xref: /freebsd/contrib/tcp_wrappers/inetcf.c (revision aa24f48b361effe51163877d84f1b70d32b77e04) 
1 /* $FreeBSD$ */
2  /*
3   * Routines to parse an inetd.conf or tlid.conf file. This would be a great
4   * job for a PERL script.
5   *
6   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
7   */
8 
9 #ifndef lint
10 static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23";
11 #endif
12 
13 #include <sys/types.h>
14 #include <sys/stat.h>
15 #include <stdio.h>
16 #include <errno.h>
17 #include <string.h>
18 #include <stdlib.h>
19 
20 extern int errno;
21 extern void exit();
22 
23 #include "tcpd.h"
24 #include "inetcf.h"
25 #include "scaffold.h"
26 
27  /*
28   * Network configuration files may live in unusual places. Here are some
29   * guesses. Shorter names follow longer ones.
30   */
31 char   *inet_files[] = {
32     "/private/etc/inetd.conf",		/* NEXT */
33     "/etc/inet/inetd.conf",		/* SYSV4 */
34     "/usr/etc/inetd.conf",		/* IRIX?? */
35     "/etc/inetd.conf",			/* BSD */
36     "/etc/net/tlid.conf",		/* SYSV4?? */
37     "/etc/saf/tlid.conf",		/* SYSV4?? */
38     "/etc/tlid.conf",			/* SYSV4?? */
39     0,
40 };
41 
42 static void inet_chk();
43 static char *base_name();
44 
45  /*
46   * Structure with everything we know about a service.
47   */
48 struct inet_ent {
49     struct inet_ent *next;
50     int     type;
51     char    name[1];
52 };
53 
54 static struct inet_ent *inet_list = 0;
55 
56 static char whitespace[] = " \t\r\n";
57 
58 /* inet_conf - read in and examine inetd.conf (or tlid.conf) entries */
59 
60 char   *inet_cfg(conf)
61 char   *conf;
62 {
63     char    buf[BUFSIZ];
64     FILE   *fp;
65     char   *service;
66     char   *protocol;
67     char   *user;
68     char   *path;
69     char   *arg0;
70     char   *arg1;
71     struct tcpd_context saved_context;
72     char   *percent_m();
73     int     i;
74     struct stat st;
75 
76     saved_context = tcpd_context;
77 
78     /*
79      * The inetd.conf (or tlid.conf) information is so useful that we insist
80      * on its availability. When no file is given run a series of educated
81      * guesses.
82      */
83     if (conf != 0) {
84 	if ((fp = fopen(conf, "r")) == 0) {
85 	    fprintf(stderr, percent_m(buf, "open %s: %m\n"), conf);
86 	    exit(1);
87 	}
88     } else {
89 	for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "r")) == 0; i++)
90 	     /* void */ ;
91 	if (fp == 0) {
92 	    fprintf(stderr, "Cannot find your inetd.conf or tlid.conf file.\n");
93 	    fprintf(stderr, "Please specify its location.\n");
94 	    exit(1);
95 	}
96 	conf = inet_files[i];
97 	check_path(conf, &st);
98     }
99 
100     /*
101      * Process the file. After the 7.0 wrapper release it became clear that
102      * there are many more inetd.conf formats than the 8 systems that I had
103      * studied. EP/IX uses a two-line specification for rpc services; HP-UX
104      * permits long lines to be broken with backslash-newline.
105      */
106     tcpd_context.file = conf;
107     tcpd_context.line = 0;
108     while (xgets(buf, sizeof(buf), fp)) {
109 	service = strtok(buf, whitespace);	/* service */
110 	if (service == 0 || *service == '#')
111 	    continue;
112 	if (STR_NE(service, "stream") && STR_NE(service, "dgram"))
113 	    strtok((char *) 0, whitespace);	/* endpoint */
114 	protocol = strtok((char *) 0, whitespace);
115 	(void) strtok((char *) 0, whitespace);	/* wait */
116 	if ((user = strtok((char *) 0, whitespace)) == 0)
117 	    continue;
118 	if (user[0] == '/') {			/* user */
119 	    path = user;
120 	} else {				/* path */
121 	    if ((path = strtok((char *) 0, whitespace)) == 0)
122 		continue;
123 	}
124 	if (path[0] == '?')			/* IRIX optional service */
125 	    path++;
126 	if (STR_EQ(path, "internal"))
127 	    continue;
128 	if (path[strspn(path, "-0123456789")] == 0) {
129 
130 	    /*
131 	     * ConvexOS puts RPC version numbers before path names. Jukka
132 	     * Ukkonen <ukkonen@csc.fi>.
133 	     */
134 	    if ((path = strtok((char *) 0, whitespace)) == 0)
135 		continue;
136 	}
137 	if ((arg0 = strtok((char *) 0, whitespace)) == 0) {
138 	    tcpd_warn("incomplete line");
139 	    continue;
140 	}
141 	if (arg0[strspn(arg0, "0123456789")] == 0) {
142 
143 	    /*
144 	     * We're reading a tlid.conf file, the format is:
145 	     *
146 	     * ...stuff... path arg_count arguments mod_count modules
147 	     */
148 	    if ((arg0 = strtok((char *) 0, whitespace)) == 0) {
149 		tcpd_warn("incomplete line");
150 		continue;
151 	    }
152 	}
153 	if ((arg1 = strtok((char *) 0, whitespace)) == 0)
154 	    arg1 = "";
155 
156 	inet_chk(protocol, path, arg0, arg1);
157     }
158     fclose(fp);
159     tcpd_context = saved_context;
160     return (conf);
161 }
162 
163 /* inet_chk - examine one inetd.conf (tlid.conf?) entry */
164 
165 static void inet_chk(protocol, path, arg0, arg1)
166 char   *protocol;
167 char   *path;
168 char   *arg0;
169 char   *arg1;
170 {
171     char    daemon[BUFSIZ];
172     struct stat st;
173     int     wrap_status = WR_MAYBE;
174     char   *base_name_path = base_name(path);
175     char   *tcpd_proc_name = (arg0[0] == '/' ? base_name(arg0) : arg0);
176 
177     /*
178      * Always warn when the executable does not exist or when it is not
179      * executable.
180      */
181     if (check_path(path, &st) < 0) {
182 	tcpd_warn("%s: not found: %m", path);
183     } else if ((st.st_mode & 0100) == 0) {
184 	tcpd_warn("%s: not executable", path);
185     }
186 
187     /*
188      * Cheat on the miscd tests, nobody uses it anymore.
189      */
190     if (STR_EQ(base_name_path, "miscd")) {
191 	inet_set(arg0, WR_YES);
192 	return;
193     }
194 
195     /*
196      * While we are here...
197      */
198     if (STR_EQ(tcpd_proc_name, "rexd") || STR_EQ(tcpd_proc_name, "rpc.rexd"))
199 	tcpd_warn("%s may be an insecure service", tcpd_proc_name);
200 
201     /*
202      * The tcpd program gets most of the attention.
203      */
204     if (STR_EQ(base_name_path, "tcpd")) {
205 
206 	if (STR_EQ(tcpd_proc_name, "tcpd"))
207 	    tcpd_warn("%s is recursively calling itself", tcpd_proc_name);
208 
209 	wrap_status = WR_YES;
210 
211 	/*
212 	 * Check: some sites install the wrapper set-uid.
213 	 */
214 	if ((st.st_mode & 06000) != 0)
215 	    tcpd_warn("%s: file is set-uid or set-gid", path);
216 
217 	/*
218 	 * Check: some sites insert tcpd in inetd.conf, instead of replacing
219 	 * the daemon pathname.
220 	 */
221 	if (arg0[0] == '/' && STR_EQ(tcpd_proc_name, base_name(arg1)))
222 	    tcpd_warn("%s inserted before %s", path, arg0);
223 
224 	/*
225 	 * Check: make sure files exist and are executable. On some systems
226 	 * the network daemons are set-uid so we cannot complain. Note that
227 	 * tcpd takes the basename only in case of absolute pathnames.
228 	 */
229 	if (arg0[0] == '/') {			/* absolute path */
230 	    if (check_path(arg0, &st) < 0) {
231 		tcpd_warn("%s: not found: %m", arg0);
232 	    } else if ((st.st_mode & 0100) == 0) {
233 		tcpd_warn("%s: not executable", arg0);
234 	    }
235 	} else {				/* look in REAL_DAEMON_DIR */
236 	    sprintf(daemon, "%s/%s", REAL_DAEMON_DIR, arg0);
237 	    if (check_path(daemon, &st) < 0) {
238 		tcpd_warn("%s: not found in %s: %m",
239 			  arg0, REAL_DAEMON_DIR);
240 	    } else if ((st.st_mode & 0100) == 0) {
241 		tcpd_warn("%s: not executable", daemon);
242 	    }
243 	}
244 
245     } else {
246 
247 	/*
248 	 * No tcpd program found. Perhaps they used the "simple installation"
249 	 * recipe. Look for a file with the same basename in REAL_DAEMON_DIR.
250 	 * Draw some conservative conclusions when a distinct file is found.
251 	 */
252 	sprintf(daemon, "%s/%s", REAL_DAEMON_DIR, arg0);
253 	if (STR_EQ(path, daemon)) {
254 #ifdef __FreeBSD__
255 	    wrap_status = WR_MAYBE;
256 #else
257 	    wrap_status = WR_NOT;
258 #endif
259 	} else if (check_path(daemon, &st) >= 0) {
260 	    wrap_status = WR_MAYBE;
261 	} else if (errno == ENOENT) {
262 	    wrap_status = WR_NOT;
263 	} else {
264 	    tcpd_warn("%s: file lookup: %m", daemon);
265 	    wrap_status = WR_MAYBE;
266 	}
267     }
268 
269     /*
270      * Alas, we cannot wrap rpc/tcp services.
271      */
272     if (wrap_status == WR_YES && STR_EQ(protocol, "rpc/tcp"))
273 	tcpd_warn("%s: cannot wrap rpc/tcp services", tcpd_proc_name);
274 
275     inet_set(tcpd_proc_name, wrap_status);
276 }
277 
278 /* inet_set - remember service status */
279 
280 void    inet_set(name, type)
281 char   *name;
282 int     type;
283 {
284     struct inet_ent *ip =
285     (struct inet_ent *) malloc(sizeof(struct inet_ent) + strlen(name));
286 
287     if (ip == 0) {
288 	fprintf(stderr, "out of memory\n");
289 	exit(1);
290     }
291     ip->next = inet_list;
292     strcpy(ip->name, name);
293     ip->type = type;
294     inet_list = ip;
295 }
296 
297 /* inet_get - look up service status */
298 
299 int     inet_get(name)
300 char   *name;
301 {
302     struct inet_ent *ip;
303 
304     if (inet_list == 0)
305 	return (WR_MAYBE);
306 
307     for (ip = inet_list; ip; ip = ip->next)
308 	if (STR_EQ(ip->name, name))
309 	    return (ip->type);
310 
311     return (-1);
312 }
313 
314 /* base_name - compute last pathname component */
315 
316 static char *base_name(path)
317 char   *path;
318 {
319     char   *cp;
320 
321     if ((cp = strrchr(path, '/')) != 0)
322 	path = cp + 1;
323     return (path);
324 }
325