NetBSD/usr.sbin/rpc.lockd/lock_proc.c

683 lines
19 KiB
C

/* $NetBSD: lock_proc.c,v 1.2 1997/10/18 04:01:15 lukem Exp $ */
/*
* Copyright (c) 1995
* A.R. Gordon (andrew.gordon@net-tel.co.uk). All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed for the FreeBSD project
* 4. Neither the name of the author nor the names of any co-contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY ANDREW GORDON AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
#include <sys/cdefs.h>
#ifndef lint
__RCSID("$NetBSD: lock_proc.c,v 1.2 1997/10/18 04:01:15 lukem Exp $");
#endif
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <syslog.h>
#include <rpc/rpc.h>
#include <rpcsvc/sm_inter.h>
#include "lockd.h"
#include "nlm_prot.h"
#define CLIENT_CACHE_SIZE 64 /* No. of client sockets cached */
#define CLIENT_CACHE_LIFETIME 120 /* In seconds */
static CLIENT *get_client __P((struct sockaddr_in *));
static void log_from_addr __P((char *, struct svc_req *));
static void transmit_result __P((int, nlm_res *, struct svc_req *));
/* log_from_addr ----------------------------------------------------------- */
/*
* Purpose: Log name of function called and source address
* Returns: Nothing
* Notes: Extracts the source address from the transport handle
* passed in as part of the called procedure specification
*/
static void
log_from_addr(fun_name, req)
char *fun_name;
struct svc_req *req;
{
struct sockaddr_in *addr;
struct hostent *host;
char hostname_buf[40];
addr = svc_getcaller(req->rq_xprt);
host = gethostbyaddr((char *)&(addr->sin_addr), addr->sin_len, AF_INET);
if (host) {
strncpy(hostname_buf, host->h_name, sizeof(hostname_buf));
hostname_buf[sizeof(hostname_buf) - 1] = '\0';
} else /* No hostname available - print raw address */
strcpy(hostname_buf, inet_ntoa(addr->sin_addr));
syslog(LOG_DEBUG, "%s from %s", fun_name, hostname_buf);
}
/* get_client -------------------------------------------------------------- */
/*
* Purpose: Get a CLIENT* for making RPC calls to lockd on given host
* Returns: CLIENT* pointer, from clnt_udp_create, or NULL if error
* Notes: Creating a CLIENT* is quite expensive, involving a
* conversation with the remote portmapper to get the
* port number. Since a given client is quite likely
* to make several locking requests in succession, it is
* desirable to cache the created CLIENT*.
*
* Since we are using UDP rather than TCP, there is no cost
* to the remote system in keeping these cached indefinitely.
* Unfortunately there is a snag: if the remote system
* reboots, the cached portmapper results will be invalid,
* and we will never detect this since all of the xxx_msg()
* calls return no result - we just fire off a udp packet
* and hope for the best.
*
* We solve this by discarding cached values after two
* minutes, regardless of whether they have been used
* in the meanwhile (since a bad one might have been used
* plenty of times, as the host keeps retrying the request
* and we keep sending the reply back to the wrong port).
*
* Given that the entries will always expire in the order
* that they were created, there is no point in a LRU
* algorithm for when the cache gets full - entries are
* always re-used in sequence.
*/
static CLIENT *clnt_cache_ptr[CLIENT_CACHE_SIZE];
static long clnt_cache_time[CLIENT_CACHE_SIZE]; /* time entry created */
static struct in_addr clnt_cache_addr[CLIENT_CACHE_SIZE];
static int clnt_cache_next_to_use = 0;
static CLIENT *
get_client(host_addr)
struct sockaddr_in *host_addr;
{
CLIENT *client;
struct timeval retry_time, time_now;
int i, sock_no;
gettimeofday(&time_now, NULL);
/*
* Search for the given client in the cache, zapping any expired
* entries that we happen to notice in passing.
*/
for (i = 0; i < CLIENT_CACHE_SIZE; i++) {
client = clnt_cache_ptr[i];
if (client && ((clnt_cache_time[i] + CLIENT_CACHE_LIFETIME)
< time_now.tv_sec)) {
/* Cache entry has expired. */
if (debug_level > 3)
syslog(LOG_DEBUG, "Expired CLIENT* in cache");
clnt_cache_time[i] = 0L;
clnt_destroy(client);
clnt_cache_ptr[i] = NULL;
client = NULL;
}
if (client && !memcmp(&clnt_cache_addr[i],
&host_addr->sin_addr, sizeof(struct in_addr))) {
/* Found it! */
if (debug_level > 3)
syslog(LOG_DEBUG, "Found CLIENT* in cache");
return (client);
}
}
/* Not found in cache. Free the next entry if it is in use. */
if (clnt_cache_ptr[clnt_cache_next_to_use]) {
clnt_destroy(clnt_cache_ptr[clnt_cache_next_to_use]);
clnt_cache_ptr[clnt_cache_next_to_use] = NULL;
}
/* Create the new client handle */
sock_no = RPC_ANYSOCK;
retry_time.tv_sec = 5;
retry_time.tv_usec = 0;
host_addr->sin_port = 0; /* Force consultation with portmapper */
client = clntudp_create(host_addr, NLM_PROG, NLM_VERS,
retry_time, &sock_no);
if (!client) {
syslog(LOG_ERR, clnt_spcreateerror("clntudp_create"));
syslog(LOG_ERR, "Unable to return result to %s",
inet_ntoa(host_addr->sin_addr));
return NULL;
}
/* Success - update the cache entry */
clnt_cache_ptr[clnt_cache_next_to_use] = client;
clnt_cache_addr[clnt_cache_next_to_use] = host_addr->sin_addr;
clnt_cache_time[clnt_cache_next_to_use] = time_now.tv_sec;
if (++clnt_cache_next_to_use > CLIENT_CACHE_SIZE)
clnt_cache_next_to_use = 0;
/*
* Disable the default timeout, so we can specify our own in calls
* to clnt_call(). (Note that the timeout is a different concept
* from the retry period set in clnt_udp_create() above.)
*/
retry_time.tv_sec = -1;
retry_time.tv_usec = -1;
clnt_control(client, CLSET_TIMEOUT, (char *)&retry_time);
if (debug_level > 3)
syslog(LOG_DEBUG, "Created CLIENT* for %s",
inet_ntoa(host_addr->sin_addr));
return client;
}
/* transmit_result --------------------------------------------------------- */
/*
* Purpose: Transmit result for nlm_xxx_msg pseudo-RPCs
* Returns: Nothing - we have no idea if the datagram got there
* Notes: clnt_call() will always fail (with timeout) as we are
* calling it with timeout 0 as a hack to just issue a datagram
* without expecting a result
*/
static void
transmit_result(opcode, result, req)
int opcode;
nlm_res *result;
struct svc_req *req;
{
static char dummy;
struct sockaddr_in *addr;
CLIENT *cli;
struct timeval timeo;
int success;
addr = svc_getcaller(req->rq_xprt);
if ((cli = get_client(addr)) != NULL) {
timeo.tv_sec = 0; /* No timeout - not expecting response */
timeo.tv_usec = 0;
success = clnt_call(cli, opcode, xdr_nlm_res, result, xdr_void,
&dummy, timeo);
if (debug_level > 2)
syslog(LOG_DEBUG, "clnt_call returns %d\n", success);
}
}
/* ------------------------------------------------------------------------- */
/*
* Functions for Unix<->Unix locking (ie. monitored locking, with rpc.statd
* involved to ensure reclaim of locks after a crash of the "stateless"
* server.
*
* These all come in two flavours - nlm_xxx() and nlm_xxx_msg().
* The first are standard RPCs with argument and result.
* The nlm_xxx_msg() calls implement exactly the same functions, but
* use two pseudo-RPCs (one in each direction). These calls are NOT
* standard use of the RPC protocol in that they do not return a result
* at all (NB. this is quite different from returning a void result).
* The effect of this is to make the nlm_xxx_msg() calls simple unacknowledged
* datagrams, requiring higher-level code to perform retries.
*
* Despite the disadvantages of the nlm_xxx_msg() approach (some of which
* are documented in the comments to get_client() above), this is the
* interface used by all current commercial NFS implementations
* [Solaris, SCO, AIX etc.]. This is presumed to be because these allow
* implementations to continue using the standard RPC libraries, while
* avoiding the block-until-result nature of the library interface.
*
* No client implementations have been identified so far that make use
* of the true RPC version (early SunOS releases would be a likely candidate
* for testing).
*/
/* nlm_test ---------------------------------------------------------------- */
/*
* Purpose: Test whether a specified lock would be granted if requested
* Returns: nlm_granted (or error code)
* Notes:
*/
nlm_testres *
nlm_test_1_svc(arg, rqstp)
nlm_testargs *arg;
struct svc_req *rqstp;
{
static nlm_testres res;
if (debug_level)
log_from_addr("nlm_test", rqstp);
/*
* Copy the cookie from the argument into the result. Note that this
* is slightly hazardous, as the structure contains a pointer to a
* malloc()ed buffer that will get freed by the caller. However, the
* main function transmits the result before freeing the argument
* so it is in fact safe.
*/
res.cookie = arg->cookie;
res.stat.stat = nlm_granted;
return (&res);
}
void *
nlm_test_msg_1_svc(arg, rqstp)
nlm_testargs *arg;
struct svc_req *rqstp;
{
nlm_testres res;
static char dummy;
struct sockaddr_in *addr;
CLIENT *cli;
int success;
struct timeval timeo;
if (debug_level)
log_from_addr("nlm_test_msg", rqstp);
res.cookie = arg->cookie;
res.stat.stat = nlm_granted;
/*
* nlm_test has different result type to the other operations, so
* can't use transmit_result() in this case
*/
addr = svc_getcaller(rqstp->rq_xprt);
if ((cli = get_client(addr)) != NULL) {
timeo.tv_sec = 0; /* No timeout - not expecting response */
timeo.tv_usec = 0;
success = clnt_call(cli, NLM_TEST_RES, xdr_nlm_testres,
&res, xdr_void, &dummy, timeo);
if (debug_level > 2)
syslog(LOG_DEBUG, "clnt_call returns %d\n", success);
}
return (NULL);
}
/* nlm_lock ---------------------------------------------------------------- */
/*
* Purposes: Establish a lock
* Returns: granted, denied or blocked
* Notes: *** grace period support missing
*/
nlm_res *
nlm_lock_1_svc(arg, rqstp)
nlm_lockargs *arg;
struct svc_req *rqstp;
{
static nlm_res res;
if (debug_level)
log_from_addr("nlm_lock", rqstp);
/* copy cookie from arg to result. See comment in nlm_test_1() */
res.cookie = arg->cookie;
res.stat.stat = nlm_granted;
return (&res);
}
void *
nlm_lock_msg_1_svc(arg, rqstp)
nlm_lockargs *arg;
struct svc_req *rqstp;
{
static nlm_res res;
if (debug_level)
log_from_addr("nlm_lock_msg", rqstp);
res.cookie = arg->cookie;
res.stat.stat = nlm_granted;
transmit_result(NLM_LOCK_RES, &res, rqstp);
return (NULL);
}
/* nlm_cancel -------------------------------------------------------------- */
/*
* Purpose: Cancel a blocked lock request
* Returns: granted or denied
* Notes:
*/
nlm_res *
nlm_cancel_1_svc(arg, rqstp)
nlm_cancargs *arg;
struct svc_req *rqstp;
{
static nlm_res res;
if (debug_level)
log_from_addr("nlm_cancel", rqstp);
/* copy cookie from arg to result. See comment in nlm_test_1() */
res.cookie = arg->cookie;
/*
* Since at present we never return 'nlm_blocked', there can never be
* a lock to cancel, so this call always fails.
*/
res.stat.stat = nlm_denied;
return (&res);
}
void *
nlm_cancel_msg_1_svc(arg, rqstp)
nlm_cancargs *arg;
struct svc_req *rqstp;
{
static nlm_res res;
if (debug_level)
log_from_addr("nlm_cancel_msg", rqstp);
res.cookie = arg->cookie;
/*
* Since at present we never return 'nlm_blocked', there can never be
* a lock to cancel, so this call always fails.
*/
res.stat.stat = nlm_denied;
transmit_result(NLM_CANCEL_RES, &res, rqstp);
return (NULL);
}
/* nlm_unlock -------------------------------------------------------------- */
/*
* Purpose: Release an existing lock
* Returns: Always granted, unless during grace period
* Notes: "no such lock" error condition is ignored, as the
* protocol uses unreliable UDP datagrams, and may well
* re-try an unlock that has already succeeded.
*/
nlm_res *
nlm_unlock_1_svc(arg, rqstp)
nlm_unlockargs *arg;
struct svc_req *rqstp;
{
static nlm_res res;
if (debug_level)
log_from_addr("nlm_unlock", rqstp);
res.stat.stat = nlm_granted;
res.cookie = arg->cookie;
return (&res);
}
void *
nlm_unlock_msg_1_svc(arg, rqstp)
nlm_unlockargs *arg;
struct svc_req *rqstp;
{
static nlm_res res;
if (debug_level)
log_from_addr("nlm_unlock_msg", rqstp);
res.stat.stat = nlm_granted;
res.cookie = arg->cookie;
transmit_result(NLM_UNLOCK_RES, &res, rqstp);
return (NULL);
}
/* ------------------------------------------------------------------------- */
/*
* Client-side pseudo-RPCs for results. Note that for the client there
* are only nlm_xxx_msg() versions of each call, since the 'real RPC'
* version returns the results in the RPC result, and so the client
* does not normally receive incoming RPCs.
*
* The exception to this is nlm_granted(), which is genuinely an RPC
* call from the server to the client - a 'call-back' in normal procedure
* call terms.
*/
/* nlm_granted ------------------------------------------------------------- */
/*
* Purpose: Receive notification that formerly blocked lock now granted
* Returns: always success ('granted')
* Notes:
*/
nlm_res *
nlm_granted_1_svc(arg, rqstp)
nlm_testargs *arg;
struct svc_req *rqstp;
{
static nlm_res res;
if (debug_level)
log_from_addr("nlm_granted", rqstp);
/* copy cookie from arg to result. See comment in nlm_test_1() */
res.cookie = arg->cookie;
res.stat.stat = nlm_granted;
return (&res);
}
void *
nlm_granted_msg_1_svc(arg, rqstp)
nlm_testargs *arg;
struct svc_req *rqstp;
{
static nlm_res res;
if (debug_level)
log_from_addr("nlm_granted_msg", rqstp);
res.cookie = arg->cookie;
res.stat.stat = nlm_granted;
transmit_result(NLM_GRANTED_RES, &res, rqstp);
return (NULL);
}
/* nlm_test_res ------------------------------------------------------------ */
/*
* Purpose: Accept result from earlier nlm_test_msg() call
* Returns: Nothing
*/
void *
nlm_test_res_1_svc(arg, rqstp)
nlm_testres *arg;
struct svc_req *rqstp;
{
if (debug_level)
log_from_addr("nlm_test_res", rqstp);
return (NULL);
}
/* nlm_lock_res ------------------------------------------------------------ */
/*
* Purpose: Accept result from earlier nlm_lock_msg() call
* Returns: Nothing
*/
void *
nlm_lock_res_1_svc(arg, rqstp)
nlm_res *arg;
struct svc_req *rqstp;
{
if (debug_level)
log_from_addr("nlm_lock_res", rqstp);
return (NULL);
}
/* nlm_cancel_res ---------------------------------------------------------- */
/*
* Purpose: Accept result from earlier nlm_cancel_msg() call
* Returns: Nothing
*/
void *
nlm_cancel_res_1_svc(arg, rqstp)
nlm_res *arg;
struct svc_req *rqstp;
{
if (debug_level)
log_from_addr("nlm_cancel_res", rqstp);
return (NULL);
}
/* nlm_unlock_res ---------------------------------------------------------- */
/*
* Purpose: Accept result from earlier nlm_unlock_msg() call
* Returns: Nothing
*/
void *
nlm_unlock_res_1_svc(arg, rqstp)
nlm_res *arg;
struct svc_req *rqstp;
{
if (debug_level)
log_from_addr("nlm_unlock_res", rqstp);
return (NULL);
}
/* nlm_granted_res --------------------------------------------------------- */
/*
* Purpose: Accept result from earlier nlm_granted_msg() call
* Returns: Nothing
*/
void *
nlm_granted_res_1_svc(arg, rqstp)
nlm_res *arg;
struct svc_req *rqstp;
{
if (debug_level)
log_from_addr("nlm_granted_res", rqstp);
return (NULL);
}
/* ------------------------------------------------------------------------- */
/*
* Calls for PCNFS locking (aka non-monitored locking, no involvement
* of rpc.statd).
*
* These are all genuine RPCs - no nlm_xxx_msg() nonsense here.
*/
/* nlm_share --------------------------------------------------------------- */
/*
* Purpose: Establish a DOS-style lock
* Returns: success or failure
* Notes: Blocking locks are not supported - client is expected
* to retry if required.
*/
nlm_shareres *
nlm_share_3_svc(arg, rqstp)
nlm_shareargs *arg;
struct svc_req *rqstp;
{
static nlm_shareres res;
if (debug_level)
log_from_addr("nlm_share", rqstp);
res.cookie = arg->cookie;
res.stat = nlm_granted;
res.sequence = 1234356; /* X/Open says this field is ignored? */
return (&res);
}
/* nlm_unshare ------------------------------------------------------------ */
/*
* Purpose: Release a DOS-style lock
* Returns: nlm_granted, unless in grace period
* Notes:
*/
nlm_shareres *
nlm_unshare_3_svc(arg, rqstp)
nlm_shareargs *arg;
struct svc_req *rqstp;
{
static nlm_shareres res;
if (debug_level)
log_from_addr("nlm_unshare", rqstp);
res.cookie = arg->cookie;
res.stat = nlm_granted;
res.sequence = 1234356; /* X/Open says this field is ignored? */
return (&res);
}
/* nlm_nm_lock ------------------------------------------------------------ */
/*
* Purpose: non-monitored version of nlm_lock()
* Returns: as for nlm_lock()
* Notes: These locks are in the same style as the standard nlm_lock,
* but the rpc.statd should not be called to establish a
* monitor for the client machine, since that machine is
* declared not to be running a rpc.statd, and so would not
* respond to the statd protocol.
*/
nlm_res *
nlm_nm_lock_3_svc(arg, rqstp)
nlm_lockargs *arg;
struct svc_req *rqstp;
{
static nlm_res res;
if (debug_level)
log_from_addr("nlm_nm_lock", rqstp);
/* copy cookie from arg to result. See comment in nlm_test_1() */
res.cookie = arg->cookie;
res.stat.stat = nlm_granted;
return (&res);
}
/* nlm_free_all ------------------------------------------------------------ */
/*
* Purpose: Release all locks held by a named client
* Returns: Nothing
* Notes: Potential denial of service security problem here - the
* locks to be released are specified by a host name, independent
* of the address from which the request has arrived.
* Should probably be rejected if the named host has been
* using monitored locks.
*/
void *
nlm_free_all_3_svc(arg, rqstp)
nlm_notify *arg;
struct svc_req *rqstp;
{
static char dummy;
if (debug_level)
log_from_addr("nlm_free_all", rqstp);
return (&dummy);
}