usr.sbin/rpcbind/security.c

   1 /*      $NetBSD: security.c,v 1.5 2000/06/08 09:01:05 fvdl Exp $        */
   2 /*      $FreeBSD: src/usr.sbin/rpcbind/security.c,v 1.6 2002/12/16 22:24:26 mbr Exp $ */
   3
   4 #include <sys/types.h>
   5 #include <sys/time.h>
   6 #include <sys/socket.h>
   7 #include <netinet/in.h>
   8 #include <arpa/inet.h>
   9 #include <rpc/rpc.h>
  10 #include <rpc/rpcb_prot.h>
  11 #include <rpc/pmap_prot.h>
  12 #include <err.h>
  13 #include <stdio.h>
  14 #include <stdlib.h>
  15 #include <string.h>
  16 #include <unistd.h>
  17 #include <libutil.h>
  18 #include <syslog.h>
  19 #include <netdb.h>
  20
  21 /*
  22  * XXX for special case checks in check_callit.
  23  */
  24 #include <rpcsvc/mount.h>
  25 #include <rpcsvc/rquota.h>
  26 #include <rpcsvc/nfs_prot.h>
  27 #include <rpcsvc/yp.h>
  28 #include <rpcsvc/ypclnt.h>
  29 #include <rpcsvc/yppasswd.h>
  30
  31 #include "rpcbind.h"
  32
  33 #ifdef LIBWRAP
  34 # include <tcpd.h>
  35 #ifndef LIBWRAP_ALLOW_FACILITY
  36 # define LIBWRAP_ALLOW_FACILITY LOG_AUTH
  37 #endif
  38 #ifndef LIBWRAP_ALLOW_SEVERITY
  39 # define LIBWRAP_ALLOW_SEVERITY LOG_INFO
  40 #endif
  41 #ifndef LIBWRAP_DENY_FACILITY
  42 # define LIBWRAP_DENY_FACILITY LOG_AUTH
  43 #endif
  44 #ifndef LIBWRAP_DENY_SEVERITY
  45 # define LIBWRAP_DENY_SEVERITY LOG_WARNING
  46 #endif
  47 int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
  48 int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
  49 #endif
  50
  51 #ifndef PORTMAP_LOG_FACILITY
  52 # define PORTMAP_LOG_FACILITY LOG_AUTH
  53 #endif
  54 #ifndef PORTMAP_LOG_SEVERITY
  55 # define PORTMAP_LOG_SEVERITY LOG_INFO
  56 #endif
  57 int log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY;
  58
  59 extern int verboselog;
  60
  61 int
  62 check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
  63 {
  64         struct netbuf *caller = svc_getrpccaller(xprt);
  65         struct sockaddr *addr = (struct sockaddr *)caller->buf;
  66 #ifdef LIBWRAP
  67         struct request_info req;
  68 #endif
  69         rpcprog_t prog = 0;
  70         rpcb *rpcbp;
  71         struct pmap *pmap;
  72
  73         /*
  74          * The older PMAP_* equivalents have the same numbers, so
  75          * they are accounted for here as well.
  76          */
  77         switch (proc) {
  78         case RPCBPROC_GETADDR:
  79         case RPCBPROC_SET:
  80         case RPCBPROC_UNSET:
  81                 if (rpcbvers > PMAPVERS) {
  82                         rpcbp = (rpcb *)args;
  83                         prog = rpcbp->r_prog;
  84                 } else {
  85                         pmap = (struct pmap *)args;
  86                         prog = pmap->pm_prog;
  87                 }
  88                 if (proc == RPCBPROC_GETADDR)
  89                         break;
  90                 if (!insecure && !is_loopback(caller)) {
  91                         if (verboselog)
  92                                 logit(log_severity, addr, proc, prog,
  93                                     " declined (non-loopback sender)");
  94                         return 0;
  95                 }
  96                 break;
  97         case RPCBPROC_CALLIT:
  98         case RPCBPROC_INDIRECT:
  99         case RPCBPROC_DUMP:
 100         case RPCBPROC_GETTIME:
 101         case RPCBPROC_UADDR2TADDR:
 102         case RPCBPROC_TADDR2UADDR:
 103         case RPCBPROC_GETVERSADDR:
 104         case RPCBPROC_GETADDRLIST:
 105         case RPCBPROC_GETSTAT:
 106         default:
 107                 break;
 108         }
 109
 110 #ifdef LIBWRAP
 111         if (addr->sa_family == AF_LOCAL)
 112                 return 1;
 113         request_init(&req, RQ_DAEMON, "rpcbind", RQ_CLIENT_SIN, addr, 0);
 114         sock_methods(&req);
 115         if(!hosts_access(&req)) {
 116                 logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
 117                 return 0;
 118         }
 119 #endif
 120         if (verboselog)
 121                 logit(log_severity, addr, proc, prog, "");
 122         return 1;
 123 }
 124
 125 int
 126 is_loopback(struct netbuf *nbuf)
 127 {
 128         struct sockaddr *addr = (struct sockaddr *)nbuf->buf;
 129         struct sockaddr_in *sin;
 130 #ifdef INET6
 131         struct sockaddr_in6 *sin6;
 132 #endif
 133
 134         switch (addr->sa_family) {
 135         case AF_INET:
 136                 if (!oldstyle_local)
 137                         return 0;
 138                 sin = (struct sockaddr_in *)addr;
 139                 return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) &&
 140                     (ntohs(sin->sin_port) < IPPORT_RESERVED));
 141 #ifdef INET6
 142         case AF_INET6:
 143                 if (!oldstyle_local)
 144                         return 0;
 145                 sin6 = (struct sockaddr_in6 *)addr;
 146                 return (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
 147                     (ntohs(sin6->sin6_port) < IPV6PORT_RESERVED));
 148 #endif
 149         case AF_LOCAL:
 150                 return 1;
 151         default:
 152                 break;
 153         }
 154
 155         return 0;
 156 }
 157
 158
 159 /* logit - report events of interest via the syslog daemon */
 160 void
 161 logit(int severity, struct sockaddr *addr, rpcproc_t procnum, rpcprog_t prognum,
 162       const char *text)
 163 {
 164         const char *procname;
 165         char    procbuf[32];
 166         char   *progname;
 167         char    progbuf[32];
 168         char fromname[NI_MAXHOST];
 169         struct rpcent *rpc;
 170         static const char *procmap[] = {
 171         /* RPCBPROC_NULL */             "null",
 172         /* RPCBPROC_SET */              "set",
 173         /* RPCBPROC_UNSET */            "unset",
 174         /* RPCBPROC_GETADDR */          "getport/addr",
 175         /* RPCBPROC_DUMP */             "dump",
 176         /* RPCBPROC_CALLIT */           "callit",
 177         /* RPCBPROC_GETTIME */          "gettime",
 178         /* RPCBPROC_UADDR2TADDR */      "uaddr2taddr",
 179         /* RPCBPROC_TADDR2UADDR */      "taddr2uaddr",
 180         /* RPCBPROC_GETVERSADDR */      "getversaddr",
 181         /* RPCBPROC_INDIRECT */         "indirect",
 182         /* RPCBPROC_GETADDRLIST */      "getaddrlist",
 183         /* RPCBPROC_GETSTAT */          "getstat"
 184         };
 185
 186         /*
 187          * Fork off a process or the portmap daemon might hang while
 188          * getrpcbynumber() or syslog() does its thing.
 189          */
 190
 191         if (fork() == 0) {
 192                 setproctitle("logit");
 193
 194                 /* Try to map program number to name. */
 195
 196                 if (prognum == 0) {
 197                         progname = "";
 198                 } else if ((rpc = getrpcbynumber((int) prognum))) {
 199                         progname = rpc->r_name;
 200                 } else {
 201                         snprintf(progname = progbuf, sizeof(progbuf), "%u",
 202                             (unsigned)prognum);
 203                 }
 204
 205                 /* Try to map procedure number to name. */
 206
 207                 if (procnum >= (sizeof procmap / sizeof (char *))) {
 208                         snprintf(procbuf, sizeof procbuf, "%u",
 209                             (unsigned)procnum);
 210                         procname = procbuf;
 211                 } else
 212                         procname = procmap[procnum];
 213
 214                 /* Write syslog record. */
 215
 216                 if (addr->sa_family == AF_LOCAL)
 217                         strcpy(fromname, "local");
 218                 else
 219                         getnameinfo(addr, addr->sa_len, fromname,
 220                             sizeof fromname, NULL, 0, NI_NUMERICHOST);
 221
 222                 syslog(severity, "connect from %s to %s(%s)%s",
 223                         fromname, procname, progname, text);
 224                 _exit(0);
 225         }
 226 }
 227
 228 int
 229 check_callit(SVCXPRT *xprt, struct r_rmtcall_args *args, int versnum __unused)
 230 {
 231         struct sockaddr *sa = (struct sockaddr *)svc_getrpccaller(xprt)->buf;
 232
 233         /*
 234          * Always allow calling NULLPROC
 235          */
 236         if (args->rmt_proc == 0)
 237                 return 1;
 238
 239         /*
 240          * XXX - this special casing sucks.
 241          */
 242         switch (args->rmt_prog) {
 243         case RPCBPROG:
 244                 /*
 245                  * Allow indirect calls to ourselves in insecure mode.
 246                  * The is_loopback checks aren't useful then anyway.
 247                  */
 248                 if (!insecure)
 249                         goto deny;
 250                 break;
 251         case MOUNTPROG:
 252                 if (args->rmt_proc != MOUNTPROC_MNT &&
 253                     args->rmt_proc != MOUNTPROC_UMNT)
 254                         break;
 255                 goto deny;
 256         case YPBINDPROG:
 257                 if (args->rmt_proc != YPBINDPROC_SETDOM)
 258                         break;
 259                 /* FALLTHROUGH */
 260         case YPPASSWDPROG:
 261         case NFS_PROGRAM:
 262         case RQUOTAPROG:
 263                 goto deny;
 264         case YPPROG:
 265                 switch (args->rmt_proc) {
 266                 case YPPROC_ALL:
 267                 case YPPROC_MATCH:
 268                 case YPPROC_FIRST:
 269                 case YPPROC_NEXT:
 270                         goto deny;
 271                 default:
 272                         break;
 273                 }
 274         default:
 275                 break;
 276         }
 277
 278         return 1;
 279 deny:
 280 #ifdef LIBWRAP
 281         logit(deny_severity, sa, args->rmt_proc, args->rmt_prog,
 282             ": indirect call not allowed");
 283 #else
 284         logit(0, sa, args->rmt_proc, args->rmt_prog,
 285             ": indirect call not allowed");
 286 #endif
 287         return 0;
 288 }