usr.sbin/inetd/inetd.h

/*	$NetBSD: inetd.h,v 1.4 2021/10/12 19:08:04 christos Exp $	*/

/*-
 * Copyright (c) 1998, 2003 The NetBSD Foundation, Inc.
 * All rights reserved.
 *
 * This code is derived from software contributed to The NetBSD Foundation
 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
 * NASA Ames Research Center and by Matthias Scheler.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * Copyright (c) 1983, 1991, 1993, 1994
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef _INETD_H
#define _INETD_H

#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/un.h>
#include <sys/queue.h>

#include <arpa/inet.h>

#include <netdb.h>
#include <stdbool.h>


#include "pathnames.h"

#ifdef IPSEC
#include <netipsec/ipsec.h>
#ifndef IPSEC_POLICY_IPSEC	/* no ipsec support on old ipsec */
#undef IPSEC
#endif
#include "ipsec.h"
#endif

typedef enum service_type {
	NORM_TYPE = 0,
	MUX_TYPE = 1,
	MUXPLUS_TYPE = 2,
	FAITH_TYPE = 3
} service_type;

#define ISMUXPLUS(sep)	((sep)->se_type == MUXPLUS_TYPE)
#define ISMUX(sep)	(((sep)->se_type == MUX_TYPE) || ISMUXPLUS(sep))

#define	TOOMANY		40		/* don't start more than TOOMANY */

#define CONF_ERROR_FMT "%s line %zu: "

/* Log warning/error with 0 or variadic args with line number and file name */

#define ILV(prio, msg, ...) syslog(prio, CONF_ERROR_FMT msg ".", \
    CONFIG, line_number __VA_OPT__(,) __VA_ARGS__)

#define WRN(msg, ...) ILV(LOG_WARNING, msg __VA_OPT__(,) __VA_ARGS__)
#define ERR(msg, ...) ILV(LOG_ERR, msg __VA_OPT__(,) __VA_ARGS__)

/* Debug logging */
#ifdef DEBUG_ENABLE
#define DPRINTF(fmt, ...) do {\
	if (debug) {\
		fprintf(stderr, fmt "\n" __VA_OPT__(,) __VA_ARGS__);\
	}\
} while (false)
#else
#define DPRINTF(fmt, ...) __nothing
#endif

#define DPRINTCONF(fmt, ...) DPRINTF(CONF_ERROR_FMT fmt,\
	CONFIG, line_number __VA_OPT__(,) __VA_ARGS__)

#define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x)

/* "Unspecified" indicator value for servtabs (mainly used by v2 syntax) */
#define SERVTAB_UNSPEC_VAL -1

#define SERVTAB_UNSPEC_SIZE_T SIZE_MAX

#define SERVTAB_COUNT_MAX (SIZE_MAX - (size_t)1)

/* Standard logging and debug print format for a servtab */
#define SERV_FMT "%s/%s"
#define SERV_PARAMS(sep) sep->se_service,sep->se_proto

/* rate limiting macros */
#define	CNT_INTVL	((time_t)60)	/* servers in CNT_INTVL sec. */
#define	RETRYTIME	(60*10)		/* retry after bind or server fail */

struct	servtab {
	char	*se_hostaddr;		/* host address to listen on */
	char	*se_service;		/* name of service */
	int	se_socktype;		/* type of socket to use */
	sa_family_t	se_family;	/* address family */
	char	*se_proto;		/* protocol used */
	int	se_sndbuf;		/* sndbuf size */
	int	se_rcvbuf;		/* rcvbuf size */
	int	se_rpcprog;		/* rpc program number */
	int	se_rpcversl;		/* rpc program lowest version */
	int	se_rpcversh;		/* rpc program highest version */
#define isrpcservice(sep)	((sep)->se_rpcversl != 0)
	pid_t	se_wait;		/* single threaded server */
	short	se_checked;		/* looked at during merge */
	char	*se_user;		/* user name to run as */
	char	*se_group;		/* group name to run as */
	struct	biltin *se_bi;		/* if built-in, description */
	char	*se_server;		/* server program */
#define	MAXARGV 64
	char	*se_argv[MAXARGV+1];	/* program arguments */
#ifdef IPSEC
	char	*se_policy;		/* IPsec poilcy string */
#endif
	struct accept_filter_arg se_accf; /* accept filter for stream service */
	int	se_fd;			/* open descriptor */
	service_type	se_type;	/* type */
	union {
		/* ensure correctness of C struct initializer */
		struct sockaddr_storage	se_ctrladdr_storage;
		struct sockaddr	se_ctrladdr;
		struct sockaddr_in	se_ctrladdr_in;
		struct sockaddr_in6	se_ctrladdr_in6; /* in6 is used by bind()/getaddrinfo */
		struct sockaddr_un	se_ctrladdr_un;
	};				/* bound address */
	socklen_t	se_ctrladdr_size;
	size_t	se_service_max;		/* max # of instances of this service per minute */
	size_t	se_count;		/* number of instances of this service started since se_time */
	size_t	se_ip_max;  		/* max # of instances of this service per ip per minute */
	SLIST_HEAD(iplist, rl_ip_node) se_rl_ip_list; /* per-address (IP) rate limting */
	time_t se_time;	/* start of se_count and ip_max counts, in seconds from arbitrary point */

	/* TODO convert to using SLIST */
	struct	servtab *se_next;
};

struct rl_ip_node {
	/* Linked list entries */
	SLIST_ENTRY(rl_ip_node) entries;
	/*
	 * Number of service spawns from *_addr since se_time (includes
	 * attempted starts if greater than se_ip_max).
	 */
	size_t count;
	union {
		struct in_addr	ipv4_addr;
#ifdef INET6
		/* align for efficient comparison in rl_try_get, could use 8 instead */
		struct in6_addr	ipv6_addr __attribute__((aligned(16)));
#endif
		/*
		 * other_addr is used for other address types besides the
		 * special cases (IPv4/IPv6), using getnameinfo.
		 */
		struct {
			/* A field is required before the special array member */
			char _placeholder;
			/* malloc'd storage varies with length of string */
			char other_addr[];
		};
	};
	/*
	 * Do not declare further members after union, offsetof is used to
	 * determine malloc size.
	 */
};

/*
 * From inetd.c
 */

void	setup(struct servtab *);
void	close_sep(struct servtab *);
void	register_rpc(struct servtab *);
void	unregister_rpc(struct servtab *);
bool	try_biltin(struct servtab *);

/* Global debug mode boolean, enabled with -d */
extern int debug;

/* rate limit or other error timed out flag */
extern int	timingout;

/* servtab linked list */
extern struct servtab *servtab;

/*
 * From parse.c
 */

void	config_root(void);
int 	parse_protocol(struct servtab *);
int 	parse_wait(struct servtab *, int);
int 	parse_server(struct servtab *, const char *);
void 	parse_socktype(char *, struct servtab *);
void 	parse_accept_filter(char *, struct servtab *);
char 	*nextline(FILE *);
char 	*newstr(const char *);

/* Current line number in current config file */
extern size_t	line_number;

/* Current config file path */
extern const char	*CONFIG;

/* Open config file */
extern FILE	*fconfig;

/* Default listening hostname/IP for current config file */
extern char	*defhost;

/* Default IPsec policy for current config file */
extern char	*policy;

/*
 * From ratelimit.c
 */

int	rl_process(struct servtab *, int);
void	rl_clear_ip_list(struct servtab *);

/*
 * From parse_v2.c
 */

typedef enum parse_v2_result {V2_SUCCESS, V2_SKIP, V2_ERROR} parse_v2_result;

/*
 * Parse a key-values service definition, starting at the token after
 * on/off (i.e. parse a series of key-values pairs terminated by a semicolon).
 * Fills the provided servtab structure. Does not call freeconfig on error.
 */
parse_v2_result	parse_syntax_v2(struct servtab *, char **);

#endif