2 * Copyright (C) 1995-1999 Jeffrey A. Uphoff
3 * Major rewrite by Olaf Kirch, Dec. 1996.
4 * Modified by H.J. Lu, 1998.
5 * Tighter access control, Olaf Kirch June 1999.
21 #include <arpa/inet.h>
26 #include "ha-callout.h"
28 notify_list * rtnl = NULL; /* Run-time notify list. */
30 #define LINELEN (4*(8+1)+SM_PRIV_SIZE*2+1)
33 * Services SM_MON requests.
36 sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
38 static sm_stat_res result;
39 char *mon_name = argp->mon_id.mon_name,
40 *my_name = argp->mon_id.my_id.my_name;
41 struct my_id *id = &argp->mon_id.my_id;
45 struct in_addr my_addr;
46 #ifdef RESTRICTED_STATD
47 struct in_addr caller;
49 struct hostent *hostinfo = NULL;
52 /* Assume that we'll fail. */
53 result.res_stat = STAT_FAIL;
54 result.state = -1; /* State is undefined for STAT_FAIL. */
56 /* Restrict access to statd.
57 * In the light of CERT CA-99.05, we tighten access to
60 #ifdef RESTRICTED_STATD
61 /* 1. Reject anyone not calling from 127.0.0.1.
62 * Ignore the my_name specified by the caller, and
63 * use "127.0.0.1" instead.
65 caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
66 if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
68 "Call to statd from non-local host %s",
72 my_addr.s_addr = htonl(INADDR_LOOPBACK);
73 my_name = "127.0.0.1";
75 /* 2. Reject any registrations for non-lockd services.
77 * This is specific to the linux kernel lockd, which
78 * makes the callback procedure part of the lockd interface.
79 * It is also prone to break when lockd changes its callback
80 * procedure number -- which, in fact, has now happened once.
81 * There must be a better way.... XXX FIXME
83 if (id->my_prog != 100021 ||
84 (id->my_proc != 16 && id->my_proc != 24))
87 "Attempt to register callback to %d/%d",
88 id->my_prog, id->my_proc);
93 This is not usable anymore. Linux-kernel can be configured to use
94 host names with NSM so that multi-homed hosts are handled properly.
97 /* 3. mon_name must be an address in dotted quad.
98 * Again, specific to the linux kernel lockd.
100 if (!inet_aton(mon_name, &mon_addr)) {
102 "Attempt to register host %s (not a dotted quad)",
109 * Check hostnames. If I can't look them up, I won't monitor. This
110 * might not be legal, but it adds a little bit of safety and sanity.
113 /* must check for /'s in hostname! See CERT's CA-96.09 for details. */
114 if (strchr(mon_name, '/') || mon_name[0] == '.') {
115 note(N_CRIT, "SM_MON request for hostname containing '/' "
116 "or starting '.': %s", mon_name);
117 note(N_CRIT, "POSSIBLE SPOOF/ATTACK ATTEMPT!");
119 } else if (gethostbyname(mon_name) == NULL) {
120 note(N_WARNING, "gethostbyname error for %s", mon_name);
123 #ifndef RESTRICTED_STATD
124 if (!(hostinfo = gethostbyname(my_name))) {
125 note(N_WARNING, "gethostbyname error for %s", my_name);
128 my_addr = *(struct in_addr *) hostinfo->h_addr;
132 * Hostnames checked OK.
133 * Now check to see if this is a duplicate, and warn if so.
134 * I will also return STAT_FAIL. (I *think* this is how I should
137 * Olaf requests that I allow duplicate SM_MON requests for
138 * hosts due to the way he is coding lockd. No problem,
139 * I'll just do a quickie success return and things should
143 notify_list *temp = rtnl;
145 while ((temp = nlist_gethost(temp, mon_name, 0))) {
146 if (matchhostname(NL_MY_NAME(temp), my_name) &&
147 NL_MY_PROC(temp) == id->my_proc &&
148 NL_MY_PROG(temp) == id->my_prog &&
149 NL_MY_VERS(temp) == id->my_vers) {
150 /* Hey! We already know you guys! */
152 "Duplicate SM_MON request for %s "
153 "from procedure on %s",
156 /* But we'll let you pass anyway. */
157 result.res_stat = STAT_SUCC;
158 result.state = MY_STATE;
161 temp = NL_NEXT(temp);
166 * We're committed...ignoring errors. Let's hope that a malloc()
167 * doesn't fail. (I should probably fix this assumption.)
169 if (!(clnt = nlist_new(my_name, mon_name, 0))) {
170 note(N_WARNING, "out of memory");
174 NL_ADDR(clnt) = my_addr;
175 NL_MY_PROG(clnt) = id->my_prog;
176 NL_MY_VERS(clnt) = id->my_vers;
177 NL_MY_PROC(clnt) = id->my_proc;
178 memcpy(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE);
181 * Now, Create file on stable storage for host.
184 path=xmalloc(strlen(SM_DIR)+strlen(mon_name)+2);
185 sprintf(path, "%s/%s", SM_DIR, mon_name);
186 if ((fd = open(path, O_WRONLY|O_SYNC|O_CREAT|O_APPEND,
187 S_IRUSR|S_IWUSR)) < 0) {
188 /* Didn't fly. We won't monitor. */
189 note(N_ERROR, "creat(%s) failed: %s", path, strerror (errno));
190 nlist_free(NULL, clnt);
195 char buf[LINELEN + 1 + SM_MAXSTRLEN + 2];
198 e = buf + sprintf(buf, "%08x %08x %08x %08x ",
199 my_addr.s_addr, id->my_prog,
200 id->my_vers, id->my_proc);
201 for (i=0; i<SM_PRIV_SIZE; i++)
202 e += sprintf(e, "%02x", 0xff & (argp->priv[i]));
203 if (e+1-buf != LINELEN) abort();
204 e += sprintf(e, " %s\n", mon_name);
205 write(fd, buf, e-buf);
209 /* PRC: do the HA callout: */
210 ha_callout("add-client", mon_name, my_name, -1);
211 nlist_insert(&rtnl, clnt);
214 result.res_stat = STAT_SUCC;
215 result.state = MY_STATE;
216 dprintf(N_DEBUG, "MONITORING %s for %s", mon_name, my_name);
220 note(N_WARNING, "STAT_FAIL to %s for SM_MON of %s", my_name, mon_name);
224 void load_state(void)
228 char buf[LINELEN + 1 + SM_MAXSTRLEN + 2];
233 while ((de = readdir(d))) {
238 if (de->d_name[0] == '.')
240 path = xmalloc(strlen(SM_DIR)+strlen(de->d_name)+2);
241 sprintf(path, "%s/%s", SM_DIR, de->d_name);
242 f = fopen(path, "r");
246 while (fgets(buf, sizeof(buf), f) != NULL) {
247 int addr, proc, prog, vers;
248 char priv[SM_PRIV_SIZE];
253 buf[sizeof(buf)-1] = 0;
254 b = strchr(buf, '\n');
256 sscanf(buf, "%x %x %x %x ",
257 &addr, &prog, &vers, &proc);
259 for (i=0; i<SM_PRIV_SIZE; i++) {
260 sscanf(b, "%2x", &p);
265 clnt = nlist_new("127.0.0.1", b, 0);
268 NL_ADDR(clnt).s_addr = addr;
269 NL_MY_PROG(clnt) = prog;
270 NL_MY_VERS(clnt) = vers;
271 NL_MY_PROC(clnt) = proc;
272 memcpy(NL_PRIV(clnt), priv, SM_PRIV_SIZE);
273 nlist_insert(&rtnl, clnt);
284 * Services SM_UNMON requests.
286 * There is no statement in the X/Open spec's about returning an error
287 * for requests to unmonitor a host that we're *not* monitoring. I just
288 * return the state of the NSM when I get such foolish requests for lack
289 * of any better ideas. (I also log the "offense.")
292 sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp)
294 static sm_stat result;
296 char *mon_name = argp->mon_name,
297 *my_name = argp->my_id.my_name;
298 struct my_id *id = &argp->my_id;
299 #ifdef RESTRICTED_STATD
300 struct in_addr caller;
303 result.state = MY_STATE;
305 #ifdef RESTRICTED_STATD
306 /* 1. Reject anyone not calling from 127.0.0.1.
307 * Ignore the my_name specified by the caller, and
308 * use "127.0.0.1" instead.
310 caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
311 if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
313 "Call to statd from non-local host %s",
317 my_name = "127.0.0.1";
320 /* Check if we're monitoring anyone. */
321 if (!(clnt = rtnl)) {
323 "Received SM_UNMON request from %s for %s while not "
324 "monitoring any hosts.", my_name, argp->mon_name);
329 * OK, we are. Now look for appropriate entry in run-time list.
330 * There should only be *one* match on this, since I block "duplicate"
331 * SM_MON calls. (Actually, duplicate calls are allowed, but only one
332 * entry winds up in the list the way I'm currently handling them.)
334 while ((clnt = nlist_gethost(clnt, mon_name, 0))) {
335 if (matchhostname(NL_MY_NAME(clnt), my_name) &&
336 NL_MY_PROC(clnt) == id->my_proc &&
337 NL_MY_PROG(clnt) == id->my_prog &&
338 NL_MY_VERS(clnt) == id->my_vers) {
340 dprintf(N_DEBUG, "UNMONITORING %s for %s",
343 /* PRC: do the HA callout: */
344 ha_callout("del-client", mon_name, my_name, -1);
346 nlist_free(&rtnl, clnt);
347 xunlink(SM_DIR, mon_name, 1);
351 clnt = NL_NEXT(clnt);
354 #ifdef RESTRICTED_STATD
357 note(N_WARNING, "Received erroneous SM_UNMON request from %s for %s",
364 sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
367 static sm_stat result;
369 char *my_name = argp->my_name;
370 #ifdef RESTRICTED_STATD
371 struct in_addr caller;
373 /* 1. Reject anyone not calling from 127.0.0.1.
374 * Ignore the my_name specified by the caller, and
375 * use "127.0.0.1" instead.
377 caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
378 if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
380 "Call to statd from non-local host %s",
384 my_name = "127.0.0.1";
387 result.state = MY_STATE;
389 if (!(clnt = rtnl)) {
390 note(N_WARNING, "Received SM_UNMON_ALL request from %s "
391 "while not monitoring any hosts", my_name);
395 while ((clnt = nlist_gethost(clnt, my_name, 1))) {
396 if (NL_MY_PROC(clnt) == argp->my_proc &&
397 NL_MY_PROG(clnt) == argp->my_prog &&
398 NL_MY_VERS(clnt) == argp->my_vers) {
400 char mon_name[SM_MAXSTRLEN + 1];
404 "UNMONITORING (SM_UNMON_ALL) %s for %s",
405 NL_MON_NAME(clnt), NL_MY_NAME(clnt));
406 strncpy(mon_name, NL_MON_NAME(clnt),
407 sizeof (mon_name) - 1);
408 mon_name[sizeof (mon_name) - 1] = '\0';
409 temp = NL_NEXT(clnt);
410 /* PRC: do the HA callout: */
411 ha_callout("del-client", mon_name, my_name, -1);
412 nlist_free(&rtnl, clnt);
413 xunlink(SM_DIR, mon_name, 1);
417 clnt = NL_NEXT(clnt);
421 dprintf(N_DEBUG, "SM_UNMON_ALL request from %s with no "
422 "SM_MON requests from it.", my_name);
424 #ifdef RESTRICTED_STATD