X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fstatd%2Fmonitor.c;h=169cd78ac82b17a99c5ce90850bb97f4d4fac901;hp=5fcab1d424247711070db3c2bbcc612b34a798d2;hb=27a49079b03316eebcbc74197b73988b01b58ecc;hpb=e6da8bc0d56d3106d663ab056b1ca484713f4d77

diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c
index 5fcab1d..169cd78 100644
--- a/utils/statd/monitor.c
+++ b/utils/statd/monitor.c
@@ -20,6 +20,8 @@
 #include <errno.h>
 #include <arpa/inet.h>
 #include <dirent.h>
+
+#include "rpcmisc.h"
 #include "misc.h"
 #include "statd.h"
 #include "notlist.h"
@@ -29,6 +31,26 @@ notify_list *		rtnl = NULL;	/* Run-time notify list. */
 
 #define LINELEN (4*(8+1)+SM_PRIV_SIZE*2+1)
 
+/*
+ * Reject requests from non-loopback addresses in order
+ * to prevent attack described in CERT CA-99.05.
+ */
+static int
+caller_is_localhost(struct svc_req *rqstp)
+{
+	struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt);
+	struct in_addr	caller;
+
+	caller = sin->sin_addr;
+	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
+		note(N_WARNING,
+			"Call to statd from non-local host %s",
+			inet_ntoa(caller));
+		return 0;
+	}
+	return 1;
+}
+
 /*
  * Services SM_MON requests.
  */
@@ -40,37 +62,24 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 			*my_name  = argp->mon_id.my_id.my_name;
 	struct my_id	*id = &argp->mon_id.my_id;
 	char            *path;
+	char		*cp;
 	int             fd;
 	notify_list	*clnt;
 	struct in_addr	my_addr;
-#ifdef RESTRICTED_STATD
-	struct in_addr	caller;
-#else
+	char		*dnsname;
 	struct hostent	*hostinfo = NULL;
-#endif
 
 	/* Assume that we'll fail. */
 	result.res_stat = STAT_FAIL;
 	result.state = -1;	/* State is undefined for STAT_FAIL. */
 
-	/* Restrict access to statd.
-	 * In the light of CERT CA-99.05, we tighten access to
-	 * statd.			--okir
-	 */
-#ifdef RESTRICTED_STATD
-	/* 1.	Reject anyone not calling from 127.0.0.1.
+	/* 1.	Reject any remote callers.
 	 *	Ignore the my_name specified by the caller, and
 	 *	use "127.0.0.1" instead.
 	 */
-	caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
-	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
-		note(N_WARNING,
-			"Call to statd from non-local host %s",
-			inet_ntoa(caller));
+	if (!caller_is_localhost(rqstp))
 		goto failure;
-	}
 	my_addr.s_addr = htonl(INADDR_LOOPBACK);
-	my_name = "127.0.0.1";
 
 	/* 2.	Reject any registrations for non-lockd services.
 	 *
@@ -89,22 +98,6 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 		goto failure;
 	}
 
-#if 0
-	This is not usable anymore.  Linux-kernel can be configured to use
-	host names with NSM so that multi-homed hosts are handled properly.
-		NeilBrown 15mar2007
-
-	/* 3.	mon_name must be an address in dotted quad.
-	 *	Again, specific to the linux kernel lockd.
-	 */
-	if (!inet_aton(mon_name, &mon_addr)) {
-		note(N_WARNING,
-			"Attempt to register host %s (not a dotted quad)",
-			mon_name);
-		goto failure;
-	}
-#endif
-#endif
 	/*
 	 * Check hostnames.  If I can't look them up, I won't monitor.  This
 	 * might not be legal, but it adds a little bit of safety and sanity.
@@ -116,21 +109,32 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 		     "or starting '.': %s", mon_name);
 		note(N_CRIT, "POSSIBLE SPOOF/ATTACK ATTEMPT!");
 		goto failure;
-	} else if (gethostbyname(mon_name) == NULL) {
+	} else if ((hostinfo = gethostbyname(mon_name)) == NULL) {
 		note(N_WARNING, "gethostbyname error for %s", mon_name);
 		goto failure;
 	}
-#ifndef RESTRICTED_STATD
-	if (!(hostinfo = gethostbyname(my_name))) {
-		note(N_WARNING, "gethostbyname error for %s", my_name);
-		goto failure;
-	} else
-		my_addr = *(struct in_addr *) hostinfo->h_addr;
-#endif
+
+	/* my_name must not have white space */
+	for (cp=my_name ; *cp ; cp++)
+		if (*cp == ' ' || *cp == '\t' || *cp == '\r' || *cp == '\n')
+			*cp = '_';
 
 	/*
 	 * Hostnames checked OK.
-	 * Now check to see if this is a duplicate, and warn if so.
+	 * Now choose a hostname to use for matching.  We cannot
+	 * really trust much in the incoming NOTIFY, so to make
+	 * sure that multi-homed hosts work nicely, we get an
+	 * FQDN now, and use that for matching
+	 */
+	hostinfo = gethostbyaddr(hostinfo->h_addr,
+				 hostinfo->h_length,
+				 hostinfo->h_addrtype);
+	if (hostinfo)
+		dnsname = xstrdup(hostinfo->h_name);
+	else
+		dnsname = xstrdup(my_name);
+
+	/* Now check to see if this is a duplicate, and warn if so.
 	 * I will also return STAT_FAIL. (I *think* this is how I should
 	 * handle it.)
 	 *
@@ -145,7 +149,8 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 		if (matchhostname(NL_MY_NAME(clnt), my_name) &&
 		    NL_MY_PROC(clnt) == id->my_proc &&
 		    NL_MY_PROG(clnt) == id->my_prog &&
-		    NL_MY_VERS(clnt) == id->my_vers) {
+		    NL_MY_VERS(clnt) == id->my_vers &&
+		    memcmp(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE) == 0) {
 			/* Hey!  We already know you guys! */
 			dprintf(N_DEBUG,
 				"Duplicate SM_MON request for %s "
@@ -153,9 +158,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 				mon_name, my_name);
 
 			/* But we'll let you pass anyway. */
-			result.res_stat = STAT_SUCC;
-			result.state = MY_STATE;
-			return (&result);
+			goto success;
 		}
 		clnt = NL_NEXT(clnt);
 	}
@@ -174,13 +177,14 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 	NL_MY_VERS(clnt) = id->my_vers;
 	NL_MY_PROC(clnt) = id->my_proc;
 	memcpy(NL_PRIV(clnt), argp->priv, SM_PRIV_SIZE);
+	clnt->dns_name = dnsname;
 
 	/*
 	 * Now, Create file on stable storage for host.
 	 */
 
-	path=xmalloc(strlen(SM_DIR)+strlen(mon_name)+2);
-	sprintf(path, "%s/%s", SM_DIR, mon_name);
+	path=xmalloc(strlen(SM_DIR)+strlen(dnsname)+2);
+	sprintf(path, "%s/%s", SM_DIR, dnsname);
 	if ((fd = open(path, O_WRONLY|O_SYNC|O_CREAT|O_APPEND,
 		       S_IRUSR|S_IWUSR)) < 0) {
 		/* Didn't fly.  We won't monitor. */
@@ -190,7 +194,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 		goto failure;
 	}
 	{
-		char buf[LINELEN + 1 + SM_MAXSTRLEN + 2];
+		char buf[LINELEN + 1 + SM_MAXSTRLEN*2 + 4];
 		char *e;
 		int i;
 		e = buf + sprintf(buf, "%08x %08x %08x %08x ",
@@ -199,7 +203,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 		for (i=0; i<SM_PRIV_SIZE; i++)
 			e += sprintf(e, "%02x", 0xff & (argp->priv[i]));
 		if (e+1-buf != LINELEN) abort();
-		e += sprintf(e, " %s\n", mon_name);
+		e += sprintf(e, " %s %s\n", mon_name, my_name);
 		write(fd, buf, e-buf);
 	}
 
@@ -208,10 +212,20 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
 	ha_callout("add-client", mon_name, my_name, -1);
 	nlist_insert(&rtnl, clnt);
 	close(fd);
-
+	dprintf(N_DEBUG, "MONITORING %s for %s", mon_name, my_name);
+ success:
 	result.res_stat = STAT_SUCC;
+	/* SUN's sm_inter.x says this should be "state number of local site".
+	 * X/Open says '"state" will be contain the state of the remote NSM.'
+	 * href=http://www.opengroup.org/onlinepubs/9629799/SM_MON.htm
+	 * Linux lockd currently (2.6.21 and prior) ignores whatever is
+	 * returned, and given the above contraction, it probably always will..
+	 * So we just return what we always returned.  If possible, we
+	 * have already told lockd about our state number via a sysctl.
+	 * If lockd wants the remote state, it will need to
+	 * use SM_STAT (and prayer).
+	 */
 	result.state = MY_STATE;
-	dprintf(N_DEBUG, "MONITORING %s for %s", mon_name, my_name);
 	return (&result);
 
 failure:
@@ -244,6 +258,7 @@ void load_state(void)
 		while (fgets(buf, sizeof(buf), f) != NULL) {
 			int addr, proc, prog, vers;
 			char priv[SM_PRIV_SIZE];
+			char *monname, *myname;
 			char *b;
 			int i;
 			notify_list	*clnt;
@@ -260,13 +275,19 @@ void load_state(void)
 				b += 2;
 			}
 			b++;
-			clnt = nlist_new("127.0.0.1", b, 0);
+			monname = b;
+			while (*b && *b != ' ') b++;
+			if (*b) *b++ = '\0';
+			while (*b == ' ') b++;
+			myname = b;
+			clnt = nlist_new(myname, monname, 0);
 			if (!clnt)
 				break;
 			NL_ADDR(clnt).s_addr = addr;
 			NL_MY_PROG(clnt) = prog;
 			NL_MY_VERS(clnt) = vers;
 			NL_MY_PROC(clnt) = proc;
+			clnt->dns_name = xstrdup(de->d_name);
 			memcpy(NL_PRIV(clnt), priv, SM_PRIV_SIZE);
 			nlist_insert(&rtnl, clnt);
 		}
@@ -294,34 +315,27 @@ sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp)
 	char		*mon_name = argp->mon_name,
 			*my_name  = argp->my_id.my_name;
 	struct my_id	*id = &argp->my_id;
-#ifdef RESTRICTED_STATD
-	struct in_addr	caller;
-#endif
+	char		*cp;
 
 	result.state = MY_STATE;
 
-#ifdef RESTRICTED_STATD
-	/* 1.	Reject anyone not calling from 127.0.0.1.
-	 *	Ignore the my_name specified by the caller, and
-	 *	use "127.0.0.1" instead.
-	 */
-	caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
-	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
-		note(N_WARNING,
-			"Call to statd from non-local host %s",
-			inet_ntoa(caller));
+	if (!caller_is_localhost(rqstp))
 		goto failure;
-	}
-	my_name = "127.0.0.1";
-#endif
+
+	/* my_name must not have white space */
+	for (cp=my_name ; *cp ; cp++)
+		if (*cp == ' ' || *cp == '\t' || *cp == '\r' || *cp == '\n')
+			*cp = '_';
+
 
 	/* Check if we're monitoring anyone. */
-	if (!(clnt = rtnl)) {
+	if (rtnl == NULL) {
 		note(N_WARNING,
 			"Received SM_UNMON request from %s for %s while not "
 			"monitoring any hosts.", my_name, argp->mon_name);
 		return (&result);
 	}
+	clnt = rtnl;
 
 	/*
 	 * OK, we are.  Now look for appropriate entry in run-time list.
@@ -341,17 +355,15 @@ sm_unmon_1_svc(struct mon_id *argp, struct svc_req *rqstp)
 			/* PRC: do the HA callout: */
 			ha_callout("del-client", mon_name, my_name, -1);
 
+			xunlink(SM_DIR, clnt->dns_name);
 			nlist_free(&rtnl, clnt);
-			xunlink(SM_DIR, mon_name, 1);
 
 			return (&result);
 		} else
 			clnt = NL_NEXT(clnt);
 	}
 
-#ifdef RESTRICTED_STATD
  failure:
-#endif
 	note(N_WARNING, "Received erroneous SM_UNMON request from %s for %s",
 		my_name, mon_name);
 	return (&result);
@@ -365,30 +377,18 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
 	static sm_stat  result;
 	notify_list	*clnt;
 	char		*my_name = argp->my_name;
-#ifdef RESTRICTED_STATD
-	struct in_addr	caller;
 
-	/* 1.	Reject anyone not calling from 127.0.0.1.
-	 *	Ignore the my_name specified by the caller, and
-	 *	use "127.0.0.1" instead.
-	 */
-	caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
-	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
-		note(N_WARNING,
-			"Call to statd from non-local host %s",
-			inet_ntoa(caller));
+	if (!caller_is_localhost(rqstp))
 		goto failure;
-	}
-	my_name = "127.0.0.1";
-#endif
 
 	result.state = MY_STATE;
 
-	if (!(clnt = rtnl)) {
+	if (rtnl == NULL) {
 		note(N_WARNING, "Received SM_UNMON_ALL request from %s "
 			"while not monitoring any hosts", my_name);
 		return (&result);
 	}
+	clnt = rtnl;
 
 	while ((clnt = nlist_gethost(clnt, my_name, 1))) {
 		if (NL_MY_PROC(clnt) == argp->my_proc &&
@@ -407,8 +407,8 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
 			temp = NL_NEXT(clnt);
 			/* PRC: do the HA callout: */
 			ha_callout("del-client", mon_name, my_name, -1);
+			xunlink(SM_DIR, clnt->dns_name);
 			nlist_free(&rtnl, clnt);
-			xunlink(SM_DIR, mon_name, 1);
 			++count;
 			clnt = temp;
 		} else
@@ -419,8 +419,7 @@ sm_unmon_all_1_svc(struct my_id *argp, struct svc_req *rqstp)
 		dprintf(N_DEBUG, "SM_UNMON_ALL request from %s with no "
 			"SM_MON requests from it.", my_name);
 	}
-#ifdef RESTRICTED_STATD
+
  failure:
-#endif
 	return (&result);
 }