Initial repository (0.99 release tree)0.99

1 files changed, 455 insertions, 0 deletions

diff --git a/utils/bitlbeed.c b/utils/bitlbeed.c
new file mode 100644
index 00000000..b8db348e
--- /dev/null
+++ b/utils/bitlbeed.c
@@ -0,0 +1,455 @@
+/****************************************************************\
+*                                                                *
+*  bitlbeed.c                                                    *
+*                                                                *
+*  A tiny daemon to allow you to run The Bee as a non-root user  *
+*  (without access to /etc/inetd.conf or whatever)               *
+*                                                                *
+*  Copyright 2002-2004 Wilmer van der Gaast <lintux@debian.org>  *
+*                                                                *
+*  Licensed under the GNU General Public License                 *
+*                                                                *
+*  Modified by M. Dennis, 20040627                               *
+\****************************************************************/
+
+/* 
+   ChangeLog:
+   
+   2004-06-27: Added support for AF_LOCAL (UNIX domain) sockets
+               Renamed log to do_log to fix conflict warning
+               Changed protocol to 0 (6 is not supported?)
+               Added error check for socket()
+               Added a no-fork (debug) mode
+   2004-05-15: Added rate limiting
+   2003-12-26: Added the SO_REUSEADDR sockopt, logging and CPU-time limiting
+               for clients using setrlimit(), fixed the execv() call
+   2002-11-29: Added the timeout so old child processes clean up faster
+   2002-11-28: First version
+*/
+
+#define SELECT_TIMEOUT 2
+#define MAX_LOG_LEN 128
+
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <time.h>
+
+#include <sys/wait.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/resource.h>
+#include <sys/stat.h>
+
+#include <sys/un.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+typedef struct settings
+{
+	char local;
+	char debug;
+	char *interface;
+	signed int port;
+	
+	unsigned char max_conn;
+	int seconds;
+	
+	int rate_seconds;
+	int rate_times;
+	int rate_ignore;
+	
+	char **call;
+} settings_t;
+
+typedef struct ipstats
+{
+	unsigned int ip;
+	
+	time_t rate_start;
+	int rate_times;
+	time_t rate_ignore;
+	
+	struct ipstats *next;
+} ipstats_t;
+
+FILE *logfile;
+ipstats_t *ipstats;
+
+settings_t *set_load( int argc, char *argv[] );
+void do_log( char *fmt, ... );
+ipstats_t *ip_get( char *ip_txt );
+
+int main( int argc, char *argv[] )
+{
+	const int rebind_on = 1;
+	settings_t *set;
+	
+	int serv_fd, serv_len;
+	struct sockaddr_in serv_addr;
+	struct sockaddr_un local_addr;
+	
+	pid_t st;
+	
+	if( !( set = set_load( argc, argv ) ) )
+		return( 1 );
+	
+	if( !logfile )
+		if( !( logfile = fopen( "/dev/null", "w" ) ) )
+		{
+			perror( "fopen" );
+			return( 1 );
+		}
+	
+	fcntl( fileno( logfile ), F_SETFD, FD_CLOEXEC );
+	
+	if( set->local )
+		serv_fd = socket( PF_LOCAL, SOCK_STREAM, 0 );
+	else
+		serv_fd = socket( PF_INET, SOCK_STREAM, 0 );
+	if( serv_fd < 0 )
+	{
+		perror( "socket" );
+		return( 1 );
+	}
+	setsockopt( serv_fd, SOL_SOCKET, SO_REUSEADDR, &rebind_on, sizeof( rebind_on ) );
+	fcntl( serv_fd, F_SETFD, FD_CLOEXEC );
+	if (set->local) {
+		local_addr.sun_family = AF_LOCAL;
+		strncpy( local_addr.sun_path, set->interface, sizeof( local_addr.sun_path ) - 1 );
+		local_addr.sun_path[sizeof( local_addr.sun_path ) - 1] = '\0';
+		
+		/* warning - don't let untrusted users run this program if it
+		   is setuid/setgid! Arbitrary file deletion risk! */
+		unlink( set->interface );
+		if( bind( serv_fd, (struct sockaddr *) &local_addr, SUN_LEN( &local_addr ) ) != 0 )
+		{
+			perror( "bind" );
+			return( 1 );
+		}
+		chmod( set->interface, S_IRWXO|S_IRWXG|S_IRWXU );
+
+	} else {
+		serv_addr.sin_family = AF_INET;
+		serv_addr.sin_addr.s_addr = inet_addr( set->interface );
+		serv_addr.sin_port = htons( set->port );
+		serv_len = sizeof( serv_addr );
+	
+		if( bind( serv_fd, (struct sockaddr *) &serv_addr, serv_len ) != 0 )
+		{
+			perror( "bind" );
+			return( 1 );
+		}
+	}
+	
+	if( listen( serv_fd, set->max_conn ) != 0 )
+	{
+		perror( "listen" );
+		return( 1 );
+	}
+	
+	if ( ! set->debug ) {
+		st = fork();
+		if( st < 0 )
+		{
+			perror( "fork" );
+			return( 1 );
+		}
+		else if( st > 0 )
+		{
+			return( 0 );
+		}
+		
+		setsid();
+		close( 0 );
+		close( 1 );
+		close( 2 );
+	}
+	
+	do_log( "bitlbeed running" );
+	
+	/* The Daemon */
+	while( 1 )
+	{
+		int cli_fd, cli_len, i, st;
+		struct sockaddr_in cli_addr;
+		struct sockaddr_un cli_local;
+		ipstats_t *ip;
+		char *cli_txt;
+		pid_t child;
+		
+		static int running = 0;
+		
+		fd_set rd;
+		struct timeval tm;
+		
+		/* accept() only returns after someone connects. To clean up old
+		   processes (by running waitpid()) it's better to use select()
+		   with a timeout. */
+		FD_ZERO( &rd );
+		FD_SET( serv_fd, &rd );
+		tm.tv_sec = SELECT_TIMEOUT;
+		tm.tv_usec = 0;
+		if( select( serv_fd + 1, &rd, NULL, NULL, &tm ) > 0 )
+		{
+			if (set->local) {
+				cli_len = SUN_LEN( &cli_local );
+				cli_fd = accept( serv_fd, (struct sockaddr *) &cli_local, &cli_len );
+				cli_txt = "127.0.0.1";
+			} else {
+				cli_len = sizeof( cli_addr );
+				cli_fd = accept( serv_fd, (struct sockaddr *) &cli_addr, &cli_len );
+				cli_txt = inet_ntoa( cli_addr.sin_addr );
+			}
+			
+			ip = ip_get( cli_txt );
+			
+			if( set->rate_times == 0 || time( NULL ) > ip->rate_ignore )
+			{
+				/* We want this socket on stdout and stderr too! */
+				dup( cli_fd ); dup( cli_fd );
+				
+				if( ( child = fork() ) == 0 )
+				{
+					if( set->seconds )
+					{
+						struct rlimit li;
+						
+						li.rlim_cur = (rlim_t) set->seconds;
+						li.rlim_max = (rlim_t) set->seconds + 1;
+						setrlimit( RLIMIT_CPU, &li );
+					}
+					execv( set->call[0], set->call );
+					do_log( "Error while executing %s!", set->call[0] );
+					return( 1 );
+				}
+				
+				running ++;
+				close( 0 );
+				close( 1 );
+				close( 2 );
+				
+				do_log( "Started child process for client %s (PID=%d), got %d clients now", cli_txt, child, running );
+				
+				if( time( NULL ) < ( ip->rate_start + set->rate_seconds ) )
+				{
+					ip->rate_times ++;
+					if( ip->rate_times >= set->rate_times )
+					{
+						do_log( "Client %s crossed the limit; ignoring for the next %d seconds", cli_txt, set->rate_ignore );
+						ip->rate_ignore = time( NULL ) + set->rate_ignore;
+						ip->rate_start = 0;
+					}
+				}
+				else
+				{
+					ip->rate_start = time( NULL );
+					ip->rate_times = 1;
+				}
+			}
+			else
+			{
+				do_log( "Ignoring connection from %s", cli_txt );
+				close( cli_fd );
+			}
+		}
+		
+		/* If the max. number of connection is reached, don't accept
+		   new connections until one expires -> Not always WNOHANG
+		   
+		   Cleaning up child processes is a good idea anyway... :-) */
+		while( ( i = waitpid( 0, &st, ( ( running < set->max_conn ) || ( set->max_conn == 0 ) ) ? WNOHANG : 0 ) ) > 0 )
+		{
+			running --;
+			if( WIFEXITED( st ) )
+			{
+				do_log( "Child process (PID=%d) exited normally with status %d. %d Clients left now",
+				     i, WEXITSTATUS( st ), running );
+			}
+			else if( WIFSIGNALED( st ) )
+			{
+				do_log( "Child process (PID=%d) killed by signal %d. %d Clients left now",
+				     i, WTERMSIG( st ), running );
+			}
+			else
+			{
+				/* Should not happen AFAIK... */
+				do_log( "Child process (PID=%d) stopped for unknown reason, %d clients left now",
+				     i, running );
+			}
+		}
+	}
+	
+	return( 0 );
+}
+
+settings_t *set_load( int argc, char *argv[] )
+{
+	settings_t *set;
+	int opt, i;
+	
+	set = malloc( sizeof( settings_t ) );
+	memset( set, 0, sizeof( settings_t ) );
+	set->interface = NULL;		/* will be filled in later */
+	set->port = 6667;
+	set->local = 0;
+	set->debug = 0;
+	
+	set->rate_seconds = 600;
+	set->rate_times = 5;
+	set->rate_ignore = 900;
+	
+	while( ( opt = getopt( argc, argv, "i:p:n:t:l:r:hud" ) ) >= 0 )
+	{
+		if( opt == 'i' )
+		{
+			set->interface = strdup( optarg );
+		}
+		else if( opt == 'p' )
+		{
+			if( ( sscanf( optarg, "%d", &i ) != 1 ) || ( i <= 0 ) || ( i > 65535 ) )
+			{
+				fprintf( stderr, "Invalid port number: %s\n", optarg );
+				return( NULL );
+			}
+			set->port = i;
+		}
+		else if( opt == 'n' )
+		{
+			if( ( sscanf( optarg, "%d", &i ) != 1 ) || ( i < 0 ) )
+			{
+				fprintf( stderr, "Invalid number of connections: %s\n", optarg );
+				return( NULL );
+			}
+			set->max_conn = i;
+		}
+		else if( opt == 't' )
+		{
+			if( ( sscanf( optarg, "%d", &i ) != 1 ) || ( i < 0 ) || ( i > 600 ) )
+			{
+				fprintf( stderr, "Invalid number of seconds: %s\n", optarg );
+				return( NULL );
+			}
+			set->seconds = i;
+		}
+		else if( opt == 'l' )
+		{
+			if( !( logfile = fopen( optarg, "a" ) ) )
+			{
+				perror( "fopen" );
+				fprintf( stderr, "Error opening logfile, giving up.\n" );
+				return( NULL );
+			}
+			setbuf( logfile, NULL );
+		}
+		else if( opt == 'r' )
+		{
+			if( sscanf( optarg, "%d,%d,%d", &set->rate_seconds, &set->rate_times, &set->rate_ignore ) != 3 )
+			{
+				fprintf( stderr, "Invalid argument to -r.\n" );
+				return( NULL );
+			}
+		}
+		else if( opt == 'u' )
+			set->local = 1;
+		else if( opt == 'd' )
+			set->debug = 1;
+		else if( opt == 'h' )
+		{
+			printf( "Usage: %s [-i <interface>] [-p <port>] [-n <num>] [-r x,y,z] ...\n"
+			        "          ... <command> <args...>\n"
+			        "A simple inetd-like daemon to have a program listening on a TCP socket without\n"
+			        "needing root access to the machine\n"
+			        "\n"
+			        "  -i  Specify the interface (by IP address) to listen on.\n"
+			        "      (Default: 0.0.0.0 (any interface))\n"
+			        "  -p  Port number to listen on. (Default: 6667)\n"
+			        "  -n  Maximum number of connections. (Default: 0 (unlimited))\n"
+			        "  -t  Specify the maximum number of CPU seconds per process.\n"
+			        "      (Default: 0 (unlimited))\n"
+			        "  -l  Specify a logfile. (Default: none)\n"
+			        "  -r  Rate limiting: Ignore a host for z seconds when it connects for more\n"
+			        "      than y times in x seconds. (Default: 600,5,900. Disable: 0,0,0)\n"
+				"  -u  Use a local socket, by default /tmp/bitlbee (override with -i <filename>)\n"
+				"  -d  Don't fork for listening (for debugging purposes)\n"
+			        "  -h  This information\n", argv[0] );
+			return( NULL );
+		}
+	}
+	
+	if( set->interface == NULL )
+		set->interface = (set->local) ? "/tmp/bitlbee" : "0.0.0.0";
+	
+	if( optind == argc )
+	{
+		fprintf( stderr, "Missing program parameter!\n" );
+		return( NULL );
+	}
+	
+	/* The remaining arguments are the executable and its arguments */
+	set->call = malloc( ( argc - optind + 1 ) * sizeof( char* ) );
+	memcpy( set->call, argv + optind, sizeof( char* ) * ( argc - optind ) );
+	set->call[argc-optind] = NULL;
+	
+	return( set );
+}
+
+void do_log( char *fmt, ... )
+{
+	va_list params;
+	char line[MAX_LOG_LEN];
+	time_t tm;
+	int l;
+	
+	memset( line, 0, MAX_LOG_LEN );
+	
+	tm = time( NULL );
+	strcpy( line, ctime( &tm ) );
+	l = strlen( line );
+	line[l-1] = ' ';
+	
+	va_start( params, fmt );
+	vsnprintf( line + l, MAX_LOG_LEN - l - 2, fmt, params );
+	va_end( params );
+	strcat( line, "\n" );
+	
+	fprintf( logfile, "%s", line );
+}
+
+ipstats_t *ip_get( char *ip_txt )
+{
+	unsigned int ip;
+	ipstats_t *l;
+	int p[4];
+	
+	sscanf( ip_txt, "%d.%d.%d.%d", p + 0, p + 1, p + 2, p + 3 );
+	ip = ( p[0] << 24 ) | ( p[1] << 16 ) | ( p[2] << 8 ) | ( p[3] );
+	
+	for( l = ipstats; l; l = l->next )
+	{
+		if( l->ip == ip )
+			return( l );
+	}
+	
+	if( ipstats )
+	{
+		for( l = ipstats; l->next; l = l->next );
+		
+		l->next = malloc( sizeof( ipstats_t ) );
+		l = l->next;
+	}
+	else
+	{
+		l = malloc( sizeof( ipstats_t ) );
+		ipstats = l;
+	}
+	memset( l, 0, sizeof( ipstats_t ) );
+	
+	l->ip = ip;
+	
+	return( l );
+}