2
* (c) Copyright 1992 by Panagiotis Tsirigotis
3
* (c) Sections Copyright 1998-2001 by Rob Braun
4
* All rights reserved. The file named COPYRIGHT specifies the terms
5
* and conditions for redistribution.
10
#include <sys/socket.h>
11
#include <netinet/in.h>
15
#include <netinet/tcp.h>
21
#include <netinet/in.h>
23
#ifdef HAVE_DNSREGISTRATION
24
#include <DNSServiceDiscovery/DNSServiceDiscovery.h>
27
#ifdef HAVE_RPC_PMAP_CLNT_H
29
#include <rpc/types.h>
32
#include <rpc/types.h>
36
#include <rpc/pmap_clnt.h>
41
#ifdef HAVE_SYS_FILE_H
56
#define NEW_SVC() NEW( struct service )
57
#define FREE_SVC( sp ) FREE( sp )
59
#define DISABLE( sp ) SVC_STATE((sp)) = SVC_DISABLED
61
static void deactivate( const struct service *sp );
62
static int banner_always( const struct service *sp, const connection_s *cp );
64
static const struct name_value service_states[] =
66
{ "Not started", (int) SVC_NOT_STARTED },
67
{ "Active", (int) SVC_ACTIVE },
68
{ "Disabled", (int) SVC_DISABLED },
69
{ "Suspended", (int) SVC_SUSPENDED },
77
* Allocate a new struct service and initialize it from scp
79
struct service *svc_new( struct service_config *scp )
82
const char *func = "svc_new" ;
87
out_of_memory( func ) ;
97
struct service *svc_make_special( struct service_config *scp )
100
const char *func = "svc_make_special" ;
102
if ( ( sp = svc_new( scp ) ) == NULL )
104
out_of_memory( func ) ;
108
SVC_NOT_GENERIC(sp) = 1 ;
109
SVC_LOG(sp) = ps.rws.program_log ;
110
SVC_REFCOUNT(sp) = 1 ;
111
SVC_STATE(sp) = SVC_ACTIVE ;
116
void svc_free( struct service *sp )
118
sc_free( SVC_CONF(sp) ) ;
124
static status_e set_fd_modes( struct service *sp )
126
int sd = SVC_FD( sp ) ;
127
const char *func = "set_fd_modes" ;
130
* There is a possibility of blocking on a send/write if
132
* the service does not require forking (==> is internal) AND
133
* it does not accept connections
135
* To avoid this, we put the descriptor in FNDELAY mode.
136
* (if the service accepts connections, we still need to put the
137
* 'accepted' connection in FNDELAY mode but this is done elsewhere)
139
if ( ! SVC_FORKS( sp ) && ! SVC_ACCEPTS_CONNECTIONS( sp ) &&
140
fcntl( sd, F_SETFL, FNDELAY ) == -1 )
143
"fcntl failed (%m) for FNDELAY. service = %s", SVC_ID( sp ) ) ;
148
* Always set the close-on-exec flag
150
if ( fcntl( sd, F_SETFD, FD_CLOEXEC ) == -1 )
153
"fcntl failed (%m) for close-on-exec. service = %s", SVC_ID( sp ) ) ;
162
static status_e activate_rpc( struct service *sp )
164
union xsockaddr tsin;
165
unsigned int sin_len = sizeof(tsin);
167
struct service_config *scp = SVC_CONF( sp ) ;
168
struct rpc_data *rdp = SC_RPCDATA( scp ) ;
169
char *sid = SC_ID( scp ) ;
170
unsigned registered_versions = 0 ;
171
int sd = SVC_FD( sp ) ;
172
const char *func = "activate_rpc" ;
174
if( SC_BIND_ADDR(scp) != 0 )
175
memcpy( &tsin, SC_BIND_ADDR(scp), sizeof(tsin) );
177
memset( &tsin, 0, sizeof(tsin));
179
if( SC_IPV4( scp ) ) {
180
tsin.sa_in.sin_family = AF_INET ;
181
sin_len = sizeof(struct sockaddr_in);
182
} else if( SC_IPV6( scp ) ) {
183
tsin.sa_in6.sin6_family = AF_INET6 ;
184
sin_len = sizeof(struct sockaddr_in6);
187
if ( bind( sd, &tsin.sa, sin_len ) == -1 )
189
msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
194
* Find the port number that was assigned to the socket
196
if ( getsockname( sd, &tsin.sa, &sin_len ) == -1 )
199
"getsockname failed (%m). service = %s", sid ) ;
203
if( tsin.sa.sa_family == AF_INET )
204
SC_SET_PORT( scp, ntohs( tsin.sa_in.sin_port ) ) ;
205
else if( tsin.sa.sa_family == AF_INET6 )
206
SC_SET_PORT( scp, ntohs( tsin.sa_in6.sin6_port ) ) ;
209
* Try to register as many versions as possible
211
for ( vers = RD_MINVERS( rdp ) ; vers <= RD_MAXVERS( rdp ) ; vers++ ) {
212
/* Is this right? For instance, if we have both tcp and udp services,
213
* this will unregister the previously registered protocol.
214
* pmap_unset(RD_PROGNUM(rdp), vers);
216
if ( pmap_set( RD_PROGNUM( rdp ), vers, SC_PROTOVAL( scp ),
218
registered_versions++ ;
221
"pmap_set failed. service=%s program=%ld version=%ld",
222
sid, RD_PROGNUM( rdp ), vers ) ;
227
msg( LOG_DEBUG, func,
228
"Registered %d versions of %s", registered_versions, sid ) ;
230
return( ( registered_versions == 0 ) ? FAILED : OK ) ;
233
#endif /* ! NO_RPC */
235
#ifdef HAVE_DNSREGISTRATION
236
static void mdns_callback(DNSServiceRegistrationReplyErrorType err, void *d)
242
static status_e activate_normal( struct service *sp )
244
union xsockaddr tsin;
245
int sd = SVC_FD( sp ) ;
246
struct service_config *scp = SVC_CONF( sp ) ;
247
uint16_t service_port = SC_PORT( scp ) ;
248
char *sid = SC_ID( scp ) ;
249
const char *func = "activate_normal" ;
250
unsigned int sin_len = sizeof(tsin);
256
if( SC_BIND_ADDR(scp) != NULL )
257
memcpy(&tsin, SC_BIND_ADDR(scp), sin_len);
259
memset(&tsin, 0, sin_len);
261
if( SC_IPV4( scp ) ) {
262
tsin.sa_in.sin_family = AF_INET ;
263
tsin.sa_in.sin_port = htons( service_port ) ;
264
sin_len = sizeof(struct sockaddr_in);
265
} else if( SC_IPV6( scp ) ) {
266
tsin.sa_in6.sin6_family = AF_INET6;
267
tsin.sa_in6.sin6_port = htons( service_port );
268
sin_len = sizeof(struct sockaddr_in6);
273
if( SC_SPECIFIED(scp, A_V6ONLY) ) {
278
if( setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&v6on, sizeof(v6on)) < 0 ) {
279
msg( LOG_ERR, func, "Setting IPV6_V6ONLY option failed (%m)" );
284
if ( setsockopt( sd, SOL_SOCKET, SO_REUSEADDR,
285
(char *) &on, sizeof( on ) ) == -1 )
286
msg( LOG_WARNING, func,
287
"setsockopt SO_REUSEADDR failed (%m). service = %s", sid ) ;
289
if( SC_NODELAY( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
291
if ( setsockopt( sd, IPPROTO_TCP, TCP_NODELAY,
292
(char *) &on, sizeof( on ) ) == -1 )
293
msg( LOG_WARNING, func,
294
"setsockopt TCP_NODELAY failed (%m). service = %s", sid ) ;
297
if( SC_KEEPALIVE( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
299
if( setsockopt(sd, SOL_SOCKET, SO_KEEPALIVE,
300
(char *)&on, sizeof( on ) ) < 0 )
301
msg( LOG_WARNING, func,
302
"setsockopt SO_KEEPALIVE failed (%m). service = %s", sid ) ;
305
if ( bind( sd, &tsin.sa, sin_len ) == -1 )
307
msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
316
* Activate a service.
318
status_e svc_activate( struct service *sp )
320
struct service_config *scp = SVC_CONF( sp ) ;
322
const char *func = "svc_activate" ;
324
/* No activation for MUXCLIENTS.
327
if (SC_IS_MUXCLIENT( scp ))
332
if( SC_IPV4( scp ) ) {
333
SVC_FD(sp) = socket( AF_INET,
334
SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
335
} else if( SC_IPV6( scp ) ) {
336
SVC_FD(sp) = socket( AF_INET6,
337
SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
340
if ( SVC_FD(sp) == -1 )
343
"socket creation failed (%m). service = %s", SC_ID( scp ) ) ;
347
if ( set_fd_modes( sp ) == FAILED )
349
(void) Sclose( SVC_FD(sp) ) ;
354
if ( SC_IS_RPC( scp ) )
355
status = activate_rpc( sp ) ;
357
#endif /* ! NO_RPC */
358
status = activate_normal( sp ) ;
360
if ( status == FAILED )
362
(void) Sclose( SVC_FD(sp) ) ;
366
#ifdef HAVE_DNSREGISTRATION
367
if ( SC_MDNS(scp) == YES )
369
if( SC_MDNSCON( SVC_CONF(sp) ) )
370
DNSServiceDiscoveryDeallocate( SC_MDNSCON(SVC_CONF(sp)) );
371
if( SC_MDNS_NAME(scp) )
372
free(SC_MDNS_NAME(scp));
373
if( asprintf(&SC_MDNS_NAME(scp), "_%s._%s", SC_NAME(scp), SC_PROTONAME(scp)) < 0 )
379
SC_MDNSCON(scp) = DNSServiceRegistrationCreate("", SC_MDNS_NAME(scp), "",
380
htons(SC_PORT(scp)), "", mdns_callback, NULL);
384
if ( log_start( sp, &SVC_LOG(sp) ) == FAILED )
391
* Initialize the service data
393
SVC_RUNNING_SERVERS(sp) = SVC_RETRIES(sp) = 0 ;
395
if ( SC_MUST_LISTEN( scp ) )
396
(void) listen( SVC_FD(sp), LISTEN_BACKLOG ) ;
398
ps.rws.descriptors_free-- ;
400
SVC_STATE(sp) = SVC_ACTIVE ;
402
FD_SET( SVC_FD(sp), &ps.rws.socket_mask ) ;
403
if ( SVC_FD(sp) > ps.rws.mask_max )
404
ps.rws.mask_max = SVC_FD(sp) ;
406
ps.rws.active_services++ ;
407
ps.rws.available_services++ ;
413
static void deactivate( const struct service *sp )
415
(void) Sclose( SVC_FD( sp ) ) ;
417
#ifdef HAVE_DNSREGISTRATION
418
if( SC_MDNSCON( SVC_CONF(sp) ) )
419
DNSServiceDiscoveryDeallocate( SC_MDNSCON(SVC_CONF(sp)) );
423
msg(LOG_DEBUG, "deactivate", "%d Service %s deactivated",
424
getpid(), SC_NAME( SVC_CONF(sp) ) );
427
if ( SC_IS_RPC( SVC_CONF( sp ) ) )
430
const struct rpc_data *rdp = SC_RPCDATA( SVC_CONF( sp ) ) ;
432
for ( vers = RD_MINVERS( rdp ) ; vers <= RD_MAXVERS( rdp ) ; vers++ ) {
433
(void) pmap_unset( RD_PROGNUM( rdp ), vers ) ;
436
#endif /* ! NO_RPC */
441
* Close the service descriptor.
442
* If this is an RPC service, deregister it.
445
void svc_deactivate( struct service *sp )
447
if ( ! SVC_IS_AVAILABLE( sp ) )
451
ps.rws.descriptors_free++ ;
453
if ( SVC_IS_ACTIVE( sp ) )
455
FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
456
ps.rws.active_services-- ;
459
ps.rws.available_services-- ;
468
void svc_suspend( struct service *sp )
470
const char *func = "svc_suspend" ;
472
if ( ! SVC_IS_ACTIVE( sp ) )
474
msg( LOG_ERR, func, "service %s is not active", SVC_ID( sp ) ) ;
478
FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
479
ps.rws.active_services-- ;
481
msg( LOG_DEBUG, func, "Suspended service %s", SVC_ID( sp ) ) ;
488
* Resume a suspended service.
490
void svc_resume( struct service *sp )
492
const char *func = "svc_resume" ;
494
FD_SET( SVC_FD( sp ), &ps.rws.socket_mask ) ;
495
ps.rws.active_services++ ;
497
msg( LOG_DEBUG, func, "Resumed service %s", SVC_ID( sp ) ) ;
504
* 1. Deactivate the service
505
* 2. Free all memory used by the service and free the service itself
507
* Since this function may free all memory associated with the service as
508
* well as the memory pointed by sp, only the value of sp should be used
509
* after this call if the return value is 0 (i.e. no dereferencing of sp).
511
* Special services are never deactivated.
513
int svc_release( struct service *sp )
515
char *sid = SVC_ID( sp ) ;
516
const char *func = "svc_release" ;
518
if ( SVC_REFCOUNT(sp) == 0 )
520
msg( LOG_ERR, func, "%s: svc_release with 0 count", sid ) ;
525
if ( SVC_REFCOUNT(sp) == 0 )
528
msg( LOG_DEBUG, func, "ref count of service %s dropped to 0", sid ) ;
529
if ( ! SC_IS_SPECIAL( SVC_CONF( sp ) ) )
532
log_end( SC_LOG( SVC_CONF( sp ) ), SVC_LOG(sp) ) ;
533
svc_deactivate( sp ) ;
537
else /* this shouldn't happen */
538
msg( LOG_WARNING, func,
539
"ref count of special service %s dropped to 0", sid ) ;
543
return( SVC_REFCOUNT(sp) ) ;
547
void svc_dump( const struct service *sp, int fd )
549
tabprint( fd, 0, "Service = %s\n", SC_NAME( SVC_CONF( sp ) ) ) ;
550
tabprint( fd, 1, "State = %s\n",
551
nv_get_name( service_states, (int) SVC_STATE(sp) ) ) ;
553
sc_dump( SVC_CONF( sp ), fd, 1, FALSE ) ;
555
if ( SVC_IS_ACTIVE(sp) )
557
tabprint( fd, 1, "running servers = %d\n", SVC_RUNNING_SERVERS(sp) ) ;
558
tabprint( fd, 1, "retry servers = %d\n", SVC_RETRIES(sp) ) ;
559
tabprint( fd, 1, "attempts = %d\n", SVC_ATTEMPTS(sp) ) ;
560
tabprint( fd, 1, "service fd = %d\n", SVC_FD(sp) ) ;
562
Sputchar( fd, '\n' ) ;
566
void svc_request( struct service *sp )
571
cp = conn_new( sp ) ;
572
if ( cp == CONN_NULL )
576
* Output the banner now that the connection is established. The
577
* other banners come later.
579
banner_always(sp, cp);
581
if (SVC_NOT_GENERIC(sp))
582
ret_code = spec_service_handler(sp, cp);
584
ret_code = svc_generic_handler(sp, cp);
586
if( (SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM) && (SVC_IS_ACTIVE( sp )) )
587
drain( cp->co_descriptor ) ; /* Prevents looping next time */
589
if ( ret_code != OK )
591
if ( SVC_LOGS_USERID_ON_FAILURE( sp ) ) {
592
if( spec_service_handler( LOG_SERVICE( ps ), cp ) == FAILED )
594
else if (!SC_WAITS( SVC_CONF( sp ) ) ) {
595
/* The logging service will gen SIGCHLD thus freeing connection */
600
if (!SC_WAITS( SVC_CONF( sp ) ))
603
if( (SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM) && (SVC_IS_ACTIVE( sp )) )
604
drain( cp->co_descriptor ) ; /* Prevents looping next time */
608
else if ((SVC_NOT_GENERIC(sp)) || (!SC_FORKS( SVC_CONF( sp ) ) ) )
613
status_e svc_generic_handler( struct service *sp, connection_s *cp )
615
if ( svc_parent_access_control( sp, cp ) == OK ) {
616
return( server_run( sp, cp ) ) ;
623
/* Print the banner that is supposed to always be printed */
624
static int banner_always( const struct service *sp, const connection_s *cp )
626
const char *func = "banner_always";
627
const struct service_config *scp = SVC_CONF( sp ) ;
629
/* print the banner regardless of access control */
630
if ( SC_BANNER(scp) != NULL ) {
631
char tmpbuf[TMPSIZE];
633
int bannerfd = open(SC_BANNER(scp), O_RDONLY);
636
msg( LOG_ERR, func, "service = %s, open of banner %s failed",
637
SVC_ID( sp ), SC_BANNER(scp));
641
while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
648
msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
649
SVC_ID( sp ), SC_BANNER(scp));
653
Swrite(cp->co_descriptor, tmpbuf, retval);
662
static int banner_fail( const struct service *sp, const connection_s *cp )
664
const char *func = "banner_fail";
665
const struct service_config *scp = SVC_CONF( sp ) ;
668
if ( SC_BANNER_FAIL(scp) != NULL )
670
char tmpbuf[TMPSIZE];
672
int bannerfd = open(SC_BANNER_FAIL(scp), O_RDONLY);
676
msg( LOG_ERR, func, "service = %s, open of banner %s failed",
677
SVC_ID( sp ), SC_BANNER_FAIL(scp));
681
while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
688
msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
689
SVC_ID( sp ), SC_BANNER(scp));
693
Swrite(cp->co_descriptor, tmpbuf, retval);
702
static int banner_success( const struct service *sp, const connection_s *cp )
704
const char *func = "banner_success";
705
const struct service_config *scp = SVC_CONF( sp ) ;
707
/* print the access granted banner */
708
if ( SC_BANNER_SUCCESS(scp) != NULL ) {
709
char tmpbuf[TMPSIZE];
711
int bannerfd = open(SC_BANNER_SUCCESS(scp), O_RDONLY);
714
msg( LOG_ERR, func, "service = %s, open of banner %s failed",
715
SVC_ID( sp ), SC_BANNER_SUCCESS(scp));
719
while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
726
msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
727
SVC_ID( sp ), SC_BANNER(scp));
731
Swrite(cp->co_descriptor, tmpbuf, retval);
739
static status_e failed_service(struct service *sp,
743
struct service_config *scp = SVC_CONF( sp ) ;
745
if ( result != AC_OK )
747
bool_int report_failure = TRUE ;
750
* Try to avoid reporting multiple times a failed attempt to access
751
* a datagram-based service from a bad address. We do this because
752
* the clients of such services usually send multiple datagrams
753
* before reporting a timeout (we have no way of telling them that
754
* their request has been denied).
756
if ( result == AC_ADDRESS && SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM )
758
if( SC_IPV4( scp ) ) {
759
struct sockaddr_in *sinp = SAIN(CONN_ADDRESS( cp )) ;
760
struct sockaddr_in *last = SAIN(SVC_LAST_DGRAM_ADDR(sp)) ;
761
time_t current_time ;
766
if ( last == NULL ) {
767
last = SAIN( SVC_LAST_DGRAM_ADDR(sp) ) =
768
SAIN( calloc( 1, sizeof(union xsockaddr) ) );
771
(void) time( ¤t_time ) ;
772
if ( sinp->sin_addr.s_addr == last->sin_addr.s_addr &&
773
sinp->sin_port == last->sin_port )
775
if( current_time - SVC_LAST_DGRAM_TIME(sp) <= DGRAM_IGNORE_TIME )
776
report_failure = FALSE ;
778
SVC_LAST_DGRAM_TIME(sp) = current_time ;
782
memcpy(SVC_LAST_DGRAM_ADDR(sp), sinp,sizeof(struct sockaddr_in));
783
SVC_LAST_DGRAM_TIME(sp) = current_time ;
785
} else if( SC_IPV6( scp ) ) {
786
struct sockaddr_in6 *sinp = SAIN6(CONN_ADDRESS( cp )) ;
787
struct sockaddr_in6 *last = SAIN6(SVC_LAST_DGRAM_ADDR(sp)) ;
788
time_t current_time ;
794
last = SAIN6(SVC_LAST_DGRAM_ADDR(sp)) =
795
SAIN6(calloc( 1, sizeof(union xsockaddr) ) );
798
(void) time( ¤t_time ) ;
799
if ( IN6_ARE_ADDR_EQUAL(&(sinp->sin6_addr), &(last->sin6_addr)) &&
800
sinp->sin6_port == last->sin6_port )
802
if((current_time - SVC_LAST_DGRAM_TIME(sp)) <= DGRAM_IGNORE_TIME)
803
report_failure = FALSE ;
805
SVC_LAST_DGRAM_TIME(sp) = current_time ;
809
memcpy(SVC_LAST_DGRAM_ADDR(sp),sinp,sizeof(struct sockaddr_in6));
810
SVC_LAST_DGRAM_TIME(sp) = current_time ;
815
if ( report_failure )
816
svc_log_failure( sp, cp, result ) ;
826
/* Do the "light weight" access control here */
827
status_e svc_parent_access_control( struct service *sp, connection_s *cp )
831
result = parent_access_control( sp, cp );
832
if( failed_service(sp, cp, result) == FAILED )
838
status_e svc_child_access_control( struct service *sp, connection_s *cp )
842
result = access_control( sp, cp, MASK_NULL ) ;
843
if( failed_service(sp, cp, result) == FAILED )
846
banner_success(sp, cp);
852
* Invoked when a server of the specified service dies
854
void svc_postmortem( struct service *sp, struct server *serp )
856
struct service *co_sp = SERVER_CONNSERVICE( serp ) ;
857
connection_s *cp = SERVER_CONNECTION( serp ) ;
858
const char *func = "svc_postmortem" ;
860
SVC_DEC_RUNNING_SERVERS( sp ) ;
863
* Log information about the server that died
865
if ( SVC_IS_LOGGING( sp ) )
867
if ( SERVER_WRITES_TO_LOG(serp) )
870
msg( LOG_DEBUG, func,
871
"Checking log size of %s service", SVC_ID( sp ) ) ;
872
xlog_control( SVC_LOG( sp ), XLOG_SIZECHECK ) ;
874
svc_log_exit( sp, serp ) ;
878
* Now check if we have to check the log size of the service that owns
881
if ( co_sp != sp && SVC_IS_LOGGING( co_sp ) )
882
xlog_control( SVC_LOG( co_sp ), XLOG_SIZECHECK ) ;
884
if (!SVC_WAITS(sp)) {
889
if ( SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM )
890
drain( cp->co_descriptor ) ;
900
* This function closes all service descriptors. This should be called
901
* for all child processes that fork, but do not exec. This includes
902
* redirect, builtins, and tcpmux. The close on exec flag takes care of
903
* child processes that call exec. Without calling this, the listening
904
* fd's are not closed and reconfig will fail.
906
void close_all_svc_descriptors(void)
909
struct service *osp ;
911
/* Have to close all other descriptors here */
912
iter = psi_create( SERVICES( ps ) ) ;
914
out_of_memory( "close_all_svc_descriptors" ) ;
916
for ( osp = SP( psi_start( iter ) ) ; osp ; osp = SP( psi_next( iter ) ) )
917
(void) Sclose( SVC_FD( osp ) ) ;
919
psi_destroy( iter ) ;