1 | /* SAMHAIN file system integrity testing */
|
---|
2 | /* Copyright (C) 2006 Rainer Wichmann */
|
---|
3 | /* */
|
---|
4 | /* This program is free software; you can redistribute it */
|
---|
5 | /* and/or modify */
|
---|
6 | /* it under the terms of the GNU General Public License as */
|
---|
7 | /* published by */
|
---|
8 | /* the Free Software Foundation; either version 2 of the License, or */
|
---|
9 | /* (at your option) any later version. */
|
---|
10 | /* */
|
---|
11 | /* This program is distributed in the hope that it will be useful, */
|
---|
12 | /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
---|
13 | /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
---|
14 | /* GNU General Public License for more details. */
|
---|
15 | /* */
|
---|
16 | /* You should have received a copy of the GNU General Public License */
|
---|
17 | /* along with this program; if not, write to the Free Software */
|
---|
18 | /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
|
---|
19 |
|
---|
20 | /***************************************************************************
|
---|
21 | *
|
---|
22 | * This file provides a module for samhain to check for open ports
|
---|
23 | * on the local machine.
|
---|
24 | *
|
---|
25 | */
|
---|
26 |
|
---|
27 |
|
---|
28 | /* #define TEST_ONLY */
|
---|
29 | #ifndef TEST_ONLY
|
---|
30 | #include "config_xor.h"
|
---|
31 | #endif
|
---|
32 |
|
---|
33 | #include <stdio.h>
|
---|
34 | #include <string.h>
|
---|
35 | #include <sys/types.h>
|
---|
36 | #include <sys/socket.h>
|
---|
37 | #include <netinet/in.h>
|
---|
38 | #include <arpa/inet.h>
|
---|
39 | #include <errno.h>
|
---|
40 | #include <unistd.h>
|
---|
41 | #include <fcntl.h>
|
---|
42 |
|
---|
43 | #define PORTCHK_VERSION "1.0"
|
---|
44 |
|
---|
45 | #if defined(TEST_ONLY) || (defined(SH_USE_PORTCHECK) && (defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)))
|
---|
46 |
|
---|
47 |
|
---|
48 | #define PORTMAP
|
---|
49 | #ifdef HAVE_RPC_RPC_H
|
---|
50 | #include <rpc/rpc.h>
|
---|
51 | #ifdef HAVE_RPC_RPCENT_H
|
---|
52 | #include <rpc/rpcent.h>
|
---|
53 | #endif
|
---|
54 | #include <rpc/pmap_clnt.h>
|
---|
55 | #include <rpc/pmap_prot.h>
|
---|
56 | #endif
|
---|
57 | #include <netdb.h>
|
---|
58 |
|
---|
59 | /*
|
---|
60 | * struct pmaplist {
|
---|
61 | * struct pmap pml_map;
|
---|
62 | * struct pmaplist *pml_next;
|
---|
63 | * };
|
---|
64 | */
|
---|
65 |
|
---|
66 | /* struct pmap {
|
---|
67 | * long unsigned pm_prog;
|
---|
68 | * long unsigned pm_vers;
|
---|
69 | * long unsigned pm_prot;
|
---|
70 | * long unsigned pm_port;
|
---|
71 | * };
|
---|
72 | */
|
---|
73 |
|
---|
74 | /* TIME_WAIT ? 60-240 seconds */
|
---|
75 |
|
---|
76 | #if !defined(TEST_ONLY)
|
---|
77 |
|
---|
78 | #define FIL__ _("sh_portcheck.c")
|
---|
79 | #include "samhain.h"
|
---|
80 | #include "sh_error.h"
|
---|
81 | #include "sh_mem.h"
|
---|
82 | #include "sh_calls.h"
|
---|
83 | #include "sh_utils.h"
|
---|
84 | #include "sh_modules.h"
|
---|
85 | #define SH_NEED_GETHOSTBYXXX
|
---|
86 | #include "sh_static.h"
|
---|
87 | #include "sh_pthread.h"
|
---|
88 | #include "sh_ipvx.h"
|
---|
89 |
|
---|
90 | /* the size of an interface string
|
---|
91 | */
|
---|
92 | #define SH_INTERFACE_SIZE SH_IP_BUF
|
---|
93 |
|
---|
94 | #define SH_PORT_NOT 0
|
---|
95 | #define SH_PORT_REQ 1
|
---|
96 | #define SH_PORT_OPT 2
|
---|
97 | #define SH_PORT_IGN 3
|
---|
98 | #define SH_PORT_BLACKLIST 4
|
---|
99 |
|
---|
100 | #define SH_PORT_MISS 0
|
---|
101 | #define SH_PORT_ISOK 1
|
---|
102 | #define SH_PORT_UNKN 2
|
---|
103 |
|
---|
104 | #define SH_PORT_NOREPT 0
|
---|
105 | #define SH_PORT_REPORT 1
|
---|
106 |
|
---|
107 | #define SH_PROTO_TCP 0
|
---|
108 | #define SH_PROTO_UDP 1
|
---|
109 | #define SH_PROTO_STR(a) (((a) == IPPROTO_TCP) ? _("tcp") : _("udp"))
|
---|
110 |
|
---|
111 | struct sh_portentry {
|
---|
112 | int port;
|
---|
113 | char interface[SH_INTERFACE_SIZE];
|
---|
114 | char * service;
|
---|
115 | char * error;
|
---|
116 | int flag; /* required or not */
|
---|
117 | int status; /* missing or not */
|
---|
118 | struct sh_portentry * next;
|
---|
119 | };
|
---|
120 |
|
---|
121 | static struct sh_portentry * portlist_tcp = NULL;
|
---|
122 | static struct sh_portentry * portlist_udp = NULL;
|
---|
123 |
|
---|
124 |
|
---|
125 | #define SH_PORTCHK_INTERVAL 300
|
---|
126 |
|
---|
127 | static int sh_portchk_check_udp = 1;
|
---|
128 | static int sh_portchk_active = 1;
|
---|
129 | static int sh_portchk_interval = SH_PORTCHK_INTERVAL;
|
---|
130 |
|
---|
131 | static int sh_portchk_minport = -1;
|
---|
132 | static int sh_portchk_maxport = -1;
|
---|
133 |
|
---|
134 | struct sh_port {
|
---|
135 | int port;
|
---|
136 | struct sh_sockaddr * paddr;
|
---|
137 | struct sh_port * next;
|
---|
138 | };
|
---|
139 |
|
---|
140 | static struct sh_port * blacklist_tcp = NULL;
|
---|
141 | static struct sh_port * blacklist_udp = NULL;
|
---|
142 |
|
---|
143 | SH_MUTEX_STATIC(mutex_port_check, PTHREAD_MUTEX_INITIALIZER);
|
---|
144 |
|
---|
145 | static int sh_portchk_severity = SH_ERR_SEVERE;
|
---|
146 |
|
---|
147 | extern char * sh_port2proc_query(int proto, struct sh_sockaddr * saddr, int sport,
|
---|
148 | unsigned long * pid, char * user, size_t userlen);
|
---|
149 | extern int sh_port2proc_prepare();
|
---|
150 | extern void sh_port2proc_finish();
|
---|
151 |
|
---|
152 | #endif
|
---|
153 |
|
---|
154 | /* Exported interface to add ignoreable ports as 'iface:portlist'
|
---|
155 | */
|
---|
156 | static int sh_portchk_add_ignore (const char * str);
|
---|
157 |
|
---|
158 | /* Exported interface to add required ports as 'iface:portlist'
|
---|
159 | */
|
---|
160 | static int sh_portchk_add_required (const char * str);
|
---|
161 |
|
---|
162 | /* Exported interface to add optional ports as 'iface:portlist'
|
---|
163 | */
|
---|
164 | static int sh_portchk_add_optional (const char * str);
|
---|
165 |
|
---|
166 | /* Exported interface to add blacklisted ports as 'iface:portlist'
|
---|
167 | */
|
---|
168 | static int sh_portchk_add_blacklist (const char * str);
|
---|
169 |
|
---|
170 | /* Exported interface to add an ethernet interface
|
---|
171 | */
|
---|
172 | static int sh_portchk_add_interface (const char * str);
|
---|
173 |
|
---|
174 | /* verify whether port/interface is blacklisted (do not check)
|
---|
175 | */
|
---|
176 | static int sh_portchk_is_blacklisted(int port, struct sh_sockaddr * haddr, int proto);
|
---|
177 |
|
---|
178 | #ifndef TEST_ONLY
|
---|
179 |
|
---|
180 | static int sh_portchk_set_interval (const char * c)
|
---|
181 | {
|
---|
182 | int retval = 0;
|
---|
183 | long val;
|
---|
184 |
|
---|
185 | SL_ENTER(_("sh_portchk_set_interval"));
|
---|
186 | val = strtol (c, (char **)NULL, 10);
|
---|
187 | if (val <= 0)
|
---|
188 | {
|
---|
189 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
190 | sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS,
|
---|
191 | _("port check interval"), c);
|
---|
192 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
193 | retval = -1;
|
---|
194 | }
|
---|
195 | else
|
---|
196 | {
|
---|
197 | sh_portchk_interval = (time_t) val;
|
---|
198 | }
|
---|
199 | SL_RETURN(retval, _("sh_portchk_set_interval"));
|
---|
200 | }
|
---|
201 |
|
---|
202 | static int sh_portchk_set_port_minmax (const char * c, int * setthis)
|
---|
203 | {
|
---|
204 | int retval = 0;
|
---|
205 | long val;
|
---|
206 |
|
---|
207 | SL_ENTER(_("sh_portchk_set_port_minmax"));
|
---|
208 | val = strtol (c, (char **)NULL, 10);
|
---|
209 | if (val < 0 || val > 65535)
|
---|
210 | {
|
---|
211 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
212 | sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS,
|
---|
213 | _("port check port minmax"), c);
|
---|
214 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
215 | retval = -1;
|
---|
216 | }
|
---|
217 | else
|
---|
218 | {
|
---|
219 | *setthis = (int) val;
|
---|
220 | }
|
---|
221 | SL_RETURN(retval, _("sh_portchk_set_port_minmax"));
|
---|
222 | }
|
---|
223 |
|
---|
224 |
|
---|
225 | static int sh_portchk_set_minport (const char * str)
|
---|
226 | {
|
---|
227 | return sh_portchk_set_port_minmax (str, &sh_portchk_minport);
|
---|
228 | }
|
---|
229 |
|
---|
230 | static int sh_portchk_set_maxport (const char * str)
|
---|
231 | {
|
---|
232 | return sh_portchk_set_port_minmax (str, &sh_portchk_maxport);
|
---|
233 | }
|
---|
234 |
|
---|
235 | static int sh_portchk_set_active (const char * str)
|
---|
236 | {
|
---|
237 | return sh_util_flagval(str, &sh_portchk_active);
|
---|
238 | }
|
---|
239 |
|
---|
240 | static int sh_portchk_set_udp (const char * str)
|
---|
241 | {
|
---|
242 | return sh_util_flagval(str, &sh_portchk_check_udp);
|
---|
243 | }
|
---|
244 |
|
---|
245 | static int sh_portchk_set_severity (const char * str)
|
---|
246 | {
|
---|
247 | char tmp[32];
|
---|
248 | tmp[0] = '='; tmp[1] = '\0';
|
---|
249 | sl_strlcat (tmp, str, 32);
|
---|
250 | return sh_error_set_level (tmp, &sh_portchk_severity);
|
---|
251 | }
|
---|
252 |
|
---|
253 | sh_rconf sh_portchk_table[] = {
|
---|
254 | {
|
---|
255 | N_("severityportcheck"),
|
---|
256 | sh_portchk_set_severity,
|
---|
257 | },
|
---|
258 | {
|
---|
259 | N_("portcheckrequired"),
|
---|
260 | sh_portchk_add_required,
|
---|
261 | },
|
---|
262 | {
|
---|
263 | N_("portcheckoptional"),
|
---|
264 | sh_portchk_add_optional,
|
---|
265 | },
|
---|
266 | {
|
---|
267 | N_("portcheckignore"),
|
---|
268 | sh_portchk_add_ignore,
|
---|
269 | },
|
---|
270 | {
|
---|
271 | N_("portcheckskip"),
|
---|
272 | sh_portchk_add_blacklist,
|
---|
273 | },
|
---|
274 | {
|
---|
275 | N_("portcheckactive"),
|
---|
276 | sh_portchk_set_active,
|
---|
277 | },
|
---|
278 | {
|
---|
279 | N_("portcheckinterface"),
|
---|
280 | sh_portchk_add_interface,
|
---|
281 | },
|
---|
282 | {
|
---|
283 | N_("portcheckinterval"),
|
---|
284 | sh_portchk_set_interval,
|
---|
285 | },
|
---|
286 | {
|
---|
287 | N_("portcheckminport"),
|
---|
288 | sh_portchk_set_minport,
|
---|
289 | },
|
---|
290 | {
|
---|
291 | N_("portcheckmaxport"),
|
---|
292 | sh_portchk_set_maxport,
|
---|
293 | },
|
---|
294 | {
|
---|
295 | N_("portcheckudp"),
|
---|
296 | sh_portchk_set_udp,
|
---|
297 | },
|
---|
298 | {
|
---|
299 | NULL,
|
---|
300 | NULL
|
---|
301 | }
|
---|
302 | };
|
---|
303 |
|
---|
304 | #endif
|
---|
305 |
|
---|
306 | /* Interface to initialize port check
|
---|
307 | */
|
---|
308 | int sh_portchk_init (struct mod_type * arg);
|
---|
309 |
|
---|
310 | /* Interface to reset port check
|
---|
311 | */
|
---|
312 | int sh_portchk_reset (void);
|
---|
313 |
|
---|
314 | /* Interface to run port check
|
---|
315 | */
|
---|
316 | int sh_portchk_check (void);
|
---|
317 |
|
---|
318 |
|
---|
319 | static char * check_services (int port, int proto);
|
---|
320 |
|
---|
321 | #ifdef TEST_ONLY
|
---|
322 |
|
---|
323 | static int portchk_debug = 0;
|
---|
324 | #define SH_ALLOC malloc
|
---|
325 | #define SH_FREE free
|
---|
326 | #define sh_util_strdup strdup
|
---|
327 | #define sl_strlcpy strncpy
|
---|
328 | #define _(a) a
|
---|
329 |
|
---|
330 | #else
|
---|
331 |
|
---|
332 | static int portchk_debug = 0;
|
---|
333 |
|
---|
334 | #endif
|
---|
335 |
|
---|
336 | #ifdef HAVE_RPC_RPC_H
|
---|
337 | static char * sh_getrpcbynumber (int number, char * buf, size_t len)
|
---|
338 | {
|
---|
339 | FILE * fp;
|
---|
340 |
|
---|
341 | if (NULL != (fp = fopen(_("/etc/rpc"), "r")))
|
---|
342 | {
|
---|
343 | sh_string * s = sh_string_new(0);
|
---|
344 | while (0 < sh_string_read(s, fp, 1024))
|
---|
345 | {
|
---|
346 | char * p = sh_string_str(s);
|
---|
347 | while (*p && (*p == ' ' || *p == '\t')) ++p; /* skip whitespace */
|
---|
348 | if (*p == '\0' || *p == '#')
|
---|
349 | continue; /* skip comment */
|
---|
350 | else
|
---|
351 | {
|
---|
352 | size_t lengths[3];
|
---|
353 | unsigned int fields = 3;
|
---|
354 | char * q = sh_string_str(s);
|
---|
355 | char ** splits = split_array_ws(q, &fields, lengths);
|
---|
356 |
|
---|
357 | if (fields >= 2)
|
---|
358 | {
|
---|
359 | int n = atoi(splits[1]);
|
---|
360 | if (n == number)
|
---|
361 | {
|
---|
362 | sl_strlcpy(buf, splits[0], len);
|
---|
363 | SH_FREE(splits);
|
---|
364 | sh_string_destroy(&s);
|
---|
365 | sl_fclose(FIL__, __LINE__, fp);
|
---|
366 | return buf;
|
---|
367 | }
|
---|
368 | }
|
---|
369 | SH_FREE(splits);
|
---|
370 | }
|
---|
371 | }
|
---|
372 | sh_string_destroy(&s);
|
---|
373 | sl_fclose(FIL__, __LINE__, fp);
|
---|
374 | }
|
---|
375 | return NULL;
|
---|
376 | }
|
---|
377 | #endif
|
---|
378 |
|
---|
379 | static char * sh_getservbyport (int port, const char * proto_in, char * buf, size_t len)
|
---|
380 | {
|
---|
381 | FILE * fp;
|
---|
382 | char proto[8];
|
---|
383 |
|
---|
384 | sl_strlcpy(proto, proto_in, sizeof(proto));
|
---|
385 |
|
---|
386 | if (NULL != (fp = fopen(_("/etc/services"), "r")))
|
---|
387 | {
|
---|
388 | sh_string * s = sh_string_new(0);
|
---|
389 | while (0 < sh_string_read(s, fp, 1024))
|
---|
390 | {
|
---|
391 | char * p = sh_string_str(s);
|
---|
392 | while (*p && (*p == ' ' || *p == '\t')) ++p; /* skip whitespace */
|
---|
393 | if (*p == '\0' || *p == '#')
|
---|
394 | continue; /* skip comment */
|
---|
395 | else
|
---|
396 | {
|
---|
397 | size_t lengths[3];
|
---|
398 | unsigned int fields = 3;
|
---|
399 | char * q = sh_string_str(s);
|
---|
400 | char ** splits = split_array_ws(q, &fields, lengths);
|
---|
401 |
|
---|
402 | if (fields >= 2)
|
---|
403 | {
|
---|
404 | char * end;
|
---|
405 | long n = strtol(splits[1], &end, 10);
|
---|
406 | if (n == port && end && (*end == '/' || *end == ','))
|
---|
407 | {
|
---|
408 | ++end;
|
---|
409 | if (0 == strcmp(end, proto))
|
---|
410 | {
|
---|
411 | sl_strlcpy(buf, splits[0], len);
|
---|
412 | SH_FREE(splits);
|
---|
413 | sh_string_destroy(&s);
|
---|
414 | sl_fclose(FIL__, __LINE__, fp);
|
---|
415 | return buf;
|
---|
416 | }
|
---|
417 | }
|
---|
418 | }
|
---|
419 | SH_FREE(splits);
|
---|
420 | }
|
---|
421 | }
|
---|
422 | sh_string_destroy(&s);
|
---|
423 | sl_fclose(FIL__, __LINE__, fp);
|
---|
424 | }
|
---|
425 | return NULL;
|
---|
426 | }
|
---|
427 |
|
---|
428 | static void sh_portchk_add_to_list (int proto,
|
---|
429 | int port, struct sh_sockaddr * paddr,
|
---|
430 | char * service,
|
---|
431 | int flag, int status)
|
---|
432 | {
|
---|
433 | struct sh_portentry * new = SH_ALLOC (sizeof(struct sh_portentry));
|
---|
434 |
|
---|
435 | if (portchk_debug)
|
---|
436 | fprintf(stderr, _("add to list: port %d/%s %d %d (%s)\n"),
|
---|
437 | port, SH_PROTO_STR(proto), flag, status, service ? service : _("undef"));
|
---|
438 |
|
---|
439 | new->port = port;
|
---|
440 | sh_ipvx_ntoa(new->interface, SH_INTERFACE_SIZE, paddr);
|
---|
441 | new->status = status;
|
---|
442 | new->flag = flag;
|
---|
443 |
|
---|
444 | new->error = NULL;
|
---|
445 |
|
---|
446 | if (service)
|
---|
447 | new->service = sh_util_strdup (service);
|
---|
448 | else
|
---|
449 | new->service = NULL;
|
---|
450 | if (proto == IPPROTO_TCP)
|
---|
451 | {
|
---|
452 | new->next = portlist_tcp;
|
---|
453 | portlist_tcp = new;
|
---|
454 | }
|
---|
455 | else
|
---|
456 | {
|
---|
457 | new->next = portlist_udp;
|
---|
458 | portlist_udp = new;
|
---|
459 | }
|
---|
460 | return;
|
---|
461 | }
|
---|
462 |
|
---|
463 | /* Reset the list by setting all entries to UNKN.
|
---|
464 | * In the next cycle we will check, and set found ports to ISOK.
|
---|
465 | * Thereafter, we check for entries that are still UNKN.
|
---|
466 | */
|
---|
467 | static void sh_portchk_reset_lists (void)
|
---|
468 | {
|
---|
469 | struct sh_portentry * portlist;
|
---|
470 |
|
---|
471 | portlist = portlist_tcp;
|
---|
472 | while (portlist)
|
---|
473 | {
|
---|
474 | if (portlist->status != SH_PORT_MISS)
|
---|
475 | portlist->status = SH_PORT_UNKN;
|
---|
476 | portlist = portlist->next;
|
---|
477 | }
|
---|
478 | portlist = portlist_udp;
|
---|
479 | while (portlist)
|
---|
480 | {
|
---|
481 | if (portlist->status != SH_PORT_MISS)
|
---|
482 | portlist->status = SH_PORT_UNKN;
|
---|
483 | portlist = portlist->next;
|
---|
484 | }
|
---|
485 | return;
|
---|
486 | }
|
---|
487 |
|
---|
488 | static struct sh_portentry * sh_portchk_kill_list (struct sh_portentry * head)
|
---|
489 | {
|
---|
490 | if (head)
|
---|
491 | {
|
---|
492 | if (head->next)
|
---|
493 | sh_portchk_kill_list (head->next);
|
---|
494 |
|
---|
495 | if (head->service)
|
---|
496 | SH_FREE(head->service);
|
---|
497 | SH_FREE(head);
|
---|
498 | }
|
---|
499 | return NULL;
|
---|
500 | }
|
---|
501 |
|
---|
502 | static struct sh_port * sh_portchk_kill_blacklist (struct sh_port * head)
|
---|
503 | {
|
---|
504 | if (head)
|
---|
505 | {
|
---|
506 | if (head->next)
|
---|
507 | sh_portchk_kill_blacklist (head->next);
|
---|
508 |
|
---|
509 | SH_FREE(head->paddr);
|
---|
510 | SH_FREE(head);
|
---|
511 | }
|
---|
512 | return NULL;
|
---|
513 | }
|
---|
514 |
|
---|
515 | /* These variables are not used anywhere. They only exist
|
---|
516 | * to assign &pre, &ptr to them, which keeps gcc from
|
---|
517 | * putting it into a register, and avoids the 'clobbered
|
---|
518 | * by longjmp' warning. And no, 'volatile' proved insufficient.
|
---|
519 | */
|
---|
520 | static void * sh_dummy_pre = NULL;
|
---|
521 | static void * sh_dummy_ptr = NULL;
|
---|
522 |
|
---|
523 | /* check the list of open ports for any that are marked as UNKN
|
---|
524 | */
|
---|
525 | static void sh_portchk_check_list (struct sh_portentry ** head, int proto, int report)
|
---|
526 | {
|
---|
527 | struct sh_portentry * ptr = *head;
|
---|
528 | struct sh_portentry * pre = *head;
|
---|
529 | char errbuf[256];
|
---|
530 |
|
---|
531 | /* Take the address to keep gcc from putting them into registers.
|
---|
532 | * Avoids the 'clobbered by longjmp' warning.
|
---|
533 | */
|
---|
534 | sh_dummy_pre = (void*) ⪯
|
---|
535 | sh_dummy_ptr = (void*) &ptr;
|
---|
536 |
|
---|
537 | while (ptr)
|
---|
538 | {
|
---|
539 | if (portchk_debug && report)
|
---|
540 | fprintf(stderr, _("check list: port %d/%s %d %d\n"),
|
---|
541 | ptr->port, SH_PROTO_STR(proto), ptr->flag, ptr->status);
|
---|
542 |
|
---|
543 | if (ptr->status == SH_PORT_UNKN)
|
---|
544 | {
|
---|
545 | /* Don't report missing ports that are marked as optional
|
---|
546 | */
|
---|
547 | if (ptr->flag != SH_PORT_OPT && ptr->flag != SH_PORT_IGN)
|
---|
548 | {
|
---|
549 | snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"),
|
---|
550 | ptr->interface, ptr->port, SH_PROTO_STR(proto),
|
---|
551 | ptr->service ? ptr->service : check_services(ptr->port, proto));
|
---|
552 | #ifdef TEST_ONLY
|
---|
553 | if (report == SH_PORT_REPORT)
|
---|
554 | fprintf(stderr, _("%s\n"), errbuf);
|
---|
555 | #else
|
---|
556 | if (report == SH_PORT_REPORT)
|
---|
557 | {
|
---|
558 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
559 | sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
|
---|
560 | MSG_PORT_MISS, errbuf);
|
---|
561 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
562 | }
|
---|
563 | #endif
|
---|
564 | }
|
---|
565 |
|
---|
566 | ptr->status = SH_PORT_MISS;
|
---|
567 |
|
---|
568 | if ((ptr->flag != SH_PORT_REQ) && (ptr->flag != SH_PORT_OPT) && (ptr->flag != SH_PORT_IGN))
|
---|
569 | {
|
---|
570 | if (portchk_debug && report)
|
---|
571 | fprintf(stderr, _("removing: port %d/%s %d %d\n"),
|
---|
572 | ptr->port, SH_PROTO_STR(proto), ptr->flag, ptr->status);
|
---|
573 |
|
---|
574 | if (ptr == *head)
|
---|
575 | {
|
---|
576 | *head = ptr->next;
|
---|
577 | if (ptr->service)
|
---|
578 | SH_FREE(ptr->service);
|
---|
579 | SH_FREE(ptr);
|
---|
580 | ptr = *head;
|
---|
581 | pre = *head;
|
---|
582 | continue;
|
---|
583 | }
|
---|
584 | else if (ptr->next == NULL)
|
---|
585 | {
|
---|
586 | pre->next = NULL;
|
---|
587 | if (ptr->service)
|
---|
588 | SH_FREE(ptr->service);
|
---|
589 | SH_FREE(ptr);
|
---|
590 | return;
|
---|
591 | }
|
---|
592 | else
|
---|
593 | {
|
---|
594 | pre->next = ptr->next;
|
---|
595 | if (ptr->service)
|
---|
596 | SH_FREE(ptr->service);
|
---|
597 | SH_FREE(ptr);
|
---|
598 | ptr = pre->next;
|
---|
599 | continue;
|
---|
600 | }
|
---|
601 | }
|
---|
602 | }
|
---|
603 | pre = ptr;
|
---|
604 | ptr = ptr->next;
|
---|
605 | }
|
---|
606 | return;
|
---|
607 | }
|
---|
608 |
|
---|
609 |
|
---|
610 | static struct sh_portentry * sh_portchk_get_from_list (int proto, int port,
|
---|
611 | struct sh_sockaddr * paddr, char * service)
|
---|
612 | {
|
---|
613 | struct sh_portentry * portlist;
|
---|
614 | char str_addr[SH_IP_BUF];
|
---|
615 |
|
---|
616 | if (proto == IPPROTO_TCP)
|
---|
617 | portlist = portlist_tcp;
|
---|
618 | else
|
---|
619 | portlist = portlist_udp;
|
---|
620 |
|
---|
621 | sh_ipvx_ntoa(str_addr, sizeof(str_addr), paddr);
|
---|
622 |
|
---|
623 | if (service)
|
---|
624 | {
|
---|
625 | while (portlist)
|
---|
626 | {
|
---|
627 | if (portlist->service &&
|
---|
628 | 0 == strcmp(service, portlist->service) &&
|
---|
629 | ( 0 == strcmp(portlist->interface, str_addr) ||
|
---|
630 | sh_ipvx_isany(paddr) ))
|
---|
631 | return portlist;
|
---|
632 | portlist = portlist->next;
|
---|
633 | }
|
---|
634 | }
|
---|
635 | else
|
---|
636 | {
|
---|
637 | while (portlist)
|
---|
638 | {
|
---|
639 | if (port == portlist->port &&
|
---|
640 | (0 == strcmp(portlist->interface, str_addr) ||
|
---|
641 | sh_ipvx_isany(paddr) ))
|
---|
642 | return portlist;
|
---|
643 | portlist = portlist->next;
|
---|
644 | }
|
---|
645 | }
|
---|
646 | return NULL;
|
---|
647 | }
|
---|
648 |
|
---|
649 |
|
---|
650 | static void sh_portchk_cmp_to_list (int proto, int port, struct sh_sockaddr * paddr, char * service)
|
---|
651 | {
|
---|
652 | struct sh_portentry * portent;
|
---|
653 | char errbuf[256];
|
---|
654 |
|
---|
655 |
|
---|
656 | portent = sh_portchk_get_from_list (proto, port, paddr, service);
|
---|
657 |
|
---|
658 | if (service)
|
---|
659 | {
|
---|
660 | if (!portent)
|
---|
661 | {
|
---|
662 | char * path;
|
---|
663 | unsigned long qpid;
|
---|
664 | char user[USER_MAX];
|
---|
665 | char saddr[SH_IP_BUF];
|
---|
666 |
|
---|
667 | sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
|
---|
668 |
|
---|
669 | snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"),
|
---|
670 | saddr, port, SH_PROTO_STR(proto), service);
|
---|
671 | #ifdef TEST_ONLY
|
---|
672 | fprintf(stderr, _("open port: %s:%d/%s (%s)\n"),
|
---|
673 | saddr, port, SH_PROTO_STR(proto), service);
|
---|
674 | #else
|
---|
675 | path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
|
---|
676 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
677 | sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
|
---|
678 | MSG_PORT_NEW, errbuf, path, qpid, user);
|
---|
679 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
680 | SH_FREE(path);
|
---|
681 | #endif
|
---|
682 | /*
|
---|
683 | * was not there, thus it is not in 'required' or 'optional' list
|
---|
684 | */
|
---|
685 | sh_portchk_add_to_list (proto, port, paddr, service, SH_PORT_NOT, SH_PORT_ISOK);
|
---|
686 | }
|
---|
687 | else if (portent->status == SH_PORT_MISS && portent->flag != SH_PORT_IGN)
|
---|
688 | {
|
---|
689 | char * path;
|
---|
690 | unsigned long qpid;
|
---|
691 | char user[USER_MAX];
|
---|
692 | char saddr[SH_IP_BUF];
|
---|
693 |
|
---|
694 | sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
|
---|
695 |
|
---|
696 | snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s), was %d/%s"),
|
---|
697 | saddr, port, SH_PROTO_STR(proto), service, portent->port, SH_PROTO_STR(proto));
|
---|
698 | #ifdef TEST_ONLY
|
---|
699 | fprintf(stderr, _("service: %s\n"), errbuf);
|
---|
700 | #else
|
---|
701 | path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
|
---|
702 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
703 | sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
|
---|
704 | MSG_PORT_RESTART, errbuf, path, qpid, user);
|
---|
705 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
706 | SH_FREE(path);
|
---|
707 | #endif
|
---|
708 |
|
---|
709 | portent->status = SH_PORT_ISOK;
|
---|
710 | }
|
---|
711 | else if (port != portent->port && (-1) != portent->port)
|
---|
712 | {
|
---|
713 | char * path;
|
---|
714 | unsigned long qpid;
|
---|
715 | char user[USER_MAX];
|
---|
716 | char saddr[SH_IP_BUF];
|
---|
717 |
|
---|
718 | sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
|
---|
719 |
|
---|
720 | snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s), was %d/%s"),
|
---|
721 | saddr, port, SH_PROTO_STR(proto), service, portent->port, SH_PROTO_STR(proto));
|
---|
722 | #ifdef TEST_ONLY
|
---|
723 | fprintf(stderr, _("service: %s\n"), errbuf);
|
---|
724 | #else
|
---|
725 | path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
|
---|
726 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
727 | sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
|
---|
728 | MSG_PORT_NEWPORT, errbuf, path, qpid, user);
|
---|
729 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
730 | SH_FREE(path);
|
---|
731 | #endif
|
---|
732 | portent->port = port;
|
---|
733 | portent->status = SH_PORT_ISOK;
|
---|
734 | }
|
---|
735 | else
|
---|
736 | {
|
---|
737 | portent->status = SH_PORT_ISOK;
|
---|
738 | }
|
---|
739 | }
|
---|
740 | else
|
---|
741 | {
|
---|
742 | if (!portent)
|
---|
743 | {
|
---|
744 | char * path;
|
---|
745 | unsigned long qpid;
|
---|
746 | char user[USER_MAX];
|
---|
747 | char saddr[SH_IP_BUF];
|
---|
748 |
|
---|
749 | sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
|
---|
750 |
|
---|
751 | snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"),
|
---|
752 | saddr, port, SH_PROTO_STR(proto), check_services(port, proto));
|
---|
753 | #ifdef TEST_ONLY
|
---|
754 | fprintf(stderr, _("open port: %s:%d/%s (%s)\n"),
|
---|
755 | saddr, port, SH_PROTO_STR(proto), check_services(port, proto));
|
---|
756 | #else
|
---|
757 | path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
|
---|
758 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
759 | sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
|
---|
760 | MSG_PORT_NEW, errbuf, path, qpid, user);
|
---|
761 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
762 | SH_FREE(path);
|
---|
763 | #endif
|
---|
764 |
|
---|
765 | /* was not there, thus it is not in 'required' or 'optional' list
|
---|
766 | */
|
---|
767 | sh_portchk_add_to_list (proto, port, paddr, service, SH_PORT_NOT, SH_PORT_ISOK);
|
---|
768 | }
|
---|
769 | else if (portent->status == SH_PORT_MISS && portent->flag != SH_PORT_IGN)
|
---|
770 | {
|
---|
771 | char * path;
|
---|
772 | unsigned long qpid;
|
---|
773 | char user[USER_MAX];
|
---|
774 | char saddr[SH_IP_BUF];
|
---|
775 |
|
---|
776 | sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
|
---|
777 |
|
---|
778 | snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"),
|
---|
779 | saddr, port, SH_PROTO_STR(proto), check_services(port, proto));
|
---|
780 | #ifdef TEST_ONLY
|
---|
781 | fprintf(stderr, _("port : %s\n"), errbuf);
|
---|
782 | #else
|
---|
783 | path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
|
---|
784 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
785 | sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
|
---|
786 | MSG_PORT_RESTART, errbuf, path, qpid, user);
|
---|
787 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
788 | SH_FREE(path);
|
---|
789 | #endif
|
---|
790 |
|
---|
791 | portent->status = SH_PORT_ISOK;
|
---|
792 | }
|
---|
793 | else
|
---|
794 | {
|
---|
795 | portent->status = SH_PORT_ISOK;
|
---|
796 | }
|
---|
797 | }
|
---|
798 |
|
---|
799 | return;
|
---|
800 | }
|
---|
801 |
|
---|
802 |
|
---|
803 | /* Returns a static buffer containing the name of the service
|
---|
804 | * running on port <port> (from /etc/services)
|
---|
805 | * Returns NULL on failure
|
---|
806 | */
|
---|
807 | static char * check_services (int port, int proto)
|
---|
808 | {
|
---|
809 | static char buf[256];
|
---|
810 | char * service = sh_getservbyport(port, SH_PROTO_STR(proto), buf, sizeof(buf));
|
---|
811 |
|
---|
812 | if (!service)
|
---|
813 | {
|
---|
814 | snprintf (buf, sizeof(buf), "%s",_("unknown"));
|
---|
815 | }
|
---|
816 | return buf;
|
---|
817 | }
|
---|
818 |
|
---|
819 | /* Returns a static buffer containing the name of the service
|
---|
820 | * running on port <port> at <address> (from portmap daemon)
|
---|
821 | * Returns NULL on failure
|
---|
822 | */
|
---|
823 | static char * check_rpc_list (int port, struct sockaddr_in * address,
|
---|
824 | unsigned long prot)
|
---|
825 | {
|
---|
826 | #ifdef HAVE_RPC_RPC_H
|
---|
827 | struct pmaplist * head;
|
---|
828 | char *r;
|
---|
829 | static char buf[256];
|
---|
830 |
|
---|
831 | head = pmap_getmaps(address);
|
---|
832 |
|
---|
833 | if (head)
|
---|
834 | {
|
---|
835 | do /* while (head != NULL) */
|
---|
836 | {
|
---|
837 | if ((head->pml_map.pm_prot == prot) &&
|
---|
838 | (port == (int)head->pml_map.pm_port))
|
---|
839 | {
|
---|
840 | r = sh_getrpcbynumber((int)head->pml_map.pm_prog,
|
---|
841 | buf, sizeof(buf));
|
---|
842 | if (r)
|
---|
843 | {
|
---|
844 | return buf;
|
---|
845 | }
|
---|
846 | else
|
---|
847 | {
|
---|
848 | snprintf (buf, sizeof(buf), "RPC_%lu",
|
---|
849 | (unsigned long)head->pml_map.pm_prog);
|
---|
850 | return buf;
|
---|
851 | }
|
---|
852 | }
|
---|
853 | head = head->pml_next;
|
---|
854 | }
|
---|
855 | while (head != NULL);
|
---|
856 | }
|
---|
857 | #else
|
---|
858 | (void) port;
|
---|
859 | (void) address;
|
---|
860 | (void) prot;
|
---|
861 | #endif
|
---|
862 | return NULL;
|
---|
863 | }
|
---|
864 |
|
---|
865 | static int check_port_udp_internal (int fd, int port, struct sh_sockaddr * paddr)
|
---|
866 | {
|
---|
867 | int retval;
|
---|
868 | char * p = NULL;
|
---|
869 | char buf[8];
|
---|
870 | #ifndef TEST_ONLY
|
---|
871 | char errmsg[256];
|
---|
872 | int nerr;
|
---|
873 | #endif
|
---|
874 | char errbuf[SH_ERRBUF_SIZE];
|
---|
875 | char ipbuf[SH_IP_BUF];
|
---|
876 |
|
---|
877 | sh_ipvx_set_port(paddr, port);
|
---|
878 |
|
---|
879 | do {
|
---|
880 | retval = connect(fd, sh_ipvx_sockaddr_cast(paddr), SH_SSP_LEN(paddr));
|
---|
881 | } while (retval < 0 && (errno == EINTR || errno == EINPROGRESS));
|
---|
882 |
|
---|
883 | if (retval == -1)
|
---|
884 | {
|
---|
885 | #ifdef TEST_ONLY
|
---|
886 | if (portchk_debug)
|
---|
887 | perror(_("connect"));
|
---|
888 | #else
|
---|
889 | sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
|
---|
890 |
|
---|
891 | nerr = errno;
|
---|
892 | sl_snprintf(errmsg, sizeof(errmsg), _("check port: %5d/udp on %15s: %s"),
|
---|
893 | port, ipbuf, sh_error_message(errno, errbuf, sizeof(errbuf)));
|
---|
894 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
895 | sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN,
|
---|
896 | errmsg, _("connect"));
|
---|
897 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
898 | #endif
|
---|
899 | }
|
---|
900 | else
|
---|
901 | {
|
---|
902 | do {
|
---|
903 | retval = send (fd, buf, 0, 0);
|
---|
904 | } while (retval < 0 && errno == EINTR);
|
---|
905 |
|
---|
906 | if (retval == -1 && errno == ECONNREFUSED)
|
---|
907 | {
|
---|
908 | sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
|
---|
909 | if (portchk_debug)
|
---|
910 | fprintf(stderr, _("check port: %5d/udp on %15s established/time_wait\n"),
|
---|
911 | port, ipbuf);
|
---|
912 | }
|
---|
913 | else
|
---|
914 | {
|
---|
915 | /* Only the second send() may catch the error
|
---|
916 | */
|
---|
917 | do {
|
---|
918 | retval = send (fd, buf, 0, 0);
|
---|
919 | } while (retval < 0 && errno == EINTR);
|
---|
920 |
|
---|
921 | if (retval == -1 && errno == ECONNREFUSED)
|
---|
922 | {
|
---|
923 | sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
|
---|
924 | if (portchk_debug)
|
---|
925 | fprintf(stderr, _("check port: %5d/udp on %15s established/time_wait\n"),
|
---|
926 | port, ipbuf);
|
---|
927 | }
|
---|
928 | else if (retval != -1)
|
---|
929 | {
|
---|
930 | /* Try to get service name from portmap
|
---|
931 | */
|
---|
932 | if (paddr->ss_family == AF_INET)
|
---|
933 | {
|
---|
934 | p = check_rpc_list (port, (struct sockaddr_in *) sh_ipvx_sockaddr_cast(paddr), IPPROTO_UDP);
|
---|
935 | }
|
---|
936 |
|
---|
937 | sh_portchk_cmp_to_list (IPPROTO_UDP, port, paddr, p ? p : NULL);
|
---|
938 |
|
---|
939 | /* If not an RPC service, try to get name from /etc/services
|
---|
940 | */
|
---|
941 | if (!p)
|
---|
942 | p = check_services(port, IPPROTO_UDP);
|
---|
943 |
|
---|
944 | if (portchk_debug)
|
---|
945 | {
|
---|
946 | sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
|
---|
947 | fprintf(stderr, _("check port: %5d/udp on %15s open %s\n"),
|
---|
948 | port, ipbuf, p);
|
---|
949 | }
|
---|
950 |
|
---|
951 | }
|
---|
952 | }
|
---|
953 | }
|
---|
954 | sl_close_fd (FIL__, __LINE__, fd);
|
---|
955 | return 0;
|
---|
956 | }
|
---|
957 |
|
---|
958 | static int check_port_tcp_internal (int fd, int port, struct sh_sockaddr * paddr)
|
---|
959 | {
|
---|
960 | int retval;
|
---|
961 | int flags;
|
---|
962 | char * p = NULL;
|
---|
963 | #ifndef TEST_ONLY
|
---|
964 | char errmsg[256];
|
---|
965 | int nerr;
|
---|
966 | #endif
|
---|
967 | char errbuf[SH_ERRBUF_SIZE];
|
---|
968 | char ipbuf[SH_IP_BUF];
|
---|
969 |
|
---|
970 | sh_ipvx_set_port(paddr, port);
|
---|
971 |
|
---|
972 | do {
|
---|
973 | retval = connect(fd, sh_ipvx_sockaddr_cast(paddr), SH_SSP_LEN(paddr));
|
---|
974 | } while (retval < 0 && (errno == EINTR || errno == EINPROGRESS));
|
---|
975 |
|
---|
976 | if (retval == -1 && errno == ECONNREFUSED)
|
---|
977 | {
|
---|
978 | if (portchk_debug)
|
---|
979 | {
|
---|
980 | sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
|
---|
981 | fprintf(stderr, _("check port: %5d on %15s established/time_wait\n"),
|
---|
982 | port, ipbuf);
|
---|
983 | }
|
---|
984 | }
|
---|
985 | else if (retval == -1)
|
---|
986 | {
|
---|
987 | #ifdef TEST_ONLY
|
---|
988 | if (portchk_debug)
|
---|
989 | perror(_("connect"));
|
---|
990 | #else
|
---|
991 | sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
|
---|
992 | nerr = errno;
|
---|
993 | sl_snprintf(errmsg, sizeof(errmsg), _("check port: %5d/tcp on %15s: %s"),
|
---|
994 | port, ipbuf, sh_error_message(errno, errbuf, sizeof(errbuf)));
|
---|
995 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
996 | sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN,
|
---|
997 | errmsg, _("connect"));
|
---|
998 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
999 | #endif
|
---|
1000 | }
|
---|
1001 | else
|
---|
1002 | {
|
---|
1003 | /* Try to get service name from portmap
|
---|
1004 | */
|
---|
1005 | if (paddr->ss_family == AF_INET)
|
---|
1006 | {
|
---|
1007 | p = check_rpc_list (port, (struct sockaddr_in *) sh_ipvx_sockaddr_cast(paddr), IPPROTO_TCP);
|
---|
1008 | }
|
---|
1009 |
|
---|
1010 | sh_portchk_cmp_to_list (IPPROTO_TCP, port, paddr, p ? p : NULL);
|
---|
1011 |
|
---|
1012 | /* If not an RPC service, try to get name from /etc/services
|
---|
1013 | */
|
---|
1014 | if (!p)
|
---|
1015 | p = check_services(port, IPPROTO_TCP);
|
---|
1016 |
|
---|
1017 | if (portchk_debug)
|
---|
1018 | {
|
---|
1019 | sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
|
---|
1020 | fprintf(stderr, _("check port: %5d on %15s open %s\n"),
|
---|
1021 | port, ipbuf, p);
|
---|
1022 | }
|
---|
1023 |
|
---|
1024 | #if !defined(O_NONBLOCK)
|
---|
1025 | #if defined(O_NDELAY)
|
---|
1026 | #define O_NONBLOCK O_NDELAY
|
---|
1027 | #else
|
---|
1028 | #define O_NONBLOCK 0
|
---|
1029 | #endif
|
---|
1030 | #endif
|
---|
1031 |
|
---|
1032 | /* prepare to close connection gracefully
|
---|
1033 | */
|
---|
1034 | if (port == 22) /* ssh */
|
---|
1035 | {
|
---|
1036 | flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
|
---|
1037 | retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
|
---|
1038 | retval = write (fd, _("SSH-2.0-Foobar"), 14);
|
---|
1039 | if (retval > 0) retval = write (fd, "\r\n", 2);
|
---|
1040 | }
|
---|
1041 | else if (port == 25) /* smtp */
|
---|
1042 | {
|
---|
1043 | flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
|
---|
1044 | retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
|
---|
1045 | retval = write (fd, _("QUIT"), 4);
|
---|
1046 | if (retval > 0) retval = write (fd, "\r\n", 2);
|
---|
1047 | }
|
---|
1048 | else if (port == 79) /* finger */
|
---|
1049 | {
|
---|
1050 | flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
|
---|
1051 | retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
|
---|
1052 | retval = write (fd, "\r\n", 2);
|
---|
1053 | }
|
---|
1054 | else if (port == 110) /* pop3 */
|
---|
1055 | {
|
---|
1056 | flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
|
---|
1057 | retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
|
---|
1058 | retval = write (fd, _("QUIT"), 4);
|
---|
1059 | if (retval > 0) retval = write (fd, "\r\n", 2);
|
---|
1060 | }
|
---|
1061 | else if (port == 143) /* imap */
|
---|
1062 | {
|
---|
1063 | flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
|
---|
1064 | retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
|
---|
1065 | retval = write (fd, _("A01 LOGOUT"), 10);
|
---|
1066 | if (retval > 0) retval = write (fd, "\r\n", 2);
|
---|
1067 | }
|
---|
1068 |
|
---|
1069 | if (portchk_debug && retval < 0)
|
---|
1070 | fprintf(stderr, _("check port: error writing to port %5d\n"),
|
---|
1071 | port);
|
---|
1072 | }
|
---|
1073 | sl_close_fd (FIL__, __LINE__, fd);
|
---|
1074 | return 0;
|
---|
1075 | }
|
---|
1076 |
|
---|
1077 | /* typedef uint32_t in_addr_t;
|
---|
1078 | * struct in_addr
|
---|
1079 | * {
|
---|
1080 | * in_addr_t s_addr;
|
---|
1081 | * };
|
---|
1082 | */
|
---|
1083 |
|
---|
1084 | #define SH_IFACE_MAX 16
|
---|
1085 |
|
---|
1086 | struct portchk_interfaces {
|
---|
1087 | struct sh_sockaddr iface[SH_IFACE_MAX];
|
---|
1088 | int used;
|
---|
1089 | };
|
---|
1090 |
|
---|
1091 | static struct portchk_interfaces iface_list;
|
---|
1092 | static int iface_initialized = 0;
|
---|
1093 |
|
---|
1094 | #ifdef TEST_ONLY
|
---|
1095 | static char * portchk_hostname = NULL;
|
---|
1096 | #else
|
---|
1097 | static char * portchk_hostname = sh.host.name;
|
---|
1098 | #endif
|
---|
1099 |
|
---|
1100 | static int sh_portchk_init_internal (void)
|
---|
1101 | {
|
---|
1102 | volatile int i; /* might be clobbered by âlongjmpâ or âvforkâ*/
|
---|
1103 | char errbuf[256];
|
---|
1104 | #if defined(USE_IPVX)
|
---|
1105 | struct addrinfo hints;
|
---|
1106 | struct addrinfo *res;
|
---|
1107 | #else
|
---|
1108 | struct hostent * hent;
|
---|
1109 | #endif
|
---|
1110 | char ipbuf[SH_IP_BUF];
|
---|
1111 |
|
---|
1112 | if (portchk_debug)
|
---|
1113 | fprintf(stderr, _("checking ports on: %s\n"), portchk_hostname ? portchk_hostname : _("NULL"));
|
---|
1114 |
|
---|
1115 | if (!portchk_hostname)
|
---|
1116 | return -1;
|
---|
1117 |
|
---|
1118 | if (sh_portchk_active == S_FALSE)
|
---|
1119 | return -1;
|
---|
1120 |
|
---|
1121 | SH_MUTEX_LOCK(mutex_port_check);
|
---|
1122 | if (iface_initialized == 0)
|
---|
1123 | {
|
---|
1124 | iface_list.used = 0;
|
---|
1125 | iface_initialized = 1;
|
---|
1126 | }
|
---|
1127 |
|
---|
1128 | #if !defined(USE_IPVX)
|
---|
1129 | SH_MUTEX_LOCK(mutex_resolv);
|
---|
1130 | hent = sh_gethostbyname(portchk_hostname);
|
---|
1131 | i = 0;
|
---|
1132 | while (hent && hent->h_addr_list[i] && (iface_list.used < SH_IFACE_MAX))
|
---|
1133 | {
|
---|
1134 | struct sockaddr_in sin;
|
---|
1135 |
|
---|
1136 | memcpy(&(sin.sin_addr.s_addr), hent->h_addr_list[i], sizeof(in_addr_t));
|
---|
1137 | sh_ipvx_save(&(iface_list.iface[iface_list.used]),
|
---|
1138 | AF_INET, (struct sockaddr *)&sin);
|
---|
1139 | ++iface_list.used;
|
---|
1140 | ++i;
|
---|
1141 | }
|
---|
1142 | SH_MUTEX_UNLOCK(mutex_resolv);
|
---|
1143 | #else
|
---|
1144 | memset(&hints, '\0', sizeof(hints));
|
---|
1145 | hints.ai_family = PF_UNSPEC;
|
---|
1146 | hints.ai_flags = AI_ADDRCONFIG;
|
---|
1147 |
|
---|
1148 | if (0 == getaddrinfo(portchk_hostname, NULL, &hints, &res))
|
---|
1149 | {
|
---|
1150 | struct addrinfo *p = res;
|
---|
1151 |
|
---|
1152 | while ((p != NULL) && (iface_list.used < SH_IFACE_MAX))
|
---|
1153 | {
|
---|
1154 | sh_ipvx_save(&(iface_list.iface[iface_list.used]),
|
---|
1155 | p->ai_family, p->ai_addr);
|
---|
1156 | ++iface_list.used;
|
---|
1157 | p = p->ai_next;
|
---|
1158 | }
|
---|
1159 | freeaddrinfo(res);
|
---|
1160 | }
|
---|
1161 | #endif
|
---|
1162 |
|
---|
1163 | for (i = 0; i < iface_list.used; ++i)
|
---|
1164 | {
|
---|
1165 | sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), &(iface_list.iface[i]));
|
---|
1166 | sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), ipbuf);
|
---|
1167 |
|
---|
1168 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1169 | sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN,
|
---|
1170 | errbuf, _("sh_portchk_init"));
|
---|
1171 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1172 | }
|
---|
1173 | SH_MUTEX_UNLOCK(mutex_port_check);
|
---|
1174 |
|
---|
1175 | return 0;
|
---|
1176 | }
|
---|
1177 |
|
---|
1178 | int sh_portchk_init (struct mod_type * arg)
|
---|
1179 | {
|
---|
1180 | #ifndef HAVE_PTHREAD
|
---|
1181 | (void) arg;
|
---|
1182 | #endif
|
---|
1183 |
|
---|
1184 | if (sh_portchk_active == S_FALSE)
|
---|
1185 | return SH_MOD_FAILED;
|
---|
1186 | if (!portchk_hostname)
|
---|
1187 | return SH_MOD_FAILED;
|
---|
1188 |
|
---|
1189 | #ifdef HAVE_PTHREAD
|
---|
1190 | if (arg != NULL && arg->initval < 0 &&
|
---|
1191 | (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE))
|
---|
1192 | {
|
---|
1193 | if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg))
|
---|
1194 | return SH_MOD_THREAD;
|
---|
1195 | else
|
---|
1196 | return SH_MOD_FAILED;
|
---|
1197 | }
|
---|
1198 | else if (arg != NULL && arg->initval == SH_MOD_THREAD &&
|
---|
1199 | (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE))
|
---|
1200 | {
|
---|
1201 | return SH_MOD_THREAD;
|
---|
1202 | }
|
---|
1203 | #endif
|
---|
1204 | return sh_portchk_init_internal();
|
---|
1205 | }
|
---|
1206 |
|
---|
1207 |
|
---|
1208 |
|
---|
1209 | #if !defined(TEST_ONLY)
|
---|
1210 | int sh_portchk_reconf (void)
|
---|
1211 | {
|
---|
1212 | SH_MUTEX_LOCK(mutex_port_check);
|
---|
1213 | iface_initialized = 0;
|
---|
1214 | sh_portchk_active = 1;
|
---|
1215 | sh_portchk_check_udp = 1;
|
---|
1216 | sh_portchk_interval = SH_PORTCHK_INTERVAL;
|
---|
1217 |
|
---|
1218 | sh_portchk_minport = -1;
|
---|
1219 | sh_portchk_maxport = -1;
|
---|
1220 |
|
---|
1221 | portlist_udp = sh_portchk_kill_list (portlist_udp);
|
---|
1222 | portlist_tcp = sh_portchk_kill_list (portlist_tcp);
|
---|
1223 |
|
---|
1224 | blacklist_udp = sh_portchk_kill_blacklist (blacklist_udp);
|
---|
1225 | blacklist_tcp = sh_portchk_kill_blacklist (blacklist_tcp);
|
---|
1226 | sh_port2proc_finish();
|
---|
1227 |
|
---|
1228 | SH_MUTEX_UNLOCK(mutex_port_check);
|
---|
1229 | return 0;
|
---|
1230 | }
|
---|
1231 |
|
---|
1232 | int sh_portchk_cleanup (void)
|
---|
1233 | {
|
---|
1234 | return sh_portchk_reconf ();
|
---|
1235 | }
|
---|
1236 |
|
---|
1237 | int sh_portchk_timer (time_t tcurrent)
|
---|
1238 | {
|
---|
1239 | static time_t lastcheck = 0;
|
---|
1240 |
|
---|
1241 | SL_ENTER(_("sh_portchk_timer"));
|
---|
1242 | if ((time_t) (tcurrent - lastcheck) >= sh_portchk_interval)
|
---|
1243 | {
|
---|
1244 | lastcheck = tcurrent;
|
---|
1245 | SL_RETURN((-1), _("sh_portchk_timer"));
|
---|
1246 | }
|
---|
1247 | SL_RETURN(0, _("sh_portchk_timer"));
|
---|
1248 | }
|
---|
1249 | #endif
|
---|
1250 |
|
---|
1251 | static int check_port_generic (int port, int domain, int type, int protocol)
|
---|
1252 | {
|
---|
1253 | volatile int i = 0;
|
---|
1254 | int sock = -1;
|
---|
1255 | int flag = 1; /* non-zero to enable an option */
|
---|
1256 | struct sh_sockaddr paddr;
|
---|
1257 | char errbuf[SH_ERRBUF_SIZE];
|
---|
1258 |
|
---|
1259 | /* Check all interfaces for this host
|
---|
1260 | */
|
---|
1261 | while (i < iface_list.used)
|
---|
1262 | {
|
---|
1263 | memcpy(&paddr, &(iface_list.iface[i]), sizeof(paddr));
|
---|
1264 |
|
---|
1265 | if (paddr.ss_family != domain)
|
---|
1266 | {
|
---|
1267 | ++i;
|
---|
1268 | continue;
|
---|
1269 | }
|
---|
1270 |
|
---|
1271 | if (0 != sh_portchk_is_blacklisted(port, &paddr, protocol))
|
---|
1272 | {
|
---|
1273 | ++i;
|
---|
1274 | continue;
|
---|
1275 | }
|
---|
1276 |
|
---|
1277 | if ((sock = socket(paddr.ss_family, type, protocol)) < 0 )
|
---|
1278 | {
|
---|
1279 | ++i;
|
---|
1280 | #ifdef TEST_ONLY
|
---|
1281 | if (portchk_debug)
|
---|
1282 | perror(_("socket"));
|
---|
1283 | #else
|
---|
1284 |
|
---|
1285 | #ifndef EPROTONOSUPPORT
|
---|
1286 | #define EPROTONOSUPPORT 0
|
---|
1287 | #endif
|
---|
1288 | #ifndef EAFNOSUPPORT
|
---|
1289 | #define EAFNOSUPPORT 0
|
---|
1290 | #endif
|
---|
1291 | if (errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
|
---|
1292 | {
|
---|
1293 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1294 | sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
|
---|
1295 | sh_error_message(errno, errbuf, sizeof(errbuf)), _("socket"));
|
---|
1296 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1297 | }
|
---|
1298 | #endif
|
---|
1299 | continue;
|
---|
1300 | }
|
---|
1301 | if ( setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
|
---|
1302 | (void *) &flag, sizeof(flag)) < 0 )
|
---|
1303 | {
|
---|
1304 | ++i;
|
---|
1305 | #ifdef TEST_ONLY
|
---|
1306 | if (portchk_debug)
|
---|
1307 | perror(_("setsockopt"));
|
---|
1308 | #else
|
---|
1309 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1310 | sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
|
---|
1311 | sh_error_message(errno, errbuf, sizeof(errbuf)),_("setsockopt"));
|
---|
1312 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1313 | #endif
|
---|
1314 | continue;
|
---|
1315 | }
|
---|
1316 |
|
---|
1317 |
|
---|
1318 | if (protocol == IPPROTO_TCP)
|
---|
1319 | check_port_tcp_internal(sock, port, &paddr);
|
---|
1320 | else
|
---|
1321 | check_port_udp_internal(sock, port, &paddr);
|
---|
1322 |
|
---|
1323 | ++i;
|
---|
1324 | }
|
---|
1325 |
|
---|
1326 | return 0;
|
---|
1327 | }
|
---|
1328 |
|
---|
1329 |
|
---|
1330 |
|
---|
1331 | static int check_port_udp (int port, int domain)
|
---|
1332 | {
|
---|
1333 | return check_port_generic(port, domain, SOCK_DGRAM, IPPROTO_UDP);
|
---|
1334 | }
|
---|
1335 |
|
---|
1336 | static int check_port_tcp (int port, int domain)
|
---|
1337 | {
|
---|
1338 | return check_port_generic(port, domain, SOCK_STREAM, IPPROTO_TCP);
|
---|
1339 | }
|
---|
1340 |
|
---|
1341 |
|
---|
1342 | static int sh_portchk_scan_ports_generic (int min_port, int max_port_arg,
|
---|
1343 | int domain, int type, int protocol)
|
---|
1344 | {
|
---|
1345 | /*
|
---|
1346 | int min_port = 1024;
|
---|
1347 | int max_port = 65535;
|
---|
1348 | */
|
---|
1349 |
|
---|
1350 | volatile int port; /* might be clobbered by âlongjmpâ or âvforkâ*/
|
---|
1351 | volatile int max_port = max_port_arg;
|
---|
1352 | int retval;
|
---|
1353 | int sock = -1;
|
---|
1354 | int flag = 1; /* non-zero to enable an option */
|
---|
1355 |
|
---|
1356 | struct sockaddr_in addr4;
|
---|
1357 | struct sockaddr_in6 addr6;
|
---|
1358 |
|
---|
1359 | int addrlen4 = sizeof(addr4);
|
---|
1360 | int addrlen6 = sizeof(addr6);
|
---|
1361 |
|
---|
1362 | struct in6_addr anyaddr = IN6ADDR_ANY_INIT;
|
---|
1363 |
|
---|
1364 | char errbuf[SH_ERRBUF_SIZE];
|
---|
1365 |
|
---|
1366 | if (min_port == -1)
|
---|
1367 | min_port = 0;
|
---|
1368 | if (max_port == -1)
|
---|
1369 | max_port = 65535;
|
---|
1370 |
|
---|
1371 | for (port = min_port; port <= max_port; ++port)
|
---|
1372 | {
|
---|
1373 | if ((sock = socket(domain, type, protocol)) < 0 )
|
---|
1374 | {
|
---|
1375 | #ifdef TEST_ONLY
|
---|
1376 | if (portchk_debug)
|
---|
1377 | perror(_("socket"));
|
---|
1378 | #else
|
---|
1379 | #ifndef EPROTONOSUPPORT
|
---|
1380 | #define EPROTONOSUPPORT 0
|
---|
1381 | #endif
|
---|
1382 | #ifndef EAFNOSUPPORT
|
---|
1383 | #define EAFNOSUPPORT 0
|
---|
1384 | #endif
|
---|
1385 | if (errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
|
---|
1386 | {
|
---|
1387 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1388 | sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
|
---|
1389 | sh_error_message(errno, errbuf, sizeof(errbuf)), _("socket"));
|
---|
1390 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1391 | }
|
---|
1392 | #endif
|
---|
1393 | continue;
|
---|
1394 | }
|
---|
1395 | if ( setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
|
---|
1396 | (void *) &flag, sizeof(flag)) < 0 )
|
---|
1397 | {
|
---|
1398 | #ifdef TEST_ONLY
|
---|
1399 | if (portchk_debug)
|
---|
1400 | perror(_("setsockopt"));
|
---|
1401 | #else
|
---|
1402 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1403 | sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
|
---|
1404 | sh_error_message(errno, errbuf, sizeof(errbuf)),_("setsockopt"));
|
---|
1405 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1406 | #endif
|
---|
1407 | continue;
|
---|
1408 | }
|
---|
1409 |
|
---|
1410 | if (domain == AF_INET)
|
---|
1411 | {
|
---|
1412 | addr4.sin_family = AF_INET;
|
---|
1413 | addr4.sin_port = htons(port);
|
---|
1414 | addr4.sin_addr.s_addr = INADDR_ANY;
|
---|
1415 | retval = bind (sock, (struct sockaddr *) &addr4, addrlen4);
|
---|
1416 | }
|
---|
1417 | else
|
---|
1418 | {
|
---|
1419 | addr6.sin6_family = AF_INET6;
|
---|
1420 | addr6.sin6_port = htons(port);
|
---|
1421 | memcpy(&(addr6.sin6_addr.s6_addr), &anyaddr, sizeof(anyaddr));
|
---|
1422 | retval = bind (sock, (struct sockaddr *) &addr6, addrlen6);
|
---|
1423 | }
|
---|
1424 |
|
---|
1425 | if (retval == 0)
|
---|
1426 | {
|
---|
1427 | /* we can bind the port, thus it is unused
|
---|
1428 | */
|
---|
1429 | sl_close_fd (FIL__, __LINE__, sock);
|
---|
1430 | }
|
---|
1431 | else
|
---|
1432 | {
|
---|
1433 | if (errno == EINVAL || errno == EADDRINUSE)
|
---|
1434 | {
|
---|
1435 | /* try to connect to the port
|
---|
1436 | */
|
---|
1437 | if (protocol == IPPROTO_TCP)
|
---|
1438 | check_port_tcp(port, domain);
|
---|
1439 | else
|
---|
1440 | check_port_udp(port, domain);
|
---|
1441 | }
|
---|
1442 | else
|
---|
1443 | {
|
---|
1444 | #ifdef TEST_ONLY
|
---|
1445 | if (portchk_debug)
|
---|
1446 | perror(_("bind"));
|
---|
1447 | #else
|
---|
1448 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1449 | sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
|
---|
1450 | sh_error_message(errno, errbuf, sizeof(errbuf)), _("bind"));
|
---|
1451 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1452 | #endif
|
---|
1453 | }
|
---|
1454 | sl_close_fd (FIL__, __LINE__, sock);
|
---|
1455 | }
|
---|
1456 | }
|
---|
1457 | return 0;
|
---|
1458 | }
|
---|
1459 |
|
---|
1460 | static int sh_portchk_scan_ports_tcp (int min_port, int max_port)
|
---|
1461 | {
|
---|
1462 | #if defined(USE_IPVX)
|
---|
1463 | sh_portchk_scan_ports_generic (min_port, max_port, AF_INET6,
|
---|
1464 | SOCK_STREAM, IPPROTO_TCP);
|
---|
1465 | #endif
|
---|
1466 | return sh_portchk_scan_ports_generic (min_port, max_port, AF_INET,
|
---|
1467 | SOCK_STREAM, IPPROTO_TCP);
|
---|
1468 | }
|
---|
1469 |
|
---|
1470 | static int sh_portchk_scan_ports_udp (int min_port, int max_port)
|
---|
1471 | {
|
---|
1472 | #if defined(USE_IPVX)
|
---|
1473 | sh_portchk_scan_ports_generic (min_port, max_port, AF_INET6,
|
---|
1474 | SOCK_DGRAM, IPPROTO_UDP);
|
---|
1475 | #endif
|
---|
1476 | return sh_portchk_scan_ports_generic (min_port, max_port, AF_INET,
|
---|
1477 | SOCK_DGRAM, IPPROTO_UDP);
|
---|
1478 | }
|
---|
1479 |
|
---|
1480 | /* Subroutine to add an interface
|
---|
1481 | */
|
---|
1482 | static void * sh_dummy_str = NULL; /* fix clobbered by.. warning */
|
---|
1483 |
|
---|
1484 | static int sh_portchk_add_interface (const char * str)
|
---|
1485 | {
|
---|
1486 | struct sh_sockaddr saddr;
|
---|
1487 | char errbuf[256];
|
---|
1488 | char buf[64];
|
---|
1489 |
|
---|
1490 | sh_dummy_str = (void*) &str;
|
---|
1491 |
|
---|
1492 | if (iface_initialized == 0)
|
---|
1493 | {
|
---|
1494 | iface_list.used = 0;
|
---|
1495 | iface_initialized = 1;
|
---|
1496 | }
|
---|
1497 |
|
---|
1498 | do {
|
---|
1499 |
|
---|
1500 | while (*str == ',' || *str == ' ' || *str == '\t') ++str;
|
---|
1501 |
|
---|
1502 | if (*str)
|
---|
1503 | {
|
---|
1504 | char ipbuf[SH_IP_BUF];
|
---|
1505 | unsigned int i = 0;
|
---|
1506 | while (*str && i < (sizeof(buf)-1) &&
|
---|
1507 | *str != ',' && *str != ' ' && *str != '\t')
|
---|
1508 | {
|
---|
1509 | buf[i] = *str; ++str; ++i;
|
---|
1510 | }
|
---|
1511 | buf[i] = '\0';
|
---|
1512 |
|
---|
1513 | if (0 == sh_ipvx_aton(buf, &saddr))
|
---|
1514 | return -1;
|
---|
1515 |
|
---|
1516 | if (iface_list.used == SH_IFACE_MAX)
|
---|
1517 | return -1;
|
---|
1518 |
|
---|
1519 | sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), &saddr);
|
---|
1520 | sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), ipbuf);
|
---|
1521 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1522 | sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN,
|
---|
1523 | errbuf, _("sh_portchk_add_interface"));
|
---|
1524 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1525 |
|
---|
1526 | memcpy (&(iface_list.iface[iface_list.used]), &(saddr), sizeof(saddr));
|
---|
1527 | ++iface_list.used;
|
---|
1528 | }
|
---|
1529 | } while (*str);
|
---|
1530 |
|
---|
1531 | return 0;
|
---|
1532 | }
|
---|
1533 |
|
---|
1534 | /* verify whether port/interface is blacklisted (do not check)
|
---|
1535 | */
|
---|
1536 | static int sh_portchk_is_blacklisted(int port, struct sh_sockaddr * saddr,
|
---|
1537 | int proto)
|
---|
1538 | {
|
---|
1539 | struct sh_port * head;
|
---|
1540 |
|
---|
1541 | if (proto == IPPROTO_TCP)
|
---|
1542 | head = blacklist_tcp;
|
---|
1543 | else
|
---|
1544 | head = blacklist_udp;
|
---|
1545 |
|
---|
1546 | while (head)
|
---|
1547 | {
|
---|
1548 | if (head->port == port)
|
---|
1549 | {
|
---|
1550 | if (sh_ipvx_isany(head->paddr) ||
|
---|
1551 | 0 == sh_ipvx_cmp(head->paddr, saddr))
|
---|
1552 | return 1;
|
---|
1553 | else
|
---|
1554 | return 0;
|
---|
1555 | }
|
---|
1556 | head = head->next;
|
---|
1557 | }
|
---|
1558 | return 0;
|
---|
1559 | }
|
---|
1560 |
|
---|
1561 |
|
---|
1562 | static int sh_portchk_blacklist(int port, struct sh_sockaddr * saddr, int proto)
|
---|
1563 | {
|
---|
1564 | struct sh_port * black;
|
---|
1565 | struct sh_port * head;
|
---|
1566 |
|
---|
1567 | if (proto == IPPROTO_TCP)
|
---|
1568 | head = blacklist_tcp;
|
---|
1569 | else
|
---|
1570 | head = blacklist_udp;
|
---|
1571 |
|
---|
1572 | black = head;
|
---|
1573 |
|
---|
1574 | while (black)
|
---|
1575 | {
|
---|
1576 | if (black->port == port &&
|
---|
1577 | 0 == sh_ipvx_cmp(head->paddr, saddr))
|
---|
1578 | return -1;
|
---|
1579 | black = black->next;
|
---|
1580 | }
|
---|
1581 |
|
---|
1582 | black = SH_ALLOC (sizeof(struct sh_port));
|
---|
1583 | black->paddr = SH_ALLOC (sizeof(struct sh_sockaddr));
|
---|
1584 | black->port = port;
|
---|
1585 | memcpy(black->paddr, saddr, sizeof(struct sh_sockaddr));
|
---|
1586 | black->next = head;
|
---|
1587 |
|
---|
1588 | if (proto == IPPROTO_TCP)
|
---|
1589 | blacklist_tcp = black;
|
---|
1590 | else
|
---|
1591 | blacklist_udp = black;
|
---|
1592 | return 0;
|
---|
1593 | }
|
---|
1594 |
|
---|
1595 |
|
---|
1596 | /* Subroutine to add a required or optional port/service
|
---|
1597 | */
|
---|
1598 | static int sh_portchk_add_required_port_generic (char * service,
|
---|
1599 | char * interface, int type)
|
---|
1600 | {
|
---|
1601 | char buf[256];
|
---|
1602 | int proto;
|
---|
1603 | char * p;
|
---|
1604 | char * endptr;
|
---|
1605 | unsigned long int port;
|
---|
1606 | struct sh_sockaddr saddr;
|
---|
1607 | struct sh_portentry * portent;
|
---|
1608 |
|
---|
1609 | if (0 == sh_ipvx_aton(interface, &saddr))
|
---|
1610 | return -1;
|
---|
1611 |
|
---|
1612 | sl_strlcpy (buf, service, sizeof(buf));
|
---|
1613 |
|
---|
1614 | p = strchr(buf, '/');
|
---|
1615 | if (!p)
|
---|
1616 | return -1;
|
---|
1617 | if (0 == strcmp(p, _("/tcp")))
|
---|
1618 | proto = IPPROTO_TCP;
|
---|
1619 | else if (0 == strcmp(p, _("/udp")))
|
---|
1620 | proto = IPPROTO_UDP;
|
---|
1621 | else
|
---|
1622 | return -1;
|
---|
1623 |
|
---|
1624 | *p = '\0';
|
---|
1625 | port = strtoul(buf, &endptr, 0);
|
---|
1626 |
|
---|
1627 | /* Blacklisted ports
|
---|
1628 | */
|
---|
1629 | if (*endptr == '\0' && port <= 65535 && type == SH_PORT_BLACKLIST)
|
---|
1630 | return (sh_portchk_blacklist(port, &saddr, proto));
|
---|
1631 |
|
---|
1632 | if (*endptr != '\0')
|
---|
1633 | {
|
---|
1634 | portent = sh_portchk_get_from_list (proto, -1, &saddr, buf);
|
---|
1635 | if (!portent)
|
---|
1636 | sh_portchk_add_to_list (proto, -1, &saddr, buf, type, SH_PORT_UNKN);
|
---|
1637 | else
|
---|
1638 | {
|
---|
1639 | #ifdef TEST_ONLY
|
---|
1640 | fprintf(stderr, "** WARNING: duplicate port definition %s/%s\n", buf, SH_PROTO_STR(proto));
|
---|
1641 | #else
|
---|
1642 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1643 | sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN,
|
---|
1644 | _("duplicate port definition"), _("sh_portchk_add_required_port_generic"));
|
---|
1645 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1646 | #endif
|
---|
1647 | return -1;
|
---|
1648 | }
|
---|
1649 | }
|
---|
1650 | else if (port <= 65535)
|
---|
1651 | {
|
---|
1652 | portent = sh_portchk_get_from_list (proto, port, &saddr, NULL);
|
---|
1653 | if (!portent)
|
---|
1654 | sh_portchk_add_to_list (proto, port, &saddr, NULL, type, SH_PORT_UNKN);
|
---|
1655 | else
|
---|
1656 | {
|
---|
1657 | #ifdef TEST_ONLY
|
---|
1658 | fprintf(stderr, "** WARNING: duplicate port definition %lu/%s\n", port, SH_PROTO_STR(proto));
|
---|
1659 | #else
|
---|
1660 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1661 | sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN,
|
---|
1662 | _("duplicate port definition"), _("sh_portchk_add_required_port_generic"));
|
---|
1663 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1664 | #endif
|
---|
1665 | return -1;
|
---|
1666 | }
|
---|
1667 | }
|
---|
1668 | else
|
---|
1669 | return -1;
|
---|
1670 |
|
---|
1671 | return 0;
|
---|
1672 | }
|
---|
1673 |
|
---|
1674 | /* Internal interface to add required or optional ports as 'iface:portlist'
|
---|
1675 | */
|
---|
1676 | static int sh_portchk_add_required_generic (const char * str, int type)
|
---|
1677 | {
|
---|
1678 | size_t len;
|
---|
1679 | size_t ll = 0;
|
---|
1680 | int status;
|
---|
1681 |
|
---|
1682 | char * interface = NULL;
|
---|
1683 | char * list;
|
---|
1684 | char * p;
|
---|
1685 | #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
|
---|
1686 | char * saveptr;
|
---|
1687 | #endif
|
---|
1688 |
|
---|
1689 | if (!str)
|
---|
1690 | return -1;
|
---|
1691 |
|
---|
1692 | if (strchr(str, ':'))
|
---|
1693 | {
|
---|
1694 | len = strlen(str);
|
---|
1695 | for (ll = 0; ll < len; ++ll)
|
---|
1696 | {
|
---|
1697 | if (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t')
|
---|
1698 | {
|
---|
1699 | interface = SH_ALLOC(ll+1);
|
---|
1700 | sl_strlcpy(interface, str, ll+1);
|
---|
1701 | interface[ll] = '\0';
|
---|
1702 | while (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t')
|
---|
1703 | ++ll;
|
---|
1704 | break;
|
---|
1705 | }
|
---|
1706 | }
|
---|
1707 | }
|
---|
1708 | else
|
---|
1709 | {
|
---|
1710 | interface = SH_ALLOC(8);
|
---|
1711 | sl_strlcpy(interface, _("0.0.0.0"), 8);
|
---|
1712 | interface[7] = '\0';
|
---|
1713 | while (str[ll] == ' ' || str[ll] == '\t')
|
---|
1714 | ++ll;
|
---|
1715 | }
|
---|
1716 |
|
---|
1717 | if (!interface)
|
---|
1718 | return -1;
|
---|
1719 |
|
---|
1720 | if (str[ll] == '\0')
|
---|
1721 | {
|
---|
1722 | SH_FREE(interface);
|
---|
1723 | return -1;
|
---|
1724 | }
|
---|
1725 |
|
---|
1726 | if (portchk_debug)
|
---|
1727 | fprintf(stderr, "add ports for interface: %s\n", interface);
|
---|
1728 |
|
---|
1729 | list = sh_util_strdup(&str[ll]);
|
---|
1730 | #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
|
---|
1731 | p = strtok_r (list, " ,\t", &saveptr);
|
---|
1732 | #else
|
---|
1733 | p = strtok (list, " ,\t");
|
---|
1734 | #endif
|
---|
1735 | if (!p)
|
---|
1736 | {
|
---|
1737 | SH_FREE(interface);
|
---|
1738 | SH_FREE(list);
|
---|
1739 | return -1;
|
---|
1740 | }
|
---|
1741 | while (p)
|
---|
1742 | {
|
---|
1743 | status = sh_portchk_add_required_port_generic (p, interface, type);
|
---|
1744 |
|
---|
1745 | if (-1 == status)
|
---|
1746 | {
|
---|
1747 | SH_FREE(interface);
|
---|
1748 | SH_FREE(list);
|
---|
1749 | return -1;
|
---|
1750 | }
|
---|
1751 | #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
|
---|
1752 | p = strtok_r (NULL, " ,\t", &saveptr);
|
---|
1753 | #else
|
---|
1754 | p = strtok (NULL, " ,\t");
|
---|
1755 | #endif
|
---|
1756 | }
|
---|
1757 | SH_FREE(interface);
|
---|
1758 | SH_FREE(list);
|
---|
1759 | return 0;
|
---|
1760 | }
|
---|
1761 |
|
---|
1762 | /* User interface to add required ports as 'iface:portlist'
|
---|
1763 | */
|
---|
1764 | static int sh_portchk_add_required (const char * str)
|
---|
1765 | {
|
---|
1766 | return sh_portchk_add_required_generic (str, SH_PORT_REQ);
|
---|
1767 | }
|
---|
1768 |
|
---|
1769 | /* User interface to add optional ports as 'iface:portlist'
|
---|
1770 | */
|
---|
1771 | static int sh_portchk_add_optional (const char * str)
|
---|
1772 | {
|
---|
1773 | return sh_portchk_add_required_generic (str, SH_PORT_OPT);
|
---|
1774 | }
|
---|
1775 |
|
---|
1776 | /* User interface to add ignoreable ports as 'iface:portlist'
|
---|
1777 | */
|
---|
1778 | static int sh_portchk_add_ignore (const char * str)
|
---|
1779 | {
|
---|
1780 | return sh_portchk_add_required_generic (str, SH_PORT_IGN);
|
---|
1781 | }
|
---|
1782 |
|
---|
1783 | /* User interface to add ports that should not be checked as 'iface:portlist'
|
---|
1784 | */
|
---|
1785 | static int sh_portchk_add_blacklist (const char * str)
|
---|
1786 | {
|
---|
1787 | return sh_portchk_add_required_generic (str, SH_PORT_BLACKLIST);
|
---|
1788 | }
|
---|
1789 |
|
---|
1790 | /* Interface to run port check
|
---|
1791 | */
|
---|
1792 | int sh_portchk_check ()
|
---|
1793 | {
|
---|
1794 | volatile int min_port;
|
---|
1795 | static int noprivports = 0;
|
---|
1796 |
|
---|
1797 | SH_MUTEX_LOCK(mutex_port_check);
|
---|
1798 |
|
---|
1799 | min_port = (sh_portchk_minport == -1) ? 0 : sh_portchk_minport;
|
---|
1800 |
|
---|
1801 | if (sh_portchk_active != S_FALSE)
|
---|
1802 | {
|
---|
1803 | sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN,
|
---|
1804 | _("Checking for open ports"),
|
---|
1805 | _("sh_portchk_check"));
|
---|
1806 |
|
---|
1807 | sh_portchk_reset_lists();
|
---|
1808 | if ((0 != geteuid()) && (min_port < 1024))
|
---|
1809 | {
|
---|
1810 | min_port = 1024;
|
---|
1811 | if (noprivports == 0)
|
---|
1812 | {
|
---|
1813 | #ifdef TEST_ONLY
|
---|
1814 | fprintf(stderr, "** WARNING not scanning ports < 1024\n");
|
---|
1815 | #else
|
---|
1816 | SH_MUTEX_LOCK(mutex_thread_nolog);
|
---|
1817 | sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN,
|
---|
1818 | _("not scanning ports below 1024"),
|
---|
1819 | _("sh_portchk_check"));
|
---|
1820 | SH_MUTEX_UNLOCK(mutex_thread_nolog);
|
---|
1821 | #endif
|
---|
1822 | noprivports = 1;
|
---|
1823 | }
|
---|
1824 | }
|
---|
1825 |
|
---|
1826 | sh_port2proc_prepare();
|
---|
1827 |
|
---|
1828 | if (sh_portchk_check_udp == 1)
|
---|
1829 | sh_portchk_scan_ports_udp(min_port, sh_portchk_maxport);
|
---|
1830 | sh_portchk_scan_ports_tcp(min_port, sh_portchk_maxport);
|
---|
1831 |
|
---|
1832 |
|
---|
1833 | sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_REPORT);
|
---|
1834 | if (sh_portchk_check_udp == 1)
|
---|
1835 | sh_portchk_check_list (&portlist_udp, IPPROTO_UDP, SH_PORT_REPORT);
|
---|
1836 |
|
---|
1837 | }
|
---|
1838 | SH_MUTEX_UNLOCK(mutex_port_check);
|
---|
1839 | return 0;
|
---|
1840 | }
|
---|
1841 | #endif
|
---|
1842 |
|
---|
1843 | #ifdef SH_CUTEST
|
---|
1844 | #include "CuTest.h"
|
---|
1845 |
|
---|
1846 | void Test_portcheck_lists (CuTest *tc)
|
---|
1847 | {
|
---|
1848 | #if defined(SH_USE_PORTCHECK) && (defined(SH_WITH_CLIENT) || defined(SH_STANDALONE))
|
---|
1849 | struct sh_sockaddr haddr_local;
|
---|
1850 | struct sh_portentry * portent;
|
---|
1851 | char buf[256];
|
---|
1852 | char * p;
|
---|
1853 |
|
---|
1854 | #ifdef HAVE_RPC_RPC_H
|
---|
1855 | p = sh_getrpcbynumber(0, buf, sizeof(buf));
|
---|
1856 | CuAssertTrue(tc, p == NULL);
|
---|
1857 |
|
---|
1858 | p = sh_getrpcbynumber(100000, buf, sizeof(buf));
|
---|
1859 | CuAssertPtrNotNull(tc, p);
|
---|
1860 | CuAssertTrue(tc, (0 == strcmp(p, "portmapper") || 0 == strcmp(p, "rpcbind")));
|
---|
1861 | CuAssertTrue(tc, (0 == strcmp(buf, "portmapper") || 0 == strcmp(p, "rpcbind")));
|
---|
1862 |
|
---|
1863 | p = sh_getrpcbynumber(100007, buf, sizeof(buf));
|
---|
1864 | CuAssertPtrNotNull(tc, p);
|
---|
1865 | CuAssertTrue(tc, 0 == strcmp(p, "ypbind"));
|
---|
1866 | CuAssertTrue(tc, 0 == strcmp(buf, "ypbind"));
|
---|
1867 | #endif
|
---|
1868 |
|
---|
1869 | p = sh_getservbyport(0, SH_PROTO_STR(IPPROTO_UDP), buf, sizeof(buf));
|
---|
1870 | CuAssertTrue(tc, p == NULL);
|
---|
1871 |
|
---|
1872 | #if !defined(HOST_IS_CYGWIN)
|
---|
1873 | p = sh_getservbyport(22, SH_PROTO_STR(IPPROTO_TCP), buf, sizeof(buf));
|
---|
1874 | CuAssertPtrNotNull(tc, p);
|
---|
1875 | CuAssertTrue(tc, 0 == strcmp(p, "ssh"));
|
---|
1876 | CuAssertTrue(tc, 0 == strcmp(buf, "ssh"));
|
---|
1877 | #endif
|
---|
1878 |
|
---|
1879 | p = sh_getservbyport(13, SH_PROTO_STR(IPPROTO_UDP), buf, sizeof(buf));
|
---|
1880 | CuAssertPtrNotNull(tc, p);
|
---|
1881 | CuAssertTrue(tc, 0 == strcmp(p, "daytime"));
|
---|
1882 | CuAssertTrue(tc, 0 == strcmp(buf, "daytime"));
|
---|
1883 |
|
---|
1884 | CuAssertTrue(tc, 0 != sh_ipvx_aton("127.0.0.1", &haddr_local));
|
---|
1885 |
|
---|
1886 | sh_portchk_add_to_list (IPPROTO_TCP, 8000, &haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN);
|
---|
1887 |
|
---|
1888 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, NULL);
|
---|
1889 | CuAssertPtrNotNull(tc, portent);
|
---|
1890 |
|
---|
1891 | CuAssertTrue(tc, portent->port == 8000);
|
---|
1892 | CuAssertTrue(tc, 0 == strcmp("127.0.0.1", portent->interface));
|
---|
1893 | CuAssertTrue(tc, portent->status == SH_PORT_UNKN);
|
---|
1894 | CuAssertTrue(tc, portent->flag == SH_PORT_NOT);
|
---|
1895 |
|
---|
1896 | sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_NOREPT);
|
---|
1897 |
|
---|
1898 | CuAssertTrue(tc, NULL == portlist_tcp);
|
---|
1899 |
|
---|
1900 | sh_portchk_add_to_list (IPPROTO_TCP, 8000, &haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN);
|
---|
1901 | sh_portchk_add_to_list (IPPROTO_TCP, 8001, &haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN);
|
---|
1902 | sh_portchk_add_to_list (IPPROTO_TCP, 8002, &haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN);
|
---|
1903 | sh_portchk_add_to_list (IPPROTO_TCP, 8003, &haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN);
|
---|
1904 | sh_portchk_add_to_list (IPPROTO_TCP, 8004, &haddr_local, NULL, SH_PORT_IGN, SH_PORT_UNKN);
|
---|
1905 | sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo1", SH_PORT_NOT, SH_PORT_UNKN);
|
---|
1906 | sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo2", SH_PORT_REQ, SH_PORT_UNKN);
|
---|
1907 | sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo3", SH_PORT_NOT, SH_PORT_UNKN);
|
---|
1908 | sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo4", SH_PORT_REQ, SH_PORT_UNKN);
|
---|
1909 | sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo5", SH_PORT_IGN, SH_PORT_UNKN);
|
---|
1910 |
|
---|
1911 | sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_NOREPT);
|
---|
1912 |
|
---|
1913 | CuAssertPtrNotNull(tc, portlist_tcp);
|
---|
1914 |
|
---|
1915 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, NULL);
|
---|
1916 | CuAssertPtrNotNull(tc, portent);
|
---|
1917 |
|
---|
1918 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8001, &haddr_local, NULL);
|
---|
1919 | CuAssertTrue(tc, NULL == portent);
|
---|
1920 |
|
---|
1921 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8002, &haddr_local, NULL);
|
---|
1922 | CuAssertPtrNotNull(tc, portent);
|
---|
1923 |
|
---|
1924 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8003, &haddr_local, NULL);
|
---|
1925 | CuAssertTrue(tc, NULL == portent);
|
---|
1926 |
|
---|
1927 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8004, &haddr_local, NULL);
|
---|
1928 | CuAssertPtrNotNull(tc, portent);
|
---|
1929 |
|
---|
1930 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo1");
|
---|
1931 | CuAssertTrue(tc, NULL == portent);
|
---|
1932 |
|
---|
1933 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo2");
|
---|
1934 | CuAssertPtrNotNull(tc, portent);
|
---|
1935 | CuAssertTrue(tc, 0 == strcmp(portent->service, "foo2"));
|
---|
1936 |
|
---|
1937 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo3");
|
---|
1938 | CuAssertTrue(tc, NULL == portent);
|
---|
1939 |
|
---|
1940 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo4");
|
---|
1941 | CuAssertPtrNotNull(tc, portent);
|
---|
1942 | CuAssertTrue(tc, 0 == strcmp(portent->service, "foo4"));
|
---|
1943 |
|
---|
1944 | portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo5");
|
---|
1945 | CuAssertPtrNotNull(tc, portent);
|
---|
1946 | CuAssertTrue(tc, 0 == strcmp(portent->service, "foo5"));
|
---|
1947 |
|
---|
1948 | CuAssertTrue(tc, 0 == sh_portchk_blacklist(666, &haddr_local, IPPROTO_TCP));
|
---|
1949 | CuAssertTrue(tc, 0 != sh_portchk_blacklist(666, &haddr_local, IPPROTO_TCP));
|
---|
1950 | CuAssertTrue(tc, 0 == sh_portchk_blacklist(667, &haddr_local, IPPROTO_TCP));
|
---|
1951 | CuAssertTrue(tc, 0 == sh_portchk_blacklist(668, &haddr_local, IPPROTO_TCP));
|
---|
1952 | CuAssertTrue(tc, 0 == sh_portchk_blacklist(666, &haddr_local, IPPROTO_UDP));
|
---|
1953 | CuAssertTrue(tc, 0 != sh_portchk_blacklist(666, &haddr_local, IPPROTO_UDP));
|
---|
1954 | CuAssertTrue(tc, 0 == sh_portchk_blacklist(667, &haddr_local, IPPROTO_UDP));
|
---|
1955 | CuAssertTrue(tc, 0 == sh_portchk_blacklist(668, &haddr_local, IPPROTO_UDP));
|
---|
1956 |
|
---|
1957 | CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(668, &haddr_local, IPPROTO_UDP));
|
---|
1958 | CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(667, &haddr_local, IPPROTO_UDP));
|
---|
1959 | CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(666, &haddr_local, IPPROTO_UDP));
|
---|
1960 | CuAssertTrue(tc, 0 == sh_portchk_is_blacklisted(665, &haddr_local, IPPROTO_UDP));
|
---|
1961 |
|
---|
1962 | CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(668, &haddr_local, IPPROTO_TCP));
|
---|
1963 | CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(667, &haddr_local, IPPROTO_TCP));
|
---|
1964 | CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(666, &haddr_local, IPPROTO_TCP));
|
---|
1965 | CuAssertTrue(tc, 0 == sh_portchk_is_blacklisted(665, &haddr_local, IPPROTO_TCP));
|
---|
1966 | #else
|
---|
1967 | (void) tc; /* fix compiler warning */
|
---|
1968 | #endif
|
---|
1969 | return;
|
---|
1970 | }
|
---|
1971 | #endif
|
---|
1972 |
|
---|
1973 | #ifdef TEST_ONLY
|
---|
1974 |
|
---|
1975 | void usage (char * pname)
|
---|
1976 | {
|
---|
1977 | printf ("%s [-r|--required interface:portlist][-o|--optional interface:portlist][--no-udp][-d|--debug] hostname\n\n", pname);
|
---|
1978 | printf (" Check local host for open ports; Version %s\n\n", PORTCHK_VERSION);
|
---|
1979 | printf (" Interface: Numeric address for an interface, e.g. 127.0.0.1\n");
|
---|
1980 | printf (" Portlist: List of ports or services, e.g. 22/tcp,nfs/udp,nlockmgr/udp\n");
|
---|
1981 | printf (" required -> must be open\n");
|
---|
1982 | printf (" optional -> may be open or closed\n");
|
---|
1983 | printf (" RPC services must be specified with service **name**, others with **port number**\n\n");
|
---|
1984 | printf (" Example:\n");
|
---|
1985 | printf (" %s --required 192.168.1.2:22/tcp,nfs/udp,nlockmgr/udp\n\n", pname);
|
---|
1986 | return;
|
---|
1987 | }
|
---|
1988 |
|
---|
1989 | int main(int argc, char *argv[])
|
---|
1990 | {
|
---|
1991 | char * pname = argv[0];
|
---|
1992 |
|
---|
1993 |
|
---|
1994 | /*
|
---|
1995 | test_lists();
|
---|
1996 |
|
---|
1997 | portlist_tcp = sh_portchk_kill_list (portlist_tcp);
|
---|
1998 | portlist_udp = sh_portchk_kill_list (portlist_udp);
|
---|
1999 | */
|
---|
2000 |
|
---|
2001 | /* sh_portchk_add_required ("127.0.0.1 : nlockmgr/tcp, 5308/tcp, nfs/tcp"); */
|
---|
2002 |
|
---|
2003 | while (argc > 1 && argv[1][0] == '-')
|
---|
2004 | {
|
---|
2005 | if (0 == strcmp(argv[1], "--help") || 0 == strcmp(argv[1], "-h"))
|
---|
2006 | {
|
---|
2007 | usage(pname);
|
---|
2008 | exit (0);
|
---|
2009 | }
|
---|
2010 | else if (0 == strcmp(argv[1], "--required") || 0 == strcmp(argv[1], "-r"))
|
---|
2011 | {
|
---|
2012 | if (argc < 3)
|
---|
2013 | {
|
---|
2014 | usage(pname);
|
---|
2015 | exit (1);
|
---|
2016 | }
|
---|
2017 | sh_portchk_add_required (argv[2]);
|
---|
2018 | --argc; ++argv;
|
---|
2019 | }
|
---|
2020 | else if (0 == strcmp(argv[1], "--optional") || 0 == strcmp(argv[1], "-o"))
|
---|
2021 | {
|
---|
2022 | if (argc < 3)
|
---|
2023 | {
|
---|
2024 | usage(pname);
|
---|
2025 | exit (1);
|
---|
2026 | }
|
---|
2027 | sh_portchk_add_optional (argv[2]);
|
---|
2028 | --argc; ++argv;
|
---|
2029 | }
|
---|
2030 | else if (0 == strcmp(argv[1], "--no-udp"))
|
---|
2031 | {
|
---|
2032 | sh_portchk_check_udp = 0;
|
---|
2033 | }
|
---|
2034 | else if (0 == strcmp(argv[1], "--debug") || 0 == strcmp(argv[1], "-d"))
|
---|
2035 | {
|
---|
2036 | portchk_debug = 1;
|
---|
2037 | }
|
---|
2038 | else
|
---|
2039 | {
|
---|
2040 | usage(pname);
|
---|
2041 | exit (1);
|
---|
2042 | }
|
---|
2043 | --argc; ++argv;
|
---|
2044 | }
|
---|
2045 |
|
---|
2046 | if (argc < 2)
|
---|
2047 | {
|
---|
2048 | usage(pname);
|
---|
2049 | exit (1);
|
---|
2050 | }
|
---|
2051 |
|
---|
2052 | portchk_hostname = argv[1];
|
---|
2053 |
|
---|
2054 | if (0 != sh_portchk_init ())
|
---|
2055 | {
|
---|
2056 | usage(pname);
|
---|
2057 | exit (1);
|
---|
2058 | }
|
---|
2059 |
|
---|
2060 | sh_portchk_check();
|
---|
2061 |
|
---|
2062 | return 0;
|
---|
2063 | }
|
---|
2064 | #endif
|
---|