2 * Copyright (C) 1995-1999 Jeffrey A. Uphoff
3 * Major rewrite by Olaf Kirch, Dec. 1996.
4 * Modified by H.J. Lu, 1998.
5 * Tighter access control, Olaf Kirch June 1999.
21 #include <arpa/inet.h>
26 #include "ha-callout.h"
28 notify_list * rtnl = NULL; /* Run-time notify list. */
30 #define LINELEN (4*(8+1)+SM_PRIV_SIZE*2+1)
32 #ifdef RESTRICTED_STATD
34 * Reject requests from non-loopback addresses in order
35 * to prevent attack described in CERT CA-99.05.
38 caller_is_localhost(struct svc_req *rqstp)
40 struct in_addr caller;
42 caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
43 if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
45 "Call to statd from non-local host %s",
51 #else /* RESTRICTED_STATD */
53 * No restrictions for remote callers.
56 caller_is_localhost(struct svc_req *rqstp)
60 #endif /* RESTRICTED_STATD */
63 * Services SM_MON requests.
66 sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
68 static sm_stat_res result;
69 char *mon_name = argp->mon_id.mon_name,
70 *my_name = argp->mon_id.my_id.my_name;
71 struct my_id *id = &argp->mon_id.my_id;
76 struct in_addr my_addr;
78 struct hostent *hostinfo = NULL;
80 /* Assume that we'll fail. */
81 result.res_stat = STAT_FAIL;
82 result.state = -1; /* State is undefined for STAT_FAIL. */
84 #ifdef RESTRICTED_STATD
85 /* 1. Reject any remote callers.
86 * Ignore the my_name specified by the caller, and
87 * use "127.0.0.1" instead.
89 if (!caller_is_localhost(rqstp))
91 my_addr.s_addr = htonl(INADDR_LOOPBACK);
93 /* 2. Reject any registrations for non-lockd services.
95 * This is specific to the linux kernel lockd, which
96 * makes the callback procedure part of the lockd interface.
97 * It is also prone to break when lockd changes its callback
98 * procedure number -- which, in fact, has now happened once.
99 * There must be a better way.... XXX FIXME
101 if (id->my_prog != 100021 ||
102 (id->my_proc != 16 && id->my_proc != 24))
105 "Attempt to register callback to %d/%d",
106 id->my_prog, id->my_proc);
111 This is not usable anymore. Linux-kernel can be configured to use
112 host names with NSM so that multi-homed hosts are handled properly.
115 /* 3. mon_name must be an address in dotted quad.
116 * Again, specific to the linux kernel lockd.
118 if (!inet_aton(mon_name, &mon_addr)) {
120 "Attempt to register host %s (not a dotted quad)",
126 if (!(hostinfo = gethostbyname(my_name))) {
127 note(N_WARNING, "gethostbyname error for %s", my_name);
130 my_addr = *(struct in_addr *) hostinfo->h_addr;
133 * Check hostnames. If I can't look them up, I won't monitor. This
134 * might not be legal, but it adds a little bit of safety and sanity.
137 /* must check for /'s in hostname! See CERT's CA-96.09 for details. */
138 if (strchr(mon_name, '/') || mon_name[0] == '.') {
139 note(N_CRIT, "SM_MON request for hostname containing '/' "
140 "or starting '.': %s", mon_name);
141 note(N_CRIT, "POSSIBLE SPOOF/ATTACK ATTEMPT!");
143 } else if ((hostinfo = gethostbyname(mon_name)) == NULL) {
144 note(N_WARNING, "gethostbyname error for %s", mon_name);
148 /* my_name must not have white space */
149 for (cp=my_name ; *cp ; cp++)
150 if (*cp == ' ' || *cp == '\t' || *cp == '\r' || *cp == '\n')
154 * Hostnames checked OK.
155 * Now choose a hostname to use for matching. We cannot
156 * really trust much in the incoming NOTIFY, so to make
157 * sure that multi-homed hosts work nicely, we get an
158 * FQDN now, and use that for matching
160 hostinfo = gethostbyaddr(hostinfo->h_addr,
162 hostinfo->h_addrtype);
164 dnsname = xstrdup(hostinfo->h_name);
166 dnsname = xstrdup(my_name);
168 /* Now check to see if this is a duplicate, and warn if so.
169 * I will also return STAT_FAIL. (I *think* this is how I should
172 * Olaf requests that I allow duplicate SM_MON requests for
173 * hosts due to the way he is coding lockd. No problem,
174 * I'll just do a quickie success return and things should
179 while ((clnt = nlist_gethost(clnt, mon_name, 0))) {
180 if (matchhostname(NL_MY_NAME(clnt), my_name) &&
181 NL_MY_PROC(clnt) == id->my_proc &&
182 NL_MY_PROG(clnt) == id->my_prog &&
183 NL_MY_VERS(clnt) == id->my_vers &&
184 memcmp(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE) == 0) {
185 /* Hey! We already know you guys! */
187 "Duplicate SM_MON request for %s "
188 "from procedure on %s",
191 /* But we'll let you pass anyway. */
194 clnt = NL_NEXT(clnt);
198 * We're committed...ignoring errors. Let's hope that a malloc()
199 * doesn't fail. (I should probably fix this assumption.)
201 if (!(clnt = nlist_new(my_name, mon_name, 0))) {
202 note(N_WARNING, "out of memory");
206 NL_ADDR(clnt) = my_addr;
207 NL_MY_PROG(clnt) = id->my_prog;
208 NL_MY_VERS(clnt) = id->my_vers;
209 NL_MY_PROC(clnt) = id->my_proc;
210 memcpy(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE);
211 clnt->dns_name = dnsname;
214 * Now, Create file on stable storage for host.
217 path=xmalloc(strlen(SM_DIR)+strlen(dnsname)+2);
218 sprintf(path, "%s/%s", SM_DIR, dnsname);
219 if ((fd = open(path, O_WRONLY|O_SYNC|O_CREAT|O_APPEND,
220 S_IRUSR|S_IWUSR)) < 0) {
221 /* Didn't fly. We won't monitor. */
222 note(N_ERROR, "creat(%s) failed: %s", path, strerror (errno));
223 nlist_free(NULL, clnt);
228 char buf[LINELEN + 1 + SM_MAXSTRLEN*2 + 4];
231 e = buf + sprintf(buf, "%08x %08x %08x %08x ",
232 my_addr.s_addr, id->my_prog,
233 id->my_vers, id->my_proc);
234 for (i=0; i<SM_PRIV_SIZE; i++)
235 e += sprintf(e, "%02x", 0xff & (argp->priv[i]));
236 if (e+1-buf != LINELEN) abort();
237 e += sprintf(e, " %s %s\n", mon_name, my_name);
238 write(fd, buf, e-buf);
242 /* PRC: do the HA callout: */
243 ha_callout("add-client", mon_name, my_name, -1);
244 nlist_insert(&rtnl, clnt);
246 dprintf(N_DEBUG, "MONITORING %s for %s", mon_name, my_name);
248 result.res_stat = STAT_SUCC;
249 /* SUN's sm_inter.x says this should be "state number of local site".
250 * X/Open says '"state" will be contain the state of the remote NSM.'
251 * href=http://www.opengroup.org/onlinepubs/9629799/SM_MON.htm
252 * Linux lockd currently (2.6.21 and prior) ignores whatever is
253 * returned, and given the above contraction, it probably always will..
254 * So we just return what we always returned. If possible, we
255 * have already told lockd about our state number via a sysctl.
256 * If lockd wants the remote state, it will need to
257 * use SM_STAT (and prayer).
259 result.state = MY_STATE;
263 note(N_WARNING, "STAT_FAIL to %s for SM_MON of %s", my_name, mon_name);
267 void load_state(void)
271 char buf[LINELEN + 1 + SM_MAXSTRLEN + 2];
276 while ((de = readdir(d))) {
281 if (de->d_name[0] == '.')
283 path = xmalloc(strlen(SM_DIR)+strlen(de->d_name)+2);
284 sprintf(path, "%s/%s", SM_DIR, de->d_name);
285 f = fopen(path, "r");
289 while (fgets(buf, sizeof(buf), f) != NULL) {
290 int addr, proc, prog, vers;
291 char priv[SM_PRIV_SIZE];
292 char *monname, *myname;
297 buf[sizeof(buf)-1] = 0;
298 b = strchr(buf, '\n');
300 sscanf(buf, "%x %x %x %x ",
301 &addr, &prog, &vers, &proc);
303 for (i=0; i<SM_PRIV_SIZE; i++) {
304 sscanf(b, "%2x", &p);
310 while (*b && *b != ' ') b++;
312 while (*b == ' ') b++;
314 clnt = nlist_new(myname, monname, 0);
317 NL_ADDR(clnt).s_addr = addr;
318 NL_MY_PROG(clnt) = prog;
319 NL_MY_VERS(clnt) = vers;
320 NL_MY_PROC(clnt) = proc;
321 clnt->dns_name = xstrdup(de->d_name);
322 memcpy(NL_PRIV(clnt), priv, SM_PRIV_SIZE);
323 nlist_insert(&rtnl, clnt);
334 * Services SM_UNMON requests.
336 * There is no statement in the X/Open spec's about returning an error
337 * for requests to unmonitor a host that we're *not* monitoring. I just
338 * return the state of the NSM when I get such foolish requests for lack
339 * of any better ideas. (I also log the "offense.")
342 sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp)
344 static sm_stat result;
346 char *mon_name = argp->mon_name,
347 *my_name = argp->my_id.my_name;
348 struct my_id *id = &argp->my_id;
351 result.state = MY_STATE;
353 if (!caller_is_localhost(rqstp))
356 /* my_name must not have white space */
357 for (cp=my_name ; *cp ; cp++)
358 if (*cp == ' ' || *cp == '\t' || *cp == '\r' || *cp == '\n')
362 /* Check if we're monitoring anyone. */
363 if (!(clnt = rtnl)) {
365 "Received SM_UNMON request from %s for %s while not "
366 "monitoring any hosts.", my_name, argp->mon_name);
371 * OK, we are. Now look for appropriate entry in run-time list.
372 * There should only be *one* match on this, since I block "duplicate"
373 * SM_MON calls. (Actually, duplicate calls are allowed, but only one
374 * entry winds up in the list the way I'm currently handling them.)
376 while ((clnt = nlist_gethost(clnt, mon_name, 0))) {
377 if (matchhostname(NL_MY_NAME(clnt), my_name) &&
378 NL_MY_PROC(clnt) == id->my_proc &&
379 NL_MY_PROG(clnt) == id->my_prog &&
380 NL_MY_VERS(clnt) == id->my_vers) {
382 dprintf(N_DEBUG, "UNMONITORING %s for %s",
385 /* PRC: do the HA callout: */
386 ha_callout("del-client", mon_name, my_name, -1);
388 xunlink(SM_DIR, clnt->dns_name, 1);
389 nlist_free(&rtnl, clnt);
393 clnt = NL_NEXT(clnt);
397 note(N_WARNING, "Received erroneous SM_UNMON request from %s for %s",
404 sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
407 static sm_stat result;
409 char *my_name = argp->my_name;
411 if (!caller_is_localhost(rqstp))
414 result.state = MY_STATE;
416 if (!(clnt = rtnl)) {
417 note(N_WARNING, "Received SM_UNMON_ALL request from %s "
418 "while not monitoring any hosts", my_name);
422 while ((clnt = nlist_gethost(clnt, my_name, 1))) {
423 if (NL_MY_PROC(clnt) == argp->my_proc &&
424 NL_MY_PROG(clnt) == argp->my_prog &&
425 NL_MY_VERS(clnt) == argp->my_vers) {
427 char mon_name[SM_MAXSTRLEN + 1];
431 "UNMONITORING (SM_UNMON_ALL) %s for %s",
432 NL_MON_NAME(clnt), NL_MY_NAME(clnt));
433 strncpy(mon_name, NL_MON_NAME(clnt),
434 sizeof (mon_name) - 1);
435 mon_name[sizeof (mon_name) - 1] = '\0';
436 temp = NL_NEXT(clnt);
437 /* PRC: do the HA callout: */
438 ha_callout("del-client", mon_name, my_name, -1);
439 xunlink(SM_DIR, clnt->dns_name, 1);
440 nlist_free(&rtnl, clnt);
444 clnt = NL_NEXT(clnt);
448 dprintf(N_DEBUG, "SM_UNMON_ALL request from %s with no "
449 "SM_MON requests from it.", my_name);