4 * Copyright (c) 1983 Regents of the University of California.
7 * Redistribution and use in source and binary forms are permitted
8 * provided that the above copyright notice and this paragraph are
9 * duplicated in all such forms and that any documentation,
10 * advertising materials, and other materials related to such
11 * distribution and use acknowledge that the software was developed
12 * by the University of California, Berkeley. The name of the
13 * University may not be used to endorse or promote products derived
14 * from this software without specific prior written permission.
15 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
17 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 * Inetd - Internet super-server
23 * This program invokes all internet services as needed.
24 * connection-oriented services are invoked each time a
25 * connection is made, by creating a process. This process
26 * is passed the connection as file descriptor 0 and is
27 * expected to do a getpeername to find out the source host
30 * Datagram oriented services are invoked when a datagram
31 * arrives; a process is created and passed a pending message
32 * on file descriptor 0. Datagram servers may either connect
33 * to their peer, freeing up the original socket for inetd
34 * to receive further messages on, or ``take over the socket'',
35 * processing all arriving datagrams and, eventually, timing
36 * out. The first type of server is said to be ``multi-threaded'';
37 * the second type of server ``single-threaded''.
39 * Inetd uses a configuration file which is read at startup
40 * and, possibly, at some later time in response to a hangup signal.
41 * The configuration file is ``free format'' with fields given in the
42 * order shown below. Continuation lines for an entry must being with
43 * a space or tab. All fields must be present in each entry.
45 * service name must be in /etc/services
46 * socket type stream/dgram/raw/rdm/seqpacket
47 * protocol must be in /etc/protocols
48 * wait/nowait single-threaded/multi-threaded
49 * user user to run daemon as
50 * server program full path name
51 * server program arguments maximum of MAXARGS (5)
53 * Comment lines are indicated by a `#' in column 1.
55 #include <afs/param.h>
56 #include <afsconfig.h>
60 #include <sys/param.h>
65 #include <sys/ioctl.h>
66 #include <sys/socket.h>
73 #include <sys/resource.h>
75 #include <netinet/in.h>
76 #include <arpa/inet.h>
79 #include <afs/cellconfig.h>
80 #include <afs/afsutil.h>
85 #include <sys/syslog.h>
96 #define TOOMANY 40 /* don't start more than TOOMANY */
97 #define CNT_INTVL 60 /* servers in CNT_INTVL sec. */
98 #define RETRYTIME (60*10) /* retry after bind or server fail */
100 void config(), reapchild(), retry();
110 char *se_service; /* name of service */
111 int se_socktype; /* type of socket to use */
112 char *se_proto; /* protocol used */
113 short se_wait; /* single threaded server */
114 short se_checked; /* looked at during merge */
115 char *se_user; /* user name to run as */
116 struct biltin *se_bi; /* if built-in, description */
117 char *se_server; /* server program */
119 char *se_argv[MAXARGV+1]; /* program arguments */
120 int se_fd; /* open descriptor */
121 struct sockaddr_in se_ctrladdr;/* bound address */
122 int se_count; /* number started since se_time */
123 struct timeval se_time; /* start of se_count */
124 struct servtab *se_next;
127 int echo_stream(), discard_stream(), machtime_stream();
128 int daytime_stream(), chargen_stream();
129 int echo_dg(), discard_dg(), machtime_dg(), daytime_dg(), chargen_dg();
130 int auth_stream(), auth_dg();
133 char *bi_service; /* internally provided service name */
134 int bi_socktype; /* type of socket supported */
135 short bi_fork; /* 1 if should fork before call */
136 short bi_wait; /* 1 if should wait for child */
137 int (*bi_fn)(); /* function which performs it */
139 /* Echo received data */
140 "echo", SOCK_STREAM, 1, 0, echo_stream,
141 "echo", SOCK_DGRAM, 0, 0, echo_dg,
143 /* Internet /dev/null */
144 "discard", SOCK_STREAM, 1, 0, discard_stream,
145 "discard", SOCK_DGRAM, 0, 0, discard_dg,
147 /* Return 32 bit time since 1970 */
148 "time", SOCK_STREAM, 0, 0, machtime_stream,
149 "time", SOCK_DGRAM, 0, 0, machtime_dg,
151 /* Return human-readable time */
152 "daytime", SOCK_STREAM, 0, 0, daytime_stream,
153 "daytime", SOCK_DGRAM, 0, 0, daytime_dg,
155 /* Familiar character generator */
156 "chargen", SOCK_STREAM, 1, 0, chargen_stream,
157 "chargen", SOCK_DGRAM, 0, 0, chargen_dg,
159 /* Remote authentication services */
160 "ta-rauth", SOCK_STREAM, 1, 0, auth_stream,
161 "ta-rauth", SOCK_DGRAM, 0, 0, auth_dg,
165 #define NUMINT (sizeof(intab) / sizeof(struct inent))
166 char *CONFIG = "/etc/inetd.conf";
169 int backlog = 10; /* listen() queue length */
171 #include "AFS_component_version_number.c"
177 int afs_didsetpag = 0;
178 main(argc, argv, envp)
180 char *argv[], *envp[];
184 register struct servtab *sep;
185 register struct passwd *pwd;
186 struct passwd *getpwnam();
191 #if defined(AFS_HPUX_ENV)
194 #endif /* defined(AFS_HPUX_ENV) */
196 memset((char *)allZeroes, '\0', sizeof(allZeroes));
197 bzero((char *)allZeroes, sizeof(allZeroes));
199 sigNone = *((sigset_t *) allZeroes);
200 allZeroes[0] = (1<<(SIGCHLD-1)) + (1<<(SIGHUP-1)) + (1<<(SIGALRM-1));
201 sigBlock = *((sigset_t *) allZeroes);
203 setpag(); /* disassociate with PAG of person starting inetd */
206 if (envp == 0 || *envp == 0)
210 LastArg = envp[-1] + strlen(envp[-1]);
212 while ((ch = getopt(argc, argv, "dl:")) != EOF)
219 /* undocumented option to set listen() queue length */
220 backlog = atoi(optarg);
224 fprintf(stderr, "usage: inetd [-d]");
233 #if defined(AFS_OSF_ENV) && !defined(AFS_OSF32_ENV)
241 for (tmpint = 0; tmpint < getnumfds(); tmpint++)
243 for (tmpint = 0; tmpint < 10; tmpint++)
245 (void) close(tmpint);
246 (void) open("/", O_RDONLY);
250 tmpint = open("/dev/tty", O_RDWR);
252 ioctl(tmpint, TIOCNOTTY, (char *)0);
258 * the way to get rid of the controlling terminal in hp-ux, if we
259 * are not a process group leader
261 newSessionID = setsid();
262 if (newSessionID == -1) {
264 * we are already a process group leader, & extensive experimentation
265 * indicates that (contrary to the documentation, once again), there
266 * doesn't seem to be any way to get rid of our control tty, other
267 * than the following ugliness:
269 if ( fork() ) exit(0);
276 (void) setpgrp(0, 0);
280 (void) signal(SIGTSTP, SIG_IGN);
281 (void) signal(SIGTTIN, SIG_IGN);
282 (void) signal(SIGTTOU, SIG_IGN);
283 #endif /* !defined(AIX) */
284 #endif /* AFS_OSF_ENV */
287 openlog("inetd", LOG_PID | LOG_NOWAIT, LOG_DAEMON);
289 memset((char *)&sa, '\0', sizeof(sa));
290 sa.sa_mask = sigBlock;
291 sa.sa_handler = retry;
292 sigaction(SIGALRM, &sa, (struct sigaction *)0);
294 sa.sa_handler = config;
295 sigaction(SIGHUP, &sa, (struct sigaction *)0);
296 sa.sa_handler = reapchild;
297 sigaction(SIGCHLD, &sa, (struct sigaction *)0);
299 /* space for daemons to overwrite environment for ps */
300 #define DUMMYSIZE 100
301 char dummy[DUMMYSIZE];
303 (void)memset(dummy, 'x', sizeof(DUMMYSIZE) - 1);
304 dummy[DUMMYSIZE - 1] = '\0';
305 (void)setenv("inetd_dummy", dummy, 1);
313 (void) sigprocmask(SIG_BLOCK, &sigBlock, (sigset_t *)0);
316 (void) sigprocmask(SIG_SETMASK, &sigNone, (sigset_t *)0);
319 if ((n = select(maxsock + 1, &readable, (fd_set *)0,
320 (fd_set *)0, (struct timeval *)0)) <= 0) {
321 if (n < 0 && errno != EINTR)
322 syslog(LOG_WARNING, "select: %m\n");
326 for (sep = servtab; n && sep; sep = sep->se_next)
327 if ((sep->se_fd != -1) && FD_ISSET(sep->se_fd, &readable)) {
330 fprintf(stderr, "someone wants %s\n", sep->se_service);
331 if (!sep->se_wait && sep->se_socktype == SOCK_STREAM) {
332 ctrl = accept(sep->se_fd, (struct sockaddr *)0,
335 fprintf(stderr, "accept, ctrl %d\n", ctrl);
339 syslog(LOG_WARNING, "accept: %m");
344 (void) sigprocmask(SIG_BLOCK, &sigBlock, (sigset_t *)0);
346 dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork);
349 fprintf(stderr,"forking\n");
350 if (sep->se_socktype == SOCK_DGRAM) {
351 if (sep->se_count++ == 0)
352 (void)gettimeofday(&sep->se_time,
353 (struct timezone *)0);
354 else if (sep->se_count >= TOOMANY) {
357 (void)gettimeofday(&now, (struct timezone *)0);
358 if (now.tv_sec - sep->se_time.tv_sec >
364 "%s/%s server failing (looping), service terminated %d\n",
365 sep->se_service, sep->se_proto, sep->se_socktype);
366 FD_CLR(sep->se_fd, &allsock);
367 (void) close(sep->se_fd);
371 sigprocmask(SIG_SETMASK, &sigNone,
384 if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
386 sigprocmask(SIG_SETMASK, &sigNone, (sigset_t *)0);
390 if (pid && sep->se_wait) {
392 FD_CLR(sep->se_fd, &allsock);
395 sigprocmask(SIG_SETMASK, &sigNone, (sigset_t *)0);
402 (tmpint = open("/dev/tty", O_RDWR)) > 0) {
404 ioctl(tmpint, TIOCNOTTY, 0);
408 (void) setpgrp(0, 0);
410 (void) signal(SIGTSTP, SIG_IGN);
411 (void) signal(SIGTTIN, SIG_IGN);
412 (void) signal(SIGTTOU, SIG_IGN);
413 #endif /* !defined(AIX) */
418 /* make child session leader */
422 for (tmpint = getnumfds(); --tmpint > 2; )
424 for (tmpint = getdtablesize(); --tmpint > 2; )
431 (*sep->se_bi->bi_fn)(ctrl, sep);
434 int pgid = -getpid();
437 (void) setpgrp(0, 0);
445 /* make child socket process group leader */
446 ioctl(0, SIOCSPGRP, (char *)&pgid);
448 if ((pwd = getpwnam(sep->se_user)) == NULL) {
449 fprintf(stderr,"getpwnam failed\n");
450 syslog(LOG_ERR, "getpwnam: %s: No such user",sep->se_user);
451 if (sep->se_socktype != SOCK_STREAM)
452 recv(0, buf, sizeof (buf), 0);
457 (void) initgroups((uid_t)pwd->pw_name,(gid_t)pwd->pw_gid);
458 (void) setgid((gid_t)pwd->pw_gid);
460 (void) setgid((gid_t)pwd->pw_gid);
461 initgroups(pwd->pw_name, pwd->pw_gid);
463 (void) setuid((uid_t)pwd->pw_uid);
465 if (!afs_didsetpag && (!strcmp(sep->se_service, "login") ||
466 !strcmp(sep->se_service, "shell"))) {
467 setpag(); /* to disassociate it from current group... */
471 if (sep->se_argv[0] != NULL) {
472 if (!strcmp(sep->se_argv[0], "%A")) {
474 sprintf(addrbuf, "%s.%d",
475 inet_ntoa(his_addr.sin_addr.s_addr),
476 ntohs(his_addr.sin_port));
477 execl(sep->se_server,
478 rindex(sep->se_server, '/')+1,
479 sep->se_socktype == SOCK_DGRAM
480 ? (char *)0 : addrbuf, (char *)0);
482 execv(sep->se_server, sep->se_argv);
486 execv(sep->se_server, sep->se_argv);
488 fprintf(stderr, "%d execl %s\n",
489 getpid(), sep->se_server);
490 if (sep->se_socktype != SOCK_STREAM)
491 recv(0, buf, sizeof (buf), 0);
492 syslog(LOG_ERR, "execv %s: %m", sep->se_server);
496 if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
507 register struct servtab *sep;
510 pid = wait3(&status, WNOHANG, (struct rusage *)0);
514 fprintf(stderr, "%d <reaped (status %d)\n", pid,
516 for (sep = servtab; sep; sep = sep->se_next)
517 if (sep->se_wait == pid) {
520 "%s: exit status 0x%x",
521 sep->se_server, status);
523 fprintf(stderr, "restored %s, fd %d\n",
524 sep->se_service, sep->se_fd);
525 FD_SET(sep->se_fd, &allsock);
534 register struct servtab *sep, *cp, **sepp;
535 struct servtab *getconfigent(), *enter();
539 syslog(LOG_ERR, "%s: %m", CONFIG);
542 for (sep = servtab; sep; sep = sep->se_next)
544 while (cp = getconfigent()) {
546 /* fix a bug on rt */
547 if(cp->se_service == 0 || *cp->se_service == '\0')
550 for (sep = servtab; sep; sep = sep->se_next)
551 if (strcmp(sep->se_service, cp->se_service) == 0 &&
552 strcmp(sep->se_proto, cp->se_proto) == 0)
557 sigprocmask(SIG_BLOCK, &sigBlock, &oset);
559 sep->se_wait = cp->se_wait;
560 #define SWAP(a, b) { char *c = a; a = b; b = c; }
562 SWAP(sep->se_user, cp->se_user);
564 SWAP(sep->se_server, cp->se_server);
565 for (i = 0; i < MAXARGV; i++)
566 SWAP(sep->se_argv[i], cp->se_argv[i]);
567 sigprocmask(SIG_SETMASK, &oset, (sigset_t *)0);
570 print_service("REDO", sep);
574 print_service("ADD ", sep);
577 sp = getservbyname(sep->se_service, sep->se_proto);
579 syslog(LOG_ERR, "%s/%s: unknown service",
580 sep->se_service, sep->se_proto);
583 if (sp->s_port != sep->se_ctrladdr.sin_port) {
584 sep->se_ctrladdr.sin_port = sp->s_port;
585 if (sep->se_fd != -1)
586 (void) close(sep->se_fd);
589 if (sep->se_fd == -1)
594 * Purge anything not looked at above.
596 sigprocmask(SIG_BLOCK, &sigBlock, &oset);
598 while (sep = *sepp) {
599 if (sep->se_checked) {
600 sepp = &sep->se_next;
603 *sepp = sep->se_next;
604 if (sep->se_fd != -1) {
605 FD_CLR(sep->se_fd, &allsock);
607 (void) close(sep->se_fd);
610 print_service("FREE", sep);
614 sigprocmask(SIG_SETMASK, &oset, (sigset_t *)0);
620 register struct servtab *sep;
623 for (sep = servtab; sep; sep = sep->se_next)
624 if (sep->se_fd == -1)
629 register struct servtab *sep;
633 if ((sep->se_fd = socket(AF_INET, sep->se_socktype, 0)) < 0) {
634 syslog(LOG_ERR, "%s/%s: socket: %m",
635 sep->se_service, sep->se_proto);
638 #define turnon(fd, opt) \
639 setsockopt(fd, SOL_SOCKET, opt, (char *)&on, sizeof (on))
640 if (strcmp(sep->se_proto, "tcp") == 0 && (options & SO_DEBUG) &&
641 turnon(sep->se_fd, SO_DEBUG) < 0)
642 syslog(LOG_ERR, "setsockopt (SO_DEBUG): %m");
643 if (turnon(sep->se_fd, SO_REUSEADDR) < 0)
644 syslog(LOG_ERR, "setsockopt (SO_REUSEADDR): %m");
646 if (bind(sep->se_fd, (struct sockaddr *) &sep->se_ctrladdr,
647 sizeof (sep->se_ctrladdr)) < 0) {
648 syslog(LOG_ERR, "%s/%s: bind: %m",
649 sep->se_service, sep->se_proto);
650 (void) close(sep->se_fd);
658 if (sep->se_socktype == SOCK_STREAM)
659 listen(sep->se_fd, backlog);
660 FD_SET(sep->se_fd, &allsock);
662 if (sep->se_fd > maxsock)
663 maxsock = sep->se_fd;
670 register struct servtab *sep;
673 sep = (struct servtab *)malloc(sizeof (*sep));
674 if (sep == (struct servtab *)0) {
675 syslog(LOG_ERR, "Out of memory.");
680 sigprocmask(SIG_BLOCK, &sigBlock, &oset);
681 sep->se_next = servtab;
683 sigprocmask(SIG_SETMASK, &oset, (sigset_t *)0);
687 FILE *fconfig = NULL;
690 char *skip(), *nextline();
695 if (fconfig != NULL) {
696 fseek(fconfig, 0L, L_SET);
699 fconfig = fopen(CONFIG, "r");
700 return (fconfig != NULL);
706 (void) fclose(fconfig);
714 register struct servtab *sep = &serv;
716 char *cp, *arg, *copyofstr();
719 /* modified to skip blank lines... */
720 while ((cp = nextline(fconfig)) && (*cp == '#' || (strlen(cp) < 2)))
723 return ((struct servtab *)0);
724 sep->se_service = copyofstr(skip(&cp));
726 if (strcmp(arg, "stream") == 0)
727 sep->se_socktype = SOCK_STREAM;
728 else if (strcmp(arg, "dgram") == 0)
729 sep->se_socktype = SOCK_DGRAM;
730 else if (strcmp(arg, "rdm") == 0)
731 sep->se_socktype = SOCK_RDM;
732 else if (strcmp(arg, "seqpacket") == 0)
733 sep->se_socktype = SOCK_SEQPACKET;
734 else if (strcmp(arg, "raw") == 0)
735 sep->se_socktype = SOCK_RAW;
737 sep->se_socktype = -1;
738 sep->se_proto = copyofstr(skip(&cp));
740 sep->se_wait = strcmp(arg, "wait") == 0;
741 sep->se_user = copyofstr(skip(&cp));
742 sep->se_server = copyofstr(skip(&cp));
743 if (strcmp(sep->se_server, "internal") == 0) {
744 register struct biltin *bi;
746 for (bi = biltins; bi->bi_service; bi++)
747 if (bi->bi_socktype == sep->se_socktype &&
748 strcmp(bi->bi_service, sep->se_service) == 0)
750 if (bi->bi_service == 0) {
751 syslog(LOG_ERR, "internal service %s unknown\n",
756 sep->se_wait = bi->bi_wait;
760 for (arg = skip(&cp); cp; arg = skip(&cp))
762 sep->se_argv[argc++] = copyofstr(arg);
763 while (argc <= MAXARGV)
764 sep->se_argv[argc++] = NULL;
769 register struct servtab *cp;
774 free(cp->se_service);
781 for (i = 0; i < MAXARGV; i++)
783 free(cp->se_argv[i]);
790 register char *cp = *cpp;
794 while (*cp == ' ' || *cp == '\t')
800 (void) ungetc(c, fconfig);
801 if (c == ' ' || c == '\t')
802 if (cp = nextline(fconfig))
808 while (*cp && *cp != ' ' && *cp != '\t')
822 if (fgets(line, sizeof (line), fd) == NULL)
824 cp = strchr(line, '\n');
838 new = malloc((unsigned)(strlen(cp) + 1));
839 if (new == (char *)0) {
840 syslog(LOG_ERR, "Out of memory.");
843 (void)strcpy(new, cp);
853 struct sockaddr_in sin;
858 if (getpeername(s, (struct sockaddr *) &sin, &size) == 0)
859 (void) sprintf(buf, "-%s [%s]", a, inet_ntoa(sin.sin_addr));
861 (void) sprintf(buf, "-%s", a);
862 strncpy(cp, buf, LastArg - cp);
869 * Internet services provided internally by inetd:
873 echo_stream(s, sep) /* Echo service -- echo data back */
880 setproctitle(sep->se_service, s);
881 while ((i = read(s, buffer, sizeof(buffer))) > 0 &&
882 write(s, buffer, i) > 0)
888 echo_dg(s, sep) /* Echo service -- echo data back */
897 if ((i = recvfrom(s, buffer, sizeof(buffer), 0, &sa, &size)) < 0)
899 (void) sendto(s, buffer, i, 0, &sa, sizeof(sa));
903 discard_stream(s, sep) /* Discard service -- ignore data */
909 setproctitle(sep->se_service, s);
911 while (read(s, buffer, sizeof(buffer)) > 0)
920 discard_dg(s, sep) /* Discard service -- ignore data */
926 (void) read(s, buffer, sizeof(buffer));
939 for (i = 0; i <= 128; ++i)
945 chargen_stream(s, sep) /* Character generator */
951 char text[LINESIZ+2];
953 setproctitle(sep->se_service, s);
960 text[LINESIZ] = '\r';
961 text[LINESIZ + 1] = '\n';
963 if ((len = endring - rs) >= LINESIZ)
964 memcpy(text, rs, LINESIZ);
966 memcpy(text, rs, len);
967 memcpy(text + len, ring, LINESIZ - len);
971 if (write(s, text, sizeof(text)) != sizeof(text))
978 chargen_dg(s, sep) /* Character generator */
985 char text[LINESIZ+2];
993 if (recvfrom(s, text, sizeof(text), 0, &sa, &size) < 0)
996 if ((len = endring - rs) >= LINESIZ)
997 memcpy(text, rs, LINESIZ);
999 memcpy(text, rs, len);
1000 memcpy(text + len, ring, LINESIZ - len);
1002 if (++rs == endring)
1004 text[LINESIZ] = '\r';
1005 text[LINESIZ + 1] = '\n';
1006 (void) sendto(s, text, sizeof(text), 0, &sa, sizeof(sa));
1010 * Return a machine readable date and time, in the form of the
1011 * number of seconds since midnight, Jan 1, 1900. Since gettimeofday
1012 * returns the number of seconds since midnight, Jan 1, 1970,
1013 * we must add 2208988800 seconds to this figure to make up for
1014 * some seventy years Bell Labs was asleep.
1022 if (gettimeofday(&tv, (struct timezone *)0) < 0) {
1023 fprintf(stderr, "Unable to get time of day\n");
1026 return (htonl((afs_int32)tv.tv_sec + 2208988800U));
1030 machtime_stream(s, sep)
1032 struct servtab *sep;
1036 result = machtime();
1037 (void) write(s, (char *) &result, sizeof(result));
1043 struct servtab *sep;
1050 if (recvfrom(s, (char *)&result, sizeof(result), 0, &sa, &size) < 0)
1052 result = machtime();
1053 (void) sendto(s, (char *) &result, sizeof(result), 0, &sa, sizeof(sa));
1057 daytime_stream(s, sep) /* Return human-readable time of day */
1059 struct servtab *sep;
1064 clock = time((time_t *) 0);
1066 (void) sprintf(buffer, "%.24s\r\n", ctime(&clock));
1067 (void) write(s, buffer, strlen(buffer));
1071 daytime_dg(s, sep) /* Return human-readable time of day */
1073 struct servtab *sep;
1080 clock = time((time_t *) 0);
1083 if (recvfrom(s, buffer, sizeof(buffer), 0, &sa, &size) < 0)
1085 (void) sprintf(buffer, "%.24s\r\n", ctime(&clock));
1086 (void) sendto(s, buffer, strlen(buffer), 0, &sa, sizeof(sa));
1091 * Dump relevant information to stderr
1093 print_service(action, sep)
1095 struct servtab *sep;
1098 "%s: %s proto=%s, wait=%d, user=%s builtin=%x server=%s\n",
1099 action, sep->se_service, sep->se_proto,
1100 sep->se_wait, sep->se_user, (int)sep->se_bi, sep->se_server);
1103 * (C) Copyright 1989 Transarc Corporation. All Rights Reserved.
1107 * This program is a front-end for the various remote access programs
1108 * (e.g. rsh, rcp, rlogin, ftp) to allow for weak remote authentication.
1109 * It will be used by a call to a well-known restricted tcp port; if
1110 * there is a service on that port, we will attempt authentication.
1112 * Note, this only affects the Kerberos portion of the authentication;
1113 * the program still requires its existing authentication (although it
1114 * seems reasonable to change this in the future.)
1116 * The advantage to this scheme (rather than modifying each program to
1117 * incorporate this authentication scheme) is it allows us to modify
1118 * the authentication mechanism without requiring additonal code
1119 * changes to the other programs.
1121 * Current format of authentication packet:
1125 * (3) Token length (null terminated);
1126 * (4) Token (not null terminated).
1128 * The code to add/delete to the AFS ticket cache is taken from the
1129 * authentication library.
1133 * routine to do the actual authentication. At this time, it is
1134 * very simple -- the remote end passes a token length and a token.
1136 * This routine returns the name of the requested service.
1139 #define gettime(tl) do { struct timezone tzp; struct timeval tv; \
1140 gettimeofday(&tv,&tzp); tl = tv.tv_sec; } while(0)
1141 #define RAUTH_TOKENLIFE (60 * 60 * 2) /* 2 hours */
1143 #define NOPAG 0xffffffff
1144 int get_pag_from_groups(g0, g1)
1147 afs_uint32 h, l, result;
1151 if (g0 < 0xc000 && g1 < 0xc000) {
1152 l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff);
1154 h = (g1 >> 14) + h + h + h;
1155 result = ((h << 28) | l);
1156 /* Additional testing */
1157 if (((result >> 24) & 0xff) == 'A')
1165 auth_stream(s, sepent)
1167 struct servtab *sepent;
1169 char service[100], remoteName[64];
1170 struct sockaddr_in from;
1173 struct afsconf_dir *tdir;
1174 struct ktc_principal tserver, tclient;
1175 struct ktc_token token;
1176 register struct servtab *sep;
1179 * First, obtain information on remote end of connection.
1182 fprintf(stderr,"auth_stream: entered\n");
1183 #ifndef AFS_SUN5_ENV
1184 if (getpeername(s, &from, &fromlen) < 0) {
1185 syslog(LOG_ERR, "getpeername failed");
1187 fprintf(stderr,"auth_stream: getpeername failed\n");
1191 if(intoken(s,&token,service,remoteName) != 0) {
1192 syslog(LOG_ERR,"invalid remote authentication");
1194 fprintf(stderr,"auth_stream: invalid remote authentication\n");
1197 /* lookup the name of the local cell */
1200 fprintf(stderr,"auth_stream: look up local cell name\n");
1202 tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
1204 syslog(LOG_NOTICE, "Can't open dir %s\n", AFSDIR_CLIENT_ETC_DIRPATH);
1206 fprintf(stderr,"Can't open dir %s\n", AFSDIR_CLIENT_ETC_DIRPATH);
1209 /* done with configuration stuff now */
1210 afsconf_Close(tdir);
1211 /* set ticket in local cell */
1212 strcpy(tserver.cell, remoteName);
1213 strcpy(tserver.name, "afs");
1215 /* now, set the token */
1219 "token information: service is %s\ntoken length is %d\n",
1220 service, token. ticketLen);
1221 fprintf(stderr,"token is %s\n",token.ticket);
1222 fprintf(stderr,"cell name is %s\n",remoteName);
1226 code = ktc_SetToken(&tserver, &token, &tclient, 0);
1228 write(s,"0",1); /* say "no" to other side */
1229 printf("Login incorrect.(%d)", code);
1230 syslog(LOG_ERR, "Invalid token from %s",
1231 inet_ntoa(from.sin_addr));
1234 write(s, "1", 1); /* say "yes" to other side */
1237 fprintf(stderr,"Finished authentication code\n");
1238 for (sep = servtab; sep; sep = sep->se_next)
1239 if(strcmp(sep->se_service,service) == 0) {
1240 int dofork = (sep->se_bi == 0 || sep->se_bi->bi_fork);
1244 for(tmpint = getdtablesize(); --tmpint > 2; )
1249 (*sep->se_bi->bi_fn)(s, sep);
1251 register struct passwd *pwd;
1252 struct passwd *getpwnam();
1255 if ((pwd = getpwnam(sep->se_user)) == NULL) {
1257 "getpwnam: %s: No such user",
1259 if (sep->se_socktype != SOCK_STREAM)
1260 recv(0, buf, sizeof (buf), 0);
1265 (void) setgid((gid_t)pwd->pw_gid);
1266 initgroups(pwd->pw_name, pwd->pw_gid);
1267 (void) setuid((uid_t)pwd->pw_uid);
1273 fprintf(stderr,"going to exec program %s(errno = %d)\n",
1274 sep->se_server,errno);
1279 if (!afs_didsetpag && (!strcmp(sep->se_service, "login") ||
1280 !strcmp(sep->se_service, "shell"))) {
1281 setpag(); /* to disassociate it from current group... */
1283 execv(sep->se_server, sep->se_argv);
1285 if (sep->se_socktype != SOCK_STREAM)
1286 recv(0, buf, sizeof (buf), 0);
1287 syslog(LOG_ERR, "execv %s: %m", sep->se_server);
1291 fprintf(stderr,"service not available\n");
1292 syslog(LOG_ERR, "auth_stream: invalid service requested %s\n",service);
1300 "datagram remote authentication requested, not supported");
1306 * This routine accepts a token on the specified file handle;
1307 * The input format for a token is:
1309 * Field # Contents description
1310 * (0) Service Name char[]
1311 * (1) Version # unsigned integer (< 2^32)
1312 * (2) cellName char[]
1313 * (3) startTime unsigned afs_int32 (< 2^32)
1314 * (4) endTime unsigned afs_int32 (< 2^32)
1315 * (5) sessionKey char[8]
1316 * (6) kvno short (< 2^16)
1317 * (7) ticketLen unsigned integer (< 2^32)
1318 * (8) ticket char[MAXKTCTICKETLEN]
1320 * Each field is comma separated; the last is variable length. The
1321 * converted token is placed into the token structure pointed to by
1322 * the variable "token".
1325 intoken(s,token,svc, cell)
1327 struct ktc_token *token;
1330 char buf[1024], *bp;
1332 unsigned index, version;
1335 fprintf(stderr,"intoken: entered\n");
1337 if((count = recv(s,buf,sizeof buf,0)) == -1) {
1339 fprintf(stderr,"error on fd %d\n",s);
1340 perror("intoken recv");
1345 /* (0) Service Name */
1346 for(index = 0; index < count && buf[index] != ','; index++)
1349 if (index == count) {
1351 fprintf(stderr,"overran buffer while searching for svc name\n");
1355 if (buf[index] != ',') {
1357 fprintf(stderr,"Didn't stop on a comma, searching for svc name\n");
1367 bp = buf + index + 1;
1369 for(; index < count && buf[index] != ','; index++)
1372 if (index == count) {
1374 fprintf(stderr,"overran buffer while searching for version #\n");
1378 if (buf[index] != ',') {
1381 "Didn't stop on a comma, searching for version #\n");
1387 sscanf(bp, "%u", &version);
1391 fprintf(stderr,"Incompatible (newer) version encountered: %d\n",
1397 /* we didn't include cell name in prior versions */
1398 bp = buf + index + 1;
1400 for(index = 0; index < count && buf[index] != ','; index++)
1403 if (index == count) {
1405 fprintf(stderr,"overran buffer while searching for cell\n");
1409 if (buf[index] != ',') {
1411 fprintf(stderr,"Didn't stop on a comma, searching for cell\n");
1420 bp = buf + index + 1;
1422 for(; index < count && buf[index] != ','; index++)
1425 if (index == count) {
1428 "overran buffer while searching for startTime #\n");
1432 if (buf[index] != ',') {
1435 "Didn't stop on a comma, searching for startTime #\n");
1441 sscanf(bp, "%u", &token->startTime);
1445 bp = buf + index + 1;
1447 for(; index < count && buf[index] != ','; index++)
1450 if (index == count) {
1453 "overran buffer while searching for endTime #\n");
1457 if (buf[index] != ',') {
1460 "Didn't stop on a comma, searching for endTime #\n");
1466 sscanf(bp, "%u", &token->endTime);
1468 /* (4) sessionKey */
1470 bp = buf + index + 1;
1471 memcpy(&token->sessionKey, bp, 8);
1476 for(index += 9; index < count && buf[index] != ','; index++)
1479 if (index == count) {
1481 fprintf(stderr,"overran buffer while searching for kvno\n");
1485 if (buf[index] != ',') {
1487 fprintf(stderr,"Didn't stop on a comma, searching for kvno\n");
1493 /* kvno is actually a short, so insist that it scan a short */
1495 sscanf(bp, "%hu", &token->kvno);
1499 bp = buf + index + 1;
1501 for(; index < count && buf[index] != ','; index++)
1504 if (index == count) {
1506 fprintf(stderr,"overran buffer while searching for ticketLen\n");
1510 if (buf[index] != ',') {
1513 "Didn't stop on a comma, searching for ticketLen\n");
1519 sscanf(bp, "%u", &token->ticketLen);
1523 bp = buf + index + 1;
1525 if(index + token->ticketLen > count) {
1527 fprintf(stderr,"overran buffer while copying ticket\n");
1531 memcpy(token->ticket, bp, token->ticketLen);
1539 struct sigaction act, oact;
1542 memset(&act, '\0', sizeof(act));
1543 act.sa_handler = SIG_DFL;
1544 for (sign = 1; sign < NSIG; sign++)
1545 sigaction(sign, &act, &oact);
git://git.openafs.org / openafs.git / blob