« back to all changes in this revision
Viewing changes to xinetd/service.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): Thomas Seyrat
- Date: 2004-04-18 13:33:57 UTC
- Revision ID: james.westby@ubuntu.com-20040418133357-czeqeju37433xvdd
Tags: upstream-2.3.13
ImportĀ upstreamĀ versionĀ 2.3.13
- files added:
- contrib
- contrib/xinetd.d
- libs
- libs/include
- libs/lib
- libs/man
- libs/src
- libs/src/misc
- libs/src/portable
- libs/src/pset
- libs/src/sio
- libs/src/str
- libs/src/xlog
- xinetd
added
removed
xinetd/service.c
1
/*
2
* (c) Copyright 1992 by Panagiotis Tsirigotis
3
* (c) Sections Copyright 1998-2001 by Rob Braun
4
* All rights reserved. The file named COPYRIGHT specifies the terms
5
* and conditions for redistribution.
6
*/
7
8
#include "config.h"
9
#include <sys/types.h>
10
#include <sys/socket.h>
11
#include <netinet/in.h>
12
#include <netdb.h>
13
#include <syslog.h>
14
#include <fcntl.h>
15
#include <netinet/tcp.h>
16
#include <stdlib.h>
17
#include <unistd.h>
18
#include <signal.h>
19
#include <time.h>
20
#include <errno.h>
21
#include <netinet/in.h>
22
#include <stdio.h>
23
#ifdef HAVE_DNSREGISTRATION
24
#include <DNSServiceDiscovery/DNSServiceDiscovery.h>
25
#endif
26
#ifndef NO_RPC
27
#ifdef HAVE_RPC_PMAP_CLNT_H
28
#ifdef __sun
29
#include <rpc/types.h>
30
#include <rpc/auth.h>
31
#endif
32
#include <rpc/types.h>
33
#include <rpc/xdr.h>
34
#include <rpc/auth.h>
35
#include <rpc/clnt.h>
36
#include <rpc/pmap_clnt.h>
37
#endif
38
#include <rpc/rpc.h>
39
#endif
40
41
#ifdef HAVE_SYS_FILE_H
42
#include <sys/file.h>
43
#endif
44
45
#include "sio.h"
46
#include "service.h"
47
#include "util.h"
48
#include "main.h"
49
#include "sconf.h"
50
#include "msg.h"
51
#include "logctl.h"
52
#include "xconfig.h"
53
#include "special.h"
54
55
56
#define NEW_SVC() NEW( struct service )
57
#define FREE_SVC( sp ) FREE( sp )
58
59
#define DISABLE( sp ) SVC_STATE((sp)) = SVC_DISABLED
60
61
static void deactivate( const struct service *sp );
62
static int banner_always( const struct service *sp, const connection_s *cp );
63
64
static const struct name_value service_states[] =
65
{
66
{ "Not started", (int) SVC_NOT_STARTED },
67
{ "Active", (int) SVC_ACTIVE },
68
{ "Disabled", (int) SVC_DISABLED },
69
{ "Suspended", (int) SVC_SUSPENDED },
70
{ NULL, 1 },
71
{ "BAD STATE", 0 }
72
} ;
73
74
75
76
/*
77
* Allocate a new struct service and initialize it from scp
78
*/
79
struct service *svc_new( struct service_config *scp )
80
{
81
struct service *sp ;
82
const char *func = "svc_new" ;
83
84
sp = NEW_SVC() ;
85
if ( sp == NULL )
86
{
87
out_of_memory( func ) ;
88
return( NULL ) ;
89
}
90
CLEAR( *sp ) ;
91
92
SVC_CONF(sp) = scp ;
93
return( sp ) ;
94
}
95
96
97
struct service *svc_make_special( struct service_config *scp )
98
{
99
struct service *sp ;
100
const char *func = "svc_make_special" ;
101
102
if ( ( sp = svc_new( scp ) ) == NULL )
103
{
104
out_of_memory( func ) ;
105
return( NULL ) ;
106
}
107
108
SVC_NOT_GENERIC(sp) = 1 ;
109
SVC_LOG(sp) = ps.rws.program_log ;
110
SVC_REFCOUNT(sp) = 1 ;
111
SVC_STATE(sp) = SVC_ACTIVE ;
112
return( sp ) ;
113
}
114
115
116
void svc_free( struct service *sp )
117
{
118
sc_free( SVC_CONF(sp) ) ;
119
CLEAR( *sp ) ;
120
FREE_SVC( sp ) ;
121
}
122
123
124
static status_e set_fd_modes( struct service *sp )
125
{
126
int sd = SVC_FD( sp ) ;
127
const char *func = "set_fd_modes" ;
128
129
/*
130
* There is a possibility of blocking on a send/write if
131
*
132
* the service does not require forking (==> is internal) AND
133
* it does not accept connections
134
*
135
* To avoid this, we put the descriptor in FNDELAY mode.
136
* (if the service accepts connections, we still need to put the
137
* 'accepted' connection in FNDELAY mode but this is done elsewhere)
138
*/
139
if ( ! SVC_FORKS( sp ) && ! SVC_ACCEPTS_CONNECTIONS( sp ) &&
140
fcntl( sd, F_SETFL, FNDELAY ) == -1 )
141
{
142
msg( LOG_ERR, func,
143
"fcntl failed (%m) for FNDELAY. service = %s", SVC_ID( sp ) ) ;
144
return( FAILED ) ;
145
}
146
147
/*
148
* Always set the close-on-exec flag
149
*/
150
if ( fcntl( sd, F_SETFD, FD_CLOEXEC ) == -1 )
151
{
152
msg( LOG_ERR, func,
153
"fcntl failed (%m) for close-on-exec. service = %s", SVC_ID( sp ) ) ;
154
return( FAILED ) ;
155
}
156
return( OK ) ;
157
}
158
159
160
#ifndef NO_RPC
161
162
static status_e activate_rpc( struct service *sp )
163
{
164
union xsockaddr tsin;
165
unsigned int sin_len = sizeof(tsin);
166
unsigned long vers ;
167
struct service_config *scp = SVC_CONF( sp ) ;
168
struct rpc_data *rdp = SC_RPCDATA( scp ) ;
169
char *sid = SC_ID( scp ) ;
170
unsigned registered_versions = 0 ;
171
int sd = SVC_FD( sp ) ;
172
const char *func = "activate_rpc" ;
173
174
if( SC_BIND_ADDR(scp) != 0 )
175
memcpy( &tsin, SC_BIND_ADDR(scp), sizeof(tsin) );
176
else
177
memset( &tsin, 0, sizeof(tsin));
178
179
if( SC_IPV4( scp ) ) {
180
tsin.sa_in.sin_family = AF_INET ;
181
sin_len = sizeof(struct sockaddr_in);
182
} else if( SC_IPV6( scp ) ) {
183
tsin.sa_in6.sin6_family = AF_INET6 ;
184
sin_len = sizeof(struct sockaddr_in6);
185
}
186
187
if ( bind( sd, &tsin.sa, sin_len ) == -1 )
188
{
189
msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
190
return( FAILED ) ;
191
}
192
193
/*
194
* Find the port number that was assigned to the socket
195
*/
196
if ( getsockname( sd, &tsin.sa, &sin_len ) == -1 )
197
{
198
msg( LOG_ERR, func,
199
"getsockname failed (%m). service = %s", sid ) ;
200
return( FAILED ) ;
201
}
202
203
if( tsin.sa.sa_family == AF_INET )
204
SC_SET_PORT( scp, ntohs( tsin.sa_in.sin_port ) ) ;
205
else if( tsin.sa.sa_family == AF_INET6 )
206
SC_SET_PORT( scp, ntohs( tsin.sa_in6.sin6_port ) ) ;
207
208
/*
209
* Try to register as many versions as possible
210
*/
211
for ( vers = RD_MINVERS( rdp ) ; vers <= RD_MAXVERS( rdp ) ; vers++ ) {
212
/* Is this right? For instance, if we have both tcp and udp services,
213
* this will unregister the previously registered protocol.
214
* pmap_unset(RD_PROGNUM(rdp), vers);
215
*/
216
if ( pmap_set( RD_PROGNUM( rdp ), vers, SC_PROTOVAL( scp ),
217
SC_PORT( scp ) ) )
218
registered_versions++ ;
219
else
220
msg( LOG_ERR, func,
221
"pmap_set failed. service=%s program=%ld version=%ld",
222
sid, RD_PROGNUM( rdp ), vers ) ;
223
sleep(1);
224
}
225
226
if ( debug.on )
227
msg( LOG_DEBUG, func,
228
"Registered %d versions of %s", registered_versions, sid ) ;
229
230
return( ( registered_versions == 0 ) ? FAILED : OK ) ;
231
}
232
233
#endif /* ! NO_RPC */
234
235
#ifdef HAVE_DNSREGISTRATION
236
static void mdns_callback(DNSServiceRegistrationReplyErrorType err, void *d)
237
{
238
return;
239
}
240
#endif
241
242
static status_e activate_normal( struct service *sp )
243
{
244
union xsockaddr tsin;
245
int sd = SVC_FD( sp ) ;
246
struct service_config *scp = SVC_CONF( sp ) ;
247
uint16_t service_port = SC_PORT( scp ) ;
248
char *sid = SC_ID( scp ) ;
249
const char *func = "activate_normal" ;
250
unsigned int sin_len = sizeof(tsin);
251
int on = 1;
252
#ifdef IPV6_V6ONLY
253
int v6on = 0;
254
#endif
255
256
if( SC_BIND_ADDR(scp) != NULL )
257
memcpy(&tsin, SC_BIND_ADDR(scp), sin_len);
258
else
259
memset(&tsin, 0, sin_len);
260
261
if( SC_IPV4( scp ) ) {
262
tsin.sa_in.sin_family = AF_INET ;
263
tsin.sa_in.sin_port = htons( service_port ) ;
264
sin_len = sizeof(struct sockaddr_in);
265
} else if( SC_IPV6( scp ) ) {
266
tsin.sa_in6.sin6_family = AF_INET6;
267
tsin.sa_in6.sin6_port = htons( service_port );
268
sin_len = sizeof(struct sockaddr_in6);
269
}
270
271
#ifdef IPV6_V6ONLY
272
if( SC_IPV6(scp) ) {
273
if( SC_SPECIFIED(scp, A_V6ONLY) ) {
274
v6on = 1;
275
} else {
276
v6on = 0;
277
}
278
if( setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&v6on, sizeof(v6on)) < 0 ) {
279
msg( LOG_ERR, func, "Setting IPV6_V6ONLY option failed (%m)" );
280
}
281
}
282
#endif
283
284
if ( setsockopt( sd, SOL_SOCKET, SO_REUSEADDR,
285
(char *) &on, sizeof( on ) ) == -1 )
286
msg( LOG_WARNING, func,
287
"setsockopt SO_REUSEADDR failed (%m). service = %s", sid ) ;
288
289
if( SC_NODELAY( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
290
{
291
if ( setsockopt( sd, IPPROTO_TCP, TCP_NODELAY,
292
(char *) &on, sizeof( on ) ) == -1 )
293
msg( LOG_WARNING, func,
294
"setsockopt TCP_NODELAY failed (%m). service = %s", sid ) ;
295
}
296
297
if( SC_KEEPALIVE( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
298
{
299
if( setsockopt(sd, SOL_SOCKET, SO_KEEPALIVE,
300
(char *)&on, sizeof( on ) ) < 0 )
301
msg( LOG_WARNING, func,
302
"setsockopt SO_KEEPALIVE failed (%m). service = %s", sid ) ;
303
}
304
305
if ( bind( sd, &tsin.sa, sin_len ) == -1 )
306
{
307
msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
308
return( FAILED ) ;
309
}
310
311
return( OK ) ;
312
}
313
314
315
/*
316
* Activate a service.
317
*/
318
status_e svc_activate( struct service *sp )
319
{
320
struct service_config *scp = SVC_CONF( sp ) ;
321
status_e status ;
322
const char *func = "svc_activate" ;
323
324
/* No activation for MUXCLIENTS.
325
*/
326
327
if (SC_IS_MUXCLIENT( scp ))
328
{
329
return( OK );
330
}
331
332
if( SC_IPV4( scp ) ) {
333
SVC_FD(sp) = socket( AF_INET,
334
SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
335
} else if( SC_IPV6( scp ) ) {
336
SVC_FD(sp) = socket( AF_INET6,
337
SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
338
}
339
340
if ( SVC_FD(sp) == -1 )
341
{
342
msg( LOG_ERR, func,
343
"socket creation failed (%m). service = %s", SC_ID( scp ) ) ;
344
return( FAILED ) ;
345
}
346
347
if ( set_fd_modes( sp ) == FAILED )
348
{
349
(void) Sclose( SVC_FD(sp) ) ;
350
return( FAILED ) ;
351
}
352
353
#ifndef NO_RPC
354
if ( SC_IS_RPC( scp ) )
355
status = activate_rpc( sp ) ;
356
else
357
#endif /* ! NO_RPC */
358
status = activate_normal( sp ) ;
359
360
if ( status == FAILED )
361
{
362
(void) Sclose( SVC_FD(sp) ) ;
363
return( FAILED ) ;
364
}
365
366
#ifdef HAVE_DNSREGISTRATION
367
if ( SC_MDNS(scp) == YES )
368
{
369
if( SC_MDNSCON( SVC_CONF(sp) ) )
370
DNSServiceDiscoveryDeallocate( SC_MDNSCON(SVC_CONF(sp)) );
371
if( SC_MDNS_NAME(scp) )
372
free(SC_MDNS_NAME(scp));
373
if( asprintf(&SC_MDNS_NAME(scp), "_%s._%s", SC_NAME(scp), SC_PROTONAME(scp)) < 0 )
374
{
375
deactivate( sp );
376
return( FAILED );
377
}
378
379
SC_MDNSCON(scp) = DNSServiceRegistrationCreate("", SC_MDNS_NAME(scp), "",
380
htons(SC_PORT(scp)), "", mdns_callback, NULL);
381
}
382
#endif
383
384
if ( log_start( sp, &SVC_LOG(sp) ) == FAILED )
385
{
386
deactivate( sp ) ;
387
return( FAILED ) ;
388
}
389
390
/*
391
* Initialize the service data
392
*/
393
SVC_RUNNING_SERVERS(sp) = SVC_RETRIES(sp) = 0 ;
394
395
if ( SC_MUST_LISTEN( scp ) )
396
(void) listen( SVC_FD(sp), LISTEN_BACKLOG ) ;
397
398
ps.rws.descriptors_free-- ;
399
400
SVC_STATE(sp) = SVC_ACTIVE ;
401
402
FD_SET( SVC_FD(sp), &ps.rws.socket_mask ) ;
403
if ( SVC_FD(sp) > ps.rws.mask_max )
404
ps.rws.mask_max = SVC_FD(sp) ;
405
406
ps.rws.active_services++ ;
407
ps.rws.available_services++ ;
408
409
return( OK ) ;
410
}
411
412
413
static void deactivate( const struct service *sp )
414
{
415
(void) Sclose( SVC_FD( sp ) ) ;
416
417
#ifdef HAVE_DNSREGISTRATION
418
if( SC_MDNSCON( SVC_CONF(sp) ) )
419
DNSServiceDiscoveryDeallocate( SC_MDNSCON(SVC_CONF(sp)) );
420
#endif
421
422
if (debug.on)
423
msg(LOG_DEBUG, "deactivate", "%d Service %s deactivated",
424
getpid(), SC_NAME( SVC_CONF(sp) ) );
425
426
#ifndef NO_RPC
427
if ( SC_IS_RPC( SVC_CONF( sp ) ) )
428
{
429
unsigned long vers ;
430
const struct rpc_data *rdp = SC_RPCDATA( SVC_CONF( sp ) ) ;
431
432
for ( vers = RD_MINVERS( rdp ) ; vers <= RD_MAXVERS( rdp ) ; vers++ ) {
433
(void) pmap_unset( RD_PROGNUM( rdp ), vers ) ;
434
}
435
}
436
#endif /* ! NO_RPC */
437
}
438
439
440
/*
441
* Close the service descriptor.
442
* If this is an RPC service, deregister it.
443
* Close the log.
444
*/
445
void svc_deactivate( struct service *sp )
446
{
447
if ( ! SVC_IS_AVAILABLE( sp ) )
448
return ;
449
450
deactivate( sp ) ;
451
ps.rws.descriptors_free++ ;
452
453
if ( SVC_IS_ACTIVE( sp ) )
454
{
455
FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
456
ps.rws.active_services-- ;
457
}
458
459
ps.rws.available_services-- ;
460
461
DISABLE( sp ) ;
462
}
463
464
465
/*
466
* Suspend a service
467
*/
468
void svc_suspend( struct service *sp )
469
{
470
const char *func = "svc_suspend" ;
471
472
if ( ! SVC_IS_ACTIVE( sp ) )
473
{
474
msg( LOG_ERR, func, "service %s is not active", SVC_ID( sp ) ) ;
475
return ;
476
}
477
478
FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
479
ps.rws.active_services-- ;
480
if ( debug.on )
481
msg( LOG_DEBUG, func, "Suspended service %s", SVC_ID( sp ) ) ;
482
483
SUSPEND( sp ) ;
484
}
485
486
487
/*
488
* Resume a suspended service.
489
*/
490
void svc_resume( struct service *sp )
491
{
492
const char *func = "svc_resume" ;
493
494
FD_SET( SVC_FD( sp ), &ps.rws.socket_mask ) ;
495
ps.rws.active_services++ ;
496
if ( debug.on )
497
msg( LOG_DEBUG, func, "Resumed service %s", SVC_ID( sp ) ) ;
498
RESUME( sp ) ;
499
}
500
501
502
/*
503
* Steps:
504
* 1. Deactivate the service
505
* 2. Free all memory used by the service and free the service itself
506
*
507
* Since this function may free all memory associated with the service as
508
* well as the memory pointed by sp, only the value of sp should be used
509
* after this call if the return value is 0 (i.e. no dereferencing of sp).
510
*
511
* Special services are never deactivated.
512
*/
513
int svc_release( struct service *sp )
514
{
515
char *sid = SVC_ID( sp ) ;
516
const char *func = "svc_release" ;
517
518
if ( SVC_REFCOUNT(sp) == 0 )
519
{
520
msg( LOG_ERR, func, "%s: svc_release with 0 count", sid ) ;
521
return( 0 ) ;
522
}
523
524
SVC_REFCOUNT(sp)-- ;
525
if ( SVC_REFCOUNT(sp) == 0 )
526
{
527
if ( debug.on )
528
msg( LOG_DEBUG, func, "ref count of service %s dropped to 0", sid ) ;
529
if ( ! SC_IS_SPECIAL( SVC_CONF( sp ) ) )
530
{
531
if ( SVC_LOG(sp) )
532
log_end( SC_LOG( SVC_CONF( sp ) ), SVC_LOG(sp) ) ;
533
svc_deactivate( sp ) ;
534
svc_free( sp ) ;
535
sp = NULL;
536
}
537
else /* this shouldn't happen */
538
msg( LOG_WARNING, func,
539
"ref count of special service %s dropped to 0", sid ) ;
540
return( 0 ) ;
541
}
542
else
543
return( SVC_REFCOUNT(sp) ) ;
544
}
545
546
547
void svc_dump( const struct service *sp, int fd )
548
{
549
tabprint( fd, 0, "Service = %s\n", SC_NAME( SVC_CONF( sp ) ) ) ;
550
tabprint( fd, 1, "State = %s\n",
551
nv_get_name( service_states, (int) SVC_STATE(sp) ) ) ;
552
553
sc_dump( SVC_CONF( sp ), fd, 1, FALSE ) ;
554
555
if ( SVC_IS_ACTIVE(sp) )
556
{
557
tabprint( fd, 1, "running servers = %d\n", SVC_RUNNING_SERVERS(sp) ) ;
558
tabprint( fd, 1, "retry servers = %d\n", SVC_RETRIES(sp) ) ;
559
tabprint( fd, 1, "attempts = %d\n", SVC_ATTEMPTS(sp) ) ;
560
tabprint( fd, 1, "service fd = %d\n", SVC_FD(sp) ) ;
561
}
562
Sputchar( fd, '\n' ) ;
563
}
564
565
566
void svc_request( struct service *sp )
567
{
568
connection_s *cp ;
569
status_e ret_code;
570
571
cp = conn_new( sp ) ;
572
if ( cp == CONN_NULL )
573
return ;
574
575
/*
576
* Output the banner now that the connection is established. The
577
* other banners come later.
578
*/
579
banner_always(sp, cp);
580
581
if (SVC_NOT_GENERIC(sp))
582
ret_code = spec_service_handler(sp, cp);
583
else
584
ret_code = svc_generic_handler(sp, cp);
585
586
if( (SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM) && (SVC_IS_ACTIVE( sp )) )
587
drain( cp->co_descriptor ) ; /* Prevents looping next time */
588
589
if ( ret_code != OK )
590
{
591
if ( SVC_LOGS_USERID_ON_FAILURE( sp ) ) {
592
if( spec_service_handler( LOG_SERVICE( ps ), cp ) == FAILED )
593
conn_free( cp, 1 ) ;
594
else if (!SC_WAITS( SVC_CONF( sp ) ) ) {
595
/* The logging service will gen SIGCHLD thus freeing connection */
596
CONN_CLOSE(cp) ;
597
}
598
return;
599
}
600
if (!SC_WAITS( SVC_CONF( sp ) ))
601
conn_free( cp, 1 );
602
else {
603
if( (SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM) && (SVC_IS_ACTIVE( sp )) )
604
drain( cp->co_descriptor ) ; /* Prevents looping next time */
605
free( cp );
606
}
607
}
608
else if ((SVC_NOT_GENERIC(sp)) || (!SC_FORKS( SVC_CONF( sp ) ) ) )
609
free( cp );
610
}
611
612
613
status_e svc_generic_handler( struct service *sp, connection_s *cp )
614
{
615
if ( svc_parent_access_control( sp, cp ) == OK ) {
616
return( server_run( sp, cp ) ) ;
617
}
618
619
return( FAILED ) ;
620
}
621
622
#define TMPSIZE 1024
623
/* Print the banner that is supposed to always be printed */
624
static int banner_always( const struct service *sp, const connection_s *cp )
625
{
626
const char *func = "banner_always";
627
const struct service_config *scp = SVC_CONF( sp ) ;
628
629
/* print the banner regardless of access control */
630
if ( SC_BANNER(scp) != NULL ) {
631
char tmpbuf[TMPSIZE];
632
int retval;
633
int bannerfd = open(SC_BANNER(scp), O_RDONLY);
634
635
if( bannerfd < 0 ) {
636
msg( LOG_ERR, func, "service = %s, open of banner %s failed",
637
SVC_ID( sp ), SC_BANNER(scp));
638
return(-1);
639
}
640
641
while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
642
if (retval == -1)
643
{
644
if (errno == EINTR)
645
continue;
646
else
647
{
648
msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
649
SVC_ID( sp ), SC_BANNER(scp));
650
break;
651
}
652
}
653
Swrite(cp->co_descriptor, tmpbuf, retval);
654
}
655
656
Sclose(bannerfd);
657
}
658
659
return(0);
660
}
661
662
static int banner_fail( const struct service *sp, const connection_s *cp )
663
{
664
const char *func = "banner_fail";
665
const struct service_config *scp = SVC_CONF( sp ) ;
666
667
668
if ( SC_BANNER_FAIL(scp) != NULL )
669
{
670
char tmpbuf[TMPSIZE];
671
int retval;
672
int bannerfd = open(SC_BANNER_FAIL(scp), O_RDONLY);
673
674
if( bannerfd < 0 )
675
{
676
msg( LOG_ERR, func, "service = %s, open of banner %s failed",
677
SVC_ID( sp ), SC_BANNER_FAIL(scp));
678
return(-1);
679
}
680
681
while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
682
if (retval == -1)
683
{
684
if (errno == EINTR)
685
continue;
686
else
687
{
688
msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
689
SVC_ID( sp ), SC_BANNER(scp));
690
break;
691
}
692
}
693
Swrite(cp->co_descriptor, tmpbuf, retval);
694
}
695
696
Sclose(bannerfd);
697
}
698
699
return(0);
700
}
701
702
static int banner_success( const struct service *sp, const connection_s *cp )
703
{
704
const char *func = "banner_success";
705
const struct service_config *scp = SVC_CONF( sp ) ;
706
707
/* print the access granted banner */
708
if ( SC_BANNER_SUCCESS(scp) != NULL ) {
709
char tmpbuf[TMPSIZE];
710
int retval;
711
int bannerfd = open(SC_BANNER_SUCCESS(scp), O_RDONLY);
712
713
if( bannerfd < 0 ) {
714
msg( LOG_ERR, func, "service = %s, open of banner %s failed",
715
SVC_ID( sp ), SC_BANNER_SUCCESS(scp));
716
return(-1);
717
}
718
719
while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
720
if (retval == -1)
721
{
722
if (errno == EINTR)
723
continue;
724
else
725
{
726
msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
727
SVC_ID( sp ), SC_BANNER(scp));
728
break;
729
}
730
}
731
Swrite(cp->co_descriptor, tmpbuf, retval);
732
}
733
734
Sclose(bannerfd);
735
}
736
return(0);
737
}
738
739
static status_e failed_service(struct service *sp,
740
connection_s *cp,
741
access_e result)
742
{
743
struct service_config *scp = SVC_CONF( sp ) ;
744
745
if ( result != AC_OK )
746
{
747
bool_int report_failure = TRUE ;
748
749
/*
750
* Try to avoid reporting multiple times a failed attempt to access
751
* a datagram-based service from a bad address. We do this because
752
* the clients of such services usually send multiple datagrams
753
* before reporting a timeout (we have no way of telling them that
754
* their request has been denied).
755
*/
756
if ( result == AC_ADDRESS && SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM )
757
{
758
if( SC_IPV4( scp ) ) {
759
struct sockaddr_in *sinp = SAIN(CONN_ADDRESS( cp )) ;
760
struct sockaddr_in *last = SAIN(SVC_LAST_DGRAM_ADDR(sp)) ;
761
time_t current_time ;
762
763
if (sinp == NULL )
764
return FAILED;
765
766
if ( last == NULL ) {
767
last = SAIN( SVC_LAST_DGRAM_ADDR(sp) ) =
768
SAIN( calloc( 1, sizeof(union xsockaddr) ) );
769
}
770
771
(void) time( ¤t_time ) ;
772
if ( sinp->sin_addr.s_addr == last->sin_addr.s_addr &&
773
sinp->sin_port == last->sin_port )
774
{
775
if( current_time - SVC_LAST_DGRAM_TIME(sp) <= DGRAM_IGNORE_TIME )
776
report_failure = FALSE ;
777
else
778
SVC_LAST_DGRAM_TIME(sp) = current_time ;
779
}
780
else
781
{
782
memcpy(SVC_LAST_DGRAM_ADDR(sp), sinp,sizeof(struct sockaddr_in));
783
SVC_LAST_DGRAM_TIME(sp) = current_time ;
784
}
785
} else if( SC_IPV6( scp ) ) {
786
struct sockaddr_in6 *sinp = SAIN6(CONN_ADDRESS( cp )) ;
787
struct sockaddr_in6 *last = SAIN6(SVC_LAST_DGRAM_ADDR(sp)) ;
788
time_t current_time ;
789
790
if (sinp == NULL )
791
return FAILED;
792
793
if( last == NULL ) {
794
last = SAIN6(SVC_LAST_DGRAM_ADDR(sp)) =
795
SAIN6(calloc( 1, sizeof(union xsockaddr) ) );
796
}
797
798
(void) time( ¤t_time ) ;
799
if ( IN6_ARE_ADDR_EQUAL(&(sinp->sin6_addr), &(last->sin6_addr)) &&
800
sinp->sin6_port == last->sin6_port )
801
{
802
if((current_time - SVC_LAST_DGRAM_TIME(sp)) <= DGRAM_IGNORE_TIME)
803
report_failure = FALSE ;
804
else
805
SVC_LAST_DGRAM_TIME(sp) = current_time ;
806
}
807
else
808
{
809
memcpy(SVC_LAST_DGRAM_ADDR(sp),sinp,sizeof(struct sockaddr_in6));
810
SVC_LAST_DGRAM_TIME(sp) = current_time ;
811
}
812
}
813
}
814
815
if ( report_failure )
816
svc_log_failure( sp, cp, result ) ;
817
818
banner_fail(sp, cp);
819
820
return( FAILED ) ;
821
}
822
823
return( OK );
824
}
825
826
/* Do the "light weight" access control here */
827
status_e svc_parent_access_control( struct service *sp, connection_s *cp )
828
{
829
access_e result;
830
831
result = parent_access_control( sp, cp );
832
if( failed_service(sp, cp, result) == FAILED )
833
return(FAILED);
834
835
return (OK);
836
}
837
838
status_e svc_child_access_control( struct service *sp, connection_s *cp )
839
{
840
access_e result ;
841
842
result = access_control( sp, cp, MASK_NULL ) ;
843
if( failed_service(sp, cp, result) == FAILED )
844
return(FAILED);
845
846
banner_success(sp, cp);
847
848
return( OK ) ;
849
}
850
851
/*
852
* Invoked when a server of the specified service dies
853
*/
854
void svc_postmortem( struct service *sp, struct server *serp )
855
{
856
struct service *co_sp = SERVER_CONNSERVICE( serp ) ;
857
connection_s *cp = SERVER_CONNECTION( serp ) ;
858
const char *func = "svc_postmortem" ;
859
860
SVC_DEC_RUNNING_SERVERS( sp ) ;
861
862
/*
863
* Log information about the server that died
864
*/
865
if ( SVC_IS_LOGGING( sp ) )
866
{
867
if ( SERVER_WRITES_TO_LOG(serp) )
868
{
869
if ( debug.on )
870
msg( LOG_DEBUG, func,
871
"Checking log size of %s service", SVC_ID( sp ) ) ;
872
xlog_control( SVC_LOG( sp ), XLOG_SIZECHECK ) ;
873
}
874
svc_log_exit( sp, serp ) ;
875
}
876
877
/*
878
* Now check if we have to check the log size of the service that owns
879
* the connection
880
*/
881
if ( co_sp != sp && SVC_IS_LOGGING( co_sp ) )
882
xlog_control( SVC_LOG( co_sp ), XLOG_SIZECHECK ) ;
883
884
if (!SVC_WAITS(sp)) {
885
conn_free( cp, 1 ) ;
886
cp = NULL;
887
} else {
888
if (cp) {
889
if ( SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM )
890
drain( cp->co_descriptor ) ;
891
free(cp);
892
cp = NULL;
893
SVC_RELE( sp );
894
}
895
svc_resume(sp);
896
}
897
}
898
899
/*
900
* This function closes all service descriptors. This should be called
901
* for all child processes that fork, but do not exec. This includes
902
* redirect, builtins, and tcpmux. The close on exec flag takes care of
903
* child processes that call exec. Without calling this, the listening
904
* fd's are not closed and reconfig will fail.
905
*/
906
void close_all_svc_descriptors(void)
907
{
908
psi_h iter ;
909
struct service *osp ;
910
911
/* Have to close all other descriptors here */
912
iter = psi_create( SERVICES( ps ) ) ;
913
if ( iter == NULL )
914
out_of_memory( "close_all_svc_descriptors" ) ;
915
916
for ( osp = SP( psi_start( iter ) ) ; osp ; osp = SP( psi_next( iter ) ) )
917
(void) Sclose( SVC_FD( osp ) ) ;
918
919
psi_destroy( iter ) ;
920
}
921
Loggerhead is a web-based interface for Breezy
Version: 2.0.1