1 /* 2 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 3 * unrestricted use provided that this legend is included on all tape 4 * media and as a part of the software program in whole or part. Users 5 * may copy or modify Sun RPC without charge, but are not authorized 6 * to license or distribute it to anyone else except as part of a product or 7 * program developed by the user. 8 * 9 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 10 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 11 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 12 * 13 * Sun RPC is provided with no support and without any obligation on the 14 * part of Sun Microsystems, Inc. to assist in its use, correction, 15 * modification or enhancement. 16 * 17 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 18 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 19 * OR ANY PART THEREOF. 20 * 21 * In no event will Sun Microsystems, Inc. be liable for any lost revenue 22 * or profits or other special, indirect and consequential damages, even if 23 * Sun has been advised of the possibility of such damages. 24 * 25 * Sun Microsystems, Inc. 26 * 2550 Garcia Avenue 27 * Mountain View, California 94043 28 */ 29 30 #if defined(LIBC_SCCS) && !defined(lint) 31 static char *rcsid = "$OpenBSD: svc_tcp.c,v 1.7 1996/08/20 23:47:46 deraadt Exp $"; 32 #endif /* LIBC_SCCS and not lint */ 33 34 /* 35 * svc_tcp.c, Server side for TCP/IP based RPC. 36 * 37 * Copyright (C) 1984, Sun Microsystems, Inc. 38 * 39 * Actually implements two flavors of transporter - 40 * a tcp rendezvouser (a listner and connection establisher) 41 * and a record/tcp stream. 42 */ 43 44 #include <stdio.h> 45 #include <stdlib.h> 46 #include <string.h> 47 #include <unistd.h> 48 #include <rpc/rpc.h> 49 #include <sys/socket.h> 50 #include <errno.h> 51 52 /* 53 * Ops vector for TCP/IP based rpc service handle 54 */ 55 static bool_t svctcp_recv(); 56 static enum xprt_stat svctcp_stat(); 57 static bool_t svctcp_getargs(); 58 static bool_t svctcp_reply(); 59 static bool_t svctcp_freeargs(); 60 static void svctcp_destroy(); 61 62 static struct xp_ops svctcp_op = { 63 svctcp_recv, 64 svctcp_stat, 65 svctcp_getargs, 66 svctcp_reply, 67 svctcp_freeargs, 68 svctcp_destroy 69 }; 70 71 /* 72 * Ops vector for TCP/IP rendezvous handler 73 */ 74 static bool_t rendezvous_request(); 75 static enum xprt_stat rendezvous_stat(); 76 77 static struct xp_ops svctcp_rendezvous_op = { 78 rendezvous_request, 79 rendezvous_stat, 80 (bool_t (*)())abort, 81 (bool_t (*)())abort, 82 (bool_t (*)())abort, 83 svctcp_destroy 84 }; 85 86 static int readtcp(), writetcp(); 87 static SVCXPRT *makefd_xprt(); 88 89 struct tcp_rendezvous { /* kept in xprt->xp_p1 */ 90 u_int sendsize; 91 u_int recvsize; 92 }; 93 94 struct tcp_conn { /* kept in xprt->xp_p1 */ 95 enum xprt_stat strm_stat; 96 u_long x_id; 97 XDR xdrs; 98 char verf_body[MAX_AUTH_BYTES]; 99 }; 100 101 /* 102 * Usage: 103 * xprt = svctcp_create(sock, send_buf_size, recv_buf_size); 104 * 105 * Creates, registers, and returns a (rpc) tcp based transporter. 106 * Once *xprt is initialized, it is registered as a transporter 107 * see (svc.h, xprt_register). This routine returns 108 * a NULL if a problem occurred. 109 * 110 * If sock<0 then a socket is created, else sock is used. 111 * If the socket, sock is not bound to a port then svctcp_create 112 * binds it to an arbitrary port. The routine then starts a tcp 113 * listener on the socket's associated port. In any (successful) case, 114 * xprt->xp_sock is the registered socket number and xprt->xp_port is the 115 * associated port number. 116 * 117 * Since tcp streams do buffered io similar to stdio, the caller can specify 118 * how big the send and receive buffers are via the second and third parms; 119 * 0 => use the system default. 120 */ 121 SVCXPRT * 122 svctcp_create(sock, sendsize, recvsize) 123 register int sock; 124 u_int sendsize; 125 u_int recvsize; 126 { 127 bool_t madesock = FALSE; 128 register SVCXPRT *xprt; 129 register struct tcp_rendezvous *r; 130 struct sockaddr_in addr; 131 int len = sizeof(struct sockaddr_in); 132 133 if (sock == RPC_ANYSOCK) { 134 if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { 135 perror("svctcp_.c - udp socket creation problem"); 136 return ((SVCXPRT *)NULL); 137 } 138 madesock = TRUE; 139 } 140 memset(&addr, 0, sizeof (addr)); 141 addr.sin_len = sizeof(struct sockaddr_in); 142 addr.sin_family = AF_INET; 143 if (bindresvport(sock, &addr)) { 144 addr.sin_port = 0; 145 (void)bind(sock, (struct sockaddr *)&addr, len); 146 } 147 if ((getsockname(sock, (struct sockaddr *)&addr, &len) != 0) || 148 (listen(sock, 2) != 0)) { 149 perror("svctcp_.c - cannot getsockname or listen"); 150 if (madesock) 151 (void)close(sock); 152 return ((SVCXPRT *)NULL); 153 } 154 r = (struct tcp_rendezvous *)mem_alloc(sizeof(*r)); 155 if (r == NULL) { 156 (void) fprintf(stderr, "svctcp_create: out of memory\n"); 157 return (NULL); 158 } 159 r->sendsize = sendsize; 160 r->recvsize = recvsize; 161 xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT)); 162 if (xprt == NULL) { 163 (void) fprintf(stderr, "svctcp_create: out of memory\n"); 164 return (NULL); 165 } 166 xprt->xp_p2 = NULL; 167 xprt->xp_p1 = (caddr_t)r; 168 xprt->xp_verf = _null_auth; 169 xprt->xp_ops = &svctcp_rendezvous_op; 170 xprt->xp_port = ntohs(addr.sin_port); 171 xprt->xp_sock = sock; 172 xprt_register(xprt); 173 return (xprt); 174 } 175 176 /* 177 * Like svtcp_create(), except the routine takes any *open* UNIX file 178 * descriptor as its first input. 179 */ 180 SVCXPRT * 181 svcfd_create(fd, sendsize, recvsize) 182 int fd; 183 u_int sendsize; 184 u_int recvsize; 185 { 186 187 return (makefd_xprt(fd, sendsize, recvsize)); 188 } 189 190 static SVCXPRT * 191 makefd_xprt(fd, sendsize, recvsize) 192 int fd; 193 u_int sendsize; 194 u_int recvsize; 195 { 196 register SVCXPRT *xprt; 197 register struct tcp_conn *cd; 198 199 xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT)); 200 if (xprt == (SVCXPRT *)NULL) { 201 (void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n"); 202 goto done; 203 } 204 cd = (struct tcp_conn *)mem_alloc(sizeof(struct tcp_conn)); 205 if (cd == (struct tcp_conn *)NULL) { 206 (void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n"); 207 mem_free((char *) xprt, sizeof(SVCXPRT)); 208 xprt = (SVCXPRT *)NULL; 209 goto done; 210 } 211 cd->strm_stat = XPRT_IDLE; 212 xdrrec_create(&(cd->xdrs), sendsize, recvsize, 213 (caddr_t)xprt, readtcp, writetcp); 214 xprt->xp_p2 = NULL; 215 xprt->xp_p1 = (caddr_t)cd; 216 xprt->xp_verf.oa_base = cd->verf_body; 217 xprt->xp_addrlen = 0; 218 xprt->xp_ops = &svctcp_op; /* truely deals with calls */ 219 xprt->xp_port = 0; /* this is a connection, not a rendezvouser */ 220 xprt->xp_sock = fd; 221 xprt_register(xprt); 222 done: 223 return (xprt); 224 } 225 226 static bool_t 227 rendezvous_request(xprt) 228 register SVCXPRT *xprt; 229 { 230 int sock; 231 struct tcp_rendezvous *r; 232 struct sockaddr_in addr; 233 int len; 234 235 r = (struct tcp_rendezvous *)xprt->xp_p1; 236 again: 237 len = sizeof(struct sockaddr_in); 238 if ((sock = accept(xprt->xp_sock, (struct sockaddr *)&addr, 239 &len)) < 0) { 240 if (errno == EINTR) 241 goto again; 242 return (FALSE); 243 } 244 /* 245 * XXX careful for ftp bounce attacks. If discovered, close the 246 * socket and look for another connection. 247 */ 248 if (addr.sin_port == htons(20)) { 249 close(sock); 250 goto again; 251 } 252 /* 253 * make a new transporter (re-uses xprt) 254 */ 255 xprt = makefd_xprt(sock, r->sendsize, r->recvsize); 256 xprt->xp_raddr = addr; 257 xprt->xp_addrlen = len; 258 return (FALSE); /* there is never an rpc msg to be processed */ 259 } 260 261 static enum xprt_stat 262 rendezvous_stat() 263 { 264 265 return (XPRT_IDLE); 266 } 267 268 static void 269 svctcp_destroy(xprt) 270 register SVCXPRT *xprt; 271 { 272 register struct tcp_conn *cd = (struct tcp_conn *)xprt->xp_p1; 273 274 xprt_unregister(xprt); 275 (void)close(xprt->xp_sock); 276 if (xprt->xp_port != 0) { 277 /* a rendezvouser socket */ 278 xprt->xp_port = 0; 279 } else { 280 /* an actual connection socket */ 281 XDR_DESTROY(&(cd->xdrs)); 282 } 283 mem_free((caddr_t)cd, sizeof(struct tcp_conn)); 284 mem_free((caddr_t)xprt, sizeof(SVCXPRT)); 285 } 286 287 /* 288 * All read operations timeout after 35 seconds. 289 * A timeout is fatal for the connection. 290 */ 291 static struct timeval wait_per_try = { 35, 0 }; 292 293 /* 294 * reads data from the tcp conection. 295 * any error is fatal and the connection is closed. 296 * (And a read of zero bytes is a half closed stream => error.) 297 */ 298 static int 299 readtcp(xprt, buf, len) 300 register SVCXPRT *xprt; 301 caddr_t buf; 302 register int len; 303 { 304 register int sock = xprt->xp_sock; 305 struct timeval start, delta; 306 struct timeval tmp1, tmp2; 307 fd_set *fds, readfds; 308 309 if (sock+1 > FD_SETSIZE) { 310 int bytes = howmany(sock+1, NFDBITS) * sizeof(fd_mask); 311 fds = (fd_set *)malloc(bytes); 312 if (fds == NULL) 313 goto fatal_err; 314 memset(fds, 0, bytes); 315 } else { 316 fds = &readfds; 317 FD_ZERO(fds); 318 } 319 320 delta = wait_per_try; 321 gettimeofday(&start, NULL); 322 do { 323 /* XXX we know the other bits are still clear */ 324 FD_SET(sock, fds); 325 switch (select(sock+1, fds, NULL, NULL, &delta)) { 326 case -1: 327 if (errno != EINTR) 328 goto fatal_err; 329 gettimeofday(&tmp1, NULL); 330 timersub(&tmp1, &start, &tmp2); 331 timersub(&delta, &tmp2, &tmp1); 332 if (tmp1.tv_sec < 0 || !timerisset(&tmp1)) 333 goto fatal_err; 334 delta = tmp1; 335 continue; 336 case 0: 337 goto fatal_err; 338 } 339 } while (!FD_ISSET(sock, fds)); 340 if ((len = read(sock, buf, len)) > 0) { 341 if (fds != &readfds) 342 free(fds); 343 return (len); 344 } 345 fatal_err: 346 ((struct tcp_conn *)(xprt->xp_p1))->strm_stat = XPRT_DIED; 347 if (fds != &readfds) 348 free(fds); 349 return (-1); 350 } 351 352 /* 353 * writes data to the tcp connection. 354 * Any error is fatal and the connection is closed. 355 */ 356 static int 357 writetcp(xprt, buf, len) 358 register SVCXPRT *xprt; 359 caddr_t buf; 360 int len; 361 { 362 register int i, cnt; 363 364 for (cnt = len; cnt > 0; cnt -= i, buf += i) { 365 if ((i = write(xprt->xp_sock, buf, cnt)) < 0) { 366 ((struct tcp_conn *)(xprt->xp_p1))->strm_stat = 367 XPRT_DIED; 368 return (-1); 369 } 370 } 371 return (len); 372 } 373 374 static enum xprt_stat 375 svctcp_stat(xprt) 376 SVCXPRT *xprt; 377 { 378 register struct tcp_conn *cd = 379 (struct tcp_conn *)(xprt->xp_p1); 380 381 if (cd->strm_stat == XPRT_DIED) 382 return (XPRT_DIED); 383 if (! xdrrec_eof(&(cd->xdrs))) 384 return (XPRT_MOREREQS); 385 return (XPRT_IDLE); 386 } 387 388 static bool_t 389 svctcp_recv(xprt, msg) 390 SVCXPRT *xprt; 391 register struct rpc_msg *msg; 392 { 393 register struct tcp_conn *cd = 394 (struct tcp_conn *)(xprt->xp_p1); 395 register XDR *xdrs = &(cd->xdrs); 396 397 xdrs->x_op = XDR_DECODE; 398 (void)xdrrec_skiprecord(xdrs); 399 if (xdr_callmsg(xdrs, msg)) { 400 cd->x_id = msg->rm_xid; 401 return (TRUE); 402 } 403 return (FALSE); 404 } 405 406 static bool_t 407 svctcp_getargs(xprt, xdr_args, args_ptr) 408 SVCXPRT *xprt; 409 xdrproc_t xdr_args; 410 caddr_t args_ptr; 411 { 412 413 return ((*xdr_args)(&(((struct tcp_conn *)(xprt->xp_p1))->xdrs), args_ptr)); 414 } 415 416 static bool_t 417 svctcp_freeargs(xprt, xdr_args, args_ptr) 418 SVCXPRT *xprt; 419 xdrproc_t xdr_args; 420 caddr_t args_ptr; 421 { 422 register XDR *xdrs = 423 &(((struct tcp_conn *)(xprt->xp_p1))->xdrs); 424 425 xdrs->x_op = XDR_FREE; 426 return ((*xdr_args)(xdrs, args_ptr)); 427 } 428 429 static bool_t 430 svctcp_reply(xprt, msg) 431 SVCXPRT *xprt; 432 register struct rpc_msg *msg; 433 { 434 register struct tcp_conn *cd = 435 (struct tcp_conn *)(xprt->xp_p1); 436 register XDR *xdrs = &(cd->xdrs); 437 register bool_t stat; 438 439 xdrs->x_op = XDR_ENCODE; 440 msg->rm_xid = cd->x_id; 441 stat = xdr_replymsg(xdrs, msg); 442 (void)xdrrec_endofrecord(xdrs, TRUE); 443 return (stat); 444 } 445