2 * (c) Copyright 1992 by Panagiotis Tsirigotis
3 * (c) Sections Copyright 1998-2001 by Rob Braun
4 * All rights reserved. The file named COPYRIGHT specifies the terms
5 * and conditions for redistribution.
10 #include <sys/socket.h>
11 #include <netinet/in.h>
15 #include <netinet/tcp.h>
21 #include <netinet/in.h>
27 #ifdef HAVE_RPC_PMAP_CLNT_H
29 #include <rpc/types.h>
32 #include <rpc/types.h>
36 #include <rpc/pmap_clnt.h>
41 #ifdef HAVE_SYS_FILE_H
56 #define NEW_SVC() NEW( struct service )
57 #define FREE_SVC( sp ) FREE( sp )
59 #define DISABLE( sp ) SVC_STATE((sp)) = SVC_DISABLED
61 static void deactivate( const struct service *sp );
62 static int banner_always( const struct service *sp, const connection_s *cp );
64 static const struct name_value service_states[] =
66 { "Not started", (int) SVC_NOT_STARTED },
67 { "Active", (int) SVC_ACTIVE },
68 { "Disabled", (int) SVC_DISABLED },
69 { "Suspended", (int) SVC_SUSPENDED },
77 * Allocate a new struct service and initialize it from scp
79 struct service *svc_new( struct service_config *scp )
82 const char *func = "svc_new" ;
87 out_of_memory( func ) ;
97 struct service *svc_make_special( struct service_config *scp )
100 const char *func = "svc_make_special" ;
102 if ( ( sp = svc_new( scp ) ) == NULL )
104 out_of_memory( func ) ;
108 SVC_NOT_GENERIC(sp) = 1 ;
109 SVC_LOG(sp) = ps.rws.program_log ;
110 SVC_REFCOUNT(sp) = 1 ;
111 SVC_STATE(sp) = SVC_ACTIVE ;
116 void svc_free( struct service *sp )
118 sc_free( SVC_CONF(sp) ) ;
124 static status_e set_fd_modes( struct service *sp )
126 int sd = SVC_FD( sp ) ;
127 const char *func = "set_fd_modes" ;
130 * There is a possibility of blocking on a send/write if
132 * the service does not require forking (==> is internal) AND
133 * it does not accept connections
135 * To avoid this, we put the descriptor in FNDELAY mode.
136 * (if the service accepts connections, we still need to put the
137 * 'accepted' connection in FNDELAY mode but this is done elsewhere)
139 if ( ! SVC_FORKS( sp ) && ! SVC_ACCEPTS_CONNECTIONS( sp ) &&
140 fcntl( sd, F_SETFL, FNDELAY ) == -1 )
143 "fcntl failed (%m) for FNDELAY. service = %s", SVC_ID( sp ) ) ;
148 * Always set the close-on-exec flag
150 if ( fcntl( sd, F_SETFD, FD_CLOEXEC ) == -1 )
153 "fcntl failed (%m) for close-on-exec. service = %s", SVC_ID( sp ) ) ;
162 static status_e activate_rpc( struct service *sp )
164 union xsockaddr tsin;
165 socklen_t sin_len = sizeof(tsin);
167 struct service_config *scp = SVC_CONF( sp ) ;
168 struct rpc_data *rdp = SC_RPCDATA( scp ) ;
169 char *sid = SC_ID( scp ) ;
170 unsigned registered_versions = 0 ;
171 int sd = SVC_FD( sp ) ;
172 const char *func = "activate_rpc" ;
174 if( SC_BIND_ADDR(scp) != 0 )
175 memcpy( &tsin, SC_BIND_ADDR(scp), sizeof(tsin) );
177 memset( &tsin, 0, sizeof(tsin));
179 if( SC_IPV4( scp ) ) {
180 tsin.sa_in.sin_family = AF_INET ;
181 sin_len = sizeof(struct sockaddr_in);
182 } else if( SC_IPV6( scp ) ) {
183 tsin.sa_in6.sin6_family = AF_INET6 ;
184 sin_len = sizeof(struct sockaddr_in6);
187 if ( bind( sd, &tsin.sa, sin_len ) == -1 )
189 msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
194 * Find the port number that was assigned to the socket
196 if ( getsockname( sd, &tsin.sa, &sin_len ) == -1 )
199 "getsockname failed (%m). service = %s", sid ) ;
203 if( tsin.sa.sa_family == AF_INET )
204 SC_SET_PORT( scp, ntohs( tsin.sa_in.sin_port ) ) ;
205 else if( tsin.sa.sa_family == AF_INET6 )
206 SC_SET_PORT( scp, ntohs( tsin.sa_in6.sin6_port ) ) ;
209 * Try to register as many versions as possible
211 for ( vers = RD_MINVERS( rdp ) ; vers <= RD_MAXVERS( rdp ) ; vers++ ) {
212 /* Is this right? For instance, if we have both tcp and udp services,
213 * this will unregister the previously registered protocol.
214 * pmap_unset(RD_PROGNUM(rdp), vers);
216 if ( pmap_set( RD_PROGNUM( rdp ), vers, SC_PROTOVAL( scp ),
218 registered_versions++ ;
221 "pmap_set failed. service=%s program=%ld version=%ld",
222 sid, RD_PROGNUM( rdp ), vers ) ;
227 msg( LOG_DEBUG, func,
228 "Registered %d versions of %s", registered_versions, sid ) ;
230 return( ( registered_versions == 0 ) ? FAILED : OK ) ;
233 #endif /* ! NO_RPC */
235 static status_e activate_normal( struct service *sp )
237 union xsockaddr tsin;
238 int sd = SVC_FD( sp ) ;
239 struct service_config *scp = SVC_CONF( sp ) ;
240 uint16_t service_port = SC_PORT( scp ) ;
241 char *sid = SC_ID( scp ) ;
242 const char *func = "activate_normal" ;
243 unsigned int sin_len = sizeof(tsin);
249 if( SC_BIND_ADDR(scp) != NULL )
250 memcpy(&tsin, SC_BIND_ADDR(scp), sin_len);
252 memset(&tsin, 0, sin_len);
254 if( SC_IPV4( scp ) ) {
255 tsin.sa_in.sin_family = AF_INET ;
256 tsin.sa_in.sin_port = htons( service_port ) ;
257 sin_len = sizeof(struct sockaddr_in);
258 } else if( SC_IPV6( scp ) ) {
259 tsin.sa_in6.sin6_family = AF_INET6;
260 tsin.sa_in6.sin6_port = htons( service_port );
261 sin_len = sizeof(struct sockaddr_in6);
266 if( SC_SPECIFIED(scp, A_V6ONLY) ) {
271 if( setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&v6on, sizeof(v6on)) < 0 ) {
272 msg( LOG_ERR, func, "Setting IPV6_V6ONLY option failed (%m)" );
277 if ( setsockopt( sd, SOL_SOCKET, SO_REUSEADDR,
278 (char *) &on, sizeof( on ) ) == -1 )
279 msg( LOG_WARNING, func,
280 "setsockopt SO_REUSEADDR failed (%m). service = %s", sid ) ;
282 if( SC_NODELAY( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
284 if ( setsockopt( sd, IPPROTO_TCP, TCP_NODELAY,
285 (char *) &on, sizeof( on ) ) == -1 )
286 msg( LOG_WARNING, func,
287 "setsockopt TCP_NODELAY failed (%m). service = %s", sid ) ;
290 if( SC_KEEPALIVE( scp ) && (SC_PROTOVAL(scp) == IPPROTO_TCP) )
292 if( setsockopt(sd, SOL_SOCKET, SO_KEEPALIVE,
293 (char *)&on, sizeof( on ) ) < 0 )
294 msg( LOG_WARNING, func,
295 "setsockopt SO_KEEPALIVE failed (%m). service = %s", sid ) ;
298 if ( bind( sd, &tsin.sa, sin_len ) == -1 )
300 msg( LOG_ERR, func, "bind failed (%m). service = %s", sid ) ;
309 * Activate a service.
311 status_e svc_activate( struct service *sp )
313 struct service_config *scp = SVC_CONF( sp ) ;
315 const char *func = "svc_activate" ;
317 /* No activation for MUXCLIENTS.
320 if (SC_IS_MUXCLIENT( scp ))
325 if( SC_IPV4( scp ) ) {
326 SVC_FD(sp) = socket( AF_INET,
327 SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
328 } else if( SC_IPV6( scp ) ) {
329 SVC_FD(sp) = socket( AF_INET6,
330 SC_SOCKET_TYPE( scp ), SC_PROTOVAL( scp ) ) ;
333 if ( SVC_FD(sp) == -1 )
336 "socket creation failed (%m). service = %s", SC_ID( scp ) ) ;
340 if ( set_fd_modes( sp ) == FAILED )
342 (void) Sclose( SVC_FD(sp) ) ;
347 if ( SC_IS_RPC( scp ) )
348 status = activate_rpc( sp ) ;
350 #endif /* ! NO_RPC */
351 status = activate_normal( sp ) ;
353 if ( status == FAILED )
355 (void) Sclose( SVC_FD(sp) ) ;
360 xinetd_mdns_register(scp);
363 if ( log_start( sp, &SVC_LOG(sp) ) == FAILED )
370 * Initialize the service data
372 SVC_RUNNING_SERVERS(sp) = SVC_RETRIES(sp) = 0 ;
374 if ( SC_MUST_LISTEN( scp ) )
375 (void) listen( SVC_FD(sp), LISTEN_BACKLOG ) ;
377 ps.rws.descriptors_free-- ;
379 SVC_STATE(sp) = SVC_ACTIVE ;
381 FD_SET( SVC_FD(sp), &ps.rws.socket_mask ) ;
382 if ( SVC_FD(sp) > ps.rws.mask_max )
383 ps.rws.mask_max = SVC_FD(sp) ;
385 ps.rws.active_services++ ;
386 ps.rws.available_services++ ;
392 static void deactivate( const struct service *sp )
394 (void) Sclose( SVC_FD( sp ) ) ;
397 xinetd_mdns_deregister(SVC_CONF(sp));
401 msg(LOG_DEBUG, "deactivate", "%d Service %s deactivated",
402 getpid(), SC_NAME( SVC_CONF(sp) ) );
405 if ( SC_IS_RPC( SVC_CONF( sp ) ) )
408 const struct rpc_data *rdp = SC_RPCDATA( SVC_CONF( sp ) ) ;
410 for ( vers = RD_MINVERS( rdp ) ; vers <= RD_MAXVERS( rdp ) ; vers++ ) {
411 (void) pmap_unset( RD_PROGNUM( rdp ), vers ) ;
414 #endif /* ! NO_RPC */
419 * Close the service descriptor.
420 * If this is an RPC service, deregister it.
423 void svc_deactivate( struct service *sp )
425 if ( ! SVC_IS_AVAILABLE( sp ) )
429 ps.rws.descriptors_free++ ;
431 if ( SVC_IS_ACTIVE( sp ) )
433 FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
434 ps.rws.active_services-- ;
437 ps.rws.available_services-- ;
446 void svc_suspend( struct service *sp )
448 const char *func = "svc_suspend" ;
450 if ( ! SVC_IS_ACTIVE( sp ) )
452 msg( LOG_ERR, func, "service %s is not active", SVC_ID( sp ) ) ;
456 FD_CLR( SVC_FD( sp ), &ps.rws.socket_mask ) ;
457 ps.rws.active_services-- ;
459 msg( LOG_DEBUG, func, "Suspended service %s", SVC_ID( sp ) ) ;
466 * Resume a suspended service.
468 void svc_resume( struct service *sp )
470 const char *func = "svc_resume" ;
472 FD_SET( SVC_FD( sp ), &ps.rws.socket_mask ) ;
473 ps.rws.active_services++ ;
475 msg( LOG_DEBUG, func, "Resumed service %s", SVC_ID( sp ) ) ;
482 * 1. Deactivate the service
483 * 2. Free all memory used by the service and free the service itself
485 * Since this function may free all memory associated with the service as
486 * well as the memory pointed by sp, only the value of sp should be used
487 * after this call if the return value is 0 (i.e. no dereferencing of sp).
489 * Special services are never deactivated.
491 int svc_release( struct service *sp )
493 char *sid = SVC_ID( sp ) ;
494 const char *func = "svc_release" ;
496 if ( SVC_REFCOUNT(sp) == 0 )
498 msg( LOG_ERR, func, "%s: svc_release with 0 count", sid ) ;
503 if ( SVC_REFCOUNT(sp) == 0 )
506 msg( LOG_DEBUG, func, "ref count of service %s dropped to 0", sid ) ;
507 if ( ! SC_IS_SPECIAL( SVC_CONF( sp ) ) )
510 log_end( SC_LOG( SVC_CONF( sp ) ), SVC_LOG(sp) ) ;
511 svc_deactivate( sp ) ;
515 else /* this shouldn't happen */
516 msg( LOG_WARNING, func,
517 "ref count of special service %s dropped to 0", sid ) ;
521 return( SVC_REFCOUNT(sp) ) ;
525 void svc_dump( const struct service *sp, int fd )
527 tabprint( fd, 0, "Service = %s\n", SC_NAME( SVC_CONF( sp ) ) ) ;
528 tabprint( fd, 1, "State = %s\n",
529 nv_get_name( service_states, (int) SVC_STATE(sp) ) ) ;
531 sc_dump( SVC_CONF( sp ), fd, 1, FALSE ) ;
533 if ( SVC_IS_ACTIVE(sp) )
535 tabprint( fd, 1, "running servers = %d\n", SVC_RUNNING_SERVERS(sp) ) ;
536 tabprint( fd, 1, "retry servers = %d\n", SVC_RETRIES(sp) ) ;
537 tabprint( fd, 1, "attempts = %d\n", SVC_ATTEMPTS(sp) ) ;
538 tabprint( fd, 1, "service fd = %d\n", SVC_FD(sp) ) ;
540 Sputchar( fd, '\n' ) ;
544 void svc_request( struct service *sp )
549 cp = conn_new( sp ) ;
550 if ( cp == CONN_NULL )
554 * Output the banner now that the connection is established. The
555 * other banners come later.
557 banner_always(sp, cp);
559 if (SVC_NOT_GENERIC(sp))
560 ret_code = spec_service_handler(sp, cp);
562 ret_code = svc_generic_handler(sp, cp);
564 if( (SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM) && (SVC_IS_ACTIVE( sp )) )
565 drain( cp->co_descriptor ) ; /* Prevents looping next time */
567 if ( ret_code != OK )
569 if ( SVC_LOGS_USERID_ON_FAILURE( sp ) ) {
570 if( spec_service_handler( LOG_SERVICE( ps ), cp ) == FAILED )
572 else if (!SC_WAITS( SVC_CONF( sp ) ) ) {
573 /* The logging service will gen SIGCHLD thus freeing connection */
578 if (!SC_WAITS( SVC_CONF( sp ) ))
581 if( (SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM) && (SVC_IS_ACTIVE( sp )) )
582 drain( cp->co_descriptor ) ; /* Prevents looping next time */
586 else if ((SVC_NOT_GENERIC(sp)) || (!SC_FORKS( SVC_CONF( sp ) ) ) )
591 status_e svc_generic_handler( struct service *sp, connection_s *cp )
593 if ( svc_parent_access_control( sp, cp ) == OK ) {
594 return( server_run( sp, cp ) ) ;
601 /* Print the banner that is supposed to always be printed */
602 static int banner_always( const struct service *sp, const connection_s *cp )
604 const char *func = "banner_always";
605 const struct service_config *scp = SVC_CONF( sp ) ;
607 /* print the banner regardless of access control */
608 if ( SC_BANNER(scp) != NULL ) {
609 char tmpbuf[TMPSIZE];
611 int bannerfd = open(SC_BANNER(scp), O_RDONLY);
614 msg( LOG_ERR, func, "service = %s, open of banner %s failed",
615 SVC_ID( sp ), SC_BANNER(scp));
619 while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
626 msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
627 SVC_ID( sp ), SC_BANNER(scp));
631 Swrite(cp->co_descriptor, tmpbuf, retval);
635 Sflush ( cp->co_descriptor );
641 static int banner_fail( const struct service *sp, const connection_s *cp )
643 const char *func = "banner_fail";
644 const struct service_config *scp = SVC_CONF( sp ) ;
647 if ( SC_BANNER_FAIL(scp) != NULL )
649 char tmpbuf[TMPSIZE];
651 int bannerfd = open(SC_BANNER_FAIL(scp), O_RDONLY);
655 msg( LOG_ERR, func, "service = %s, open of banner %s failed",
656 SVC_ID( sp ), SC_BANNER_FAIL(scp));
660 while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
667 msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
668 SVC_ID( sp ), SC_BANNER(scp));
672 Swrite(cp->co_descriptor, tmpbuf, retval);
676 Sflush ( cp->co_descriptor );
682 static int banner_success( const struct service *sp, const connection_s *cp )
684 const char *func = "banner_success";
685 const struct service_config *scp = SVC_CONF( sp ) ;
687 /* print the access granted banner */
688 if ( SC_BANNER_SUCCESS(scp) != NULL ) {
689 char tmpbuf[TMPSIZE];
691 int bannerfd = open(SC_BANNER_SUCCESS(scp), O_RDONLY);
694 msg( LOG_ERR, func, "service = %s, open of banner %s failed",
695 SVC_ID( sp ), SC_BANNER_SUCCESS(scp));
699 while( (retval = read(bannerfd, tmpbuf, sizeof(tmpbuf))) ) {
706 msg(LOG_ERR, func, "service %s, Error %m reading banner %s",
707 SVC_ID( sp ), SC_BANNER(scp));
711 Swrite(cp->co_descriptor, tmpbuf, retval);
715 Sflush ( cp->co_descriptor );
720 static status_e failed_service(struct service *sp,
724 struct service_config *scp = SVC_CONF( sp ) ;
726 if ( result != AC_OK )
728 bool_int report_failure = TRUE ;
731 * Try to avoid reporting multiple times a failed attempt to access
732 * a datagram-based service from a bad address. We do this because
733 * the clients of such services usually send multiple datagrams
734 * before reporting a timeout (we have no way of telling them that
735 * their request has been denied).
737 if ( result == AC_ADDRESS && SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM )
739 if( SC_IPV4( scp ) ) {
740 struct sockaddr_in *sinp = SAIN(CONN_ADDRESS( cp )) ;
741 struct sockaddr_in *last = SAIN(SVC_LAST_DGRAM_ADDR(sp)) ;
742 time_t current_time ;
747 if ( last == NULL ) {
748 last = SAIN( calloc( 1, sizeof(union xsockaddr) ) );
749 SVC_LAST_DGRAM_ADDR(sp) = (union xsockaddr *)last;
752 (void) time( ¤t_time ) ;
753 if ( sinp->sin_addr.s_addr == last->sin_addr.s_addr &&
754 sinp->sin_port == last->sin_port )
756 if( current_time - SVC_LAST_DGRAM_TIME(sp) <= DGRAM_IGNORE_TIME )
757 report_failure = FALSE ;
759 SVC_LAST_DGRAM_TIME(sp) = current_time ;
763 memcpy(SVC_LAST_DGRAM_ADDR(sp), sinp,sizeof(struct sockaddr_in));
764 SVC_LAST_DGRAM_TIME(sp) = current_time ;
766 } else if( SC_IPV6( scp ) ) {
767 struct sockaddr_in6 *sinp = SAIN6(CONN_ADDRESS( cp )) ;
768 struct sockaddr_in6 *last = SAIN6(SVC_LAST_DGRAM_ADDR(sp)) ;
769 time_t current_time ;
775 last = SAIN6(calloc( 1, sizeof(union xsockaddr) ) );
776 SVC_LAST_DGRAM_ADDR( sp ) = (union xsockaddr *)last;
779 (void) time( ¤t_time ) ;
780 if ( IN6_ARE_ADDR_EQUAL(&(sinp->sin6_addr), &(last->sin6_addr)) &&
781 sinp->sin6_port == last->sin6_port )
783 if((current_time - SVC_LAST_DGRAM_TIME(sp)) <= DGRAM_IGNORE_TIME)
784 report_failure = FALSE ;
786 SVC_LAST_DGRAM_TIME(sp) = current_time ;
790 memcpy(SVC_LAST_DGRAM_ADDR(sp),sinp,sizeof(struct sockaddr_in6));
791 SVC_LAST_DGRAM_TIME(sp) = current_time ;
796 if ( report_failure )
797 svc_log_failure( sp, cp, result ) ;
807 /* Do the "light weight" access control here */
808 status_e svc_parent_access_control( struct service *sp, connection_s *cp )
812 result = parent_access_control( sp, cp );
813 if( failed_service(sp, cp, result) == FAILED )
819 status_e svc_child_access_control( struct service *sp, connection_s *cp )
823 result = access_control( sp, cp, MASK_NULL ) ;
824 if( failed_service(sp, cp, result) == FAILED )
827 banner_success(sp, cp);
833 * Invoked when a server of the specified service dies
835 void svc_postmortem( struct service *sp, struct server *serp )
837 struct service *co_sp = SERVER_CONNSERVICE( serp ) ;
838 connection_s *cp = SERVER_CONNECTION( serp ) ;
839 const char *func = "svc_postmortem" ;
841 SVC_DEC_RUNNING_SERVERS( sp ) ;
844 * Log information about the server that died
846 if ( SVC_IS_LOGGING( sp ) )
848 if ( SERVER_WRITES_TO_LOG(serp) )
851 msg( LOG_DEBUG, func,
852 "Checking log size of %s service", SVC_ID( sp ) ) ;
853 xlog_control( SVC_LOG( sp ), XLOG_SIZECHECK ) ;
855 svc_log_exit( sp, serp ) ;
859 * Now check if we have to check the log size of the service that owns
862 if ( co_sp != sp && SVC_IS_LOGGING( co_sp ) )
863 xlog_control( SVC_LOG( co_sp ), XLOG_SIZECHECK ) ;
865 if (!SVC_WAITS(sp)) {
870 if ( SVC_SOCKET_TYPE( sp ) == SOCK_DGRAM )
871 drain( cp->co_descriptor ) ;
874 if( SVC_RELE( sp ) == 0 )
875 svc_release( sp ); /* shouldn't be 0, but should remove from
876 * pset if it is... */
883 * This function closes all service descriptors. This should be called
884 * for all child processes that fork, but do not exec. This includes
885 * redirect, builtins, and tcpmux. The close on exec flag takes care of
886 * child processes that call exec. Without calling this, the listening
887 * fd's are not closed and reconfig will fail.
889 void close_all_svc_descriptors(void)
892 struct service *osp ;
894 /* Have to close all other descriptors here */
895 iter = psi_create( SERVICES( ps ) ) ;
897 out_of_memory( "close_all_svc_descriptors" ) ;
899 for ( osp = SP( psi_start( iter ) ) ; osp ; osp = SP( psi_next( iter ) ) )
900 (void) Sclose( SVC_FD( osp ) ) ;
902 psi_destroy( iter ) ;