/* * Services SM_SIMU_CRASH requests. */ void * sm_simu_crash_1_svc (void *argp, struct svc_req *rqstp) { struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt); static char *result = NULL; struct in_addr caller; if (sin->sin_family != AF_INET) { note(N_WARNING, "Call to statd from non-AF_INET address"); goto failure; } caller = sin->sin_addr; if (caller.s_addr != htonl(INADDR_LOOPBACK)) { note(N_WARNING, "Call to statd from non-local host %s", inet_ntoa(caller)); goto failure; } if (ntohs(sin->sin_port) >= 1024) { note(N_WARNING, "Call to statd-simu-crash from unprivileged port"); goto failure; } note (N_WARNING, "*** SIMULATING CRASH! ***"); my_svc_exit (); if (rtnl) nlist_kill (&rtnl); failure: return ((void *)&result); }
bool_t mount_umntall_1_svc(struct svc_req *rqstp, void *argp, void *resp) { /* Reload /etc/xtab if necessary */ auth_reload(); mountlist_del_all(nfs_getrpccaller_in(rqstp->rq_xprt)); return 1; }
bool_t mount_exportall_1_svc(struct svc_req *rqstp, void *argp, exports *resp) { struct sockaddr_in *addr = nfs_getrpccaller_in(rqstp->rq_xprt); xlog(D_CALL, "exportall request from %s.", inet_ntoa(addr->sin_addr)); *resp = get_exportlist(); return 1; }
bool_t mount_dump_1_svc(struct svc_req *rqstp, void *argp, mountlist *res) { struct sockaddr_in *addr = nfs_getrpccaller_in(rqstp->rq_xprt); xlog(D_CALL, "dump request from %s.", inet_ntoa(addr->sin_addr)); *res = mountlist_list(); return 1; }
static void sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp) { struct sockaddr_in *sin = nfs_getrpccaller_in(transp); /* remote host authorization check */ if (sin->sin_family == AF_INET && !check_default("statd", sin, rqstp->rq_proc, SM_PROG)) { svcerr_auth (transp, AUTH_FAILED); return; } sm_prog_1 (rqstp, transp); }
/* * Reject requests from non-loopback addresses in order * to prevent attack described in CERT CA-99.05. */ static int caller_is_localhost(struct svc_req *rqstp) { struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt); struct in_addr caller; caller = sin->sin_addr; if (caller.s_addr != htonl(INADDR_LOOPBACK)) { note(N_WARNING, "Call to statd from non-local host %s", inet_ntoa(caller)); return 0; } return 1; }
/* * MNTv2 pathconf procedure * * The protocol doesn't include a status field, so Sun apparently considers * it good practice to let anyone snoop on your system, even if it's * pretty harmless data such as pathconf. We don't. * * Besides, many of the pathconf values don't make much sense on NFS volumes. * FIFOs and tty device files represent devices on the *client*, so there's * no point in getting the server's buffer sizes etc. */ bool_t mount_pathconf_2_svc(struct svc_req *rqstp, dirpath *path, ppathcnf *res) { struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt); struct stat stb; nfs_export *exp; char rpath[MAXPATHLEN+1]; char *p = *path; memset(res, 0, sizeof(*res)); if (*p == '\0') p = "/"; /* Reload /etc/xtab if necessary */ auth_reload(); /* Resolve symlinks */ if (realpath(p, rpath) != NULL) { rpath[sizeof (rpath) - 1] = '\0'; p = rpath; } /* Now authenticate the intruder... */ exp = auth_authenticate("pathconf", sin, p); if (!exp) { return 1; } else if (stat(p, &stb) < 0) { xlog(L_WARNING, "can't stat exported dir %s: %s", p, strerror(errno)); return 1; } res->pc_link_max = pathconf(p, _PC_LINK_MAX); res->pc_max_canon = pathconf(p, _PC_MAX_CANON); res->pc_max_input = pathconf(p, _PC_MAX_INPUT); res->pc_name_max = pathconf(p, _PC_NAME_MAX); res->pc_path_max = pathconf(p, _PC_PATH_MAX); res->pc_pipe_buf = pathconf(p, _PC_PIPE_BUF); res->pc_vdisable = pathconf(p, _PC_VDISABLE); /* Can't figure out what to do with pc_mask */ res->pc_mask[0] = 0; res->pc_mask[1] = 0; return 1; }
bool_t mount_umnt_1_svc(struct svc_req *rqstp, dirpath *argp, void *resp) { struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt); nfs_export *exp; char *p = *argp; char rpath[MAXPATHLEN+1]; if (*p == '\0') p = "/"; if (realpath(p, rpath) != NULL) { rpath[sizeof (rpath) - 1] = '\0'; p = rpath; } if (!(exp = auth_authenticate("unmount", sin, p))) { return 1; } mountlist_del(inet_ntoa(sin->sin_addr), p); return 1; }
static struct nfs_fh_len * get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret, mountstat3 *error, int v3) { struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt); struct stat stb, estb; nfs_export *exp; struct nfs_fh_len *fh; char rpath[MAXPATHLEN+1]; char *p = *path; if (*p == '\0') p = "/"; /* Reload /var/lib/nfs/etab if necessary */ auth_reload(); /* Resolve symlinks */ if (realpath(p, rpath) != NULL) { rpath[sizeof (rpath) - 1] = '\0'; p = rpath; } /* Now authenticate the intruder... */ exp = auth_authenticate("mount", sin, p); if (!exp) { *error = NFSERR_ACCES; return NULL; } if (stat(p, &stb) < 0) { xlog(L_WARNING, "can't stat exported dir %s: %s", p, strerror(errno)); if (errno == ENOENT) *error = NFSERR_NOENT; else *error = NFSERR_ACCES; return NULL; } if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) { xlog(L_WARNING, "%s is not a directory or regular file", p); *error = NFSERR_NOTDIR; return NULL; } if (stat(exp->m_export.e_path, &estb) < 0) { xlog(L_WARNING, "can't stat export point %s: %s", p, strerror(errno)); *error = NFSERR_NOENT; return NULL; } if (estb.st_dev != stb.st_dev && (!new_cache || !(exp->m_export.e_flags & NFSEXP_CROSSMOUNT))) { xlog(L_WARNING, "request to export directory %s below nearest filesystem %s", p, exp->m_export.e_path); *error = NFSERR_ACCES; return NULL; } if (exp->m_export.e_mountpoint && !is_mountpoint(exp->m_export.e_mountpoint[0]? exp->m_export.e_mountpoint: exp->m_export.e_path)) { xlog(L_WARNING, "request to export an unmounted filesystem: %s", p); *error = NFSERR_NOENT; return NULL; } if (new_cache) { /* This will be a static private nfs_export with just one * address. We feed it to kernel then extract the filehandle, * */ if (cache_export(exp, p)) { *error = NFSERR_ACCES; return NULL; } fh = cache_get_filehandle(exp, v3?64:32, p); if (fh == NULL) { *error = NFSERR_ACCES; return NULL; } } else { int did_export = 0; retry: if (exp->m_exported<1) { export_export(exp); did_export = 1; } if (!exp->m_xtabent) xtab_append(exp); if (v3) fh = getfh_size ((struct sockaddr *) sin, p, 64); if (!v3 || (fh == NULL && errno == EINVAL)) { /* We first try the new nfs syscall. */ fh = getfh ((struct sockaddr *) sin, p); if (fh == NULL && errno == EINVAL) /* Let's try the old one. */ fh = getfh_old ((struct sockaddr *) sin, stb.st_dev, stb.st_ino); } if (fh == NULL && !did_export) { exp->m_exported = 0; goto retry; } if (fh == NULL) { xlog(L_WARNING, "getfh failed: %s", strerror(errno)); *error = NFSERR_ACCES; return NULL; } } *error = NFS_OK; mountlist_add(inet_ntoa(sin->sin_addr), p); if (expret) *expret = exp; return fh; }