int _des_crypt_call(char *buf, int len, struct desparams *dparms) { CLIENT *clnt; desresp *result_1; desargs des_crypt_1_arg; struct netconfig *nconf; void *localhandle; int stat; nconf = NULL; localhandle = setnetconfig(); while ((nconf = getnetconfig(localhandle)) != NULL) { if (nconf->nc_protofmly != NULL && strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) break; } if (nconf == NULL) { warnx("getnetconfig: %s", nc_sperror()); endnetconfig(localhandle); return(DESERR_HWERROR); } clnt = clnt_tp_create(NULL, CRYPT_PROG, CRYPT_VERS, nconf); if (clnt == (CLIENT *) NULL) { endnetconfig(localhandle); return(DESERR_HWERROR); } endnetconfig(localhandle); des_crypt_1_arg.desbuf.desbuf_len = len; des_crypt_1_arg.desbuf.desbuf_val = buf; des_crypt_1_arg.des_dir = (dparms->des_dir == ENCRYPT) ? ENCRYPT_DES : DECRYPT_DES; des_crypt_1_arg.des_mode = (dparms->des_mode == CBC) ? CBC_DES : ECB_DES; bcopy(dparms->des_ivec, des_crypt_1_arg.des_ivec, 8); bcopy(dparms->des_key, des_crypt_1_arg.des_key, 8); result_1 = des_crypt_1(&des_crypt_1_arg, clnt); if (result_1 == (desresp *) NULL) { clnt_destroy(clnt); return(DESERR_HWERROR); } stat = result_1->stat; if (result_1->stat == DESERR_NONE || result_1->stat == DESERR_NOHWDEVICE) { bcopy(result_1->desbuf.desbuf_val, buf, len); bcopy(result_1->des_ivec, dparms->des_ivec, 8); } clnt_freeres(clnt, (xdrproc_t)xdr_desresp, result_1); clnt_destroy(clnt); return(stat); }
static int TRANS(TLIAddrToNetbuf)(int tlifamily, char *host, char *port, struct netbuf *netbufp) { struct netconfig *netconfigp; struct nd_hostserv nd_hostserv; struct nd_addrlist *nd_addrlistp = NULL; void *handlep; long lport; prmsg(3,"TLIAddrToNetbuf(%d,%s,%s)\n", tlifamily, host, port ); if( (handlep=setnetconfig()) == NULL ) return -1; lport = strtol (port, (char**)NULL, 10); if (lport < 1024 || lport > USHRT_MAX) return -1; nd_hostserv.h_host = host; if( port && *port ) { nd_hostserv.h_serv = port; } else { nd_hostserv.h_serv = NULL; } while( (netconfigp=getnetconfig(handlep)) != NULL ) { if( strcmp(netconfigp->nc_protofmly, TLItrans2devtab[tlifamily].protofamily) != 0 ) continue; prmsg(5,"TLIAddrToNetbuf: Trying to resolve %s.%s for %s\n", host, port, TLItrans2devtab[tlifamily].protofamily ); if( netdir_getbyname(netconfigp,&nd_hostserv, &nd_addrlistp) == 0 ) { /* we have at least one address to use */ prmsg(5, "TLIAddrToNetbuf: found address for %s.%s\n", host, port); prmsg(5, "TLIAddrToNetbuf: %s\n",taddr2uaddr(netconfigp,nd_addrlistp->n_addrs)); memcpy(netbufp->buf,nd_addrlistp->n_addrs->buf, nd_addrlistp->n_addrs->len); netbufp->len=nd_addrlistp->n_addrs->len; endnetconfig(handlep); return 0; } } endnetconfig(handlep); return -1; }
/* * Set up the NFS service over all the available transports. * Returns -1 for failure, 0 for success. */ int do_all(struct protob *protobp, int (*svc)(int, struct netbuf, struct netconfig *)) { struct netconfig *nconf; NCONF_HANDLE *nc; int l; if ((nc = setnetconfig()) == (NCONF_HANDLE *)NULL) { syslog(LOG_ERR, "setnetconfig failed: %m"); return (-1); } l = strlen(NC_UDP); while (nconf = getnetconfig(nc)) { if ((nconf->nc_flag & NC_VISIBLE) && strcmp(nconf->nc_protofmly, NC_LOOPBACK) != 0 && OK_TPI_TYPE(nconf) && (protobp->program != NFS4_CALLBACK || strncasecmp(nconf->nc_proto, NC_UDP, l) != 0)) do_one(nconf->nc_device, nconf->nc_proto, protobp, svc); } (void) endnetconfig(nc); return (0); }
/* * find the IP address that can be used to connect to the local host */ void amu_get_myaddress(struct in_addr *iap, const char *preferred_localhost) { int ret; voidp handlep; struct netconfig *ncp; struct nd_addrlist *addrs = (struct nd_addrlist *) NULL; struct nd_hostserv service; handlep = setnetconfig(); ncp = getnetconfig(handlep); service.h_host = (preferred_localhost ? (char *) preferred_localhost : HOST_SELF_CONNECT); service.h_serv = (char *) NULL; ret = netdir_getbyname(ncp, &service, &addrs); if (ret || !addrs || addrs->n_cnt < 1) { plog(XLOG_FATAL, "cannot get local host address. using 127.0.0.1"); iap->s_addr = htonl(INADDR_LOOPBACK); } else { /* * XXX: there may be more more than one address for this local * host. Maybe something can be done with those. */ struct sockaddr_in *sinp = (struct sockaddr_in *) addrs->n_addrs[0].buf; char dq[20]; if (preferred_localhost) plog(XLOG_INFO, "localhost_address \"%s\" requested, using %s", preferred_localhost, inet_dquad(dq, sizeof(dq), iap->s_addr)); iap->s_addr = sinp->sin_addr.s_addr; /* XXX: used to be htonl() */ } endnetconfig(handlep); /* free's up internal resources too */ netdir_free((voidp) addrs, ND_ADDRLIST); }
static void nfsd_enable_protos(unsigned int *proto4, unsigned int *proto6) { struct netconfig *nconf; unsigned int *famproto; void *handle; xlog(D_GENERAL, "Checking netconfig for visible protocols."); handle = setnetconfig(); while((nconf = getnetconfig(handle))) { if (!(nconf->nc_flag & NC_VISIBLE)) continue; if (!strcmp(nconf->nc_protofmly, NC_INET)) famproto = proto4; else if (!strcmp(nconf->nc_protofmly, NC_INET6)) famproto = proto6; else continue; if (!strcmp(nconf->nc_proto, NC_TCP)) NFSCTL_TCPSET(*famproto); else if (!strcmp(nconf->nc_proto, NC_UDP)) NFSCTL_UDPSET(*famproto); xlog(D_GENERAL, "Enabling %s %s.", nconf->nc_protofmly, nconf->nc_proto); } endnetconfig(handle); return; }
/* * find the IP address that can be used to connect to the local host */ void amu_get_myaddress(struct in_addr *iap) { int ret; voidp handlep; struct netconfig *ncp; struct nd_addrlist *addrs = (struct nd_addrlist *) NULL; struct nd_hostserv service; handlep = setnetconfig(); ncp = getnetconfig(handlep); service.h_host = HOST_SELF_CONNECT; service.h_serv = (char *) NULL; ret = netdir_getbyname(ncp, &service, &addrs); if (ret || !addrs || addrs->n_cnt < 1) { plog(XLOG_FATAL, "cannot get local host address. using 127.0.0.1"); iap->s_addr = 0x7f000001; } else { /* * XXX: there may be more more than one address for this local * host. Maybe something can be done with those. */ struct sockaddr_in *sinp = (struct sockaddr_in *) addrs->n_addrs[0].buf; iap->s_addr = htonl(sinp->sin_addr.s_addr); } endnetconfig(handlep); /* free's up internal resources too */ netdir_free((voidp) addrs, ND_ADDRLIST); }
/* * Creates, registers, and returns a (rpc) unix based transporter. * Obsoleted by svc_vc_create(). */ SVCXPRT * svcunix_create(int sock, u_int sendsize, u_int recvsize, char *path) { struct netconfig *nconf; void *localhandle; struct sockaddr_un sun; struct sockaddr *sa; struct t_bind taddr; SVCXPRT *xprt; int addrlen; xprt = (SVCXPRT *)NULL; localhandle = setnetconfig(); while ((nconf = getnetconfig(localhandle)) != NULL) { if (nconf->nc_protofmly != NULL && strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) break; } if (nconf == NULL) return(xprt); if ((sock = __rpc_nconf2fd(nconf)) < 0) goto done; memset(&sun, 0, sizeof sun); sun.sun_family = AF_LOCAL; if (strlcpy(sun.sun_path, path, sizeof(sun.sun_path)) >= sizeof(sun.sun_path)) goto done; sun.sun_len = SUN_LEN(&sun); addrlen = sizeof (struct sockaddr_un); sa = (struct sockaddr *)&sun; if (_bind(sock, sa, addrlen) < 0) goto done; taddr.addr.len = taddr.addr.maxlen = addrlen; taddr.addr.buf = malloc(addrlen); if (taddr.addr.buf == NULL) goto done; memcpy(taddr.addr.buf, sa, addrlen); if (nconf->nc_semantics != NC_TPI_CLTS) { if (_listen(sock, SOMAXCONN) < 0) { free(taddr.addr.buf); goto done; } } xprt = (SVCXPRT *)svc_tli_create(sock, nconf, &taddr, sendsize, recvsize); done: endnetconfig(localhandle); return(xprt); }
/** * nfs_svc_create - start up RPC svc listeners * @name: C string containing name of new service * @program: RPC program number to register * @version: RPC version number to register * @dispatch: address of function that handles incoming RPC requests * @port: if not zero, transport listens on this port * * Sets up network transports for receiving RPC requests, and starts * the RPC dispatcher. Returns the number of started network transports. */ unsigned int nfs_svc_create(char *name, const rpcprog_t program, const rpcvers_t version, void (*dispatch)(struct svc_req *, SVCXPRT *), const uint16_t port) { const struct sigaction create_sigaction = { .sa_handler = SIG_IGN, }; unsigned int visible, up, servport; struct netconfig *nconf; void *handlep; /* * Ignore SIGPIPE to avoid exiting sideways when peers * close their TCP connection while we're trying to reply * to them. */ (void)sigaction(SIGPIPE, &create_sigaction, NULL); handlep = setnetconfig(); if (handlep == NULL) { xlog(L_ERROR, "Failed to access local netconfig database: %s", nc_sperror()); return 0; } visible = 0; up = 0; while ((nconf = getnetconfig(handlep)) != NULL) { if (!(nconf->nc_flag & NC_VISIBLE)) continue; visible++; if (port == 0) servport = getservport(program, nconf->nc_proto); else servport = port; up += svc_create_nconf(name, program, version, dispatch, servport, nconf); } if (visible == 0) xlog(L_ERROR, "Failed to find any visible netconfig entries"); if (endnetconfig(handlep) == -1) xlog(L_ERROR, "Failed to close local netconfig database: %s", nc_sperror()); return up; }
/* * Determines the availability of rpc.yppasswdd. Returns -1 for not * available (or unable to determine), 0 for available, 1 for available in * master mode. */ int ypclnt_havepasswdd(ypclnt_t *ypclnt) { struct netconfig *nc = NULL; void *localhandle = 0; CLIENT *clnt = NULL; int ret; /* check if rpc.yppasswdd is running */ if (getrpcport(ypclnt->server, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP) == 0) { ypclnt_error(ypclnt, __func__, "no rpc.yppasswdd on server"); return (-1); } /* if we're not root, use remote method */ if (getuid() != 0) return (0); /* try to connect to rpc.yppasswdd */ localhandle = setnetconfig(); while ((nc = getnetconfig(localhandle)) != NULL) { if (nc->nc_protofmly != NULL && strcmp(nc->nc_protofmly, NC_LOOPBACK) == 0) break; } if (nc == NULL) { ypclnt_error(ypclnt, __func__, "getnetconfig: %s", nc_sperror()); ret = 0; goto done; } if ((clnt = clnt_tp_create(NULL, MASTER_YPPASSWDPROG, MASTER_YPPASSWDVERS, nc)) == NULL) { ypclnt_error(ypclnt, __func__, "failed to connect to rpc.yppasswdd: %s", clnt_spcreateerror(ypclnt->server)); ret = 0; goto done; } else ret = 1; done: if (clnt != NULL) { clnt_destroy(clnt); } endnetconfig(localhandle); return (ret); }
void* setnetpath() { struct netpath_vars* np_sessionp; /* this session's variables */ char* npp; /* NETPATH env variable */ #ifdef MEM_CHK malloc_debug(1); #endif if ((np_sessionp = (struct netpath_vars*)malloc(sizeof(struct netpath_vars))) == NULL) { return (NULL); } if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) { free(np_sessionp); syslog(LOG_ERR, "rpc: failed to open " NETCONFIG); goto failed; } np_sessionp->valid = NP_VALID; np_sessionp->ncp_list = NULL; if ((npp = getenv(NETPATH)) == NULL) { np_sessionp->netpath = NULL; } else { (void) endnetconfig(np_sessionp->nc_handlep);/* won't need nc session*/ np_sessionp->nc_handlep = NULL; if ((np_sessionp->netpath = malloc(strlen(npp) + 1)) == NULL) { goto failed; } else { (void) strcpy(np_sessionp->netpath, npp); } } np_sessionp->netpath_start = np_sessionp->netpath; return ((void*)np_sessionp); failed: free(np_sessionp); return (NULL); }
int udp_server(const char *host, const char *serv, socklen_t *addrlenp) { int tfd; void *handle; struct t_bind tbind; struct t_info tinfo; struct netconfig *ncp; struct nd_hostserv hs; struct nd_addrlist *alp; struct netbuf *np; handle = Setnetconfig(); hs.h_host = (host == NULL) ? HOST_SELF : (char *) host; hs.h_serv = (char *) serv; while ( (ncp = getnetconfig(handle)) != NULL && strcmp(ncp->nc_proto, "udp") != 0) ; if (ncp == NULL) return(-1); if (netdir_getbyname(ncp, &hs, &alp) != 0) return(-2); np = alp->n_addrs; /* use first address */ tfd = T_open(ncp->nc_device, O_RDWR, &tinfo); tbind.addr = *np; /* copy entire netbuf{} */ tbind.qlen = 0; /* not used for connectionless server */ T_bind(tfd, &tbind, NULL); endnetconfig(handle); netdir_free(alp, ND_ADDRLIST); if (addrlenp) *addrlenp = tinfo.addr; /* size of protocol addresses */ return(tfd); }
static int getconf(char *netid, void **handle, struct netconfig **nconf) { struct netconfig *nc, *save = NULL; if ((*handle = setnetconfig()) == NULL) return (FALSE); while (nc = getnetconfig((void*)*handle)) { if (strcmp(nc->nc_netid, netid) != 0) { *nconf = nc; return (TRUE); } else if (!save && strcmp(nc->nc_protofmly, "loopback") != 0) save = nc; } if (save) { *nconf = save; return (TRUE); } else { endnetconfig(*handle); return (FALSE); } }
struct netconfig * __nis_get_netconfig(endpoint *ep) { void *nch; struct netconfig *nc; struct netconfig_list *p; for (p = ncl; p; p = p->next) { if (__nis_netconfig_matches_ep(p->nc, ep)) { return (p->nc); } } nch = setnetconfig(); if (nch == 0) return (0); while ((nc = getnetconfig(nch)) != 0) { if (__nis_netconfig_matches_ep(nc, ep)) break; } /* * We call getnetconfigent to allocate a copy of the * netconfig entry. */ if (nc) { p = malloc(sizeof (*p)); if (p == 0) return (0); p->nc = getnetconfigent(nc->nc_netid); p->next = ncl; ncl = p; } (void) endnetconfig(nch); return (nc); }
/* * How to bind to reserved ports. * (port-only) version. */ int bind_resv_port2(u_short *pp) { int td, rc = -1, port; struct t_bind *treq, *tret; struct sockaddr_in *sin; extern char *t_errlist[]; extern int t_errno; struct netconfig *nc = (struct netconfig *) NULL; voidp nc_handle; if ((nc_handle = setnetconfig()) == (voidp) NULL) { plog(XLOG_ERROR, "Cannot rewind netconfig: %s", nc_sperror()); return -1; } /* * Search the netconfig table for INET/UDP. * This loop will terminate if there was an error in the /etc/netconfig * file or if you reached the end of the file without finding the udp * device. Either way your machine has probably far more problems (for * example, you cannot have nfs v2 w/o UDP). */ while (1) { if ((nc = getnetconfig(nc_handle)) == (struct netconfig *) NULL) { plog(XLOG_ERROR, "Error accessing getnetconfig: %s", nc_sperror()); endnetconfig(nc_handle); return -1; } if (STREQ(nc->nc_protofmly, NC_INET) && STREQ(nc->nc_proto, NC_UDP)) break; } /* * This is the primary reason for the getnetconfig code above: to get the * correct device name to udp, and t_open a descriptor to be used in * t_bind below. */ td = t_open(nc->nc_device, O_RDWR, (struct t_info *) 0); endnetconfig(nc_handle); if (td < 0) { plog(XLOG_ERROR, "t_open failed: %d: %s", t_errno, t_errlist[t_errno]); return -1; } treq = (struct t_bind *) t_alloc(td, T_BIND, T_ADDR); if (!treq) { plog(XLOG_ERROR, "t_alloc req"); return -1; } tret = (struct t_bind *) t_alloc(td, T_BIND, T_ADDR); if (!tret) { t_free((char *) treq, T_BIND); plog(XLOG_ERROR, "t_alloc ret"); return -1; } memset((char *) treq->addr.buf, 0, treq->addr.len); sin = (struct sockaddr_in *) treq->addr.buf; sin->sin_family = AF_INET; treq->qlen = 0; treq->addr.len = treq->addr.maxlen; errno = EADDRINUSE; port = IPPORT_RESERVED; do { --port; sin->sin_port = htons(port); rc = t_bind(td, treq, tret); if (rc < 0) { plog(XLOG_ERROR, "t_bind for port %d: %s", port, t_errlist[t_errno]); } else { if (memcmp(treq->addr.buf, tret->addr.buf, tret->addr.len) == 0) break; else t_unbind(td); } } while ((rc < 0 || errno == EADDRINUSE) && (int) port > IPPORT_RESERVED / 2); if (pp && rc == 0) *pp = port; t_free((char *) tret, T_BIND); t_free((char *) treq, T_BIND); return rc; }
int main(int ac, char *av[]) { char *dir = "/"; int allflag = 0; int df_allflag = 0; int opt_cnt = 0; int maxservers = 1; /* zero allows inifinte number of threads */ int maxservers_set = 0; int logmaxservers = 0; int pid; int i; char *provider = (char *)NULL; char *df_provider = (char *)NULL; struct protob *protobp0, *protobp; NETSELDECL(proto) = NULL; NETSELDECL(df_proto) = NULL; NETSELPDECL(providerp); char *defval; boolean_t can_do_mlp; uint_t dss_npaths = 0; char **dss_pathnames = NULL; sigset_t sgset; char name[PATH_MAX], value[PATH_MAX]; int ret, bufsz; int pipe_fd = -1; MyName = *av; /* * Initializations that require more privileges than we need to run. */ (void) _create_daemon_lock(NFSD, DAEMON_UID, DAEMON_GID); svcsetprio(); can_do_mlp = priv_ineffect(PRIV_NET_BINDMLP); if (__init_daemon_priv(PU_RESETGROUPS|PU_CLEARLIMITSET, DAEMON_UID, DAEMON_GID, PRIV_SYS_NFS, can_do_mlp ? PRIV_NET_BINDMLP : NULL, NULL) == -1) { (void) fprintf(stderr, "%s should be run with" " sufficient privileges\n", av[0]); exit(1); } (void) enable_extended_FILE_stdio(-1, -1); /* * Read in the values from SMF first before we check * command line options so the options override SMF values. */ bufsz = PATH_MAX; ret = nfs_smf_get_prop("max_connections", value, DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD, &bufsz); if (ret == SA_OK) { errno = 0; max_conns_allowed = strtol(value, (char **)NULL, 10); if (errno != 0) max_conns_allowed = -1; } bufsz = PATH_MAX; ret = nfs_smf_get_prop("listen_backlog", value, DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD, &bufsz); if (ret == SA_OK) { errno = 0; listen_backlog = strtol(value, (char **)NULL, 10); if (errno != 0) { listen_backlog = 32; } } bufsz = PATH_MAX; ret = nfs_smf_get_prop("protocol", value, DEFAULT_INSTANCE, SCF_TYPE_ASTRING, NFSD, &bufsz); if ((ret == SA_OK) && strlen(value) > 0) { df_proto = strdup(value); opt_cnt++; if (strncasecmp("ALL", value, 3) == 0) { free(df_proto); df_proto = NULL; df_allflag = 1; } } bufsz = PATH_MAX; ret = nfs_smf_get_prop("device", value, DEFAULT_INSTANCE, SCF_TYPE_ASTRING, NFSD, &bufsz); if ((ret == SA_OK) && strlen(value) > 0) { df_provider = strdup(value); opt_cnt++; } bufsz = PATH_MAX; ret = nfs_smf_get_prop("servers", value, DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD, &bufsz); if (ret == SA_OK) { errno = 0; maxservers = strtol(value, (char **)NULL, 10); if (errno != 0) maxservers = 1; else maxservers_set = 1; } bufsz = 4; ret = nfs_smf_get_prop("server_versmin", value, DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD, &bufsz); if (ret == SA_OK) nfs_server_vers_min = strtol(value, (char **)NULL, 10); bufsz = 4; ret = nfs_smf_get_prop("server_versmax", value, DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD, &bufsz); if (ret == SA_OK) nfs_server_vers_max = strtol(value, (char **)NULL, 10); bufsz = PATH_MAX; ret = nfs_smf_get_prop("server_delegation", value, DEFAULT_INSTANCE, SCF_TYPE_ASTRING, NFSD, &bufsz); if (ret == SA_OK) if (strncasecmp(value, "off", 3) == 0) nfs_server_delegation = FALSE; /* * Conflict options error messages. */ if (opt_cnt > 1) { (void) fprintf(stderr, "\nConflicting options, only one of " "the following options can be specified\n" "in SMF:\n" "\tprotocol=ALL\n" "\tprotocol=protocol\n" "\tdevice=devicename\n\n"); usage(); } opt_cnt = 0; while ((i = getopt(ac, av, "ac:p:s:t:l:")) != EOF) { switch (i) { case 'a': free(df_proto); df_proto = NULL; free(df_provider); df_provider = NULL; allflag = 1; opt_cnt++; break; case 'c': max_conns_allowed = atoi(optarg); break; case 'p': proto = optarg; df_allflag = 0; opt_cnt++; break; /* * DSS: NFSv4 distributed stable storage. * * This is a Contracted Project Private interface, for * the sole use of Sun Cluster HA-NFS. See PSARC/2006/313. */ case 's': if (strlen(optarg) < MAXPATHLEN) { /* first "-s" option encountered? */ if (dss_pathnames == NULL) { /* * Allocate maximum possible space * required given cmdline arg count; * "-s <path>" consumes two args. */ size_t sz = (ac / 2) * sizeof (char *); dss_pathnames = (char **)malloc(sz); if (dss_pathnames == NULL) { (void) fprintf(stderr, "%s: " "dss paths malloc failed\n", av[0]); exit(1); } (void) memset(dss_pathnames, 0, sz); } dss_pathnames[dss_npaths] = optarg; dss_npaths++; } else { (void) fprintf(stderr, "%s: -s pathname too long.\n", av[0]); } break; case 't': provider = optarg; df_allflag = 0; opt_cnt++; break; case 'l': listen_backlog = atoi(optarg); break; case '?': usage(); /* NOTREACHED */ } } allflag = df_allflag; if (proto == NULL) proto = df_proto; if (provider == NULL) provider = df_provider; /* * Conflict options error messages. */ if (opt_cnt > 1) { (void) fprintf(stderr, "\nConflicting options, only one of " "the following options can be specified\n" "on the command line:\n" "\t-a\n" "\t-p protocol\n" "\t-t transport\n\n"); usage(); } if (proto != NULL && strncasecmp(proto, NC_UDP, strlen(NC_UDP)) == 0) { if (nfs_server_vers_max == NFS_V4) { if (nfs_server_vers_min == NFS_V4) { fprintf(stderr, "NFS version 4 is not supported " "with the UDP protocol. Exiting\n"); exit(3); } else { fprintf(stderr, "NFS version 4 is not supported " "with the UDP protocol.\n"); } } } /* * If there is exactly one more argument, it is the number of * servers. */ if (optind == ac - 1) { maxservers = atoi(av[optind]); maxservers_set = 1; } /* * If there are two or more arguments, then this is a usage error. */ else if (optind < ac - 1) usage(); /* * Check the ranges for min/max version specified */ else if ((nfs_server_vers_min > nfs_server_vers_max) || (nfs_server_vers_min < NFS_VERSMIN) || (nfs_server_vers_max > NFS_VERSMAX)) usage(); /* * There are no additional arguments, and we haven't set maxservers * explicitly via the config file, we use a default number of * servers. We will log this. */ else if (maxservers_set == 0) logmaxservers = 1; /* * Basic Sanity checks on options * * max_conns_allowed must be positive, except for the special * value of -1 which is used internally to mean unlimited, -1 isn't * documented but we allow it anyway. * * maxservers must be positive * listen_backlog must be positive or zero */ if (((max_conns_allowed != -1) && (max_conns_allowed <= 0)) || (listen_backlog < 0) || (maxservers <= 0)) { usage(); } /* * Set current dir to server root */ if (chdir(dir) < 0) { (void) fprintf(stderr, "%s: ", MyName); perror(dir); exit(1); } #ifndef DEBUG pipe_fd = daemonize_init(); #endif openlog(MyName, LOG_PID | LOG_NDELAY, LOG_DAEMON); /* * establish our lock on the lock file and write our pid to it. * exit if some other process holds the lock, or if there's any * error in writing/locking the file. */ pid = _enter_daemon_lock(NFSD); switch (pid) { case 0: break; case -1: fprintf(stderr, "error locking for %s: %s\n", NFSD, strerror(errno)); exit(2); default: /* daemon was already running */ exit(0); } /* * If we've been given a list of paths to be used for distributed * stable storage, and provided we're going to run a version * that supports it, setup the DSS paths. */ if (dss_pathnames != NULL && nfs_server_vers_max >= DSS_VERSMIN) { if (dss_init(dss_npaths, dss_pathnames) != 0) { fprintf(stderr, "%s", "dss_init failed. Exiting.\n"); exit(1); } } /* * Block all signals till we spawn other * threads. */ (void) sigfillset(&sgset); (void) thr_sigsetmask(SIG_BLOCK, &sgset, NULL); if (logmaxservers) { fprintf(stderr, "Number of servers not specified. Using default of %d.\n", maxservers); } /* * Make sure to unregister any previous versions in case the * user is reconfiguring the server in interesting ways. */ svc_unreg(NFS_PROGRAM, NFS_VERSION); svc_unreg(NFS_PROGRAM, NFS_V3); svc_unreg(NFS_PROGRAM, NFS_V4); svc_unreg(NFS_ACL_PROGRAM, NFS_ACL_V2); svc_unreg(NFS_ACL_PROGRAM, NFS_ACL_V3); /* * Set up kernel RPC thread pool for the NFS server. */ if (nfssvcpool(maxservers)) { fprintf(stderr, "Can't set up kernel NFS service: %s. " "Exiting.\n", strerror(errno)); exit(1); } /* * Set up blocked thread to do LWP creation on behalf of the kernel. */ if (svcwait(NFS_SVCPOOL_ID)) { fprintf(stderr, "Can't set up NFS pool creator: %s. Exiting.\n", strerror(errno)); exit(1); } /* * RDMA start and stop thread. * Per pool RDMA listener creation and * destructor thread. * * start rdma services and block in the kernel. * (only if proto or provider is not set to TCP or UDP) */ if ((proto == NULL) && (provider == NULL)) { if (svcrdma(NFS_SVCPOOL_ID, nfs_server_vers_min, nfs_server_vers_max, nfs_server_delegation)) { fprintf(stderr, "Can't set up RDMA creator thread : %s\n", strerror(errno)); } } /* * Now open up for signal delivery */ (void) thr_sigsetmask(SIG_UNBLOCK, &sgset, NULL); sigset(SIGTERM, sigflush); sigset(SIGUSR1, quiesce); /* * Build a protocol block list for registration. */ protobp0 = protobp = (struct protob *)malloc(sizeof (struct protob)); protobp->serv = "NFS"; protobp->versmin = nfs_server_vers_min; protobp->versmax = nfs_server_vers_max; protobp->program = NFS_PROGRAM; protobp->next = (struct protob *)malloc(sizeof (struct protob)); protobp = protobp->next; protobp->serv = "NFS_ACL"; /* not used */ protobp->versmin = nfs_server_vers_min; /* XXX - this needs work to get the version just right */ protobp->versmax = (nfs_server_vers_max > NFS_ACL_V3) ? NFS_ACL_V3 : nfs_server_vers_max; protobp->program = NFS_ACL_PROGRAM; protobp->next = (struct protob *)NULL; if (allflag) { if (do_all(protobp0, nfssvc) == -1) { fprintf(stderr, "setnetconfig failed : %s\n", strerror(errno)); exit(1); } } else if (proto) { /* there's more than one match for the same protocol */ struct netconfig *nconf; NCONF_HANDLE *nc; bool_t protoFound = FALSE; if ((nc = setnetconfig()) == (NCONF_HANDLE *) NULL) { fprintf(stderr, "setnetconfig failed : %s\n", strerror(errno)); goto done; } while (nconf = getnetconfig(nc)) { if (strcmp(nconf->nc_proto, proto) == 0) { protoFound = TRUE; do_one(nconf->nc_device, NULL, protobp0, nfssvc); } } (void) endnetconfig(nc); if (protoFound == FALSE) { fprintf(stderr, "couldn't find netconfig entry for protocol %s\n", proto); } } else if (provider) do_one(provider, proto, protobp0, nfssvc); else { for (providerp = defaultproviders; *providerp != NULL; providerp++) { provider = *providerp; do_one(provider, NULL, protobp0, nfssvc); } } done: free(protobp); free(protobp0); if (num_fds == 0) { fprintf(stderr, "Could not start NFS service for any protocol." " Exiting.\n"); exit(1); } end_listen_fds = num_fds; /* * nfsd is up and running as far as we are concerned. */ daemonize_fini(pipe_fd); /* * Get rid of unneeded privileges. */ __fini_daemon_priv(PRIV_PROC_FORK, PRIV_PROC_EXEC, PRIV_PROC_SESSION, PRIV_FILE_LINK_ANY, PRIV_PROC_INFO, (char *)NULL); /* * Poll for non-data control events on the transport descriptors. */ poll_for_action(); /* * If we get here, something failed in poll_for_action(). */ return (1); }
/* * This routine is designed to be able to "ping" * a list of hosts and create a list of responding * hosts sorted by response time. * This must be done without any prior * contact with the host - therefore the "ping" * must be to a "well-known" address. The outstanding * candidate here is the address of "rpcbind". * * A response to a ping is no guarantee that the host * is running NFS, has a mount daemon, or exports * the required filesystem. If the subsequent * mount attempt fails then the host will be marked * "ignore" and the host list will be re-pinged * (sans the bad host). This process continues * until a successful mount is achieved or until * there are no hosts left to try. */ enum clnt_stat nfs_cast(struct mapfs *mfs_in, struct mapfs **mfs_out, int timeout) { enum clnt_stat stat; AUTH *sys_auth = authsys_create_default(); XDR xdr_stream; register XDR *xdrs = &xdr_stream; int outlen; int if_inx; int tsec; int flag; int sent, addr_cnt, rcvd, if_cnt; fd_set readfds, mask; register ulong_t xid; /* xid - unique per addr */ register int i; struct rpc_msg msg; struct timeval t, rcv_timeout; char outbuf[UDPMSGSIZE], inbuf[UDPMSGSIZE]; struct t_unitdata t_udata, t_rdata; struct nd_hostserv hs; struct nd_addrlist *retaddrs; struct transp *tr_head; struct transp *trans, *prev_trans; struct addrs *a, *prev_addr; struct tstamps *ts, *prev_ts; NCONF_HANDLE *nc = NULL; struct netconfig *nconf; struct rlimit rl; int dtbsize; struct mapfs *mfs; /* * For each connectionless transport get a list of * host addresses. Any single host may have * addresses on several transports. */ addr_cnt = sent = rcvd = 0; tr_head = NULL; FD_ZERO(&mask); /* * Set the default select size to be the maximum FD_SETSIZE, unless * the current rlimit is lower. */ dtbsize = FD_SETSIZE; if (getrlimit(RLIMIT_NOFILE, &rl) == 0) { if (rl.rlim_cur < FD_SETSIZE) dtbsize = rl.rlim_cur; } prev_trans = NULL; prev_addr = NULL; prev_ts = NULL; for (mfs = mfs_in; mfs; mfs = mfs->mfs_next) { if (trace > 2) trace_prt(1, "nfs_cast: host=%s\n", mfs->mfs_host); nc = setnetconfig(); if (nc == NULL) { stat = RPC_CANTSEND; goto done_broad; } while (nconf = getnetconfig(nc)) { if (!(nconf->nc_flag & NC_VISIBLE) || nconf->nc_semantics != NC_TPI_CLTS || (strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)) continue; trans = (struct transp *)malloc(sizeof (*trans)); if (trans == NULL) { syslog(LOG_ERR, "no memory"); stat = RPC_CANTSEND; goto done_broad; } (void) memset(trans, 0, sizeof (*trans)); if (tr_head == NULL) tr_head = trans; else prev_trans->tr_next = trans; prev_trans = trans; trans->tr_fd = t_open(nconf->nc_device, O_RDWR, NULL); if (trans->tr_fd < 0) { syslog(LOG_ERR, "nfscast: t_open: %s:%m", nconf->nc_device); stat = RPC_CANTSEND; goto done_broad; } if (t_bind(trans->tr_fd, (struct t_bind *)NULL, (struct t_bind *)NULL) < 0) { syslog(LOG_ERR, "nfscast: t_bind: %m"); stat = RPC_CANTSEND; goto done_broad; } trans->tr_taddr = /* LINTED pointer alignment */ (struct t_bind *)t_alloc(trans->tr_fd, T_BIND, T_ADDR); if (trans->tr_taddr == (struct t_bind *)NULL) { syslog(LOG_ERR, "nfscast: t_alloc: %m"); stat = RPC_SYSTEMERROR; goto done_broad; } trans->tr_device = nconf->nc_device; FD_SET(trans->tr_fd, &mask); if_inx = 0; hs.h_host = mfs->mfs_host; hs.h_serv = "rpcbind"; if (netdir_getbyname(nconf, &hs, &retaddrs) == ND_OK) { /* * If mfs->ignore is previously set for * this map, clear it. Because a host can * have either v6 or v4 address */ if (mfs->mfs_ignore == 1) mfs->mfs_ignore = 0; a = (struct addrs *)malloc(sizeof (*a)); if (a == NULL) { syslog(LOG_ERR, "no memory"); stat = RPC_CANTSEND; goto done_broad; } (void) memset(a, 0, sizeof (*a)); if (trans->tr_addrs == NULL) trans->tr_addrs = a; else prev_addr->addr_next = a; prev_addr = a; a->addr_if_tstamps = NULL; a->addr_mfs = mfs; a->addr_addrs = retaddrs; if_cnt = retaddrs->n_cnt; while (if_cnt--) { ts = (struct tstamps *) malloc(sizeof (*ts)); if (ts == NULL) { syslog(LOG_ERR, "no memory"); stat = RPC_CANTSEND; goto done_broad; } (void) memset(ts, 0, sizeof (*ts)); ts->ts_penalty = mfs->mfs_penalty; if (a->addr_if_tstamps == NULL) a->addr_if_tstamps = ts; else prev_ts->ts_next = ts; prev_ts = ts; ts->ts_inx = if_inx++; addr_cnt++; } break; } else { mfs->mfs_ignore = 1; if (verbose) syslog(LOG_ERR, "%s:%s address not known", mfs->mfs_host, strcmp(nconf->nc_proto, NC_INET)?"IPv6":"IPv4"); } } /* while */ endnetconfig(nc); nc = NULL; } /* for */ if (addr_cnt == 0) { syslog(LOG_ERR, "nfscast: couldn't find addresses"); stat = RPC_CANTSEND; goto done_broad; } (void) gettimeofday(&t, (struct timezone *)0); xid = (getpid() ^ t.tv_sec ^ t.tv_usec) & ~0xFF; t.tv_usec = 0; /* serialize the RPC header */ msg.rm_direction = CALL; msg.rm_call.cb_rpcvers = RPC_MSG_VERSION; msg.rm_call.cb_prog = RPCBPROG; /* * we can not use RPCBVERS here since it doesn't exist in 4.X, * the fix to bug 1139883 has made the 4.X portmapper silent to * version mismatches. This causes the RPC call to the remote * portmapper to simply be ignored if it's not Version 2. */ msg.rm_call.cb_vers = PMAPVERS; msg.rm_call.cb_proc = NULLPROC; if (sys_auth == (AUTH *)NULL) { stat = RPC_SYSTEMERROR; goto done_broad; } msg.rm_call.cb_cred = sys_auth->ah_cred; msg.rm_call.cb_verf = sys_auth->ah_verf; xdrmem_create(xdrs, outbuf, sizeof (outbuf), XDR_ENCODE); if (! xdr_callmsg(xdrs, &msg)) { stat = RPC_CANTENCODEARGS; goto done_broad; } outlen = (int)xdr_getpos(xdrs); xdr_destroy(xdrs); t_udata.opt.len = 0; t_udata.udata.buf = outbuf; t_udata.udata.len = outlen; /* * Basic loop: send packet to all hosts and wait for response(s). * The response timeout grows larger per iteration. * A unique xid is assigned to each address in order to * correctly match the replies. */ for (tsec = 4; timeout > 0; tsec *= 2) { timeout -= tsec; if (timeout <= 0) tsec += timeout; rcv_timeout.tv_sec = tsec; rcv_timeout.tv_usec = 0; sent = 0; for (trans = tr_head; trans; trans = trans->tr_next) { for (a = trans->tr_addrs; a; a = a->addr_next) { struct netbuf *if_netbuf = a->addr_addrs->n_addrs; ts = a->addr_if_tstamps; if_cnt = a->addr_addrs->n_cnt; while (if_cnt--) { /* * xid is the first thing in * preserialized buffer */ /* LINTED pointer alignment */ *((ulong_t *)outbuf) = htonl(xid + ts->ts_inx); (void) gettimeofday(&(ts->ts_timeval), (struct timezone *)0); /* * Check if already received * from a previous iteration. */ if (ts->ts_rcvd) { sent++; ts = ts->ts_next; continue; } t_udata.addr = *if_netbuf++; if (t_sndudata(trans->tr_fd, &t_udata) == 0) { sent++; } ts = ts->ts_next; } } } if (sent == 0) { /* no packets sent ? */ stat = RPC_CANTSEND; goto done_broad; } /* * Have sent all the packets. Now collect the responses... */ rcvd = 0; recv_again: msg.acpted_rply.ar_verf = _null_auth; msg.acpted_rply.ar_results.proc = xdr_void; readfds = mask; switch (select(dtbsize, &readfds, (fd_set *)NULL, (fd_set *)NULL, &rcv_timeout)) { case 0: /* Timed out */ /* * If we got at least one response in the * last interval, then don't wait for any * more. In theory we should wait for * the max weighting (penalty) value so * that a very slow server has a chance to * respond but this could take a long time * if the admin has set a high weighting * value. */ if (rcvd > 0) goto done_broad; stat = RPC_TIMEDOUT; continue; case -1: /* some kind of error */ if (errno == EINTR) goto recv_again; syslog(LOG_ERR, "nfscast: select: %m"); if (rcvd == 0) stat = RPC_CANTRECV; goto done_broad; } /* end of select results switch */ for (trans = tr_head; trans; trans = trans->tr_next) { if (FD_ISSET(trans->tr_fd, &readfds)) break; } if (trans == NULL) goto recv_again; try_again: t_rdata.addr = trans->tr_taddr->addr; t_rdata.udata.buf = inbuf; t_rdata.udata.maxlen = sizeof (inbuf); t_rdata.udata.len = 0; t_rdata.opt.len = 0; if (t_rcvudata(trans->tr_fd, &t_rdata, &flag) < 0) { if (errno == EINTR) goto try_again; syslog(LOG_ERR, "nfscast: t_rcvudata: %s:%m", trans->tr_device); stat = RPC_CANTRECV; continue; } if (t_rdata.udata.len < sizeof (ulong_t)) goto recv_again; if (flag & T_MORE) { syslog(LOG_ERR, "nfscast: t_rcvudata: %s: buffer overflow", trans->tr_device); goto recv_again; } /* * see if reply transaction id matches sent id. * If so, decode the results. * Note: received addr is ignored, it could be * different from the send addr if the host has * more than one addr. */ xdrmem_create(xdrs, inbuf, (uint_t)t_rdata.udata.len, XDR_DECODE); if (xdr_replymsg(xdrs, &msg)) { if (msg.rm_reply.rp_stat == MSG_ACCEPTED && (msg.rm_xid & ~0xFF) == xid) { struct addrs *curr_addr; i = msg.rm_xid & 0xFF; for (curr_addr = trans->tr_addrs; curr_addr; curr_addr = curr_addr->addr_next) { for (ts = curr_addr->addr_if_tstamps; ts; ts = ts->ts_next) if (ts->ts_inx == i && !ts->ts_rcvd) { ts->ts_rcvd = 1; calc_resp_time(&ts->ts_timeval); stat = RPC_SUCCESS; rcvd++; break; } } } /* otherwise, we just ignore the errors ... */ } xdrs->x_op = XDR_FREE; msg.acpted_rply.ar_results.proc = xdr_void; (void) xdr_replymsg(xdrs, &msg); XDR_DESTROY(xdrs); if (rcvd == sent) goto done_broad; else goto recv_again; } if (!rcvd) stat = RPC_TIMEDOUT; done_broad: if (rcvd) { *mfs_out = sort_responses(tr_head); stat = RPC_SUCCESS; } if (nc) endnetconfig(nc); free_transports(tr_head); AUTH_DESTROY(sys_auth); return (stat); }
static int ypxfrd_transfer (char *host, char *map, char *domain, char *tmpname) { CLIENT *clnt; struct ypxfr_mapname req; struct xfr resp; struct timeval timeout = {25, 0}; int port = 0; #if defined(HAVE_RPCB_GETADDR) struct netconfig *nconf; struct netbuf svcaddr; char addrbuf[INET6_ADDRSTRLEN]; void *handle; int found; #endif if (debug_flag) fprintf (stderr, "Trying ypxfrd ..."); #ifdef HAVE_RPCB_GETADDR svcaddr.len = 0; svcaddr.maxlen = sizeof (addrbuf); svcaddr.buf = addrbuf; found = 0; handle = setnetconfig(); while ((nconf = getnetconfig(handle)) != NULL) { if (!strcmp(nconf->nc_proto, "udp")) { if (rpcb_getaddr(YPXFRD_FREEBSD_PROG, YPXFRD_FREEBSD_VERS, nconf, &svcaddr, host)) { port = __taddr2port (nconf, &svcaddr); endnetconfig (handle); found=1; break; } if (rpc_createerr.cf_stat != RPC_UNKNOWNHOST) { clnt_pcreateerror (host); log_msg ("rpcb_getaddr (%s) failed!", host); return 1; } } } if (!found) { log_msg ("Cannot find suitable transport for protocol 'udp'"); return 1; } #else port = getrpcport (host, YPXFRD_FREEBSD_PROG, YPXFRD_FREEBSD_VERS, IPPROTO_TCP)) #endif if (port == 0) { if (debug_flag) log_msg (" not running"); return 1; } req.xfrmap = map; req.xfrdomain = domain; req.xfrmap_filename = map; #if defined(HAVE_LIBGDBM) #if SIZEOF_LONG == 8 req.xfr_db_type = XFR_DB_GNU_GDBM64; #else req.xfr_db_type = XFR_DB_GNU_GDBM; #endif #if defined(WORDS_BIGENDIAN) req.xfr_byte_order = XFR_ENDIAN_BIG; #else req.xfr_byte_order = XFR_ENDIAN_LITTLE; #endif #elif defined (HAVE_NDBM) #if defined(__sun__) || defined (sun) req.xfr_db_type = XFR_DB_NDBM; #if defined(WORDS_BIGENDIAN) req.xfr_byte_order = XFR_ENDIAN_BIG; #else req.xfr_byte_order = XFR_ENDIAN_LITTLE; #endif #else req.xfr_db_type = XFR_DB_BSD_NDBM; req.xfr_byte_order = XFR_ENDIAN_ANY; #endif #elif defined (HAVE_LIBQDBM) req.xfr_db_type = XFR_DB_QDBM; #if defined(WORDS_BIGENDIAN) req.xfr_byte_order = XFR_ENDIAN_BIG; #else req.xfr_byte_order = XFR_ENDIAN_LITTLE; #endif #elif defined (HAVE_LIBTC) req.xfr_db_type = XFR_DB_TC; req.xfr_byte_order = XFR_ENDIAN_ANY; #endif memset (&resp, 0, sizeof (resp)); if ((clnt = clnt_create (host, YPXFRD_FREEBSD_PROG, YPXFRD_FREEBSD_VERS, "tcp")) == NULL) goto error; if ((ypxfrd_file = open (tmpname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR)) == -1) { clnt_destroy (clnt); log_msg ("couldn't open %s: %s", tmpname, strerror (errno)); goto error; } if (clnt_call (clnt, YPXFRD_GETMAP, (xdrproc_t) xdr_ypxfr_mapname, (caddr_t) &req, (xdrproc_t) xdr_ypxfr_xfr, (caddr_t) &resp, timeout) != RPC_SUCCESS) { log_msg ("%s", clnt_sperror (clnt, "call to rpc.ypxfrd failed")); unlink (tmpname); clnt_destroy (clnt); close (ypxfrd_file); goto error; } clnt_destroy (clnt); close (ypxfrd_file); if (debug_flag) log_msg (" success\n"); return 0; error: if (debug_flag) log_msg (" (failed, fallback to enumeration)\n"); return 1; }
/* * Keep the handle cached. This call may be made quite often. */ static CLIENT * getkeyserv_handle(int vers) { void *localhandle; struct netconfig *nconf; struct netconfig *tpconf; struct key_call_private *kcp = key_call_private_main; struct timeval wait_time; struct utsname u; int main_thread; int fd; static thread_key_t key_call_key; #define TOTAL_TIMEOUT 30 /* total timeout talking to keyserver */ #define TOTAL_TRIES 5 /* Number of tries */ if ((main_thread = thr_main())) { kcp = key_call_private_main; } else { if (key_call_key == 0) { mutex_lock(&tsd_lock); if (key_call_key == 0) thr_keycreate(&key_call_key, key_call_destroy); mutex_unlock(&tsd_lock); } kcp = (struct key_call_private *)thr_getspecific(key_call_key); } if (kcp == NULL) { kcp = (struct key_call_private *)malloc(sizeof (*kcp)); if (kcp == NULL) { return (NULL); } if (main_thread) key_call_private_main = kcp; else thr_setspecific(key_call_key, (void *) kcp); kcp->client = NULL; } /* if pid has changed, destroy client and rebuild */ if (kcp->client != NULL && kcp->pid != getpid()) { clnt_destroy(kcp->client); kcp->client = NULL; } if (kcp->client != NULL) { /* if uid has changed, build client handle again */ if (kcp->uid != geteuid()) { kcp->uid = geteuid(); auth_destroy(kcp->client->cl_auth); kcp->client->cl_auth = authsys_create("", kcp->uid, 0, 0, NULL); if (kcp->client->cl_auth == NULL) { clnt_destroy(kcp->client); kcp->client = NULL; return (NULL); } } /* Change the version number to the new one */ clnt_control(kcp->client, CLSET_VERS, (void *)&vers); return (kcp->client); } if (!(localhandle = setnetconfig())) { return (NULL); } tpconf = NULL; if (uname(&u) == -1) { endnetconfig(localhandle); return (NULL); } while ((nconf = getnetconfig(localhandle)) != NULL) { if (strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) { /* * We use COTS_ORD here so that the caller can * find out immediately if the server is dead. */ if (nconf->nc_semantics == NC_TPI_COTS_ORD) { kcp->client = clnt_tp_create(u.nodename, KEY_PROG, vers, nconf); if (kcp->client) break; } else { tpconf = nconf; } } } if ((kcp->client == NULL) && (tpconf)) /* Now, try the CLTS or COTS loopback transport */ kcp->client = clnt_tp_create(u.nodename, KEY_PROG, vers, tpconf); endnetconfig(localhandle); if (kcp->client == NULL) { return (NULL); } kcp->uid = geteuid(); kcp->pid = getpid(); kcp->client->cl_auth = authsys_create("", kcp->uid, 0, 0, NULL); if (kcp->client->cl_auth == NULL) { clnt_destroy(kcp->client); kcp->client = NULL; return (NULL); } wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES; wait_time.tv_usec = 0; clnt_control(kcp->client, CLSET_RETRY_TIMEOUT, (char *)&wait_time); if (clnt_control(kcp->client, CLGET_FD, (char *)&fd)) _fcntl(fd, F_SETFD, 1); /* make it "close on exec" */ return (kcp->client); }
static int yppasswd_local(ypclnt_t *ypclnt, const struct passwd *pwd) { struct master_yppasswd yppwd; struct rpc_err rpcerr; struct netconfig *nc = NULL; void *localhandle = 0; CLIENT *clnt = NULL; int ret, *result; /* fill the master_yppasswd structure */ memset(&yppwd, 0, sizeof yppwd); yppwd.newpw.pw_uid = pwd->pw_uid; yppwd.newpw.pw_gid = pwd->pw_gid; yppwd.newpw.pw_change = pwd->pw_change; yppwd.newpw.pw_expire = pwd->pw_expire; yppwd.newpw.pw_fields = pwd->pw_fields; yppwd.oldpass = strdup(""); yppwd.domain = strdup(ypclnt->domain); if ((yppwd.newpw.pw_name = strdup(pwd->pw_name)) == NULL || (yppwd.newpw.pw_passwd = strdup(pwd->pw_passwd)) == NULL || (yppwd.newpw.pw_class = strdup(pwd->pw_class)) == NULL || (yppwd.newpw.pw_gecos = strdup(pwd->pw_gecos)) == NULL || (yppwd.newpw.pw_dir = strdup(pwd->pw_dir)) == NULL || (yppwd.newpw.pw_shell = strdup(pwd->pw_shell)) == NULL) { ypclnt_error(ypclnt, __func__, strerror(errno)); ret = -1; goto done; } /* connect to rpc.yppasswdd */ localhandle = setnetconfig(); while ((nc = getnetconfig(localhandle)) != NULL) { if (nc->nc_protofmly != NULL && strcmp(nc->nc_protofmly, NC_LOOPBACK) == 0) break; } if (nc == NULL) { ypclnt_error(ypclnt, __func__, "getnetconfig: %s", nc_sperror()); ret = -1; goto done; } if ((clnt = clnt_tp_create(NULL, MASTER_YPPASSWDPROG, MASTER_YPPASSWDVERS, nc)) == NULL) { ypclnt_error(ypclnt, __func__, "failed to connect to rpc.yppasswdd: %s", clnt_spcreateerror(ypclnt->server)); ret = -1; goto done; } clnt->cl_auth = authunix_create_default(); /* request the update */ result = yppasswdproc_update_master_1(&yppwd, clnt); /* check for RPC errors */ clnt_geterr(clnt, &rpcerr); if (rpcerr.re_status != RPC_SUCCESS) { ypclnt_error(ypclnt, __func__, "NIS password update failed: %s", clnt_sperror(clnt, ypclnt->server)); ret = -1; goto done; } /* check the result of the update */ if (result == NULL || *result != 0) { ypclnt_error(ypclnt, __func__, "NIS password update failed"); /* XXX how do we get more details? */ ret = -1; goto done; } ypclnt_error(ypclnt, NULL, NULL); ret = 0; done: if (clnt != NULL) { auth_destroy(clnt->cl_auth); clnt_destroy(clnt); } endnetconfig(localhandle); free(yppwd.newpw.pw_name); if (yppwd.newpw.pw_passwd != NULL) { memset(yppwd.newpw.pw_passwd, 0, strlen(yppwd.newpw.pw_passwd)); free(yppwd.newpw.pw_passwd); } free(yppwd.newpw.pw_class); free(yppwd.newpw.pw_gecos); free(yppwd.newpw.pw_dir); free(yppwd.newpw.pw_shell); if (yppwd.oldpass != NULL) { memset(yppwd.oldpass, 0, strlen(yppwd.oldpass)); free(yppwd.oldpass); } return (ret); }
/* * Sort a list of server endpoints so that address for local interfaces * occur before remote interfaces. If an error occurs (e.g., no memory), * we just clean up and return; we end up not sorting the endpoints, but * this is just for optimization anyway. * * There is a lot of work in this routine, so it should not be called * frequently. */ static void nis_sort_server_endpoints_inet(nis_server *svr) { int i; int j; int neps = svr->ep.ep_len; endpoint *eps = svr->ep.ep_val; struct netconfig *ncp, *ncp_inet = 0, *ncp_inet6 = 0; void *local_interfaces; void *nch; nch = setnetconfig(); if (nch == 0) return; /* find any inet entry so we can do uaddr2taddr */ while ((ncp = getnetconfig(nch)) != 0 && ncp_inet == 0 && ncp_inet6 == 0) { if (strcmp(ncp->nc_protofmly, NC_INET) == 0) ncp_inet = ncp; else if (strcmp(ncp->nc_protofmly, NC_INET6)) ncp_inet6 = ncp; } if (ncp_inet == 0 && ncp_inet6 == 0) { (void) endnetconfig(nch); return; } local_interfaces = __inet_get_local_interfaces(); if (local_interfaces == 0) { (void) endnetconfig(nch); return; } /* * Sort endpoints so local inet addresses are first. The * variable 'i' points to the beginning of the array, * and 'j' points to the end. We advance 'i' as long * as it indexes a non-inet endpoint or a local endpoint. * We retract 'j' as long as it indexes a non-inet endpoint * or a remote endpoint. If either of these cases fail, * then 'i' is pointing at a remote endpoint and 'j' is * pointing at a local endpoint. We swap them, adjust * the indexes, and continue. When the indexes cross * we are done. */ i = 0; j = neps - 1; while (i < j) { if ((strcmp(eps[i].family, NC_INET) != 0 && strcmp(eps[i].family, NC_INET6) != 0) || is_local(local_interfaces, ncp, eps[i].uaddr)) { i++; continue; } if ((strcmp(eps[j].family, NC_INET) != 0 && strcmp(eps[j].family, NC_INET6) != 0) || is_remote(local_interfaces, ncp, eps[j].uaddr)) { --j; continue; } __nis_swap_endpoints(&eps[i], &eps[j]); i++; --j; } /* clean up */ __inet_free_local_interfaces(local_interfaces); (void) endnetconfig(nch); }
int rpcbind_main(void *arg) #endif { struct netconfig *nconf; void *nc_handle; /* Net config handle */ struct rlimit rl; int maxrec = RPC_MAXDATASIZE; #ifdef RPCBIND_RUMP svc_fdset_init(SVC_FDSET_MT); #else parseargs(argc, argv); #endif if (getrlimit(RLIMIT_NOFILE, &rl) == -1) err(EXIT_FAILURE, "getrlimit(RLIMIT_NOFILE)"); if (rl.rlim_cur < 128) { if (rl.rlim_max <= 128) rl.rlim_cur = rl.rlim_max; else rl.rlim_cur = 128; if (setrlimit(RLIMIT_NOFILE, &rl) < 0) err(EXIT_FAILURE, "setrlimit(RLIMIT_NOFILE)"); } nc_handle = setnetconfig(); /* open netconfig file */ if (nc_handle == NULL) errx(EXIT_FAILURE, "could not read /etc/netconfig"); #ifdef PORTMAP udptrans = ""; tcptrans = ""; #endif nconf = getnetconfigent("local"); if (nconf == NULL) errx(EXIT_FAILURE, "can't find local transport"); rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); init_transport(nconf); while ((nconf = getnetconfig(nc_handle))) { if (nconf->nc_flag & NC_VISIBLE) init_transport(nconf); } endnetconfig(nc_handle); /* catch the usual termination signals for graceful exit */ (void) signal(SIGCHLD, reap); (void) signal(SIGINT, terminate); (void) signal(SIGTERM, terminate); (void) signal(SIGQUIT, terminate); /* ignore others that could get sent */ (void) signal(SIGPIPE, SIG_IGN); #ifndef RPCBIND_RUMP (void) signal(SIGHUP, SIG_IGN); #endif (void) signal(SIGUSR1, SIG_IGN); (void) signal(SIGUSR2, SIG_IGN); #ifdef WARMSTART if (warmstart) { read_warmstart(); } #endif if (debugging) { printf("rpcbind debugging enabled."); if (doabort) { printf(" Will abort on errors!\n"); } else { printf("\n"); } } else { if (daemon(0, 0)) err(EXIT_FAILURE, "fork failed"); } openlog("rpcbind", 0, LOG_DAEMON); pidfile(NULL); if (runasdaemon) { struct passwd *p; if((p = getpwnam(RUN_AS)) == NULL) { syslog(LOG_ERR, "cannot get uid of daemon: %m"); exit(EXIT_FAILURE); } if (setuid(p->pw_uid) == -1) { syslog(LOG_ERR, "setuid to daemon failed: %m"); exit(EXIT_FAILURE); } } network_init(); #ifdef RPCBIND_RUMP sem_post(&gensem); #endif my_svc_run(); syslog(LOG_ERR, "svc_run returned unexpectedly"); rpcbind_abort(); /* NOTREACHED */ return EXIT_SUCCESS; }
/* * We use our own private version of svc_create() which registers our services * only on loopback transports and enables an option whereby Solaris ucreds * are associated with each connection, permitting us to check privilege bits. */ static int fmd_rpc_svc_create_local(void (*disp)(struct svc_req *, SVCXPRT *), rpcprog_t prog, rpcvers_t vers, uint_t ssz, uint_t rsz, int force) { struct netconfig *ncp; struct netbuf buf; SVCXPRT *xprt; void *hdl; int fd, n = 0; char door[PATH_MAX]; time_t tm; if ((hdl = setnetconfig()) == NULL) { fmd_error(EFMD_RPC_REG, "failed to iterate over " "netconfig database: %s\n", nc_sperror()); return (fmd_set_errno(EFMD_RPC_REG)); } if (force) svc_unreg(prog, vers); /* clear stale rpcbind registrations */ buf.buf = alloca(_SS_MAXSIZE); buf.maxlen = _SS_MAXSIZE; buf.len = 0; while ((ncp = getnetconfig(hdl)) != NULL) { if (strcmp(ncp->nc_protofmly, NC_LOOPBACK) != 0) continue; if (!force && rpcb_getaddr(prog, vers, ncp, &buf, HOST_SELF)) { (void) endnetconfig(hdl); return (fmd_set_errno(EFMD_RPC_BOUND)); } if ((fd = t_open(ncp->nc_device, O_RDWR, NULL)) == -1) { fmd_error(EFMD_RPC_REG, "failed to open %s: %s\n", ncp->nc_device, t_strerror(t_errno)); continue; } svc_fd_negotiate_ucred(fd); /* enable ucred option on xprt */ if ((xprt = svc_tli_create(fd, ncp, NULL, ssz, rsz)) == NULL) { (void) t_close(fd); continue; } if (svc_reg(xprt, prog, vers, disp, ncp) == FALSE) { fmd_error(EFMD_RPC_REG, "failed to register " "rpc service on %s\n", ncp->nc_netid); svc_destroy(xprt); continue; } n++; } (void) endnetconfig(hdl); /* * If we failed to register services (n == 0) because rpcbind is down, * then check to see if the RPC door file exists before attempting an * svc_door_create(), which cleverly destroys any existing door file. * The RPC APIs have no stable errnos, so we use rpcb_gettime() as a * hack to determine if rpcbind itself is down. */ if (!force && n == 0 && rpcb_gettime(HOST_SELF, &tm) == FALSE && snprintf(door, sizeof (door), RPC_DOOR_RENDEZVOUS, prog, vers) > 0 && access(door, F_OK) == 0) return (fmd_set_errno(EFMD_RPC_BOUND)); /* * Attempt to create a door server for the RPC program as well. Limit * the maximum request size for the door transport to the receive size. */ if ((xprt = svc_door_create(disp, prog, vers, ssz)) == NULL) { fmd_error(EFMD_RPC_REG, "failed to create door for " "rpc service 0x%lx/0x%lx\n", prog, vers); } else { (void) svc_control(xprt, SVCSET_CONNMAXREC, &rsz); n++; } return (n); }
int main(int argc, char **argv) { int nflag = 0; int c; int warn = 0; char *path = NULL; void *localhandle; SVCXPRT *transp; struct netconfig *nconf = NULL; __key_encryptsession_pk_LOCAL = &key_encrypt_pk_2_svc_prog; __key_decryptsession_pk_LOCAL = &key_decrypt_pk_2_svc_prog; __key_gendes_LOCAL = &key_gen_1_svc_prog; while ((c = getopt(argc, argv, "ndDvp:")) != -1) switch (c) { case 'n': nflag++; break; case 'd': pk_nodefaultkeys(); break; case 'D': debugging = 1; break; case 'v': warn = 1; break; case 'p': path = optarg; break; default: usage(); } load_des(warn, path); __des_crypt_LOCAL = _my_crypt; if (svc_auth_reg(AUTH_DES, _svcauth_des) == -1) errx(1, "failed to register AUTH_DES authenticator"); if (optind != argc) { usage(); } /* * Initialize */ umask(S_IXUSR|S_IXGRP|S_IXOTH); if (geteuid() != 0) errx(1, "keyserv must be run as root"); setmodulus(HEXMODULUS); getrootkey(&masterkey, nflag); rpcb_unset(KEY_PROG, KEY_VERS, NULL); rpcb_unset(KEY_PROG, KEY_VERS2, NULL); if (svc_create(keyprogram, KEY_PROG, KEY_VERS, "netpath") == 0) { fprintf(stderr, "%s: unable to create service\n", argv[0]); exit(1); } if (svc_create(keyprogram, KEY_PROG, KEY_VERS2, "netpath") == 0) { fprintf(stderr, "%s: unable to create service\n", argv[0]); exit(1); } localhandle = setnetconfig(); while ((nconf = getnetconfig(localhandle)) != NULL) { if (nconf->nc_protofmly != NULL && strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) break; } if (nconf == NULL) errx(1, "getnetconfig: %s", nc_sperror()); unlink(KEYSERVSOCK); rpcb_unset(CRYPT_PROG, CRYPT_VERS, nconf); transp = svcunix_create(RPC_ANYSOCK, 0, 0, KEYSERVSOCK); if (transp == NULL) errx(1, "cannot create AF_LOCAL service"); if (!svc_reg(transp, KEY_PROG, KEY_VERS, keyprogram, nconf)) errx(1, "unable to register (KEY_PROG, KEY_VERS, unix)"); if (!svc_reg(transp, KEY_PROG, KEY_VERS2, keyprogram, nconf)) errx(1, "unable to register (KEY_PROG, KEY_VERS2, unix)"); if (!svc_reg(transp, CRYPT_PROG, CRYPT_VERS, crypt_prog_1, nconf)) errx(1, "unable to register (CRYPT_PROG, CRYPT_VERS, unix)"); endnetconfig(localhandle); umask(066); /* paranoia */ if (!debugging) { daemon(0,0); } signal(SIGPIPE, SIG_IGN); svc_run(); abort(); /* NOTREACHED */ }
int main(int argc, char **argv) { int ch, i, s; void *nc_handle; char *endptr, **hosts_bak; struct sigaction sigalarm; int grace_period = 30; struct netconfig *nconf; int have_v6 = 1; int maxrec = RPC_MAXDATASIZE; in_port_t svcport = 0; int attempt_cnt, port_len, port_pos, ret; char **port_list; while ((ch = getopt(argc, argv, "d:g:h:p:")) != (-1)) { switch (ch) { case 'd': debug_level = atoi(optarg); if (!debug_level) { usage(); /* NOTREACHED */ } break; case 'g': grace_period = atoi(optarg); if (!grace_period) { usage(); /* NOTREACHED */ } break; case 'h': ++nhosts; hosts_bak = hosts; hosts_bak = realloc(hosts, nhosts * sizeof(char *)); if (hosts_bak == NULL) { if (hosts != NULL) { for (i = 0; i < nhosts; i++) free(hosts[i]); free(hosts); out_of_mem(); } } hosts = hosts_bak; hosts[nhosts - 1] = strdup(optarg); if (hosts[nhosts - 1] == NULL) { for (i = 0; i < (nhosts - 1); i++) free(hosts[i]); free(hosts); out_of_mem(); } break; case 'p': endptr = NULL; svcport = (in_port_t)strtoul(optarg, &endptr, 10); if (endptr == NULL || *endptr != '\0' || svcport == 0 || svcport >= IPPORT_MAX) usage(); svcport_str = strdup(optarg); break; default: case '?': usage(); /* NOTREACHED */ } } if (geteuid()) { /* This command allowed only to root */ fprintf(stderr, "Sorry. You are not superuser\n"); exit(1); } kernel_lockd = FALSE; kernel_lockd_client = FALSE; if (modfind("nfslockd") < 0) { if (kldload("nfslockd") < 0) { fprintf(stderr, "Can't find or load kernel support for rpc.lockd - using non-kernel implementation\n"); } else { kernel_lockd = TRUE; } } else { kernel_lockd = TRUE; } if (kernel_lockd) { if (getosreldate() >= 800040) kernel_lockd_client = TRUE; } (void)rpcb_unset(NLM_PROG, NLM_SM, NULL); (void)rpcb_unset(NLM_PROG, NLM_VERS, NULL); (void)rpcb_unset(NLM_PROG, NLM_VERSX, NULL); (void)rpcb_unset(NLM_PROG, NLM_VERS4, NULL); /* * Check if IPv6 support is present. */ s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP); if (s < 0) have_v6 = 0; else close(s); rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); /* * If no hosts were specified, add a wildcard entry to bind to * INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the * list. */ if (nhosts == 0) { hosts = malloc(sizeof(char**)); if (hosts == NULL) out_of_mem(); hosts[0] = "*"; nhosts = 1; } else { hosts_bak = hosts; if (have_v6) { hosts_bak = realloc(hosts, (nhosts + 2) * sizeof(char *)); if (hosts_bak == NULL) { for (i = 0; i < nhosts; i++) free(hosts[i]); free(hosts); out_of_mem(); } else hosts = hosts_bak; nhosts += 2; hosts[nhosts - 2] = "::1"; } else { hosts_bak = realloc(hosts, (nhosts + 1) * sizeof(char *)); if (hosts_bak == NULL) { for (i = 0; i < nhosts; i++) free(hosts[i]); free(hosts); out_of_mem(); } else { nhosts += 1; hosts = hosts_bak; } } hosts[nhosts - 1] = "127.0.0.1"; } if (kernel_lockd) { if (!kernel_lockd_client) { /* * For the case where we have a kernel lockd but it * doesn't provide client locking, we run a cut-down * RPC service on a local-domain socket. The kernel's * RPC server will pass what it can't handle (mainly * client replies) down to us. */ struct sockaddr_un sun; int fd, oldmask; SVCXPRT *xprt; memset(&sun, 0, sizeof sun); sun.sun_family = AF_LOCAL; unlink(_PATH_RPCLOCKDSOCK); strcpy(sun.sun_path, _PATH_RPCLOCKDSOCK); sun.sun_len = SUN_LEN(&sun); fd = socket(AF_LOCAL, SOCK_STREAM, 0); if (!fd) { err(1, "Can't create local lockd socket"); } oldmask = umask(S_IXUSR|S_IRWXG|S_IRWXO); if (bind(fd, (struct sockaddr *) &sun, sun.sun_len) < 0) { err(1, "Can't bind local lockd socket"); } umask(oldmask); if (listen(fd, SOMAXCONN) < 0) { err(1, "Can't listen on local lockd socket"); } xprt = svc_vc_create(fd, RPC_MAXDATASIZE, RPC_MAXDATASIZE); if (!xprt) { err(1, "Can't create transport for local lockd socket"); } if (!svc_reg(xprt, NLM_PROG, NLM_VERS4, nlm_prog_4, NULL)) { err(1, "Can't register service for local lockd socket"); } } /* * We need to look up the addresses so that we can * hand uaddrs (ascii encoded address+port strings) to * the kernel. */ nc_handle = setnetconfig(); while ((nconf = getnetconfig(nc_handle))) { /* We want to listen only on udp6, tcp6, udp, tcp transports */ if (nconf->nc_flag & NC_VISIBLE) { /* Skip if there's no IPv6 support */ if (have_v6 == 0 && strcmp(nconf->nc_protofmly, "inet6") == 0) { /* DO NOTHING */ } else { lookup_addresses(nconf); } } } endnetconfig(nc_handle); } else { attempt_cnt = 1; sock_fdcnt = 0; sock_fd = NULL; port_list = NULL; port_len = 0; nc_handle = setnetconfig(); while ((nconf = getnetconfig(nc_handle))) { /* We want to listen only on udp6, tcp6, udp, tcp transports */ if (nconf->nc_flag & NC_VISIBLE) { /* Skip if there's no IPv6 support */ if (have_v6 == 0 && strcmp(nconf->nc_protofmly, "inet6") == 0) { /* DO NOTHING */ } else { ret = create_service(nconf); if (ret == 1) /* Ignore this call */ continue; if (ret < 0) { /* * Failed to bind port, so close * off all sockets created and * try again if the port# was * dynamically assigned via * bind(2). */ clearout_service(); if (mallocd_svcport != 0 && attempt_cnt < GETPORT_MAXTRY) { free(svcport_str); svcport_str = NULL; mallocd_svcport = 0; } else { errno = EADDRINUSE; syslog(LOG_ERR, "bindresvport_sa: %m"); exit(1); } /* * Start over at the first * service. */ free(sock_fd); sock_fdcnt = 0; sock_fd = NULL; nc_handle = setnetconfig(); attempt_cnt++; } else if (mallocd_svcport != 0 && attempt_cnt == GETPORT_MAXTRY) { /* * For the last attempt, allow * different port #s for each * nconf by saving the * svcport_str and setting it * back to NULL. */ port_list = realloc(port_list, (port_len + 1) * sizeof(char *)); if (port_list == NULL) out_of_mem(); port_list[port_len++] = svcport_str; svcport_str = NULL; mallocd_svcport = 0; } } } } /* * Successfully bound the ports, so call complete_service() to * do the rest of the setup on the service(s). */ sock_fdpos = 0; port_pos = 0; nc_handle = setnetconfig(); while ((nconf = getnetconfig(nc_handle))) { /* We want to listen only on udp6, tcp6, udp, tcp transports */ if (nconf->nc_flag & NC_VISIBLE) { /* Skip if there's no IPv6 support */ if (have_v6 == 0 && strcmp(nconf->nc_protofmly, "inet6") == 0) { /* DO NOTHING */ } else if (port_list != NULL) { if (port_pos >= port_len) { syslog(LOG_ERR, "too many port#s"); exit(1); } complete_service(nconf, port_list[port_pos++]); } else complete_service(nconf, svcport_str); } } endnetconfig(nc_handle); free(sock_fd); if (port_list != NULL) { for (port_pos = 0; port_pos < port_len; port_pos++) free(port_list[port_pos]); free(port_list); } } /* * Note that it is NOT sensible to run this program from inetd - the * protocol assumes that it will run immediately at boot time. */ if (daemon(0, debug_level > 0)) { err(1, "cannot fork"); /* NOTREACHED */ } openlog("rpc.lockd", 0, LOG_DAEMON); if (debug_level) syslog(LOG_INFO, "Starting, debug level %d", debug_level); else syslog(LOG_INFO, "Starting"); sigalarm.sa_handler = (sig_t) sigalarm_handler; sigemptyset(&sigalarm.sa_mask); sigalarm.sa_flags = SA_RESETHAND; /* should only happen once */ sigalarm.sa_flags |= SA_RESTART; if (sigaction(SIGALRM, &sigalarm, NULL) != 0) { syslog(LOG_WARNING, "sigaction(SIGALRM) failed: %s", strerror(errno)); exit(1); } if (kernel_lockd) { if (!kernel_lockd_client) { init_nsm(); client_pid = client_request(); /* * Create a child process to enter the kernel and then * wait for RPCs on our local domain socket. */ if (!fork()) nlm_syscall(debug_level, grace_period, naddrs, addrs); else svc_run(); } else { /* * The kernel lockd implementation provides * both client and server so we don't need to * do anything else. */ nlm_syscall(debug_level, grace_period, naddrs, addrs); } } else { grace_expired = 0; alarm(grace_period); init_nsm(); client_pid = client_request(); svc_run(); /* Should never return */ } exit(1); }
int main(int argc, char *argv[]) { struct netconfig *nconf; void *nc_handle; /* Net config handle */ struct rlimit rl; int maxrec = RPC_MAXDATASIZE; parseargs(argc, argv); /* Check that another rpcbind isn't already running. */ if ((rpcbindlockfd = (open(RPCBINDDLOCK, O_RDONLY|O_CREAT, 0444))) == -1) err(1, "%s", RPCBINDDLOCK); if(flock(rpcbindlockfd, LOCK_EX|LOCK_NB) == -1 && errno == EWOULDBLOCK) errx(1, "another rpcbind is already running. Aborting"); getrlimit(RLIMIT_NOFILE, &rl); if (rl.rlim_cur < 128) { if (rl.rlim_max <= 128) rl.rlim_cur = rl.rlim_max; else rl.rlim_cur = 128; setrlimit(RLIMIT_NOFILE, &rl); } openlog("rpcbind", LOG_CONS, LOG_DAEMON); if (geteuid()) { /* This command allowed only to root */ fprintf(stderr, "Sorry. You are not superuser\n"); exit(1); } /* * Make sure we use the local service file * for service lookkups */ __nss_configure_lookup("services", "files"); nc_handle = setnetconfig(); /* open netconfig file */ if (nc_handle == NULL) { syslog(LOG_ERR, "could not read /etc/netconfig"); exit(1); } nconf = getnetconfigent("local"); if (nconf == NULL) nconf = getnetconfigent("unix"); if (nconf == NULL) { syslog(LOG_ERR, "%s: can't find local transport\n", argv[0]); exit(1); } rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); init_transport(nconf); while ((nconf = getnetconfig(nc_handle))) { if (nconf->nc_flag & NC_VISIBLE) init_transport(nconf); } endnetconfig(nc_handle); #ifdef PORTMAP if (!udptrans) udptrans = ""; if (!tcptrans) tcptrans = ""; #endif /* catch the usual termination signals for graceful exit */ (void) signal(SIGCHLD, reap); (void) signal(SIGINT, terminate); (void) signal(SIGTERM, terminate); (void) signal(SIGQUIT, terminate); /* ignore others that could get sent */ (void) signal(SIGPIPE, SIG_IGN); (void) signal(SIGHUP, SIG_IGN); (void) signal(SIGUSR1, SIG_IGN); (void) signal(SIGUSR2, SIG_IGN); if (debugging) { #ifdef RPCBIND_DEBUG printf("rpcbind debugging enabled."); if (doabort) { printf(" Will abort on errors!\n"); } else { printf("\n"); } #endif } else { if (daemon(0, 0)) err(1, "fork failed"); } if (runasdaemon || rpcbinduser) { struct passwd *p; char *id = runasdaemon ? RUN_AS : rpcbinduser; /* * Make sure we use the local password file * for these lookups. */ __nss_configure_lookup("passwd", "files"); if((p = getpwnam(id)) == NULL) { syslog(LOG_ERR, "cannot get uid of '%s': %m", id); exit(1); } if (setgid(p->pw_gid) == -1) { syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid); exit(1); } if (setuid(p->pw_uid) == -1) { syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid); exit(1); } } #ifdef WARMSTART if (warmstart) { read_warmstart(); } #endif network_init(); my_svc_run(); syslog(LOG_ERR, "svc_run returned unexpectedly"); rpcbind_abort(); /* NOTREACHED */ return 0; }
void setup_resolv(bool *fwding, int *child, CLIENT **client, char *tp_type, long prognum) { enum clnt_stat stat; struct timeval tv; char prog_str[15], fd_str[5]; SVCXPRT *xprt = NULL; char *tp; #ifdef TDRPC struct sockaddr_in addr; int sock; #else char name[257]; struct netconfig *nc; void *h; #endif verbose = silent == FALSE ? 1 : 0; if (! *fwding) return; #ifdef TDRPC tp = (tp_type && strcmp(tp_type, "udp") != 0) ? "udp" : "tcp"; #else /* try the specified netid (default ticots), then any loopback */ tp = (tp_type && *tp_type) ? tp_type : "ticots"; if (!getconf(tp, &h, &nc)) { /* dont forget endnetconfig() */ syslog(LOG_ERR, "can't get resolv_clnt netconf %s.\n", tp); *fwding = FALSE; return; } tp = nc->nc_netid; #endif /* * Startup the resolv server: use transient prognum if prognum * isn't set. Using transient means we create mapping then * pass child the fd to use for service. */ if (!getprognum(&prognum, &xprt, fd_str, prog_str, YPDNSVERS, tp)) { syslog(LOG_ERR, "can't create resolv xprt for transient.\n"); *fwding = FALSE; #ifndef TDRPC endnetconfig(h); #endif return; } switch (*child = vfork()) { case -1: /* error */ syslog(LOG_ERR, "can't startup resolv daemon\n"); #ifndef TDRPC endnetconfig(h); #endif *fwding = FALSE; return; case 0: /* child */ /* * if using transient we must maintain fd across * exec cause unset/set on prognum isn't automic. * * if using transient we'll just do svc_tli_create * in child on our bound fd. */ execlp(RESOLV_EXEC_PATH, "rpc.nisd_resolv", "-F", /* forground */ "-C", fd_str, /* dont close */ "-p", prog_str, /* prognum */ "-t", tp, /* tp type */ NULL); syslog(LOG_ERR, RESOLV_EXEC_ERR, strerror(errno)); exit(1); default: /* parent */ /* close fd, free xprt, but leave mapping */ if (xprt) svc_destroy(xprt); /* let it crank up before we create client */ sleep(4); } #ifdef TDRPC get_myaddress(&addr); addr.sin_port = 0; sock = RPC_ANYSOCK; tv.tv_sec = 3; tv.tv_usec = 0; if (strcmp(tp, "udp") != 0) { *client = clntudp_bufcreate(&addr, prognum, YPDNSVERS, tv, &sock, YPMSGSZ, YPMSGSZ); } else { *client = clnttcp_create(&addr, prognum, YPDNSVERS, &sock, YPMSGSZ, YPMSGSZ); } if (*client == NULL) { syslog(LOG_ERR, "can't create resolv client handle.\n"); (void) kill (*child, SIGINT); *fwding = FALSE; return; } #else if (sysinfo(SI_HOSTNAME, name, sizeof (name)-1) == -1) { syslog(LOG_ERR, "can't get local hostname.\n"); (void) kill (*child, SIGINT); endnetconfig(h); *fwding = FALSE; return; } if ((*client = clnt_tp_create(HOST_SELF_CONNECT, prognum, YPDNSVERS, nc)) == NULL) { syslog(LOG_ERR, "can't create resolv_clnt\n"); (void) kill (*child, SIGINT); endnetconfig(h); *fwding = FALSE; return; } endnetconfig(h); #endif /* ping for comfort */ tv.tv_sec = 10; tv.tv_usec = 0; if ((stat = clnt_call(*client, 0, xdr_void, 0, xdr_void, 0, tv)) != RPC_SUCCESS) { syslog(LOG_ERR, "can't talk with resolv server\n"); clnt_destroy (*client); (void) kill (*child, SIGINT); *fwding = FALSE; return; } if (verbose) syslog(LOG_INFO, "finished setup for dns fwding.\n"); }
int main(int argc, char **argv) { struct sigaction sa; struct netconfig *nconf; void *nc_handle; in_port_t svcport; int ch, i, s; char *endptr, **hosts_bak; int have_v6 = 1; int maxrec = RPC_MAXDATASIZE; int attempt_cnt, port_len, port_pos, ret; char **port_list; while ((ch = getopt(argc, argv, "dh:p:")) != -1) switch (ch) { case 'd': debug = 1; break; case 'h': ++nhosts; hosts_bak = hosts; hosts_bak = realloc(hosts, nhosts * sizeof(char *)); if (hosts_bak == NULL) { if (hosts != NULL) { for (i = 0; i < nhosts; i++) free(hosts[i]); free(hosts); out_of_mem(); } } hosts = hosts_bak; hosts[nhosts - 1] = strdup(optarg); if (hosts[nhosts - 1] == NULL) { for (i = 0; i < (nhosts - 1); i++) free(hosts[i]); free(hosts); out_of_mem(); } break; case 'p': endptr = NULL; svcport = (in_port_t)strtoul(optarg, &endptr, 10); if (endptr == NULL || *endptr != '\0' || svcport == 0 || svcport >= IPPORT_MAX) usage(); svcport_str = strdup(optarg); break; default: usage(); } argc -= optind; argv += optind; (void)rpcb_unset(SM_PROG, SM_VERS, NULL); /* * Check if IPv6 support is present. */ s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP); if (s < 0) have_v6 = 0; else close(s); rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); /* * If no hosts were specified, add a wildcard entry to bind to * INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the * list. */ if (nhosts == 0) { hosts = malloc(sizeof(char *)); if (hosts == NULL) out_of_mem(); hosts[0] = "*"; nhosts = 1; } else { hosts_bak = hosts; if (have_v6) { hosts_bak = realloc(hosts, (nhosts + 2) * sizeof(char *)); if (hosts_bak == NULL) { for (i = 0; i < nhosts; i++) free(hosts[i]); free(hosts); out_of_mem(); } else hosts = hosts_bak; nhosts += 2; hosts[nhosts - 2] = "::1"; } else { hosts_bak = realloc(hosts, (nhosts + 1) * sizeof(char *)); if (hosts_bak == NULL) { for (i = 0; i < nhosts; i++) free(hosts[i]); free(hosts); out_of_mem(); } else { nhosts += 1; hosts = hosts_bak; } } hosts[nhosts - 1] = "127.0.0.1"; } attempt_cnt = 1; sock_fdcnt = 0; sock_fd = NULL; port_list = NULL; port_len = 0; nc_handle = setnetconfig(); while ((nconf = getnetconfig(nc_handle))) { /* We want to listen only on udp6, tcp6, udp, tcp transports */ if (nconf->nc_flag & NC_VISIBLE) { /* Skip if there's no IPv6 support */ if (have_v6 == 0 && strcmp(nconf->nc_protofmly, "inet6") == 0) { /* DO NOTHING */ } else { ret = create_service(nconf); if (ret == 1) /* Ignore this call */ continue; if (ret < 0) { /* * Failed to bind port, so close off * all sockets created and try again * if the port# was dynamically * assigned via bind(2). */ clearout_service(); if (mallocd_svcport != 0 && attempt_cnt < GETPORT_MAXTRY) { free(svcport_str); svcport_str = NULL; mallocd_svcport = 0; } else { errno = EADDRINUSE; syslog(LOG_ERR, "bindresvport_sa: %m"); exit(1); } /* Start over at the first service. */ free(sock_fd); sock_fdcnt = 0; sock_fd = NULL; nc_handle = setnetconfig(); attempt_cnt++; } else if (mallocd_svcport != 0 && attempt_cnt == GETPORT_MAXTRY) { /* * For the last attempt, allow * different port #s for each nconf * by saving the svcport_str and * setting it back to NULL. */ port_list = realloc(port_list, (port_len + 1) * sizeof(char *)); if (port_list == NULL) out_of_mem(); port_list[port_len++] = svcport_str; svcport_str = NULL; mallocd_svcport = 0; } } } } /* * Successfully bound the ports, so call complete_service() to * do the rest of the setup on the service(s). */ sock_fdpos = 0; port_pos = 0; nc_handle = setnetconfig(); while ((nconf = getnetconfig(nc_handle))) { /* We want to listen only on udp6, tcp6, udp, tcp transports */ if (nconf->nc_flag & NC_VISIBLE) { /* Skip if there's no IPv6 support */ if (have_v6 == 0 && strcmp(nconf->nc_protofmly, "inet6") == 0) { /* DO NOTHING */ } else if (port_list != NULL) { if (port_pos >= port_len) { syslog(LOG_ERR, "too many port#s"); exit(1); } complete_service(nconf, port_list[port_pos++]); } else complete_service(nconf, svcport_str); } } endnetconfig(nc_handle); free(sock_fd); if (port_list != NULL) { for (port_pos = 0; port_pos < port_len; port_pos++) free(port_list[port_pos]); free(port_list); } init_file("/var/db/statd.status"); /* Note that it is NOT sensible to run this program from inetd - the */ /* protocol assumes that it will run immediately at boot time. */ daemon(0, 0); openlog("rpc.statd", 0, LOG_DAEMON); if (debug) syslog(LOG_INFO, "Starting - debug enabled"); else syslog(LOG_INFO, "Starting"); /* Install signal handler to collect exit status of child processes */ sa.sa_handler = handle_sigchld; sigemptyset(&sa.sa_mask); sigaddset(&sa.sa_mask, SIGCHLD); sa.sa_flags = SA_RESTART; sigaction(SIGCHLD, &sa, NULL); /* Initialisation now complete - start operating */ notify_hosts(); /* Forks a process (if necessary) to do the */ /* SM_NOTIFY calls, which may be slow. */ svc_run(); /* Should never return */ exit(1); }
CLIENT * getkwarnd_handle(void) { void *localhandle; struct netconfig *nconf; struct netconfig *tpconf; struct timeval wait_time; struct utsname u; static char *hostname; static bool_t first_time = TRUE; /* * Total timeout (in seconds) talking to kwarnd. */ #define TOTAL_TIMEOUT 5 if (kwarn_clnt) return (kwarn_clnt); if (!(localhandle = setnetconfig())) return (NULL); tpconf = NULL; if (first_time == TRUE) { if (uname(&u) == -1) { (void) endnetconfig(localhandle); return ((CLIENT *)NULL); } if ((hostname = strdup(u.nodename)) == (char *)NULL) { (void) endnetconfig(localhandle); return ((CLIENT *)NULL); } first_time = FALSE; } while (nconf = getnetconfig(localhandle)) { if (strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) { if (nconf->nc_semantics == NC_TPI_COTS_ORD) { kwarn_clnt = clnt_tp_create(hostname, KWARNPROG, KWARNVERS, nconf); if (kwarn_clnt) { dprt("got COTS_ORD\n"); break; } } else { tpconf = nconf; } } } if ((kwarn_clnt == NULL) && (tpconf)) { /* Now, try the connection-oriented loopback transport */ kwarn_clnt = clnt_tp_create(hostname, KWARNPROG, KWARNVERS, tpconf); #ifdef DEBUG if (kwarn_clnt) { dprt("got COTS\n"); } #endif /* DEBUG */ } (void) endnetconfig(localhandle); /* * This bit of code uses an as yet unimplemented argument to * clnt_control(). CLSET_SVC_PRIV specifies that the underlying * loopback transport should be checked to ensure it is * connected to a process running as root. If so, the clnt_control() * call returns TRUE. If not, it returns FALSE. */ #ifdef CLSET_SVC_PRIV if (clnt_control(kwarn_clnt, CLSET_SVC_PRIV, NULL) != TRUE) { clnt_destroy(kwarn_clnt); kwarn_clnt = NULL; return (NULL); { #endif if (kwarn_clnt == NULL) return (NULL); kwarn_clnt->cl_auth = authsys_create("", getuid(), 0, 0, NULL); if (kwarn_clnt->cl_auth == NULL) { clnt_destroy(kwarn_clnt); kwarn_clnt = NULL; return (NULL); } wait_time.tv_sec = TOTAL_TIMEOUT; wait_time.tv_usec = 0; (void) clnt_control(kwarn_clnt, CLSET_TIMEOUT, (char *)&wait_time); return (kwarn_clnt); } void resetkwarnd_handle(void) { auth_destroy(kwarn_clnt->cl_auth); clnt_destroy(kwarn_clnt); kwarn_clnt = NULL; }