source: trunk/src/sh_portcheck.c@ 377

Last change on this file since 377 was 376, checked in by katerina, 13 years ago

Fix some repetitive error messages.

  • Property svn:executable set to *
File size: 51.8 KB
Line 
1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 2006 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20/***************************************************************************
21 *
22 * This file provides a module for samhain to check for open ports
23 * on the local machine.
24 *
25 */
26
27
28/* #define TEST_ONLY */
29#ifndef TEST_ONLY
30#include "config_xor.h"
31#endif
32
33#include <stdio.h>
34#include <string.h>
35#include <sys/types.h>
36#include <sys/socket.h>
37#include <netinet/in.h>
38#include <arpa/inet.h>
39#include <errno.h>
40#include <unistd.h>
41#include <fcntl.h>
42
43#define PORTCHK_VERSION "1.0"
44
45#if defined(TEST_ONLY) || (defined(SH_USE_PORTCHECK) && (defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)))
46
47
48#define PORTMAP
49#ifdef HAVE_RPC_RPC_H
50#include <rpc/rpc.h>
51#ifdef HAVE_RPC_RPCENT_H
52#include <rpc/rpcent.h>
53#endif
54#include <rpc/pmap_clnt.h>
55#include <rpc/pmap_prot.h>
56#endif
57#include <netdb.h>
58
59/*
60 * struct pmaplist {
61 * struct pmap pml_map;
62 * struct pmaplist *pml_next;
63 * };
64 */
65
66/* struct pmap {
67 * long unsigned pm_prog;
68 * long unsigned pm_vers;
69 * long unsigned pm_prot;
70 * long unsigned pm_port;
71 * };
72 */
73
74/* TIME_WAIT ? 60-240 seconds */
75
76#if !defined(TEST_ONLY)
77
78#define FIL__ _("sh_portcheck.c")
79#include "samhain.h"
80#include "sh_error.h"
81#include "sh_mem.h"
82#include "sh_calls.h"
83#include "sh_utils.h"
84#include "sh_modules.h"
85#define SH_NEED_GETHOSTBYXXX
86#include "sh_static.h"
87#include "sh_pthread.h"
88#include "sh_ipvx.h"
89
90/* the size of an interface string
91 */
92#define SH_INTERFACE_SIZE SH_IP_BUF
93
94#define SH_PORT_NOT 0
95#define SH_PORT_REQ 1
96#define SH_PORT_OPT 2
97#define SH_PORT_IGN 3
98#define SH_PORT_BLACKLIST 4
99
100#define SH_PORT_MISS 0
101#define SH_PORT_ISOK 1
102#define SH_PORT_UNKN 2
103
104#define SH_PORT_NOREPT 0
105#define SH_PORT_REPORT 1
106
107#define SH_PROTO_TCP 0
108#define SH_PROTO_UDP 1
109#define SH_PROTO_STR(a) (((a) == IPPROTO_TCP) ? _("tcp") : _("udp"))
110
111struct sh_portentry {
112 int port;
113 char interface[SH_INTERFACE_SIZE];
114 char * service;
115 char * error;
116 int flag; /* required or not */
117 int status; /* missing or not */
118 struct sh_portentry * next;
119};
120
121static struct sh_portentry * portlist_tcp = NULL;
122static struct sh_portentry * portlist_udp = NULL;
123
124
125#define SH_PORTCHK_INTERVAL 300
126
127static int sh_portchk_check_udp = 1;
128static int sh_portchk_active = 1;
129static int sh_portchk_interval = SH_PORTCHK_INTERVAL;
130
131static int sh_portchk_minport = -1;
132static int sh_portchk_maxport = -1;
133
134struct sh_port {
135 int port;
136 struct sh_sockaddr * paddr;
137 struct sh_port * next;
138};
139
140static struct sh_port * blacklist_tcp = NULL;
141static struct sh_port * blacklist_udp = NULL;
142
143SH_MUTEX_STATIC(mutex_port_check, PTHREAD_MUTEX_INITIALIZER);
144
145static int sh_portchk_severity = SH_ERR_SEVERE;
146
147extern char * sh_port2proc_query(int proto, struct sh_sockaddr * saddr, int sport,
148 unsigned long * pid, char * user, size_t userlen);
149extern int sh_port2proc_prepare();
150extern void sh_port2proc_finish();
151
152#endif
153
154/* Exported interface to add ignoreable ports as 'iface:portlist'
155 */
156static int sh_portchk_add_ignore (const char * str);
157
158/* Exported interface to add required ports as 'iface:portlist'
159 */
160static int sh_portchk_add_required (const char * str);
161
162/* Exported interface to add optional ports as 'iface:portlist'
163 */
164static int sh_portchk_add_optional (const char * str);
165
166/* Exported interface to add blacklisted ports as 'iface:portlist'
167 */
168static int sh_portchk_add_blacklist (const char * str);
169
170/* Exported interface to add an ethernet interface
171 */
172static int sh_portchk_add_interface (const char * str);
173
174/* verify whether port/interface is blacklisted (do not check)
175 */
176static int sh_portchk_is_blacklisted(int port, struct sh_sockaddr * haddr, int proto);
177
178#ifndef TEST_ONLY
179
180static int sh_portchk_set_interval (const char * c)
181{
182 int retval = 0;
183 long val;
184
185 SL_ENTER(_("sh_portchk_set_interval"));
186 val = strtol (c, (char **)NULL, 10);
187 if (val <= 0)
188 {
189 SH_MUTEX_LOCK(mutex_thread_nolog);
190 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS,
191 _("port check interval"), c);
192 SH_MUTEX_UNLOCK(mutex_thread_nolog);
193 retval = -1;
194 }
195 else
196 {
197 sh_portchk_interval = (time_t) val;
198 }
199 SL_RETURN(retval, _("sh_portchk_set_interval"));
200}
201
202static int sh_portchk_set_port_minmax (const char * c, int * setthis)
203{
204 int retval = 0;
205 long val;
206
207 SL_ENTER(_("sh_portchk_set_port_minmax"));
208 val = strtol (c, (char **)NULL, 10);
209 if (val < 0 || val > 65535)
210 {
211 SH_MUTEX_LOCK(mutex_thread_nolog);
212 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS,
213 _("port check port minmax"), c);
214 SH_MUTEX_UNLOCK(mutex_thread_nolog);
215 retval = -1;
216 }
217 else
218 {
219 *setthis = (int) val;
220 }
221 SL_RETURN(retval, _("sh_portchk_set_port_minmax"));
222}
223
224
225static int sh_portchk_set_minport (const char * str)
226{
227 return sh_portchk_set_port_minmax (str, &sh_portchk_minport);
228}
229
230static int sh_portchk_set_maxport (const char * str)
231{
232 return sh_portchk_set_port_minmax (str, &sh_portchk_maxport);
233}
234
235static int sh_portchk_set_active (const char * str)
236{
237 return sh_util_flagval(str, &sh_portchk_active);
238}
239
240static int sh_portchk_set_udp (const char * str)
241{
242 return sh_util_flagval(str, &sh_portchk_check_udp);
243}
244
245static int sh_portchk_set_severity (const char * str)
246{
247 char tmp[32];
248 tmp[0] = '='; tmp[1] = '\0';
249 sl_strlcat (tmp, str, 32);
250 return sh_error_set_level (tmp, &sh_portchk_severity);
251}
252
253sh_rconf sh_portchk_table[] = {
254 {
255 N_("severityportcheck"),
256 sh_portchk_set_severity,
257 },
258 {
259 N_("portcheckrequired"),
260 sh_portchk_add_required,
261 },
262 {
263 N_("portcheckoptional"),
264 sh_portchk_add_optional,
265 },
266 {
267 N_("portcheckignore"),
268 sh_portchk_add_ignore,
269 },
270 {
271 N_("portcheckskip"),
272 sh_portchk_add_blacklist,
273 },
274 {
275 N_("portcheckactive"),
276 sh_portchk_set_active,
277 },
278 {
279 N_("portcheckinterface"),
280 sh_portchk_add_interface,
281 },
282 {
283 N_("portcheckinterval"),
284 sh_portchk_set_interval,
285 },
286 {
287 N_("portcheckminport"),
288 sh_portchk_set_minport,
289 },
290 {
291 N_("portcheckmaxport"),
292 sh_portchk_set_maxport,
293 },
294 {
295 N_("portcheckudp"),
296 sh_portchk_set_udp,
297 },
298 {
299 NULL,
300 NULL
301 }
302};
303
304#endif
305
306/* Interface to initialize port check
307 */
308int sh_portchk_init (struct mod_type * arg);
309
310/* Interface to reset port check
311 */
312int sh_portchk_reset (void);
313
314/* Interface to run port check
315 */
316int sh_portchk_check (void);
317
318
319static char * check_services (int port, int proto);
320
321#ifdef TEST_ONLY
322
323static int portchk_debug = 0;
324#define SH_ALLOC malloc
325#define SH_FREE free
326#define sh_util_strdup strdup
327#define sl_strlcpy strncpy
328#define _(a) a
329
330#else
331
332static int portchk_debug = 0;
333
334#endif
335
336#ifdef HAVE_RPC_RPC_H
337static char * sh_getrpcbynumber (int number, char * buf, size_t len)
338{
339 FILE * fp;
340
341 if (NULL != (fp = fopen(_("/etc/rpc"), "r")))
342 {
343 sh_string * s = sh_string_new(0);
344 while (0 < sh_string_read(s, fp, 1024))
345 {
346 char * p = sh_string_str(s);
347 while (*p && (*p == ' ' || *p == '\t')) ++p; /* skip whitespace */
348 if (*p == '\0' || *p == '#')
349 continue; /* skip comment */
350 else
351 {
352 size_t lengths[3];
353 unsigned int fields = 3;
354 char * q = sh_string_str(s);
355 char ** splits = split_array_ws(q, &fields, lengths);
356
357 if (fields >= 2)
358 {
359 int n = atoi(splits[1]);
360 if (n == number)
361 {
362 sl_strlcpy(buf, splits[0], len);
363 SH_FREE(splits);
364 sh_string_destroy(&s);
365 sl_fclose(FIL__, __LINE__, fp);
366 return buf;
367 }
368 }
369 SH_FREE(splits);
370 }
371 }
372 sh_string_destroy(&s);
373 sl_fclose(FIL__, __LINE__, fp);
374 }
375 return NULL;
376}
377#endif
378
379static char * sh_getservbyport (int port, const char * proto_in, char * buf, size_t len)
380{
381 FILE * fp;
382 char proto[8];
383
384 sl_strlcpy(proto, proto_in, sizeof(proto));
385
386 if (NULL != (fp = fopen(_("/etc/services"), "r")))
387 {
388 sh_string * s = sh_string_new(0);
389 while (0 < sh_string_read(s, fp, 1024))
390 {
391 char * p = sh_string_str(s);
392 while (*p && (*p == ' ' || *p == '\t')) ++p; /* skip whitespace */
393 if (*p == '\0' || *p == '#')
394 continue; /* skip comment */
395 else
396 {
397 size_t lengths[3];
398 unsigned int fields = 3;
399 char * q = sh_string_str(s);
400 char ** splits = split_array_ws(q, &fields, lengths);
401
402 if (fields >= 2)
403 {
404 char * end;
405 long n = strtol(splits[1], &end, 10);
406 if (n == port && end && (*end == '/' || *end == ','))
407 {
408 ++end;
409 if (0 == strcmp(end, proto))
410 {
411 sl_strlcpy(buf, splits[0], len);
412 SH_FREE(splits);
413 sh_string_destroy(&s);
414 sl_fclose(FIL__, __LINE__, fp);
415 return buf;
416 }
417 }
418 }
419 SH_FREE(splits);
420 }
421 }
422 sh_string_destroy(&s);
423 sl_fclose(FIL__, __LINE__, fp);
424 }
425 return NULL;
426}
427
428static void sh_portchk_add_to_list (int proto,
429 int port, struct sh_sockaddr * paddr,
430 char * service,
431 int flag, int status)
432{
433 struct sh_portentry * new = SH_ALLOC (sizeof(struct sh_portentry));
434
435 if (portchk_debug)
436 fprintf(stderr, _("add to list: port %d/%s %d %d (%s)\n"),
437 port, SH_PROTO_STR(proto), flag, status, service ? service : _("undef"));
438
439 new->port = port;
440 sh_ipvx_ntoa(new->interface, SH_INTERFACE_SIZE, paddr);
441 new->status = status;
442 new->flag = flag;
443
444 new->error = NULL;
445
446 if (service)
447 new->service = sh_util_strdup (service);
448 else
449 new->service = NULL;
450 if (proto == IPPROTO_TCP)
451 {
452 new->next = portlist_tcp;
453 portlist_tcp = new;
454 }
455 else
456 {
457 new->next = portlist_udp;
458 portlist_udp = new;
459 }
460 return;
461}
462
463/* Reset the list by setting all entries to UNKN.
464 * In the next cycle we will check, and set found ports to ISOK.
465 * Thereafter, we check for entries that are still UNKN.
466 */
467static void sh_portchk_reset_lists (void)
468{
469 struct sh_portentry * portlist;
470
471 portlist = portlist_tcp;
472 while (portlist)
473 {
474 if (portlist->status != SH_PORT_MISS)
475 portlist->status = SH_PORT_UNKN;
476 portlist = portlist->next;
477 }
478 portlist = portlist_udp;
479 while (portlist)
480 {
481 if (portlist->status != SH_PORT_MISS)
482 portlist->status = SH_PORT_UNKN;
483 portlist = portlist->next;
484 }
485 return;
486}
487
488static struct sh_portentry * sh_portchk_kill_list (struct sh_portentry * head)
489{
490 if (head)
491 {
492 if (head->next)
493 sh_portchk_kill_list (head->next);
494
495 if (head->service)
496 SH_FREE(head->service);
497 SH_FREE(head);
498 }
499 return NULL;
500}
501
502static struct sh_port * sh_portchk_kill_blacklist (struct sh_port * head)
503{
504 if (head)
505 {
506 if (head->next)
507 sh_portchk_kill_blacklist (head->next);
508
509 SH_FREE(head->paddr);
510 SH_FREE(head);
511 }
512 return NULL;
513}
514
515/* These variables are not used anywhere. They only exist
516 * to assign &pre, &ptr to them, which keeps gcc from
517 * putting it into a register, and avoids the 'clobbered
518 * by longjmp' warning. And no, 'volatile' proved insufficient.
519 */
520static void * sh_dummy_pre = NULL;
521static void * sh_dummy_ptr = NULL;
522
523/* check the list of open ports for any that are marked as UNKN
524 */
525static void sh_portchk_check_list (struct sh_portentry ** head, int proto, int report)
526{
527 struct sh_portentry * ptr = *head;
528 struct sh_portentry * pre = *head;
529 char errbuf[256];
530
531 /* Take the address to keep gcc from putting them into registers.
532 * Avoids the 'clobbered by longjmp' warning.
533 */
534 sh_dummy_pre = (void*) &pre;
535 sh_dummy_ptr = (void*) &ptr;
536
537 while (ptr)
538 {
539 if (portchk_debug && report)
540 fprintf(stderr, _("check list: port %d/%s %d %d\n"),
541 ptr->port, SH_PROTO_STR(proto), ptr->flag, ptr->status);
542
543 if (ptr->status == SH_PORT_UNKN)
544 {
545 /* Don't report missing ports that are marked as optional
546 */
547 if (ptr->flag != SH_PORT_OPT && ptr->flag != SH_PORT_IGN)
548 {
549 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"),
550 ptr->interface, ptr->port, SH_PROTO_STR(proto),
551 ptr->service ? ptr->service : check_services(ptr->port, proto));
552#ifdef TEST_ONLY
553 if (report == SH_PORT_REPORT)
554 fprintf(stderr, _("%s\n"), errbuf);
555#else
556 if (report == SH_PORT_REPORT)
557 {
558 SH_MUTEX_LOCK(mutex_thread_nolog);
559 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
560 MSG_PORT_MISS, errbuf);
561 SH_MUTEX_UNLOCK(mutex_thread_nolog);
562 }
563#endif
564 }
565
566 ptr->status = SH_PORT_MISS;
567
568 if ((ptr->flag != SH_PORT_REQ) && (ptr->flag != SH_PORT_OPT) && (ptr->flag != SH_PORT_IGN))
569 {
570 if (portchk_debug && report)
571 fprintf(stderr, _("removing: port %d/%s %d %d\n"),
572 ptr->port, SH_PROTO_STR(proto), ptr->flag, ptr->status);
573
574 if (ptr == *head)
575 {
576 *head = ptr->next;
577 if (ptr->service)
578 SH_FREE(ptr->service);
579 SH_FREE(ptr);
580 ptr = *head;
581 pre = *head;
582 continue;
583 }
584 else if (ptr->next == NULL)
585 {
586 pre->next = NULL;
587 if (ptr->service)
588 SH_FREE(ptr->service);
589 SH_FREE(ptr);
590 return;
591 }
592 else
593 {
594 pre->next = ptr->next;
595 if (ptr->service)
596 SH_FREE(ptr->service);
597 SH_FREE(ptr);
598 ptr = pre->next;
599 continue;
600 }
601 }
602 }
603 pre = ptr;
604 ptr = ptr->next;
605 }
606 return;
607}
608
609
610static struct sh_portentry * sh_portchk_get_from_list (int proto, int port,
611 struct sh_sockaddr * paddr, char * service)
612{
613 struct sh_portentry * portlist;
614 char str_addr[SH_IP_BUF];
615
616 if (proto == IPPROTO_TCP)
617 portlist = portlist_tcp;
618 else
619 portlist = portlist_udp;
620
621 sh_ipvx_ntoa(str_addr, sizeof(str_addr), paddr);
622
623 if (service)
624 {
625 while (portlist)
626 {
627 if (portlist->service &&
628 0 == strcmp(service, portlist->service) &&
629 ( 0 == strcmp(portlist->interface, str_addr) ||
630 sh_ipvx_isany(paddr) ))
631 return portlist;
632 portlist = portlist->next;
633 }
634 }
635 else
636 {
637 while (portlist)
638 {
639 if (port == portlist->port &&
640 (0 == strcmp(portlist->interface, str_addr) ||
641 sh_ipvx_isany(paddr) ))
642 return portlist;
643 portlist = portlist->next;
644 }
645 }
646 return NULL;
647}
648
649
650static void sh_portchk_cmp_to_list (int proto, int port, struct sh_sockaddr * paddr, char * service)
651{
652 struct sh_portentry * portent;
653 char errbuf[256];
654
655
656 portent = sh_portchk_get_from_list (proto, port, paddr, service);
657
658 if (service)
659 {
660 if (!portent)
661 {
662 char * path;
663 unsigned long qpid;
664 char user[USER_MAX];
665 char saddr[SH_IP_BUF];
666
667 sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
668
669 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"),
670 saddr, port, SH_PROTO_STR(proto), service);
671#ifdef TEST_ONLY
672 fprintf(stderr, _("open port: %s:%d/%s (%s)\n"),
673 saddr, port, SH_PROTO_STR(proto), service);
674#else
675 path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
676 SH_MUTEX_LOCK(mutex_thread_nolog);
677 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
678 MSG_PORT_NEW, errbuf, path, qpid, user);
679 SH_MUTEX_UNLOCK(mutex_thread_nolog);
680 SH_FREE(path);
681#endif
682 /*
683 * was not there, thus it is not in 'required' or 'optional' list
684 */
685 sh_portchk_add_to_list (proto, port, paddr, service, SH_PORT_NOT, SH_PORT_ISOK);
686 }
687 else if (portent->status == SH_PORT_MISS && portent->flag != SH_PORT_IGN)
688 {
689 char * path;
690 unsigned long qpid;
691 char user[USER_MAX];
692 char saddr[SH_IP_BUF];
693
694 sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
695
696 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s), was %d/%s"),
697 saddr, port, SH_PROTO_STR(proto), service, portent->port, SH_PROTO_STR(proto));
698#ifdef TEST_ONLY
699 fprintf(stderr, _("service: %s\n"), errbuf);
700#else
701 path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
702 SH_MUTEX_LOCK(mutex_thread_nolog);
703 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
704 MSG_PORT_RESTART, errbuf, path, qpid, user);
705 SH_MUTEX_UNLOCK(mutex_thread_nolog);
706 SH_FREE(path);
707#endif
708
709 portent->status = SH_PORT_ISOK;
710 }
711 else if (port != portent->port && (-1) != portent->port)
712 {
713 char * path;
714 unsigned long qpid;
715 char user[USER_MAX];
716 char saddr[SH_IP_BUF];
717
718 sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
719
720 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s), was %d/%s"),
721 saddr, port, SH_PROTO_STR(proto), service, portent->port, SH_PROTO_STR(proto));
722#ifdef TEST_ONLY
723 fprintf(stderr, _("service: %s\n"), errbuf);
724#else
725 path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
726 SH_MUTEX_LOCK(mutex_thread_nolog);
727 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
728 MSG_PORT_NEWPORT, errbuf, path, qpid, user);
729 SH_MUTEX_UNLOCK(mutex_thread_nolog);
730 SH_FREE(path);
731#endif
732 portent->port = port;
733 portent->status = SH_PORT_ISOK;
734 }
735 else
736 {
737 portent->status = SH_PORT_ISOK;
738 }
739 }
740 else
741 {
742 if (!portent)
743 {
744 char * path;
745 unsigned long qpid;
746 char user[USER_MAX];
747 char saddr[SH_IP_BUF];
748
749 sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
750
751 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"),
752 saddr, port, SH_PROTO_STR(proto), check_services(port, proto));
753#ifdef TEST_ONLY
754 fprintf(stderr, _("open port: %s:%d/%s (%s)\n"),
755 saddr, port, SH_PROTO_STR(proto), check_services(port, proto));
756#else
757 path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
758 SH_MUTEX_LOCK(mutex_thread_nolog);
759 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
760 MSG_PORT_NEW, errbuf, path, qpid, user);
761 SH_MUTEX_UNLOCK(mutex_thread_nolog);
762 SH_FREE(path);
763#endif
764
765 /* was not there, thus it is not in 'required' or 'optional' list
766 */
767 sh_portchk_add_to_list (proto, port, paddr, service, SH_PORT_NOT, SH_PORT_ISOK);
768 }
769 else if (portent->status == SH_PORT_MISS && portent->flag != SH_PORT_IGN)
770 {
771 char * path;
772 unsigned long qpid;
773 char user[USER_MAX];
774 char saddr[SH_IP_BUF];
775
776 sh_ipvx_ntoa(saddr, sizeof(saddr), paddr);
777
778 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"),
779 saddr, port, SH_PROTO_STR(proto), check_services(port, proto));
780#ifdef TEST_ONLY
781 fprintf(stderr, _("port : %s\n"), errbuf);
782#else
783 path = sh_port2proc_query(proto, paddr, port, &qpid, user, sizeof(user));
784 SH_MUTEX_LOCK(mutex_thread_nolog);
785 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0,
786 MSG_PORT_RESTART, errbuf, path, qpid, user);
787 SH_MUTEX_UNLOCK(mutex_thread_nolog);
788 SH_FREE(path);
789#endif
790
791 portent->status = SH_PORT_ISOK;
792 }
793 else
794 {
795 portent->status = SH_PORT_ISOK;
796 }
797 }
798
799 return;
800}
801
802
803/* Returns a static buffer containing the name of the service
804 * running on port <port> (from /etc/services)
805 * Returns NULL on failure
806 */
807static char * check_services (int port, int proto)
808{
809 static char buf[256];
810 char * service = sh_getservbyport(port, SH_PROTO_STR(proto), buf, sizeof(buf));
811
812 if (!service)
813 {
814 snprintf (buf, sizeof(buf), "%s",_("unknown"));
815 }
816 return buf;
817}
818
819/* Returns a static buffer containing the name of the service
820 * running on port <port> at <address> (from portmap daemon)
821 * Returns NULL on failure
822 */
823static char * check_rpc_list (int port, struct sockaddr_in * address,
824 unsigned long prot)
825{
826#ifdef HAVE_RPC_RPC_H
827 struct pmaplist * head;
828 char *r;
829 static char buf[256];
830
831 head = pmap_getmaps(address);
832
833 if (head)
834 {
835 do /* while (head != NULL) */
836 {
837 if ((head->pml_map.pm_prot == prot) &&
838 (port == (int)head->pml_map.pm_port))
839 {
840 r = sh_getrpcbynumber((int)head->pml_map.pm_prog,
841 buf, sizeof(buf));
842 if (r)
843 {
844 return buf;
845 }
846 else
847 {
848 snprintf (buf, sizeof(buf), "RPC_%lu",
849 (unsigned long)head->pml_map.pm_prog);
850 return buf;
851 }
852 }
853 head = head->pml_next;
854 }
855 while (head != NULL);
856 }
857#else
858 (void) port;
859 (void) address;
860 (void) prot;
861#endif
862 return NULL;
863}
864
865static int check_port_udp_internal (int fd, int port, struct sh_sockaddr * paddr)
866{
867 int retval;
868 char * p = NULL;
869 char buf[8];
870#ifndef TEST_ONLY
871 char errmsg[256];
872 int nerr;
873#endif
874 char errbuf[SH_ERRBUF_SIZE];
875 char ipbuf[SH_IP_BUF];
876
877 sh_ipvx_set_port(paddr, port);
878
879 do {
880 retval = connect(fd, sh_ipvx_sockaddr_cast(paddr), SH_SSP_LEN(paddr));
881 } while (retval < 0 && (errno == EINTR || errno == EINPROGRESS));
882
883 if (retval == -1)
884 {
885#ifdef TEST_ONLY
886 if (portchk_debug)
887 perror(_("connect"));
888#else
889 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
890
891 nerr = errno;
892 sl_snprintf(errmsg, sizeof(errmsg), _("check port: %5d/udp on %15s: %s"),
893 port, ipbuf, sh_error_message(errno, errbuf, sizeof(errbuf)));
894 SH_MUTEX_LOCK(mutex_thread_nolog);
895 sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN,
896 errmsg, _("connect"));
897 SH_MUTEX_UNLOCK(mutex_thread_nolog);
898#endif
899 }
900 else
901 {
902 do {
903 retval = send (fd, buf, 0, 0);
904 } while (retval < 0 && errno == EINTR);
905
906 if (retval == -1 && errno == ECONNREFUSED)
907 {
908 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
909 if (portchk_debug)
910 fprintf(stderr, _("check port: %5d/udp on %15s established/time_wait\n"),
911 port, ipbuf);
912 }
913 else
914 {
915 /* Only the second send() may catch the error
916 */
917 do {
918 retval = send (fd, buf, 0, 0);
919 } while (retval < 0 && errno == EINTR);
920
921 if (retval == -1 && errno == ECONNREFUSED)
922 {
923 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
924 if (portchk_debug)
925 fprintf(stderr, _("check port: %5d/udp on %15s established/time_wait\n"),
926 port, ipbuf);
927 }
928 else if (retval != -1)
929 {
930 /* Try to get service name from portmap
931 */
932 if (paddr->ss_family == AF_INET)
933 {
934 p = check_rpc_list (port, (struct sockaddr_in *) sh_ipvx_sockaddr_cast(paddr), IPPROTO_UDP);
935 }
936
937 sh_portchk_cmp_to_list (IPPROTO_UDP, port, paddr, p ? p : NULL);
938
939 /* If not an RPC service, try to get name from /etc/services
940 */
941 if (!p)
942 p = check_services(port, IPPROTO_UDP);
943
944 if (portchk_debug)
945 {
946 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
947 fprintf(stderr, _("check port: %5d/udp on %15s open %s\n"),
948 port, ipbuf, p);
949 }
950
951 }
952 }
953 }
954 sl_close_fd (FIL__, __LINE__, fd);
955 return 0;
956}
957
958static int check_port_tcp_internal (int fd, int port, struct sh_sockaddr * paddr)
959{
960 int retval;
961 int flags;
962 char * p = NULL;
963#ifndef TEST_ONLY
964 char errmsg[256];
965 int nerr;
966#endif
967 char errbuf[SH_ERRBUF_SIZE];
968 char ipbuf[SH_IP_BUF];
969
970 sh_ipvx_set_port(paddr, port);
971
972 do {
973 retval = connect(fd, sh_ipvx_sockaddr_cast(paddr), SH_SSP_LEN(paddr));
974 } while (retval < 0 && (errno == EINTR || errno == EINPROGRESS));
975
976 if (retval == -1 && errno == ECONNREFUSED)
977 {
978 if (portchk_debug)
979 {
980 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
981 fprintf(stderr, _("check port: %5d on %15s established/time_wait\n"),
982 port, ipbuf);
983 }
984 }
985 else if (retval == -1)
986 {
987#ifdef TEST_ONLY
988 if (portchk_debug)
989 perror(_("connect"));
990#else
991 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
992 nerr = errno;
993 sl_snprintf(errmsg, sizeof(errmsg), _("check port: %5d/tcp on %15s: %s"),
994 port, ipbuf, sh_error_message(errno, errbuf, sizeof(errbuf)));
995 SH_MUTEX_LOCK(mutex_thread_nolog);
996 sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN,
997 errmsg, _("connect"));
998 SH_MUTEX_UNLOCK(mutex_thread_nolog);
999#endif
1000 }
1001 else
1002 {
1003 /* Try to get service name from portmap
1004 */
1005 if (paddr->ss_family == AF_INET)
1006 {
1007 p = check_rpc_list (port, (struct sockaddr_in *) sh_ipvx_sockaddr_cast(paddr), IPPROTO_TCP);
1008 }
1009
1010 sh_portchk_cmp_to_list (IPPROTO_TCP, port, paddr, p ? p : NULL);
1011
1012 /* If not an RPC service, try to get name from /etc/services
1013 */
1014 if (!p)
1015 p = check_services(port, IPPROTO_TCP);
1016
1017 if (portchk_debug)
1018 {
1019 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr);
1020 fprintf(stderr, _("check port: %5d on %15s open %s\n"),
1021 port, ipbuf, p);
1022 }
1023
1024#if !defined(O_NONBLOCK)
1025#if defined(O_NDELAY)
1026#define O_NONBLOCK O_NDELAY
1027#else
1028#define O_NONBLOCK 0
1029#endif
1030#endif
1031
1032 /* prepare to close connection gracefully
1033 */
1034 if (port == 22) /* ssh */
1035 {
1036 flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
1037 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
1038 retval = write (fd, _("SSH-2.0-Foobar"), 14);
1039 if (retval > 0) retval = write (fd, "\r\n", 2);
1040 }
1041 else if (port == 25) /* smtp */
1042 {
1043 flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
1044 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
1045 retval = write (fd, _("QUIT"), 4);
1046 if (retval > 0) retval = write (fd, "\r\n", 2);
1047 }
1048 else if (port == 79) /* finger */
1049 {
1050 flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
1051 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
1052 retval = write (fd, "\r\n", 2);
1053 }
1054 else if (port == 110) /* pop3 */
1055 {
1056 flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
1057 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
1058 retval = write (fd, _("QUIT"), 4);
1059 if (retval > 0) retval = write (fd, "\r\n", 2);
1060 }
1061 else if (port == 143) /* imap */
1062 {
1063 flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
1064 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK);
1065 retval = write (fd, _("A01 LOGOUT"), 10);
1066 if (retval > 0) retval = write (fd, "\r\n", 2);
1067 }
1068
1069 if (portchk_debug && retval < 0)
1070 fprintf(stderr, _("check port: error writing to port %5d\n"),
1071 port);
1072 }
1073 sl_close_fd (FIL__, __LINE__, fd);
1074 return 0;
1075}
1076
1077/* typedef uint32_t in_addr_t;
1078 * struct in_addr
1079 * {
1080 * in_addr_t s_addr;
1081 * };
1082 */
1083
1084#define SH_IFACE_MAX 16
1085
1086struct portchk_interfaces {
1087 struct sh_sockaddr iface[SH_IFACE_MAX];
1088 int used;
1089};
1090
1091static struct portchk_interfaces iface_list;
1092static int iface_initialized = 0;
1093
1094#ifdef TEST_ONLY
1095static char * portchk_hostname = NULL;
1096#else
1097static char * portchk_hostname = sh.host.name;
1098#endif
1099
1100static int sh_portchk_init_internal (void)
1101{
1102 volatile int i; /* might be clobbered by ‘longjmp’ or ‘vfork’*/
1103 char errbuf[256];
1104#if defined(USE_IPVX)
1105 struct addrinfo hints;
1106 struct addrinfo *res;
1107#else
1108 struct hostent * hent;
1109#endif
1110 char ipbuf[SH_IP_BUF];
1111
1112 if (portchk_debug)
1113 fprintf(stderr, _("checking ports on: %s\n"), portchk_hostname ? portchk_hostname : _("NULL"));
1114
1115 if (!portchk_hostname)
1116 return -1;
1117
1118 if (sh_portchk_active == S_FALSE)
1119 return -1;
1120
1121 SH_MUTEX_LOCK(mutex_port_check);
1122 if (iface_initialized == 0)
1123 {
1124 iface_list.used = 0;
1125 iface_initialized = 1;
1126 }
1127
1128#if !defined(USE_IPVX)
1129 SH_MUTEX_LOCK(mutex_resolv);
1130 hent = sh_gethostbyname(portchk_hostname);
1131 i = 0;
1132 while (hent && hent->h_addr_list[i] && (iface_list.used < SH_IFACE_MAX))
1133 {
1134 struct sockaddr_in sin;
1135
1136 memcpy(&(sin.sin_addr.s_addr), hent->h_addr_list[i], sizeof(in_addr_t));
1137 sh_ipvx_save(&(iface_list.iface[iface_list.used]),
1138 AF_INET, (struct sockaddr *)&sin);
1139 ++iface_list.used;
1140 ++i;
1141 }
1142 SH_MUTEX_UNLOCK(mutex_resolv);
1143#else
1144 memset(&hints, '\0', sizeof(hints));
1145 hints.ai_family = PF_UNSPEC;
1146 hints.ai_flags = AI_ADDRCONFIG;
1147
1148 if (0 == getaddrinfo(portchk_hostname, NULL, &hints, &res))
1149 {
1150 struct addrinfo *p = res;
1151
1152 while ((p != NULL) && (iface_list.used < SH_IFACE_MAX))
1153 {
1154 sh_ipvx_save(&(iface_list.iface[iface_list.used]),
1155 p->ai_family, p->ai_addr);
1156 ++iface_list.used;
1157 p = p->ai_next;
1158 }
1159 freeaddrinfo(res);
1160 }
1161#endif
1162
1163 for (i = 0; i < iface_list.used; ++i)
1164 {
1165 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), &(iface_list.iface[i]));
1166 sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), ipbuf);
1167
1168 SH_MUTEX_LOCK(mutex_thread_nolog);
1169 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1170 errbuf, _("sh_portchk_init"));
1171 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1172 }
1173 SH_MUTEX_UNLOCK(mutex_port_check);
1174
1175 return 0;
1176}
1177
1178int sh_portchk_init (struct mod_type * arg)
1179{
1180#ifndef HAVE_PTHREAD
1181 (void) arg;
1182#endif
1183
1184 if (sh_portchk_active == S_FALSE)
1185 return SH_MOD_FAILED;
1186 if (!portchk_hostname)
1187 return SH_MOD_FAILED;
1188
1189#ifdef HAVE_PTHREAD
1190 if (arg != NULL && arg->initval < 0 &&
1191 (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE))
1192 {
1193 if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg))
1194 return SH_MOD_THREAD;
1195 else
1196 return SH_MOD_FAILED;
1197 }
1198 else if (arg != NULL && arg->initval == SH_MOD_THREAD &&
1199 (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE))
1200 {
1201 return SH_MOD_THREAD;
1202 }
1203#endif
1204 return sh_portchk_init_internal();
1205}
1206
1207
1208
1209#if !defined(TEST_ONLY)
1210int sh_portchk_reconf (void)
1211{
1212 SH_MUTEX_LOCK(mutex_port_check);
1213 iface_initialized = 0;
1214 sh_portchk_active = 1;
1215 sh_portchk_check_udp = 1;
1216 sh_portchk_interval = SH_PORTCHK_INTERVAL;
1217
1218 sh_portchk_minport = -1;
1219 sh_portchk_maxport = -1;
1220
1221 portlist_udp = sh_portchk_kill_list (portlist_udp);
1222 portlist_tcp = sh_portchk_kill_list (portlist_tcp);
1223
1224 blacklist_udp = sh_portchk_kill_blacklist (blacklist_udp);
1225 blacklist_tcp = sh_portchk_kill_blacklist (blacklist_tcp);
1226 sh_port2proc_finish();
1227
1228 SH_MUTEX_UNLOCK(mutex_port_check);
1229 return 0;
1230}
1231
1232int sh_portchk_cleanup (void)
1233{
1234 return sh_portchk_reconf ();
1235}
1236
1237int sh_portchk_timer (time_t tcurrent)
1238{
1239 static time_t lastcheck = 0;
1240
1241 SL_ENTER(_("sh_portchk_timer"));
1242 if ((time_t) (tcurrent - lastcheck) >= sh_portchk_interval)
1243 {
1244 lastcheck = tcurrent;
1245 SL_RETURN((-1), _("sh_portchk_timer"));
1246 }
1247 SL_RETURN(0, _("sh_portchk_timer"));
1248}
1249#endif
1250
1251static int check_port_generic (int port, int domain, int type, int protocol)
1252{
1253 volatile int i = 0;
1254 int sock = -1;
1255 int flag = 1; /* non-zero to enable an option */
1256 struct sh_sockaddr paddr;
1257 char errbuf[SH_ERRBUF_SIZE];
1258
1259 /* Check all interfaces for this host
1260 */
1261 while (i < iface_list.used)
1262 {
1263 memcpy(&paddr, &(iface_list.iface[i]), sizeof(paddr));
1264
1265 if (paddr.ss_family != domain)
1266 {
1267 ++i;
1268 continue;
1269 }
1270
1271 if (0 != sh_portchk_is_blacklisted(port, &paddr, protocol))
1272 {
1273 ++i;
1274 continue;
1275 }
1276
1277 if ((sock = socket(paddr.ss_family, type, protocol)) < 0 )
1278 {
1279 ++i;
1280#ifdef TEST_ONLY
1281 if (portchk_debug)
1282 perror(_("socket"));
1283#else
1284
1285#ifndef EPROTONOSUPPORT
1286#define EPROTONOSUPPORT 0
1287#endif
1288#ifndef EAFNOSUPPORT
1289#define EAFNOSUPPORT 0
1290#endif
1291 if (errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
1292 {
1293 SH_MUTEX_LOCK(mutex_thread_nolog);
1294 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
1295 sh_error_message(errno, errbuf, sizeof(errbuf)), _("socket"));
1296 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1297 }
1298#endif
1299 continue;
1300 }
1301 if ( setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
1302 (void *) &flag, sizeof(flag)) < 0 )
1303 {
1304 ++i;
1305#ifdef TEST_ONLY
1306 if (portchk_debug)
1307 perror(_("setsockopt"));
1308#else
1309 SH_MUTEX_LOCK(mutex_thread_nolog);
1310 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
1311 sh_error_message(errno, errbuf, sizeof(errbuf)),_("setsockopt"));
1312 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1313#endif
1314 continue;
1315 }
1316
1317
1318 if (protocol == IPPROTO_TCP)
1319 check_port_tcp_internal(sock, port, &paddr);
1320 else
1321 check_port_udp_internal(sock, port, &paddr);
1322
1323 ++i;
1324 }
1325
1326 return 0;
1327}
1328
1329
1330
1331static int check_port_udp (int port, int domain)
1332{
1333 return check_port_generic(port, domain, SOCK_DGRAM, IPPROTO_UDP);
1334}
1335
1336static int check_port_tcp (int port, int domain)
1337{
1338 return check_port_generic(port, domain, SOCK_STREAM, IPPROTO_TCP);
1339}
1340
1341
1342static int sh_portchk_scan_ports_generic (int min_port, int max_port_arg,
1343 int domain, int type, int protocol)
1344{
1345 /*
1346 int min_port = 1024;
1347 int max_port = 65535;
1348 */
1349
1350 volatile int port; /* might be clobbered by ‘longjmp’ or ‘vfork’*/
1351 volatile int max_port = max_port_arg;
1352 int retval;
1353 int sock = -1;
1354 int flag = 1; /* non-zero to enable an option */
1355
1356 struct sockaddr_in addr4;
1357 struct sockaddr_in6 addr6;
1358
1359 int addrlen4 = sizeof(addr4);
1360 int addrlen6 = sizeof(addr6);
1361
1362 struct in6_addr anyaddr = IN6ADDR_ANY_INIT;
1363
1364 char errbuf[SH_ERRBUF_SIZE];
1365
1366 if (min_port == -1)
1367 min_port = 0;
1368 if (max_port == -1)
1369 max_port = 65535;
1370
1371 for (port = min_port; port <= max_port; ++port)
1372 {
1373 if ((sock = socket(domain, type, protocol)) < 0 )
1374 {
1375#ifdef TEST_ONLY
1376 if (portchk_debug)
1377 perror(_("socket"));
1378#else
1379#ifndef EPROTONOSUPPORT
1380#define EPROTONOSUPPORT 0
1381#endif
1382#ifndef EAFNOSUPPORT
1383#define EAFNOSUPPORT 0
1384#endif
1385 if (errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
1386 {
1387 SH_MUTEX_LOCK(mutex_thread_nolog);
1388 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
1389 sh_error_message(errno, errbuf, sizeof(errbuf)), _("socket"));
1390 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1391 }
1392#endif
1393 continue;
1394 }
1395 if ( setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
1396 (void *) &flag, sizeof(flag)) < 0 )
1397 {
1398#ifdef TEST_ONLY
1399 if (portchk_debug)
1400 perror(_("setsockopt"));
1401#else
1402 SH_MUTEX_LOCK(mutex_thread_nolog);
1403 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
1404 sh_error_message(errno, errbuf, sizeof(errbuf)),_("setsockopt"));
1405 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1406#endif
1407 continue;
1408 }
1409
1410 if (domain == AF_INET)
1411 {
1412 addr4.sin_family = AF_INET;
1413 addr4.sin_port = htons(port);
1414 addr4.sin_addr.s_addr = INADDR_ANY;
1415 retval = bind (sock, (struct sockaddr *) &addr4, addrlen4);
1416 }
1417 else
1418 {
1419 addr6.sin6_family = AF_INET6;
1420 addr6.sin6_port = htons(port);
1421 memcpy(&(addr6.sin6_addr.s6_addr), &anyaddr, sizeof(anyaddr));
1422 retval = bind (sock, (struct sockaddr *) &addr6, addrlen6);
1423 }
1424
1425 if (retval == 0)
1426 {
1427 /* we can bind the port, thus it is unused
1428 */
1429 sl_close_fd (FIL__, __LINE__, sock);
1430 }
1431 else
1432 {
1433 if (errno == EINVAL || errno == EADDRINUSE)
1434 {
1435 /* try to connect to the port
1436 */
1437 if (protocol == IPPROTO_TCP)
1438 check_port_tcp(port, domain);
1439 else
1440 check_port_udp(port, domain);
1441 }
1442 else
1443 {
1444#ifdef TEST_ONLY
1445 if (portchk_debug)
1446 perror(_("bind"));
1447#else
1448 SH_MUTEX_LOCK(mutex_thread_nolog);
1449 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN,
1450 sh_error_message(errno, errbuf, sizeof(errbuf)), _("bind"));
1451 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1452#endif
1453 }
1454 sl_close_fd (FIL__, __LINE__, sock);
1455 }
1456 }
1457 return 0;
1458}
1459
1460static int sh_portchk_scan_ports_tcp (int min_port, int max_port)
1461{
1462#if defined(USE_IPVX)
1463 sh_portchk_scan_ports_generic (min_port, max_port, AF_INET6,
1464 SOCK_STREAM, IPPROTO_TCP);
1465#endif
1466 return sh_portchk_scan_ports_generic (min_port, max_port, AF_INET,
1467 SOCK_STREAM, IPPROTO_TCP);
1468}
1469
1470static int sh_portchk_scan_ports_udp (int min_port, int max_port)
1471{
1472#if defined(USE_IPVX)
1473 sh_portchk_scan_ports_generic (min_port, max_port, AF_INET6,
1474 SOCK_DGRAM, IPPROTO_UDP);
1475#endif
1476 return sh_portchk_scan_ports_generic (min_port, max_port, AF_INET,
1477 SOCK_DGRAM, IPPROTO_UDP);
1478}
1479
1480/* Subroutine to add an interface
1481 */
1482static void * sh_dummy_str = NULL; /* fix clobbered by.. warning */
1483
1484static int sh_portchk_add_interface (const char * str)
1485{
1486 struct sh_sockaddr saddr;
1487 char errbuf[256];
1488 char buf[64];
1489
1490 sh_dummy_str = (void*) &str;
1491
1492 if (iface_initialized == 0)
1493 {
1494 iface_list.used = 0;
1495 iface_initialized = 1;
1496 }
1497
1498 do {
1499
1500 while (*str == ',' || *str == ' ' || *str == '\t') ++str;
1501
1502 if (*str)
1503 {
1504 char ipbuf[SH_IP_BUF];
1505 unsigned int i = 0;
1506 while (*str && i < (sizeof(buf)-1) &&
1507 *str != ',' && *str != ' ' && *str != '\t')
1508 {
1509 buf[i] = *str; ++str; ++i;
1510 }
1511 buf[i] = '\0';
1512
1513 if (0 == sh_ipvx_aton(buf, &saddr))
1514 return -1;
1515
1516 if (iface_list.used == SH_IFACE_MAX)
1517 return -1;
1518
1519 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), &saddr);
1520 sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), ipbuf);
1521 SH_MUTEX_LOCK(mutex_thread_nolog);
1522 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1523 errbuf, _("sh_portchk_add_interface"));
1524 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1525
1526 memcpy (&(iface_list.iface[iface_list.used]), &(saddr), sizeof(saddr));
1527 ++iface_list.used;
1528 }
1529 } while (*str);
1530
1531 return 0;
1532}
1533
1534/* verify whether port/interface is blacklisted (do not check)
1535 */
1536static int sh_portchk_is_blacklisted(int port, struct sh_sockaddr * saddr,
1537 int proto)
1538{
1539 struct sh_port * head;
1540
1541 if (proto == IPPROTO_TCP)
1542 head = blacklist_tcp;
1543 else
1544 head = blacklist_udp;
1545
1546 while (head)
1547 {
1548 if (head->port == port)
1549 {
1550 if (sh_ipvx_isany(head->paddr) ||
1551 0 == sh_ipvx_cmp(head->paddr, saddr))
1552 return 1;
1553 else
1554 return 0;
1555 }
1556 head = head->next;
1557 }
1558 return 0;
1559}
1560
1561
1562static int sh_portchk_blacklist(int port, struct sh_sockaddr * saddr, int proto)
1563{
1564 struct sh_port * black;
1565 struct sh_port * head;
1566
1567 if (proto == IPPROTO_TCP)
1568 head = blacklist_tcp;
1569 else
1570 head = blacklist_udp;
1571
1572 black = head;
1573
1574 while (black)
1575 {
1576 if (black->port == port &&
1577 0 == sh_ipvx_cmp(head->paddr, saddr))
1578 return -1;
1579 black = black->next;
1580 }
1581
1582 black = SH_ALLOC (sizeof(struct sh_port));
1583 black->paddr = SH_ALLOC (sizeof(struct sh_sockaddr));
1584 black->port = port;
1585 memcpy(black->paddr, saddr, sizeof(struct sh_sockaddr));
1586 black->next = head;
1587
1588 if (proto == IPPROTO_TCP)
1589 blacklist_tcp = black;
1590 else
1591 blacklist_udp = black;
1592 return 0;
1593}
1594
1595
1596/* Subroutine to add a required or optional port/service
1597 */
1598static int sh_portchk_add_required_port_generic (char * service,
1599 char * interface, int type)
1600{
1601 char buf[256];
1602 int proto;
1603 char * p;
1604 char * endptr;
1605 unsigned long int port;
1606 struct sh_sockaddr saddr;
1607 struct sh_portentry * portent;
1608
1609 if (0 == sh_ipvx_aton(interface, &saddr))
1610 return -1;
1611
1612 sl_strlcpy (buf, service, sizeof(buf));
1613
1614 p = strchr(buf, '/');
1615 if (!p)
1616 return -1;
1617 if (0 == strcmp(p, _("/tcp")))
1618 proto = IPPROTO_TCP;
1619 else if (0 == strcmp(p, _("/udp")))
1620 proto = IPPROTO_UDP;
1621 else
1622 return -1;
1623
1624 *p = '\0';
1625 port = strtoul(buf, &endptr, 0);
1626
1627 /* Blacklisted ports
1628 */
1629 if (*endptr == '\0' && port <= 65535 && type == SH_PORT_BLACKLIST)
1630 return (sh_portchk_blacklist(port, &saddr, proto));
1631
1632 if (*endptr != '\0')
1633 {
1634 portent = sh_portchk_get_from_list (proto, -1, &saddr, buf);
1635 if (!portent)
1636 sh_portchk_add_to_list (proto, -1, &saddr, buf, type, SH_PORT_UNKN);
1637 else
1638 {
1639#ifdef TEST_ONLY
1640 fprintf(stderr, "** WARNING: duplicate port definition %s/%s\n", buf, SH_PROTO_STR(proto));
1641#else
1642 SH_MUTEX_LOCK(mutex_thread_nolog);
1643 sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1644 _("duplicate port definition"), _("sh_portchk_add_required_port_generic"));
1645 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1646#endif
1647 return -1;
1648 }
1649 }
1650 else if (port <= 65535)
1651 {
1652 portent = sh_portchk_get_from_list (proto, port, &saddr, NULL);
1653 if (!portent)
1654 sh_portchk_add_to_list (proto, port, &saddr, NULL, type, SH_PORT_UNKN);
1655 else
1656 {
1657#ifdef TEST_ONLY
1658 fprintf(stderr, "** WARNING: duplicate port definition %lu/%s\n", port, SH_PROTO_STR(proto));
1659#else
1660 SH_MUTEX_LOCK(mutex_thread_nolog);
1661 sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1662 _("duplicate port definition"), _("sh_portchk_add_required_port_generic"));
1663 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1664#endif
1665 return -1;
1666 }
1667 }
1668 else
1669 return -1;
1670
1671 return 0;
1672}
1673
1674/* Internal interface to add required or optional ports as 'iface:portlist'
1675 */
1676static int sh_portchk_add_required_generic (const char * str, int type)
1677{
1678 size_t len;
1679 size_t ll = 0;
1680 int status;
1681
1682 char * interface = NULL;
1683 char * list;
1684 char * p;
1685#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
1686 char * saveptr;
1687#endif
1688
1689 if (!str)
1690 return -1;
1691
1692 if (strchr(str, ':'))
1693 {
1694 len = strlen(str);
1695 for (ll = 0; ll < len; ++ll)
1696 {
1697 if (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t')
1698 {
1699 interface = SH_ALLOC(ll+1);
1700 sl_strlcpy(interface, str, ll+1);
1701 interface[ll] = '\0';
1702 while (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t')
1703 ++ll;
1704 break;
1705 }
1706 }
1707 }
1708 else
1709 {
1710 interface = SH_ALLOC(8);
1711 sl_strlcpy(interface, _("0.0.0.0"), 8);
1712 interface[7] = '\0';
1713 while (str[ll] == ' ' || str[ll] == '\t')
1714 ++ll;
1715 }
1716
1717 if (!interface)
1718 return -1;
1719
1720 if (str[ll] == '\0')
1721 {
1722 SH_FREE(interface);
1723 return -1;
1724 }
1725
1726 if (portchk_debug)
1727 fprintf(stderr, "add ports for interface: %s\n", interface);
1728
1729 list = sh_util_strdup(&str[ll]);
1730#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
1731 p = strtok_r (list, " ,\t", &saveptr);
1732#else
1733 p = strtok (list, " ,\t");
1734#endif
1735 if (!p)
1736 {
1737 SH_FREE(interface);
1738 SH_FREE(list);
1739 return -1;
1740 }
1741 while (p)
1742 {
1743 status = sh_portchk_add_required_port_generic (p, interface, type);
1744
1745 if (-1 == status)
1746 {
1747 SH_FREE(interface);
1748 SH_FREE(list);
1749 return -1;
1750 }
1751#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
1752 p = strtok_r (NULL, " ,\t", &saveptr);
1753#else
1754 p = strtok (NULL, " ,\t");
1755#endif
1756 }
1757 SH_FREE(interface);
1758 SH_FREE(list);
1759 return 0;
1760}
1761
1762/* User interface to add required ports as 'iface:portlist'
1763 */
1764static int sh_portchk_add_required (const char * str)
1765{
1766 return sh_portchk_add_required_generic (str, SH_PORT_REQ);
1767}
1768
1769/* User interface to add optional ports as 'iface:portlist'
1770 */
1771static int sh_portchk_add_optional (const char * str)
1772{
1773 return sh_portchk_add_required_generic (str, SH_PORT_OPT);
1774}
1775
1776/* User interface to add ignoreable ports as 'iface:portlist'
1777 */
1778static int sh_portchk_add_ignore (const char * str)
1779{
1780 return sh_portchk_add_required_generic (str, SH_PORT_IGN);
1781}
1782
1783/* User interface to add ports that should not be checked as 'iface:portlist'
1784 */
1785static int sh_portchk_add_blacklist (const char * str)
1786{
1787 return sh_portchk_add_required_generic (str, SH_PORT_BLACKLIST);
1788}
1789
1790/* Interface to run port check
1791 */
1792int sh_portchk_check ()
1793{
1794 volatile int min_port;
1795 static int noprivports = 0;
1796
1797 SH_MUTEX_LOCK(mutex_port_check);
1798
1799 min_port = (sh_portchk_minport == -1) ? 0 : sh_portchk_minport;
1800
1801 if (sh_portchk_active != S_FALSE)
1802 {
1803 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1804 _("Checking for open ports"),
1805 _("sh_portchk_check"));
1806
1807 sh_portchk_reset_lists();
1808 if ((0 != geteuid()) && (min_port < 1024))
1809 {
1810 min_port = 1024;
1811 if (noprivports == 0)
1812 {
1813#ifdef TEST_ONLY
1814 fprintf(stderr, "** WARNING not scanning ports < 1024\n");
1815#else
1816 SH_MUTEX_LOCK(mutex_thread_nolog);
1817 sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1818 _("not scanning ports below 1024"),
1819 _("sh_portchk_check"));
1820 SH_MUTEX_UNLOCK(mutex_thread_nolog);
1821#endif
1822 noprivports = 1;
1823 }
1824 }
1825
1826 sh_port2proc_prepare();
1827
1828 if (sh_portchk_check_udp == 1)
1829 sh_portchk_scan_ports_udp(min_port, sh_portchk_maxport);
1830 sh_portchk_scan_ports_tcp(min_port, sh_portchk_maxport);
1831
1832
1833 sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_REPORT);
1834 if (sh_portchk_check_udp == 1)
1835 sh_portchk_check_list (&portlist_udp, IPPROTO_UDP, SH_PORT_REPORT);
1836
1837 }
1838 SH_MUTEX_UNLOCK(mutex_port_check);
1839 return 0;
1840}
1841#endif
1842
1843#ifdef SH_CUTEST
1844#include "CuTest.h"
1845
1846void Test_portcheck_lists (CuTest *tc)
1847{
1848#if defined(SH_USE_PORTCHECK) && (defined(SH_WITH_CLIENT) || defined(SH_STANDALONE))
1849 struct sh_sockaddr haddr_local;
1850 struct sh_portentry * portent;
1851 char buf[256];
1852 char * p;
1853
1854#ifdef HAVE_RPC_RPC_H
1855 p = sh_getrpcbynumber(0, buf, sizeof(buf));
1856 CuAssertTrue(tc, p == NULL);
1857
1858 p = sh_getrpcbynumber(100000, buf, sizeof(buf));
1859 CuAssertPtrNotNull(tc, p);
1860 CuAssertTrue(tc, (0 == strcmp(p, "portmapper") || 0 == strcmp(p, "rpcbind")));
1861 CuAssertTrue(tc, (0 == strcmp(buf, "portmapper") || 0 == strcmp(p, "rpcbind")));
1862
1863 p = sh_getrpcbynumber(100007, buf, sizeof(buf));
1864 CuAssertPtrNotNull(tc, p);
1865 CuAssertTrue(tc, 0 == strcmp(p, "ypbind"));
1866 CuAssertTrue(tc, 0 == strcmp(buf, "ypbind"));
1867#endif
1868
1869 p = sh_getservbyport(0, SH_PROTO_STR(IPPROTO_UDP), buf, sizeof(buf));
1870 CuAssertTrue(tc, p == NULL);
1871
1872#if !defined(HOST_IS_CYGWIN)
1873 p = sh_getservbyport(22, SH_PROTO_STR(IPPROTO_TCP), buf, sizeof(buf));
1874 CuAssertPtrNotNull(tc, p);
1875 CuAssertTrue(tc, 0 == strcmp(p, "ssh"));
1876 CuAssertTrue(tc, 0 == strcmp(buf, "ssh"));
1877#endif
1878
1879 p = sh_getservbyport(13, SH_PROTO_STR(IPPROTO_UDP), buf, sizeof(buf));
1880 CuAssertPtrNotNull(tc, p);
1881 CuAssertTrue(tc, 0 == strcmp(p, "daytime"));
1882 CuAssertTrue(tc, 0 == strcmp(buf, "daytime"));
1883
1884 CuAssertTrue(tc, 0 != sh_ipvx_aton("127.0.0.1", &haddr_local));
1885
1886 sh_portchk_add_to_list (IPPROTO_TCP, 8000, &haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN);
1887
1888 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, NULL);
1889 CuAssertPtrNotNull(tc, portent);
1890
1891 CuAssertTrue(tc, portent->port == 8000);
1892 CuAssertTrue(tc, 0 == strcmp("127.0.0.1", portent->interface));
1893 CuAssertTrue(tc, portent->status == SH_PORT_UNKN);
1894 CuAssertTrue(tc, portent->flag == SH_PORT_NOT);
1895
1896 sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_NOREPT);
1897
1898 CuAssertTrue(tc, NULL == portlist_tcp);
1899
1900 sh_portchk_add_to_list (IPPROTO_TCP, 8000, &haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN);
1901 sh_portchk_add_to_list (IPPROTO_TCP, 8001, &haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN);
1902 sh_portchk_add_to_list (IPPROTO_TCP, 8002, &haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN);
1903 sh_portchk_add_to_list (IPPROTO_TCP, 8003, &haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN);
1904 sh_portchk_add_to_list (IPPROTO_TCP, 8004, &haddr_local, NULL, SH_PORT_IGN, SH_PORT_UNKN);
1905 sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo1", SH_PORT_NOT, SH_PORT_UNKN);
1906 sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo2", SH_PORT_REQ, SH_PORT_UNKN);
1907 sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo3", SH_PORT_NOT, SH_PORT_UNKN);
1908 sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo4", SH_PORT_REQ, SH_PORT_UNKN);
1909 sh_portchk_add_to_list (IPPROTO_TCP, -1, &haddr_local, "foo5", SH_PORT_IGN, SH_PORT_UNKN);
1910
1911 sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_NOREPT);
1912
1913 CuAssertPtrNotNull(tc, portlist_tcp);
1914
1915 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, NULL);
1916 CuAssertPtrNotNull(tc, portent);
1917
1918 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8001, &haddr_local, NULL);
1919 CuAssertTrue(tc, NULL == portent);
1920
1921 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8002, &haddr_local, NULL);
1922 CuAssertPtrNotNull(tc, portent);
1923
1924 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8003, &haddr_local, NULL);
1925 CuAssertTrue(tc, NULL == portent);
1926
1927 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8004, &haddr_local, NULL);
1928 CuAssertPtrNotNull(tc, portent);
1929
1930 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo1");
1931 CuAssertTrue(tc, NULL == portent);
1932
1933 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo2");
1934 CuAssertPtrNotNull(tc, portent);
1935 CuAssertTrue(tc, 0 == strcmp(portent->service, "foo2"));
1936
1937 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo3");
1938 CuAssertTrue(tc, NULL == portent);
1939
1940 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo4");
1941 CuAssertPtrNotNull(tc, portent);
1942 CuAssertTrue(tc, 0 == strcmp(portent->service, "foo4"));
1943
1944 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, &haddr_local, "foo5");
1945 CuAssertPtrNotNull(tc, portent);
1946 CuAssertTrue(tc, 0 == strcmp(portent->service, "foo5"));
1947
1948 CuAssertTrue(tc, 0 == sh_portchk_blacklist(666, &haddr_local, IPPROTO_TCP));
1949 CuAssertTrue(tc, 0 != sh_portchk_blacklist(666, &haddr_local, IPPROTO_TCP));
1950 CuAssertTrue(tc, 0 == sh_portchk_blacklist(667, &haddr_local, IPPROTO_TCP));
1951 CuAssertTrue(tc, 0 == sh_portchk_blacklist(668, &haddr_local, IPPROTO_TCP));
1952 CuAssertTrue(tc, 0 == sh_portchk_blacklist(666, &haddr_local, IPPROTO_UDP));
1953 CuAssertTrue(tc, 0 != sh_portchk_blacklist(666, &haddr_local, IPPROTO_UDP));
1954 CuAssertTrue(tc, 0 == sh_portchk_blacklist(667, &haddr_local, IPPROTO_UDP));
1955 CuAssertTrue(tc, 0 == sh_portchk_blacklist(668, &haddr_local, IPPROTO_UDP));
1956
1957 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(668, &haddr_local, IPPROTO_UDP));
1958 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(667, &haddr_local, IPPROTO_UDP));
1959 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(666, &haddr_local, IPPROTO_UDP));
1960 CuAssertTrue(tc, 0 == sh_portchk_is_blacklisted(665, &haddr_local, IPPROTO_UDP));
1961
1962 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(668, &haddr_local, IPPROTO_TCP));
1963 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(667, &haddr_local, IPPROTO_TCP));
1964 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(666, &haddr_local, IPPROTO_TCP));
1965 CuAssertTrue(tc, 0 == sh_portchk_is_blacklisted(665, &haddr_local, IPPROTO_TCP));
1966#else
1967 (void) tc; /* fix compiler warning */
1968#endif
1969 return;
1970}
1971#endif
1972
1973#ifdef TEST_ONLY
1974
1975void usage (char * pname)
1976{
1977 printf ("%s [-r|--required interface:portlist][-o|--optional interface:portlist][--no-udp][-d|--debug] hostname\n\n", pname);
1978 printf (" Check local host for open ports; Version %s\n\n", PORTCHK_VERSION);
1979 printf (" Interface: Numeric address for an interface, e.g. 127.0.0.1\n");
1980 printf (" Portlist: List of ports or services, e.g. 22/tcp,nfs/udp,nlockmgr/udp\n");
1981 printf (" required -> must be open\n");
1982 printf (" optional -> may be open or closed\n");
1983 printf (" RPC services must be specified with service **name**, others with **port number**\n\n");
1984 printf (" Example:\n");
1985 printf (" %s --required 192.168.1.2:22/tcp,nfs/udp,nlockmgr/udp\n\n", pname);
1986 return;
1987}
1988
1989int main(int argc, char *argv[])
1990{
1991 char * pname = argv[0];
1992
1993
1994 /*
1995 test_lists();
1996
1997 portlist_tcp = sh_portchk_kill_list (portlist_tcp);
1998 portlist_udp = sh_portchk_kill_list (portlist_udp);
1999 */
2000
2001 /* sh_portchk_add_required ("127.0.0.1 : nlockmgr/tcp, 5308/tcp, nfs/tcp"); */
2002
2003 while (argc > 1 && argv[1][0] == '-')
2004 {
2005 if (0 == strcmp(argv[1], "--help") || 0 == strcmp(argv[1], "-h"))
2006 {
2007 usage(pname);
2008 exit (0);
2009 }
2010 else if (0 == strcmp(argv[1], "--required") || 0 == strcmp(argv[1], "-r"))
2011 {
2012 if (argc < 3)
2013 {
2014 usage(pname);
2015 exit (1);
2016 }
2017 sh_portchk_add_required (argv[2]);
2018 --argc; ++argv;
2019 }
2020 else if (0 == strcmp(argv[1], "--optional") || 0 == strcmp(argv[1], "-o"))
2021 {
2022 if (argc < 3)
2023 {
2024 usage(pname);
2025 exit (1);
2026 }
2027 sh_portchk_add_optional (argv[2]);
2028 --argc; ++argv;
2029 }
2030 else if (0 == strcmp(argv[1], "--no-udp"))
2031 {
2032 sh_portchk_check_udp = 0;
2033 }
2034 else if (0 == strcmp(argv[1], "--debug") || 0 == strcmp(argv[1], "-d"))
2035 {
2036 portchk_debug = 1;
2037 }
2038 else
2039 {
2040 usage(pname);
2041 exit (1);
2042 }
2043 --argc; ++argv;
2044 }
2045
2046 if (argc < 2)
2047 {
2048 usage(pname);
2049 exit (1);
2050 }
2051
2052 portchk_hostname = argv[1];
2053
2054 if (0 != sh_portchk_init ())
2055 {
2056 usage(pname);
2057 exit (1);
2058 }
2059
2060 sh_portchk_check();
2061
2062 return 0;
2063}
2064#endif
Note: See TracBrowser for help on using the repository browser.