#include <sys/param.h>
#include <sys/linker.h>
#include <sys/module.h>
#include <sys/resource.h>
#include <sys/signal.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/un.h>
#include <sys/wait.h>
#include <rpc/rpc.h>
#include <rpc/rpc_com.h>
#ifdef PORTMAP
#include <netinet/in.h>
#endif
#include <arpa/inet.h>
#include <assert.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <libutil.h>
#include <netconfig.h>
#include <netdb.h>
#include <pwd.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#include "rpcbind.h"
int debugging = 0;
int doabort = 0;
int terminate_rfd;
volatile sig_atomic_t doterminate = 0;
rpcblist_ptr list_rbl;
int rpcbindlockfd;
#define RUN_AS "daemon"
#define RPCBINDDLOCK "/var/run/rpcbind.lock"
#define DEFAULT_PIDFILE "/var/run/rpcbind.pid"
char *pidfile_path = DEFAULT_PIDFILE;
struct pidfh *pidfh = NULL;
static int runasdaemon = 0;
int insecure = 0;
int oldstyle_local = 0;
#ifdef LIBWRAP
int libwrap = 0;
#endif
int nofork = 0;
int verboselog = 0;
int nobind_localhost = 0;
static char **hosts = NULL;
static struct sockaddr **bound_sa;
static int ipv6_only = 0;
static int nhosts = 0;
static int on = 1;
static int terminate_wfd;
#ifdef WARMSTART
static int warmstart = 0;
#endif
#ifdef PORTMAP
struct pmaplist *list_pml;
const char *udptrans;
const char *tcptrans;
const char *udp_uaddr;
const char *tcp_uaddr;
#endif
static const char servname[] = "rpcbind";
const char rpcbind_superuser[] = "superuser";
const char rpcbind_unknown[] = "unknown";
static const char nlname[] = "netlink";
static const struct netconfig netlink_nconf = {
.nc_netid = __UNCONST(nlname),
.nc_semantics = NC_TPI_CLTS,
};
static const struct t_bind netlink_taddr = {
.addr = {
.maxlen = sizeof(nlname),
.len = sizeof(nlname),
.buf = __UNCONST(nlname),
},
};
static int init_transport(const struct netconfig *);
static void rbllist_add(rpcprog_t, rpcvers_t, const struct netconfig *,
struct netbuf *);
static void cleanup_pidfile(void);
static void terminate(int);
static void parseargs(int, char *[]);
static void update_bound_sa(void);
int
main(int argc, char *argv[])
{
struct netconfig *nconf;
void *nc_handle;
struct rlimit rl;
int maxrec = RPC_MAXDATASIZE;
int error, fds[2];
parseargs(argc, argv);
update_bound_sa();
if (modfind("krpc") < 0 && kldload("krpc") < 0) {
warn("failed to load krpc module, "
"rpcbind services for kernel disabled");
}
if ((rpcbindlockfd = open(RPCBINDDLOCK, O_RDONLY|O_CREAT, 0444)) < 0)
err(1, "%s", RPCBINDDLOCK);
if (flock(rpcbindlockfd, LOCK_EX|LOCK_NB) != 0 && errno == EWOULDBLOCK)
errx(1, "another rpcbind is already running. Aborting");
if (pidfile_path != NULL) {
pidfh = pidfile_open(pidfile_path, 0600, NULL);
if (pidfh == NULL)
warn("cannot open pid file");
atexit(cleanup_pidfile);
}
getrlimit(RLIMIT_NOFILE, &rl);
if (rl.rlim_cur < 128) {
if (rl.rlim_max <= 128)
rl.rlim_cur = rl.rlim_max;
else
rl.rlim_cur = 128;
setrlimit(RLIMIT_NOFILE, &rl);
}
openlog("rpcbind", LOG_CONS, LOG_DAEMON);
if (geteuid()) {
fprintf(stderr, "Sorry. You are not superuser\n");
exit(1);
}
nc_handle = setnetconfig();
if (nc_handle == NULL) {
syslog(LOG_ERR, "could not read /etc/netconfig");
exit(1);
}
#ifdef PORTMAP
udptrans = "";
tcptrans = "";
#endif
nconf = getnetconfigent("local");
if (nconf == NULL)
nconf = getnetconfigent("unix");
if (nconf == NULL) {
syslog(LOG_ERR, "%s: can't find local transport\n", argv[0]);
exit(1);
}
rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
init_transport(nconf);
while ((nconf = getnetconfig(nc_handle))) {
if (nconf->nc_flag & NC_VISIBLE) {
if (ipv6_only == 1 && strcmp(nconf->nc_protofmly,
"inet") == 0) {
} else
init_transport(nconf);
}
}
endnetconfig(nc_handle);
init_transport(&netlink_nconf);
error = pipe(fds);
if (error != 0)
err(1, "pipe failed");
terminate_rfd = fds[0];
terminate_wfd = fds[1];
(void) signal(SIGCHLD, reap);
(void) signal(SIGINT, terminate);
(void) signal(SIGTERM, terminate);
(void) signal(SIGQUIT, terminate);
(void) signal(SIGPIPE, SIG_IGN);
(void) signal(SIGHUP, SIG_IGN);
(void) signal(SIGUSR1, SIG_IGN);
(void) signal(SIGUSR2, SIG_IGN);
#ifdef WARMSTART
if (warmstart) {
read_warmstart();
}
#endif
if (debugging) {
printf("rpcbind debugging enabled.");
if (doabort) {
printf(" Will abort on errors!\n");
} else {
printf("\n");
}
} else if (!nofork) {
if (daemon(0, 0))
err(1, "fork failed");
}
if (pidfh != NULL && pidfile_write(pidfh) != 0)
syslog(LOG_ERR, "pidfile_write(): %m");
if (runasdaemon) {
struct passwd *p;
if((p = getpwnam(RUN_AS)) == NULL) {
syslog(LOG_ERR, "cannot get uid of daemon: %m");
exit(1);
}
if (setuid(p->pw_uid) == -1) {
syslog(LOG_ERR, "setuid to daemon failed: %m");
exit(1);
}
}
network_init();
my_svc_run();
syslog(LOG_ERR, "svc_run returned unexpectedly");
rpcbind_abort();
return 0;
}
static int
init_transport(const struct netconfig *nconf)
{
int fd = -1;
struct t_bind taddr;
struct addrinfo hints, *res = NULL;
struct __rpc_sockinfo si;
SVCXPRT *my_xprt = NULL;
int status;
int aicode;
int addrlen;
int nhostsbak;
int bound;
u_int32_t host_addr[4];
struct sockaddr *sa;
struct sockaddr_un sun;
mode_t oldmask;
bool local, netlink;
local = strcmp(nconf->nc_netid, "local") == 0 ||
strcmp(nconf->nc_netid, "unix") == 0;
netlink = strcmp(nconf->nc_netid, "netlink") == 0;
if ((nconf->nc_semantics != NC_TPI_CLTS) &&
(nconf->nc_semantics != NC_TPI_COTS) &&
(nconf->nc_semantics != NC_TPI_COTS_ORD))
return (1);
#ifdef RPCBIND_DEBUG
if (debugging) {
unsigned int i;
char **s;
(void)fprintf(stderr, "%s: %ld lookup routines :\n",
nconf->nc_netid, nconf->nc_nlookups);
for (i = 0, s = nconf->nc_lookups; i < nconf->nc_nlookups;
i++, s++)
(void)fprintf(stderr, "[%d] - %s\n", i, *s);
}
#endif
if (local) {
if ((fd = __rpc_nconf2fd(nconf)) < 0) {
syslog(errno == EAFNOSUPPORT ? LOG_DEBUG : LOG_ERR,
"cannot create socket for %s",
nconf->nc_netid);
return (1);
}
}
if (!__rpc_nconf2sockinfo(nconf, &si)) {
syslog(LOG_ERR, "cannot get information for %s",
nconf->nc_netid);
return (1);
}
if (local) {
memset(&sun, 0, sizeof sun);
sun.sun_family = AF_LOCAL;
unlink(_PATH_RPCBINDSOCK);
strcpy(sun.sun_path, _PATH_RPCBINDSOCK);
sun.sun_len = SUN_LEN(&sun);
addrlen = sizeof (struct sockaddr_un);
sa = (struct sockaddr *)&sun;
} else if (!netlink) {
memset(&hints, 0, sizeof hints);
hints.ai_flags = AI_PASSIVE;
hints.ai_family = si.si_af;
hints.ai_socktype = si.si_socktype;
hints.ai_protocol = si.si_proto;
}
if (!local && !netlink) {
nhostsbak = nhosts + 1;
hosts = realloc(hosts, nhostsbak * sizeof(char *));
if (nhostsbak == 1)
hosts[0] = "*";
else {
if (hints.ai_family == AF_INET &&
!nobind_localhost) {
hosts[nhostsbak - 1] = "127.0.0.1";
} else if (hints.ai_family == AF_INET6 &&
!nobind_localhost) {
hosts[nhostsbak - 1] = "::1";
} else
return 1;
}
bound = 0;
while (nhostsbak > 0) {
--nhostsbak;
if ((fd = __rpc_nconf2fd(nconf)) < 0) {
int non_fatal = 0;
if (errno == EAFNOSUPPORT &&
nconf->nc_semantics != NC_TPI_CLTS)
non_fatal = 1;
syslog(non_fatal ? LOG_DEBUG : LOG_ERR,
"cannot create socket for %s", nconf->nc_netid);
return (1);
}
switch (hints.ai_family) {
case AF_INET:
if (inet_pton(AF_INET, hosts[nhostsbak],
host_addr) == 1) {
hints.ai_flags &= AI_NUMERICHOST;
} else {
if (inet_pton(AF_INET6,
hosts[nhostsbak], host_addr) == 1) {
close(fd);
continue;
}
}
break;
case AF_INET6:
if (inet_pton(AF_INET6, hosts[nhostsbak],
host_addr) == 1) {
hints.ai_flags &= AI_NUMERICHOST;
} else {
if (inet_pton(AF_INET, hosts[nhostsbak],
host_addr) == 1) {
close(fd);
continue;
}
}
if (setsockopt(fd, IPPROTO_IPV6,
IPV6_V6ONLY, &on, sizeof on) < 0) {
syslog(LOG_ERR,
"can't set v6-only binding for "
"ipv6 socket: %m");
continue;
}
break;
default:
break;
}
if (strcmp("*", hosts[nhostsbak]) == 0)
hosts[nhostsbak] = NULL;
if ((aicode = getaddrinfo(hosts[nhostsbak], servname, &hints,
&res)) != 0) {
syslog(LOG_ERR, "cannot get local address for %s: %s",
nconf->nc_netid, gai_strerror(aicode));
continue;
}
addrlen = res->ai_addrlen;
sa = (struct sockaddr *)res->ai_addr;
oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH);
if (bind(fd, sa, addrlen) != 0) {
syslog(LOG_ERR, "cannot bind %s on %s: %m",
(hosts[nhostsbak] == NULL) ? "*" :
hosts[nhostsbak], nconf->nc_netid);
if (res != NULL)
freeaddrinfo(res);
continue;
} else
bound = 1;
(void)umask(oldmask);
taddr.addr.len = taddr.addr.maxlen = addrlen;
taddr.addr.buf = malloc(addrlen);
if (taddr.addr.buf == NULL) {
syslog(LOG_ERR,
"cannot allocate memory for %s address",
nconf->nc_netid);
if (res != NULL)
freeaddrinfo(res);
return 1;
}
memcpy(taddr.addr.buf, sa, addrlen);
#ifdef RPCBIND_DEBUG
if (debugging) {
char *uaddr;
struct netbuf nb;
nb.buf = sa;
nb.len = nb.maxlen = sa->sa_len;
uaddr = taddr2uaddr(nconf, &nb);
(void)fprintf(stderr,
"rpcbind : my address is %s\n", uaddr);
(void)free(uaddr);
}
#endif
if (nconf->nc_semantics != NC_TPI_CLTS)
listen(fd, SOMAXCONN);
my_xprt = (SVCXPRT *)svc_tli_create(fd, nconf, &taddr,
RPC_MAXDATASIZE, RPC_MAXDATASIZE);
}
} else if (local) {
oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH);
if (bind(fd, sa, addrlen) < 0) {
syslog(LOG_ERR, "cannot bind %s: %m", nconf->nc_netid);
if (res != NULL)
freeaddrinfo(res);
return 1;
}
(void) umask(oldmask);
taddr.addr.len = taddr.addr.maxlen = addrlen;
taddr.addr.buf = malloc(addrlen);
if (taddr.addr.buf == NULL) {
syslog(LOG_ERR, "cannot allocate memory for %s address",
nconf->nc_netid);
if (res != NULL)
freeaddrinfo(res);
return 1;
}
memcpy(taddr.addr.buf, sa, addrlen);
#ifdef RPCBIND_DEBUG
if (debugging) {
char *uaddr;
struct netbuf nb;
nb.buf = sa;
nb.len = nb.maxlen = sa->sa_len;
uaddr = taddr2uaddr(nconf, &nb);
(void)fprintf(stderr, "rpcbind : my address is %s\n",
uaddr);
(void)free(uaddr);
}
#endif
if (nconf->nc_semantics != NC_TPI_CLTS)
listen(fd, SOMAXCONN);
my_xprt = (SVCXPRT *)svc_tli_create(fd, nconf, &taddr,
RPC_MAXDATASIZE, RPC_MAXDATASIZE);
} else {
assert(netlink);
taddr = netlink_taddr;
my_xprt = svc_nl_create("rpcbind");
}
if (my_xprt == (SVCXPRT *)NULL) {
syslog(LOG_ERR, "%s: could not create service",
nconf->nc_netid);
goto error;
}
#ifdef PORTMAP
if (!netlink && (local || (strcmp(nconf->nc_protofmly, NC_INET) == 0 &&
(strcmp(nconf->nc_proto, NC_TCP) == 0 ||
strcmp(nconf->nc_proto, NC_UDP) == 0)))) {
struct pmaplist *pml;
if (!svc_register(my_xprt, PMAPPROG, PMAPVERS,
pmap_service, 0)) {
syslog(LOG_ERR, "could not register on %s",
nconf->nc_netid);
goto error;
}
pml = malloc(sizeof (struct pmaplist));
if (pml == NULL) {
syslog(LOG_ERR, "no memory!");
exit(1);
}
pml->pml_map.pm_prog = PMAPPROG;
pml->pml_map.pm_vers = PMAPVERS;
pml->pml_map.pm_port = PMAPPORT;
if (strcmp(nconf->nc_proto, NC_TCP) == 0) {
if (tcptrans[0]) {
free(pml);
pml = NULL;
syslog(LOG_ERR,
"cannot have more than one TCP transport");
goto error;
}
tcptrans = strdup(nconf->nc_netid);
pml->pml_map.pm_prot = IPPROTO_TCP;
tcp_uaddr = taddr2uaddr(nconf, &taddr.addr);
} else if (strcmp(nconf->nc_proto, NC_UDP) == 0) {
if (udptrans[0]) {
syslog(LOG_ERR,
"cannot have more than one UDP transport");
goto error;
}
udptrans = strdup(nconf->nc_netid);
pml->pml_map.pm_prot = IPPROTO_UDP;
udp_uaddr = taddr2uaddr(nconf, &taddr.addr);
} else if (strcmp(nconf->nc_netid, "local") == 0)
pml->pml_map.pm_prot = IPPROTO_ST;
else if (strcmp(nconf->nc_netid, "unix") == 0)
pml->pml_map.pm_prot = IPPROTO_ST;
pml->pml_next = list_pml;
list_pml = pml;
pml = malloc(sizeof(*pml));
if (pml == NULL) {
syslog(LOG_ERR, "%m");
exit(1);
}
pml->pml_map = list_pml->pml_map;
pml->pml_map.pm_vers = RPCBVERS;
pml->pml_next = list_pml;
list_pml = pml;
pml = malloc(sizeof(*pml));
if (pml == NULL) {
syslog(LOG_ERR, "%m");
exit(1);
}
pml->pml_map = list_pml->pml_map;
pml->pml_map.pm_vers = RPCBVERS4;
pml->pml_next = list_pml;
list_pml = pml;
rbllist_add(PMAPPROG, PMAPVERS, nconf, &taddr.addr);
}
#endif
if (!svc_reg(my_xprt, RPCBPROG, RPCBVERS, rpcb_service_3, NULL)) {
syslog(LOG_ERR, "could not register %s version 3",
nconf->nc_netid);
goto error;
}
rbllist_add(RPCBPROG, RPCBVERS, nconf, &taddr.addr);
if (!svc_reg(my_xprt, RPCBPROG, RPCBVERS4, rpcb_service_4, NULL)) {
syslog(LOG_ERR, "could not register %s version 4",
nconf->nc_netid);
goto error;
}
rbllist_add(RPCBPROG, RPCBVERS4, nconf, &taddr.addr);
status = add_bndlist(nconf, &taddr.addr);
#ifdef RPCBIND_DEBUG
if (debugging) {
if (status < 0) {
fprintf(stderr, "Error in finding bind status for %s\n",
nconf->nc_netid);
} else if (status == 0) {
fprintf(stderr, "check binding for %s\n",
nconf->nc_netid);
} else if (status > 0) {
fprintf(stderr, "No check binding for %s\n",
nconf->nc_netid);
}
}
#endif
if (!netlink && nconf->nc_semantics == NC_TPI_CLTS) {
status = create_rmtcall_fd(nconf);
#ifdef RPCBIND_DEBUG
if (debugging) {
if (status < 0) {
fprintf(stderr,
"Could not create rmtcall fd for %s\n",
nconf->nc_netid);
} else {
fprintf(stderr, "rmtcall fd for %s is %d\n",
nconf->nc_netid, status);
}
}
#endif
}
return (0);
error:
if (fd != -1)
close(fd);
return (1);
}
static void
update_bound_sa(void)
{
struct addrinfo hints, *res = NULL;
int i;
if (nhosts == 0)
return;
bound_sa = malloc(sizeof(*bound_sa) * nhosts);
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
for (i = 0; i < nhosts; i++) {
if (getaddrinfo(hosts[i], NULL, &hints, &res) != 0)
continue;
bound_sa[i] = malloc(res->ai_addrlen);
memcpy(bound_sa[i], res->ai_addr, res->ai_addrlen);
}
}
int
listen_addr(const struct sockaddr *sa)
{
int i;
if (nhosts == 0)
return 1;
for (i = 0; i < nhosts; i++) {
if (bound_sa[i] == NULL ||
sa->sa_family != bound_sa[i]->sa_family)
continue;
switch (sa->sa_family) {
case AF_INET:
if (memcmp(&SA2SINADDR(sa), &SA2SINADDR(bound_sa[i]),
sizeof(struct in_addr)) == 0)
return (1);
break;
#ifdef INET6
case AF_INET6:
if (memcmp(&SA2SIN6ADDR(sa), &SA2SIN6ADDR(bound_sa[i]),
sizeof(struct in6_addr)) == 0)
return (1);
break;
#endif
default:
break;
}
}
return (0);
}
static void
rbllist_add(rpcprog_t prog, rpcvers_t vers, const struct netconfig *nconf,
struct netbuf *addr)
{
rpcblist_ptr rbl;
rbl = malloc(sizeof (rpcblist));
if (rbl == NULL) {
syslog(LOG_ERR, "no memory!");
exit(1);
}
rbl->rpcb_map.r_prog = prog;
rbl->rpcb_map.r_vers = vers;
rbl->rpcb_map.r_netid = strdup(nconf->nc_netid);
rbl->rpcb_map.r_addr = taddr2uaddr(nconf, addr);
rbl->rpcb_map.r_owner = strdup(rpcbind_superuser);
rbl->rpcb_next = list_rbl;
list_rbl = rbl;
}
static void
cleanup_pidfile(void)
{
if (pidfh != NULL)
pidfile_remove(pidfh);
}
static void
terminate(int signum)
{
char c = '\0';
ssize_t wr;
doterminate = signum;
wr = write(terminate_wfd, &c, 1);
if (wr < 1) {
cleanup_pidfile();
_exit(2);
}
}
void
rpcbind_abort(void)
{
#ifdef WARMSTART
write_warmstart();
#endif
abort();
}
static void
parseargs(int argc, char *argv[])
{
int c;
#ifdef WARMSTART
#define WSOP "w"
#else
#define WSOP ""
#endif
#ifdef LIBWRAP
#define WRAPOP "W"
#else
#define WRAPOP ""
#endif
while ((c = getopt(argc, argv, "6adh:IiLlNP:s" WRAPOP WSOP)) != -1) {
switch (c) {
case '6':
ipv6_only = 1;
break;
case 'a':
doabort = 1;
break;
case 'd':
debugging = 1;
break;
case 'h':
++nhosts;
hosts = realloc(hosts, nhosts * sizeof(char *));
if (hosts == NULL)
errx(1, "Out of memory");
hosts[nhosts - 1] = strdup(optarg);
if (hosts[nhosts - 1] == NULL)
errx(1, "Out of memory");
break;
case 'I':
nobind_localhost = 1;
break;
case 'i':
insecure = 1;
break;
case 'L':
oldstyle_local = 1;
break;
case 'l':
verboselog = 1;
break;
case 'N':
nofork = 1;
break;
case 's':
runasdaemon = 1;
break;
case 'P':
pidfile_path = strdup(optarg);
break;
#ifdef LIBWRAP
case 'W':
libwrap = 1;
break;
#endif
#ifdef WARMSTART
case 'w':
warmstart = 1;
break;
#endif
default:
fprintf(stderr,
"usage: rpcbind [-6adIiLlNPs%s%s] [-h bindip]\n",
WRAPOP, WSOP);
exit (1);
}
}
if (doabort && !debugging) {
fprintf(stderr,
"-a (abort) specified without -d (debugging) -- ignored.\n");
doabort = 0;
}
#undef WSOP
}
void
reap(int dummy __unused)
{
int save_errno = errno;
while (wait3(NULL, WNOHANG, NULL) > 0)
;
errno = save_errno;
}
void
toggle_verboselog(int dummy __unused)
{
verboselog = !verboselog;
}
