| blob | 2d16f60f648c0b689c7eb82801b81587242d3385 |
1 /*
2 * pmap_check - additional portmap security.
3 *
4 * Always reject non-local requests to update the portmapper tables.
5 *
6 * Refuse to forward mount requests to the nfs mount daemon. Otherwise, the
7 * requests would appear to come from the local system, and nfs export
8 * restrictions could be bypassed.
9 *
10 * Refuse to forward requests to the nfsd process.
11 *
12 * Refuse to forward requests to NIS (YP) daemons; The only exception is the
13 * YPPROC_DOMAIN_NONACK broadcast rpc call that is used to establish initial
14 * contact with the NIS server.
15 *
16 * Always allocate an unprivileged port when forwarding a request.
17 *
18 * If compiled with -DCHECK_PORT, require that requests to register or
19 * unregister a privileged port come from a privileged port. This makes it
20 * more difficult to replace a critical service by a trojan.
21 *
22 * If compiled with -DHOSTS_ACCESS, reject requests from hosts that are not
23 * authorized by the /etc/hosts.{allow,deny} files. The local system is
24 * always treated as an authorized host. The access control tables are never
25 * consulted for requests from the local system, and are always consulted
26 * for requests from other hosts. Access control is based on IP addresses
27 * only; attempts to map an address to a host name might cause the
28 * portmapper to hang.
29 *
30 * Author: Wietse Venema (wietse@wzv.win.tue.nl), dept. of Mathematics and
31 * Computing Science, Eindhoven University of Technology, The Netherlands.
32 */
34 /*
35 * @(#) pmap_check.c 1.6 93/11/21 20:58:59
36 * $FreeBSD: src/usr.sbin/portmap/pmap_check.c,v 1.6 2000/01/15 23:08:28 brian Exp $
37 * $DragonFly: src/usr.sbin/portmap/pmap_check.c,v 1.4 2004/03/30 04:58:59 cpressey Exp $
38 */
40 #include <sys/types.h>
41 #include <sys/socket.h>
42 #include <sys/signal.h>
43 #include <netinet/in.h>
44 #include <arpa/inet.h>
45 #include <rpc/rpc.h>
46 #include <rpc/pmap_prot.h>
48 #include <netdb.h>
49 #include <stdio.h>
50 #include <syslog.h>
51 #include <unistd.h>
55 /* Explicit #defines in case the include files are not available. */
57 #define NFSPROG ((u_long) 100003)
58 #define MOUNTPROG ((u_long) 100005)
59 #define YPXPROG ((u_long) 100069)
60 #define YPPROG ((u_long) 100004)
61 #define YPPROC_DOMAIN_NONACK ((u_long) 2)
62 #define MOUNTPROC_MNT ((u_long) 1)
71 /* A handful of macros for "readability". */
75 #define legal_port(a,p) \
76 (ntohs((a)->sin_port) < IPPORT_RESERVED || (p) >= IPPORT_RESERVED)
78 #define log_bad_port(addr, proc, prog) \
81 #define log_bad_host(addr, proc, prog) \
84 #define log_bad_owner(addr, proc, prog) \
87 #define log_no_forward(addr, proc, prog) \
90 #define log_client(addr, proc, prog) \
93 /* check_startup - additional startup code */
95 void
97 {
98 /*
99 * Give up root privileges so that we can never allocate a privileged
100 * port when forwarding an rpc request.
101 */
105 }
107 }
109 /* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
111 int
113 {
114 #ifdef HOSTS_ACCESS
118 }
119 #endif
123 }
125 /* check_privileged_port - additional checks for privileged-port updates */
127 int
130 {
131 #ifdef CHECK_PORT
135 }
136 #endif
138 }
140 /* check_setunset - additional checks for update requests */
142 int
145 {
147 #ifdef HOSTS_ACCESS
149 #endif
152 }
158 }
160 /* check_callit - additional checks for forwarded requests */
162 int
164 {
165 #ifdef HOSTS_ACCESS
169 }
170 #endif
176 }
180 }
182 /* toggle_verboselog - toggle verbose logging flag */
184 static void
186 {
189 }
191 /* logit - report events of interest via the syslog daemon */
193 static void
196 {
203 u_long code;
205 };
215 };
217 /*
218 * Fork off a process or the portmap daemon might hang while
219 * getrpcbynumber() or syslog() does its thing.
220 */
224 /* Try to map program number to name. */
233 }
235 /* Try to map procedure number to name. */
242 }
244 /* Write syslog record. */
249 }
250 }