2 * Copyright (C) 1995-1999 Jeffrey A. Uphoff
3 * Major rewrite by Olaf Kirch, Dec. 1996.
4 * Modified by H.J. Lu, 1998.
5 * Tighter access control, Olaf Kirch June 1999.
21 #include <arpa/inet.h>
25 #include "ha-callout.h"
27 notify_list * rtnl = NULL; /* Run-time notify list. */
31 * Services SM_MON requests.
34 sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
36 static sm_stat_res result;
37 char *mon_name = argp->mon_id.mon_name,
38 *my_name = argp->mon_id.my_id.my_name;
39 struct my_id *id = &argp->mon_id.my_id;
43 struct in_addr my_addr;
44 #ifdef RESTRICTED_STATD
45 struct in_addr mon_addr, caller;
47 struct hostent *hostinfo = NULL;
50 /* Assume that we'll fail. */
51 result.res_stat = STAT_FAIL;
52 result.state = -1; /* State is undefined for STAT_FAIL. */
54 /* Restrict access to statd.
55 * In the light of CERT CA-99.05, we tighten access to
58 #ifdef RESTRICTED_STATD
59 /* 1. Reject anyone not calling from 127.0.0.1.
60 * Ignore the my_name specified by the caller, and
61 * use "127.0.0.1" instead.
63 caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
64 if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
66 "Call to statd from non-local host %s",
70 my_addr.s_addr = htonl(INADDR_LOOPBACK);
71 my_name = "127.0.0.1";
73 /* 2. Reject any registrations for non-lockd services.
75 * This is specific to the linux kernel lockd, which
76 * makes the callback procedure part of the lockd interface.
77 * It is also prone to break when lockd changes its callback
78 * procedure number -- which, in fact, has now happened once.
79 * There must be a better way.... XXX FIXME
81 if (id->my_prog != 100021 ||
82 (id->my_proc != 16 && id->my_proc != 24))
85 "Attempt to register callback to %d/%d",
86 id->my_prog, id->my_proc);
90 /* 3. mon_name must be an address in dotted quad.
91 * Again, specific to the linux kernel lockd.
93 if (!inet_aton(mon_name, &mon_addr)) {
95 "Attempt to register host %s (not a dotted quad)",
101 * Check hostnames. If I can't look them up, I won't monitor. This
102 * might not be legal, but it adds a little bit of safety and sanity.
105 /* must check for /'s in hostname! See CERT's CA-96.09 for details. */
106 if (strchr(mon_name, '/')) {
107 note(N_CRIT, "SM_MON request for hostname containing '/': %s",
109 note(N_CRIT, "POSSIBLE SPOOF/ATTACK ATTEMPT!");
111 } else if (gethostbyname(mon_name) == NULL) {
112 note(N_WARNING, "gethostbyname error for %s", mon_name);
114 } else if (!(hostinfo = gethostbyname(my_name))) {
115 note(N_WARNING, "gethostbyname error for %s", my_name);
118 my_addr = *(struct in_addr *) hostinfo->h_addr;
122 * Hostnames checked OK.
123 * Now check to see if this is a duplicate, and warn if so.
124 * I will also return STAT_FAIL. (I *think* this is how I should
127 * Olaf requests that I allow duplicate SM_MON requests for
128 * hosts due to the way he is coding lockd. No problem,
129 * I'll just do a quickie success return and things should
133 notify_list *temp = rtnl;
135 while ((temp = nlist_gethost(temp, mon_name, 0))) {
136 if (matchhostname(NL_MY_NAME(temp), my_name) &&
137 NL_MY_PROC(temp) == id->my_proc &&
138 NL_MY_PROG(temp) == id->my_prog &&
139 NL_MY_VERS(temp) == id->my_vers) {
140 /* Hey! We already know you guys! */
142 "Duplicate SM_MON request for %s "
143 "from procedure on %s",
146 /* But we'll let you pass anyway. */
147 result.res_stat = STAT_SUCC;
148 result.state = MY_STATE;
151 temp = NL_NEXT(temp);
156 * We're committed...ignoring errors. Let's hope that a malloc()
157 * doesn't fail. (I should probably fix this assumption.)
159 if (!(clnt = nlist_new(my_name, mon_name, 0))) {
160 note(N_WARNING, "out of memory");
164 NL_ADDR(clnt) = my_addr;
165 NL_MY_PROG(clnt) = id->my_prog;
166 NL_MY_VERS(clnt) = id->my_vers;
167 NL_MY_PROC(clnt) = id->my_proc;
168 memcpy(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE);
171 * Now, Create file on stable storage for host.
174 path=xmalloc(strlen(SM_DIR)+strlen(mon_name)+2);
175 sprintf(path, "%s/%s", SM_DIR, mon_name);
176 if ((fd = open(path, O_WRONLY|O_SYNC|O_CREAT, S_IRUSR|S_IWUSR)) < 0) {
177 /* Didn't fly. We won't monitor. */
178 note(N_ERROR, "creat(%s) failed: %s", path, strerror (errno));
179 nlist_free(NULL, clnt);
184 /* PRC: do the HA callout: */
185 ha_callout("add-client", mon_name, my_name, -1);
186 nlist_insert(&rtnl, clnt);
189 result.res_stat = STAT_SUCC;
190 result.state = MY_STATE;
191 dprintf(N_DEBUG, "MONITORING %s for %s", mon_name, my_name);
195 note(N_WARNING, "STAT_FAIL to %s for SM_MON of %s", my_name, mon_name);
201 * Services SM_UNMON requests.
203 * There is no statement in the X/Open spec's about returning an error
204 * for requests to unmonitor a host that we're *not* monitoring. I just
205 * return the state of the NSM when I get such foolish requests for lack
206 * of any better ideas. (I also log the "offense.")
209 sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp)
211 static sm_stat result;
213 char *mon_name = argp->mon_name,
214 *my_name = argp->my_id.my_name;
215 struct my_id *id = &argp->my_id;
216 #ifdef RESTRICTED_STATD
217 struct in_addr caller;
220 result.state = MY_STATE;
222 #ifdef RESTRICTED_STATD
223 /* 1. Reject anyone not calling from 127.0.0.1.
224 * Ignore the my_name specified by the caller, and
225 * use "127.0.0.1" instead.
227 caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
228 if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
230 "Call to statd from non-local host %s",
234 my_name = "127.0.0.1";
237 /* Check if we're monitoring anyone. */
238 if (!(clnt = rtnl)) {
240 "Received SM_UNMON request from %s for %s while not "
241 "monitoring any hosts.", my_name, argp->mon_name);
246 * OK, we are. Now look for appropriate entry in run-time list.
247 * There should only be *one* match on this, since I block "duplicate"
248 * SM_MON calls. (Actually, duplicate calls are allowed, but only one
249 * entry winds up in the list the way I'm currently handling them.)
251 while ((clnt = nlist_gethost(clnt, mon_name, 0))) {
252 if (matchhostname(NL_MY_NAME(clnt), my_name) &&
253 NL_MY_PROC(clnt) == id->my_proc &&
254 NL_MY_PROG(clnt) == id->my_prog &&
255 NL_MY_VERS(clnt) == id->my_vers) {
257 dprintf(N_DEBUG, "UNMONITORING %s for %s",
260 /* PRC: do the HA callout: */
261 ha_callout("del-client", mon_name, my_name, -1);
263 nlist_free(&rtnl, clnt);
264 xunlink(SM_DIR, mon_name, 1);
268 clnt = NL_NEXT(clnt);
271 #ifdef RESTRICTED_STATD
274 note(N_WARNING, "Received erroneous SM_UNMON request from %s for %s",
281 sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
284 static sm_stat result;
286 char *my_name = argp->my_name;
287 #ifdef RESTRICTED_STATD
288 struct in_addr caller;
290 /* 1. Reject anyone not calling from 127.0.0.1.
291 * Ignore the my_name specified by the caller, and
292 * use "127.0.0.1" instead.
294 caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
295 if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
297 "Call to statd from non-local host %s",
301 my_name = "127.0.0.1";
304 result.state = MY_STATE;
306 if (!(clnt = rtnl)) {
307 note(N_WARNING, "Received SM_UNMON_ALL request from %s "
308 "while not monitoring any hosts", my_name);
312 while ((clnt = nlist_gethost(clnt, my_name, 1))) {
313 if (NL_MY_PROC(clnt) == argp->my_proc &&
314 NL_MY_PROG(clnt) == argp->my_prog &&
315 NL_MY_VERS(clnt) == argp->my_vers) {
317 char mon_name[SM_MAXSTRLEN + 1];
321 "UNMONITORING (SM_UNMON_ALL) %s for %s",
322 NL_MON_NAME(clnt), NL_MY_NAME(clnt));
323 strncpy(mon_name, NL_MON_NAME(clnt),
324 sizeof (mon_name) - 1);
325 mon_name[sizeof (mon_name) - 1] = '\0';
326 temp = NL_NEXT(clnt);
327 /* PRC: do the HA callout: */
328 ha_callout("del-client", mon_name, my_name, -1);
329 nlist_free(&rtnl, clnt);
330 xunlink(SM_DIR, mon_name, 1);
334 clnt = NL_NEXT(clnt);
338 dprintf(N_DEBUG, "SM_UNMON_ALL request from %s with no "
339 "SM_MON requests from it.", my_name);
341 #ifdef RESTRICTED_STATD