| blob | 19323b9479982850b1f8cda6a46f4054b0376a74 |
1 /*
2 * pmap_check - additional portmap security.
3 *
4 * Always reject non-local requests to update the portmapper tables.
5 *
6 * Refuse to forward mount requests to the nfs mount daemon. Otherwise, the
7 * requests would appear to come from the local system, and nfs export
8 * restrictions could be bypassed.
9 *
10 * Refuse to forward requests to the nfsd process.
11 *
12 * Refuse to forward requests to NIS (YP) daemons; The only exception is the
13 * YPPROC_DOMAIN_NONACK broadcast rpc call that is used to establish initial
14 * contact with the NIS server.
15 *
16 * Always allocate an unprivileged port when forwarding a request.
17 *
18 * If compiled with -DCHECK_PORT, require that requests to register or
19 * unregister a privileged port come from a privileged port. This makes it
20 * more difficult to replace a critical service by a trojan.
21 *
22 * If compiled with -DHOSTS_ACCESS, reject requests from hosts that are not
23 * authorized by the /etc/hosts.{allow,deny} files. The local system is
24 * always treated as an authorized host. The access control tables are never
25 * consulted for requests from the local system, and are always consulted
26 * for requests from other hosts. Access control is based on IP addresses
27 * only; attempts to map an address to a host name might cause the
28 * portmapper to hang.
29 *
30 * Author: Wietse Venema (wietse@wzv.win.tue.nl), dept. of Mathematics and
31 * Computing Science, Eindhoven University of Technology, The Netherlands.
32 */
34 /*
35 * @(#) pmap_check.c 1.6 93/11/21 20:58:59
36 * $FreeBSD: src/usr.sbin/portmap/pmap_check.c,v 1.6 2000/01/15 23:08:28 brian Exp $
37 * $DragonFly: src/usr.sbin/portmap/pmap_check.c,v 1.5 2007/11/25 01:28:24 swildner Exp $
38 */
40 #include <sys/types.h>
41 #include <sys/socket.h>
42 #include <sys/signal.h>
43 #include <netinet/in.h>
44 #include <arpa/inet.h>
45 #include <rpc/rpc.h>
46 #include <rpc/pmap_prot.h>
48 #include <netdb.h>
49 #include <stdio.h>
50 #include <stdlib.h>
51 #include <syslog.h>
52 #include <unistd.h>
56 /* Explicit #defines in case the include files are not available. */
58 #define NFSPROG ((u_long) 100003)
59 #define MOUNTPROG ((u_long) 100005)
60 #define YPXPROG ((u_long) 100069)
61 #define YPPROG ((u_long) 100004)
62 #define YPPROC_DOMAIN_NONACK ((u_long) 2)
63 #define MOUNTPROC_MNT ((u_long) 1)
72 /* A handful of macros for "readability". */
76 #define legal_port(a,p) \
77 (ntohs((a)->sin_port) < IPPORT_RESERVED || (p) >= IPPORT_RESERVED)
79 #define log_bad_port(addr, proc, prog) \
82 #define log_bad_host(addr, proc, prog) \
85 #define log_bad_owner(addr, proc, prog) \
88 #define log_no_forward(addr, proc, prog) \
91 #define log_client(addr, proc, prog) \
94 /* check_startup - additional startup code */
96 void
98 {
99 /*
100 * Give up root privileges so that we can never allocate a privileged
101 * port when forwarding an rpc request.
102 */
106 }
108 }
110 /* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
112 int
114 {
115 #ifdef HOSTS_ACCESS
119 }
120 #endif
124 }
126 /* check_privileged_port - additional checks for privileged-port updates */
128 int
131 {
132 #ifdef CHECK_PORT
136 }
137 #endif
139 }
141 /* check_setunset - additional checks for update requests */
143 int
146 {
148 #ifdef HOSTS_ACCESS
150 #endif
153 }
159 }
161 /* check_callit - additional checks for forwarded requests */
163 int
165 {
166 #ifdef HOSTS_ACCESS
170 }
171 #endif
177 }
181 }
183 /* toggle_verboselog - toggle verbose logging flag */
185 static void
187 {
190 }
192 /* logit - report events of interest via the syslog daemon */
194 static void
197 {
204 u_long code;
206 };
216 };
218 /*
219 * Fork off a process or the portmap daemon might hang while
220 * getrpcbynumber() or syslog() does its thing.
221 */
225 /* Try to map program number to name. */
234 }
236 /* Try to map procedure number to name. */
243 }
245 /* Write syslog record. */
250 }
251 }