1 /* $NetBSD: amq_svc.c,v 1.1.1.2 2009/03/20 20:26:49 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1997-2009 Erez Zadok 5 * Copyright (c) 1990 Jan-Simon Pendry 6 * Copyright (c) 1990 Imperial College of Science, Technology & Medicine 7 * Copyright (c) 1990 The Regents of the University of California. 8 * All rights reserved. 9 * 10 * This code is derived from software contributed to Berkeley by 11 * Jan-Simon Pendry at Imperial College, London. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. All advertising materials mentioning features or use of this software 22 * must display the following acknowledgment: 23 * This product includes software developed by the University of 24 * California, Berkeley and its contributors. 25 * 4. Neither the name of the University nor the names of its contributors 26 * may be used to endorse or promote products derived from this software 27 * without specific prior written permission. 28 * 29 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 32 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 39 * SUCH DAMAGE. 40 * 41 * 42 * File: am-utils/amd/amq_svc.c 43 * 44 */ 45 46 #ifdef HAVE_CONFIG_H 47 # include <config.h> 48 #endif /* HAVE_CONFIG_H */ 49 #include <am_defs.h> 50 #include <amd.h> 51 52 /* typedefs */ 53 typedef char *(*amqsvcproc_t)(voidp, struct svc_req *); 54 55 #if defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) 56 # ifdef NEED_LIBWRAP_SEVERITY_VARIABLES 57 /* 58 * Some systems that define libwrap already define these two variables 59 * in libwrap, while others don't: so I need to know precisely iff 60 * to define these two severity variables. 61 */ 62 int allow_severity=0, deny_severity=0, rfc931_timeout=0; 63 # endif /* NEED_LIBWRAP_SEVERITY_VARIABLES */ 64 65 /* 66 * check if remote amq is authorized to access this amd. 67 * Returns: 1=allowed, 0=denied. 68 */ 69 static int 70 amqsvc_is_client_allowed(const struct sockaddr_in *addr, char *remote) 71 { 72 struct hostent *h; 73 char *name = NULL, **ad; 74 int ret = 0; /* default is 0==denied */ 75 76 /* Check IP address */ 77 if (hosts_ctl(AMD_SERVICE_NAME, "", remote, "")) { 78 ret = 1; 79 goto out; 80 } 81 /* Get address */ 82 if (!(h = gethostbyaddr((const char *)&(addr->sin_addr), 83 sizeof(addr->sin_addr), 84 AF_INET))) 85 goto out; 86 if (!(name = strdup(h->h_name))) 87 goto out; 88 /* Paranoia check */ 89 if (!(h = gethostbyname(name))) 90 goto out; 91 for (ad = h->h_addr_list; *ad; ad++) 92 if (!memcmp(*ad, &(addr->sin_addr), h->h_length)) 93 break; 94 if (!*ad) 95 goto out; 96 if (hosts_ctl(AMD_SERVICE_NAME, "", h->h_name, "")) { 97 return 1; 98 goto out; 99 } 100 /* Check aliases */ 101 for (ad = h->h_aliases; *ad; ad++) 102 if (hosts_ctl(AMD_SERVICE_NAME, "", *ad, "")) { 103 return 1; 104 goto out; 105 } 106 107 out: 108 if (name) 109 XFREE(name); 110 return ret; 111 } 112 #endif /* defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) */ 113 114 115 /* 116 * Prepare the parent and child: 117 * 1) Setup IPC pipe. 118 * 2) Set signal masks. 119 * 3) Fork by calling background() so that NumChildren is updated. 120 */ 121 static int 122 amq_fork(opaque_t argp) 123 { 124 #ifdef HAVE_SIGACTION 125 sigset_t new, mask; 126 #else /* not HAVE_SIGACTION */ 127 int mask; 128 #endif /* not HAVE_SIGACTION */ 129 am_node *mp; 130 pid_t pid; 131 132 mp = find_ap(*(char **) argp); 133 if (mp == NULL) { 134 errno = 0; 135 return -1; 136 } 137 138 if (pipe(mp->am_fd) == -1) { 139 mp->am_fd[0] = -1; 140 mp->am_fd[1] = -1; 141 return -1; 142 } 143 144 #ifdef HAVE_SIGACTION 145 sigemptyset(&new); /* initialize signal set we wish to block */ 146 sigaddset(&new, SIGHUP); 147 sigaddset(&new, SIGINT); 148 sigaddset(&new, SIGQUIT); 149 sigaddset(&new, SIGCHLD); 150 sigprocmask(SIG_BLOCK, &new, &mask); 151 #else /* not HAVE_SIGACTION */ 152 mask = 153 sigmask(SIGHUP) | 154 sigmask(SIGINT) | 155 sigmask(SIGQUIT) | 156 sigmask(SIGCHLD); 157 mask = sigblock(mask); 158 #endif /* not HAVE_SIGACTION */ 159 160 switch ((pid = background())) { 161 case -1: /* error */ 162 dlog("amq_fork failed"); 163 return -1; 164 165 case 0: /* child */ 166 close(mp->am_fd[1]); /* close output end of pipe */ 167 mp->am_fd[1] = -1; 168 return 0; 169 170 default: /* parent */ 171 close(mp->am_fd[0]); /* close input end of pipe */ 172 mp->am_fd[0] = -1; 173 174 #ifdef HAVE_SIGACTION 175 sigprocmask(SIG_SETMASK, &mask, NULL); 176 #else /* not HAVE_SIGACTION */ 177 sigsetmask(mask); 178 #endif /* not HAVE_SIGACTION */ 179 return pid; 180 } 181 } 182 183 184 void 185 amq_program_1(struct svc_req *rqstp, SVCXPRT *transp) 186 { 187 union { 188 amq_string amqproc_mnttree_1_arg; 189 amq_string amqproc_umnt_1_arg; 190 amq_setopt amqproc_setopt_1_arg; 191 } argument; 192 char *result; 193 xdrproc_t xdr_argument, xdr_result; 194 amqsvcproc_t local; 195 amqsvcproc_t child; 196 amqsvcproc_t parent; 197 pid_t pid; 198 199 #if defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) 200 if (gopt.flags & CFM_USE_TCPWRAPPERS) { 201 struct sockaddr_in *remote_addr = svc_getcaller(rqstp->rq_xprt); 202 char *remote_hostname = inet_ntoa(remote_addr->sin_addr); 203 204 if (!amqsvc_is_client_allowed(remote_addr, remote_hostname)) { 205 plog(XLOG_WARNING, "Amd denied remote amq service to %s", remote_hostname); 206 svcerr_auth(transp, AUTH_FAILED); 207 return; 208 } else { 209 dlog("Amd allowed remote amq service to %s", remote_hostname); 210 } 211 } 212 #endif /* defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) */ 213 214 local = NULL; 215 child = NULL; 216 parent = NULL; 217 218 switch (rqstp->rq_proc) { 219 220 case AMQPROC_NULL: 221 xdr_argument = (xdrproc_t) xdr_void; 222 xdr_result = (xdrproc_t) xdr_void; 223 local = (amqsvcproc_t) amqproc_null_1_svc; 224 break; 225 226 case AMQPROC_MNTTREE: 227 xdr_argument = (xdrproc_t) xdr_amq_string; 228 xdr_result = (xdrproc_t) xdr_amq_mount_tree_p; 229 local = (amqsvcproc_t) amqproc_mnttree_1_svc; 230 break; 231 232 case AMQPROC_UMNT: 233 xdr_argument = (xdrproc_t) xdr_amq_string; 234 xdr_result = (xdrproc_t) xdr_void; 235 local = (amqsvcproc_t) amqproc_umnt_1_svc; 236 break; 237 238 case AMQPROC_STATS: 239 xdr_argument = (xdrproc_t) xdr_void; 240 xdr_result = (xdrproc_t) xdr_amq_mount_stats; 241 local = (amqsvcproc_t) amqproc_stats_1_svc; 242 break; 243 244 case AMQPROC_EXPORT: 245 xdr_argument = (xdrproc_t) xdr_void; 246 xdr_result = (xdrproc_t) xdr_amq_mount_tree_list; 247 local = (amqsvcproc_t) amqproc_export_1_svc; 248 break; 249 250 case AMQPROC_SETOPT: 251 xdr_argument = (xdrproc_t) xdr_amq_setopt; 252 xdr_result = (xdrproc_t) xdr_int; 253 local = (amqsvcproc_t) amqproc_setopt_1_svc; 254 break; 255 256 case AMQPROC_GETMNTFS: 257 xdr_argument = (xdrproc_t) xdr_void; 258 xdr_result = (xdrproc_t) xdr_amq_mount_info_qelem; 259 local = (amqsvcproc_t) amqproc_getmntfs_1_svc; 260 break; 261 262 case AMQPROC_GETVERS: 263 xdr_argument = (xdrproc_t) xdr_void; 264 xdr_result = (xdrproc_t) xdr_amq_string; 265 local = (amqsvcproc_t) amqproc_getvers_1_svc; 266 break; 267 268 case AMQPROC_GETPID: 269 xdr_argument = (xdrproc_t) xdr_void; 270 xdr_result = (xdrproc_t) xdr_int; 271 local = (amqsvcproc_t) amqproc_getpid_1_svc; 272 break; 273 274 case AMQPROC_PAWD: 275 xdr_argument = (xdrproc_t) xdr_amq_string; 276 xdr_result = (xdrproc_t) xdr_amq_string; 277 local = (amqsvcproc_t) amqproc_pawd_1_svc; 278 break; 279 280 case AMQPROC_SYNC_UMNT: 281 xdr_argument = (xdrproc_t) xdr_amq_string; 282 xdr_result = (xdrproc_t) xdr_amq_sync_umnt; 283 parent = (amqsvcproc_t) amqproc_sync_umnt_1_svc_parent; 284 child = (amqsvcproc_t) amqproc_sync_umnt_1_svc_child; 285 /* used if fork fails */ 286 local = (amqsvcproc_t) amqproc_sync_umnt_1_svc_async; 287 break; 288 289 default: 290 svcerr_noproc(transp); 291 return; 292 } 293 294 memset((char *) &argument, 0, sizeof(argument)); 295 if (!svc_getargs(transp, 296 (XDRPROC_T_TYPE) xdr_argument, 297 (SVC_IN_ARG_TYPE) & argument)) { 298 svcerr_decode(transp); 299 return; 300 } 301 302 pid = -1; 303 result = NULL; 304 305 if (child) { 306 switch ((pid = amq_fork(&argument))) { 307 case -1: /* error */ 308 break; 309 310 case 0: /* child */ 311 result = (*child) (&argument, rqstp); 312 local = NULL; 313 break; 314 315 default: /* parent */ 316 result = (*parent) (&argument, rqstp); 317 local = NULL; 318 break; 319 } 320 } 321 322 if (local) 323 result = (*local) (&argument, rqstp); 324 325 if (result != NULL && !svc_sendreply(transp, 326 (XDRPROC_T_TYPE) xdr_result, 327 result)) { 328 svcerr_systemerr(transp); 329 } 330 331 if (!svc_freeargs(transp, 332 (XDRPROC_T_TYPE) xdr_argument, 333 (SVC_IN_ARG_TYPE) & argument)) { 334 plog(XLOG_FATAL, "unable to free rpc arguments in amqprog_1"); 335 going_down(1); 336 } 337 338 if (pid == 0) 339 exit(0); /* the child is done! */ 340 } 341