1 /* $NetBSD: ypbind.c,v 1.101 2022/04/11 20:57:37 andvar Exp $ */
2
3 /*
4 * Copyright (c) 1992, 1993 Theo de Raadt <deraadt@fsa.ca>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
17 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <sys/cdefs.h>
30 #ifndef LINT
31 __RCSID("$NetBSD: ypbind.c,v 1.101 2022/04/11 20:57:37 andvar Exp $");
32 #endif
33
34 #include <sys/types.h>
35 #include <sys/param.h>
36 #include <sys/file.h>
37 #include <sys/ioctl.h>
38 #include <sys/signal.h>
39 #include <sys/socket.h>
40 #include <sys/stat.h>
41 #include <sys/syslog.h>
42 #include <sys/uio.h>
43 #include <arpa/inet.h>
44 #include <net/if.h>
45 #include <ctype.h>
46 #include <dirent.h>
47 #include <err.h>
48 #include <errno.h>
49 #include <fcntl.h>
50 #include <ifaddrs.h>
51 #include <limits.h>
52 #include <netdb.h>
53 #include <signal.h>
54 #include <stdarg.h>
55 #include <stdio.h>
56 #include <stdlib.h>
57 #include <string.h>
58 #include <syslog.h>
59 #include <unistd.h>
60 #include <util.h>
61
62 #include <rpc/rpc.h>
63 #include <rpc/xdr.h>
64 #include <rpc/pmap_clnt.h>
65 #include <rpc/pmap_prot.h>
66 #include <rpc/pmap_rmt.h>
67 #include <rpcsvc/yp_prot.h>
68 #include <rpcsvc/ypclnt.h>
69
70 #include "pathnames.h"
71
72 #define YPSERVERSSUFF ".ypservers"
73 #define BINDINGDIR (_PATH_VAR_YP "binding")
74
75 #ifndef O_SHLOCK
76 #define O_SHLOCK 0
77 #endif
78
79 int _yp_invalid_domain(const char *); /* XXX libc internal */
80
81 ////////////////////////////////////////////////////////////
82 // types and globals
83
84 typedef enum {
85 YPBIND_DIRECT, YPBIND_BROADCAST,
86 } ypbind_mode_t;
87
88 enum domainstates {
89 DOM_NEW, /* not yet bound */
90 DOM_ALIVE, /* bound and healthy */
91 DOM_PINGING, /* ping outstanding */
92 DOM_LOST, /* binding timed out, looking for a new one */
93 DOM_DEAD, /* long-term lost, in exponential backoff */
94 };
95
96 struct domain {
97 struct domain *dom_next;
98
99 char dom_name[YPMAXDOMAIN + 1];
100 struct sockaddr_in dom_server_addr;
101 long dom_vers;
102 time_t dom_checktime; /* time of next check/contact */
103 time_t dom_asktime; /* time we were last DOMAIN'd */
104 time_t dom_losttime; /* time the binding was lost, or 0 */
105 unsigned dom_backofftime; /* current backoff period, when DEAD */
106 int dom_lockfd;
107 enum domainstates dom_state;
108 uint32_t dom_xid;
109 FILE *dom_serversfile; /* /var/yp/binding/foo.ypservers */
110 int dom_been_ypset; /* ypset been done on this domain? */
111 ypbind_mode_t dom_ypbindmode; /* broadcast or direct */
112 };
113
114 #define BUFSIZE 1400
115
116 /* the list of all domains */
117 static struct domain *domains;
118 static int check;
119
120 /* option settings */
121 static ypbind_mode_t default_ypbindmode;
122 static int allow_local_ypset = 0, allow_any_ypset = 0;
123 static int insecure;
124
125 /* the sockets we use to interact with servers */
126 static int rpcsock, pingsock;
127
128 /* stuff used for manually interacting with servers */
129 static struct rmtcallargs rmtca;
130 static struct rmtcallres rmtcr;
131 static bool_t rmtcr_outval;
132 static unsigned long rmtcr_port;
133
134 /* The ypbind service transports */
135 static SVCXPRT *udptransp, *tcptransp;
136
137 /* set if we get SIGHUP */
138 static sig_atomic_t hupped;
139
140 ////////////////////////////////////////////////////////////
141 // utilities
142
143 /*
144 * Combo of open() and flock().
145 */
146 static int
open_locked(const char * path,int flags,mode_t mode)147 open_locked(const char *path, int flags, mode_t mode)
148 {
149 int fd;
150
151 fd = open(path, flags|O_SHLOCK, mode);
152 if (fd < 0) {
153 return -1;
154 }
155 #if O_SHLOCK == 0
156 /* dholland 20110522 wouldn't it be better to check this for error? */
157 (void)flock(fd, LOCK_SH);
158 #endif
159 return fd;
160 }
161
162 /*
163 * Exponential backoff for pinging servers for a dead domain.
164 *
165 * We go 10 -> 20 -> 40 -> 60 seconds, then 2 -> 4 -> 8 -> 15 -> 30 ->
166 * 60 minutes, and stay at 60 minutes. This is overengineered.
167 *
168 * With a 60 minute max backoff the response time for when things come
169 * back is not awful, but we only try (and log) about 60 times even if
170 * things are down for a whole long weekend. This is an acceptable log
171 * load, I think.
172 */
173 static void
backoff(unsigned * psecs)174 backoff(unsigned *psecs)
175 {
176 unsigned secs;
177
178 secs = *psecs;
179 if (secs < 60) {
180 secs *= 2;
181 if (secs > 60) {
182 secs = 60;
183 }
184 } else if (secs < 60 * 15) {
185 secs *= 2;
186 if (secs > 60 * 15) {
187 secs = 60 * 15;
188 }
189 } else if (secs < 60 * 60) {
190 secs *= 2;
191 }
192 *psecs = secs;
193 }
194
195 ////////////////////////////////////////////////////////////
196 // logging
197
198 #ifdef DEBUG
199 #define DPRINTF(...) (debug ? (void)printf(__VA_ARGS__) : (void)0)
200 static int debug;
201 #else
202 #define DPRINTF(...)
203 #endif
204
205 static void yp_log(int, const char *, ...) __printflike(2, 3);
206
207 /*
208 * Log some stuff, to syslog or stderr depending on the debug setting.
209 */
210 static void
yp_log(int pri,const char * fmt,...)211 yp_log(int pri, const char *fmt, ...)
212 {
213 va_list ap;
214
215 va_start(ap, fmt);
216
217 #if defined(DEBUG)
218 if (debug) {
219 (void)vprintf(fmt, ap);
220 (void)printf("\n");
221 } else
222 #endif
223 vsyslog(pri, fmt, ap);
224 va_end(ap);
225 }
226
227 ////////////////////////////////////////////////////////////
228 // ypservers file
229
230 /*
231 * Get pathname for the ypservers file for a given domain
232 * (/var/yp/binding/DOMAIN.ypservers)
233 */
234 static const char *
ypservers_filename(const char * domain)235 ypservers_filename(const char *domain)
236 {
237 static char ret[PATH_MAX];
238
239 (void)snprintf(ret, sizeof(ret), "%s/%s%s",
240 BINDINGDIR, domain, YPSERVERSSUFF);
241 return ret;
242 }
243
244 ////////////////////////////////////////////////////////////
245 // struct domain
246
247 /*
248 * The state transitions of a domain work as follows:
249 *
250 * in state NEW:
251 * nag_servers every 5 seconds
252 * upon answer, state is ALIVE
253 *
254 * in state ALIVE:
255 * every 60 seconds, send ping and switch to state PINGING
256 *
257 * in state PINGING:
258 * upon answer, go to state ALIVE
259 * if no answer in 5 seconds, go to state LOST and do nag_servers
260 *
261 * in state LOST:
262 * do nag_servers every 5 seconds
263 * upon answer, go to state ALIVE
264 * if no answer in 60 seconds, go to state DEAD
265 *
266 * in state DEAD
267 * do nag_servers every backofftime seconds (starts at 10)
268 * upon answer go to state ALIVE
269 * backofftime doubles (approximately) each try, with a cap of 1 hour
270 */
271
272 /*
273 * Look up a domain by the XID we assigned it.
274 */
275 static struct domain *
domain_find(uint32_t xid)276 domain_find(uint32_t xid)
277 {
278 struct domain *dom;
279
280 for (dom = domains; dom != NULL; dom = dom->dom_next)
281 if (dom->dom_xid == xid)
282 break;
283 return dom;
284 }
285
286 /*
287 * Pick an XID for a domain.
288 *
289 * XXX: this should just generate a random number.
290 */
291 static uint32_t
unique_xid(struct domain * dom)292 unique_xid(struct domain *dom)
293 {
294 uint32_t tmp_xid;
295
296 tmp_xid = ((uint32_t)(unsigned long)dom) & 0xffffffff;
297 while (domain_find(tmp_xid) != NULL)
298 tmp_xid++;
299
300 return tmp_xid;
301 }
302
303 /*
304 * Construct a new domain. Adds it to the global linked list of all
305 * domains.
306 */
307 static struct domain *
domain_create(const char * name)308 domain_create(const char *name)
309 {
310 struct domain *dom;
311 const char *pathname;
312 struct stat st;
313
314 dom = malloc(sizeof *dom);
315 if (dom == NULL) {
316 yp_log(LOG_ERR, "domain_create: Out of memory");
317 return NULL;
318 }
319
320 dom->dom_next = NULL;
321
322 (void)strlcpy(dom->dom_name, name, sizeof(dom->dom_name));
323 (void)memset(&dom->dom_server_addr, 0, sizeof(dom->dom_server_addr));
324 dom->dom_vers = YPVERS;
325 dom->dom_checktime = 0;
326 dom->dom_asktime = 0;
327 dom->dom_losttime = 0;
328 dom->dom_backofftime = 10;
329 dom->dom_lockfd = -1;
330 dom->dom_state = DOM_NEW;
331 dom->dom_xid = unique_xid(dom);
332 dom->dom_been_ypset = 0;
333 dom->dom_serversfile = NULL;
334
335 /*
336 * Per traditional ypbind(8) semantics, if a ypservers
337 * file does not exist, we revert to broadcast mode.
338 *
339 * The sysadmin can force broadcast mode by passing the
340 * -broadcast flag. There is currently no way to fail and
341 * reject domains for which there is no ypservers file.
342 */
343 dom->dom_ypbindmode = default_ypbindmode;
344 if (dom->dom_ypbindmode == YPBIND_DIRECT) {
345 pathname = ypservers_filename(dom->dom_name);
346 if (stat(pathname, &st) < 0) {
347 /* XXX syslog a warning here? */
348 DPRINTF("%s does not exist, defaulting to broadcast\n",
349 pathname);
350 dom->dom_ypbindmode = YPBIND_BROADCAST;
351 }
352 }
353
354 /* add to global list */
355 dom->dom_next = domains;
356 domains = dom;
357
358 return dom;
359 }
360
361 ////////////////////////////////////////////////////////////
362 // locks
363
364 /*
365 * Open a new binding file. Does not write the contents out; the
366 * caller (there's only one) does that.
367 */
368 static int
makelock(struct domain * dom)369 makelock(struct domain *dom)
370 {
371 int fd;
372 char path[MAXPATHLEN];
373
374 (void)snprintf(path, sizeof(path), "%s/%s.%ld", BINDINGDIR,
375 dom->dom_name, dom->dom_vers);
376
377 fd = open_locked(path, O_CREAT|O_RDWR|O_TRUNC, 0644);
378 if (fd == -1) {
379 (void)mkdir(BINDINGDIR, 0755);
380 fd = open_locked(path, O_CREAT|O_RDWR|O_TRUNC, 0644);
381 if (fd == -1) {
382 return -1;
383 }
384 }
385
386 return fd;
387 }
388
389 /*
390 * Remove a binding file.
391 */
392 static void
removelock(struct domain * dom)393 removelock(struct domain *dom)
394 {
395 char path[MAXPATHLEN];
396
397 (void)snprintf(path, sizeof(path), "%s/%s.%ld",
398 BINDINGDIR, dom->dom_name, dom->dom_vers);
399 (void)unlink(path);
400 }
401
402 /*
403 * purge_bindingdir: remove old binding files (i.e. "rm *.[0-9]" in BINDINGDIR)
404 *
405 * The local YP functions [e.g. yp_master()] will fail without even
406 * talking to ypbind if there is a stale (non-flock'd) binding file
407 * present.
408 *
409 * We have to remove all binding files in BINDINGDIR, not just the one
410 * for the default domain.
411 */
412 static int
purge_bindingdir(const char * dirpath)413 purge_bindingdir(const char *dirpath)
414 {
415 DIR *dirp;
416 int unlinkedfiles, l;
417 struct dirent *dp;
418 char pathname[MAXPATHLEN];
419
420 if ((dirp = opendir(dirpath)) == NULL)
421 return(-1); /* at this point, shouldn't ever happen */
422
423 do {
424 unlinkedfiles = 0;
425 while ((dp = readdir(dirp)) != NULL) {
426 l = dp->d_namlen;
427 /* 'rm *.[0-9]' */
428 if (l > 2 && dp->d_name[l-2] == '.' &&
429 dp->d_name[l-1] >= '0' && dp->d_name[l-1] <= '9') {
430 (void)snprintf(pathname, sizeof(pathname),
431 "%s/%s", dirpath, dp->d_name);
432 if (unlink(pathname) < 0 && errno != ENOENT)
433 return(-1);
434 unlinkedfiles++;
435 }
436 }
437
438 /* rescan dir if we removed it */
439 if (unlinkedfiles)
440 rewinddir(dirp);
441
442 } while (unlinkedfiles);
443
444 closedir(dirp);
445 return(0);
446 }
447
448 ////////////////////////////////////////////////////////////
449 // sunrpc twaddle
450
451 /*
452 * Check if the info coming in is (at least somewhat) valid.
453 */
454 static int
rpc_is_valid_response(char * name,struct sockaddr_in * addr)455 rpc_is_valid_response(char *name, struct sockaddr_in *addr)
456 {
457 if (name == NULL) {
458 return 0;
459 }
460
461 if (_yp_invalid_domain(name)) {
462 return 0;
463 }
464
465 /* don't support insecure servers by default */
466 if (!insecure && ntohs(addr->sin_port) >= IPPORT_RESERVED) {
467 return 0;
468 }
469
470 return 1;
471 }
472
473 /*
474 * Take note of the fact that we've received a reply from a ypserver.
475 * Or, in the case of being ypset, that we've been ypset, which
476 * functions much the same.
477 *
478 * Note that FORCE is set if and only if IS_YPSET is set.
479 *
480 * This function has also for the past 20+ years carried the annotation
481 *
482 * LOOPBACK IS MORE IMPORTANT: PUT IN HACK
483 *
484 * whose meaning isn't entirely clear.
485 */
486 static int
rpc_received(char * dom_name,struct sockaddr_in * raddrp,int force,int is_ypset)487 rpc_received(char *dom_name, struct sockaddr_in *raddrp, int force,
488 int is_ypset)
489 {
490 struct domain *dom;
491 struct iovec iov[2];
492 struct ypbind_resp ybr;
493 ssize_t result;
494 int fd;
495
496 DPRINTF("returned from %s about %s\n",
497 inet_ntoa(raddrp->sin_addr), dom_name);
498
499 /* validate some stuff */
500 if (!rpc_is_valid_response(dom_name, raddrp)) {
501 return 0;
502 }
503
504 /* look for the domain */
505 for (dom = domains; dom != NULL; dom = dom->dom_next)
506 if (!strcmp(dom->dom_name, dom_name))
507 break;
508
509 /* if not found, create it, but only if FORCE; otherwise ignore */
510 if (dom == NULL) {
511 if (force == 0)
512 return 0;
513 dom = domain_create(dom_name);
514 if (dom == NULL)
515 return 0;
516 }
517
518 /* the domain needs to know if it's been explicitly ypset */
519 if (is_ypset) {
520 dom->dom_been_ypset = 1;
521 }
522
523 /*
524 * If the domain is alive and we aren't being called by ypset,
525 * we shouldn't be getting a response at all. Log it, as it
526 * might be hostile.
527 */
528 if (dom->dom_state == DOM_ALIVE && force == 0) {
529 if (!memcmp(&dom->dom_server_addr, raddrp,
530 sizeof(dom->dom_server_addr))) {
531 yp_log(LOG_WARNING,
532 "Unexpected reply from server %s for domain %s",
533 inet_ntoa(dom->dom_server_addr.sin_addr),
534 dom->dom_name);
535 } else {
536 yp_log(LOG_WARNING,
537 "Falsified reply from %s for domain %s",
538 inet_ntoa(dom->dom_server_addr.sin_addr),
539 dom->dom_name);
540 }
541 return 0;
542 }
543
544 /*
545 * If we're expected a ping response, and we've got it
546 * (meaning we aren't being called by ypset), we don't need to
547 * do anything.
548 */
549 if (dom->dom_state == DOM_PINGING && force == 0) {
550 /*
551 * If the reply came from the server we expect, set
552 * dom_state back to ALIVE and ping again in 60
553 * seconds.
554 *
555 * If it came from somewhere else, log it.
556 */
557 if (!memcmp(&dom->dom_server_addr, raddrp,
558 sizeof(dom->dom_server_addr))) {
559 dom->dom_state = DOM_ALIVE;
560 /* recheck binding in 60 sec */
561 dom->dom_checktime = time(NULL) + 60;
562 } else {
563 yp_log(LOG_WARNING,
564 "Falsified reply from %s for domain %s",
565 inet_ntoa(dom->dom_server_addr.sin_addr),
566 dom->dom_name);
567 }
568 return 0;
569 }
570
571 #ifdef HEURISTIC
572 /*
573 * If transitioning to the alive state from a non-alive state,
574 * clear dom_asktime. This will help prevent any requests that
575 * are still coming in from triggering unnecessary pings via
576 * the HEURISTIC code.
577 *
578 * XXX: this may not be an adequate measure; we may need to
579 * keep more state so we can disable the HEURISTIC code for
580 * the first few seconds after rebinding.
581 */
582 if (dom->dom_state == DOM_NEW ||
583 dom->dom_state == DOM_LOST ||
584 dom->dom_state == DOM_DEAD) {
585 dom->dom_asktime = 0;
586 }
587 #endif
588
589 /*
590 * Take the address we got the message from (or in the case of
591 * ypset, the explicit address we were given) as the server
592 * address for this domain, mark the domain alive, and we'll
593 * check it again in 60 seconds.
594 *
595 * XXX: it looks like if we get a random unsolicited reply
596 * from somewhere, we'll silently switch to that server
597 * address, regardless of merit.
598 *
599 * 1. If we have a foo.ypservers file the address should be
600 * checked against it and rejected if it's not one of the
601 * addresses of one of the listed hostnames. Note that it
602 * might not be the same address we sent to; even fairly smart
603 * UDP daemons don't always handle multihomed hosts correctly
604 * and we can't expect sunrpc code to do anything intelligent
605 * at all.
606 *
607 * 2. If we're in broadcast mode the address should be
608 * checked against the local addresses and netmasks so we
609 * don't accept responses from Mars.
610 *
611 * 2a. If we're in broadcast mode and we've been ypset, we
612 * should not accept anything else until we drop the ypset
613 * state for not responding.
614 *
615 * 3. Either way we should not accept a response from an
616 * arbitrary host unless we don't currently have a binding.
617 * (This is now fixed above.)
618 *
619 * Note that for a random unsolicited reply to work it has to
620 * carry the XID of one of the domains we know about; but
621 * those values are predictable.
622 */
623 (void)memcpy(&dom->dom_server_addr, raddrp,
624 sizeof(dom->dom_server_addr));
625 /* recheck binding in 60 seconds */
626 dom->dom_checktime = time(NULL) + 60;
627 dom->dom_state = DOM_ALIVE;
628
629 /* Clear the dead/backoff state. */
630 dom->dom_losttime = 0;
631 dom->dom_backofftime = 10;
632
633 if (is_ypset == 0) {
634 yp_log(LOG_NOTICE, "Domain %s is alive; server %s",
635 dom->dom_name,
636 inet_ntoa(dom->dom_server_addr.sin_addr));
637 }
638
639 /*
640 * Generate a new binding file. If this fails, forget about it.
641 * (But we keep the binding and we'll report it to anyone who
642 * asks via the ypbind service.) XXX: this will interact badly,
643 * maybe very badly, with the code in HEURISTIC.
644 *
645 * Note that makelock() doesn't log on failure.
646 */
647
648 if (dom->dom_lockfd != -1)
649 (void)close(dom->dom_lockfd);
650
651 if ((fd = makelock(dom)) == -1)
652 return 0;
653
654 dom->dom_lockfd = fd;
655
656 iov[0].iov_base = &(udptransp->xp_port);
657 iov[0].iov_len = sizeof udptransp->xp_port;
658 iov[1].iov_base = &ybr;
659 iov[1].iov_len = sizeof ybr;
660
661 (void)memset(&ybr, 0, sizeof ybr);
662 ybr.ypbind_status = YPBIND_SUCC_VAL;
663 ybr.ypbind_respbody.ypbind_bindinfo.ypbind_binding_addr =
664 raddrp->sin_addr;
665 ybr.ypbind_respbody.ypbind_bindinfo.ypbind_binding_port =
666 raddrp->sin_port;
667
668 result = writev(dom->dom_lockfd, iov, 2);
669 if (result < 0 || (size_t)result != iov[0].iov_len + iov[1].iov_len) {
670 if (result < 0)
671 yp_log(LOG_WARNING, "writev: %s", strerror(errno));
672 else
673 yp_log(LOG_WARNING, "writev: short count");
674 (void)close(dom->dom_lockfd);
675 removelock(dom);
676 dom->dom_lockfd = -1;
677 return 0;
678 }
679
680 return 1;
681 }
682
683 /*
684 * The NULL call: do nothing. This is obliged to exist because of
685 * sunrpc silliness.
686 */
687 static void *
688 /*ARGSUSED*/
ypbindproc_null_2(SVCXPRT * transp,void * argp)689 ypbindproc_null_2(SVCXPRT *transp, void *argp)
690 {
691 static char res;
692
693 DPRINTF("ypbindproc_null_2\n");
694 (void)memset(&res, 0, sizeof(res));
695 return (void *)&res;
696 }
697
698 /*
699 * The DOMAIN call: look up the ypserver for a specified domain.
700 */
701 static void *
702 /*ARGSUSED*/
ypbindproc_domain_2(SVCXPRT * transp,void * argp)703 ypbindproc_domain_2(SVCXPRT *transp, void *argp)
704 {
705 static struct ypbind_resp res;
706 struct domain *dom;
707 char *arg = *(char **) argp;
708 time_t now;
709 int count;
710
711 DPRINTF("ypbindproc_domain_2 %s\n", arg);
712
713 (void)memset(&res, 0, sizeof res);
714 res.ypbind_status = YPBIND_FAIL_VAL;
715
716 /* Reject invalid domains. */
717 if (_yp_invalid_domain(arg)) {
718 res.ypbind_respbody.ypbind_error = YPBIND_ERR_NOSERV;
719 return &res;
720 }
721
722 /*
723 * Look for the domain. XXX: Behave erratically if we have
724 * more than 100 domains. The intent here is to avoid allowing
725 * arbitrary incoming requests to create more than 100
726 * domains; but this logic means that if we legitimately have
727 * more than 100 (e.g. via ypset) we'll only actually bind the
728 * first 100 and the rest will fail. The test on 'count' should
729 * be moved further down.
730 */
731 for (count = 0, dom = domains;
732 dom != NULL;
733 dom = dom->dom_next, count++) {
734 if (count > 100) {
735 res.ypbind_respbody.ypbind_error = YPBIND_ERR_RESC;
736 return &res; /* prevent denial of service */
737 }
738 if (!strcmp(dom->dom_name, arg))
739 break;
740 }
741
742 /*
743 * If the domain doesn't exist, create it, then fail the call
744 * because we have no information yet.
745 *
746 * Set "check" so that checkwork() will run and look for a
747 * server.
748 *
749 * XXX: like during startup there's a spurious call to
750 * removelock() after domain_create().
751 */
752 if (dom == NULL) {
753 dom = domain_create(arg);
754 if (dom != NULL) {
755 removelock(dom);
756 check++;
757 DPRINTF("unknown domain %s\n", arg);
758 res.ypbind_respbody.ypbind_error = YPBIND_ERR_NOSERV;
759 } else {
760 res.ypbind_respbody.ypbind_error = YPBIND_ERR_RESC;
761 }
762 return &res;
763 }
764
765 if (dom->dom_state == DOM_NEW) {
766 DPRINTF("new domain %s\n", arg);
767 res.ypbind_respbody.ypbind_error = YPBIND_ERR_NOSERV;
768 return &res;
769 }
770
771 #ifdef HEURISTIC
772 /*
773 * Keep track of the last time we were explicitly asked about
774 * this domain. If it happens a lot, force a ping. This works
775 * (or "works") because we only get asked specifically when
776 * things aren't going; otherwise the client code in libc and
777 * elsewhere uses the binding file.
778 *
779 * Note: HEURISTIC is enabled by default.
780 *
781 * dholland 20140609: I think this is part of the mechanism
782 * that causes ypbind to spam. I'm changing this logic so it
783 * only triggers when the state is DOM_ALIVE: if the domain
784 * is new, lost, or dead we shouldn't send more requests than
785 * the ones already scheduled, and if we're already in the
786 * middle of pinging there's no point doing it again.
787 */
788 (void)time(&now);
789 if (dom->dom_state == DOM_ALIVE && now < dom->dom_asktime + 5) {
790 /*
791 * Hmm. More than 2 requests in 5 seconds have indicated
792 * that my binding is possibly incorrect.
793 * Ok, do an immediate poll of the server.
794 */
795 if (dom->dom_checktime >= now) {
796 /* don't flood it */
797 dom->dom_checktime = 0;
798 check++;
799 }
800 }
801 dom->dom_asktime = now;
802 #endif
803
804 res.ypbind_status = YPBIND_SUCC_VAL;
805 res.ypbind_respbody.ypbind_bindinfo.ypbind_binding_addr.s_addr =
806 dom->dom_server_addr.sin_addr.s_addr;
807 res.ypbind_respbody.ypbind_bindinfo.ypbind_binding_port =
808 dom->dom_server_addr.sin_port;
809 DPRINTF("domain %s at %s/%d\n", dom->dom_name,
810 inet_ntoa(dom->dom_server_addr.sin_addr),
811 ntohs(dom->dom_server_addr.sin_port));
812 return &res;
813 }
814
815 /*
816 * The SETDOM call: ypset.
817 *
818 * Unless -ypsetme was given on the command line, this is rejected;
819 * even then it's only allowed from localhost unless -ypset was
820 * given on the command line.
821 *
822 * Allowing anyone anywhere to ypset you (and therefore provide your
823 * password file and such) is a horrible thing and it isn't clear to
824 * me why this functionality even exists.
825 *
826 * ypset from localhost has some but limited utility.
827 */
828 static void *
ypbindproc_setdom_2(SVCXPRT * transp,void * argp)829 ypbindproc_setdom_2(SVCXPRT *transp, void *argp)
830 {
831 struct ypbind_setdom *sd = argp;
832 struct sockaddr_in *fromsin, bindsin;
833 static bool_t res;
834
835 (void)memset(&res, 0, sizeof(res));
836 fromsin = svc_getcaller(transp);
837 DPRINTF("ypbindproc_setdom_2 from %s\n", inet_ntoa(fromsin->sin_addr));
838
839 /*
840 * Reject unless enabled.
841 */
842
843 if (allow_any_ypset) {
844 /* nothing */
845 } else if (allow_local_ypset) {
846 if (fromsin->sin_addr.s_addr != htonl(INADDR_LOOPBACK)) {
847 DPRINTF("ypset denied from %s\n",
848 inet_ntoa(fromsin->sin_addr));
849 return NULL;
850 }
851 } else {
852 DPRINTF("ypset denied\n");
853 return NULL;
854 }
855
856 /* Make a "security" check. */
857 if (ntohs(fromsin->sin_port) >= IPPORT_RESERVED) {
858 DPRINTF("ypset from unprivileged port denied\n");
859 return &res;
860 }
861
862 /* Ignore requests we don't understand. */
863 if (sd->ypsetdom_vers != YPVERS) {
864 DPRINTF("ypset with wrong version denied\n");
865 return &res;
866 }
867
868 /*
869 * Fetch the arguments out of the xdr-decoded blob and call
870 * rpc_received(), setting FORCE so that the domain will be
871 * created if we don't already know about it, and also saying
872 * that it's actually a ypset.
873 *
874 * Effectively we're telilng rpc_received() that we got an
875 * RPC response from the server specified by ypset.
876 */
877 (void)memset(&bindsin, 0, sizeof bindsin);
878 bindsin.sin_family = AF_INET;
879 bindsin.sin_len = sizeof(bindsin);
880 bindsin.sin_addr = sd->ypsetdom_addr;
881 bindsin.sin_port = sd->ypsetdom_port;
882 if (rpc_received(sd->ypsetdom_domain, &bindsin, 1, 1)) {
883 DPRINTF("ypset to %s for domain %s succeeded\n",
884 inet_ntoa(bindsin.sin_addr), sd->ypsetdom_domain);
885 res = 1;
886 }
887
888 return &res;
889 }
890
891 /*
892 * Dispatcher for the ypbind service.
893 *
894 * There are three calls: NULL, which does nothing, DOMAIN, which
895 * gets the binding for a particular domain, and SETDOM, which
896 * does ypset.
897 */
898 static void
ypbindprog_2(struct svc_req * rqstp,register SVCXPRT * transp)899 ypbindprog_2(struct svc_req *rqstp, register SVCXPRT *transp)
900 {
901 union {
902 char ypbindproc_domain_2_arg[YPMAXDOMAIN + 1];
903 struct ypbind_setdom ypbindproc_setdom_2_arg;
904 void *alignment;
905 } argument;
906 struct authunix_parms *creds;
907 char *result;
908 xdrproc_t xdr_argument, xdr_result;
909 void *(*local)(SVCXPRT *, void *);
910
911 switch (rqstp->rq_proc) {
912 case YPBINDPROC_NULL:
913 xdr_argument = (xdrproc_t)xdr_void;
914 xdr_result = (xdrproc_t)xdr_void;
915 local = ypbindproc_null_2;
916 break;
917
918 case YPBINDPROC_DOMAIN:
919 xdr_argument = (xdrproc_t)xdr_ypdomain_wrap_string;
920 xdr_result = (xdrproc_t)xdr_ypbind_resp;
921 local = ypbindproc_domain_2;
922 break;
923
924 case YPBINDPROC_SETDOM:
925 switch (rqstp->rq_cred.oa_flavor) {
926 case AUTH_UNIX:
927 creds = (struct authunix_parms *)rqstp->rq_clntcred;
928 if (creds->aup_uid != 0) {
929 svcerr_auth(transp, AUTH_BADCRED);
930 return;
931 }
932 break;
933 default:
934 svcerr_auth(transp, AUTH_TOOWEAK);
935 return;
936 }
937
938 xdr_argument = (xdrproc_t)xdr_ypbind_setdom;
939 xdr_result = (xdrproc_t)xdr_void;
940 local = ypbindproc_setdom_2;
941 break;
942
943 default:
944 svcerr_noproc(transp);
945 return;
946 }
947 (void)memset(&argument, 0, sizeof(argument));
948 if (!svc_getargs(transp, xdr_argument, (caddr_t)(void *)&argument)) {
949 svcerr_decode(transp);
950 return;
951 }
952 result = (*local)(transp, &argument);
953 if (result != NULL && !svc_sendreply(transp, xdr_result, result)) {
954 svcerr_systemerr(transp);
955 }
956 return;
957 }
958
959 /*
960 * Set up sunrpc stuff.
961 *
962 * This sets up the ypbind service (both TCP and UDP) and also opens
963 * the sockets we use for talking to ypservers.
964 */
965 static void
sunrpc_setup(void)966 sunrpc_setup(void)
967 {
968 int one;
969
970 (void)pmap_unset(YPBINDPROG, YPBINDVERS);
971
972 udptransp = svcudp_create(RPC_ANYSOCK);
973 if (udptransp == NULL)
974 errx(1, "Cannot create udp service.");
975
976 if (!svc_register(udptransp, YPBINDPROG, YPBINDVERS, ypbindprog_2,
977 IPPROTO_UDP))
978 errx(1, "Unable to register (YPBINDPROG, YPBINDVERS, udp).");
979
980 tcptransp = svctcp_create(RPC_ANYSOCK, 0, 0);
981 if (tcptransp == NULL)
982 errx(1, "Cannot create tcp service.");
983
984 if (!svc_register(tcptransp, YPBINDPROG, YPBINDVERS, ypbindprog_2,
985 IPPROTO_TCP))
986 errx(1, "Unable to register (YPBINDPROG, YPBINDVERS, tcp).");
987
988 /* XXX use SOCK_STREAM for direct queries? */
989 if ((rpcsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
990 err(1, "rpc socket");
991 if ((pingsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
992 err(1, "ping socket");
993
994 (void)fcntl(rpcsock, F_SETFL, fcntl(rpcsock, F_GETFL, 0) | FNDELAY);
995 (void)fcntl(pingsock, F_SETFL, fcntl(pingsock, F_GETFL, 0) | FNDELAY);
996
997 one = 1;
998 (void)setsockopt(rpcsock, SOL_SOCKET, SO_BROADCAST, &one,
999 (socklen_t)sizeof(one));
1000 rmtca.prog = YPPROG;
1001 rmtca.vers = YPVERS;
1002 rmtca.proc = YPPROC_DOMAIN_NONACK;
1003 rmtca.xdr_args = NULL; /* set at call time */
1004 rmtca.args_ptr = NULL; /* set at call time */
1005 rmtcr.port_ptr = &rmtcr_port;
1006 rmtcr.xdr_results = (xdrproc_t)xdr_bool;
1007 rmtcr.results_ptr = (caddr_t)(void *)&rmtcr_outval;
1008 }
1009
1010 ////////////////////////////////////////////////////////////
1011 // operational logic
1012
1013 /*
1014 * Broadcast an RPC packet to hopefully contact some servers for a
1015 * domain.
1016 */
1017 static int
broadcast(char * buf,int outlen)1018 broadcast(char *buf, int outlen)
1019 {
1020 struct ifaddrs *ifap, *ifa;
1021 struct sockaddr_in bindsin;
1022 struct in_addr in;
1023
1024 (void)memset(&bindsin, 0, sizeof bindsin);
1025 bindsin.sin_family = AF_INET;
1026 bindsin.sin_len = sizeof(bindsin);
1027 bindsin.sin_port = htons(PMAPPORT);
1028
1029 if (getifaddrs(&ifap) != 0) {
1030 yp_log(LOG_WARNING, "broadcast: getifaddrs: %s",
1031 strerror(errno));
1032 return (-1);
1033 }
1034 for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
1035 if (ifa->ifa_addr->sa_family != AF_INET)
1036 continue;
1037 if ((ifa->ifa_flags & IFF_UP) == 0)
1038 continue;
1039
1040 switch (ifa->ifa_flags & (IFF_LOOPBACK | IFF_BROADCAST)) {
1041 case IFF_BROADCAST:
1042 if (!ifa->ifa_broadaddr)
1043 continue;
1044 if (ifa->ifa_broadaddr->sa_family != AF_INET)
1045 continue;
1046 in = ((struct sockaddr_in *)(void *)ifa->ifa_broadaddr)->sin_addr;
1047 break;
1048 case IFF_LOOPBACK:
1049 in = ((struct sockaddr_in *)(void *)ifa->ifa_addr)->sin_addr;
1050 break;
1051 default:
1052 continue;
1053 }
1054
1055 bindsin.sin_addr = in;
1056 DPRINTF("broadcast %x\n", bindsin.sin_addr.s_addr);
1057 if (sendto(rpcsock, buf, outlen, 0,
1058 (struct sockaddr *)(void *)&bindsin,
1059 (socklen_t)bindsin.sin_len) == -1)
1060 yp_log(LOG_WARNING, "broadcast: sendto: %s",
1061 strerror(errno));
1062 }
1063 freeifaddrs(ifap);
1064 return (0);
1065 }
1066
1067 /*
1068 * Send an RPC packet to all the configured (in /var/yp/foo.ypservers)
1069 * servers for a domain.
1070 *
1071 * XXX: we should read and parse the file up front and reread it only
1072 * if it changes.
1073 */
1074 static int
direct(char * buf,int outlen,struct domain * dom)1075 direct(char *buf, int outlen, struct domain *dom)
1076 {
1077 const char *path;
1078 char line[_POSIX2_LINE_MAX];
1079 char *p;
1080 struct hostent *hp;
1081 struct sockaddr_in bindsin;
1082 int i, count = 0;
1083
1084 /*
1085 * XXX what happens if someone's editor unlinks and replaces
1086 * the servers file?
1087 */
1088
1089 if (dom->dom_serversfile != NULL) {
1090 rewind(dom->dom_serversfile);
1091 } else {
1092 path = ypservers_filename(dom->dom_name);
1093 dom->dom_serversfile = fopen(path, "r");
1094 if (dom->dom_serversfile == NULL) {
1095 /*
1096 * XXX there should be a time restriction on
1097 * this (and/or on trying the open) so we
1098 * don't flood the log. Or should we fall back
1099 * to broadcast mode?
1100 */
1101 yp_log(LOG_ERR, "%s: %s", path,
1102 strerror(errno));
1103 return -1;
1104 }
1105 }
1106
1107 (void)memset(&bindsin, 0, sizeof bindsin);
1108 bindsin.sin_family = AF_INET;
1109 bindsin.sin_len = sizeof(bindsin);
1110 bindsin.sin_port = htons(PMAPPORT);
1111
1112 while (fgets(line, (int)sizeof(line), dom->dom_serversfile) != NULL) {
1113 /* skip lines that are too big */
1114 p = strchr(line, '\n');
1115 if (p == NULL) {
1116 int c;
1117
1118 while ((c = getc(dom->dom_serversfile)) != '\n' && c != EOF)
1119 ;
1120 continue;
1121 }
1122 *p = '\0';
1123 p = line;
1124 while (isspace((unsigned char)*p))
1125 p++;
1126 if (*p == '#')
1127 continue;
1128 hp = gethostbyname(p);
1129 if (!hp) {
1130 yp_log(LOG_WARNING, "%s: %s", p, hstrerror(h_errno));
1131 continue;
1132 }
1133 /* step through all addresses in case first is unavailable */
1134 for (i = 0; hp->h_addr_list[i]; i++) {
1135 (void)memcpy(&bindsin.sin_addr, hp->h_addr_list[0],
1136 hp->h_length);
1137 if (sendto(rpcsock, buf, outlen, 0,
1138 (struct sockaddr *)(void *)&bindsin,
1139 (socklen_t)sizeof(bindsin)) < 0) {
1140 yp_log(LOG_WARNING, "direct: sendto: %s",
1141 strerror(errno));
1142 continue;
1143 } else
1144 count++;
1145 }
1146 }
1147 if (!count) {
1148 yp_log(LOG_WARNING, "No contactable servers found in %s",
1149 ypservers_filename(dom->dom_name));
1150 return -1;
1151 }
1152 return 0;
1153 }
1154
1155 /*
1156 * Send an RPC packet to the server that's been selected with ypset.
1157 * (This is only used when in broadcast mode and when ypset is
1158 * allowed.)
1159 */
1160 static int
direct_set(char * buf,int outlen,struct domain * dom)1161 direct_set(char *buf, int outlen, struct domain *dom)
1162 {
1163 struct sockaddr_in bindsin;
1164 char path[MAXPATHLEN];
1165 struct iovec iov[2];
1166 struct ypbind_resp ybr;
1167 SVCXPRT dummy_svc;
1168 int fd;
1169 ssize_t bytes;
1170
1171 /*
1172 * Gack, we lose if binding file went away. We reset
1173 * "been_set" if this happens, otherwise we'll never
1174 * bind again.
1175 */
1176 (void)snprintf(path, sizeof(path), "%s/%s.%ld", BINDINGDIR,
1177 dom->dom_name, dom->dom_vers);
1178
1179 fd = open_locked(path, O_RDONLY, 0644);
1180 if (fd == -1) {
1181 yp_log(LOG_WARNING, "%s: %s", path, strerror(errno));
1182 dom->dom_been_ypset = 0;
1183 return -1;
1184 }
1185
1186 /* Read the binding file... */
1187 iov[0].iov_base = &(dummy_svc.xp_port);
1188 iov[0].iov_len = sizeof(dummy_svc.xp_port);
1189 iov[1].iov_base = &ybr;
1190 iov[1].iov_len = sizeof(ybr);
1191 bytes = readv(fd, iov, 2);
1192 (void)close(fd);
1193 if (bytes <0 || (size_t)bytes != (iov[0].iov_len + iov[1].iov_len)) {
1194 /* Binding file corrupt? */
1195 if (bytes < 0)
1196 yp_log(LOG_WARNING, "%s: %s", path, strerror(errno));
1197 else
1198 yp_log(LOG_WARNING, "%s: short read", path);
1199 dom->dom_been_ypset = 0;
1200 return -1;
1201 }
1202
1203 bindsin.sin_addr =
1204 ybr.ypbind_respbody.ypbind_bindinfo.ypbind_binding_addr;
1205
1206 if (sendto(rpcsock, buf, outlen, 0,
1207 (struct sockaddr *)(void *)&bindsin,
1208 (socklen_t)sizeof(bindsin)) < 0) {
1209 yp_log(LOG_WARNING, "direct_set: sendto: %s", strerror(errno));
1210 return -1;
1211 }
1212
1213 return 0;
1214 }
1215
1216 /*
1217 * Receive and dispatch packets on the general RPC socket.
1218 */
1219 static enum clnt_stat
handle_replies(void)1220 handle_replies(void)
1221 {
1222 char buf[BUFSIZE];
1223 socklen_t fromlen;
1224 ssize_t inlen;
1225 struct domain *dom;
1226 struct sockaddr_in raddr;
1227 struct rpc_msg msg;
1228 XDR xdr;
1229
1230 recv_again:
1231 DPRINTF("handle_replies receiving\n");
1232 (void)memset(&xdr, 0, sizeof(xdr));
1233 (void)memset(&msg, 0, sizeof(msg));
1234 msg.acpted_rply.ar_verf = _null_auth;
1235 msg.acpted_rply.ar_results.where = (caddr_t)(void *)&rmtcr;
1236 msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_rmtcallres;
1237
1238 try_again:
1239 fromlen = sizeof(struct sockaddr);
1240 inlen = recvfrom(rpcsock, buf, sizeof buf, 0,
1241 (struct sockaddr *)(void *)&raddr, &fromlen);
1242 if (inlen < 0) {
1243 if (errno == EINTR)
1244 goto try_again;
1245 DPRINTF("handle_replies: recvfrom failed (%s)\n",
1246 strerror(errno));
1247 return RPC_CANTRECV;
1248 }
1249 if ((size_t)inlen < sizeof(uint32_t))
1250 goto recv_again;
1251
1252 /*
1253 * see if reply transaction id matches sent id.
1254 * If so, decode the results.
1255 */
1256 xdrmem_create(&xdr, buf, (unsigned)inlen, XDR_DECODE);
1257 if (xdr_replymsg(&xdr, &msg)) {
1258 if ((msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
1259 (msg.acpted_rply.ar_stat == SUCCESS)) {
1260 raddr.sin_port = htons((uint16_t)rmtcr_port);
1261 dom = domain_find(msg.rm_xid);
1262 if (dom != NULL)
1263 (void)rpc_received(dom->dom_name, &raddr, 0, 0);
1264 }
1265 }
1266 xdr.x_op = XDR_FREE;
1267 msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_void;
1268 xdr_destroy(&xdr);
1269
1270 return RPC_SUCCESS;
1271 }
1272
1273 /*
1274 * Receive and dispatch packets on the ping socket.
1275 */
1276 static enum clnt_stat
handle_ping(void)1277 handle_ping(void)
1278 {
1279 char buf[BUFSIZE];
1280 socklen_t fromlen;
1281 ssize_t inlen;
1282 struct domain *dom;
1283 struct sockaddr_in raddr;
1284 struct rpc_msg msg;
1285 XDR xdr;
1286 bool_t res;
1287
1288 recv_again:
1289 DPRINTF("handle_ping receiving\n");
1290 (void)memset(&xdr, 0, sizeof(xdr));
1291 (void)memset(&msg, 0, sizeof(msg));
1292 msg.acpted_rply.ar_verf = _null_auth;
1293 msg.acpted_rply.ar_results.where = (caddr_t)(void *)&res;
1294 msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_bool;
1295
1296 try_again:
1297 fromlen = sizeof (struct sockaddr);
1298 inlen = recvfrom(pingsock, buf, sizeof buf, 0,
1299 (struct sockaddr *)(void *)&raddr, &fromlen);
1300 if (inlen < 0) {
1301 if (errno == EINTR)
1302 goto try_again;
1303 DPRINTF("handle_ping: recvfrom failed (%s)\n",
1304 strerror(errno));
1305 return RPC_CANTRECV;
1306 }
1307 if ((size_t)inlen < sizeof(uint32_t))
1308 goto recv_again;
1309
1310 /*
1311 * see if reply transaction id matches sent id.
1312 * If so, decode the results.
1313 */
1314 xdrmem_create(&xdr, buf, (unsigned)inlen, XDR_DECODE);
1315 if (xdr_replymsg(&xdr, &msg)) {
1316 if ((msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
1317 (msg.acpted_rply.ar_stat == SUCCESS)) {
1318 dom = domain_find(msg.rm_xid);
1319 if (dom != NULL)
1320 (void)rpc_received(dom->dom_name, &raddr, 0, 0);
1321 }
1322 }
1323 xdr.x_op = XDR_FREE;
1324 msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_void;
1325 xdr_destroy(&xdr);
1326
1327 return RPC_SUCCESS;
1328 }
1329
1330 /*
1331 * Contact all known servers for a domain in the hopes that one of
1332 * them's awake. Also, if we previously had a binding but it timed
1333 * out, try the portmapper on that host in case ypserv moved ports for
1334 * some reason.
1335 *
1336 * As a side effect, wipe out any existing binding file.
1337 */
1338 static int
nag_servers(struct domain * dom)1339 nag_servers(struct domain *dom)
1340 {
1341 char *dom_name = dom->dom_name;
1342 struct rpc_msg msg;
1343 char buf[BUFSIZE];
1344 enum clnt_stat st;
1345 int outlen;
1346 AUTH *rpcua;
1347 XDR xdr;
1348
1349 DPRINTF("nag_servers\n");
1350 rmtca.xdr_args = (xdrproc_t)xdr_ypdomain_wrap_string;
1351 rmtca.args_ptr = (caddr_t)(void *)&dom_name;
1352
1353 (void)memset(&xdr, 0, sizeof xdr);
1354 (void)memset(&msg, 0, sizeof msg);
1355
1356 rpcua = authunix_create_default();
1357 if (rpcua == NULL) {
1358 DPRINTF("cannot get unix auth\n");
1359 return RPC_SYSTEMERROR;
1360 }
1361 msg.rm_direction = CALL;
1362 msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
1363 msg.rm_call.cb_prog = PMAPPROG;
1364 msg.rm_call.cb_vers = PMAPVERS;
1365 msg.rm_call.cb_proc = PMAPPROC_CALLIT;
1366 msg.rm_call.cb_cred = rpcua->ah_cred;
1367 msg.rm_call.cb_verf = rpcua->ah_verf;
1368
1369 msg.rm_xid = dom->dom_xid;
1370 xdrmem_create(&xdr, buf, (unsigned)sizeof(buf), XDR_ENCODE);
1371 if (!xdr_callmsg(&xdr, &msg)) {
1372 st = RPC_CANTENCODEARGS;
1373 AUTH_DESTROY(rpcua);
1374 return st;
1375 }
1376 if (!xdr_rmtcall_args(&xdr, &rmtca)) {
1377 st = RPC_CANTENCODEARGS;
1378 AUTH_DESTROY(rpcua);
1379 return st;
1380 }
1381 outlen = (int)xdr_getpos(&xdr);
1382 xdr_destroy(&xdr);
1383 if (outlen < 1) {
1384 st = RPC_CANTENCODEARGS;
1385 AUTH_DESTROY(rpcua);
1386 return st;
1387 }
1388 AUTH_DESTROY(rpcua);
1389
1390 if (dom->dom_lockfd != -1) {
1391 (void)close(dom->dom_lockfd);
1392 dom->dom_lockfd = -1;
1393 removelock(dom);
1394 }
1395
1396 if (dom->dom_state == DOM_PINGING || dom->dom_state == DOM_LOST) {
1397 /*
1398 * This resolves the following situation:
1399 * ypserver on other subnet was once bound,
1400 * but rebooted and is now using a different port
1401 */
1402 struct sockaddr_in bindsin;
1403
1404 (void)memset(&bindsin, 0, sizeof bindsin);
1405 bindsin.sin_family = AF_INET;
1406 bindsin.sin_len = sizeof(bindsin);
1407 bindsin.sin_port = htons(PMAPPORT);
1408 bindsin.sin_addr = dom->dom_server_addr.sin_addr;
1409
1410 if (sendto(rpcsock, buf, outlen, 0,
1411 (struct sockaddr *)(void *)&bindsin,
1412 (socklen_t)sizeof bindsin) == -1)
1413 yp_log(LOG_WARNING, "nag_servers: sendto: %s",
1414 strerror(errno));
1415 }
1416
1417 switch (dom->dom_ypbindmode) {
1418 case YPBIND_BROADCAST:
1419 if (dom->dom_been_ypset) {
1420 return direct_set(buf, outlen, dom);
1421 }
1422 return broadcast(buf, outlen);
1423
1424 case YPBIND_DIRECT:
1425 return direct(buf, outlen, dom);
1426 }
1427 /*NOTREACHED*/
1428 return -1;
1429 }
1430
1431 /*
1432 * Send a ping message to a domain's current ypserver.
1433 */
1434 static int
ping(struct domain * dom)1435 ping(struct domain *dom)
1436 {
1437 char *dom_name = dom->dom_name;
1438 struct rpc_msg msg;
1439 char buf[BUFSIZE];
1440 enum clnt_stat st;
1441 int outlen;
1442 AUTH *rpcua;
1443 XDR xdr;
1444
1445 (void)memset(&xdr, 0, sizeof xdr);
1446 (void)memset(&msg, 0, sizeof msg);
1447
1448 rpcua = authunix_create_default();
1449 if (rpcua == NULL) {
1450 DPRINTF("cannot get unix auth\n");
1451 return RPC_SYSTEMERROR;
1452 }
1453
1454 msg.rm_direction = CALL;
1455 msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
1456 msg.rm_call.cb_prog = YPPROG;
1457 msg.rm_call.cb_vers = YPVERS;
1458 msg.rm_call.cb_proc = YPPROC_DOMAIN_NONACK;
1459 msg.rm_call.cb_cred = rpcua->ah_cred;
1460 msg.rm_call.cb_verf = rpcua->ah_verf;
1461
1462 msg.rm_xid = dom->dom_xid;
1463 xdrmem_create(&xdr, buf, (unsigned)sizeof(buf), XDR_ENCODE);
1464 if (!xdr_callmsg(&xdr, &msg)) {
1465 st = RPC_CANTENCODEARGS;
1466 AUTH_DESTROY(rpcua);
1467 return st;
1468 }
1469 if (!xdr_ypdomain_wrap_string(&xdr, &dom_name)) {
1470 st = RPC_CANTENCODEARGS;
1471 AUTH_DESTROY(rpcua);
1472 return st;
1473 }
1474 outlen = (int)xdr_getpos(&xdr);
1475 xdr_destroy(&xdr);
1476 if (outlen < 1) {
1477 st = RPC_CANTENCODEARGS;
1478 AUTH_DESTROY(rpcua);
1479 return st;
1480 }
1481 AUTH_DESTROY(rpcua);
1482
1483 DPRINTF("ping %x\n", dom->dom_server_addr.sin_addr.s_addr);
1484
1485 if (sendto(pingsock, buf, outlen, 0,
1486 (struct sockaddr *)(void *)&dom->dom_server_addr,
1487 (socklen_t)(sizeof dom->dom_server_addr)) == -1)
1488 yp_log(LOG_WARNING, "ping: sendto: %s", strerror(errno));
1489 return 0;
1490
1491 }
1492
1493 /*
1494 * Scan for timer-based work to do.
1495 *
1496 * If the domain is currently alive, ping the server we're currently
1497 * bound to. Otherwise, try all known servers and/or broadcast for a
1498 * server via nag_servers.
1499 *
1500 * Try again in five seconds.
1501 *
1502 * If we get back here and the state is still DOM_PINGING, it means
1503 * we didn't receive a ping response within five seconds. Declare the
1504 * binding lost. If the binding is already lost, and it's been lost
1505 * for 60 seconds, switch to DOM_DEAD and begin exponential backoff.
1506 * The exponential backoff starts at 10 seconds and tops out at one
1507 * hour; see above.
1508 */
1509 static void
checkwork(void)1510 checkwork(void)
1511 {
1512 struct domain *dom;
1513 time_t t;
1514
1515 check = 0;
1516
1517 (void)time(&t);
1518 for (dom = domains; dom != NULL; dom = dom->dom_next) {
1519 if (dom->dom_checktime >= t) {
1520 continue;
1521 }
1522 switch (dom->dom_state) {
1523 case DOM_NEW:
1524 /* XXX should be a timeout for this state */
1525 dom->dom_checktime = t + 5;
1526 (void)nag_servers(dom);
1527 break;
1528
1529 case DOM_ALIVE:
1530 dom->dom_state = DOM_PINGING;
1531 dom->dom_checktime = t + 5;
1532 (void)ping(dom);
1533 break;
1534
1535 case DOM_PINGING:
1536 dom->dom_state = DOM_LOST;
1537 dom->dom_losttime = t;
1538 dom->dom_checktime = t + 5;
1539 yp_log(LOG_NOTICE, "Domain %s lost its binding to "
1540 "server %s", dom->dom_name,
1541 inet_ntoa(dom->dom_server_addr.sin_addr));
1542 (void)nag_servers(dom);
1543 break;
1544
1545 case DOM_LOST:
1546 if (t > dom->dom_losttime + 60) {
1547 dom->dom_state = DOM_DEAD;
1548 dom->dom_backofftime = 10;
1549 yp_log(LOG_NOTICE, "Domain %s dead; "
1550 "going to exponential backoff",
1551 dom->dom_name);
1552 }
1553 dom->dom_checktime = t + 5;
1554 (void)nag_servers(dom);
1555 break;
1556
1557 case DOM_DEAD:
1558 dom->dom_checktime = t + dom->dom_backofftime;
1559 backoff(&dom->dom_backofftime);
1560 (void)nag_servers(dom);
1561 break;
1562 }
1563 /* re-fetch the time in case we hung sending packets */
1564 (void)time(&t);
1565 }
1566 }
1567
1568 /*
1569 * Process a hangup signal.
1570 *
1571 * Do an extra nag_servers() for any domains that are DEAD. This way
1572 * if you know things are back up you can restore service by sending
1573 * ypbind a SIGHUP rather than waiting for the timeout period.
1574 */
1575 static void
dohup(void)1576 dohup(void)
1577 {
1578 struct domain *dom;
1579
1580 hupped = 0;
1581 for (dom = domains; dom != NULL; dom = dom->dom_next) {
1582 if (dom->dom_state == DOM_DEAD) {
1583 (void)nag_servers(dom);
1584 }
1585 }
1586 }
1587
1588 /*
1589 * Receive a hangup signal.
1590 */
1591 static void
hup(int __unused sig)1592 hup(int __unused sig)
1593 {
1594 hupped = 1;
1595 }
1596
1597 /*
1598 * Initialize hangup processing.
1599 */
1600 static void
starthup(void)1601 starthup(void)
1602 {
1603 struct sigaction sa;
1604
1605 sa.sa_handler = hup;
1606 sigemptyset(&sa.sa_mask);
1607 sa.sa_flags = SA_RESTART;
1608 if (sigaction(SIGHUP, &sa, NULL) == -1) {
1609 err(1, "sigaction");
1610 }
1611 }
1612
1613 ////////////////////////////////////////////////////////////
1614 // main
1615
1616 /*
1617 * Usage message.
1618 */
1619 __dead static void
usage(void)1620 usage(void)
1621 {
1622 const char *opt = "";
1623 #ifdef DEBUG
1624 opt = " [-d]";
1625 #endif
1626
1627 (void)fprintf(stderr,
1628 "Usage: %s [-broadcast] [-insecure] [-ypset] [-ypsetme]%s\n",
1629 getprogname(), opt);
1630 exit(1);
1631 }
1632
1633 /*
1634 * Main.
1635 */
1636 int
main(int argc,char * argv[])1637 main(int argc, char *argv[])
1638 {
1639 struct timeval tv;
1640 fd_set fdsr;
1641 int width, lockfd;
1642 int started = 0;
1643 char *domainname;
1644
1645 setprogname(argv[0]);
1646
1647 /*
1648 * Process arguments.
1649 */
1650
1651 default_ypbindmode = YPBIND_DIRECT;
1652 while (--argc) {
1653 ++argv;
1654 if (!strcmp("-insecure", *argv)) {
1655 insecure = 1;
1656 } else if (!strcmp("-ypset", *argv)) {
1657 allow_any_ypset = 1;
1658 allow_local_ypset = 1;
1659 } else if (!strcmp("-ypsetme", *argv)) {
1660 allow_any_ypset = 0;
1661 allow_local_ypset = 1;
1662 } else if (!strcmp("-broadcast", *argv)) {
1663 default_ypbindmode = YPBIND_BROADCAST;
1664 #ifdef DEBUG
1665 } else if (!strcmp("-d", *argv)) {
1666 debug = 1;
1667 #endif
1668 } else {
1669 usage();
1670 }
1671 }
1672
1673 /*
1674 * Look up the name of the default domain.
1675 */
1676
1677 (void)yp_get_default_domain(&domainname);
1678 if (domainname[0] == '\0')
1679 errx(1, "Domainname not set. Aborting.");
1680 if (_yp_invalid_domain(domainname))
1681 errx(1, "Invalid domainname: %s", domainname);
1682
1683 /*
1684 * Start things up.
1685 */
1686
1687 /* Open the system log. */
1688 openlog("ypbind", LOG_PERROR | LOG_PID, LOG_DAEMON);
1689
1690 /* Acquire /var/run/ypbind.lock. */
1691 lockfd = open_locked(_PATH_YPBIND_LOCK, O_CREAT|O_RDWR|O_TRUNC, 0644);
1692 if (lockfd == -1)
1693 err(1, "Cannot create %s", _PATH_YPBIND_LOCK);
1694
1695 /* Accept hangups. */
1696 starthup();
1697
1698 /* Initialize sunrpc stuff. */
1699 sunrpc_setup();
1700
1701 /* Clean out BINDINGDIR, deleting all existing (now stale) bindings */
1702 if (purge_bindingdir(BINDINGDIR) < 0)
1703 errx(1, "Unable to purge old bindings from %s", BINDINGDIR);
1704
1705 /*
1706 * We start with one binding, for the default domain. It starts
1707 * out "unsuccessful".
1708 */
1709
1710 if (domain_create(domainname) == NULL)
1711 err(1, "initial domain binding failed");
1712
1713 /*
1714 * Delete the lock for the default domain again, just in case something
1715 * magically caused it to appear since purge_bindingdir() was called.
1716 * XXX: this is useless and redundant; remove it.
1717 */
1718 removelock(domains);
1719
1720 /*
1721 * Main loop. Wake up at least once a second and check for
1722 * timer-based work to do (checkwork) and also handle incoming
1723 * responses from ypservers and any RPCs made to the ypbind
1724 * service.
1725 *
1726 * There are two sockets used for ypserver traffic: one for
1727 * pings and one for everything else. These call XDR manually
1728 * for encoding and are *not* dispatched via the sunrpc
1729 * libraries.
1730 *
1731 * The ypbind service *is* dispatched via the sunrpc libraries.
1732 * svc_getreqset() does whatever internal muck and ultimately
1733 * ypbind service calls arrive at ypbindprog_2().
1734 */
1735 checkwork();
1736 for (;;) {
1737 width = svc_maxfd;
1738 if (rpcsock > width)
1739 width = rpcsock;
1740 if (pingsock > width)
1741 width = pingsock;
1742 width++;
1743 fdsr = svc_fdset;
1744 FD_SET(rpcsock, &fdsr);
1745 FD_SET(pingsock, &fdsr);
1746 tv.tv_sec = 1;
1747 tv.tv_usec = 0;
1748
1749 switch (select(width, &fdsr, NULL, NULL, &tv)) {
1750 case 0:
1751 /* select timed out - check for timer-based work */
1752 if (hupped) {
1753 dohup();
1754 }
1755 checkwork();
1756 break;
1757 case -1:
1758 if (hupped) {
1759 dohup();
1760 }
1761 if (errno != EINTR) {
1762 yp_log(LOG_WARNING, "select: %s",
1763 strerror(errno));
1764 }
1765 break;
1766 default:
1767 if (hupped) {
1768 dohup();
1769 }
1770 /* incoming of our own; read it */
1771 if (FD_ISSET(rpcsock, &fdsr))
1772 (void)handle_replies();
1773 if (FD_ISSET(pingsock, &fdsr))
1774 (void)handle_ping();
1775
1776 /* read any incoming packets for the ypbind service */
1777 svc_getreqset(&fdsr);
1778
1779 /*
1780 * Only check for timer-based work if
1781 * something in the incoming RPC logic said
1782 * to. This might be just a hack to avoid
1783 * scanning the list unnecessarily, but I
1784 * suspect it's also a hack to cover wrong
1785 * state logic. - dholland 20140609
1786 */
1787 if (check)
1788 checkwork();
1789 break;
1790 }
1791
1792 /*
1793 * Defer daemonizing until the default domain binds
1794 * successfully. XXX: there seems to be no timeout
1795 * on this, which means that if the default domain
1796 * is dead upstream boot will hang indefinitely.
1797 */
1798 if (!started && domains->dom_state == DOM_ALIVE) {
1799 started = 1;
1800 #ifdef DEBUG
1801 if (!debug)
1802 #endif
1803 (void)daemon(0, 0);
1804 (void)pidfile(NULL);
1805 }
1806 }
1807 }
1808