X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fstatd%2Fmonitor.c;h=09f03daa51e2d37a658d3fd8ba6be61a80997463;hp=bbc1dec67f423de605cfbfd228fe09cd8e8a7df6;hb=9ccfe0fa5a43dfc4453b09e328565a6c8f999fe4;hpb=dda3455d8b96a7b078bc00c113e1af15ed421d5b

diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c
index bbc1dec..09f03da 100644
--- a/utils/statd/monitor.c
+++ b/utils/statd/monitor.c
@@ -20,6 +20,8 @@
 #include <errno.h>
 #include <arpa/inet.h>
 #include <dirent.h>
+
+#include "rpcmisc.h"
 #include "misc.h"
 #include "statd.h"
 #include "notlist.h"
@@ -29,6 +31,25 @@ notify_list *		rtnl = NULL;	/* Run-time notify list. */
 
 #define LINELEN (4*(8+1)+SM_PRIV_SIZE*2+1)
 
+/*
+ * Reject requests from non-loopback addresses in order
+ * to prevent attack described in CERT CA-99.05.
+ */
+static int
+caller_is_localhost(struct svc_req *rqstp)
+{
+	struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt);
+	struct in_addr	caller;
+
+	caller = sin->sin_addr;
+	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
+		xlog_warn("Call to statd from non-local host %s",
+			inet_ntoa(caller));
+		return 0;
+	}
+	return 1;
+}
+
 /*
  * Services SM_MON requests.
  */
@@ -40,37 +61,26 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 			*my_name  = argp->mon_id.my_id.my_name;
 	struct my_id	*id = &argp->mon_id.my_id;
 	char            *path;
+	char		*cp;
 	int             fd;
 	notify_list	*clnt;
 	struct in_addr	my_addr;
 	char		*dnsname;
-#ifdef RESTRICTED_STATD
-	struct in_addr	caller;
-#endif
 	struct hostent	*hostinfo = NULL;
 
+	xlog(D_CALL, "Received SM_MON for %s from %s", mon_name, my_name);
+
 	/* Assume that we'll fail. */
 	result.res_stat = STAT_FAIL;
 	result.state = -1;	/* State is undefined for STAT_FAIL. */
 
-	/* Restrict access to statd.
-	 * In the light of CERT CA-99.05, we tighten access to
-	 * statd.			--okir
-	 */
-#ifdef RESTRICTED_STATD
-	/* 1.	Reject anyone not calling from 127.0.0.1.
+	/* 1.	Reject any remote callers.
 	 *	Ignore the my_name specified by the caller, and
 	 *	use "127.0.0.1" instead.
 	 */
-	caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
-	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
-		note(N_WARNING,
-			"Call to statd from non-local host %s",
-			inet_ntoa(caller));
+	if (!caller_is_localhost(rqstp))
 		goto failure;
-	}
 	my_addr.s_addr = htonl(INADDR_LOOPBACK);
-	my_name = "127.0.0.1";
 
 	/* 2.	Reject any registrations for non-lockd services.
 	 *
@@ -83,34 +93,11 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 	if (id->my_prog != 100021 ||
 	    (id->my_proc != 16 && id->my_proc != 24))
 	{
-		note(N_WARNING,
-			"Attempt to register callback to %d/%d",
+		xlog_warn("Attempt to register callback to %d/%d",
 			id->my_prog, id->my_proc);
 		goto failure;
 	}
 
-#if 0
-	This is not usable anymore.  Linux-kernel can be configured to use
-	host names with NSM so that multi-homed hosts are handled properly.
-		NeilBrown 15mar2007
-
-	/* 3.	mon_name must be an address in dotted quad.
-	 *	Again, specific to the linux kernel lockd.
-	 */
-	if (!inet_aton(mon_name, &mon_addr)) {
-		note(N_WARNING,
-			"Attempt to register host %s (not a dotted quad)",
-			mon_name);
-		goto failure;
-	}
-#endif
-#else
-	if (!(hostinfo = gethostbyname(my_name))) {
-		note(N_WARNING, "gethostbyname error for %s", my_name);
-		goto failure;
-	} else
-		my_addr = *(struct in_addr *) hostinfo->h_addr;
-#endif
 	/*
 	 * Check hostnames.  If I can't look them up, I won't monitor.  This
 	 * might not be legal, but it adds a little bit of safety and sanity.
@@ -118,15 +105,20 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 
 	/* must check for /'s in hostname!  See CERT's CA-96.09 for details. */
 	if (strchr(mon_name, '/') || mon_name[0] == '.') {
-		note(N_CRIT, "SM_MON request for hostname containing '/' "
+		xlog(L_ERROR, "SM_MON request for hostname containing '/' "
 		     "or starting '.': %s", mon_name);
-		note(N_CRIT, "POSSIBLE SPOOF/ATTACK ATTEMPT!");
+		xlog(L_ERROR, "POSSIBLE SPOOF/ATTACK ATTEMPT!");
 		goto failure;
 	} else if ((hostinfo = gethostbyname(mon_name)) == NULL) {
-		note(N_WARNING, "gethostbyname error for %s", mon_name);
+		xlog_warn("gethostbyname error for %s", mon_name);
 		goto failure;
 	}
 
+	/* my_name must not have white space */
+	for (cp=my_name ; *cp ; cp++)
+		if (*cp == ' ' || *cp == '\t' || *cp == '\r' || *cp == '\n')
+			*cp = '_';
+
 	/*
 	 * Hostnames checked OK.
 	 * Now choose a hostname to use for matching.  We cannot
@@ -160,7 +152,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 		    NL_MY_VERS(clnt) == id->my_vers &&
 		    memcmp(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE) == 0) {
 			/* Hey!  We already know you guys! */
-			dprintf(N_DEBUG,
+			xlog(D_GENERAL,
 				"Duplicate SM_MON request for %s "
 				"from procedure on %s",
 				mon_name, my_name);
@@ -176,7 +168,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 	 * doesn't fail.  (I should probably fix this assumption.)
 	 */
 	if (!(clnt = nlist_new(my_name, mon_name, 0))) {
-		note(N_WARNING, "out of memory");
+		xlog_warn("out of memory");
 		goto failure;
 	}
 
@@ -196,13 +188,13 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 	if ((fd = open(path, O_WRONLY|O_SYNC|O_CREAT|O_APPEND,
 		       S_IRUSR|S_IWUSR)) < 0) {
 		/* Didn't fly.  We won't monitor. */
-		note(N_ERROR, "creat(%s) failed: %s", path, strerror (errno));
+		xlog(L_ERROR, "creat(%s) failed: %m", path);
 		nlist_free(NULL, clnt);
 		free(path);
 		goto failure;
 	}
 	{
-		char buf[LINELEN + 1 + SM_MAXSTRLEN + 2];
+		char buf[LINELEN + 1 + SM_MAXSTRLEN*2 + 4];
 		char *e;
 		int i;
 		e = buf + sprintf(buf, "%08x %08x %08x %08x ",
@@ -211,8 +203,11 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 		for (i=0; i<SM_PRIV_SIZE; i++)
 			e += sprintf(e, "%02x", 0xff & (argp->priv[i]));
 		if (e+1-buf != LINELEN) abort();
-		e += sprintf(e, " %s\n", mon_name);
-		write(fd, buf, e-buf);
+		e += sprintf(e, " %s %s\n", mon_name, my_name);
+		if (write(fd, buf, e-buf) != (e-buf)) {
+			xlog_warn("writing to %s failed: errno %d (%s)",
+				path, errno, strerror(errno));
+		}
 	}
 
 	free(path);
@@ -220,7 +215,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 	ha_callout("add-client", mon_name, my_name, -1);
 	nlist_insert(&rtnl, clnt);
 	close(fd);
-	dprintf(N_DEBUG, "MONITORING %s for %s", mon_name, my_name);
+	xlog(D_GENERAL, "MONITORING %s for %s", mon_name, my_name);
  success:
 	result.res_stat = STAT_SUCC;
 	/* SUN's sm_inter.x says this should be "state number of local site".
@@ -237,7 +232,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 	return (&result);
 
 failure:
-	note(N_WARNING, "STAT_FAIL to %s for SM_MON of %s", my_name, mon_name);
+	xlog_warn("STAT_FAIL to %s for SM_MON of %s", my_name, mon_name);
 	return (&result);
 }
 
@@ -266,6 +261,7 @@ void load_state(void)
 		while (fgets(buf, sizeof(buf), f) != NULL) {
 			int addr, proc, prog, vers;
 			char priv[SM_PRIV_SIZE];
+			char *monname, *myname;
 			char *b;
 			int i;
 			notify_list	*clnt;
@@ -282,7 +278,12 @@ void load_state(void)
 				b += 2;
 			}
 			b++;
-			clnt = nlist_new("127.0.0.1", b, 0);
+			monname = b;
+			while (*b && *b != ' ') b++;
+			if (*b) *b++ = '\0';
+			while (*b == ' ') b++;
+			myname = b;
+			clnt = nlist_new(myname, monname, 0);
 			if (!clnt)
 				break;
 			NL_ADDR(clnt).s_addr = addr;
@@ -317,34 +318,28 @@ sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp)
 	char		*mon_name = argp->mon_name,
 			*my_name  = argp->my_id.my_name;
 	struct my_id	*id = &argp->my_id;
-#ifdef RESTRICTED_STATD
-	struct in_addr	caller;
-#endif
+	char		*cp;
+
+	xlog(D_CALL, "Received SM_UNMON for %s from %s", mon_name, my_name);
 
 	result.state = MY_STATE;
 
-#ifdef RESTRICTED_STATD
-	/* 1.	Reject anyone not calling from 127.0.0.1.
-	 *	Ignore the my_name specified by the caller, and
-	 *	use "127.0.0.1" instead.
-	 */
-	caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
-	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
-		note(N_WARNING,
-			"Call to statd from non-local host %s",
-			inet_ntoa(caller));
+	if (!caller_is_localhost(rqstp))
 		goto failure;
-	}
-	my_name = "127.0.0.1";
-#endif
+
+	/* my_name must not have white space */
+	for (cp=my_name ; *cp ; cp++)
+		if (*cp == ' ' || *cp == '\t' || *cp == '\r' || *cp == '\n')
+			*cp = '_';
+
 
 	/* Check if we're monitoring anyone. */
-	if (!(clnt = rtnl)) {
-		note(N_WARNING,
-			"Received SM_UNMON request from %s for %s while not "
-			"monitoring any hosts.", my_name, argp->mon_name);
+	if (rtnl == NULL) {
+		xlog_warn("Received SM_UNMON request from %s for %s while not "
+			"monitoring any hosts", my_name, argp->mon_name);
 		return (&result);
 	}
+	clnt = rtnl;
 
 	/*
 	 * OK, we are.  Now look for appropriate entry in run-time list.
@@ -358,24 +353,22 @@ sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp)
 			NL_MY_PROG(clnt) == id->my_prog &&
 			NL_MY_VERS(clnt) == id->my_vers) {
 			/* Match! */
-			dprintf(N_DEBUG, "UNMONITORING %s for %s",
+			xlog(D_GENERAL, "UNMONITORING %s for %s",
 					mon_name, my_name);
 
 			/* PRC: do the HA callout: */
 			ha_callout("del-client", mon_name, my_name, -1);
 
+			xunlink(SM_DIR, clnt->dns_name);
 			nlist_free(&rtnl, clnt);
-			xunlink(SM_DIR, mon_name, 1);
 
 			return (&result);
 		} else
 			clnt = NL_NEXT(clnt);
 	}
 
-#ifdef RESTRICTED_STATD
  failure:
-#endif
-	note(N_WARNING, "Received erroneous SM_UNMON request from %s for %s",
+	xlog_warn("Received erroneous SM_UNMON request from %s for %s",
 		my_name, mon_name);
 	return (&result);
 }
@@ -388,30 +381,20 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
 	static sm_stat  result;
 	notify_list	*clnt;
 	char		*my_name = argp->my_name;
-#ifdef RESTRICTED_STATD
-	struct in_addr	caller;
 
-	/* 1.	Reject anyone not calling from 127.0.0.1.
-	 *	Ignore the my_name specified by the caller, and
-	 *	use "127.0.0.1" instead.
-	 */
-	caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
-	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
-		note(N_WARNING,
-			"Call to statd from non-local host %s",
-			inet_ntoa(caller));
+	xlog(D_CALL, "Received SM_UNMON_ALL for %s", my_name);
+
+	if (!caller_is_localhost(rqstp))
 		goto failure;
-	}
-	my_name = "127.0.0.1";
-#endif
 
 	result.state = MY_STATE;
 
-	if (!(clnt = rtnl)) {
-		note(N_WARNING, "Received SM_UNMON_ALL request from %s "
+	if (rtnl == NULL) {
+		xlog_warn("Received SM_UNMON_ALL request from %s "
 			"while not monitoring any hosts", my_name);
 		return (&result);
 	}
+	clnt = rtnl;
 
 	while ((clnt = nlist_gethost(clnt, my_name, 1))) {
 		if (NL_MY_PROC(clnt) == argp->my_proc &&
@@ -421,7 +404,7 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
 			char            mon_name[SM_MAXSTRLEN + 1];
 			notify_list	*temp;
 
-			dprintf(N_DEBUG,
+			xlog(D_GENERAL,
 				"UNMONITORING (SM_UNMON_ALL) %s for %s",
 				NL_MON_NAME(clnt), NL_MY_NAME(clnt));
 			strncpy(mon_name, NL_MON_NAME(clnt),
@@ -430,8 +413,8 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
 			temp = NL_NEXT(clnt);
 			/* PRC: do the HA callout: */
 			ha_callout("del-client", mon_name, my_name, -1);
+			xunlink(SM_DIR, clnt->dns_name);
 			nlist_free(&rtnl, clnt);
-			xunlink(SM_DIR, mon_name, 1);
 			++count;
 			clnt = temp;
 		} else
@@ -439,11 +422,10 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
 	}
 
 	if (!count) {
-		dprintf(N_DEBUG, "SM_UNMON_ALL request from %s with no "
-			"SM_MON requests from it.", my_name);
+		xlog(D_GENERAL, "SM_UNMON_ALL request from %s with no "
+			"SM_MON requests from it", my_name);
 	}
-#ifdef RESTRICTED_STATD
+
  failure:
-#endif
 	return (&result);
 }