usr/src/cmd/tcpd/tcpd.c

   1  /*
   2   * General front end for stream and datagram IP services. This program logs
   3   * the remote host name and then invokes the real daemon. For example,
   4   * install as /usr/etc/{tftpd,fingerd,telnetd,ftpd,rlogind,rshd,rexecd},
   5   * after saving the real daemons in the directory specified with the
   6   * REAL_DAEMON_DIR macro. This arrangement requires that the network daemons
   7   * are started by inetd or something similar. Connections and diagnostics
   8   * are logged through syslog(3).
   9   *
  10   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
  11   */
  12
  13 #ifndef lint
  14 static char sccsid[] = "@(#) tcpd.c 1.10 96/02/11 17:01:32";
  15 #endif
  16
  17 /* System libraries. */
  18
  19 #include <sys/types.h>
  20 #include <sys/param.h>
  21 #include <sys/stat.h>
  22 #include <sys/socket.h>
  23 #include <netinet/in.h>
  24 #include <stdio.h>
  25 #include <syslog.h>
  26 #include <string.h>
  27
  28 #ifndef MAXPATHNAMELEN
  29 #define MAXPATHNAMELEN  BUFSIZ
  30 #endif
  31
  32 #ifndef STDIN_FILENO
  33 #define STDIN_FILENO    0
  34 #endif
  35
  36 /* Local stuff. */
  37
  38 #include "patchlevel.h"
  39 #include "tcpd.h"
  40
  41 int     allow_severity = SEVERITY;      /* run-time adjustable */
  42 int     deny_severity = LOG_WARNING;    /* ditto */
  43
  44 int
  45 main(argc, argv)
  46 int     argc;
  47 char  **argv;
  48 {
  49     struct request_info request;
  50     char    path[MAXPATHNAMELEN];
  51
  52     /* Attempt to prevent the creation of world-writable files. */
  53
  54 #ifdef DAEMON_UMASK
  55     umask(DAEMON_UMASK);
  56 #endif
  57
  58     /*
  59      * If argv[0] is an absolute path name, ignore REAL_DAEMON_DIR, and strip
  60      * argv[0] to its basename.
  61      */
  62
  63     if (argv[0][0] == '/') {
  64         strcpy(path, argv[0]);
  65         argv[0] = strrchr(argv[0], '/') + 1;
  66     } else {
  67         sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
  68     }
  69
  70     /*
  71      * Open a channel to the syslog daemon. Older versions of openlog()
  72      * require only two arguments.
  73      */
  74
  75 #ifdef LOG_MAIL
  76     (void) openlog(argv[0], LOG_PID, FACILITY);
  77 #else
  78     (void) openlog(argv[0], LOG_PID);
  79 #endif
  80
  81     /*
  82      * Find out the endpoint addresses of this conversation. Host name
  83      * lookups and double checks will be done on demand.
  84      */
  85
  86     request_init(&request, RQ_DAEMON, argv[0], RQ_FILE, STDIN_FILENO, 0);
  87     fromhost(&request);
  88
  89     /*
  90      * Optionally look up and double check the remote host name. Sites
  91      * concerned with security may choose to refuse connections from hosts
  92      * that pretend to have someone elses host name.
  93      */
  94
  95 #ifdef PARANOID
  96     if (STR_EQ(eval_hostname(request.client), paranoid))
  97         refuse(&request);
  98 #endif
  99
 100     /*
 101      * The BSD rlogin and rsh daemons that came out after 4.3 BSD disallow
 102      * socket options at the IP level. They do so for a good reason.
 103      * Unfortunately, we cannot use this with SunOS 4.1.x because the
 104      * getsockopt() system call can panic the system.
 105      */
 106
 107 #ifdef KILL_IP_OPTIONS
 108     fix_options(&request);
 109 #endif
 110
 111     /*
 112      * Check whether this host can access the service in argv[0]. The
 113      * access-control code invokes optional shell commands as specified in
 114      * the access-control tables.
 115      */
 116
 117 #ifdef HOSTS_ACCESS
 118     if (!hosts_access(&request))
 119         refuse(&request);
 120 #endif
 121
 122     /* Report request and invoke the real daemon program. */
 123
 124     syslog(allow_severity, "connect from %s", eval_client(&request));
 125     closelog();
 126     (void) execv(path, argv);
 127     syslog(LOG_ERR, "error: cannot execute %s: %m", path);
 128     clean_exit(&request);
 129     /* NOTREACHED */
 130 }