Module Name: src
Committed By: christos
Date: Sun Mar 7 00:23:06 UTC 2021
Modified Files:
src/usr.sbin/rpcbind: Makefile pmap_svc.c rpcb_svc_com.c rpcbind.c
security.c
Log Message:
- Enable WARMSTART
- Pass fd to libwrap
- Add blocklist
>From Greg A. Woods
- Tidy up debugging
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/usr.sbin/rpcbind/Makefile
cvs rdiff -u -r1.9 -r1.10 src/usr.sbin/rpcbind/pmap_svc.c
cvs rdiff -u -r1.23 -r1.24 src/usr.sbin/rpcbind/rpcb_svc_com.c
cvs rdiff -u -r1.29 -r1.30 src/usr.sbin/rpcbind/rpcbind.c
cvs rdiff -u -r1.13 -r1.14 src/usr.sbin/rpcbind/security.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/rpcbind/Makefile
diff -u src/usr.sbin/rpcbind/Makefile:1.16 src/usr.sbin/rpcbind/Makefile:1.17
--- src/usr.sbin/rpcbind/Makefile:1.16 Sun Oct 13 03:28:20 2019
+++ src/usr.sbin/rpcbind/Makefile Sat Mar 6 19:23:06 2021
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.16 2019/10/13 07:28:20 mrg Exp $
+# $NetBSD: Makefile,v 1.17 2021/03/07 00:23:06 christos Exp $
.include <bsd.own.mk>
@@ -12,7 +12,7 @@ SRCS= check_bound.c rpcb_stat.c rpcb_svc
LIBCDIR= ${NETBSDSRCDIR}/lib/libc
LIBCRPCDIR= ${LIBCDIR}/rpc
-CPPFLAGS+= -I${LIBCRPCDIR} -DPORTMAP -DLIBWRAP
+CPPFLAGS+= -I${LIBCRPCDIR} -DPORTMAP -DLIBWRAP -DWARMSTART
.if (${USE_INET6} != "no")
CPPFLAGS+= -DINET6
@@ -24,10 +24,11 @@ CPPFLAGS+= -DYP
# Uncomment these to get any useful output from 'rpcbind -d'
# CPPFLAGS+= -DRPCBIND_DEBUG
+# CPPFLAGS+= -DDEBUG_RMTCALL
# CPPFLAGS+= -DSVC_RUN_DEBUG
-LDADD+= -lwrap -lutil
-DPADD+= ${LIBWRAP} ${LIBUTIL}
+LDADD+= -lwrap -lblocklist -lutil
+DPADD+= ${LIBWRAP} ${LIBBLOCKLIST} ${LIBUTIL}
COPTS.rpcb_svc_4.c+= ${GCC_NO_CAST_FUNCTION_TYPE}
COPTS.pmap_svc.c+= ${GCC_NO_CAST_FUNCTION_TYPE}
Index: src/usr.sbin/rpcbind/pmap_svc.c
diff -u src/usr.sbin/rpcbind/pmap_svc.c:1.9 src/usr.sbin/rpcbind/pmap_svc.c:1.10
--- src/usr.sbin/rpcbind/pmap_svc.c:1.9 Wed Aug 16 04:44:40 2017
+++ src/usr.sbin/rpcbind/pmap_svc.c Sat Mar 6 19:23:06 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: pmap_svc.c,v 1.9 2017/08/16 08:44:40 christos Exp $ */
+/* $NetBSD: pmap_svc.c,v 1.10 2021/03/07 00:23:06 christos Exp $ */
/* $FreeBSD: head/usr.sbin/rpcbind/pmap_svc.c 258564 2013-11-25 16:44:02Z hrs $ */
/*-
@@ -173,6 +173,11 @@ pmapproc_change(struct svc_req *rqstp __
struct sockcred *sc;
char uidbuf[32];
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)®)) {
+ svcerr_decode(xprt);
+ return (FALSE);
+ }
+
#ifdef RPCBIND_DEBUG
if (debugging)
fprintf(stderr, "%s request for (%lu, %lu) : ",
@@ -180,11 +185,6 @@ pmapproc_change(struct svc_req *rqstp __
reg.pm_prog, reg.pm_vers);
#endif
- if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)®)) {
- svcerr_decode(xprt);
- return (FALSE);
- }
-
if (!check_access(xprt, op, ®, PMAPVERS)) {
svcerr_weakauth(xprt);
return FALSE;
Index: src/usr.sbin/rpcbind/rpcb_svc_com.c
diff -u src/usr.sbin/rpcbind/rpcb_svc_com.c:1.23 src/usr.sbin/rpcbind/rpcb_svc_com.c:1.24
--- src/usr.sbin/rpcbind/rpcb_svc_com.c:1.23 Tue Jun 16 20:16:22 2020
+++ src/usr.sbin/rpcbind/rpcb_svc_com.c Sat Mar 6 19:23:06 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: rpcb_svc_com.c,v 1.23 2020/06/17 00:16:22 kamil Exp $ */
+/* $NetBSD: rpcb_svc_com.c,v 1.24 2021/03/07 00:23:06 christos Exp $ */
/* $FreeBSD: head/usr.sbin/rpcbind/rpcb_svc_com.c 301770 2016-06-09 22:25:00Z pfg $ */
/*-
@@ -140,9 +140,9 @@ rpcbproc_set_com(void *arg, struct svc_r
#ifdef RPCBIND_DEBUG
if (debugging)
- fprintf(stderr, "RPCB_SET request for (%lu, %lu, %s, %s) : ",
- (unsigned long)regp->r_prog, (unsigned long)regp->r_vers,
- regp->r_netid, regp->r_addr);
+ fprintf(stderr, "%s: RPCB_SET request for (%lu, %lu, %s, %s): ",
+ __func__, (unsigned long)regp->r_prog,
+ (unsigned long)regp->r_vers, regp->r_netid, regp->r_addr);
#endif
ans = map_set(regp, getowner(transp, owner, sizeof owner));
#ifdef RPCBIND_DEBUG
@@ -228,9 +228,9 @@ rpcbproc_unset_com(void *arg, struct svc
#ifdef RPCBIND_DEBUG
if (debugging)
- fprintf(stderr, "RPCB_UNSET request for (%lu, %lu, %s) : ",
- (unsigned long)regp->r_prog, (unsigned long)regp->r_vers,
- regp->r_netid);
+ fprintf(stderr, "%s: RPCB_UNSET request for (%lu, %lu, %s): ",
+ __func__, (unsigned long)regp->r_prog,
+ (unsigned long)regp->r_vers, regp->r_netid);
#endif
ans = map_unset(regp, getowner(transp, owner, sizeof owner));
#ifdef RPCBIND_DEBUG
@@ -350,7 +350,7 @@ rpcbproc_getaddr_com(RPCB *regp, struct
}
#ifdef RPCBIND_DEBUG
if (debugging)
- fprintf(stderr, "getaddr: %s\n", uaddr);
+ fprintf(stderr, "%s: %s\n", __func__, uaddr);
#endif
/* XXX: should have used some defined constant here */
rpcbs_getaddr(rpcbversnum - 2, regp->r_prog, regp->r_vers,
@@ -508,9 +508,8 @@ create_rmtcall_fd(struct netconfig *ncon
if ((fd = __rpc_nconf2fd(nconf)) == -1) {
if (debugging)
- fprintf(stderr,
- "create_rmtcall_fd: couldn't open \"%s\" (errno %d)\n",
- nconf->nc_device, errno);
+ fprintf(stderr, "%s: couldn't open \"%s\" (%s)\n",
+ __func__, nconf->nc_device, strerror(errno));
return (-1);
}
xprt = svc_tli_create(fd, 0, NULL, 0, 0);
@@ -655,8 +654,7 @@ rpcbproc_callit_com(struct svc_req *rqst
#endif /* notyet */
if (buf_alloc == NULL) {
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: No Memory!\n");
+ fprintf(stderr, "%s: No Memory!\n", __func__);
if (reply_type == RPCBPROC_INDIRECT)
svcerr_systemerr(transp);
return;
@@ -671,8 +669,7 @@ rpcbproc_callit_com(struct svc_req *rqst
if (reply_type == RPCBPROC_INDIRECT)
svcerr_decode(transp);
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: svc_getargs failed\n");
+ fprintf(stderr, "%s: svc_getargs failed\n", __func__);
goto error;
}
@@ -685,15 +682,16 @@ rpcbproc_callit_com(struct svc_req *rqst
#ifdef RPCBIND_DEBUG
if (debugging) {
uaddr = taddr2uaddr(rpcbind_get_conf(transp->xp_netid), caller);
- fprintf(stderr, "%s %s req for (%lu, %lu, %lu, %s) from %s : ",
- versnum == PMAPVERS ? "pmap_rmtcall" :
- versnum == RPCBVERS ? "rpcb_rmtcall" :
- versnum == RPCBVERS4 ? "rpcb_indirect" :
- rpcbind_unknown,
- reply_type == RPCBPROC_INDIRECT ? "indirect" : "callit",
- (unsigned long)a.rmt_prog, (unsigned long)a.rmt_vers,
- (unsigned long)a.rmt_proc, transp->xp_netid,
- uaddr ? uaddr : rpcbind_unknown);
+ fprintf(stderr,
+ "%s: %s %s req for (%lu, %lu, %lu, %s) from %s: ",
+ __func__, versnum == PMAPVERS ? "pmap_rmtcall" :
+ versnum == RPCBVERS ? "rpcb_rmtcall" :
+ versnum == RPCBVERS4 ? "rpcb_indirect" :
+ rpcbind_unknown,
+ reply_type == RPCBPROC_INDIRECT ? "indirect" : "callit",
+ (unsigned long)a.rmt_prog, (unsigned long)a.rmt_vers,
+ (unsigned long)a.rmt_proc, transp->xp_netid,
+ uaddr ? uaddr : rpcbind_unknown);
if (uaddr)
free(uaddr);
}
@@ -749,15 +747,14 @@ rpcbproc_callit_com(struct svc_req *rqst
if (reply_type == RPCBPROC_INDIRECT)
svcerr_systemerr(transp);
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: rpcbind_get_conf failed\n");
+ fprintf(stderr, "%s: rpcbind_get_conf failed\n",
+ __func__);
goto error;
}
localsa = local_sa(((struct sockaddr *)caller->buf)->sa_family);
if (localsa == NULL) {
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: no local address\n");
+ fprintf(stderr, "%s: no local address\n", __func__);
goto error;
}
tbuf.len = tbuf.maxlen = localsa->sa_len;
@@ -768,7 +765,7 @@ rpcbproc_callit_com(struct svc_req *rqst
nconf->nc_netid);
#ifdef RPCBIND_DEBUG
if (debugging)
- fprintf(stderr, "merged uaddr %s\n", m_uaddr);
+ fprintf(stderr, "%s: merged uaddr %s\n", __func__, m_uaddr);
#endif
if ((fd = find_rmtcallfd_by_netid(nconf->nc_netid)) == -1) {
if (reply_type == RPCBPROC_INDIRECT)
@@ -788,22 +785,20 @@ rpcbproc_callit_com(struct svc_req *rqst
* beat on it any more.
*/
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: duplicate request\n");
+ fprintf(stderr, "%s: duplicate request\n", __func__);
goto error;
case -1:
/* forward_register failed. Perhaps no memory. */
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: forward_register failed\n");
+ fprintf(stderr, "%s: forward_register failed\n",
+ __func__);
goto error;
}
#ifdef DEBUG_RMTCALL
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: original XID %x, new XID %x\n",
- *xidp, call_msg.rm_xid);
+ fprintf(stderr, "%s: original XID %x, new XID %x\n", __func__,
+ *xidp, call_msg.rm_xid);
#endif
call_msg.rm_direction = CALL;
call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
@@ -829,16 +824,14 @@ rpcbproc_callit_com(struct svc_req *rqst
if (reply_type == RPCBPROC_INDIRECT)
svcerr_systemerr(transp);
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: xdr_callhdr failed\n");
+ fprintf(stderr, "%s: xdr_callhdr failed\n", __func__);
goto error;
}
if (!xdr_u_int32_t(&outxdr, &(a.rmt_proc))) {
if (reply_type == RPCBPROC_INDIRECT)
svcerr_systemerr(transp);
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: xdr_u_long failed\n");
+ fprintf(stderr, "%s: xdr_u_long failed\n", __func__);
goto error;
}
@@ -856,8 +849,8 @@ rpcbproc_callit_com(struct svc_req *rqst
} else {
/* we do not support any other authentication scheme */
if (debugging)
- fprintf(stderr,
-"rpcbproc_callit_com: oa_flavor != AUTH_NONE and oa_flavor != AUTH_SYS\n");
+ fprintf(stderr, "%s: oa_flavor != AUTH_NONE and"
+ " oa_flavor != AUTH_SYS\n", __func__);
if (reply_type == RPCBPROC_INDIRECT)
svcerr_weakauth(transp); /* XXX too strong.. */
goto error;
@@ -867,7 +860,8 @@ rpcbproc_callit_com(struct svc_req *rqst
svcerr_systemerr(transp);
if (debugging)
fprintf(stderr,
- "rpcbproc_callit_com: authwhatever_create returned NULL\n");
+ "%s: authwhatever_create returned NULL\n",
+ __func__);
goto error;
}
if (!AUTH_MARSHALL(auth, &outxdr)) {
@@ -876,7 +870,7 @@ rpcbproc_callit_com(struct svc_req *rqst
AUTH_DESTROY(auth);
if (debugging)
fprintf(stderr,
- "rpcbproc_callit_com: AUTH_MARSHALL failed\n");
+ "%s: AUTH_MARSHALL failed\n", __func__);
goto error;
}
AUTH_DESTROY(auth);
@@ -884,8 +878,8 @@ rpcbproc_callit_com(struct svc_req *rqst
if (reply_type == RPCBPROC_INDIRECT)
svcerr_systemerr(transp);
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: xdr_opaque_parms failed\n");
+ fprintf(stderr, "%s: xdr_opaque_parms failed\n",
+ __func__);
goto error;
}
outlen = (int) XDR_GETPOS(&outxdr);
@@ -904,8 +898,8 @@ rpcbproc_callit_com(struct svc_req *rqst
if (sendto(fd, outbufp, outlen, 0, (struct sockaddr *)na->buf, na->len)
!= outlen) {
if (debugging)
- fprintf(stderr,
- "rpcbproc_callit_com: sendto failed: errno %d\n", errno);
+ fprintf(stderr, "%s: sendto failed (%s)\n", __func__,
+ strerror(errno));
if (reply_type == RPCBPROC_INDIRECT)
svcerr_systemerr(transp);
goto error;
@@ -1116,7 +1110,7 @@ my_svc_run(void)
int poll_ret, check_ret;
int n, *m;
#ifdef SVC_RUN_DEBUG
- int i;
+ size_t i;
#endif
struct pollfd *p;
@@ -1147,8 +1141,9 @@ out:
nfds = p - pollfds;
poll_ret = 0;
#ifdef SVC_RUN_DEBUG
- if (debugging) {
- fprintf(stderr, "polling for read on fd < ");
+ if (debugging > 1) {
+ fprintf(stderr, "%s: polling for read on fd < ",
+ __func__);
for (i = 0, p = pollfds; i < nfds; i++, p++)
if (p->events)
fprintf(stderr, "%d ", p->fd);
@@ -1168,18 +1163,20 @@ out:
* other outside event) and not caused by poll().
*/
#ifdef SVC_RUN_DEBUG
- if (debugging) {
- fprintf(stderr, "poll returned %d (%s)\n",
- poll_ret, strerror(errno));
+ if (debugging > 1) {
+ fprintf(stderr, "%s: poll returned %d (%s)\n",
+ __func__, poll_ret, strerror(errno));
}
#endif
+ /* FALLTHROUGH */
case 0:
__svc_clean_idle(NULL, 30, FALSE);
continue;
default:
#ifdef SVC_RUN_DEBUG
if (debugging) {
- fprintf(stderr, "poll returned read fds < ");
+ fprintf(stderr, "%s: poll returned read fds < ",
+ __func__);
for (i = 0, p = pollfds; i < nfds; i++, p++)
if (p->revents)
fprintf(stderr, "%d (%#x)",
@@ -1201,7 +1198,7 @@ out:
}
#ifdef SVC_RUN_DEBUG
if (debugging) {
- fprintf(stderr, "svc_maxfd now %u\n",
+ fprintf(stderr, "%s: svc_maxfd now %u\n", __func__,
*svc_fdset_getmax());
}
#endif
@@ -1224,9 +1221,9 @@ check_rmtcalls(struct pollfd *pfds, int
ncallbacks_found++;
#ifdef DEBUG_RMTCALL
if (debugging)
- fprintf(stderr,
-"my_svc_run: polled on forwarding fd %d, netid %s - calling handle_reply\n",
- pfds[j].fd, xprt->xp_netid);
+ fprintf(stderr, "%s: polled on forwarding "
+ "fd %d, netid %s - calling handle_reply\n",
+ __func__, pfds[j].fd, xprt->xp_netid);
#endif
handle_reply(pfds[j].fd, xprt);
pfds[j].revents = 0;
@@ -1289,8 +1286,8 @@ handle_reply(int fd, SVCXPRT *xprt)
} while (inlen < 0 && errno == EINTR);
if (inlen < 0) {
if (debugging)
- fprintf(stderr,
- "handle_reply: recvfrom returned %d, errno %d\n", inlen, errno);
+ fprintf(stderr, "%s: recvfrom returned %d (%s)\n",
+ __func__, inlen, strerror(errno));
goto done;
}
@@ -1301,15 +1298,14 @@ handle_reply(int fd, SVCXPRT *xprt)
xdrmem_create(&reply_xdrs, buffer, (u_int)inlen, XDR_DECODE);
if (!xdr_replymsg(&reply_xdrs, &reply_msg)) {
if (debugging)
- (void) fprintf(stderr,
- "handle_reply: xdr_replymsg failed\n");
+ fprintf(stderr, "%s: xdr_replymsg failed\n", __func__);
goto done;
}
fi = forward_find(reply_msg.rm_xid);
#ifdef SVC_RUN_DEBUG
if (debugging) {
- fprintf(stderr, "handle_reply: reply xid: %d fi addr: %p\n",
- reply_msg.rm_xid, fi);
+ fprintf(stderr, "%s: reply xid: %d fi addr: %p\n",
+ __func__, reply_msg.rm_xid, fi);
}
#endif
if (fi == NULL) {
@@ -1318,8 +1314,8 @@ handle_reply(int fd, SVCXPRT *xprt)
_seterr_reply(&reply_msg, &reply_error);
if (reply_error.re_status != RPC_SUCCESS) {
if (debugging)
- (void) fprintf(stderr, "handle_reply: %s\n",
- clnt_sperrno(reply_error.re_status));
+ fprintf(stderr, "%s: %s\n", __func__,
+ clnt_sperrno(reply_error.re_status));
send_svcsyserr(xprt, fi);
goto done;
}
@@ -1335,8 +1331,8 @@ handle_reply(int fd, SVCXPRT *xprt)
uaddr = taddr2uaddr(rpcbind_get_conf("udp"),
svc_getrpccaller(xprt));
if (debugging) {
- fprintf(stderr, "handle_reply: forwarding address %s to %s\n",
- a.rmt_uaddr, uaddr ? uaddr : rpcbind_unknown);
+ fprintf(stderr, "%s:forwarding address %s to %s\n",
+ __func__, a.rmt_uaddr, uaddr ? uaddr : rpcbind_unknown);
}
if (uaddr)
free(uaddr);
@@ -1349,7 +1345,7 @@ done:
if (reply_msg.rm_xid == 0) {
#ifdef SVC_RUN_DEBUG
if (debugging) {
- fprintf(stderr, "handle_reply: NULL xid on exit!\n");
+ fprintf(stderr, "%s: NULL xid on exit!\n", __func__);
}
#endif
} else
Index: src/usr.sbin/rpcbind/rpcbind.c
diff -u src/usr.sbin/rpcbind/rpcbind.c:1.29 src/usr.sbin/rpcbind/rpcbind.c:1.30
--- src/usr.sbin/rpcbind/rpcbind.c:1.29 Tue Jun 16 20:16:22 2020
+++ src/usr.sbin/rpcbind/rpcbind.c Sat Mar 6 19:23:06 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: rpcbind.c,v 1.29 2020/06/17 00:16:22 kamil Exp $ */
+/* $NetBSD: rpcbind.c,v 1.30 2021/03/07 00:23:06 christos Exp $ */
/*-
* Copyright (c) 2009, Sun Microsystems, Inc.
@@ -302,14 +302,14 @@ init_transport(struct netconfig *nconf)
return 1; /* not my type */
#ifdef RPCBIND_DEBUG
if (debugging) {
- int i;
+ unsigned int i;
char **s;
(void)fprintf(stderr, "%s: %ld lookup routines :\n",
nconf->nc_netid, nconf->nc_nlookups);
for (i = 0, s = nconf->nc_lookups; i < nconf->nc_nlookups;
i++, s++)
- (void)fprintf(stderr, "[%d] - %s\n", i, *s);
+ (void)fprintf(stderr, "[%u] - %s\n", i, *s);
}
#endif
@@ -899,7 +899,7 @@ parseargs(int argc, char *argv[])
break; /* errors; for rpcbind developers */
/* only! */
case 'd':
- debugging = 1;
+ debugging++;
break;
case 'h':
++nhosts;
Index: src/usr.sbin/rpcbind/security.c
diff -u src/usr.sbin/rpcbind/security.c:1.13 src/usr.sbin/rpcbind/security.c:1.14
--- src/usr.sbin/rpcbind/security.c:1.13 Wed Apr 24 06:27:49 2019
+++ src/usr.sbin/rpcbind/security.c Sat Mar 6 19:23:06 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: security.c,v 1.13 2019/04/24 10:27:49 roy Exp $ */
+/* $NetBSD: security.c,v 1.14 2021/03/07 00:23:06 christos Exp $ */
/* $FreeBSD: head/usr.sbin/rpcbind/security.c 262860 2014-03-06 17:33:27Z mav $ */
#include <sys/types.h>
@@ -123,7 +123,7 @@ check_access(SVCXPRT *xprt, rpcproc_t pr
#ifdef LIBWRAP
if (libwrap && addr->sa_family != AF_LOCAL) {
request_init(&req, RQ_DAEMON, "rpcbind", RQ_CLIENT_SIN, addr,
- 0);
+ RQ_FILE, xprt->xp_fd, NULL);
sock_methods(&req);
if(!hosts_access(&req)) {
logit(deny_severity, addr, proc, prog,
