1*0Sstevel@tonic-gate /*
2*0Sstevel@tonic-gate * General front end for stream and datagram IP services. This program logs
3*0Sstevel@tonic-gate * the remote host name and then invokes the real daemon. For example,
4*0Sstevel@tonic-gate * install as /usr/etc/{tftpd,fingerd,telnetd,ftpd,rlogind,rshd,rexecd},
5*0Sstevel@tonic-gate * after saving the real daemons in the directory specified with the
6*0Sstevel@tonic-gate * REAL_DAEMON_DIR macro. This arrangement requires that the network daemons
7*0Sstevel@tonic-gate * are started by inetd or something similar. Connections and diagnostics
8*0Sstevel@tonic-gate * are logged through syslog(3).
9*0Sstevel@tonic-gate *
10*0Sstevel@tonic-gate * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
11*0Sstevel@tonic-gate */
12*0Sstevel@tonic-gate
13*0Sstevel@tonic-gate #ifndef lint
14*0Sstevel@tonic-gate static char sccsid[] = "@(#) tcpd.c 1.10 96/02/11 17:01:32";
15*0Sstevel@tonic-gate #endif
16*0Sstevel@tonic-gate
17*0Sstevel@tonic-gate /* System libraries. */
18*0Sstevel@tonic-gate
19*0Sstevel@tonic-gate #include <sys/types.h>
20*0Sstevel@tonic-gate #include <sys/param.h>
21*0Sstevel@tonic-gate #include <sys/stat.h>
22*0Sstevel@tonic-gate #include <sys/socket.h>
23*0Sstevel@tonic-gate #include <netinet/in.h>
24*0Sstevel@tonic-gate #include <stdio.h>
25*0Sstevel@tonic-gate #include <syslog.h>
26*0Sstevel@tonic-gate #include <string.h>
27*0Sstevel@tonic-gate
28*0Sstevel@tonic-gate #ifndef MAXPATHNAMELEN
29*0Sstevel@tonic-gate #define MAXPATHNAMELEN BUFSIZ
30*0Sstevel@tonic-gate #endif
31*0Sstevel@tonic-gate
32*0Sstevel@tonic-gate #ifndef STDIN_FILENO
33*0Sstevel@tonic-gate #define STDIN_FILENO 0
34*0Sstevel@tonic-gate #endif
35*0Sstevel@tonic-gate
36*0Sstevel@tonic-gate /* Local stuff. */
37*0Sstevel@tonic-gate
38*0Sstevel@tonic-gate #include "patchlevel.h"
39*0Sstevel@tonic-gate #include "tcpd.h"
40*0Sstevel@tonic-gate
41*0Sstevel@tonic-gate int allow_severity = SEVERITY; /* run-time adjustable */
42*0Sstevel@tonic-gate int deny_severity = LOG_WARNING; /* ditto */
43*0Sstevel@tonic-gate
main(argc,argv)44*0Sstevel@tonic-gate main(argc, argv)
45*0Sstevel@tonic-gate int argc;
46*0Sstevel@tonic-gate char **argv;
47*0Sstevel@tonic-gate {
48*0Sstevel@tonic-gate struct request_info request;
49*0Sstevel@tonic-gate char path[MAXPATHNAMELEN];
50*0Sstevel@tonic-gate
51*0Sstevel@tonic-gate /* Attempt to prevent the creation of world-writable files. */
52*0Sstevel@tonic-gate
53*0Sstevel@tonic-gate #ifdef DAEMON_UMASK
54*0Sstevel@tonic-gate umask(DAEMON_UMASK);
55*0Sstevel@tonic-gate #endif
56*0Sstevel@tonic-gate
57*0Sstevel@tonic-gate /*
58*0Sstevel@tonic-gate * If argv[0] is an absolute path name, ignore REAL_DAEMON_DIR, and strip
59*0Sstevel@tonic-gate * argv[0] to its basename.
60*0Sstevel@tonic-gate */
61*0Sstevel@tonic-gate
62*0Sstevel@tonic-gate if (argv[0][0] == '/') {
63*0Sstevel@tonic-gate strcpy(path, argv[0]);
64*0Sstevel@tonic-gate argv[0] = strrchr(argv[0], '/') + 1;
65*0Sstevel@tonic-gate } else {
66*0Sstevel@tonic-gate sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
67*0Sstevel@tonic-gate }
68*0Sstevel@tonic-gate
69*0Sstevel@tonic-gate /*
70*0Sstevel@tonic-gate * Open a channel to the syslog daemon. Older versions of openlog()
71*0Sstevel@tonic-gate * require only two arguments.
72*0Sstevel@tonic-gate */
73*0Sstevel@tonic-gate
74*0Sstevel@tonic-gate #ifdef LOG_MAIL
75*0Sstevel@tonic-gate (void) openlog(argv[0], LOG_PID, FACILITY);
76*0Sstevel@tonic-gate #else
77*0Sstevel@tonic-gate (void) openlog(argv[0], LOG_PID);
78*0Sstevel@tonic-gate #endif
79*0Sstevel@tonic-gate
80*0Sstevel@tonic-gate /*
81*0Sstevel@tonic-gate * Find out the endpoint addresses of this conversation. Host name
82*0Sstevel@tonic-gate * lookups and double checks will be done on demand.
83*0Sstevel@tonic-gate */
84*0Sstevel@tonic-gate
85*0Sstevel@tonic-gate request_init(&request, RQ_DAEMON, argv[0], RQ_FILE, STDIN_FILENO, 0);
86*0Sstevel@tonic-gate fromhost(&request);
87*0Sstevel@tonic-gate
88*0Sstevel@tonic-gate /*
89*0Sstevel@tonic-gate * Optionally look up and double check the remote host name. Sites
90*0Sstevel@tonic-gate * concerned with security may choose to refuse connections from hosts
91*0Sstevel@tonic-gate * that pretend to have someone elses host name.
92*0Sstevel@tonic-gate */
93*0Sstevel@tonic-gate
94*0Sstevel@tonic-gate #ifdef PARANOID
95*0Sstevel@tonic-gate if (STR_EQ(eval_hostname(request.client), paranoid))
96*0Sstevel@tonic-gate refuse(&request);
97*0Sstevel@tonic-gate #endif
98*0Sstevel@tonic-gate
99*0Sstevel@tonic-gate /*
100*0Sstevel@tonic-gate * The BSD rlogin and rsh daemons that came out after 4.3 BSD disallow
101*0Sstevel@tonic-gate * socket options at the IP level. They do so for a good reason.
102*0Sstevel@tonic-gate * Unfortunately, we cannot use this with SunOS 4.1.x because the
103*0Sstevel@tonic-gate * getsockopt() system call can panic the system.
104*0Sstevel@tonic-gate */
105*0Sstevel@tonic-gate
106*0Sstevel@tonic-gate #ifdef KILL_IP_OPTIONS
107*0Sstevel@tonic-gate fix_options(&request);
108*0Sstevel@tonic-gate #endif
109*0Sstevel@tonic-gate
110*0Sstevel@tonic-gate /*
111*0Sstevel@tonic-gate * Check whether this host can access the service in argv[0]. The
112*0Sstevel@tonic-gate * access-control code invokes optional shell commands as specified in
113*0Sstevel@tonic-gate * the access-control tables.
114*0Sstevel@tonic-gate */
115*0Sstevel@tonic-gate
116*0Sstevel@tonic-gate #ifdef HOSTS_ACCESS
117*0Sstevel@tonic-gate if (!hosts_access(&request))
118*0Sstevel@tonic-gate refuse(&request);
119*0Sstevel@tonic-gate #endif
120*0Sstevel@tonic-gate
121*0Sstevel@tonic-gate /* Report request and invoke the real daemon program. */
122*0Sstevel@tonic-gate
123*0Sstevel@tonic-gate syslog(allow_severity, "connect from %s", eval_client(&request));
124*0Sstevel@tonic-gate closelog();
125*0Sstevel@tonic-gate (void) execv(path, argv);
126*0Sstevel@tonic-gate syslog(LOG_ERR, "error: cannot execute %s: %m", path);
127*0Sstevel@tonic-gate clean_exit(&request);
128*0Sstevel@tonic-gate /* NOTREACHED */
129*0Sstevel@tonic-gate }
130