1 /*        $NetBSD: inetd.h,v 1.6 2022/08/10 08:37:53 christos Exp $   */
2 
3 /*-
4  * Copyright (c) 1998, 2003 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
9  * NASA Ames Research Center and by Matthias Scheler.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30  * POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /*
34  * Copyright (c) 1983, 1991, 1993, 1994
35  *        The Regents of the University of California.  All rights reserved.
36  *
37  * Redistribution and use in source and binary forms, with or without
38  * modification, are permitted provided that the following conditions
39  * are met:
40  * 1. Redistributions of source code must retain the above copyright
41  *    notice, this list of conditions and the following disclaimer.
42  * 2. Redistributions in binary form must reproduce the above copyright
43  *    notice, this list of conditions and the following disclaimer in the
44  *    documentation and/or other materials provided with the distribution.
45  * 3. Neither the name of the University nor the names of its contributors
46  *    may be used to endorse or promote products derived from this software
47  *    without specific prior written permission.
48  *
49  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59  * SUCH DAMAGE.
60  */
61 
62 #ifndef _INETD_H
63 #define _INETD_H
64 
65 #include <netinet/in.h>
66 #include <sys/socket.h>
67 #include <sys/time.h>
68 #include <sys/un.h>
69 #include <sys/queue.h>
70 
71 #include <arpa/inet.h>
72 
73 #include <netdb.h>
74 #include <stdbool.h>
75 
76 #ifndef NO_RPC
77 #define RPC
78 #endif
79 
80 #include <net/if.h>
81 
82 #ifdef RPC
83 #include <rpc/rpc.h>
84 #include <rpc/rpcb_clnt.h>
85 #include <netconfig.h>
86 #endif
87 
88 
89 #include "pathnames.h"
90 
91 #ifdef IPSEC
92 #include <netipsec/ipsec.h>
93 #ifndef IPSEC_POLICY_IPSEC    /* no ipsec support on old ipsec */
94 #undef IPSEC
95 #endif
96 #include "ipsec.h"
97 #endif
98 
99 typedef enum service_type {
100           NORM_TYPE = 0,
101           MUX_TYPE = 1,
102           MUXPLUS_TYPE = 2,
103           FAITH_TYPE = 3
104 } service_type;
105 
106 #define ISMUXPLUS(sep)        ((sep)->se_type == MUXPLUS_TYPE)
107 #define ISMUX(sep)  (((sep)->se_type == MUX_TYPE) || ISMUXPLUS(sep))
108 
109 #define   TOOMANY             40                  /* don't start more than TOOMANY */
110 
111 #define CONF_ERROR_FMT "%s line %zu: "
112 
113 /* Log warning/error with 0 or variadic args with line number and file name */
114 
115 #define ILV(prio, msg, ...) syslog(prio, CONF_ERROR_FMT msg ".", \
116     CONFIG, line_number __VA_OPT__(,) __VA_ARGS__)
117 
118 #define WRN(msg, ...) ILV(LOG_WARNING, msg __VA_OPT__(,) __VA_ARGS__)
119 #define ERR(msg, ...) ILV(LOG_ERR, msg __VA_OPT__(,) __VA_ARGS__)
120 
121 /* Debug logging */
122 #ifdef DEBUG_ENABLE
123 #define DPRINTF(fmt, ...) do {\
124           if (debug) {\
125                     fprintf(stderr, fmt "\n" __VA_OPT__(,) __VA_ARGS__);\
126           }\
127 } while (false)
128 #else
129 #define DPRINTF(fmt, ...) __nothing
130 #endif
131 
132 #define DPRINTCONF(fmt, ...) DPRINTF(CONF_ERROR_FMT fmt,\
133           CONFIG, line_number __VA_OPT__(,) __VA_ARGS__)
134 
135 #define STRINGIFY(x) #x
136 #define TOSTRING(x) STRINGIFY(x)
137 
138 /* "Unspecified" indicator value for servtabs (mainly used by v2 syntax) */
139 #define SERVTAB_UNSPEC_VAL -1
140 
141 #define SERVTAB_UNSPEC_SIZE_T SIZE_MAX
142 
143 #define SERVTAB_COUNT_MAX (SIZE_MAX - (size_t)1)
144 
145 /* Standard logging and debug print format for a servtab */
146 #define SERV_FMT "%s/%s"
147 #define SERV_PARAMS(sep) sep->se_service,sep->se_proto
148 
149 /* rate limiting macros */
150 #define   CNT_INTVL ((time_t)60)        /* servers in CNT_INTVL sec. */
151 #define   RETRYTIME (60*10)             /* retry after bind or server fail */
152 
153 struct    servtab {
154           char      *se_hostaddr;                 /* host address to listen on */
155           char      *se_service;                  /* name of service */
156           int       se_socktype;                  /* type of socket to use */
157           sa_family_t         se_family;          /* address family */
158           char      *se_proto;                    /* protocol used */
159           int       se_sndbuf;                    /* sndbuf size */
160           int       se_rcvbuf;                    /* rcvbuf size */
161           int       se_rpcprog;                   /* rpc program number */
162           int       se_rpcversl;                  /* rpc program lowest version */
163           int       se_rpcversh;                  /* rpc program highest version */
164 #define isrpcservice(sep)     ((sep)->se_rpcversl != 0)
165           pid_t     se_wait;            /* single threaded server */
166           short     se_checked;                   /* looked at during merge */
167           char      *se_user;           /* user name to run as */
168           char      *se_group;                    /* group name to run as */
169           struct    biltin *se_bi;                /* if built-in, description */
170           char      *se_server;                   /* server program */
171 #define   MAXARGV 64
172           char      *se_argv[MAXARGV+1];          /* program arguments */
173 #ifdef IPSEC
174           char      *se_policy;                   /* IPsec poilcy string */
175 #endif
176           struct accept_filter_arg se_accf; /* accept filter for stream service */
177           int       se_fd;                        /* open descriptor */
178           service_type        se_type;  /* type */
179           union {
180                     /* ensure correctness of C struct initializer */
181                     struct sockaddr_storage       se_ctrladdr_storage;
182                     struct sockaddr     se_ctrladdr;
183                     struct sockaddr_in  se_ctrladdr_in;
184                     struct sockaddr_in6 se_ctrladdr_in6; /* in6 is used by bind()/getaddrinfo */
185                     struct sockaddr_un  se_ctrladdr_un;
186           };                                      /* bound address */
187           socklen_t se_ctrladdr_size;
188           size_t    se_service_max;               /* max # of instances of this service per minute */
189           size_t    se_count;           /* number of instances of this service started since se_time */
190           size_t    se_ip_max;                    /* max # of instances of this service per ip per minute */
191           SLIST_HEAD(iplist, rl_ip_node) se_rl_ip_list; /* per-address (IP) rate limting */
192           time_t se_time;     /* start of se_count and ip_max counts, in seconds from arbitrary point */
193 
194           /* TODO convert to using SLIST */
195           struct    servtab *se_next;
196 };
197 
198 struct rl_ip_node {
199           /* Linked list entries */
200           SLIST_ENTRY(rl_ip_node) entries;
201           /*
202            * Number of service spawns from *_addr since se_time (includes
203            * attempted starts if greater than se_ip_max).
204            */
205           size_t count;
206           union {
207                     struct in_addr      ipv4_addr;
208 #ifdef INET6
209                     /* align for efficient comparison in rl_try_get, could use 8 instead */
210                     struct in6_addr     ipv6_addr __attribute__((aligned(16)));
211 #endif
212                     /*
213                      * other_addr is used for other address types besides the
214                      * special cases (IPv4/IPv6), using getnameinfo.
215                      */
216                     struct {
217                               /* A field is required before the special array member */
218                               char _placeholder;
219                               /* malloc'd storage varies with length of string */
220                               char other_addr[];
221                     };
222           };
223           /*
224            * Do not declare further members after union, offsetof is used to
225            * determine malloc size.
226            */
227 };
228 
229 /*
230  * From inetd.c
231  */
232 
233 void      setup(struct servtab *);
234 void      close_sep(struct servtab *);
235 void      register_rpc(struct servtab *);
236 void      unregister_rpc(struct servtab *);
237 bool      try_biltin(struct servtab *);
238 
239 /* Global debug mode boolean, enabled with -d */
240 extern int debug;
241 
242 /* rate limit or other error timed out flag */
243 extern int          timingout;
244 
245 /* servtab linked list */
246 extern struct servtab *servtab;
247 
248 /*
249  * From parse.c
250  */
251 
252 void      config_root(void);
253 int       parse_protocol(struct servtab *);
254 int       parse_wait(struct servtab *, int);
255 int       parse_server(struct servtab *, const char *);
256 void      parse_socktype(char *, struct servtab *);
257 void      parse_accept_filter(char *, struct servtab *);
258 char      *nextline(FILE *);
259 char      *newstr(const char *);
260 
261 /* Current line number in current config file */
262 extern size_t       line_number;
263 
264 /* Current config file path */
265 extern const char   *CONFIG;
266 
267 /* Open config file */
268 extern FILE         *fconfig;
269 
270 /* Default listening hostname/IP for current config file */
271 extern char         *defhost;
272 
273 /* Default IPsec policy for current config file */
274 extern char         *policy;
275 
276 /*
277  * From ratelimit.c
278  */
279 
280 int       rl_process(struct servtab *, int);
281 void      rl_clear_ip_list(struct servtab *);
282 
283 /*
284  * From parse_v2.c
285  */
286 
287 typedef enum parse_v2_result {V2_SUCCESS, V2_SKIP, V2_ERROR} parse_v2_result;
288 
289 /*
290  * Parse a key-values service definition, starting at the token after
291  * on/off (i.e. parse a series of key-values pairs terminated by a semicolon).
292  * Fills the provided servtab structure. Does not call freeconfig on error.
293  */
294 parse_v2_result     parse_syntax_v2(struct servtab *, char **);
295 
296 #endif
297