1 /* $OpenBSD: rpc.c,v 1.13 2003/08/11 06:23:09 deraadt Exp $ */
2 /* $NetBSD: rpc.c,v 1.16 1996/10/13 02:29:06 christos Exp $ */
3
4 /*
5 * Copyright (c) 1992 Regents of the University of California.
6 * All rights reserved.
7 *
8 * This software was developed by the Computer Systems Engineering group
9 * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and
10 * contributed to Berkeley.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by the University of
23 * California, Lawrence Berkeley Laboratory and its contributors.
24 * 4. Neither the name of the University nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * SUCH DAMAGE.
39 *
40 * @(#) Header: rpc.c,v 1.12 93/09/28 08:31:56 leres Exp (LBL)
41 */
42
43 /*
44 * RPC functions used by NFS and bootparams.
45 * Note that bootparams requires the ability to find out the
46 * address of the server from which its response has come.
47 * This is supported by keeping the IP/UDP headers in the
48 * buffer space provided by the caller. (See rpc_fromaddr)
49 */
50
51 #include <sys/param.h>
52 #include <sys/socket.h>
53
54 #include <netinet/in.h>
55 #include <netinet/in_systm.h>
56
57 #include <nfs/rpcv2.h>
58
59 #include "stand.h"
60 #include "net.h"
61 #include "netif.h"
62 #include "rpc.h"
63
64 struct auth_info {
65 int32_t authtype; /* auth type */
66 u_int32_t authlen; /* auth length */
67 };
68
69 struct auth_unix {
70 int32_t ua_time;
71 int32_t ua_hostname; /* null */
72 int32_t ua_uid;
73 int32_t ua_gid;
74 int32_t ua_gidlist; /* null */
75 };
76
77 struct rpc_call {
78 u_int32_t rp_xid; /* request transaction id */
79 int32_t rp_direction; /* call direction (0) */
80 u_int32_t rp_rpcvers; /* rpc version (2) */
81 u_int32_t rp_prog; /* program */
82 u_int32_t rp_vers; /* version */
83 u_int32_t rp_proc; /* procedure */
84 };
85
86 struct rpc_reply {
87 u_int32_t rp_xid; /* request transaction id */
88 int32_t rp_direction; /* call direction (1) */
89 int32_t rp_astatus; /* accept status (0: accepted) */
90 union {
91 u_int32_t rpu_errno;
92 struct {
93 struct auth_info rok_auth;
94 u_int32_t rok_status;
95 } rpu_rok;
96 } rp_u;
97 };
98
99 /* Local forwards */
100 static ssize_t recvrpc(struct iodesc *, void *, size_t, time_t);
101 static int rpc_getport(struct iodesc *, n_long, n_long);
102
103 int rpc_xid;
104 int rpc_port = 0x400; /* predecrement */
105
106 /*
107 * Make a rpc call; return length of answer
108 * Note: Caller must leave room for headers.
109 */
110 ssize_t
111 rpc_call(struct iodesc *d, n_long prog, n_long vers, n_long proc, void *sdata,
112 size_t slen, void *rdata, size_t rlen)
113 {
114 ssize_t cc;
115 struct auth_info *auth;
116 struct rpc_call *call;
117 struct rpc_reply *reply;
118 char *send_head, *send_tail;
119 char *recv_head, *recv_tail;
120 n_long x;
121 int port; /* host order */
122
123 #ifdef RPC_DEBUG
124 if (debug)
125 printf("rpc_call: prog=0x%x vers=%d proc=%d\n",
126 prog, vers, proc);
127 #endif
128
129 port = rpc_getport(d, prog, vers);
130 if (port == -1)
131 return (-1);
132
133 d->destport = htons(port);
134
135 /*
136 * Prepend authorization stuff and headers.
137 * Note, must prepend things in reverse order.
138 */
139 send_head = sdata;
140 send_tail = (char *)sdata + slen;
141
142 /* Auth verifier is always auth_null */
143 send_head -= sizeof(*auth);
144 auth = (struct auth_info *)send_head;
145 auth->authtype = htonl(RPCAUTH_NULL);
146 auth->authlen = 0;
147
148 #if 1
149 /* Auth credentials: always auth unix (as root) */
150 send_head -= sizeof(struct auth_unix);
151 bzero(send_head, sizeof(struct auth_unix));
152 send_head -= sizeof(*auth);
153 auth = (struct auth_info *)send_head;
154 auth->authtype = htonl(RPCAUTH_UNIX);
155 auth->authlen = htonl(sizeof(struct auth_unix));
156 #else
157 /* Auth credentials: always auth_null (XXX OK?) */
158 send_head -= sizeof(*auth);
159 auth = send_head;
160 auth->authtype = htonl(RPCAUTH_NULL);
161 auth->authlen = 0;
162 #endif
163
164 /* RPC call structure. */
165 send_head -= sizeof(*call);
166 call = (struct rpc_call *)send_head;
167 rpc_xid++;
168 call->rp_xid = htonl(rpc_xid);
169 call->rp_direction = htonl(RPC_CALL);
170 call->rp_rpcvers = htonl(RPC_VER2);
171 call->rp_prog = htonl(prog);
172 call->rp_vers = htonl(vers);
173 call->rp_proc = htonl(proc);
174
175 /* Make room for the rpc_reply header. */
176 recv_head = rdata;
177 recv_tail = (char *)rdata + rlen;
178 recv_head -= sizeof(*reply);
179
180 cc = sendrecv(d,
181 sendudp, send_head, send_tail - send_head,
182 recvrpc, recv_head, recv_tail - recv_head);
183
184 #ifdef RPC_DEBUG
185 if (debug)
186 printf("callrpc: cc=%d rlen=%d\n", cc, rlen);
187 #endif
188 if (cc < -1)
189 return (-1);
190
191 if ((size_t)cc <= sizeof(*reply)) {
192 errno = EBADRPC;
193 return (-1);
194 }
195
196 recv_tail = recv_head + cc;
197
198 /*
199 * Check the RPC reply status.
200 * The xid, dir, astatus were already checked.
201 */
202 reply = (struct rpc_reply *)recv_head;
203 auth = &reply->rp_u.rpu_rok.rok_auth;
204 x = ntohl(auth->authlen);
205 if (x != 0) {
206 #ifdef RPC_DEBUG
207 if (debug)
208 printf("callrpc: reply auth != NULL\n");
209 #endif
210 errno = EBADRPC;
211 return(-1);
212 }
213 x = ntohl(reply->rp_u.rpu_rok.rok_status);
214 if (x != 0) {
215 printf("callrpc: error = %d\n", x);
216 errno = EBADRPC;
217 return(-1);
218 }
219 recv_head += sizeof(*reply);
220
221 return (ssize_t)(recv_tail - recv_head);
222 }
223
224 /*
225 * Returns true if packet is the one we're waiting for.
226 * This just checks the XID, direction, acceptance.
227 * Remaining checks are done by callrpc
228 */
229 static ssize_t
230 recvrpc(struct iodesc *d, void *pkt, size_t len, time_t tleft)
231 {
232 struct rpc_reply *reply;
233 ssize_t n;
234 int x;
235
236 errno = 0;
237 #ifdef RPC_DEBUG
238 if (debug)
239 printf("recvrpc: called len=%d\n", len);
240 #endif
241
242 n = readudp(d, pkt, len, tleft);
243 if (n <= (4 * 4))
244 return -1;
245
246 reply = (struct rpc_reply *)pkt;
247
248 x = ntohl(reply->rp_xid);
249 if (x != rpc_xid) {
250 #ifdef RPC_DEBUG
251 if (debug)
252 printf("recvrpc: rp_xid %d != xid %d\n", x, rpc_xid);
253 #endif
254 return -1;
255 }
256
257 x = ntohl(reply->rp_direction);
258 if (x != RPC_REPLY) {
259 #ifdef RPC_DEBUG
260 if (debug)
261 printf("recvrpc: rp_direction %d != REPLY\n", x);
262 #endif
263 return -1;
264 }
265
266 x = ntohl(reply->rp_astatus);
267 if (x != RPC_MSGACCEPTED) {
268 errno = ntohl(reply->rp_u.rpu_errno);
269 printf("recvrpc: reject, astat=%d, errno=%d\n", x, errno);
270 return -1;
271 }
272
273 /* Return data count (thus indicating success) */
274 return (n);
275 }
276
277 /*
278 * Given a pointer to a reply just received,
279 * dig out the IP address/port from the headers.
280 */
281 void
282 rpc_fromaddr(void *pkt, struct in_addr *addr, u_short *port)
283 {
284 struct hackhdr {
285 /* Tail of IP header: just IP addresses */
286 n_long ip_src;
287 n_long ip_dst;
288 /* UDP header: */
289 u_int16_t uh_sport; /* source port */
290 u_int16_t uh_dport; /* destination port */
291 int16_t uh_ulen; /* udp length */
292 u_int16_t uh_sum; /* udp checksum */
293 /* RPC reply header: */
294 struct rpc_reply rpc;
295 } *hhdr;
296
297 hhdr = ((struct hackhdr *)pkt) - 1;
298 addr->s_addr = hhdr->ip_src;
299 *port = hhdr->uh_sport;
300 }
301
302 /*
303 * RPC Portmapper cache
304 */
305 #define PMAP_NUM 8 /* need at most 5 pmap entries */
306
307 int rpc_pmap_num;
308 struct pmap_list {
309 struct in_addr addr; /* server, net order */
310 u_int prog; /* host order */
311 u_int vers; /* host order */
312 int port; /* host order */
313 } rpc_pmap_list[PMAP_NUM];
314
315 /* return port number in host order, or -1 */
316 int
317 rpc_pmap_getcache(struct in_addr addr, u_int prog, u_int vers)
318 {
319 struct pmap_list *pl;
320
321 for (pl = rpc_pmap_list; pl < &rpc_pmap_list[rpc_pmap_num]; pl++) {
322 if (pl->addr.s_addr == addr.s_addr &&
323 pl->prog == prog && pl->vers == vers)
324 return (pl->port);
325 }
326 return (-1);
327 }
328
329 void
330 rpc_pmap_putcache(struct in_addr addr, u_int prog, u_int vers, int port)
331 {
332 struct pmap_list *pl;
333
334 /* Don't overflow cache... */
335 if (rpc_pmap_num >= PMAP_NUM) {
336 /* ... just re-use the last entry. */
337 rpc_pmap_num = PMAP_NUM - 1;
338 #ifdef RPC_DEBUG
339 printf("rpc_pmap_putcache: cache overflow\n");
340 #endif
341 }
342
343 pl = &rpc_pmap_list[rpc_pmap_num];
344 rpc_pmap_num++;
345
346 /* Cache answer */
347 pl->addr = addr;
348 pl->prog = prog;
349 pl->vers = vers;
350 pl->port = port;
351 }
352
353
354 /*
355 * Request a port number from the port mapper.
356 * Returns the port in host order.
357 */
358 int
359 rpc_getport(struct iodesc *d, n_long prog, n_long vers)
360 {
361 struct args {
362 n_long prog; /* call program */
363 n_long vers; /* call version */
364 n_long proto; /* call protocol */
365 n_long port; /* call port (unused) */
366 } *args;
367 struct res {
368 n_long port;
369 } *res;
370 struct {
371 n_long h[RPC_HEADER_WORDS];
372 struct args d;
373 } sdata;
374 struct {
375 n_long h[RPC_HEADER_WORDS];
376 struct res d;
377 n_long pad;
378 } rdata;
379 ssize_t cc;
380 int port;
381
382 #ifdef RPC_DEBUG
383 if (debug)
384 printf("getport: prog=0x%x vers=%d\n", prog, vers);
385 #endif
386
387 /* This one is fixed forever. */
388 if (prog == PMAPPROG)
389 return (PMAPPORT);
390
391 /* Try for cached answer first */
392 port = rpc_pmap_getcache(d->destip, prog, vers);
393 if (port != -1)
394 return (port);
395
396 args = &sdata.d;
397 args->prog = htonl(prog);
398 args->vers = htonl(vers);
399 args->proto = htonl(IPPROTO_UDP);
400 args->port = 0;
401 res = &rdata.d;
402
403 cc = rpc_call(d, PMAPPROG, PMAPVERS, PMAPPROC_GETPORT,
404 args, sizeof(*args), res, sizeof(*res));
405 if (cc < 0 || (size_t)cc < sizeof(*res)) {
406 printf("getport: %s", strerror(errno));
407 errno = EBADRPC;
408 return (-1);
409 }
410 port = (int)ntohl(res->port);
411
412 rpc_pmap_putcache(d->destip, prog, vers, port);
413
414 return (port);
415 }