/*
* Copyright 2009 Oracle. All rights reserved.
*
* This file is part of nfs-utils.
*
* nfs-utils is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* nfs-utils is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with nfs-utils. If not, see .
*/
#ifdef HAVE_CONFIG_H
#include
#endif
#include
#include
#include
#include
#include
#include
#include
#include
#include "nfslib.h"
#include
#include
#include
#include
#include
#ifdef HAVE_TCP_WRAPPER
#include "tcpwrapper.h"
#endif
#include "sockaddr.h"
#include "rpcmisc.h"
#include "xlog.h"
#ifdef HAVE_LIBTIRPC
#include
#define SVC_CREATE_XPRT_CACHE_SIZE (8)
static SVCXPRT *svc_create_xprt_cache[SVC_CREATE_XPRT_CACHE_SIZE] = { NULL, };
/*
* Cache an SVC xprt, in case there are more programs or versions to
* register against it.
*/
static void
svc_create_cache_xprt(SVCXPRT *xprt)
{
unsigned int i;
/* Check if we've already got this one... */
for (i = 0; i < SVC_CREATE_XPRT_CACHE_SIZE; i++)
if (svc_create_xprt_cache[i] == xprt)
return;
/* No, we don't. Cache it. */
for (i = 0; i < SVC_CREATE_XPRT_CACHE_SIZE; i++)
if (svc_create_xprt_cache[i] == NULL) {
svc_create_xprt_cache[i] = xprt;
return;
}
xlog(L_ERROR, "%s: Failed to cache an xprt", __func__);
}
/*
* Find a previously cached SVC xprt structure with the given bind address
* and transport semantics.
*
* Returns pointer to a cached SVC xprt.
*
* If no matching SVC XPRT can be found, NULL is returned.
*/
static SVCXPRT *
svc_create_find_xprt(const struct sockaddr *bindaddr, const struct netconfig *nconf)
{
unsigned int i;
for (i = 0; i < SVC_CREATE_XPRT_CACHE_SIZE; i++) {
SVCXPRT *xprt = svc_create_xprt_cache[i];
struct sockaddr *sap;
if (xprt == NULL)
continue;
if (strcmp(nconf->nc_netid, xprt->xp_netid) != 0)
continue;
sap = (struct sockaddr *)xprt->xp_ltaddr.buf;
if (!nfs_compare_sockaddr(bindaddr, sap))
continue;
return xprt;
}
return NULL;
}
/*
* Set up an appropriate bind address, given @port and @nconf.
*
* Returns getaddrinfo(3) results if successful. Caller must
* invoke freeaddrinfo(3) on these results.
*
* Otherwise NULL is returned if an error occurs.
*/
__attribute__((__malloc__))
static struct addrinfo *
svc_create_bindaddr(struct netconfig *nconf, const uint16_t port)
{
struct addrinfo *ai = NULL;
struct addrinfo hint = {
.ai_flags = AI_PASSIVE | AI_NUMERICSERV,
};
char buf[8];
int error;
if (strcmp(nconf->nc_protofmly, NC_INET) == 0)
hint.ai_family = AF_INET;
#ifdef IPV6_SUPPORTED
else if (strcmp(nconf->nc_protofmly, NC_INET6) == 0)
hint.ai_family = AF_INET6;
#endif /* IPV6_SUPPORTED */
else {
xlog(D_GENERAL, "Unrecognized bind address family: %s",
nconf->nc_protofmly);
return NULL;
}
if (strcmp(nconf->nc_proto, NC_UDP) == 0)
hint.ai_protocol = (int)IPPROTO_UDP;
else if (strcmp(nconf->nc_proto, NC_TCP) == 0)
hint.ai_protocol = (int)IPPROTO_TCP;
else {
xlog(D_GENERAL, "Unrecognized bind address protocol: %s",
nconf->nc_proto);
return NULL;
}
(void)snprintf(buf, sizeof(buf), "%u", port);
error = getaddrinfo(NULL, buf, &hint, &ai);
if (error != 0) {
xlog(L_ERROR, "Failed to construct bind address: %s",
gai_strerror(error));
return NULL;
}
return ai;
}
/*
* Create a listener socket on a specific bindaddr, and set
* special socket options to allow it to share the same port
* as other listeners.
*
* Returns an open, bound, and possibly listening network
* socket on success.
*
* Otherwise returns -1 if some error occurs.
*/
static int
svc_create_sock(const struct sockaddr *sap, socklen_t salen,
struct netconfig *nconf)
{
int fd, type, protocol;
int one = 1;
switch(nconf->nc_semantics) {
case NC_TPI_CLTS:
type = SOCK_DGRAM;
break;
case NC_TPI_COTS_ORD:
type = SOCK_STREAM;
break;
default:
xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %u",
__func__, nconf->nc_semantics);
return -1;
}
if (strcmp(nconf->nc_proto, NC_UDP) == 0)
protocol = (int)IPPROTO_UDP;
else if (strcmp(nconf->nc_proto, NC_TCP) == 0)
protocol = (int)IPPROTO_TCP;
else {
xlog(D_GENERAL, "%s: Unrecognized bind address protocol: %s",
__func__, nconf->nc_proto);
return -1;
}
fd = socket((int)sap->sa_family, type, protocol);
if (fd == -1) {
xlog(L_ERROR, "Could not make a socket: (%d) %m",
errno);
return -1;
}
#ifdef IPV6_SUPPORTED
if (sap->sa_family == AF_INET6) {
if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
&one, sizeof(one)) == -1) {
xlog(L_ERROR, "Failed to set IPV6_V6ONLY: (%d) %m",
errno);
(void)close(fd);
return -1;
}
}
#endif /* IPV6_SUPPORTED */
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
&one, sizeof(one)) == -1) {
xlog(L_ERROR, "Failed to set SO_REUSEADDR: (%d) %m",
errno);
(void)close(fd);
return -1;
}
if (bind(fd, sap, salen) == -1) {
xlog(L_ERROR, "Could not bind socket: (%d) %m",
errno);
(void)close(fd);
return -1;
}
if (nconf->nc_semantics == NC_TPI_COTS_ORD)
if (listen(fd, SOMAXCONN) == -1) {
xlog(L_ERROR, "Could not listen on socket: (%d) %m",
errno);
(void)close(fd);
return -1;
}
return fd;
}
/*
* The simple case is allowing the TI-RPC library to create a
* transport itself, given just the bind address and transport
* semantics.
*
* Our local xprt cache is ignored in this path, since the
* caller is not interested in sharing listeners or ports, and
* the library automatically avoids ports already in use.
*
* Returns the count of started listeners (one or zero).
*/
static unsigned int
svc_create_nconf_rand_port(const char *name, const rpcprog_t program,
const rpcvers_t version,
void (*dispatch)(struct svc_req *, SVCXPRT *),
struct netconfig *nconf)
{
struct t_bind bindaddr;
struct addrinfo *ai;
SVCXPRT *xprt;
ai = svc_create_bindaddr(nconf, 0);
if (ai == NULL)
return 0;
bindaddr.addr.buf = ai->ai_addr;
bindaddr.qlen = SOMAXCONN;
xprt = svc_tli_create(RPC_ANYFD, nconf, &bindaddr, 0, 0);
freeaddrinfo(ai);
if (xprt == NULL) {
xlog(D_GENERAL, "Failed to create listener xprt "
"(%s, %u, %s)", name, version, nconf->nc_netid);
return 0;
}
if (svcsock_nonblock(xprt->xp_fd) < 0) {
/* close() already done by svcsock_nonblock() */
xprt->xp_fd = RPC_ANYFD;
SVC_DESTROY(xprt);
return 0;
}
if (!svc_reg(xprt, program, version, dispatch, nconf)) {
/* svc_reg(3) destroys @xprt in this case */
xlog(D_GENERAL, "Failed to register (%s, %u, %s)",
name, version, nconf->nc_netid);
return 0;
}
return 1;
}
/*
* If a port is specified on the command line, that port value will be
* the same for all listeners created here. Create each listener
* socket in advance and set SO_REUSEADDR, rather than allowing the
* RPC library to create the listeners for us on a randomly chosen
* port via svc_tli_create(RPC_ANYFD).
*
* Some callers want to listen for more than one RPC version using the
* same port number. For example, mountd could want to listen for MNT
* version 1, 2, and 3 requests. This means mountd must use the same
* set of listener sockets for multiple RPC versions, since, on one
* system, you can't have two listener sockets with the exact same
* bind address (and port) and transport protocol.
*
* To accomplish this, this function caches xprts as they are created.
* This cache is checked to see if a previously created xprt can be
* used, before creating a new xprt for this [program, version]. If
* there is a cached xprt with the same bindaddr and transport
* semantics, we simply register the new version with that xprt,
* rather than creating a fresh xprt for it.
*
* The xprt cache implemented here is local to a process. Two
* separate RPC daemons can not share a set of listeners.
*
* Returns the count of started listeners (one or zero).
*/
static unsigned int
svc_create_nconf_fixed_port(const char *name, const rpcprog_t program,
const rpcvers_t version,
void (*dispatch)(struct svc_req *, SVCXPRT *),
const uint16_t port, struct netconfig *nconf)
{
struct addrinfo *ai;
SVCXPRT *xprt;
ai = svc_create_bindaddr(nconf, port);
if (ai == NULL)
return 0;
xprt = svc_create_find_xprt(ai->ai_addr, nconf);
if (xprt == NULL) {
int fd;
fd = svc_create_sock(ai->ai_addr, ai->ai_addrlen, nconf);
fd = svcsock_nonblock(fd);
if (fd == -1)
goto out_free;
xprt = svc_tli_create(fd, nconf, NULL, 0, 0);
if (xprt == NULL) {
xlog(D_GENERAL, "Failed to create listener xprt "
"(%s, %u, %s)", name, version, nconf->nc_netid);
(void)close(fd);
goto out_free;
}
}
if (!svc_reg(xprt, program, version, dispatch, nconf)) {
/* svc_reg(3) destroys @xprt in this case */
xlog(D_GENERAL, "Failed to register (%s, %u, %s)",
name, version, nconf->nc_netid);
goto out_free;
}
svc_create_cache_xprt(xprt);
freeaddrinfo(ai);
return 1;
out_free:
freeaddrinfo(ai);
return 0;
}
static unsigned int
svc_create_nconf(const char *name, const rpcprog_t program,
const rpcvers_t version,
void (*dispatch)(struct svc_req *, SVCXPRT *),
const uint16_t port, struct netconfig *nconf)
{
if (port != 0)
return svc_create_nconf_fixed_port(name, program,
version, dispatch, port, nconf);
return svc_create_nconf_rand_port(name, program,
version, dispatch, nconf);
}
/**
* nfs_svc_create - start up RPC svc listeners
* @name: C string containing name of new service
* @program: RPC program number to register
* @version: RPC version number to register
* @dispatch: address of function that handles incoming RPC requests
* @port: if not zero, transport listens on this port
*
* Sets up network transports for receiving RPC requests, and starts
* the RPC dispatcher. Returns the number of started network transports.
*/
unsigned int
nfs_svc_create(char *name, const rpcprog_t program, const rpcvers_t version,
void (*dispatch)(struct svc_req *, SVCXPRT *),
const uint16_t port)
{
const struct sigaction create_sigaction = {
.sa_handler = SIG_IGN,
};
int maxrec = RPC_MAXDATASIZE;
unsigned int visible, up, servport;
struct netconfig *nconf;
void *handlep;
/*
* Ignore SIGPIPE to avoid exiting sideways when peers
* close their TCP connection while we're trying to reply
* to them.
*/
(void)sigaction(SIGPIPE, &create_sigaction, NULL);
/*
* Setting MAXREC also enables non-blocking mode for tcp connections.
* This avoids DOS attacks by a client sending many requests but never
* reading the reply:
* - if a second request already is present for reading in the socket,
* after the first request just was read, libtirpc will break the
* connection. Thus an attacker can't simply send requests as fast as
* he can without waiting for the response.
* - if the write buffer of the socket is full, the next write() will
* fail with EAGAIN. libtirpc will retry the write in a loop for max.
* 2 seconds. If write still fails, the connection will be closed.
*/
rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
handlep = setnetconfig();
if (handlep == NULL) {
xlog(L_ERROR, "Failed to access local netconfig database: %s",
nc_sperror());
return 0;
}
visible = 0;
up = 0;
while ((nconf = getnetconfig(handlep)) != NULL) {
if (!(nconf->nc_flag & NC_VISIBLE))
continue;
visible++;
if (!strcmp(nconf->nc_proto, NC_UDP) && !NFSCTL_UDPISSET(_rpcprotobits))
continue;
if (!strcmp(nconf->nc_proto, NC_TCP) && !NFSCTL_TCPISSET(_rpcprotobits))
continue;
if (port == 0)
servport = getservport(program, nconf->nc_proto);
else
servport = port;
up += svc_create_nconf(name, program, version, dispatch,
servport, nconf);
}
if (visible == 0)
xlog(L_ERROR, "Failed to find any visible netconfig entries");
if (endnetconfig(handlep) == -1)
xlog(L_ERROR, "Failed to close local netconfig database: %s",
nc_sperror());
return up;
}
/**
* nfs_svc_unregister - remove service registrations from local rpcbind database
* @program: RPC program number to unregister
* @version: RPC version number to unregister
*
* Removes all registrations for [ @program, @version ] .
*/
void
nfs_svc_unregister(const rpcprog_t program, const rpcvers_t version)
{
if (rpcb_unset(program, version, NULL) == FALSE)
xlog(D_GENERAL, "Failed to unregister program %lu, version %lu",
(unsigned long)program, (unsigned long)version);
}
#else /* !HAVE_LIBTIRPC */
/**
* nfs_svc_create - start up RPC svc listeners
* @name: C string containing name of new service
* @program: RPC program number to register
* @version: RPC version number to register
* @dispatch: address of function that handles incoming RPC requests
* @port: if not zero, transport listens on this port
*
* Sets up network transports for receiving RPC requests, and starts
* the RPC dispatcher. Returns the number of started network transports.
*/
unsigned int
nfs_svc_create(char *name, const rpcprog_t program, const rpcvers_t version,
void (*dispatch)(struct svc_req *, SVCXPRT *),
const uint16_t port)
{
rpc_init(name, (int)program, (int)version, dispatch, (int)port);
return 1;
}
/**
* nfs_svc_unregister - remove service registrations from local rpcbind database
* @program: RPC program number to unregister
* @version: RPC version number to unregister
*
* Removes all registrations for [ @program, @version ] .
*/
void
nfs_svc_unregister(const rpcprog_t program, const rpcvers_t version)
{
if (pmap_unset((unsigned long)program, (unsigned long)version) == FALSE)
xlog(D_GENERAL, "Failed to unregister program %lu, version %lu",
(unsigned long)program, (unsigned long)version);
}
#endif /* !HAVE_LIBTIRPC */