| blob | 4dc643a65f0a59e07f7a0e796f040acf9e49af7f |
1 /*
2 * Copyright (c) 1995
3 * A.R. Gordon (andrew.gordon@net-tel.co.uk). All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed for the FreeBSD project
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY ANDREW GORDON AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * $NetBSD: lock_proc.c,v 1.7 2000/10/11 20:23:56 is Exp $
33 * $FreeBSD: src/usr.sbin/rpc.lockd/lock_proc.c,v 1.1 2001/03/19 12:50:09 alfred Exp $
34 * $DragonFly$
35 */
37 #include <sys/param.h>
38 #include <sys/socket.h>
40 #include <netinet/in.h>
41 #include <arpa/inet.h>
43 #include <netdb.h>
44 #include <stdio.h>
45 #include <string.h>
46 #include <syslog.h>
47 #include <unistd.h>
48 #include <netconfig.h>
50 #include <rpc/rpc.h>
51 #include <rpcsvc/sm_inter.h>
54 #include <rpcsvc/nlm_prot.h>
61 #define getrpcaddr(rqstp) (struct sockaddr *)(svc_getrpccaller((rqstp)->rq_xprt)->buf)
67 /* log_from_addr ----------------------------------------------------------- */
68 /*
69 * Purpose: Log name of function called and source address
70 * Returns: Nothing
71 * Notes: Extracts the source address from the transport handle
72 * passed in as part of the called procedure specification
73 */
74 static void
76 {
86 }
88 /* get_client -------------------------------------------------------------- */
89 /*
90 * Purpose: Get a CLIENT* for making RPC calls to lockd on given host
91 * Returns: CLIENT* pointer, from clnt_udp_create, or NULL if error
92 * Notes: Creating a CLIENT* is quite expensive, involving a
93 * conversation with the remote portmapper to get the
94 * port number. Since a given client is quite likely
95 * to make several locking requests in succession, it is
96 * desirable to cache the created CLIENT*.
97 *
98 * Since we are using UDP rather than TCP, there is no cost
99 * to the remote system in keeping these cached indefinitely.
100 * Unfortunately there is a snag: if the remote system
101 * reboots, the cached portmapper results will be invalid,
102 * and we will never detect this since all of the xxx_msg()
103 * calls return no result - we just fire off a udp packet
104 * and hope for the best.
105 *
106 * We solve this by discarding cached values after two
107 * minutes, regardless of whether they have been used
108 * in the meanwhile (since a bad one might have been used
109 * plenty of times, as the host keeps retrying the request
110 * and we keep sending the reply back to the wrong port).
111 *
112 * Given that the entries will always expire in the order
113 * that they were created, there is no point in a LRU
114 * algorithm for when the cache gets full - entries are
115 * always re-used in sequence.
116 */
123 static int
125 {
145 }
148 }
150 CLIENT *
152 {
159 uid_t old_euid;
164 /*
165 * Search for the given client in the cache, zapping any expired
166 * entries that we happen to notice in passing.
167 */
172 /* Cache entry has expired. */
179 }
182 /* Found it! */
186 }
187 }
192 /* Not found in cache. Free the next entry if it is in use. */
196 }
198 /*
199 * Need a host string for clnt_tp_create. Use NI_NUMERICHOST
200 * to avoid DNS lookups.
201 */
208 }
210 #if 1
213 else
215 #else
218 else
220 #endif
226 }
235 }
237 /* Get the FD of the client, for bindresvport. */
240 /* Regain root privileges, for bindresvport. */
244 /*
245 * Bind the client FD to a reserved port.
246 * Some NFS servers reject any NLM request from a non-reserved port.
247 */
250 /* Drop root privileges again. */
253 /* Success - update the cache entry */
262 /*
263 * Disable the default timeout, so we can specify our own in calls
264 * to clnt_call(). (Note that the timeout is a different concept
265 * from the retry period set in clnt_udp_create() above.)
266 */
274 }
277 /* transmit_result --------------------------------------------------------- */
278 /*
279 * Purpose: Transmit result for nlm_xxx_msg pseudo-RPCs
280 * Returns: Nothing - we have no idea if the datagram got there
281 * Notes: clnt_call() will always fail (with timeout) as we are
282 * calling it with timeout 0 as a hack to just issue a datagram
283 * without expecting a result
284 */
285 void
287 {
303 }
304 }
305 /* transmit4_result --------------------------------------------------------- */
306 /*
307 * Purpose: Transmit result for nlm4_xxx_msg pseudo-RPCs
308 * Returns: Nothing - we have no idea if the datagram got there
309 * Notes: clnt_call() will always fail (with timeout) as we are
310 * calling it with timeout 0 as a hack to just issue a datagram
311 * without expecting a result
312 */
313 void
315 {
332 }
333 }
335 /*
336 * converts a struct nlm_lock to struct nlm4_lock
337 */
339 static void
341 {
348 }
349 /* ------------------------------------------------------------------------- */
350 /*
351 * Functions for Unix<->Unix locking (ie. monitored locking, with rpc.statd
352 * involved to ensure reclaim of locks after a crash of the "stateless"
353 * server.
354 *
355 * These all come in two flavours - nlm_xxx() and nlm_xxx_msg().
356 * The first are standard RPCs with argument and result.
357 * The nlm_xxx_msg() calls implement exactly the same functions, but
358 * use two pseudo-RPCs (one in each direction). These calls are NOT
359 * standard use of the RPC protocol in that they do not return a result
360 * at all (NB. this is quite different from returning a void result).
361 * The effect of this is to make the nlm_xxx_msg() calls simple unacknowledged
362 * datagrams, requiring higher-level code to perform retries.
363 *
364 * Despite the disadvantages of the nlm_xxx_msg() approach (some of which
365 * are documented in the comments to get_client() above), this is the
366 * interface used by all current commercial NFS implementations
367 * [Solaris, SCO, AIX etc.]. This is presumed to be because these allow
368 * implementations to continue using the standard RPC libraries, while
369 * avoiding the block-until-result nature of the library interface.
370 *
371 * No client implementations have been identified so far that make use
372 * of the true RPC version (early SunOS releases would be a likely candidate
373 * for testing).
374 */
376 /* nlm_test ---------------------------------------------------------------- */
377 /*
378 * Purpose: Test whether a specified lock would be granted if requested
379 * Returns: nlm_granted (or error code)
380 * Notes:
381 */
382 nlm_testres *
384 {
394 /*
395 * Copy the cookie from the argument into the result. Note that this
396 * is slightly hazardous, as the structure contains a pointer to a
397 * malloc()ed buffer that will get freed by the caller. However, the
398 * main function transmits the result before freeing the argument
399 * so it is in fact safe.
400 */
410 }
412 }
416 {
417 nlm_testres res;
442 }
444 /*
445 * nlm_test has different result type to the other operations, so
446 * can't use transmit_result() in this case
447 */
459 }
461 }
463 /* nlm_lock ---------------------------------------------------------------- */
464 /*
465 * Purposes: Establish a lock
466 * Returns: granted, denied or blocked
467 * Notes: *** grace period support missing
468 */
469 nlm_res *
471 {
484 /* copy cookie from arg to result. See comment in nlm_test_1() */
489 }
493 {
512 }
514 /* nlm_cancel -------------------------------------------------------------- */
515 /*
516 * Purpose: Cancel a blocked lock request
517 * Returns: granted or denied
518 * Notes:
519 */
520 nlm_res *
522 {
531 /* copy cookie from arg to result. See comment in nlm_test_1() */
534 /*
535 * Since at present we never return 'nlm_blocked', there can never be
536 * a lock to cancel, so this call always fails.
537 */
540 }
544 {
554 /*
555 * Since at present we never return 'nlm_blocked', there can never be
556 * a lock to cancel, so this call always fails.
557 */
561 }
563 /* nlm_unlock -------------------------------------------------------------- */
564 /*
565 * Purpose: Release an existing lock
566 * Returns: Always granted, unless during grace period
567 * Notes: "no such lock" error condition is ignored, as the
568 * protocol uses unreliable UDP datagrams, and may well
569 * re-try an unlock that has already succeeded.
570 */
571 nlm_res *
573 {
586 }
590 {
604 }
606 /* ------------------------------------------------------------------------- */
607 /*
608 * Client-side pseudo-RPCs for results. Note that for the client there
609 * are only nlm_xxx_msg() versions of each call, since the 'real RPC'
610 * version returns the results in the RPC result, and so the client
611 * does not normally receive incoming RPCs.
612 *
613 * The exception to this is nlm_granted(), which is genuinely an RPC
614 * call from the server to the client - a 'call-back' in normal procedure
615 * call terms.
616 */
618 /* nlm_granted ------------------------------------------------------------- */
619 /*
620 * Purpose: Receive notification that formerly blocked lock now granted
621 * Returns: always success ('granted')
622 * Notes:
623 */
624 nlm_res *
626 {
632 /* copy cookie from arg to result. See comment in nlm_test_1() */
637 }
641 {
652 }
654 /* nlm_test_res ------------------------------------------------------------ */
655 /*
656 * Purpose: Accept result from earlier nlm_test_msg() call
657 * Returns: Nothing
658 */
661 {
665 }
667 /* nlm_lock_res ------------------------------------------------------------ */
668 /*
669 * Purpose: Accept result from earlier nlm_lock_msg() call
670 * Returns: Nothing
671 */
674 {
679 }
681 /* nlm_cancel_res ---------------------------------------------------------- */
682 /*
683 * Purpose: Accept result from earlier nlm_cancel_msg() call
684 * Returns: Nothing
685 */
688 {
692 }
694 /* nlm_unlock_res ---------------------------------------------------------- */
695 /*
696 * Purpose: Accept result from earlier nlm_unlock_msg() call
697 * Returns: Nothing
698 */
701 {
705 }
707 /* nlm_granted_res --------------------------------------------------------- */
708 /*
709 * Purpose: Accept result from earlier nlm_granted_msg() call
710 * Returns: Nothing
711 */
714 {
718 }
720 /* ------------------------------------------------------------------------- */
721 /*
722 * Calls for PCNFS locking (aka non-monitored locking, no involvement
723 * of rpc.statd).
724 *
725 * These are all genuine RPCs - no nlm_xxx_msg() nonsense here.
726 */
728 /* nlm_share --------------------------------------------------------------- */
729 /*
730 * Purpose: Establish a DOS-style lock
731 * Returns: success or failure
732 * Notes: Blocking locks are not supported - client is expected
733 * to retry if required.
734 */
735 nlm_shareres *
737 {
747 }
749 /* nlm_unshare ------------------------------------------------------------ */
750 /*
751 * Purpose: Release a DOS-style lock
752 * Returns: nlm_granted, unless in grace period
753 * Notes:
754 */
755 nlm_shareres *
757 {
767 }
769 /* nlm_nm_lock ------------------------------------------------------------ */
770 /*
771 * Purpose: non-monitored version of nlm_lock()
772 * Returns: as for nlm_lock()
773 * Notes: These locks are in the same style as the standard nlm_lock,
774 * but the rpc.statd should not be called to establish a
775 * monitor for the client machine, since that machine is
776 * declared not to be running a rpc.statd, and so would not
777 * respond to the statd protocol.
778 */
779 nlm_res *
781 {
787 /* copy cookie from arg to result. See comment in nlm_test_1() */
791 }
793 /* nlm_free_all ------------------------------------------------------------ */
794 /*
795 * Purpose: Release all locks held by a named client
796 * Returns: Nothing
797 * Notes: Potential denial of service security problem here - the
798 * locks to be released are specified by a host name, independent
799 * of the address from which the request has arrived.
800 * Should probably be rejected if the named host has been
801 * using monitored locks.
802 */
805 {
811 }
813 /* calls for nlm version 4 (NFSv3) */
814 /* nlm_test ---------------------------------------------------------------- */
815 /*
816 * Purpose: Test whether a specified lock would be granted if requested
817 * Returns: nlm_granted (or error code)
818 * Notes:
819 */
820 nlm4_testres *
822 {
831 /*
832 * Copy the cookie from the argument into the result. Note that this
833 * is slightly hazardous, as the structure contains a pointer to a
834 * malloc()ed buffer that will get freed by the caller. However, the
835 * main function transmits the result before freeing the argument
836 * so it is in fact safe.
837 */
845 }
847 }
851 {
852 nlm4_testres res;
872 }
874 /*
875 * nlm_test has different result type to the other operations, so
876 * can't use transmit4_result() in this case
877 */
889 }
891 }
893 /* nlm_lock ---------------------------------------------------------------- */
894 /*
895 * Purposes: Establish a lock
896 * Returns: granted, denied or blocked
897 * Notes: *** grace period support missing
898 */
899 nlm4_res *
901 {
907 /* copy cookie from arg to result. See comment in nlm_test_4() */
912 }
916 {
927 }
929 /* nlm_cancel -------------------------------------------------------------- */
930 /*
931 * Purpose: Cancel a blocked lock request
932 * Returns: granted or denied
933 * Notes:
934 */
935 nlm4_res *
937 {
943 /* copy cookie from arg to result. See comment in nlm_test_1() */
946 /*
947 * Since at present we never return 'nlm_blocked', there can never be
948 * a lock to cancel, so this call always fails.
949 */
952 }
956 {
963 /*
964 * Since at present we never return 'nlm_blocked', there can never be
965 * a lock to cancel, so this call always fails.
966 */
970 }
972 /* nlm_unlock -------------------------------------------------------------- */
973 /*
974 * Purpose: Release an existing lock
975 * Returns: Always granted, unless during grace period
976 * Notes: "no such lock" error condition is ignored, as the
977 * protocol uses unreliable UDP datagrams, and may well
978 * re-try an unlock that has already succeeded.
979 */
980 nlm4_res *
982 {
992 }
996 {
1007 }
1009 /* ------------------------------------------------------------------------- */
1010 /*
1011 * Client-side pseudo-RPCs for results. Note that for the client there
1012 * are only nlm_xxx_msg() versions of each call, since the 'real RPC'
1013 * version returns the results in the RPC result, and so the client
1014 * does not normally receive incoming RPCs.
1015 *
1016 * The exception to this is nlm_granted(), which is genuinely an RPC
1017 * call from the server to the client - a 'call-back' in normal procedure
1018 * call terms.
1019 */
1021 /* nlm_granted ------------------------------------------------------------- */
1022 /*
1023 * Purpose: Receive notification that formerly blocked lock now granted
1024 * Returns: always success ('granted')
1025 * Notes:
1026 */
1027 nlm4_res *
1029 {
1035 /* copy cookie from arg to result. See comment in nlm_test_1() */
1040 }
1044 {
1055 }
1057 /* nlm_test_res ------------------------------------------------------------ */
1058 /*
1059 * Purpose: Accept result from earlier nlm_test_msg() call
1060 * Returns: Nothing
1061 */
1064 {
1068 }
1070 /* nlm_lock_res ------------------------------------------------------------ */
1071 /*
1072 * Purpose: Accept result from earlier nlm_lock_msg() call
1073 * Returns: Nothing
1074 */
1077 {
1082 }
1084 /* nlm_cancel_res ---------------------------------------------------------- */
1085 /*
1086 * Purpose: Accept result from earlier nlm_cancel_msg() call
1087 * Returns: Nothing
1088 */
1091 {
1095 }
1097 /* nlm_unlock_res ---------------------------------------------------------- */
1098 /*
1099 * Purpose: Accept result from earlier nlm_unlock_msg() call
1100 * Returns: Nothing
1101 */
1104 {
1108 }
1110 /* nlm_granted_res --------------------------------------------------------- */
1111 /*
1112 * Purpose: Accept result from earlier nlm_granted_msg() call
1113 * Returns: Nothing
1114 */
1117 {
1121 }
1123 /* ------------------------------------------------------------------------- */
1124 /*
1125 * Calls for PCNFS locking (aka non-monitored locking, no involvement
1126 * of rpc.statd).
1127 *
1128 * These are all genuine RPCs - no nlm_xxx_msg() nonsense here.
1129 */
1131 /* nlm_share --------------------------------------------------------------- */
1132 /*
1133 * Purpose: Establish a DOS-style lock
1134 * Returns: success or failure
1135 * Notes: Blocking locks are not supported - client is expected
1136 * to retry if required.
1137 */
1138 nlm4_shareres *
1140 {
1150 }
1152 /* nlm4_unshare ------------------------------------------------------------ */
1153 /*
1154 * Purpose: Release a DOS-style lock
1155 * Returns: nlm_granted, unless in grace period
1156 * Notes:
1157 */
1158 nlm4_shareres *
1160 {
1170 }
1172 /* nlm4_nm_lock ------------------------------------------------------------ */
1173 /*
1174 * Purpose: non-monitored version of nlm4_lock()
1175 * Returns: as for nlm4_lock()
1176 * Notes: These locks are in the same style as the standard nlm4_lock,
1177 * but the rpc.statd should not be called to establish a
1178 * monitor for the client machine, since that machine is
1179 * declared not to be running a rpc.statd, and so would not
1180 * respond to the statd protocol.
1181 */
1182 nlm4_res *
1184 {
1190 /* copy cookie from arg to result. See comment in nlm4_test_1() */
1194 }
1196 /* nlm4_free_all ------------------------------------------------------------ */
1197 /*
1198 * Purpose: Release all locks held by a named client
1199 * Returns: Nothing
1200 * Notes: Potential denial of service security problem here - the
1201 * locks to be released are specified by a host name, independent
1202 * of the address from which the request has arrived.
1203 * Should probably be rejected if the named host has been
1204 * using monitored locks.
1205 */
1208 {
1214 }
1216 /* nlm_sm_notify --------------------------------------------------------- */
1217 /*
1218 * Purpose: called by rpc.statd when a monitored host state changes.
1219 * Returns: Nothing
1220 */
1223 {
1227 }