Pejman Moghadam / Slackware

Slackware 13.1 - Using DJB tcpserver (ucspi-tcp-0.88)

Public Domain

Simple Test

tcpserver -v -RHl0 127.0.0.1 2023 sh -c "echo 'Go away......'"
telnet 127.0.0.1 2023

Daytime server

adding group and users

groupadd nofiles
useradd -g nofiles -d /nonexistent -s /nonexistent multilog
useradd -g nofiles -d /nonexistent -s /nonexistent daytime

making directories

mkdir -p /var/svc.d/daytime/log
mkdir -p /var/multilog/daytime
mkdir -p /etc/tcprules/
chown multilog /var/multilog/daytime

/var/svc.d/daytime/run

#!/bin/sh

USRID=$(id -u daytime)
GRPID=$(id -g nofiles)
CONLIMIT=100
PORT=13
LOCALNAME=0
MEMORY=4000000
ACL="/etc/tcprules/daytime.cdb"

exec 2>&1
exec softlimit -m${MEMORY} \
    tcpserver -v -RH -l0 \
    -u "$USRID" -g "$GRPID" \
    -c ${CONLIMIT} -x ${ACL} \
    ${LOCALNAME} ${PORT} date

/var/svc.d/daytime/log/run

#!/bin/sh
# howdyd/log/run
# logging service for howdyd daemon
exec setuidgid multilog multilog t /var/multilog/daytime

/etc/tcprules/daytime.rules

127.0.0.1:allow
:deny

Commands

cd /etc/tcprules
tcprules daytime.cdb daytime.tmp < daytime.rules
chmod 444 daytime.cdb

Start service

ln -s /var/svc.d/daytime /service/daytime

log checking

tail -f /var/multilog/daytime/current | tai64nlocal
tai64nlocal < /var/multilog/daytime/current

Error checking

ps -axww | grep super

connecting

date@

/usr/local/bin/tcpclient -RHl0 -- "${1-0}" 13 sh -c 'exec /usr/local/bin/delcr <&6' | cat -v

howdyd

adding group and users

groupadd nofiles
useradd -g nofiles -d /nonexistent -s /nonexistent multilog
useradd -g nofiles -d /nonexistent -s /nonexistent howdyd

checking /etc/group

nofiles:x:1001:

checking /etc/passwd

multilog:x:1002:1001::/nonexistent:/nonexistent
howdyd:x:1003:1001::/nonexistent:/nonexistent

Commands

mkdir -p /var/svc.d/howdyd/log

/var/svc.d/howdyd/howdyd.sh

#!/bin/sh
# howdyd.sh
# a howdy daemon
echo "Hi there!"
exit 0
### that's all, folks!

/var/svc.d/howdyd/run

#!/bin/sh
# howdyd/run
# daemontools run script for howdyd service
CONLIMIT=13
PORT=1789
LOCALNAME=0
MEMORY=4000000
exec 2>&1
exec setuidgid howdyd softlimit -m${MEMORY} \
    tcpserver -v -rh -l${LOCALNAME} \
    -c ${CONLIMIT} \
    -x /etc/tcprules/howdy.cdb \
    ${LOCALNAME} ${PORT} \
        ./howdyd.sh

/var/svc.d/howdyd/log/run

#!/bin/sh
# howdyd/log/run
# logging service for howdyd daemon
exec setuidgid multilog multilog t /var/multilog/howdyd

Commands

cd /var/svc.d/howdyd/
chmod +x run
chmod +x log/run
chmod +x howdyd.sh
mkdir -p /var/multilog/howdyd
chown multilog /var/multilog/howdyd

Commands

mkdir -p /etc/tcprules/

/etc/tcprules/howdy.rules

# howdy.rules
127.:allow
10.0.:allow,SOMEVAR="somevalue"
:deny

Commands

cd /etc/tcprules
tcprules howdy.cdb howdy.tmp < howdy.rules
chmod 444 howdy.cdb

Start service

ln -s /var/svc.d/howdyd /service/howdyd

log checking

tail -f /var/multilog/howdyd/current | tai64nlocal

Error checking

ps -axww | grep super

connecting

telnet 127.0.0.1 1789
tcpcat 127.0.0.1 1789

/var/svc.d/howdyd/howdyd.sh

#!/bin/sh
# howdyd.sh
# a howdy daemon
# ===
echo "*** A visitor from ${TCPREMOTEIP}!" >&2
echo "Hi there!  Welcome to `hostname`!"
echo "The time here: `date`"
echo "Our uptime is: `uptime`"
echo
echo "The howdyd environment:"
printenv | sort
echo
echo "The howdyd user:"
who -Hm
echo
echo "Our users:"
w -h
echo
/usr/games/fortune
echo "Bye!"
echo "*** The visitor from ${TCPREMOTEIP} departs!" >&2
exit 0
### that's all, folks!

Service Restart

svc -t /service/howdyd

log check

tail -f /var/multilog/howdyd/current | tai64nlocal

Disabling howdyd service

svc  -d /service/howdyd
rm /service/howdyd

Comments

Change setuidgid to envuidgid in the run script. What happens differently?

Set up the server to run on a port number less than 1024, say 981. Leaving the setuidgid invocation in the run script, what happens? Then change setuidgid to envuidgid. Now what happens? Why does the port number matter?

How can you arrange to run this service as a non-priveleged user even when using a priveleged port?

Decrease the softlimit parameters until the run script croaks. What messages appear in the log?

Remove the execute bits on the run script, with chmod 644 run. What happens in the log? What happens when you fix the problem, with chmod 755 run?

Experiment with the data gathering options to tcpserver. How do these affect the $TCP* environmental variables and the log output? How do these affect the latency (that is, the time required) to service remote connections?

Play with different access rules in /etc/tcprules/howdy.rules. Are there funner things you can make the script do, setting up different environmental variables depending on the client?

Of course, howdyd.sh doesn't have to be a shell script, either. Use your favorite language, Perl, Python, Ruby. Why, you could write your server using C!

links

http://www.bytereef.org/howto/djb/daytime-server.html
http://thedjbway.b0llix.net/ucspi-tcp/howdyd_1.html
http://thedjbway.b0llix.net/ucspi-tcp/howdyd_2.html

BY: Pejman Moghadam
TAG: tcpserver, ucspi-tcp, djb
DATE: 2013-05-22 15:11:27

Pejman Moghadam / Slackware [ TXT ]