3 * $Id: fw.c,v 1.9 2001/01/20 11:55:17 mdw Exp $
5 * Port forwarding thingy
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of the `fw' port forwarder.
14 * `fw' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * `fw' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with `fw'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.9 2001/01/20 11:55:17 mdw
33 * Handle select errors more robustly.
35 * Revision 1.8 2000/03/23 23:19:19 mdw
36 * Fix changed options in parser table.
38 * Revision 1.7 2000/03/23 00:37:33 mdw
39 * Add option to change user and group after initialization. Naughtily
40 * reassign short equivalents of --grammar and --options.
42 * Revision 1.6 1999/12/22 15:44:10 mdw
43 * Make syslog a separate option, and do it better.
45 * Revision 1.5 1999/10/22 22:47:50 mdw
46 * Grammar changes. Also, don't enable SIGINT if it's currently ignored.
48 * Revision 1.4 1999/10/10 16:46:12 mdw
49 * New resolver to initialize. Also, include options for grammar and
52 * Revision 1.3 1999/07/26 23:30:42 mdw
53 * Major reconstruction work for new design.
55 * Revision 1.2 1999/07/03 13:55:17 mdw
56 * Various changes. Add configuration grammar to help text. Change to
57 * root directory and open syslog when forking into background.
59 * Revision 1.1.1.1 1999/07/01 08:56:23 mdw
64 /*----- Header files ------------------------------------------------------*/
83 #include <mLib/bres.h>
84 #include <mLib/dstr.h>
85 #include <mLib/mdwopt.h>
86 #include <mLib/quis.h>
87 #include <mLib/report.h>
100 /*----- Global variables --------------------------------------------------*/
102 sel_state
*sel
; /* Multiplexor for nonblocking I/O */
104 /*----- Static variables --------------------------------------------------*/
106 static unsigned flags
= 0; /* Global state flags */
107 static unsigned active
= 0; /* Number of active things */
113 /*----- Main code ---------------------------------------------------------*/
115 /* --- @fw_log@ --- *
117 * Arguments: @time_t t@ = when the connection occurred or (@-1@)
118 * @const char *fmt@ = format string to fill in
119 * @...@ = other arguments
123 * Use: Logs a connection.
126 void fw_log(time_t t
, const char *fmt
, ...)
132 if (flags
& FW_QUIET
)
139 d
.len
+= strftime(d
.buf
, d
.sz
, "%Y-%m-%d %H:%M:%S ", tm
);
141 dstr_vputf(&d
, fmt
, ap
);
143 if (flags
& FW_SYSLOG
)
144 syslog(LOG_NOTICE
, "%s", d
.buf
);
147 dstr_write(&d
, stderr
);
152 /* --- @fw_inc@, @fw_dec@ --- *
158 * Use: Increments or decrements the active thing count. `fw' won't
159 * quit while there are active things.
162 void fw_inc(void) { flags
|= FW_SET
; active
++; }
163 void fw_dec(void) { if (active
) active
--; }
165 /* --- @fw_exit@ --- *
171 * Use: Exits when appropriate.
174 static void fw_exit(void)
180 /* --- @fw_tidy@ --- *
182 * Arguments: @int n@ = signal number
183 * @void *p@ = an uninteresting argument
187 * Use: Handles various signals and causes a clean tidy-up.
190 static void fw_tidy(int n
, void *p
)
192 const char *sn
= "unexpected signal (bug!)";
195 else if (n
== SIGINT
)
198 fw_log(-1, "closing down on %s", sn
);
202 /* --- Standard GNU help options --- */
204 static void version(FILE *fp
)
206 pquis(fp
, "$ version " VERSION
"\n");
209 static void usage(FILE *fp
)
211 pquis(fp
, "Usage: $ [-dql] [-f file] [config statements...]\n");
214 static void help(FILE *fp
)
220 An excessively full-featured port-forwarder, which subsumes large chunks\n\
221 of the functionality of inetd, netcat, and normal cat. Options available\n\
224 -h, --help Display this help message.\n\
225 -v, --version Display the program's version number.\n\
226 -u, --usage Display a terse usage summary.\n\
228 -G, --grammar Show a summary of the configuration language.\n\
229 -O, --options Show a summary of the source and target options.\n\
231 -f, --file=FILE Read configuration from a file.\n\
232 -q, --quiet Don't emit any logging information.\n\
233 -d, --daemon Fork into background after initializing.\n\
234 -l, --syslog Send log output to the system logger.\n\
235 -s, --setuid=USER Change uid to USER after initializing sources.\n\
236 -g, --setgid=GRP Change gid to GRP after initializing sources.\n\
238 Configuration may be supplied in one or more configuration files, or on\n\
239 the command line (or both). If no `-f' option is present, and no\n\
240 configuration is given on the command line, the standard input stream is\n\
243 Configuration is free-form. Comments begin with a `#' character and\n\
244 continue to the end of the line. Each command line argument is considered\n\
245 to be a separate line.\n\
247 The grammar is fairly complicated. For a summary, run `$ --grammar'.\n\
248 For a summary of the various options, run `$ --options'.\n\
252 /* --- Other helpful options --- */
254 static void grammar(FILE *fp
)
261 file ::= empty | file stmt [`;']\n\
262 stmt ::= option-stmt | fw-stmt\n\
263 fw-stmt ::= `fw' source options [`to'|`->'] target options\n\
264 options ::= `{' option-seq `}'\n\
265 option-seq ::= empty | option-stmt [`;'] option-seq\n\
268 option-stmt ::= q-option\n\
269 q-option ::= option\n\
270 | prefix `.' q-option\n\
271 | prefix `{' option-seq `}'\n\
274 File source and target\n\
277 file ::= `file' [`.'] fspec [`,' fspec]\n\
278 fspec ::= fd-spec | name-spec | null-spec\n\
279 fd-spec ::= [[`:']`fd'[`:']] number|`stdin'|`stdout'\n\
280 name-spec ::= [[`:']`file'[`:']] file-name\n\
281 file-name ::= path-seq | [ path-seq ]\n\
282 path-seq ::= path-elt | path-seq path-elt\n\
283 path-elt ::= `/' | word\n\
284 null-spec ::= [`:']`null'[`:']\n\
286 Exec source and target\n\
289 exec ::= `exec' [`.'] cmd-spec\n\
290 cmd-spec ::= shell-cmd | [prog-name] `[' argv0 arg-seq `]'\n\
291 arg-seq ::= word | arg-seq word\n\
292 shell-cmd ::= word\n\
295 Socket source and target\n\
296 source ::= socket-source\n\
297 target ::= socket-target\n\
298 socket-source ::= [`socket'[`.']] [[`:']addr-type[`:']] source-addr\n\
299 socket-target ::= [`socket'[`.']] [[`:']addr-type[`:']] target-addr\n\
301 inet-source-addr ::= [port] port\n\
302 inet-target-addr ::= address [`:'] port\n\
303 address ::= addr-elt | address addr-elt\n\
304 addr-elt ::= `.' | word\n\
306 unix-source-addr ::= file-name\n\
307 unix-target-addr ::= file-name\n\
311 static void options(FILE *fp
)
317 File attributes (`fattr')\n\
318 prefix.fattr.mode [=] mode\n\
319 prefix.fattr.owner [=] user\n\
320 prefix.fattr.group [=] group\n\
323 file.create [=] yes|no\n\
324 file.open [=] no|truncate|append\n\
328 exec.logging [=] yes|no\n\
329 exec.dir [=] file-name\n\
330 exec.root [=] file-name\n\
331 exec.user [=] user\n\
332 exec.group [=] group\n\
333 exec.rlimit.limit[.hard|.soft] [=] value\n\
335 exec.env.unset var\n\
336 exec.env.[set] var [=] value\n\
339 socket.conn [=] number|unlimited|one-shot\n\
340 socket.logging [=] yes|no\n\
341 socket.inet.[allow|deny] [from] address [/ address]\n\
342 socket.unix.fattr.*\n\
348 * Arguments: @int argc@ = number of command line arguments
349 * @char *argv[]@ = vector of argument strings
353 * Use: Simple port-forwarding server.
356 int main(int argc
, char *argv
[])
372 /* --- Initialize things --- */
382 fattr_init(&fattr_global
);
385 /* --- Set up some signal handlers --- *
387 * Don't enable @SIGINT@ if the caller already disabled it.
393 sig_add(&s_term
, SIGTERM
, fw_tidy
, 0);
394 sigaction(SIGINT
, 0, &sa
);
395 if (sa
.sa_handler
!= SIG_IGN
)
396 sig_add(&s_int
, SIGINT
, fw_tidy
, 0);
401 /* --- Parse command line options --- */
404 static struct option opts
[] = {
406 /* --- Standard GNU help options --- */
408 { "help", 0, 0, 'h' },
409 { "version", 0, 0, 'v' },
410 { "usage", 0, 0, 'u' },
412 /* --- Other help options --- */
414 { "grammar", 0, 0, 'G' },
415 { "options", 0, 0, 'O' },
417 /* --- Other useful arguments --- */
419 { "file", OPTF_ARGREQ
, 0, 'f' },
420 { "fork", 0, 0, 'd' },
421 { "daemon", 0, 0, 'd' },
422 { "syslog", 0, 0, 'l' },
423 { "log", 0, 0, 'l' },
424 { "quiet", 0, 0, 'q' },
425 { "setuid", OPTF_ARGREQ
, 0, 's' },
426 { "uid", OPTF_ARGREQ
, 0, 's' },
427 { "setgid", OPTF_ARGREQ
, 0, 'g' },
428 { "gid", OPTF_ARGREQ
, 0, 'g' },
430 /* --- Magic terminator --- */
434 int i
= mdwopt(argc
, argv
, "+hvu GO f:dls:g:", opts
, 0, 0, 0);
460 if (strcmp(optarg
, "-") == 0)
461 scan_add(&sc
, scan_file(stdin
, "<stdin>", SCF_NOCLOSE
));
464 if ((fp
= fopen(optarg
, "r")) == 0)
465 die(1, "couldn't open file `%s': %s", optarg
, strerror(errno
));
466 scan_add(&sc
, scan_file(fp
, optarg
, 0));
480 if (isdigit((unsigned char )optarg
[0])) {
482 drop
= strtol(optarg
, &q
, 0);
484 die(1, "bad uid `%s'", optarg
);
486 struct passwd
*pw
= getpwnam(optarg
);
488 die(1, "unknown user `%s'", optarg
);
493 if (isdigit((unsigned char )optarg
[0])) {
495 dropg
= strtol(optarg
, &q
, 0);
497 die(1, "bad gid `%s'", optarg
);
499 struct group
*gr
= getgrnam(optarg
);
501 die(1, "unknown group `%s'", optarg
);
516 /* --- Deal with the remaining arguments --- */
519 scan_add(&sc
, scan_argv(argv
+ optind
));
522 else if (!isatty(STDIN_FILENO
))
523 scan_add(&sc
, scan_file(stdin
, "<stdin>", SCF_NOCLOSE
));
525 moan("no configuration given and stdin is a terminal.");
526 moan("type `%s --help' for usage information.", QUIS
);
530 /* --- Parse the configuration now gathered --- */
534 /* --- Drop privileges --- */
536 #ifdef HAVE_SETGROUPS
537 if ((dropg
!= -1 && (setgid(dropg
) || setgroups(1, &dropg
))) ||
538 (drop
!= -1 && setuid(drop
)))
539 die(1, "couldn't drop privileges: %s", strerror(errno
));
541 if ((dropg
!= -1 && setgid(dropg
)) ||
542 (drop
!= -1 && setuid(drop
)))
543 die(1, "couldn't drop privileges: %s", strerror(errno
));
546 /* --- Fork into the background --- */
553 die(1, "couldn't fork: %s", strerror(errno
));
557 close(0); close(1); close(2);
568 openlog(QUIS
, 0, LOG_DAEMON
);
571 /* --- Let rip --- */
573 if (!(flags
& FW_SET
))
574 moan("nothing to do!");
575 signal(SIGPIPE
, SIG_IGN
);
580 if (!sel_select(sel
))
583 fw_log(-1, "error from select: %s", strerror(errno
));
586 fw_log(-1, "too many consecutive select errors: bailing out");
596 /*----- That's all, folks -------------------------------------------------*/