | case AF_UNIX: |
914 | lsa = xzalloc_lsa(AF_UNIX); |
915 | sun = (struct sockaddr_un*)&lsa->u.sa; |
916 | safe_strncpy(sun->sun_path, sep->se_service, sizeof(sun->sun_path)); |
917 | break; |
918 | |
919 | default: /* case AF_INET, case AF_INET6 */ |
920 | n = bb_strtou(sep->se_service, NULL, 10); |
921 | #if ENABLE_FEATURE_INETD_RPC |
922 | if (is_rpc_service(sep)) { |
923 | sep->se_rpcprog = n; |
924 | if (errno) { /* se_service is not numeric */ |
925 | struct rpcent *rp = getrpcbyname(sep->se_service); |
926 | if (rp == NULL) { |
927 | bb_error_msg("%s: unknown rpc service", sep->se_service); |
928 | goto next_cp; |
929 | } |
930 | sep->se_rpcprog = rp->r_number; |
931 | } |
932 | if (sep->se_fd == -1) |
933 | prepare_socket_fd(sep); |
934 | if (sep->se_fd != -1) |
935 | register_rpc(sep); |
936 | goto next_cp; |
937 | } |
938 | #endif |
939 | /* what port to listen on? */ |
940 | port = htons(n); |
941 | if (errno || n > 0xffff) { /* se_service is not numeric */ |
942 | char protoname[4]; |
943 | struct servent *sp; |
944 | /* can result only in "tcp" or "udp": */ |
945 | safe_strncpy(protoname, sep->se_proto, 4); |
946 | sp = getservbyname(sep->se_service, protoname); |
947 | if (sp == NULL) { |
948 | bb_error_msg("%s/%s: unknown service", |
949 | sep->se_service, sep->se_proto); |
950 | goto next_cp; |
951 | } |
952 | port = sp->s_port; |
953 | } |
954 | if (LONE_CHAR(sep->se_local_hostname, '*')) { |
955 | lsa = xzalloc_lsa(sep->se_family); |
956 | set_nport(lsa, port); |
957 | } else { |
958 | lsa = host_and_af2sockaddr(sep->se_local_hostname, |
959 | ntohs(port), sep->se_family); |
960 | if (!lsa) { |
961 | bb_error_msg("%s/%s: unknown host '%s'", |
962 | sep->se_service, sep->se_proto, |
963 | sep->se_local_hostname); |
964 | goto next_cp; |
965 | } |
966 | } |
967 | break; |
968 | } /* end of "switch (sep->se_family)" */ |
969 | |
970 | /* did lsa change? Then close/open */ |
971 | if (sep->se_lsa == NULL |
972 | || lsa->len != sep->se_lsa->len |
973 | || memcmp(&lsa->u.sa, &sep->se_lsa->u.sa, lsa->len) != 0 |
974 | ) { |
975 | remove_fd_from_set(sep->se_fd); |
976 | maybe_close(sep->se_fd); |
977 | free(sep->se_lsa); |
978 | sep->se_lsa = lsa; |
979 | sep->se_fd = -1; |
980 | } else { |
981 | free(lsa); |
982 | } |
983 | if (sep->se_fd == -1) |
984 | prepare_socket_fd(sep); |
985 | next_cp: |
986 | sep = cp->se_next; |
987 | free(cp); |
988 | cp = sep; |
989 | } /* end of "while (1) parse lines" */ |
990 | close_config_file(); |
991 | |
992 | /* Purge anything not looked at above - these are stale entries, |
993 | * new config file doesnt have them. */ |
994 | block_CHLD_HUP_ALRM(&omask); |
995 | sepp = &serv_list; |
996 | while ((sep = *sepp)) { |
997 | if (sep->se_checked) { |
998 | sepp = &sep->se_next; |
999 | continue; |
1000 | } |
1001 | *sepp = sep->se_next; |
1002 | remove_fd_from_set(sep->se_fd); |
1003 | maybe_close(sep->se_fd); |
1004 | #if ENABLE_FEATURE_INETD_RPC |
1005 | if (is_rpc_service(sep)) |
1006 | unregister_rpc(sep); |
1007 | #endif |
1008 | if (sep->se_family == AF_UNIX) |
1009 | unlink(sep->se_service); |
1010 | free_servtab_strings(sep); |
1011 | free(sep); |
1012 | } |
1013 | restore_sigmask(&omask); |
1014 | ret: |
1015 | errno = save_errno; |
1016 | } |
1017 | |
1018 | static void reap_child(int sig UNUSED_PARAM) |
1019 | { |
1020 | pid_t pid; |
1021 | int status; |
1022 | servtab_t *sep; |
1023 | int save_errno = errno; |
1024 | |
1025 | for (;;) { |
1026 | pid = wait_any_nohang(&status); |
1027 | if (pid <= 0) |
1028 | break; |
1029 | for (sep = serv_list; sep; sep = sep->se_next) { |
1030 | if (sep->se_wait != pid) |
1031 | continue; |
1032 | /* One of our "wait" services */ |
1033 | if (WIFEXITED(status) && WEXITSTATUS(status)) |
1034 | bb_error_msg("%s: exit status %u", |
1035 | sep->se_program, WEXITSTATUS(status)); |
1036 | else if (WIFSIGNALED(status)) |
1037 | bb_error_msg("%s: exit signal %u", |
1038 | sep->se_program, WTERMSIG(status)); |
1039 | sep->se_wait = 1; |
1040 | add_fd_to_set(sep->se_fd); |
1041 | break; |
1042 | } |
1043 | } |
1044 | errno = save_errno; |
1045 | } |
1046 | |
1047 | static void retry_network_setup(int sig UNUSED_PARAM) |
1048 | { |
1049 | int save_errno = errno; |
1050 | servtab_t *sep; |
1051 | |
1052 | alarm_armed = 0; |
1053 | for (sep = serv_list; sep; sep = sep->se_next) { |
1054 | if (sep->se_fd == -1) { |
1055 | prepare_socket_fd(sep); |
1056 | #if ENABLE_FEATURE_INETD_RPC |
1057 | if (sep->se_fd != -1 && is_rpc_service(sep)) |
1058 | register_rpc(sep); |
1059 | #endif |
1060 | } |
1061 | } |
1062 | errno = save_errno; |
1063 | } |
1064 | |
1065 | static void clean_up_and_exit(int sig UNUSED_PARAM) |
1066 | { |
1067 | servtab_t *sep; |
1068 | |
1069 | /* XXX signal race walking sep list */ |
1070 | for (sep = serv_list; sep; sep = sep->se_next) { |
1071 | if (sep->se_fd == -1) |
1072 | continue; |
1073 | |
1074 | switch (sep->se_family) { |
1075 | case AF_UNIX: |
1076 | unlink(sep->se_service); |
1077 | break; |
1078 | default: /* case AF_INET, AF_INET6 */ |
1079 | #if ENABLE_FEATURE_INETD_RPC |
1080 | if (sep->se_wait == 1 && is_rpc_service(sep)) |
1081 | unregister_rpc(sep); /* XXX signal race */ |
1082 | #endif |
1083 | break; |
1084 | } |
1085 | if (ENABLE_FEATURE_CLEAN_UP) |
1086 | close(sep->se_fd); |
1087 | } |
1088 | remove_pidfile(_PATH_INETDPID); |
1089 | exit(EXIT_SUCCESS); |
1090 | } |
1091 | |
1092 | int inetd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
1093 | int inetd_main(int argc UNUSED_PARAM, char **argv) |
1094 | { |
1095 | struct sigaction sa, saved_pipe_handler; |
1096 | servtab_t *sep, *sep2; |
1097 | struct passwd *pwd; |
1098 | struct group *grp = grp; /* for compiler */ |
1099 | int opt; |
1100 | pid_t pid; |
1101 | sigset_t omask; |
1102 | |
1103 | INIT_G(); |
1104 | |
1105 | real_uid = getuid(); |
1106 | if (real_uid != 0) /* run by non-root user */ |
1107 | config_filename = NULL; |
1108 | |
1109 | opt_complementary = "R+:q+"; /* -q N, -R N */ |
1110 | opt = getopt32(argv, "R:feq:", &max_concurrency, &global_queuelen); |
1111 | argv += optind; |
1112 | //argc -= optind; |
1113 | if (argv[0]) |
1114 | config_filename = argv[0]; |
1115 | if (config_filename == NULL) |
1116 | bb_error_msg_and_die("non-root must specify config file"); |
1117 | if (!(opt & 2)) |
1118 | bb_daemonize_or_rexec(0, argv - optind); |
1119 | else |
1120 | bb_sanitize_stdio(); |
1121 | if (!(opt & 4)) { |
1122 | /* LOG_NDELAY: connect to syslog daemon NOW. |
1123 | * Otherwise, we may open syslog socket |
1124 | * in vforked child, making opened fds and syslog() |
1125 | * internal state inconsistent. |
1126 | * This was observed to leak file descriptors. */ |
1127 | openlog(applet_name, LOG_PID | LOG_NDELAY, LOG_DAEMON); |
1128 | logmode = LOGMODE_SYSLOG; |
1129 | } |
1130 | |
1131 | if (real_uid == 0) { |
1132 | /* run by root, ensure groups vector gets trashed */ |
1133 | gid_t gid = getgid(); |
1134 | setgroups(1, &gid); |
1135 | } |
1136 | |
1137 | write_pidfile(_PATH_INETDPID); |
1138 | |
1139 | /* never fails under Linux (except if you pass it bad arguments) */ |
1140 | getrlimit(RLIMIT_NOFILE, &rlim_ofile); |
1141 | rlim_ofile_cur = rlim_ofile.rlim_cur; |
1142 | if (rlim_ofile_cur == RLIM_INFINITY) /* ! */ |
1143 | rlim_ofile_cur = OPEN_MAX; |
1144 | |
1145 | memset(&sa, 0, sizeof(sa)); |
1146 | /*sigemptyset(&sa.sa_mask); - memset did it */ |
1147 | sigaddset(&sa.sa_mask, SIGALRM); |
1148 | sigaddset(&sa.sa_mask, SIGCHLD); |
1149 | sigaddset(&sa.sa_mask, SIGHUP); |
1150 | sa.sa_handler = retry_network_setup; |
1151 | sigaction_set(SIGALRM, &sa); |
1152 | sa.sa_handler = reread_config_file; |
1153 | sigaction_set(SIGHUP, &sa); |
1154 | sa.sa_handler = reap_child; |
1155 | sigaction_set(SIGCHLD, &sa); |
1156 | sa.sa_handler = clean_up_and_exit; |
1157 | sigaction_set(SIGTERM, &sa); |
1158 | sa.sa_handler = clean_up_and_exit; |
1159 | sigaction_set(SIGINT, &sa); |
1160 | sa.sa_handler = SIG_IGN; |
1161 | sigaction(SIGPIPE, &sa, &saved_pipe_handler); |
1162 | |
1163 | reread_config_file(SIGHUP); /* load config from file */ |
1164 | |
1165 | for (;;) { |
1166 | int ready_fd_cnt; |
1167 | int ctrl, accepted_fd, new_udp_fd; |
1168 | fd_set readable; |
1169 | |
1170 | if (maxsock < 0) |
1171 | recalculate_maxsock(); |
1172 | |
1173 | readable = allsock; /* struct copy */ |
1174 | /* if there are no fds to wait on, we will block |
1175 | * until signal wakes us up (maxsock == 0, but readable |
1176 | * never contains fds 0 and 1...) */ |
1177 | ready_fd_cnt = select(maxsock + 1, &readable, NULL, NULL, NULL); |
1178 | if (ready_fd_cnt < 0) { |
1179 | if (errno != EINTR) { |
1180 | bb_perror_msg("select"); |
1181 | sleep(1); |
1182 | } |
1183 | continue; |
1184 | } |
1185 | |
1186 | for (sep = serv_list; ready_fd_cnt && sep; sep = sep->se_next) { |
1187 | if (sep->se_fd == -1 || !FD_ISSET(sep->se_fd, &readable)) |
1188 | continue; |
1189 | |
1190 | ready_fd_cnt--; |
1191 | ctrl = sep->se_fd; |
1192 | accepted_fd = -1; |
1193 | new_udp_fd = -1; |
1194 | if (!sep->se_wait) { |
1195 | if (sep->se_socktype == SOCK_STREAM) { |
1196 | ctrl = accepted_fd = accept(sep->se_fd, NULL, NULL); |
1197 | if (ctrl < 0) { |
1198 | if (errno != EINTR) |
1199 | bb_perror_msg("accept (for %s)", sep->se_service); |
1200 | continue; |
1201 | } |
1202 | } |
1203 | /* "nowait" udp */ |
1204 | if (sep->se_socktype == SOCK_DGRAM |
1205 | && sep->se_family != AF_UNIX |
1206 | ) { |
1207 | /* How udp "nowait" works: |
1208 | * child peeks at (received and buffered by kernel) UDP packet, |
1209 | * performs connect() on the socket so that it is linked only |
1210 | * to this peer. But this also affects parent, because descriptors |
1211 | * are shared after fork() a-la dup(). When parent performs |
1212 | * select(), it will see this descriptor connected to the peer (!) |
1213 | * and still readable, will act on it and mess things up |
1214 | * (can create many copies of same child, etc). |
1215 | * Parent must create and use new socket instead. */ |
1216 | new_udp_fd = socket(sep->se_family, SOCK_DGRAM, 0); |
1217 | if (new_udp_fd < 0) { /* error: eat packet, forget about it */ |
1218 | udp_err: |
1219 | recv(sep->se_fd, line, LINE_SIZE, MSG_DONTWAIT); |
1220 | continue; |
1221 | } |
1222 | setsockopt_reuseaddr(new_udp_fd); |
1223 | /* TODO: better do bind after vfork in parent, |
1224 | * so that we don't have two wildcard bound sockets |
1225 | * even for a brief moment? */ |
1226 | if (bind(new_udp_fd, &sep->se_lsa->u.sa, sep->se_lsa->len) < 0) { |
1227 | close(new_udp_fd); |
1228 | goto udp_err; |
1229 | } |
1230 | } |
1231 | } |
1232 | |
1233 | block_CHLD_HUP_ALRM(&omask); |
1234 | pid = 0; |
1235 | #ifdef INETD_BUILTINS_ENABLED |
1236 | /* do we need to fork? */ |
1237 | if (sep->se_builtin == NULL |
1238 | || (sep->se_socktype == SOCK_STREAM |
1239 | && sep->se_builtin->bi_fork)) |
1240 | #endif |
1241 | { |
1242 | if (sep->se_max != 0) { |
1243 | if (++sep->se_count == 1) |
1244 | sep->se_time = monotonic_sec(); |
1245 | else if (sep->se_count >= sep->se_max) { |
1246 | unsigned now = monotonic_sec(); |
1247 | /* did we accumulate se_max connects too quickly? */ |
1248 | if (now - sep->se_time <= CNT_INTERVAL) { |
1249 | bb_error_msg("%s/%s: too many connections, pausing", |
1250 | sep->se_service, sep->se_proto); |
1251 | remove_fd_from_set(sep->se_fd); |
1252 | close(sep->se_fd); |
1253 | sep->se_fd = -1; |
1254 | sep->se_count = 0; |
1255 | rearm_alarm(); /* will revive it in RETRYTIME sec */ |
1256 | restore_sigmask(&omask); |
1257 | maybe_close(accepted_fd); |
1258 | continue; /* -> check next fd in fd set */ |
1259 | } |
1260 | sep->se_count = 0; |
1261 | } |
1262 | } |
1263 | /* on NOMMU, streamed chargen |
1264 | * builtin wouldn't work, but it is |
1265 | * not allowed on NOMMU (ifdefed out) */ |
1266 | #ifdef INETD_BUILTINS_ENABLED |
1267 | if (BB_MMU && sep->se_builtin) |
1268 | pid = fork(); |
1269 | else |
1270 | #endif |
1271 | pid = vfork(); |
1272 | |
1273 | if (pid < 0) { /* fork error */ |
1274 | bb_perror_msg("vfork"+1); |
1275 | sleep(1); |
1276 | restore_sigmask(&omask); |
1277 | maybe_close(accepted_fd); |
1278 | continue; /* -> check next fd in fd set */ |
1279 | } |
1280 | if (pid == 0) |
1281 | pid--; /* -1: "we did fork and we are child" */ |
1282 | } |
1283 | /* if pid == 0 here, we never forked */ |
1284 | |
1285 | if (pid > 0) { /* parent */ |
1286 | if (sep->se_wait) { |
1287 | /* tcp wait: we passed listening socket to child, |
1288 | * will wait for child to terminate */ |
1289 | sep->se_wait = pid; |
1290 | remove_fd_from_set(sep->se_fd); |
1291 | } |
1292 | if (new_udp_fd >= 0) { |
1293 | /* udp nowait: child connected the socket, |
1294 | * we created and will use new, unconnected one */ |
1295 | xmove_fd(new_udp_fd, sep->se_fd); |
1296 | } |
1297 | restore_sigmask(&omask); |
1298 | maybe_close(accepted_fd); |
1299 | continue; /* -> check next fd in fd set */ |
1300 | } |
1301 | |
1302 | /* we are either child or didn't vfork at all */ |
1303 | #ifdef INETD_BUILTINS_ENABLED |
1304 | if (sep->se_builtin) { |
1305 | if (pid) { /* "pid" is -1: we did vfork */ |
1306 | close(sep->se_fd); /* listening socket */ |
1307 | logmode = LOGMODE_NONE; /* make xwrite etc silent */ |
1308 | } |
1309 | restore_sigmask(&omask); |
1310 | if (sep->se_socktype == SOCK_STREAM) |
1311 | sep->se_builtin->bi_stream_fn(ctrl, sep); |
1312 | else |
1313 | sep->se_builtin->bi_dgram_fn(ctrl, sep); |
1314 | if (pid) /* we did vfork */ |
1315 | _exit(EXIT_FAILURE); |
1316 | maybe_close(accepted_fd); |
1317 | continue; /* -> check next fd in fd set */ |
1318 | } |
1319 | #endif |
1320 | /* child */ |
1321 | setsid(); |
1322 | /* "nowait" udp */ |
1323 | if (new_udp_fd >= 0) { |
1324 | len_and_sockaddr *lsa = xzalloc_lsa(sep->se_family); |
1325 | /* peek at the packet and remember peer addr */ |
1326 | int r = recvfrom(ctrl, NULL, 0, MSG_PEEK|MSG_DONTWAIT, |
1327 | &lsa->u.sa, &lsa->len); |
1328 | if (r < 0) |
1329 | goto do_exit1; |
1330 | /* make this socket "connected" to peer addr: |
1331 | * only packets from this peer will be recv'ed, |
1332 | * and bare write()/send() will work on it */ |
1333 | connect(ctrl, &lsa->u.sa, lsa->len); |
1334 | free(lsa); |
1335 | } |
1336 | /* prepare env and exec program */ |
1337 | pwd = getpwnam(sep->se_user); |
1338 | if (pwd == NULL) { |
1339 | bb_error_msg("%s: no such %s", sep->se_user, "user"); |
1340 | goto do_exit1; |
1341 | } |
1342 | if (sep->se_group && (grp = getgrnam(sep->se_group)) == NULL) { |
1343 | bb_error_msg("%s: no such %s", sep->se_group, "group"); |
1344 | goto do_exit1; |
1345 | } |
1346 | if (real_uid != 0 && real_uid != pwd->pw_uid) { |
1347 | /* a user running private inetd */ |
1348 | bb_error_msg("non-root must run services as himself"); |
1349 | goto do_exit1; |
1350 | } |
1351 | if (pwd->pw_uid) { |
1352 | if (sep->se_group) |
1353 | pwd->pw_gid = grp->gr_gid; |
1354 | /* initgroups, setgid, setuid: */ |
1355 | change_identity(pwd); |
1356 | } else if (sep->se_group) { |
1357 | xsetgid(grp->gr_gid); |
1358 | setgroups(1, &grp->gr_gid); |
1359 | } |
1360 | if (rlim_ofile.rlim_cur != rlim_ofile_cur) |
1361 | if (setrlimit(RLIMIT_NOFILE, &rlim_ofile) < 0) |
1362 | bb_perror_msg("setrlimit"); |
1363 | |
1364 | /* closelog(); - WRONG. we are after vfork, |
1365 | * this may confuse syslog() internal state. |
1366 | * Let's hope libc sets syslog fd to CLOEXEC... |
1367 | */ |
1368 | xmove_fd(ctrl, STDIN_FILENO); |
1369 | xdup2(STDIN_FILENO, STDOUT_FILENO); |
1370 | /* manpages of inetd I managed to find either say |
1371 | * that stderr is also redirected to the network, |
1372 | * or do not talk about redirection at all (!) */ |
1373 | if (!sep->se_wait) /* only for usual "tcp nowait" */ |
1374 | xdup2(STDIN_FILENO, STDERR_FILENO); |
1375 | /* NB: among others, this loop closes listening sockets |
1376 | * for nowait stream children */ |
1377 | for (sep2 = serv_list; sep2; sep2 = sep2->se_next) |
1378 | if (sep2->se_fd != ctrl) |
1379 | maybe_close(sep2->se_fd); |
1380 | sigaction_set(SIGPIPE, &saved_pipe_handler); |
1381 | restore_sigmask(&omask); |
1382 | BB_EXECVP(sep->se_program, sep->se_argv); |
1383 | bb_perror_msg("can't execute '%s'", sep->se_program); |
1384 | do_exit1: |
1385 | /* eat packet in udp case */ |
1386 | if (sep->se_socktype != SOCK_STREAM) |
1387 | recv(0, line, LINE_SIZE, MSG_DONTWAIT); |
1388 | _exit(EXIT_FAILURE); |
1389 | } /* for (sep = servtab...) */ |
1390 | } /* for (;;) */ |
1391 | } |
1392 | |
1393 | #if !BB_MMU |
1394 | static const char *const cat_args[] = { "cat", NULL }; |
1395 | #endif |
1396 | |
1397 | /* |
1398 | * Internet services provided internally by inetd: |
1399 | */ |
1400 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_ECHO |
1401 | /* Echo service -- echo data back. */ |
1402 | /* ARGSUSED */ |
1403 | static void FAST_FUNC echo_stream(int s, servtab_t *sep UNUSED_PARAM) |
1404 | { |
1405 | #if BB_MMU |
1406 | while (1) { |
1407 | ssize_t sz = safe_read(s, line, LINE_SIZE); |
1408 | if (sz <= 0) |
1409 | break; |
1410 | xwrite(s, line, sz); |
1411 | } |
1412 | #else |
1413 | /* We are after vfork here! */ |
1414 | /* move network socket to stdin/stdout */ |
1415 | xmove_fd(s, STDIN_FILENO); |
1416 | xdup2(STDIN_FILENO, STDOUT_FILENO); |
1417 | /* no error messages please... */ |
1418 | close(STDERR_FILENO); |
1419 | xopen(bb_dev_null, O_WRONLY); |
1420 | BB_EXECVP("cat", (char**)cat_args); |
1421 | /* on failure we return to main, which does exit(EXIT_FAILURE) */ |
1422 | #endif |
1423 | } |
1424 | static void FAST_FUNC echo_dg(int s, servtab_t *sep) |
1425 | { |
1426 | enum { BUFSIZE = 12*1024 }; /* for jumbo sized packets! :) */ |
1427 | char *buf = xmalloc(BUFSIZE); /* too big for stack */ |
1428 | int sz; |
1429 | len_and_sockaddr *lsa = alloca(LSA_LEN_SIZE + sep->se_lsa->len); |
1430 | |
1431 | lsa->len = sep->se_lsa->len; |
1432 | /* dgram builtins are non-forking - DONT BLOCK! */ |
1433 | sz = recvfrom(s, buf, BUFSIZE, MSG_DONTWAIT, &lsa->u.sa, &lsa->len); |
1434 | if (sz > 0) |
1435 | sendto(s, buf, sz, 0, &lsa->u.sa, lsa->len); |
1436 | free(buf); |
1437 | } |
1438 | #endif /* FEATURE_INETD_SUPPORT_BUILTIN_ECHO */ |
1439 | |
1440 | |
1441 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD |
1442 | /* Discard service -- ignore data. */ |
1443 | /* ARGSUSED */ |
1444 | static void FAST_FUNC discard_stream(int s, servtab_t *sep UNUSED_PARAM) |
1445 | { |
1446 | #if BB_MMU |
1447 | while (safe_read(s, line, LINE_SIZE) > 0) |
1448 | continue; |
1449 | #else |
1450 | /* We are after vfork here! */ |
1451 | /* move network socket to stdin */ |
1452 | xmove_fd(s, STDIN_FILENO); |
1453 | /* discard output */ |
1454 | close(STDOUT_FILENO); |
1455 | xopen(bb_dev_null, O_WRONLY); |
1456 | /* no error messages please... */ |
1457 | xdup2(STDOUT_FILENO, STDERR_FILENO); |
1458 | BB_EXECVP("cat", (char**)cat_args); |
1459 | /* on failure we return to main, which does exit(EXIT_FAILURE) */ |
1460 | #endif |
1461 | } |
1462 | /* ARGSUSED */ |
1463 | static void FAST_FUNC discard_dg(int s, servtab_t *sep UNUSED_PARAM) |
1464 | { |
1465 | /* dgram builtins are non-forking - DONT BLOCK! */ |
1466 | recv(s, line, LINE_SIZE, MSG_DONTWAIT); |
1467 | } |
1468 | #endif /* FEATURE_INETD_SUPPORT_BUILTIN_DISCARD */ |
1469 | |
1470 | |
1471 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN |
1472 | #define LINESIZ 72 |
1473 | static void init_ring(void) |
1474 | { |
1475 | int i; |
1476 | |
1477 | end_ring = ring; |
1478 | for (i = ' '; i < 127; i++) |
1479 | *end_ring++ = i; |
1480 | } |
1481 | /* Character generator. MMU arches only. */ |
1482 | /* ARGSUSED */ |
1483 | static void FAST_FUNC chargen_stream(int s, servtab_t *sep UNUSED_PARAM) |
1484 | { |
1485 | char *rs; |
1486 | int len; |
1487 | char text[LINESIZ + 2]; |
1488 | |
1489 | if (!end_ring) { |
1490 | init_ring(); |
1491 | rs = ring; |
1492 | } |
1493 | |
1494 | text[LINESIZ] = '\r'; |
1495 | text[LINESIZ + 1] = '\n'; |
1496 | rs = ring; |
1497 | for (;;) { |
1498 | len = end_ring - rs; |
1499 | if (len >= LINESIZ) |
1500 | memmove(text, rs, LINESIZ); |
1501 | else { |
1502 | memmove(text, rs, len); |
1503 | memmove(text + len, ring, LINESIZ - len); |
1504 | } |
1505 | if (++rs == end_ring) |
1506 | rs = ring; |
1507 | xwrite(s, text, sizeof(text)); |
1508 | } |
1509 | } |
1510 | /* ARGSUSED */ |
1511 | static void FAST_FUNC chargen_dg(int s, servtab_t *sep) |
1512 | { |
1513 | int len; |
1514 | char text[LINESIZ + 2]; |
1515 | len_and_sockaddr *lsa = alloca(LSA_LEN_SIZE + sep->se_lsa->len); |
1516 | |
1517 | /* Eat UDP packet which started it all */ |
1518 | /* dgram builtins are non-forking - DONT BLOCK! */ |
1519 | lsa->len = sep->se_lsa->len; |
1520 | if (recvfrom(s, text, sizeof(text), MSG_DONTWAIT, &lsa->u.sa, &lsa->len) < 0) |
1521 | return; |
1522 | |
1523 | if (!end_ring) { |
1524 | init_ring(); |
1525 | ring_pos = ring; |
1526 | } |
1527 | |
1528 | len = end_ring - ring_pos; |
1529 | if (len >= LINESIZ) |
1530 | memmove(text, ring_pos, LINESIZ); |
1531 | else { |
1532 | memmove(text, ring_pos, len); |
1533 | memmove(text + len, ring, LINESIZ - len); |
1534 | } |
1535 | if (++ring_pos == end_ring) |
1536 | ring_pos = ring; |
1537 | text[LINESIZ] = '\r'; |
1538 | text[LINESIZ + 1] = '\n'; |
1539 | sendto(s, text, sizeof(text), 0, &lsa->u.sa, lsa->len); |
1540 | } |
1541 | #endif /* FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN */ |
1542 | |
1543 | |
1544 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_TIME |
1545 | /* |
1546 | * Return a machine readable date and time, in the form of the |
1547 | * number of seconds since midnight, Jan 1, 1900. Since gettimeofday |
1548 | * returns the number of seconds since midnight, Jan 1, 1970, |
1549 | * we must add 2208988800 seconds to this figure to make up for |
1550 | * some seventy years Bell Labs was asleep. |
1551 | */ |
1552 | static uint32_t machtime(void) |
1553 | { |
1554 | struct timeval tv; |
1555 | |
1556 | gettimeofday(&tv, NULL); |
1557 | return htonl((uint32_t)(tv.tv_sec + 2208988800)); |
1558 | } |
1559 | /* ARGSUSED */ |
1560 | static void FAST_FUNC machtime_stream(int s, servtab_t *sep UNUSED_PARAM) |
1561 | { |
1562 | uint32_t result; |
1563 | |
1564 | result = machtime(); |
1565 | full_write(s, &result, sizeof(result)); |
1566 | } |
1567 | static void FAST_FUNC machtime_dg(int s, servtab_t *sep) |
1568 | { |
1569 | uint32_t result; |
1570 | len_and_sockaddr *lsa = alloca(LSA_LEN_SIZE + sep->se_lsa->len); |
1571 | |
1572 | lsa->len = sep->se_lsa->len; |
1573 | if (recvfrom(s, line, LINE_SIZE, MSG_DONTWAIT, &lsa->u.sa, &lsa->len) < 0) |
1574 | return; |
1575 | |
1576 | result = machtime(); |
1577 | sendto(s, &result, sizeof(result), 0, &lsa->u.sa, lsa->len); |
1578 | } |
1579 | #endif /* FEATURE_INETD_SUPPORT_BUILTIN_TIME */ |
1580 | |
1581 | |
1582 | #if ENABLE_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME |
1583 | /* Return human-readable time of day */ |
1584 | /* ARGSUSED */ |
1585 | static void FAST_FUNC daytime_stream(int s, servtab_t *sep UNUSED_PARAM) |
1586 | { |
1587 | time_t t; |
1588 | |
1589 | t = time(NULL); |
1590 | fdprintf(s, "%.24s\r\n", ctime(&t)); |
1591 | } |
1592 | static void FAST_FUNC daytime_dg(int s, servtab_t *sep) |
1593 | { |
1594 | time_t t; |
1595 | len_and_sockaddr *lsa = alloca(LSA_LEN_SIZE + sep->se_lsa->len); |
1596 | |
1597 | lsa->len = sep->se_lsa->len; |
1598 | if (recvfrom(s, line, LINE_SIZE, MSG_DONTWAIT, &lsa->u.sa, &lsa->len) < 0) |
1599 | return; |
1600 | |
1601 | t = time(NULL); |
1602 | sprintf(line, "%.24s\r\n", ctime(&t)); |
1603 | sendto(s, line, strlen(line), 0, &lsa->u.sa, lsa->len); |
1604 | } |
1605 | #endif /* FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME */ |