xref: /onnv-gate/usr/src/cmd/tcpd/miscd.c (revision 0:68f95e015346)
1*0Sstevel@tonic-gate  /*
2*0Sstevel@tonic-gate   * Front end to the ULTRIX miscd service. The front end logs the remote host
3*0Sstevel@tonic-gate   * name and then invokes the real miscd daemon. Install as "/usr/etc/miscd",
4*0Sstevel@tonic-gate   * after renaming the real miscd daemon to the name defined with the
5*0Sstevel@tonic-gate   * REAL_MISCD macro.
6*0Sstevel@tonic-gate   *
7*0Sstevel@tonic-gate   * Connections and diagnostics are logged through syslog(3).
8*0Sstevel@tonic-gate   *
9*0Sstevel@tonic-gate   * The Ultrix miscd program implements (among others) the systat service, which
10*0Sstevel@tonic-gate   * pipes the output from who(1) to stdout. This information is potentially
11*0Sstevel@tonic-gate   * useful to systems crackers.
12*0Sstevel@tonic-gate   *
13*0Sstevel@tonic-gate   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
14*0Sstevel@tonic-gate   */
15*0Sstevel@tonic-gate 
16*0Sstevel@tonic-gate #ifndef lint
17*0Sstevel@tonic-gate static char sccsid[] = "@(#) miscd.c 1.10 96/02/11 17:01:30";
18*0Sstevel@tonic-gate #endif
19*0Sstevel@tonic-gate 
20*0Sstevel@tonic-gate /* System libraries. */
21*0Sstevel@tonic-gate 
22*0Sstevel@tonic-gate #include <sys/types.h>
23*0Sstevel@tonic-gate #include <sys/param.h>
24*0Sstevel@tonic-gate #include <sys/stat.h>
25*0Sstevel@tonic-gate #include <sys/socket.h>
26*0Sstevel@tonic-gate #include <netinet/in.h>
27*0Sstevel@tonic-gate #include <stdio.h>
28*0Sstevel@tonic-gate #include <syslog.h>
29*0Sstevel@tonic-gate 
30*0Sstevel@tonic-gate #ifndef MAXPATHNAMELEN
31*0Sstevel@tonic-gate #define MAXPATHNAMELEN	BUFSIZ
32*0Sstevel@tonic-gate #endif
33*0Sstevel@tonic-gate 
34*0Sstevel@tonic-gate #ifndef STDIN_FILENO
35*0Sstevel@tonic-gate #define STDIN_FILENO	0
36*0Sstevel@tonic-gate #endif
37*0Sstevel@tonic-gate 
38*0Sstevel@tonic-gate /* Local stuff. */
39*0Sstevel@tonic-gate 
40*0Sstevel@tonic-gate #include "patchlevel.h"
41*0Sstevel@tonic-gate #include "tcpd.h"
42*0Sstevel@tonic-gate 
43*0Sstevel@tonic-gate int     allow_severity = SEVERITY;	/* run-time adjustable */
44*0Sstevel@tonic-gate int     deny_severity = LOG_WARNING;	/* ditto */
45*0Sstevel@tonic-gate 
main(argc,argv)46*0Sstevel@tonic-gate main(argc, argv)
47*0Sstevel@tonic-gate int     argc;
48*0Sstevel@tonic-gate char  **argv;
49*0Sstevel@tonic-gate {
50*0Sstevel@tonic-gate     struct request_info request;
51*0Sstevel@tonic-gate     char    path[MAXPATHNAMELEN];
52*0Sstevel@tonic-gate 
53*0Sstevel@tonic-gate     /* Attempt to prevent the creation of world-writable files. */
54*0Sstevel@tonic-gate 
55*0Sstevel@tonic-gate #ifdef DAEMON_UMASK
56*0Sstevel@tonic-gate     umask(DAEMON_UMASK);
57*0Sstevel@tonic-gate #endif
58*0Sstevel@tonic-gate 
59*0Sstevel@tonic-gate     /*
60*0Sstevel@tonic-gate      * Open a channel to the syslog daemon. Older versions of openlog()
61*0Sstevel@tonic-gate      * require only two arguments.
62*0Sstevel@tonic-gate      */
63*0Sstevel@tonic-gate 
64*0Sstevel@tonic-gate #ifdef LOG_MAIL
65*0Sstevel@tonic-gate     (void) openlog(argv[0], LOG_PID, FACILITY);
66*0Sstevel@tonic-gate #else
67*0Sstevel@tonic-gate     (void) openlog(argv[0], LOG_PID);
68*0Sstevel@tonic-gate #endif
69*0Sstevel@tonic-gate 
70*0Sstevel@tonic-gate     /*
71*0Sstevel@tonic-gate      * Find out the endpoint addresses of this conversation. Host name
72*0Sstevel@tonic-gate      * lookups and double checks will be done on demand.
73*0Sstevel@tonic-gate      */
74*0Sstevel@tonic-gate 
75*0Sstevel@tonic-gate     request_init(&request, RQ_DAEMON, argv[0], RQ_FILE, STDIN_FILENO, 0);
76*0Sstevel@tonic-gate     fromhost(&request);
77*0Sstevel@tonic-gate 
78*0Sstevel@tonic-gate     /*
79*0Sstevel@tonic-gate      * Optionally look up and double check the remote host name. Sites
80*0Sstevel@tonic-gate      * concerned with security may choose to refuse connections from hosts
81*0Sstevel@tonic-gate      * that pretend to have someone elses host name.
82*0Sstevel@tonic-gate      */
83*0Sstevel@tonic-gate 
84*0Sstevel@tonic-gate #ifdef PARANOID
85*0Sstevel@tonic-gate     if (STR_EQ(eval_hostname(request.client), paranoid))
86*0Sstevel@tonic-gate 	refuse(&request);
87*0Sstevel@tonic-gate #endif
88*0Sstevel@tonic-gate 
89*0Sstevel@tonic-gate     /*
90*0Sstevel@tonic-gate      * The BSD rlogin and rsh daemons that came out after 4.3 BSD disallow
91*0Sstevel@tonic-gate      * socket options at the IP level. They do so for a good reason.
92*0Sstevel@tonic-gate      * Unfortunately, we cannot use this with SunOS 4.1.x because the
93*0Sstevel@tonic-gate      * getsockopt() system call can panic the system.
94*0Sstevel@tonic-gate      */
95*0Sstevel@tonic-gate 
96*0Sstevel@tonic-gate #ifdef KILL_IP_OPTIONS
97*0Sstevel@tonic-gate     fix_options(&request);
98*0Sstevel@tonic-gate #endif
99*0Sstevel@tonic-gate 
100*0Sstevel@tonic-gate     /*
101*0Sstevel@tonic-gate      * Check whether this host can access the service in argv[0]. The
102*0Sstevel@tonic-gate      * access-control code invokes optional shell commands as specified in
103*0Sstevel@tonic-gate      * the access-control tables.
104*0Sstevel@tonic-gate      */
105*0Sstevel@tonic-gate 
106*0Sstevel@tonic-gate #ifdef HOSTS_ACCESS
107*0Sstevel@tonic-gate     if (!hosts_access(&request))
108*0Sstevel@tonic-gate 	refuse(&request);
109*0Sstevel@tonic-gate #endif
110*0Sstevel@tonic-gate 
111*0Sstevel@tonic-gate     /* Report request and invoke the real daemon program. */
112*0Sstevel@tonic-gate 
113*0Sstevel@tonic-gate     syslog(allow_severity, "connect from %s", eval_client(&request));
114*0Sstevel@tonic-gate     sprintf(path, "%s/miscd", REAL_DAEMON_DIR);
115*0Sstevel@tonic-gate     closelog();
116*0Sstevel@tonic-gate     (void) execv(path, argv);
117*0Sstevel@tonic-gate     syslog(LOG_ERR, "error: cannot execute %s: %m", path);
118*0Sstevel@tonic-gate     clean_exit(&request);
119*0Sstevel@tonic-gate     /* NOTREACHED */
120*0Sstevel@tonic-gate }
121