WinInetd
WinInetd is a simple Windows service that offers the same (almost the same) functionalities that the Unix daemon inetd offers. The power of the Unix inetd is that it makes very simple for the developer to write network servers, since the server itself will do all its I/O through the standard input/output. This also makes it very easy to write portable network servers due to the complete absence inside the code of the networking code that usually is great part of the server core code. Both inetd and WinInetd are very simple and yet powerful. They read a configuration file that basically maps local TCP/IP ports to executable binary images and they listen on the user configured ports waiting for client connections. Once a connection is received they create the process linked to the connection port and they bind the connection socket to the standard input/output/error of the new process. The configuration file gives also the option to run the new process with the context of a user different from the one the service/daemon is currently running. This helps isolate the new process by giving a way to reduce the new process permissions and hence increase the security of the system. The server, by default, reads a configuration file named wininetd.conf inside the Windows directory but the command line option --cfgfile can be used to force the default value. The configuration file is very simple and it is composed by multiple lines following this format :
PORT USER:PASS CMDLINE
Where PORT is the port number the server has to listen for incoming connections, USER:PASS is the username and password separated by a colon ( : ) character and CMDLINE is the path of the binary image to be executed and its command line parameters. It is possible to not specify any user (and hence having the new process to run with the service user credentials) by specifying none as USER:PASS. The user specified (if present) as owner of the new process must have batch logon capabilities to have WinInetd to successfully call LogonUser() (it is possible to set the logon batch capability through the security policy editor available among the Administrator tools). Example of valid configuration lines are :
10002
davide:DamnYou c:\windows\system32\cmd.exe
10123
none
c:\echo\echocs.exe
-d -c 156
Every line that does not start with a digit is considered a comment, and either space or tab are valid separators between configuration line values. To install the service you can run :
wininetd --install
from a MS-DOS prompt of a user that have service manipulation rights. On the contrary, to remove the service, you can run :
wininetd --remove
Changes to the configuration file will become effective only when the server is restarted. It is also possible to run the service in debug mode by running :
wininetd --debug ...
from a MS-DOS prompt. The service also accept a few extra command line
parameters that you will be able to set through the Windows service
management
console :
--cfgfile
file = Sets the configuration
file path
--timeout nsecs
= Sets the default socket
timeout in seconds
--linger-timeout nsecs = Sets the socket close linger timeout
(default
60)
It is possible to examine log messages that WinInetd
produces
either through the MS-DOS prompt (when running in debug mode, see
above) or
through the Windows Event Viewer. The program that will be run by WinInetd
will find a few environment variables set to help recognizing the
client
connection :
CLIENT_IP
= Client IP address
CLIENT_PORT = Client PORT value
License and Software
WinInetd is made available through the GNU GPL license together with the complete sources. Please read carefully the license before using the software. The WinInetd service binary together with the full source is available here :