X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fstatd%2Fmonitor.c;h=09f03daa51e2d37a658d3fd8ba6be61a80997463;hp=c447a269bb9b86f2c82091ff7844e6cb693977ac;hb=9ccfe0fa5a43dfc4453b09e328565a6c8f999fe4;hpb=4b2f63a5e581ecfa12abb2419310c4e62eb27134 diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c index c447a26..09f03da 100644 --- a/utils/statd/monitor.c +++ b/utils/statd/monitor.c @@ -20,6 +20,8 @@ #include #include #include + +#include "rpcmisc.h" #include "misc.h" #include "statd.h" #include "notlist.h" @@ -29,6 +31,25 @@ notify_list * rtnl = NULL; /* Run-time notify list. */ #define LINELEN (4*(8+1)+SM_PRIV_SIZE*2+1) +/* + * Reject requests from non-loopback addresses in order + * to prevent attack described in CERT CA-99.05. + */ +static int +caller_is_localhost(struct svc_req *rqstp) +{ + struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt); + struct in_addr caller; + + caller = sin->sin_addr; + if (caller.s_addr != htonl(INADDR_LOOPBACK)) { + xlog_warn("Call to statd from non-local host %s", + inet_ntoa(caller)); + return 0; + } + return 1; +} + /* * Services SM_MON requests. */ @@ -45,31 +66,20 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) notify_list *clnt; struct in_addr my_addr; char *dnsname; -#ifdef RESTRICTED_STATD - struct in_addr caller; -#endif struct hostent *hostinfo = NULL; + xlog(D_CALL, "Received SM_MON for %s from %s", mon_name, my_name); + /* Assume that we'll fail. */ result.res_stat = STAT_FAIL; result.state = -1; /* State is undefined for STAT_FAIL. */ - /* Restrict access to statd. - * In the light of CERT CA-99.05, we tighten access to - * statd. --okir - */ -#ifdef RESTRICTED_STATD - /* 1. Reject anyone not calling from 127.0.0.1. + /* 1. Reject any remote callers. * Ignore the my_name specified by the caller, and * use "127.0.0.1" instead. */ - caller = svc_getcaller(rqstp->rq_xprt)->sin_addr; - if (caller.s_addr != htonl(INADDR_LOOPBACK)) { - note(N_WARNING, - "Call to statd from non-local host %s", - inet_ntoa(caller)); + if (!caller_is_localhost(rqstp)) goto failure; - } my_addr.s_addr = htonl(INADDR_LOOPBACK); /* 2. Reject any registrations for non-lockd services. @@ -83,34 +93,11 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) if (id->my_prog != 100021 || (id->my_proc != 16 && id->my_proc != 24)) { - note(N_WARNING, - "Attempt to register callback to %d/%d", + xlog_warn("Attempt to register callback to %d/%d", id->my_prog, id->my_proc); goto failure; } -#if 0 - This is not usable anymore. Linux-kernel can be configured to use - host names with NSM so that multi-homed hosts are handled properly. - NeilBrown 15mar2007 - - /* 3. mon_name must be an address in dotted quad. - * Again, specific to the linux kernel lockd. - */ - if (!inet_aton(mon_name, &mon_addr)) { - note(N_WARNING, - "Attempt to register host %s (not a dotted quad)", - mon_name); - goto failure; - } -#endif -#else - if (!(hostinfo = gethostbyname(my_name))) { - note(N_WARNING, "gethostbyname error for %s", my_name); - goto failure; - } else - my_addr = *(struct in_addr *) hostinfo->h_addr; -#endif /* * Check hostnames. If I can't look them up, I won't monitor. This * might not be legal, but it adds a little bit of safety and sanity. @@ -118,12 +105,12 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) /* must check for /'s in hostname! See CERT's CA-96.09 for details. */ if (strchr(mon_name, '/') || mon_name[0] == '.') { - note(N_CRIT, "SM_MON request for hostname containing '/' " + xlog(L_ERROR, "SM_MON request for hostname containing '/' " "or starting '.': %s", mon_name); - note(N_CRIT, "POSSIBLE SPOOF/ATTACK ATTEMPT!"); + xlog(L_ERROR, "POSSIBLE SPOOF/ATTACK ATTEMPT!"); goto failure; } else if ((hostinfo = gethostbyname(mon_name)) == NULL) { - note(N_WARNING, "gethostbyname error for %s", mon_name); + xlog_warn("gethostbyname error for %s", mon_name); goto failure; } @@ -165,7 +152,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) NL_MY_VERS(clnt) == id->my_vers && memcmp(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE) == 0) { /* Hey! We already know you guys! */ - dprintf(N_DEBUG, + xlog(D_GENERAL, "Duplicate SM_MON request for %s " "from procedure on %s", mon_name, my_name); @@ -181,7 +168,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) * doesn't fail. (I should probably fix this assumption.) */ if (!(clnt = nlist_new(my_name, mon_name, 0))) { - note(N_WARNING, "out of memory"); + xlog_warn("out of memory"); goto failure; } @@ -201,7 +188,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) if ((fd = open(path, O_WRONLY|O_SYNC|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR)) < 0) { /* Didn't fly. We won't monitor. */ - note(N_ERROR, "creat(%s) failed: %s", path, strerror (errno)); + xlog(L_ERROR, "creat(%s) failed: %m", path); nlist_free(NULL, clnt); free(path); goto failure; @@ -217,7 +204,10 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) e += sprintf(e, "%02x", 0xff & (argp->priv[i])); if (e+1-buf != LINELEN) abort(); e += sprintf(e, " %s %s\n", mon_name, my_name); - write(fd, buf, e-buf); + if (write(fd, buf, e-buf) != (e-buf)) { + xlog_warn("writing to %s failed: errno %d (%s)", + path, errno, strerror(errno)); + } } free(path); @@ -225,7 +215,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) ha_callout("add-client", mon_name, my_name, -1); nlist_insert(&rtnl, clnt); close(fd); - dprintf(N_DEBUG, "MONITORING %s for %s", mon_name, my_name); + xlog(D_GENERAL, "MONITORING %s for %s", mon_name, my_name); success: result.res_stat = STAT_SUCC; /* SUN's sm_inter.x says this should be "state number of local site". @@ -242,7 +232,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) return (&result); failure: - note(N_WARNING, "STAT_FAIL to %s for SM_MON of %s", my_name, mon_name); + xlog_warn("STAT_FAIL to %s for SM_MON of %s", my_name, mon_name); return (&result); } @@ -280,7 +270,7 @@ void load_state(void) b = strchr(buf, '\n'); if (b) *b = 0; sscanf(buf, "%x %x %x %x ", - &addr, &prog, &vers, &proc, myname); + &addr, &prog, &vers, &proc); b = buf+36; for (i=0; imy_id.my_name; struct my_id *id = &argp->my_id; char *cp; -#ifdef RESTRICTED_STATD - struct in_addr caller; -#endif + + xlog(D_CALL, "Received SM_UNMON for %s from %s", mon_name, my_name); result.state = MY_STATE; -#ifdef RESTRICTED_STATD - /* 1. Reject anyone not calling from 127.0.0.1. - * Ignore the my_name specified by the caller, and - * use "127.0.0.1" instead. - */ - caller = svc_getcaller(rqstp->rq_xprt)->sin_addr; - if (caller.s_addr != htonl(INADDR_LOOPBACK)) { - note(N_WARNING, - "Call to statd from non-local host %s", - inet_ntoa(caller)); + if (!caller_is_localhost(rqstp)) goto failure; - } -#endif + /* my_name must not have white space */ for (cp=my_name ; *cp ; cp++) if (*cp == ' ' || *cp == '\t' || *cp == '\r' || *cp == '\n') @@ -355,12 +334,12 @@ sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp) /* Check if we're monitoring anyone. */ - if (!(clnt = rtnl)) { - note(N_WARNING, - "Received SM_UNMON request from %s for %s while not " - "monitoring any hosts.", my_name, argp->mon_name); + if (rtnl == NULL) { + xlog_warn("Received SM_UNMON request from %s for %s while not " + "monitoring any hosts", my_name, argp->mon_name); return (&result); } + clnt = rtnl; /* * OK, we are. Now look for appropriate entry in run-time list. @@ -374,24 +353,22 @@ sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp) NL_MY_PROG(clnt) == id->my_prog && NL_MY_VERS(clnt) == id->my_vers) { /* Match! */ - dprintf(N_DEBUG, "UNMONITORING %s for %s", + xlog(D_GENERAL, "UNMONITORING %s for %s", mon_name, my_name); /* PRC: do the HA callout: */ ha_callout("del-client", mon_name, my_name, -1); + xunlink(SM_DIR, clnt->dns_name); nlist_free(&rtnl, clnt); - xunlink(SM_DIR, mon_name, 1); return (&result); } else clnt = NL_NEXT(clnt); } -#ifdef RESTRICTED_STATD failure: -#endif - note(N_WARNING, "Received erroneous SM_UNMON request from %s for %s", + xlog_warn("Received erroneous SM_UNMON request from %s for %s", my_name, mon_name); return (&result); } @@ -404,29 +381,20 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp) static sm_stat result; notify_list *clnt; char *my_name = argp->my_name; -#ifdef RESTRICTED_STATD - struct in_addr caller; - /* 1. Reject anyone not calling from 127.0.0.1. - * Ignore the my_name specified by the caller, and - * use "127.0.0.1" instead. - */ - caller = svc_getcaller(rqstp->rq_xprt)->sin_addr; - if (caller.s_addr != htonl(INADDR_LOOPBACK)) { - note(N_WARNING, - "Call to statd from non-local host %s", - inet_ntoa(caller)); + xlog(D_CALL, "Received SM_UNMON_ALL for %s", my_name); + + if (!caller_is_localhost(rqstp)) goto failure; - } -#endif result.state = MY_STATE; - if (!(clnt = rtnl)) { - note(N_WARNING, "Received SM_UNMON_ALL request from %s " + if (rtnl == NULL) { + xlog_warn("Received SM_UNMON_ALL request from %s " "while not monitoring any hosts", my_name); return (&result); } + clnt = rtnl; while ((clnt = nlist_gethost(clnt, my_name, 1))) { if (NL_MY_PROC(clnt) == argp->my_proc && @@ -436,7 +404,7 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp) char mon_name[SM_MAXSTRLEN + 1]; notify_list *temp; - dprintf(N_DEBUG, + xlog(D_GENERAL, "UNMONITORING (SM_UNMON_ALL) %s for %s", NL_MON_NAME(clnt), NL_MY_NAME(clnt)); strncpy(mon_name, NL_MON_NAME(clnt), @@ -445,8 +413,8 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp) temp = NL_NEXT(clnt); /* PRC: do the HA callout: */ ha_callout("del-client", mon_name, my_name, -1); + xunlink(SM_DIR, clnt->dns_name); nlist_free(&rtnl, clnt); - xunlink(SM_DIR, mon_name, 1); ++count; clnt = temp; } else @@ -454,11 +422,10 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp) } if (!count) { - dprintf(N_DEBUG, "SM_UNMON_ALL request from %s with no " - "SM_MON requests from it.", my_name); + xlog(D_GENERAL, "SM_UNMON_ALL request from %s with no " + "SM_MON requests from it", my_name); } -#ifdef RESTRICTED_STATD + failure: -#endif return (&result); }