1 /* $OpenBSD: rpc.c,v 1.15 2015/08/15 19:42:56 miod Exp $ */
2 /* $NetBSD: rpc.c,v 1.16 1996/10/13 02:29:06 christos Exp $ */
3
4 /*
5 * Copyright (c) 1992 Regents of the University of California.
6 * All rights reserved.
7 *
8 * This software was developed by the Computer Systems Engineering group
9 * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and
10 * contributed to Berkeley.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by the University of
23 * California, Lawrence Berkeley Laboratory and its contributors.
24 * 4. Neither the name of the University nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * SUCH DAMAGE.
39 *
40 * @(#) Header: rpc.c,v 1.12 93/09/28 08:31:56 leres Exp (LBL)
41 */
42
43 /*
44 * RPC functions used by NFS and bootparams.
45 * Note that bootparams requires the ability to find out the
46 * address of the server from which its response has come.
47 * This is supported by keeping the IP/UDP headers in the
48 * buffer space provided by the caller. (See rpc_fromaddr)
49 */
50
51 #include <sys/param.h>
52 #include <sys/socket.h>
53
54 #include <netinet/in.h>
55
56 #include <nfs/rpcv2.h>
57
58 #include "stand.h"
59 #include "net.h"
60 #include "netif.h"
61 #include "rpc.h"
62
63 struct auth_info {
64 int32_t authtype; /* auth type */
65 u_int32_t authlen; /* auth length */
66 };
67
68 struct auth_unix {
69 int32_t ua_time;
70 int32_t ua_hostname; /* null */
71 int32_t ua_uid;
72 int32_t ua_gid;
73 int32_t ua_gidlist; /* null */
74 };
75
76 struct rpc_call {
77 u_int32_t rp_xid; /* request transaction id */
78 int32_t rp_direction; /* call direction (0) */
79 u_int32_t rp_rpcvers; /* rpc version (2) */
80 u_int32_t rp_prog; /* program */
81 u_int32_t rp_vers; /* version */
82 u_int32_t rp_proc; /* procedure */
83 };
84
85 struct rpc_reply {
86 u_int32_t rp_xid; /* request transaction id */
87 int32_t rp_direction; /* call direction (1) */
88 int32_t rp_astatus; /* accept status (0: accepted) */
89 union {
90 u_int32_t rpu_errno;
91 struct {
92 struct auth_info rok_auth;
93 u_int32_t rok_status;
94 } rpu_rok;
95 } rp_u;
96 };
97
98 /* Local forwards */
99 static ssize_t recvrpc(struct iodesc *, void *, size_t, time_t);
100 static int rpc_getport(struct iodesc *, u_int32_t, u_int32_t);
101
102 int rpc_xid;
103 int rpc_port = 0x400; /* predecrement */
104
105 /*
106 * Make a rpc call; return length of answer
107 * Note: Caller must leave room for headers.
108 */
109 ssize_t
rpc_call(struct iodesc * d,u_int32_t prog,u_int32_t vers,u_int32_t proc,void * sdata,size_t slen,void * rdata,size_t rlen)110 rpc_call(struct iodesc *d, u_int32_t prog, u_int32_t vers, u_int32_t proc, void *sdata,
111 size_t slen, void *rdata, size_t rlen)
112 {
113 ssize_t cc;
114 struct auth_info *auth;
115 struct rpc_call *call;
116 struct rpc_reply *reply;
117 char *send_head, *send_tail;
118 char *recv_head, *recv_tail;
119 u_int32_t x;
120 int port; /* host order */
121
122 #ifdef RPC_DEBUG
123 if (debug)
124 printf("rpc_call: prog=0x%x vers=%d proc=%d\n",
125 prog, vers, proc);
126 #endif
127
128 port = rpc_getport(d, prog, vers);
129 if (port == -1)
130 return (-1);
131
132 d->destport = htons(port);
133
134 /*
135 * Prepend authorization stuff and headers.
136 * Note, must prepend things in reverse order.
137 */
138 send_head = sdata;
139 send_tail = (char *)sdata + slen;
140
141 /* Auth verifier is always auth_null */
142 send_head -= sizeof(*auth);
143 auth = (struct auth_info *)send_head;
144 auth->authtype = htonl(RPCAUTH_NULL);
145 auth->authlen = 0;
146
147 #if 1
148 /* Auth credentials: always auth unix (as root) */
149 send_head -= sizeof(struct auth_unix);
150 bzero(send_head, sizeof(struct auth_unix));
151 send_head -= sizeof(*auth);
152 auth = (struct auth_info *)send_head;
153 auth->authtype = htonl(RPCAUTH_UNIX);
154 auth->authlen = htonl(sizeof(struct auth_unix));
155 #else
156 /* Auth credentials: always auth_null (XXX OK?) */
157 send_head -= sizeof(*auth);
158 auth = send_head;
159 auth->authtype = htonl(RPCAUTH_NULL);
160 auth->authlen = 0;
161 #endif
162
163 /* RPC call structure. */
164 send_head -= sizeof(*call);
165 call = (struct rpc_call *)send_head;
166 rpc_xid++;
167 call->rp_xid = htonl(rpc_xid);
168 call->rp_direction = htonl(RPC_CALL);
169 call->rp_rpcvers = htonl(RPC_VER2);
170 call->rp_prog = htonl(prog);
171 call->rp_vers = htonl(vers);
172 call->rp_proc = htonl(proc);
173
174 /* Make room for the rpc_reply header. */
175 recv_head = rdata;
176 recv_tail = (char *)rdata + rlen;
177 recv_head -= sizeof(*reply);
178
179 cc = sendrecv(d,
180 sendudp, send_head, send_tail - send_head,
181 recvrpc, recv_head, recv_tail - recv_head);
182
183 #ifdef RPC_DEBUG
184 if (debug)
185 printf("callrpc: cc=%d rlen=%d\n", cc, rlen);
186 #endif
187 if (cc <= -1)
188 return (-1);
189
190 if ((size_t)cc <= sizeof(*reply)) {
191 errno = EBADRPC;
192 return (-1);
193 }
194
195 recv_tail = recv_head + cc;
196
197 /*
198 * Check the RPC reply status.
199 * The xid, dir, astatus were already checked.
200 */
201 reply = (struct rpc_reply *)recv_head;
202 auth = &reply->rp_u.rpu_rok.rok_auth;
203 x = ntohl(auth->authlen);
204 if (x != 0) {
205 #ifdef RPC_DEBUG
206 if (debug)
207 printf("callrpc: reply auth != NULL\n");
208 #endif
209 errno = EBADRPC;
210 return(-1);
211 }
212 x = ntohl(reply->rp_u.rpu_rok.rok_status);
213 if (x != 0) {
214 printf("callrpc: error = %d\n", x);
215 errno = EBADRPC;
216 return(-1);
217 }
218 recv_head += sizeof(*reply);
219
220 return (ssize_t)(recv_tail - recv_head);
221 }
222
223 /*
224 * Returns true if packet is the one we're waiting for.
225 * This just checks the XID, direction, acceptance.
226 * Remaining checks are done by callrpc
227 */
228 static ssize_t
recvrpc(struct iodesc * d,void * pkt,size_t len,time_t tleft)229 recvrpc(struct iodesc *d, void *pkt, size_t len, time_t tleft)
230 {
231 struct rpc_reply *reply;
232 ssize_t n;
233 int x;
234
235 errno = 0;
236 #ifdef RPC_DEBUG
237 if (debug)
238 printf("recvrpc: called len=%d\n", len);
239 #endif
240
241 n = readudp(d, pkt, len, tleft);
242 if (n <= (4 * 4))
243 return -1;
244
245 reply = (struct rpc_reply *)pkt;
246
247 x = ntohl(reply->rp_xid);
248 if (x != rpc_xid) {
249 #ifdef RPC_DEBUG
250 if (debug)
251 printf("recvrpc: rp_xid %d != xid %d\n", x, rpc_xid);
252 #endif
253 return -1;
254 }
255
256 x = ntohl(reply->rp_direction);
257 if (x != RPC_REPLY) {
258 #ifdef RPC_DEBUG
259 if (debug)
260 printf("recvrpc: rp_direction %d != REPLY\n", x);
261 #endif
262 return -1;
263 }
264
265 x = ntohl(reply->rp_astatus);
266 if (x != RPC_MSGACCEPTED) {
267 errno = ntohl(reply->rp_u.rpu_errno);
268 printf("recvrpc: reject, astat=%d, errno=%d\n", x, errno);
269 return -1;
270 }
271
272 /* Return data count (thus indicating success) */
273 return (n);
274 }
275
276 /*
277 * Given a pointer to a reply just received,
278 * dig out the IP address/port from the headers.
279 */
280 void
rpc_fromaddr(void * pkt,struct in_addr * addr,u_short * port)281 rpc_fromaddr(void *pkt, struct in_addr *addr, u_short *port)
282 {
283 struct hackhdr {
284 /* Tail of IP header: just IP addresses */
285 u_int32_t ip_src;
286 u_int32_t ip_dst;
287 /* UDP header: */
288 u_int16_t uh_sport; /* source port */
289 u_int16_t uh_dport; /* destination port */
290 int16_t uh_ulen; /* udp length */
291 u_int16_t uh_sum; /* udp checksum */
292 /* RPC reply header: */
293 struct rpc_reply rpc;
294 } *hhdr;
295
296 hhdr = ((struct hackhdr *)pkt) - 1;
297 addr->s_addr = hhdr->ip_src;
298 *port = hhdr->uh_sport;
299 }
300
301 /*
302 * RPC Portmapper cache
303 */
304 #define PMAP_NUM 8 /* need at most 5 pmap entries */
305
306 int rpc_pmap_num;
307 struct pmap_list {
308 struct in_addr addr; /* server, net order */
309 u_int prog; /* host order */
310 u_int vers; /* host order */
311 int port; /* host order */
312 } rpc_pmap_list[PMAP_NUM];
313
314 /* return port number in host order, or -1 */
315 int
rpc_pmap_getcache(struct in_addr addr,u_int prog,u_int vers)316 rpc_pmap_getcache(struct in_addr addr, u_int prog, u_int vers)
317 {
318 struct pmap_list *pl;
319
320 for (pl = rpc_pmap_list; pl < &rpc_pmap_list[rpc_pmap_num]; pl++) {
321 if (pl->addr.s_addr == addr.s_addr &&
322 pl->prog == prog && pl->vers == vers)
323 return (pl->port);
324 }
325 return (-1);
326 }
327
328 void
rpc_pmap_putcache(struct in_addr addr,u_int prog,u_int vers,int port)329 rpc_pmap_putcache(struct in_addr addr, u_int prog, u_int vers, int port)
330 {
331 struct pmap_list *pl;
332
333 /* Don't overflow cache... */
334 if (rpc_pmap_num >= PMAP_NUM) {
335 /* ... just re-use the last entry. */
336 rpc_pmap_num = PMAP_NUM - 1;
337 #ifdef RPC_DEBUG
338 printf("rpc_pmap_putcache: cache overflow\n");
339 #endif
340 }
341
342 pl = &rpc_pmap_list[rpc_pmap_num];
343 rpc_pmap_num++;
344
345 /* Cache answer */
346 pl->addr = addr;
347 pl->prog = prog;
348 pl->vers = vers;
349 pl->port = port;
350 }
351
352
353 /*
354 * Request a port number from the port mapper.
355 * Returns the port in host order.
356 */
357 int
rpc_getport(struct iodesc * d,u_int32_t prog,u_int32_t vers)358 rpc_getport(struct iodesc *d, u_int32_t prog, u_int32_t vers)
359 {
360 struct args {
361 u_int32_t prog; /* call program */
362 u_int32_t vers; /* call version */
363 u_int32_t proto; /* call protocol */
364 u_int32_t port; /* call port (unused) */
365 } *args;
366 struct res {
367 u_int32_t port;
368 } *res;
369 struct {
370 u_int32_t h[RPC_HEADER_WORDS];
371 struct args d;
372 } sdata;
373 struct {
374 u_int32_t h[RPC_HEADER_WORDS];
375 struct res d;
376 u_int32_t pad;
377 } rdata;
378 ssize_t cc;
379 int port;
380
381 #ifdef RPC_DEBUG
382 if (debug)
383 printf("getport: prog=0x%x vers=%d\n", prog, vers);
384 #endif
385
386 /* This one is fixed forever. */
387 if (prog == PMAPPROG)
388 return (PMAPPORT);
389
390 /* Try for cached answer first */
391 port = rpc_pmap_getcache(d->destip, prog, vers);
392 if (port != -1)
393 return (port);
394
395 args = &sdata.d;
396 args->prog = htonl(prog);
397 args->vers = htonl(vers);
398 args->proto = htonl(IPPROTO_UDP);
399 args->port = 0;
400 res = &rdata.d;
401
402 cc = rpc_call(d, PMAPPROG, PMAPVERS, PMAPPROC_GETPORT,
403 args, sizeof(*args), res, sizeof(*res));
404 if (cc < 0 || (size_t)cc < sizeof(*res)) {
405 printf("getport: %s", strerror(errno));
406 errno = EBADRPC;
407 return (-1);
408 }
409 port = (int)ntohl(res->port);
410
411 rpc_pmap_putcache(d->destip, prog, vers, port);
412
413 return (port);
414 }
415