/* * Handles an incoming RPC connection on a socket. This method will fork(2) * a copy of this program, if appropriate, for handling incoming RPC messages. * * sock The socket with the incoming RPC connection. */ static void handle_connection( int sock) { struct sockaddr_in raddr; socklen_t len; int xp_sock; pid_t pid; SVCXPRT *xprt; int status = 1; /* EXIT_FAILURE assumed unless one_svc_run() success */ peer_info* remote = get_remote(); again: len = sizeof(raddr); (void) memset(&raddr, 0, len); xp_sock = accept(sock, (struct sockaddr *) &raddr, &len); (void) exitIfDone(0); if (xp_sock < 0) { if (errno == EINTR) { errno = 0; goto again; } /* else */ serror("accept"); return; } /* * Don't bother continuing if no more clients are allowed. */ if (cps_count() >= maxClients) { setremote(&raddr, xp_sock); unotice("Denying connection from [%s] because too many clients", remote->astr); (void) close(xp_sock); return; } pid = ldmfork(); if (pid == -1) { log_add("Couldn't fork process to handle incoming connection"); log_log(LOG_ERR); /* TODO: try again?*/ (void) close(xp_sock); return; } if (pid > 0) { /* parent */ /* unotice("child %d", pid); */ (void) close(xp_sock); if (cps_add(pid)) serror("Couldn't add child PID to set"); return; } /* else child */ setremote(&raddr, xp_sock); /* Access control */ if (!lcf_isHostOk(remote)) { ensureRemoteName(&raddr); if (!lcf_isHostOk(remote)) { if (remote->printname == remote->astr) { unotice("Denying connection from [%s] because not " "allowed", remote->astr); } else { unotice("Denying connection from \"%s\" because not " "allowed", remote_name()); } /* * Try to tell the other guy. * TODO: Why doesn't this work? */ xprt = svcfd_create(xp_sock, remote->sendsz, remote->recvsz); if (xprt != NULL ) { xprt->xp_raddr = raddr; xprt->xp_addrlen = (int) len; svcerr_weakauth(xprt); svc_destroy(xprt); } goto unwind_sock; } } /* else */ endpriv(); portIsMapped = 0; /* don't call pmap_unset() from child */ (void) close(sock); /* Set the ulog identifier, optional. */ set_abbr_ident(remote_name(), NULL ); uinfo("Connection from %s", remote_name()); xprt = svcfd_create(xp_sock, remote->sendsz, remote->recvsz); if (xprt == NULL ) { uerror("Can't create fd service."); goto unwind_sock; } /* hook up the remote address to the xprt. */ /* xprt->xp_raddr = raddr; */ xprt->xp_raddr = raddr; xprt->xp_addrlen = (int) len; if (!svc_register(xprt, LDMPROG, 4, ldmprog_4, 0)) { uerror("unable to register LDM-4 service."); svc_destroy(xprt); goto unwind_sock; } if (!svc_register(xprt, LDMPROG, FIVE, ldmprog_5, 0)) { uerror("unable to register LDM-5 service."); svc_destroy(xprt); goto unwind_sock; } if (!svc_register(xprt, LDMPROG, SIX, ldmprog_6, 0)) { uerror("unable to register LDM-6 service."); svc_destroy(xprt); goto unwind_sock; } #if WANT_MULTICAST if (!svc_register(xprt, LDMPROG, SEVEN, ldmprog_7, 0)) { uerror("unable to register LDM-7 service."); svc_destroy(xprt); goto unwind_sock; } #endif /* * handle rpc requests */ { const unsigned TIMEOUT = 2*interval; status = one_svc_run(xp_sock, TIMEOUT); (void) exitIfDone(0); if (status == 0) { log_add("Done"); log_log(LOG_INFO); } else if (status == ETIMEDOUT) { log_add("Connection from client LDM silent for %u seconds", TIMEOUT); log_log(LOG_NOTICE); } else { /* connection to client lost */ log_add("Connection with client LDM closed"); log_log(LOG_INFO); status = 0; /* EXIT_SUCCESS */ } } /* svc_destroy(xprt); done by svc_getreqset() */ unwind_sock: (void) close(xp_sock); exit(status); }
/** * Feeds or notifies a downstream LDM. This function returns either NULL or a * reply to be sent to the downstream LDM (e.g., a RECLASS message) or * terminates this process (hopefully after sending some data). * * @param xprt [in/out] Pointer to server-side transport handle. * @param want [in] Pointer to subscription by downstream LDM. * May contain a "signature" product-specification. * @param isNotifier [in] Whether or not the upstream LDM is a feeder or a * notifier. * @param maxHereis Maximum HEREIS size parameter. Ignored if "isNotifier" * is true. * @return The reply for the downstream LDM or NULL if no reply * should be made. */ static fornme_reply_t* feed_or_notify( SVCXPRT* const xprt, const prod_class_t* const want, const int isNotifier, const max_hereis_t maxHereis) { struct sockaddr_in downAddr = *svc_getcaller(xprt); ErrorObj* errObj; int status; char* downName = NULL; prod_class_t* origSub = NULL; prod_class_t* allowSub = NULL; const signaturet* signature = NULL; UpFilter* upFilter = NULL; fornme_reply_t* reply = NULL; int isPrimary; static fornme_reply_t theReply; static prod_class_t* uldbSub = NULL; /* * Clean-up from a (possibly) previous invocation */ (void)memset(&theReply, 0, sizeof(theReply)); if (uldbSub != NULL) { free_prod_class(uldbSub); uldbSub = NULL; } downName = strdup(hostbyaddr(&downAddr)); if (NULL == downName) { LOG_ADD1("Couldn't duplicate downstream host name: \"%s\"", hostbyaddr(&downAddr)); log_log(LOG_ERR); svcerr_systemerr(xprt); goto return_or_exit; } set_abbr_ident(downName, isNotifier ? "(noti)" : "(feed)"); /* * Remove any "signature" specification from the subscription. */ if ((errObj = separateProductClass(want, &origSub, &signature)) != NULL) { err_log_and_free(errObj, ERR_FAILURE); svcerr_systemerr(xprt); goto free_down_name; } /* * Get the upstream filter */ errObj = lcf_getUpstreamFilter(downName, &downAddr.sin_addr, origSub, &upFilter); if (errObj) { err_log_and_free(ERR_NEW(0, errObj, "Couldn't get \"upstream\" filter"), ERR_FAILURE); svcerr_systemerr(xprt); goto free_orig_sub; } if (NULL == upFilter) { err_log_and_free(ERR_NEW1(0, NULL, "Upstream filter prevents data-transfer: %s", s_prod_class(NULL, 0, origSub)), ERR_FAILURE); svcerr_weakauth(xprt); goto free_orig_sub; } /* TODO: adjust time? */ /* * Reduce the subscription according to what the downstream host is allowed * to receive. */ status = lcf_reduceToAllowed(downName, &downAddr.sin_addr, origSub, &allowSub); if (status == ENOMEM) { LOG_SERROR0("Couldn't compute wanted/allowed product intersection"); log_log(LOG_ERR); svcerr_systemerr(xprt); goto free_up_filter; } if (status == EINVAL) { LOG_ADD1("Invalid pattern in product-class: %s", s_prod_class(NULL, 0, origSub)); log_log(LOG_WARNING); theReply.code = BADPATTERN; reply = &theReply; goto free_up_filter; } assert(status == 0); (void) logIfReduced(origSub, allowSub, "ALLOW entries"); /* * Reduce the subscription according to existing subscriptions from the * same downstream host and, if `isAntiDosEnabled()` returns `true`, * terminate every previously-existing upstream LDM process that's feeding * (not notifying) a subset of the subscription to the same IP address. * * The following relies on atexit()-registered cleanup for removal of the * entry from the upstream LDM database. */ isPrimary = maxHereis > UINT_MAX / 2; status = uldb_addProcess(getpid(), 6, &downAddr, allowSub, &uldbSub, isNotifier, isPrimary); if (status) { LOG_ADD0("Couldn't add this process to the upstream LDM database"); log_log(LOG_ERR); svcerr_systemerr(xprt); goto free_allow_sub; } (void) logIfReduced(allowSub, uldbSub, "existing subscriptions"); /* * Send a RECLASS reply to the downstream LDM if appropriate. */ if (!clss_eq(origSub, uldbSub)) { theReply.code = RECLASS; if (0 < uldbSub->psa.psa_len) { /* * The downstream LDM is allowed less than it requested and was * entered into the upstream LDM database. */ (void)uldb_remove(getpid()); /* maybe next time */ theReply.fornme_reply_t_u.prod_class = uldbSub; } else { /* * The downstream LDM isn't allowed anything and wasn't entered * into the upstream LDM database. */ static prod_class noSub = { { 0, 0 }, /* TS_ZERO */ { 0, 0 }, /* TS_ZERO */ { 0, (prod_spec *) NULL } }; theReply.fornme_reply_t_u.prod_class = &noSub; } reply = &theReply; goto free_allow_sub; } /* * Reply to the downstream LDM that the subscription will be honored. */ theReply.code = OK; theReply.fornme_reply_t_u.id = (unsigned) getpid(); if (!svc_sendreply(xprt, (xdrproc_t)xdr_fornme_reply_t, (caddr_t)&theReply)) { LOG_ADD0("svc_sendreply(...) failure"); log_log(LOG_ERR); svcerr_systemerr(xprt); goto free_allow_sub; } /* * Wait a second before sending anything to the downstream LDM. */ (void) sleep(1); status = isNotifier ? up6_new_notifier(xprt->xp_sock, downName, &downAddr, uldbSub, signature, getQueuePath(), interval, upFilter) : up6_new_feeder(xprt->xp_sock, downName, &downAddr, uldbSub, signature, getQueuePath(), interval, upFilter, isPrimary); svc_destroy(xprt); /* closes the socket */ exit(status); /* * Reply and error handling: */ free_allow_sub: free_prod_class(allowSub); free_up_filter: upFilter_free(upFilter); free_orig_sub: free_prod_class(origSub); free_down_name: free(downName); return_or_exit: return reply; }