diff options
author | Julian Elischer <julian@FreeBSD.org> | 1996-11-10 21:12:44 +0000 |
---|---|---|
committer | Julian Elischer <julian@FreeBSD.org> | 1996-11-10 21:12:44 +0000 |
commit | 0661be0b5d46f5702216b079ff62dfa3e2a5c764 (patch) | |
tree | b42a48b865e52b6b1dc79e58049edac010b8170c /usr.sbin/inetd/inetd.c | |
parent | 6467602bb5a7b39587446060a1620cf7edb463ad (diff) | |
download | src-0661be0b5d46f5702216b079ff62dfa3e2a5c764.tar.gz src-0661be0b5d46f5702216b079ff62dfa3e2a5c764.zip |
Reviewed by: Bill fenner
Submitted by: Archie Cobbs (Archie@whistle.com)
Changes to allow inted to control the number of servers to
start on each service. This is a defence against a denial of service attack
in which the system is made unusable by
an external party. It also allows the behaviour of
small memory systems to be more accuratly predicted, by
bounding the extent to which processes can multiply.
Notes
Notes:
svn path=/head/; revision=19618
Diffstat (limited to 'usr.sbin/inetd/inetd.c')
-rw-r--r-- | usr.sbin/inetd/inetd.c | 287 |
1 files changed, 213 insertions, 74 deletions
diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index 42a02db89880..cb9ef467c75d 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -40,7 +40,7 @@ static char copyright[] __attribute__ ((unused)) = #ifndef lint /* from: @(#)inetd.c 8.4 (Berkeley) 4/13/94"; */ static char inetd_c_rcsid[] __attribute__ ((unused)) = - "$Id: inetd.c,v 1.15 1996/11/01 01:42:08 alex Exp $"; + "$Id: inetd.c,v 1.16 1996/11/10 21:07:27 julian Exp $"; #endif /* not lint */ /* @@ -132,10 +132,10 @@ static char inetd_c_rcsid[] __attribute__ ((unused)) = #define TOOMANY 256 /* don't start more than TOOMANY */ #define CNT_INTVL 60 /* servers in CNT_INTVL sec. */ #define RETRYTIME (60*10) /* retry after bind or server fail */ +#define MAX_MAXCHLD 32767 /* max allowable max children */ #define SIGBLOCK (sigmask(SIGCHLD)|sigmask(SIGHUP)|sigmask(SIGALRM)) - int debug = 0; int log = 0; int nsock, maxsock; @@ -151,17 +151,20 @@ struct servtab { char *se_service; /* name of service */ int se_socktype; /* type of socket to use */ char *se_proto; /* protocol used */ - short se_wait; /* single threaded server */ - short se_checked; /* looked at during merge */ + short se_maxchild; /* max number of children */ + short se_numchild; /* current number of children */ + pid_t *se_pids; /* array of child pids */ char *se_user; /* user name to run as */ struct biltin *se_bi; /* if built-in, description */ char *se_server; /* server program */ #define MAXARGV 20 char *se_argv[MAXARGV+1]; /* program arguments */ int se_fd; /* open descriptor */ - int se_type; /* type */ struct sockaddr_in se_ctrladdr;/* bound address */ - int se_rpc; /* ==1 if RPC service */ + u_char se_type; /* type: normal, mux, or mux+ */ + u_char se_checked; /* looked at during merge */ + u_char se_accept; /* i.e., wait/nowait mode */ + u_char se_rpc; /* ==1 if RPC service */ int se_rpc_prog; /* RPC program number */ u_int se_rpc_lowvers; /* RPC low version */ u_int se_rpc_highvers; /* RPC high version */ @@ -197,7 +200,10 @@ void machtime_stream __P((int, struct servtab *)); char *newstr __P((char *)); char *nextline __P((FILE *)); void print_service __P((char *, struct servtab *)); +void addchild __P((struct servtab *, int)); void reapchild __P((int)); +void enable __P((struct servtab *)); +void disable __P((struct servtab *)); void retry __P((int)); int setconfig __P((void)); void setup __P((struct servtab *)); @@ -211,7 +217,7 @@ struct biltin { char *bi_service; /* internally provided service name */ int bi_socktype; /* type of socket supported */ short bi_fork; /* 1 if should fork before call */ - short bi_wait; /* 1 if should wait for child */ + short bi_maxchild; /* max number of children (default) */ void (*bi_fn)(); /* function which performs it */ } biltins[] = { /* Echo received data */ @@ -385,7 +391,7 @@ main(argc, argv, envp) if (debug) fprintf(stderr, "someone wants %s\n", sep->se_service); - if (!sep->se_wait && sep->se_socktype == SOCK_STREAM) { + if (sep->se_accept && sep->se_socktype == SOCK_STREAM) { ctrl = accept(sep->se_fd, (struct sockaddr *)0, (int *)0); if (debug) @@ -458,20 +464,15 @@ main(argc, argv, envp) } if (pid < 0) { syslog(LOG_ERR, "fork: %m"); - if (!sep->se_wait && + if (sep->se_accept && sep->se_socktype == SOCK_STREAM) close(ctrl); sigsetmask(0L); sleep(1); continue; } - if (pid && sep->se_wait) { - sep->se_wait = pid; - if (sep->se_fd >= 0) { - FD_CLR(sep->se_fd, &allsock); - nsock--; - } - } + if (pid) + addchild(sep, pid); sigsetmask(0L); if (pid == 0) { if (dofork) { @@ -538,17 +539,43 @@ main(argc, argv, envp) _exit(EX_OSERR); } } - if (!sep->se_wait && sep->se_socktype == SOCK_STREAM) + if (sep->se_accept && sep->se_socktype == SOCK_STREAM) close(ctrl); } } } +/* + * Record a new child pid for this service. If we've reached the + * limit on children, then stop accepting incoming requests. + */ + +void +addchild(struct servtab *sep, pid_t pid) +{ +#ifdef SANITY_CHECK + if (sep->se_numchild >= sep->se_maxchild) { + syslog(LOG_ERR, "%s: %d >= %d", + __FUNCTION__, sep->se_numchild, sep->se_maxchild); + exit(EX_SOFTWARE); + } +#endif + if (sep->se_maxchild == 0) + return; + sep->se_pids[sep->se_numchild++] = pid; + if (sep->se_numchild == sep->se_maxchild) + disable(sep); +} + +/* + * Some child process has exited. See if it's on somebody's list. + */ + void reapchild(signo) int signo; { - int status; + int k, status; pid_t pid; struct servtab *sep; @@ -559,19 +586,21 @@ reapchild(signo) if (debug) fprintf(stderr, "%d reaped, status %#x\n", pid, status); - for (sep = servtab; sep; sep = sep->se_next) - if (sep->se_wait == pid) { - if (status) - syslog(LOG_WARNING, - "%s: exit status 0x%x", - sep->se_server, status); - if (debug) - fprintf(stderr, "restored %s, fd %d\n", - sep->se_service, sep->se_fd); - FD_SET(sep->se_fd, &allsock); - nsock++; - sep->se_wait = 1; - } + for (sep = servtab; sep; sep = sep->se_next) { + for (k = 0; k < sep->se_numchild; k++) + if (sep->se_pids[k] == pid) + break; + if (k == sep->se_numchild) + continue; + if (sep->se_numchild == sep->se_maxchild) + enable(sep); + sep->se_pids[k] = sep->se_pids[--sep->se_numchild]; + if (status) + syslog(LOG_WARNING, + "%s[%d]: exit status 0x%x", + sep->se_server, pid, status); + break; + } } } @@ -579,7 +608,7 @@ void config(signo) int signo; { - struct servtab *sep, *cp, **sepp; + struct servtab *sep, *new, **sepp; struct passwd *pwd; long omask; @@ -589,43 +618,57 @@ config(signo) } for (sep = servtab; sep; sep = sep->se_next) sep->se_checked = 0; - while (cp = getconfigent()) { - if ((pwd = getpwnam(cp->se_user)) == NULL) { + while ((new = getconfigent())) { + if ((pwd = getpwnam(new->se_user)) == NULL) { syslog(LOG_ERR, "%s/%s: No such user '%s', service ignored", - cp->se_service, cp->se_proto, cp->se_user); + new->se_service, new->se_proto, new->se_user); continue; } for (sep = servtab; sep; sep = sep->se_next) - if (strcmp(sep->se_service, cp->se_service) == 0 && - strcmp(sep->se_proto, cp->se_proto) == 0) + if (strcmp(sep->se_service, new->se_service) == 0 && + strcmp(sep->se_proto, new->se_proto) == 0) break; if (sep != 0) { int i; +#define SWAP(a, b) { typeof(a) c = a; a = b; b = c; } omask = sigblock(SIGBLOCK); - /* - * sep->se_wait may be holding the pid of a daemon - * that we're waiting for. If so, don't overwrite - * it unless the config file explicitly says don't - * wait. - */ - if (cp->se_bi == 0 && - (sep->se_wait == 1 || cp->se_wait == 0)) - sep->se_wait = cp->se_wait; -#define SWAP(a, b) { char *c = a; a = b; b = c; } - if (cp->se_user) - SWAP(sep->se_user, cp->se_user); - if (cp->se_server) - SWAP(sep->se_server, cp->se_server); + /* copy over outstanding child pids */ + if (sep->se_maxchild && new->se_maxchild) { + new->se_numchild = sep->se_numchild; + if (new->se_numchild > new->se_maxchild) + new->se_numchild = new->se_maxchild; + memcpy(new->se_pids, sep->se_pids, + new->se_numchild * sizeof(*new->se_pids)); + } + SWAP(sep->se_pids, new->se_pids); + sep->se_maxchild = new->se_maxchild; + sep->se_numchild = new->se_numchild; + /* might need to turn on or off service now */ + if (sep->se_fd >= 0) { + if (sep->se_maxchild + && sep->se_numchild == sep->se_maxchild) { + if (FD_ISSET(sep->se_fd, &allsock)) + disable(sep); + } else { + if (!FD_ISSET(sep->se_fd, &allsock)) + enable(sep); + } + } + sep->se_accept = new->se_accept; + if (new->se_user) + SWAP(sep->se_user, new->se_user); + if (new->se_server) + SWAP(sep->se_server, new->se_server); for (i = 0; i < MAXARGV; i++) - SWAP(sep->se_argv[i], cp->se_argv[i]); + SWAP(sep->se_argv[i], new->se_argv[i]); sigsetmask(omask); - freeconfig(cp); + freeconfig(new); if (debug) print_service("REDO", sep); } else { - sep = enter(cp); + sep = enter(new); if (debug) print_service("ADD ", sep); } @@ -799,10 +842,7 @@ setsockopt(fd, SOL_SOCKET, opt, (char *)&on, sizeof (on)) } if (sep->se_socktype == SOCK_STREAM) listen(sep->se_fd, 64); - FD_SET(sep->se_fd, &allsock); - nsock++; - if (sep->se_fd > maxsock) - maxsock = sep->se_fd; + enable(sep); if (debug) { fprintf(stderr, "registered %s on %d\n", sep->se_server, sep->se_fd); @@ -817,18 +857,13 @@ close_sep(sep) struct servtab *sep; { if (sep->se_fd >= 0) { - nsock--; - FD_CLR(sep->se_fd, &allsock); + if (FD_ISSET(sep->se_fd, &allsock)) + disable(sep); (void) close(sep->se_fd); sep->se_fd = -1; } sep->se_count = 0; - /* - * Don't keep the pid of this running deamon: when reapchild() - * reaps this pid, it would erroneously increment nsock. - */ - if (sep->se_wait > 1) - sep->se_wait = 1; + sep->se_numchild = 0; /* forget about any existing children */ } struct servtab * @@ -852,6 +887,68 @@ enter(cp) return (sep); } +void +enable(struct servtab *sep) +{ + if (debug) + fprintf(stderr, + "enabling %s, fd %d", sep->se_service, sep->se_fd); +#ifdef SANITY_CHECK + if (sep->se_fd < 0) { + syslog(LOG_ERR, + "%s: %s: bad fd", __FUNCTION__, sep->se_service); + exit(EX_SOFTWARE); + } + if (ISMUX(sep)) { + syslog(LOG_ERR, + "%s: %s: is mux", __FUNCTION__, sep->se_service); + exit(EX_SOFTWARE); + } + if (FD_ISSET(sep->se_fd, &allsock)) { + syslog(LOG_ERR, + "%s: %s: not off", __FUNCTION__, sep->se_service); + exit(EX_SOFTWARE); + } +#endif + FD_SET(sep->se_fd, &allsock); + nsock++; + if (sep->se_fd > maxsock) + maxsock = sep->se_fd; +} + +void +disable(struct servtab *sep) +{ + if (debug) + fprintf(stderr, + "disabling %s, fd %d", sep->se_service, sep->se_fd); +#ifdef SANITY_CHECK + if (sep->se_fd < 0) { + syslog(LOG_ERR, + "%s: %s: bad fd", __FUNCTION__, sep->se_service); + exit(EX_SOFTWARE); + } + if (ISMUX(sep)) { + syslog(LOG_ERR, + "%s: %s: is mux", __FUNCTION__, sep->se_service); + exit(EX_SOFTWARE); + } + if (!FD_ISSET(sep->se_fd, &allsock)) { + syslog(LOG_ERR, + "%s: %s: not on", __FUNCTION__, sep->se_service); + exit(EX_SOFTWARE); + } + if (nsock == 0) { + syslog(LOG_ERR, "%s: nsock=0", __FUNCTION__); + exit(EX_SOFTWARE); + } +#endif + FD_CLR(sep->se_fd, &allsock); + nsock--; + if (sep->se_fd == maxsock) + maxsock--; +} + FILE *fconfig = NULL; struct servtab serv; char line[LINE_MAX]; @@ -882,7 +979,7 @@ getconfigent() { struct servtab *sep = &serv; int argc; - char *cp, *arg; + char *cp, *arg, *s; char *versp; static char TCPMUX_TOKEN[] = "tcpmux/"; #define MUX_LEN (sizeof(TCPMUX_TOKEN)-1) @@ -962,14 +1059,36 @@ more: } } arg = sskip(&cp); - sep->se_wait = strcmp(arg, "wait") == 0; + if (!strncmp(arg, "wait", 4)) + sep->se_accept = 0; + else if (!strncmp(arg, "nowait", 6)) + sep->se_accept = 1; + else { + syslog(LOG_ERR, + "%s: bad wait/nowait for service %s", + CONFIG, sep->se_service); + goto more; + } + sep->se_maxchild = -1; + if ((s = strchr(arg, '/')) != NULL) { + char *eptr; + u_long val; + + val = strtoul(s + 1, &eptr, 10); + if (eptr == s + 1 || *eptr || val > MAX_MAXCHLD) { + syslog(LOG_ERR, + "%s: bad max-child for service %s", + CONFIG, sep->se_service); + goto more; + } + sep->se_maxchild = val; + } if (ISMUX(sep)) { /* - * Silently enforce "nowait" for TCPMUX services since - * they don't have an assigned port to listen on. + * Silently enforce "nowait" mode for TCPMUX services + * since they don't have an assigned port to listen on. */ - sep->se_wait = 0; - + sep->se_accept = 1; if (strcmp(sep->se_proto, "tcp")) { syslog(LOG_ERR, "%s: bad protocol for tcpmux service %s", @@ -997,14 +1116,32 @@ more: sep->se_service); goto more; } + sep->se_accept = 1; /* force accept mode for built-ins */ sep->se_bi = bi; - sep->se_wait = bi->bi_wait; } else sep->se_bi = NULL; + if (sep->se_maxchild < 0) /* apply default max-children */ + if (sep->se_bi) + sep->se_maxchild = sep->se_bi->bi_maxchild; + else + sep->se_maxchild = sep->se_accept ? 0 : 1; + if (sep->se_maxchild) { + sep->se_pids = malloc(sep->se_maxchild * sizeof(*sep->se_pids)); + if (sep->se_pids == NULL) { + syslog(LOG_ERR, "Out of memory."); + exit(EX_OSERR); + } + } argc = 0; for (arg = skip(&cp); cp; arg = skip(&cp)) - if (argc < MAXARGV) + if (argc < MAXARGV) { sep->se_argv[argc++] = newstr(arg); + } else { + syslog(LOG_ERR, + "%s: too many arguments for service %s", + CONFIG, sep->se_service); + goto more; + } while (argc <= MAXARGV) sep->se_argv[argc++] = NULL; return (sep); @@ -1024,6 +1161,8 @@ freeconfig(cp) free(cp->se_user); if (cp->se_server) free(cp->se_server); + if (cp->se_pids) + free(cp->se_pids); for (i = 0; i < MAXARGV; i++) if (cp->se_argv[i]) free(cp->se_argv[i]); |