xref: /illumos-gate/usr/src/cmd/rpcbind/warmstart.c (revision f3041bfa)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * warmstart.c
 * Allows for gathering of registrations from a earlier dumped file.
 *
 * Copyright 1990,2002-2003 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */
/*
 * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
 */

#include <stdio.h>
#include <errno.h>
#include <rpc/rpc.h>
#include <rpc/rpcb_prot.h>
#include <sys/types.h>
#include <sys/stat.h>
#ifdef PORTMAP
#include <netinet/in.h>
#include <rpc/pmap_prot.h>
#endif
#include "rpcbind.h"
#include <syslog.h>
#include <unistd.h>
#include <rpcsvc/daemon_utils.h>
#include <assert.h>

/* These files keep the pmap_list and rpcb_list in XDR format */
static const char rpcbfile[] = DAEMON_DIR "/rpcbind.file";
#ifdef PORTMAP
static const char pmapfile[] = DAEMON_DIR "/portmap.file";
#endif

static FILE *
open_tmp_file(const char *filename)
{
	int fd;
	FILE *fp;

	/*
	 * Remove any existing files, and create a new one.
	 * Ensure that rpcbind is not forced to overwrite
	 * a file pointed to by a symbolic link created
	 * by an attacker.
	 * Use open O_CREAT|O_EXCL so file is not created
	 * between unlink() and open() operation.
	 */
	if (unlink(filename) == -1) {
		if (errno != ENOENT)
			return (NULL);
	}
	fd = open(filename, O_CREAT|O_EXCL|O_WRONLY, 0600);
	if (fd == -1)
		return (NULL);
	fp = fdopen(fd, "w");
	if (fp == NULL) {
		close(fd);
		return (NULL);
	}

	return (fp);
}

static bool_t
write_struct(const char *filename, xdrproc_t structproc, void *list)
{
	FILE *fp;
	XDR xdrs;

	fp = open_tmp_file(filename);
	if (fp == NULL) {
		int i;

		for (i = 0; i < 10; i++)
			close(i);
		fp = open_tmp_file(filename);
		if (fp == NULL) {
			syslog(LOG_ERR,
			    "cannot open file = %s for writing", filename);
			syslog(LOG_ERR, "cannot save any registration");
			return (FALSE);
		}
	}
	xdrstdio_create(&xdrs, fp, XDR_ENCODE);

	if (structproc(&xdrs, list) == FALSE) {
		XDR_DESTROY(&xdrs);
		syslog(LOG_ERR, "rpcbind: xdr_%s: failed", filename);
		fclose(fp);
		return (FALSE);
	}
	XDR_DESTROY(&xdrs);
	fclose(fp);
	return (TRUE);
}

static bool_t
read_struct(const char *filename, xdrproc_t structproc, void *list)
{
	int fd;
	FILE *fp = NULL;
	XDR xdrs;
	struct stat sbuf_fstat, sbuf_lstat;

	fd = open(filename, O_RDONLY, 0600);
	if (fd == -1) {
		fprintf(stderr,
		    "rpcbind: cannot open file = %s for reading\n", filename);
		goto error;
	}
	fp = fdopen(fd, "r");
	if (fp == NULL) {
		close(fd);
		fprintf(stderr,
		    "rpcbind: cannot open file = %s for reading\n", filename);
		goto error;
	}
	if (fstat(fd, &sbuf_fstat) != 0) {
		fprintf(stderr,
		    "rpcbind: cannot stat file = %s for reading\n", filename);
		goto error;
	}
	if (sbuf_fstat.st_uid != DAEMON_UID ||
	    (!S_ISREG(sbuf_fstat.st_mode)) ||
	    (sbuf_fstat.st_mode & S_IRWXG) ||
	    (sbuf_fstat.st_mode & S_IRWXO) ||
	    (sbuf_fstat.st_nlink != 1)) {
		fprintf(stderr, "rpcbind: invalid permissions on file = %s for "
		    "reading\n", filename);
		goto error;
	}
	/*
	 * Make sure that the pathname for fstat and lstat is the same and
	 * that it's not a link.  An attacker can create symbolic or
	 * hard links and use them to gain unauthorised access to the
	 * system when rpcbind aborts or terminates on SIGINT or SIGTERM.
	 */
	if (lstat(filename, &sbuf_lstat) != 0) {
		fprintf(stderr,
		    "rpcbind: cannot lstat file = %s for reading\n", filename);
		goto error;
	}
	if (sbuf_lstat.st_uid != DAEMON_UID ||
	    (!S_ISREG(sbuf_lstat.st_mode)) ||
	    (sbuf_lstat.st_mode & S_IRWXG) ||
	    (sbuf_lstat.st_mode & S_IRWXO) ||
	    (sbuf_lstat.st_nlink != 1) ||
	    (sbuf_fstat.st_dev != sbuf_lstat.st_dev) ||
	    (sbuf_fstat.st_ino != sbuf_lstat.st_ino)) {
		fprintf(stderr, "rpcbind: invalid lstat permissions on file = "
		    "%s for reading\n", filename);
		goto error;
	}
	xdrstdio_create(&xdrs, fp, XDR_DECODE);

	if (structproc(&xdrs, list) == FALSE) {
		XDR_DESTROY(&xdrs);
		fprintf(stderr, "rpcbind: xdr_%s: failed\n", filename);
		goto error;
	}
	XDR_DESTROY(&xdrs);
	fclose(fp);
	return (TRUE);

error:
	fprintf(stderr, "rpcbind: will start from scratch\n");
	if (fp != NULL)
		fclose(fp);
	return (FALSE);
}

void
write_warmstart(void)
{
	assert(RW_WRITE_HELD(&list_rbl_lock));
	(void) write_struct(rpcbfile, xdr_rpcblist_ptr, &list_rbl);
#ifdef PORTMAP
	assert(RW_WRITE_HELD(&list_pml_lock));
	(void) write_struct(pmapfile, xdr_pmaplist_ptr, &list_pml);
#endif

}

void
read_warmstart(void)
{
	rpcblist_ptr tmp_rpcbl = NULL;
#ifdef PORTMAP
	pmaplist_ptr tmp_pmapl = NULL;
#endif

	if (read_struct(rpcbfile, xdr_rpcblist_ptr, &tmp_rpcbl) == FALSE)
		return;

#ifdef PORTMAP
	if (read_struct(pmapfile, xdr_pmaplist_ptr, &tmp_pmapl) == FALSE) {
		xdr_free((xdrproc_t)xdr_rpcblist_ptr, (char *)&tmp_rpcbl);
		return;
	}
#endif

	xdr_free((xdrproc_t)xdr_rpcblist_ptr, (char *)&list_rbl);
	list_rbl = tmp_rpcbl;
#ifdef PORTMAP
	xdr_free((xdrproc_t)xdr_pmaplist_ptr, (char *)&list_pml);
	list_pml = (pmaplist *)tmp_pmapl;
#endif
}