4 * Copyright (c) 1983 Regents of the University of California.
7 * Redistribution and use in source and binary forms are permitted
8 * provided that the above copyright notice and this paragraph are
9 * duplicated in all such forms and that any documentation,
10 * advertising materials, and other materials related to such
11 * distribution and use acknowledge that the software was developed
12 * by the University of California, Berkeley. The name of the
13 * University may not be used to endorse or promote products derived
14 * from this software without specific prior written permission.
15 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
17 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 * Inetd - Internet super-server
23 * This program invokes all internet services as needed.
24 * connection-oriented services are invoked each time a
25 * connection is made, by creating a process. This process
26 * is passed the connection as file descriptor 0 and is
27 * expected to do a getpeername to find out the source host
30 * Datagram oriented services are invoked when a datagram
31 * arrives; a process is created and passed a pending message
32 * on file descriptor 0. Datagram servers may either connect
33 * to their peer, freeing up the original socket for inetd
34 * to receive further messages on, or ``take over the socket'',
35 * processing all arriving datagrams and, eventually, timing
36 * out. The first type of server is said to be ``multi-threaded'';
37 * the second type of server ``single-threaded''.
39 * Inetd uses a configuration file which is read at startup
40 * and, possibly, at some later time in response to a hangup signal.
41 * The configuration file is ``free format'' with fields given in the
42 * order shown below. Continuation lines for an entry must being with
43 * a space or tab. All fields must be present in each entry.
45 * service name must be in /etc/services
46 * socket type stream/dgram/raw/rdm/seqpacket
47 * protocol must be in /etc/protocols
48 * wait/nowait single-threaded/multi-threaded
49 * user user to run daemon as
50 * server program full path name
51 * server program arguments maximum of MAXARGS (5)
53 * Comment lines are indicated by a `#' in column 1.
55 #include <afsconfig.h>
56 #include <afs/param.h>
61 #include <sys/param.h>
66 #include <sys/ioctl.h>
67 #include <sys/socket.h>
74 #include <sys/resource.h>
76 #include <netinet/in.h>
77 #include <arpa/inet.h>
80 #include <afs/cellconfig.h>
81 #include <afs/afsutil.h>
86 #include <sys/syslog.h>
97 #define TOOMANY 40 /* don't start more than TOOMANY */
98 #define CNT_INTVL 60 /* servers in CNT_INTVL sec. */
99 #define RETRYTIME (60*10) /* retry after bind or server fail */
101 void config(), reapchild(), retry();
111 char *se_service; /* name of service */
112 int se_socktype; /* type of socket to use */
113 char *se_proto; /* protocol used */
114 short se_wait; /* single threaded server */
115 short se_checked; /* looked at during merge */
116 char *se_user; /* user name to run as */
117 struct biltin *se_bi; /* if built-in, description */
118 char *se_server; /* server program */
120 char *se_argv[MAXARGV + 1]; /* program arguments */
121 int se_fd; /* open descriptor */
122 struct sockaddr_in se_ctrladdr; /* bound address */
123 int se_count; /* number started since se_time */
124 struct timeval se_time; /* start of se_count */
125 struct servtab *se_next;
128 int echo_stream(), discard_stream(), machtime_stream();
129 int daytime_stream(), chargen_stream();
130 int echo_dg(), discard_dg(), machtime_dg(), daytime_dg(), chargen_dg();
131 int auth_stream(), auth_dg();
134 char *bi_service; /* internally provided service name */
135 int bi_socktype; /* type of socket supported */
136 short bi_fork; /* 1 if should fork before call */
137 short bi_wait; /* 1 if should wait for child */
138 int (*bi_fn) (); /* function which performs it */
140 /* Echo received data */
141 "echo", SOCK_STREAM, 1, 0, echo_stream, "echo", SOCK_DGRAM, 0, 0, echo_dg,
142 /* Internet /dev/null */
143 "discard", SOCK_STREAM, 1, 0, discard_stream, "discard", SOCK_DGRAM,
145 /* Return 32 bit time since 1970 */
146 "time", SOCK_STREAM, 0, 0, machtime_stream, "time", SOCK_DGRAM, 0, 0,
148 /* Return human-readable time */
149 "daytime", SOCK_STREAM, 0, 0, daytime_stream, "daytime", SOCK_DGRAM,
151 /* Familiar character generator */
152 "chargen", SOCK_STREAM, 1, 0, chargen_stream, "chargen", SOCK_DGRAM,
154 /* Remote authentication services */
155 "ta-rauth", SOCK_STREAM, 1, 0, auth_stream, "ta-rauth", SOCK_DGRAM, 0,
158 #define NUMINT (sizeof(intab) / sizeof(struct inent))
159 char *CONFIG = "/etc/inetd.conf";
162 int backlog = 10; /* listen() queue length */
164 #include "AFS_component_version_number.c"
170 int afs_didsetpag = 0;
171 main(argc, argv, envp)
173 char *argv[], *envp[];
177 register struct servtab *sep;
178 register struct passwd *pwd;
179 struct passwd *getpwnam();
184 #if defined(AFS_HPUX_ENV)
187 #endif /* defined(AFS_HPUX_ENV) */
189 memset((char *)allZeroes, '\0', sizeof(allZeroes));
190 memset((char *)allZeroes, 0, sizeof(allZeroes));
192 sigNone = *((sigset_t *) allZeroes);
194 (1 << (SIGCHLD - 1)) + (1 << (SIGHUP - 1)) + (1 << (SIGALRM - 1));
195 sigBlock = *((sigset_t *) allZeroes);
197 setpag(); /* disassociate with PAG of person starting inetd */
200 if (envp == 0 || *envp == 0)
204 LastArg = envp[-1] + strlen(envp[-1]);
206 while ((ch = getopt(argc, argv, "dl:")) != EOF)
213 /* undocumented option to set listen() queue length */
214 backlog = atoi(optarg);
218 fprintf(stderr, "usage: inetd [-d]");
227 #if defined(AFS_OSF_ENV) && !defined(AFS_OSF32_ENV)
234 for (tmpint = 0; tmpint < getnumfds(); tmpint++)
236 for (tmpint = 0; tmpint < 10; tmpint++)
239 (void)open("/", O_RDONLY);
243 tmpint = open("/dev/tty", O_RDWR);
245 ioctl(tmpint, TIOCNOTTY, NULL);
251 * the way to get rid of the controlling terminal in hp-ux, if we
252 * are not a process group leader
254 newSessionID = setsid();
255 if (newSessionID == -1) {
257 * we are already a process group leader, & extensive experimentation
258 * indicates that (contrary to the documentation, once again), there
259 * doesn't seem to be any way to get rid of our control tty, other
260 * than the following ugliness:
274 (void)signal(SIGTSTP, SIG_IGN);
275 (void)signal(SIGTTIN, SIG_IGN);
276 (void)signal(SIGTTOU, SIG_IGN);
277 #endif /* !defined(AIX) */
278 #endif /* AFS_OSF_ENV */
281 openlog("inetd", LOG_PID | LOG_NOWAIT, LOG_DAEMON);
283 memset((char *)&sa, '\0', sizeof(sa));
284 sa.sa_mask = sigBlock;
285 sa.sa_handler = retry;
286 sigaction(SIGALRM, &sa, NULL);
288 sa.sa_handler = config;
289 sigaction(SIGHUP, &sa, NULL);
290 sa.sa_handler = reapchild;
291 sigaction(SIGCHLD, &sa, NULL);
293 /* space for daemons to overwrite environment for ps */
294 #define DUMMYSIZE 100
295 char dummy[DUMMYSIZE];
297 (void)memset(dummy, 'x', sizeof(DUMMYSIZE) - 1);
298 dummy[DUMMYSIZE - 1] = '\0';
299 (void)setenv("inetd_dummy", dummy, 1);
307 (void)sigprocmask(SIG_BLOCK, &sigBlock, (sigset_t *) 0);
310 (void)sigprocmask(SIG_SETMASK, &sigNone, (sigset_t *) 0);
314 select(maxsock + 1, &readable, (fd_set *) 0, (fd_set *) 0,
316 if (n < 0 && errno != EINTR)
317 syslog(LOG_WARNING, "select: %m\n");
321 for (sep = servtab; n && sep; sep = sep->se_next)
322 if ((sep->se_fd != -1) && FD_ISSET(sep->se_fd, &readable)) {
325 fprintf(stderr, "someone wants %s\n", sep->se_service);
326 if (!sep->se_wait && sep->se_socktype == SOCK_STREAM) {
327 ctrl = accept(sep->se_fd, NULL, (int *)0);
329 fprintf(stderr, "accept, ctrl %d\n", ctrl);
333 syslog(LOG_WARNING, "accept: %m");
338 (void)sigprocmask(SIG_BLOCK, &sigBlock, (sigset_t *) 0);
340 dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork);
343 fprintf(stderr, "forking\n");
344 if (sep->se_socktype == SOCK_DGRAM) {
345 if (sep->se_count++ == 0)
346 (void)gettimeofday(&sep->se_time, NULL);
347 else if (sep->se_count >= TOOMANY) {
350 (void)gettimeofday(&now, NULL);
351 if (now.tv_sec - sep->se_time.tv_sec > CNT_INTVL) {
356 "%s/%s server failing (looping), service terminated %d\n",
357 sep->se_service, sep->se_proto,
359 FD_CLR(sep->se_fd, &allsock);
360 (void)close(sep->se_fd);
364 sigprocmask(SIG_SETMASK, &sigNone,
377 if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
379 sigprocmask(SIG_SETMASK, &sigNone, (sigset_t *) 0);
383 if (pid && sep->se_wait) {
385 FD_CLR(sep->se_fd, &allsock);
388 sigprocmask(SIG_SETMASK, &sigNone, (sigset_t *) 0);
394 if (dofork && (tmpint = open("/dev/tty", O_RDWR)) > 0) {
396 ioctl(tmpint, TIOCNOTTY, 0);
402 (void)signal(SIGTSTP, SIG_IGN);
403 (void)signal(SIGTTIN, SIG_IGN);
404 (void)signal(SIGTTOU, SIG_IGN);
405 #endif /* !defined(AIX) */
410 /* make child session leader */
414 for (tmpint = getnumfds(); --tmpint > 2;)
416 for (tmpint = getdtablesize(); --tmpint > 2;)
423 (*sep->se_bi->bi_fn) (ctrl, sep);
426 int pgid = -getpid();
437 /* make child socket process group leader */
438 ioctl(0, SIOCSPGRP, (char *)&pgid);
440 if ((pwd = getpwnam(sep->se_user)) == NULL) {
441 fprintf(stderr, "getpwnam failed\n");
442 syslog(LOG_ERR, "getpwnam: %s: No such user",
444 if (sep->se_socktype != SOCK_STREAM)
445 recv(0, buf, sizeof(buf), 0);
450 (void)initgroups((uid_t) pwd->pw_name,
451 (gid_t) pwd->pw_gid);
452 (void)setgid((gid_t) pwd->pw_gid);
454 (void)setgid((gid_t) pwd->pw_gid);
455 initgroups(pwd->pw_name, pwd->pw_gid);
457 (void)setuid((uid_t) pwd->pw_uid);
460 && (!strcmp(sep->se_service, "login")
461 || !strcmp(sep->se_service, "shell"))) {
462 setpag(); /* to disassociate it from current group... */
466 if (sep->se_argv[0] != NULL) {
467 if (!strcmp(sep->se_argv[0], "%A")) {
469 sprintf(addrbuf, "%s.%d",
470 inet_ntoa(his_addr.sin_addr.s_addr),
471 ntohs(his_addr.sin_port));
472 execl(sep->se_server,
473 strrchr(sep->se_server, '/') + 1,
475 SOCK_DGRAM ? (char *)0 : addrbuf, NULL);
477 execv(sep->se_server, sep->se_argv);
481 execv(sep->se_server, sep->se_argv);
483 fprintf(stderr, "%d execl %s\n", getpid(),
485 if (sep->se_socktype != SOCK_STREAM)
486 recv(0, buf, sizeof(buf), 0);
487 syslog(LOG_ERR, "execv %s: %m", sep->se_server);
491 if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
502 register struct servtab *sep;
505 pid = wait3(&status, WNOHANG, NULL);
509 fprintf(stderr, "%d <reaped (status %d)\n", pid, status);
510 for (sep = servtab; sep; sep = sep->se_next)
511 if (sep->se_wait == pid) {
513 syslog(LOG_WARNING, "%s: exit status 0x%x",
514 sep->se_server, status);
516 fprintf(stderr, "restored %s, fd %d\n", sep->se_service,
518 FD_SET(sep->se_fd, &allsock);
528 register struct servtab *sep, *cp, **sepp;
529 struct servtab *getconfigent(), *enter();
533 syslog(LOG_ERR, "%s: %m", CONFIG);
536 for (sep = servtab; sep; sep = sep->se_next)
538 while (cp = getconfigent()) {
540 /* fix a bug on rt */
541 if (cp->se_service == 0 || *cp->se_service == '\0')
544 for (sep = servtab; sep; sep = sep->se_next)
545 if (strcmp(sep->se_service, cp->se_service) == 0
546 && strcmp(sep->se_proto, cp->se_proto) == 0)
551 sigprocmask(SIG_BLOCK, &sigBlock, &oset);
553 sep->se_wait = cp->se_wait;
554 #define SWAP(a, b) { char *c = a; a = b; b = c; }
556 SWAP(sep->se_user, cp->se_user);
558 SWAP(sep->se_server, cp->se_server);
559 for (i = 0; i < MAXARGV; i++)
560 SWAP(sep->se_argv[i], cp->se_argv[i]);
561 sigprocmask(SIG_SETMASK, &oset, (sigset_t *) 0);
564 print_service("REDO", sep);
568 print_service("ADD ", sep);
571 sp = getservbyname(sep->se_service, sep->se_proto);
573 syslog(LOG_ERR, "%s/%s: unknown service", sep->se_service,
577 if (sp->s_port != sep->se_ctrladdr.sin_port) {
578 sep->se_ctrladdr.sin_port = sp->s_port;
579 if (sep->se_fd != -1)
580 (void)close(sep->se_fd);
583 if (sep->se_fd == -1)
588 * Purge anything not looked at above.
590 sigprocmask(SIG_BLOCK, &sigBlock, &oset);
592 while (sep = *sepp) {
593 if (sep->se_checked) {
594 sepp = &sep->se_next;
597 *sepp = sep->se_next;
598 if (sep->se_fd != -1) {
599 FD_CLR(sep->se_fd, &allsock);
601 (void)close(sep->se_fd);
604 print_service("FREE", sep);
608 sigprocmask(SIG_SETMASK, &oset, (sigset_t *) 0);
614 register struct servtab *sep;
617 for (sep = servtab; sep; sep = sep->se_next)
618 if (sep->se_fd == -1)
623 register struct servtab *sep;
627 if ((sep->se_fd = socket(AF_INET, sep->se_socktype, 0)) < 0) {
628 syslog(LOG_ERR, "%s/%s: socket: %m", sep->se_service, sep->se_proto);
631 #define turnon(fd, opt) \
632 setsockopt(fd, SOL_SOCKET, opt, (char *)&on, sizeof (on))
633 if (strcmp(sep->se_proto, "tcp") == 0 && (options & SO_DEBUG)
634 && turnon(sep->se_fd, SO_DEBUG) < 0)
635 syslog(LOG_ERR, "setsockopt (SO_DEBUG): %m");
636 if (turnon(sep->se_fd, SO_REUSEADDR) < 0)
637 syslog(LOG_ERR, "setsockopt (SO_REUSEADDR): %m");
640 (sep->se_fd, (struct sockaddr *)&sep->se_ctrladdr,
641 sizeof(sep->se_ctrladdr)) < 0) {
642 syslog(LOG_ERR, "%s/%s: bind: %m", sep->se_service, sep->se_proto);
643 (void)close(sep->se_fd);
651 if (sep->se_socktype == SOCK_STREAM)
652 listen(sep->se_fd, backlog);
653 FD_SET(sep->se_fd, &allsock);
655 if (sep->se_fd > maxsock)
656 maxsock = sep->se_fd;
663 register struct servtab *sep;
666 sep = (struct servtab *)malloc(sizeof(*sep));
668 syslog(LOG_ERR, "Out of memory.");
673 sigprocmask(SIG_BLOCK, &sigBlock, &oset);
674 sep->se_next = servtab;
676 sigprocmask(SIG_SETMASK, &oset, (sigset_t *) 0);
680 FILE *fconfig = NULL;
683 char *skip(), *nextline();
688 if (fconfig != NULL) {
689 fseek(fconfig, 0L, L_SET);
692 fconfig = fopen(CONFIG, "r");
693 return (fconfig != NULL);
699 (void)fclose(fconfig);
707 register struct servtab *sep = &serv;
709 char *cp, *arg, *copyofstr();
712 /* modified to skip blank lines... */
713 while ((cp = nextline(fconfig)) && (*cp == '#' || (strlen(cp) < 2)));
716 sep->se_service = copyofstr(skip(&cp));
718 if (strcmp(arg, "stream") == 0)
719 sep->se_socktype = SOCK_STREAM;
720 else if (strcmp(arg, "dgram") == 0)
721 sep->se_socktype = SOCK_DGRAM;
722 else if (strcmp(arg, "rdm") == 0)
723 sep->se_socktype = SOCK_RDM;
724 else if (strcmp(arg, "seqpacket") == 0)
725 sep->se_socktype = SOCK_SEQPACKET;
726 else if (strcmp(arg, "raw") == 0)
727 sep->se_socktype = SOCK_RAW;
729 sep->se_socktype = -1;
730 sep->se_proto = copyofstr(skip(&cp));
732 sep->se_wait = strcmp(arg, "wait") == 0;
733 sep->se_user = copyofstr(skip(&cp));
734 sep->se_server = copyofstr(skip(&cp));
735 if (strcmp(sep->se_server, "internal") == 0) {
736 register struct biltin *bi;
738 for (bi = biltins; bi->bi_service; bi++)
739 if (bi->bi_socktype == sep->se_socktype
740 && strcmp(bi->bi_service, sep->se_service) == 0)
742 if (bi->bi_service == 0) {
743 syslog(LOG_ERR, "internal service %s unknown\n", sep->se_service);
747 sep->se_wait = bi->bi_wait;
751 for (arg = skip(&cp); cp; arg = skip(&cp))
753 sep->se_argv[argc++] = copyofstr(arg);
754 while (argc <= MAXARGV)
755 sep->se_argv[argc++] = NULL;
760 register struct servtab *cp;
765 free(cp->se_service);
772 for (i = 0; i < MAXARGV; i++)
774 free(cp->se_argv[i]);
781 register char *cp = *cpp;
785 while (*cp == ' ' || *cp == '\t')
791 (void)ungetc(c, fconfig);
792 if (c == ' ' || c == '\t')
793 if (cp = nextline(fconfig))
799 while (*cp && *cp != ' ' && *cp != '\t')
813 if (fgets(line, sizeof(line), fd) == NULL)
815 cp = strchr(line, '\n');
829 new = malloc((unsigned)(strlen(cp) + 1));
831 syslog(LOG_ERR, "Out of memory.");
834 (void)strcpy(new, cp);
844 struct sockaddr_in sin;
849 if (getpeername(s, (struct sockaddr *)&sin, &size) == 0)
850 (void)sprintf(buf, "-%s [%s]", a, inet_ntoa(sin.sin_addr));
852 (void)sprintf(buf, "-%s", a);
853 strncpy(cp, buf, LastArg - cp);
860 * Internet services provided internally by inetd:
864 echo_stream(s, sep) /* Echo service -- echo data back */
871 setproctitle(sep->se_service, s);
872 while ((i = read(s, buffer, sizeof(buffer))) > 0
873 && write(s, buffer, i) > 0);
878 echo_dg(s, sep) /* Echo service -- echo data back */
887 if ((i = recvfrom(s, buffer, sizeof(buffer), 0, &sa, &size)) < 0)
889 (void)sendto(s, buffer, i, 0, &sa, sizeof(sa));
893 discard_stream(s, sep) /* Discard service -- ignore data */
899 setproctitle(sep->se_service, s);
901 while (read(s, buffer, sizeof(buffer)) > 0);
909 discard_dg(s, sep) /* Discard service -- ignore data */
915 (void)read(s, buffer, sizeof(buffer));
928 for (i = 0; i <= 128; ++i)
934 chargen_stream(s, sep) /* Character generator */
940 char text[LINESIZ + 2];
942 setproctitle(sep->se_service, s);
949 text[LINESIZ] = '\r';
950 text[LINESIZ + 1] = '\n';
952 if ((len = endring - rs) >= LINESIZ)
953 memcpy(text, rs, LINESIZ);
955 memcpy(text, rs, len);
956 memcpy(text + len, ring, LINESIZ - len);
960 if (write(s, text, sizeof(text)) != sizeof(text))
967 chargen_dg(s, sep) /* Character generator */
974 char text[LINESIZ + 2];
982 if (recvfrom(s, text, sizeof(text), 0, &sa, &size) < 0)
985 if ((len = endring - rs) >= LINESIZ)
986 memcpy(text, rs, LINESIZ);
988 memcpy(text, rs, len);
989 memcpy(text + len, ring, LINESIZ - len);
993 text[LINESIZ] = '\r';
994 text[LINESIZ + 1] = '\n';
995 (void)sendto(s, text, sizeof(text), 0, &sa, sizeof(sa));
999 * Return a machine readable date and time, in the form of the
1000 * number of seconds since midnight, Jan 1, 1900. Since gettimeofday
1001 * returns the number of seconds since midnight, Jan 1, 1970,
1002 * we must add 2208988800 seconds to this figure to make up for
1003 * some seventy years Bell Labs was asleep.
1011 if (gettimeofday(&tv, NULL) < 0) {
1012 fprintf(stderr, "Unable to get time of day\n");
1015 return (htonl((afs_int32) tv.tv_sec + 2208988800U));
1019 machtime_stream(s, sep)
1021 struct servtab *sep;
1025 result = machtime();
1026 (void)write(s, (char *)&result, sizeof(result));
1032 struct servtab *sep;
1039 if (recvfrom(s, (char *)&result, sizeof(result), 0, &sa, &size) < 0)
1041 result = machtime();
1042 (void)sendto(s, (char *)&result, sizeof(result), 0, &sa, sizeof(sa));
1046 daytime_stream(s, sep) /* Return human-readable time of day */
1048 struct servtab *sep;
1053 clock = time((time_t *) 0);
1055 (void)sprintf(buffer, "%.24s\r\n", ctime(&clock));
1056 (void)write(s, buffer, strlen(buffer));
1060 daytime_dg(s, sep) /* Return human-readable time of day */
1062 struct servtab *sep;
1069 clock = time((time_t *) 0);
1072 if (recvfrom(s, buffer, sizeof(buffer), 0, &sa, &size) < 0)
1074 (void)sprintf(buffer, "%.24s\r\n", ctime(&clock));
1075 (void)sendto(s, buffer, strlen(buffer), 0, &sa, sizeof(sa));
1080 * Dump relevant information to stderr
1082 print_service(action, sep)
1084 struct servtab *sep;
1087 "%s: %s proto=%s, wait=%d, user=%s builtin=%x server=%s\n",
1088 action, sep->se_service, sep->se_proto, sep->se_wait,
1089 sep->se_user, (int)sep->se_bi, sep->se_server);
1093 * Copyright 2000, International Business Machines Corporation and others.
1094 * All Rights Reserved.
1096 * This software has been released under the terms of the IBM Public
1097 * License. For details, see the LICENSE file in the top-level source
1098 * directory or online at http://www.openafs.org/dl/license10.html
1102 * This program is a front-end for the various remote access programs
1103 * (e.g. rsh, rcp, rlogin, ftp) to allow for weak remote authentication.
1104 * It will be used by a call to a well-known restricted tcp port; if
1105 * there is a service on that port, we will attempt authentication.
1107 * Note, this only affects the Kerberos portion of the authentication;
1108 * the program still requires its existing authentication (although it
1109 * seems reasonable to change this in the future.)
1111 * The advantage to this scheme (rather than modifying each program to
1112 * incorporate this authentication scheme) is it allows us to modify
1113 * the authentication mechanism without requiring additonal code
1114 * changes to the other programs.
1116 * Current format of authentication packet:
1120 * (3) Token length (null terminated);
1121 * (4) Token (not null terminated).
1123 * The code to add/delete to the AFS ticket cache is taken from the
1124 * authentication library.
1128 * routine to do the actual authentication. At this time, it is
1129 * very simple -- the remote end passes a token length and a token.
1131 * This routine returns the name of the requested service.
1134 #define gettime(tl) do { struct timezone tzp; struct timeval tv; \
1135 gettimeofday(&tv,&tzp); tl = tv.tv_sec; } while(0)
1136 #define RAUTH_TOKENLIFE (60 * 60 * 2) /* 2 hours */
1138 #define NOPAG 0xffffffff
1140 get_pag_from_groups(g0, g1)
1143 afs_uint32 h, l, result;
1147 if (g0 < 0xc000 && g1 < 0xc000) {
1148 l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff);
1150 h = (g1 >> 14) + h + h + h;
1151 result = ((h << 28) | l);
1152 /* Additional testing */
1153 if (((result >> 24) & 0xff) == 'A')
1161 auth_stream(s, sepent)
1163 struct servtab *sepent;
1165 char service[100], remoteName[64];
1166 struct sockaddr_in from;
1169 struct afsconf_dir *tdir;
1170 struct ktc_principal tserver, tclient;
1171 struct ktc_token token;
1172 register struct servtab *sep;
1175 * First, obtain information on remote end of connection.
1178 fprintf(stderr, "auth_stream: entered\n");
1179 #ifndef AFS_SUN5_ENV
1180 if (getpeername(s, &from, &fromlen) < 0) {
1181 syslog(LOG_ERR, "getpeername failed");
1183 fprintf(stderr, "auth_stream: getpeername failed\n");
1187 if (intoken(s, &token, service, remoteName) != 0) {
1188 syslog(LOG_ERR, "invalid remote authentication");
1190 fprintf(stderr, "auth_stream: invalid remote authentication\n");
1193 /* lookup the name of the local cell */
1196 fprintf(stderr, "auth_stream: look up local cell name\n");
1198 tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
1200 syslog(LOG_NOTICE, "Can't open dir %s\n", AFSDIR_CLIENT_ETC_DIRPATH);
1202 fprintf(stderr, "Can't open dir %s\n", AFSDIR_CLIENT_ETC_DIRPATH);
1205 /* done with configuration stuff now */
1206 afsconf_Close(tdir);
1207 /* set ticket in local cell */
1208 strcpy(tserver.cell, remoteName);
1209 strcpy(tserver.name, "afs");
1211 /* now, set the token */
1215 "token information: service is %s\ntoken length is %d\n",
1216 service, token.ticketLen);
1217 fprintf(stderr, "token is %s\n", token.ticket);
1218 fprintf(stderr, "cell name is %s\n", remoteName);
1222 code = ktc_SetToken(&tserver, &token, &tclient, 0);
1224 write(s, "0", 1); /* say "no" to other side */
1225 printf("Login incorrect.(%d)", code);
1226 syslog(LOG_ERR, "Invalid token from %s", inet_ntoa(from.sin_addr));
1229 write(s, "1", 1); /* say "yes" to other side */
1232 fprintf(stderr, "Finished authentication code\n");
1233 for (sep = servtab; sep; sep = sep->se_next)
1234 if (strcmp(sep->se_service, service) == 0) {
1235 int dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork);
1239 for (tmpint = getdtablesize(); --tmpint > 2;)
1244 (*sep->se_bi->bi_fn) (s, sep);
1246 register struct passwd *pwd;
1247 struct passwd *getpwnam();
1250 if ((pwd = getpwnam(sep->se_user)) == NULL) {
1251 syslog(LOG_ERR, "getpwnam: %s: No such user",
1253 if (sep->se_socktype != SOCK_STREAM)
1254 recv(0, buf, sizeof(buf), 0);
1259 (void)setgid((gid_t) pwd->pw_gid);
1260 initgroups(pwd->pw_name, pwd->pw_gid);
1261 (void)setuid((uid_t) pwd->pw_uid);
1267 fprintf(stderr, "going to exec program %s(errno = %d)\n",
1268 sep->se_server, errno);
1274 && (!strcmp(sep->se_service, "login")
1275 || !strcmp(sep->se_service, "shell"))) {
1276 setpag(); /* to disassociate it from current group... */
1278 execv(sep->se_server, sep->se_argv);
1280 if (sep->se_socktype != SOCK_STREAM)
1281 recv(0, buf, sizeof(buf), 0);
1282 syslog(LOG_ERR, "execv %s: %m", sep->se_server);
1286 fprintf(stderr, "service not available\n");
1287 syslog(LOG_ERR, "auth_stream: invalid service requested %s\n", service);
1295 "datagram remote authentication requested, not supported");
1301 * This routine accepts a token on the specified file handle;
1302 * The input format for a token is:
1304 * Field # Contents description
1305 * (0) Service Name char[]
1306 * (1) Version # unsigned integer (< 2^32)
1307 * (2) cellName char[]
1308 * (3) startTime unsigned afs_int32 (< 2^32)
1309 * (4) endTime unsigned afs_int32 (< 2^32)
1310 * (5) sessionKey char[8]
1311 * (6) kvno short (< 2^16)
1312 * (7) ticketLen unsigned integer (< 2^32)
1313 * (8) ticket char[MAXKTCTICKETLEN]
1315 * Each field is comma separated; the last is variable length. The
1316 * converted token is placed into the token structure pointed to by
1317 * the variable "token".
1320 intoken(s, token, svc, cell)
1322 struct ktc_token *token;
1325 char buf[1024], *bp;
1327 unsigned index, version;
1330 fprintf(stderr, "intoken: entered\n");
1332 if ((count = recv(s, buf, sizeof buf, 0)) == -1) {
1334 fprintf(stderr, "error on fd %d\n", s);
1335 perror("intoken recv");
1340 /* (0) Service Name */
1341 for (index = 0; index < count && buf[index] != ','; index++);
1343 if (index == count) {
1345 fprintf(stderr, "overran buffer while searching for svc name\n");
1349 if (buf[index] != ',') {
1352 "Didn't stop on a comma, searching for svc name\n");
1362 bp = buf + index + 1;
1364 for (; index < count && buf[index] != ','; index++);
1366 if (index == count) {
1368 fprintf(stderr, "overran buffer while searching for version #\n");
1372 if (buf[index] != ',') {
1375 "Didn't stop on a comma, searching for version #\n");
1381 sscanf(bp, "%u", &version);
1385 fprintf(stderr, "Incompatible (newer) version encountered: %d\n",
1391 /* we didn't include cell name in prior versions */
1392 bp = buf + index + 1;
1394 for (index = 0; index < count && buf[index] != ','; index++);
1396 if (index == count) {
1398 fprintf(stderr, "overran buffer while searching for cell\n");
1402 if (buf[index] != ',') {
1405 "Didn't stop on a comma, searching for cell\n");
1414 bp = buf + index + 1;
1416 for (; index < count && buf[index] != ','; index++);
1418 if (index == count) {
1421 "overran buffer while searching for startTime #\n");
1425 if (buf[index] != ',') {
1428 "Didn't stop on a comma, searching for startTime #\n");
1434 sscanf(bp, "%u", &token->startTime);
1438 bp = buf + index + 1;
1440 for (; index < count && buf[index] != ','; index++);
1442 if (index == count) {
1444 fprintf(stderr, "overran buffer while searching for endTime #\n");
1448 if (buf[index] != ',') {
1451 "Didn't stop on a comma, searching for endTime #\n");
1457 sscanf(bp, "%u", &token->endTime);
1459 /* (4) sessionKey */
1461 bp = buf + index + 1;
1462 memcpy(&token->sessionKey, bp, 8);
1467 for (index += 9; index < count && buf[index] != ','; index++);
1469 if (index == count) {
1471 fprintf(stderr, "overran buffer while searching for kvno\n");
1475 if (buf[index] != ',') {
1477 fprintf(stderr, "Didn't stop on a comma, searching for kvno\n");
1483 /* kvno is actually a short, so insist that it scan a short */
1485 sscanf(bp, "%hu", &token->kvno);
1489 bp = buf + index + 1;
1491 for (; index < count && buf[index] != ','; index++);
1493 if (index == count) {
1495 fprintf(stderr, "overran buffer while searching for ticketLen\n");
1499 if (buf[index] != ',') {
1502 "Didn't stop on a comma, searching for ticketLen\n");
1508 sscanf(bp, "%u", &token->ticketLen);
1512 bp = buf + index + 1;
1514 if (index + token->ticketLen > count) {
1516 fprintf(stderr, "overran buffer while copying ticket\n");
1520 memcpy(token->ticket, bp, token->ticketLen);
1528 struct sigaction act, oact;
1531 memset(&act, '\0', sizeof(act));
1532 act.sa_handler = SIG_DFL;
1533 for (sign = 1; sign < NSIG; sign++)
1534 sigaction(sign, &act, &oact);