| blob | ede52f6dd1502eaab0b8d9f08b9976c7e9fe137f |
1 /*
2 * Copyright (c) 1995
3 * A.R. Gordon (andrew.gordon@net-tel.co.uk). All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed for the FreeBSD project
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY ANDREW GORDON AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * $NetBSD: lock_proc.c,v 1.7 2000/10/11 20:23:56 is Exp $
33 * $FreeBSD: src/usr.sbin/rpc.lockd/lock_proc.c,v 1.1 2001/03/19 12:50:09 alfred Exp $
34 */
36 #include <sys/param.h>
37 #include <sys/socket.h>
39 #include <netinet/in.h>
40 #include <arpa/inet.h>
42 #include <netdb.h>
43 #include <stdio.h>
44 #include <string.h>
45 #include <syslog.h>
46 #include <unistd.h>
47 #include <netconfig.h>
49 #include <rpc/rpc.h>
50 #include <rpcsvc/sm_inter.h>
53 #include <rpcsvc/nlm_prot.h>
60 #define getrpcaddr(rqstp) (struct sockaddr *)(svc_getrpccaller((rqstp)->rq_xprt)->buf)
65 /* log_from_addr ----------------------------------------------------------- */
66 /*
67 * Purpose: Log name of function called and source address
68 * Returns: Nothing
69 * Notes: Extracts the source address from the transport handle
70 * passed in as part of the called procedure specification
71 */
72 static void
74 {
84 }
86 /* get_client -------------------------------------------------------------- */
87 /*
88 * Purpose: Get a CLIENT* for making RPC calls to lockd on given host
89 * Returns: CLIENT* pointer, from clnt_udp_create, or NULL if error
90 * Notes: Creating a CLIENT* is quite expensive, involving a
91 * conversation with the remote portmapper to get the
92 * port number. Since a given client is quite likely
93 * to make several locking requests in succession, it is
94 * desirable to cache the created CLIENT*.
95 *
96 * Since we are using UDP rather than TCP, there is no cost
97 * to the remote system in keeping these cached indefinitely.
98 * Unfortunately there is a snag: if the remote system
99 * reboots, the cached portmapper results will be invalid,
100 * and we will never detect this since all of the xxx_msg()
101 * calls return no result - we just fire off a udp packet
102 * and hope for the best.
103 *
104 * We solve this by discarding cached values after two
105 * minutes, regardless of whether they have been used
106 * in the meanwhile (since a bad one might have been used
107 * plenty of times, as the host keeps retrying the request
108 * and we keep sending the reply back to the wrong port).
109 *
110 * Given that the entries will always expire in the order
111 * that they were created, there is no point in a LRU
112 * algorithm for when the cache gets full - entries are
113 * always re-used in sequence.
114 */
121 static int
123 {
143 }
146 }
148 CLIENT *
150 {
157 uid_t old_euid;
162 /*
163 * Search for the given client in the cache, zapping any expired
164 * entries that we happen to notice in passing.
165 */
170 /* Cache entry has expired. */
177 }
180 /* Found it! */
184 }
185 }
190 /* Not found in cache. Free the next entry if it is in use. */
194 }
196 /*
197 * Need a host string for clnt_tp_create. Use NI_NUMERICHOST
198 * to avoid DNS lookups.
199 */
206 }
208 #if 1
211 else
213 #else
216 else
218 #endif
224 }
233 }
235 /* Get the FD of the client, for bindresvport. */
238 /* Regain root privileges, for bindresvport. */
242 /*
243 * Bind the client FD to a reserved port.
244 * Some NFS servers reject any NLM request from a non-reserved port.
245 */
248 /* Drop root privileges again. */
251 /* Success - update the cache entry */
260 /*
261 * Disable the default timeout, so we can specify our own in calls
262 * to clnt_call(). (Note that the timeout is a different concept
263 * from the retry period set in clnt_udp_create() above.)
264 */
272 }
275 /* transmit_result --------------------------------------------------------- */
276 /*
277 * Purpose: Transmit result for nlm_xxx_msg pseudo-RPCs
278 * Returns: Nothing - we have no idea if the datagram got there
279 * Notes: clnt_call() will always fail (with timeout) as we are
280 * calling it with timeout 0 as a hack to just issue a datagram
281 * without expecting a result
282 */
283 void
285 {
301 }
302 }
303 /* transmit4_result --------------------------------------------------------- */
304 /*
305 * Purpose: Transmit result for nlm4_xxx_msg pseudo-RPCs
306 * Returns: Nothing - we have no idea if the datagram got there
307 * Notes: clnt_call() will always fail (with timeout) as we are
308 * calling it with timeout 0 as a hack to just issue a datagram
309 * without expecting a result
310 */
311 void
313 {
330 }
331 }
333 /*
334 * converts a struct nlm_lock to struct nlm4_lock
335 */
337 static void
339 {
346 }
347 /* ------------------------------------------------------------------------- */
348 /*
349 * Functions for Unix<->Unix locking (ie. monitored locking, with rpc.statd
350 * involved to ensure reclaim of locks after a crash of the "stateless"
351 * server.
352 *
353 * These all come in two flavours - nlm_xxx() and nlm_xxx_msg().
354 * The first are standard RPCs with argument and result.
355 * The nlm_xxx_msg() calls implement exactly the same functions, but
356 * use two pseudo-RPCs (one in each direction). These calls are NOT
357 * standard use of the RPC protocol in that they do not return a result
358 * at all (NB. this is quite different from returning a void result).
359 * The effect of this is to make the nlm_xxx_msg() calls simple unacknowledged
360 * datagrams, requiring higher-level code to perform retries.
361 *
362 * Despite the disadvantages of the nlm_xxx_msg() approach (some of which
363 * are documented in the comments to get_client() above), this is the
364 * interface used by all current commercial NFS implementations
365 * [Solaris, SCO, AIX etc.]. This is presumed to be because these allow
366 * implementations to continue using the standard RPC libraries, while
367 * avoiding the block-until-result nature of the library interface.
368 *
369 * No client implementations have been identified so far that make use
370 * of the true RPC version (early SunOS releases would be a likely candidate
371 * for testing).
372 */
374 /* nlm_test ---------------------------------------------------------------- */
375 /*
376 * Purpose: Test whether a specified lock would be granted if requested
377 * Returns: nlm_granted (or error code)
378 * Notes:
379 */
380 nlm_testres *
382 {
392 /*
393 * Copy the cookie from the argument into the result. Note that this
394 * is slightly hazardous, as the structure contains a pointer to a
395 * malloc()ed buffer that will get freed by the caller. However, the
396 * main function transmits the result before freeing the argument
397 * so it is in fact safe.
398 */
408 }
410 }
414 {
415 nlm_testres res;
440 }
442 /*
443 * nlm_test has different result type to the other operations, so
444 * can't use transmit_result() in this case
445 */
457 }
459 }
461 /* nlm_lock ---------------------------------------------------------------- */
462 /*
463 * Purposes: Establish a lock
464 * Returns: granted, denied or blocked
465 * Notes: *** grace period support missing
466 */
467 nlm_res *
469 {
482 /* copy cookie from arg to result. See comment in nlm_test_1() */
487 }
491 {
510 }
512 /* nlm_cancel -------------------------------------------------------------- */
513 /*
514 * Purpose: Cancel a blocked lock request
515 * Returns: granted or denied
516 * Notes:
517 */
518 nlm_res *
520 {
529 /* copy cookie from arg to result. See comment in nlm_test_1() */
532 /*
533 * Since at present we never return 'nlm_blocked', there can never be
534 * a lock to cancel, so this call always fails.
535 */
538 }
542 {
552 /*
553 * Since at present we never return 'nlm_blocked', there can never be
554 * a lock to cancel, so this call always fails.
555 */
559 }
561 /* nlm_unlock -------------------------------------------------------------- */
562 /*
563 * Purpose: Release an existing lock
564 * Returns: Always granted, unless during grace period
565 * Notes: "no such lock" error condition is ignored, as the
566 * protocol uses unreliable UDP datagrams, and may well
567 * re-try an unlock that has already succeeded.
568 */
569 nlm_res *
571 {
584 }
588 {
602 }
604 /* ------------------------------------------------------------------------- */
605 /*
606 * Client-side pseudo-RPCs for results. Note that for the client there
607 * are only nlm_xxx_msg() versions of each call, since the 'real RPC'
608 * version returns the results in the RPC result, and so the client
609 * does not normally receive incoming RPCs.
610 *
611 * The exception to this is nlm_granted(), which is genuinely an RPC
612 * call from the server to the client - a 'call-back' in normal procedure
613 * call terms.
614 */
616 /* nlm_granted ------------------------------------------------------------- */
617 /*
618 * Purpose: Receive notification that formerly blocked lock now granted
619 * Returns: always success ('granted')
620 * Notes:
621 */
622 nlm_res *
624 {
630 /* copy cookie from arg to result. See comment in nlm_test_1() */
635 }
639 {
650 }
652 /* nlm_test_res ------------------------------------------------------------ */
653 /*
654 * Purpose: Accept result from earlier nlm_test_msg() call
655 * Returns: Nothing
656 */
659 {
663 }
665 /* nlm_lock_res ------------------------------------------------------------ */
666 /*
667 * Purpose: Accept result from earlier nlm_lock_msg() call
668 * Returns: Nothing
669 */
672 {
677 }
679 /* nlm_cancel_res ---------------------------------------------------------- */
680 /*
681 * Purpose: Accept result from earlier nlm_cancel_msg() call
682 * Returns: Nothing
683 */
686 {
690 }
692 /* nlm_unlock_res ---------------------------------------------------------- */
693 /*
694 * Purpose: Accept result from earlier nlm_unlock_msg() call
695 * Returns: Nothing
696 */
699 {
703 }
705 /* nlm_granted_res --------------------------------------------------------- */
706 /*
707 * Purpose: Accept result from earlier nlm_granted_msg() call
708 * Returns: Nothing
709 */
712 {
716 }
718 /* ------------------------------------------------------------------------- */
719 /*
720 * Calls for PCNFS locking (aka non-monitored locking, no involvement
721 * of rpc.statd).
722 *
723 * These are all genuine RPCs - no nlm_xxx_msg() nonsense here.
724 */
726 /* nlm_share --------------------------------------------------------------- */
727 /*
728 * Purpose: Establish a DOS-style lock
729 * Returns: success or failure
730 * Notes: Blocking locks are not supported - client is expected
731 * to retry if required.
732 */
733 nlm_shareres *
735 {
745 }
747 /* nlm_unshare ------------------------------------------------------------ */
748 /*
749 * Purpose: Release a DOS-style lock
750 * Returns: nlm_granted, unless in grace period
751 * Notes:
752 */
753 nlm_shareres *
755 {
765 }
767 /* nlm_nm_lock ------------------------------------------------------------ */
768 /*
769 * Purpose: non-monitored version of nlm_lock()
770 * Returns: as for nlm_lock()
771 * Notes: These locks are in the same style as the standard nlm_lock,
772 * but the rpc.statd should not be called to establish a
773 * monitor for the client machine, since that machine is
774 * declared not to be running a rpc.statd, and so would not
775 * respond to the statd protocol.
776 */
777 nlm_res *
779 {
785 /* copy cookie from arg to result. See comment in nlm_test_1() */
789 }
791 /* nlm_free_all ------------------------------------------------------------ */
792 /*
793 * Purpose: Release all locks held by a named client
794 * Returns: Nothing
795 * Notes: Potential denial of service security problem here - the
796 * locks to be released are specified by a host name, independent
797 * of the address from which the request has arrived.
798 * Should probably be rejected if the named host has been
799 * using monitored locks.
800 */
803 {
809 }
811 /* calls for nlm version 4 (NFSv3) */
812 /* nlm_test ---------------------------------------------------------------- */
813 /*
814 * Purpose: Test whether a specified lock would be granted if requested
815 * Returns: nlm_granted (or error code)
816 * Notes:
817 */
818 nlm4_testres *
820 {
829 /*
830 * Copy the cookie from the argument into the result. Note that this
831 * is slightly hazardous, as the structure contains a pointer to a
832 * malloc()ed buffer that will get freed by the caller. However, the
833 * main function transmits the result before freeing the argument
834 * so it is in fact safe.
835 */
843 }
845 }
849 {
850 nlm4_testres res;
870 }
872 /*
873 * nlm_test has different result type to the other operations, so
874 * can't use transmit4_result() in this case
875 */
887 }
889 }
891 /* nlm_lock ---------------------------------------------------------------- */
892 /*
893 * Purposes: Establish a lock
894 * Returns: granted, denied or blocked
895 * Notes: *** grace period support missing
896 */
897 nlm4_res *
899 {
905 /* copy cookie from arg to result. See comment in nlm_test_4() */
910 }
914 {
925 }
927 /* nlm_cancel -------------------------------------------------------------- */
928 /*
929 * Purpose: Cancel a blocked lock request
930 * Returns: granted or denied
931 * Notes:
932 */
933 nlm4_res *
935 {
941 /* copy cookie from arg to result. See comment in nlm_test_1() */
944 /*
945 * Since at present we never return 'nlm_blocked', there can never be
946 * a lock to cancel, so this call always fails.
947 */
950 }
954 {
961 /*
962 * Since at present we never return 'nlm_blocked', there can never be
963 * a lock to cancel, so this call always fails.
964 */
968 }
970 /* nlm_unlock -------------------------------------------------------------- */
971 /*
972 * Purpose: Release an existing lock
973 * Returns: Always granted, unless during grace period
974 * Notes: "no such lock" error condition is ignored, as the
975 * protocol uses unreliable UDP datagrams, and may well
976 * re-try an unlock that has already succeeded.
977 */
978 nlm4_res *
980 {
990 }
994 {
1005 }
1007 /* ------------------------------------------------------------------------- */
1008 /*
1009 * Client-side pseudo-RPCs for results. Note that for the client there
1010 * are only nlm_xxx_msg() versions of each call, since the 'real RPC'
1011 * version returns the results in the RPC result, and so the client
1012 * does not normally receive incoming RPCs.
1013 *
1014 * The exception to this is nlm_granted(), which is genuinely an RPC
1015 * call from the server to the client - a 'call-back' in normal procedure
1016 * call terms.
1017 */
1019 /* nlm_granted ------------------------------------------------------------- */
1020 /*
1021 * Purpose: Receive notification that formerly blocked lock now granted
1022 * Returns: always success ('granted')
1023 * Notes:
1024 */
1025 nlm4_res *
1027 {
1033 /* copy cookie from arg to result. See comment in nlm_test_1() */
1038 }
1042 {
1053 }
1055 /* nlm_test_res ------------------------------------------------------------ */
1056 /*
1057 * Purpose: Accept result from earlier nlm_test_msg() call
1058 * Returns: Nothing
1059 */
1062 {
1066 }
1068 /* nlm_lock_res ------------------------------------------------------------ */
1069 /*
1070 * Purpose: Accept result from earlier nlm_lock_msg() call
1071 * Returns: Nothing
1072 */
1075 {
1080 }
1082 /* nlm_cancel_res ---------------------------------------------------------- */
1083 /*
1084 * Purpose: Accept result from earlier nlm_cancel_msg() call
1085 * Returns: Nothing
1086 */
1089 {
1093 }
1095 /* nlm_unlock_res ---------------------------------------------------------- */
1096 /*
1097 * Purpose: Accept result from earlier nlm_unlock_msg() call
1098 * Returns: Nothing
1099 */
1102 {
1106 }
1108 /* nlm_granted_res --------------------------------------------------------- */
1109 /*
1110 * Purpose: Accept result from earlier nlm_granted_msg() call
1111 * Returns: Nothing
1112 */
1115 {
1119 }
1121 /* ------------------------------------------------------------------------- */
1122 /*
1123 * Calls for PCNFS locking (aka non-monitored locking, no involvement
1124 * of rpc.statd).
1125 *
1126 * These are all genuine RPCs - no nlm_xxx_msg() nonsense here.
1127 */
1129 /* nlm_share --------------------------------------------------------------- */
1130 /*
1131 * Purpose: Establish a DOS-style lock
1132 * Returns: success or failure
1133 * Notes: Blocking locks are not supported - client is expected
1134 * to retry if required.
1135 */
1136 nlm4_shareres *
1138 {
1148 }
1150 /* nlm4_unshare ------------------------------------------------------------ */
1151 /*
1152 * Purpose: Release a DOS-style lock
1153 * Returns: nlm_granted, unless in grace period
1154 * Notes:
1155 */
1156 nlm4_shareres *
1158 {
1168 }
1170 /* nlm4_nm_lock ------------------------------------------------------------ */
1171 /*
1172 * Purpose: non-monitored version of nlm4_lock()
1173 * Returns: as for nlm4_lock()
1174 * Notes: These locks are in the same style as the standard nlm4_lock,
1175 * but the rpc.statd should not be called to establish a
1176 * monitor for the client machine, since that machine is
1177 * declared not to be running a rpc.statd, and so would not
1178 * respond to the statd protocol.
1179 */
1180 nlm4_res *
1182 {
1188 /* copy cookie from arg to result. See comment in nlm4_test_1() */
1192 }
1194 /* nlm4_free_all ------------------------------------------------------------ */
1195 /*
1196 * Purpose: Release all locks held by a named client
1197 * Returns: Nothing
1198 * Notes: Potential denial of service security problem here - the
1199 * locks to be released are specified by a host name, independent
1200 * of the address from which the request has arrived.
1201 * Should probably be rejected if the named host has been
1202 * using monitored locks.
1203 */
1206 {
1212 }
1214 /* nlm_sm_notify --------------------------------------------------------- */
1215 /*
1216 * Purpose: called by rpc.statd when a monitored host state changes.
1217 * Returns: Nothing
1218 */
1221 {
1225 }