1 /* $NetBSD: ypbind.c,v 1.100 2018/03/15 02:25:31 ginsbach Exp $ */ 2 3 /* 4 * Copyright (c) 1992, 1993 Theo de Raadt <deraadt@fsa.ca> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 17 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 #ifndef LINT 31 __RCSID("$NetBSD: ypbind.c,v 1.100 2018/03/15 02:25:31 ginsbach Exp $"); 32 #endif 33 34 #include <sys/types.h> 35 #include <sys/param.h> 36 #include <sys/file.h> 37 #include <sys/ioctl.h> 38 #include <sys/signal.h> 39 #include <sys/socket.h> 40 #include <sys/stat.h> 41 #include <sys/syslog.h> 42 #include <sys/uio.h> 43 #include <arpa/inet.h> 44 #include <net/if.h> 45 #include <ctype.h> 46 #include <dirent.h> 47 #include <err.h> 48 #include <errno.h> 49 #include <fcntl.h> 50 #include <ifaddrs.h> 51 #include <limits.h> 52 #include <netdb.h> 53 #include <signal.h> 54 #include <stdarg.h> 55 #include <stdio.h> 56 #include <stdlib.h> 57 #include <string.h> 58 #include <syslog.h> 59 #include <unistd.h> 60 #include <util.h> 61 62 #include <rpc/rpc.h> 63 #include <rpc/xdr.h> 64 #include <rpc/pmap_clnt.h> 65 #include <rpc/pmap_prot.h> 66 #include <rpc/pmap_rmt.h> 67 #include <rpcsvc/yp_prot.h> 68 #include <rpcsvc/ypclnt.h> 69 70 #include "pathnames.h" 71 72 #define YPSERVERSSUFF ".ypservers" 73 #define BINDINGDIR (_PATH_VAR_YP "binding") 74 75 #ifndef O_SHLOCK 76 #define O_SHLOCK 0 77 #endif 78 79 int _yp_invalid_domain(const char *); /* XXX libc internal */ 80 81 //////////////////////////////////////////////////////////// 82 // types and globals 83 84 typedef enum { 85 YPBIND_DIRECT, YPBIND_BROADCAST, 86 } ypbind_mode_t; 87 88 enum domainstates { 89 DOM_NEW, /* not yet bound */ 90 DOM_ALIVE, /* bound and healthy */ 91 DOM_PINGING, /* ping outstanding */ 92 DOM_LOST, /* binding timed out, looking for a new one */ 93 DOM_DEAD, /* long-term lost, in exponential backoff */ 94 }; 95 96 struct domain { 97 struct domain *dom_next; 98 99 char dom_name[YPMAXDOMAIN + 1]; 100 struct sockaddr_in dom_server_addr; 101 long dom_vers; 102 time_t dom_checktime; /* time of next check/contact */ 103 time_t dom_asktime; /* time we were last DOMAIN'd */ 104 time_t dom_losttime; /* time the binding was lost, or 0 */ 105 unsigned dom_backofftime; /* current backoff period, when DEAD */ 106 int dom_lockfd; 107 enum domainstates dom_state; 108 uint32_t dom_xid; 109 FILE *dom_serversfile; /* /var/yp/binding/foo.ypservers */ 110 int dom_been_ypset; /* ypset been done on this domain? */ 111 ypbind_mode_t dom_ypbindmode; /* broadcast or direct */ 112 }; 113 114 #define BUFSIZE 1400 115 116 /* the list of all domains */ 117 static struct domain *domains; 118 static int check; 119 120 /* option settings */ 121 static ypbind_mode_t default_ypbindmode; 122 static int allow_local_ypset = 0, allow_any_ypset = 0; 123 static int insecure; 124 125 /* the sockets we use to interact with servers */ 126 static int rpcsock, pingsock; 127 128 /* stuff used for manually interacting with servers */ 129 static struct rmtcallargs rmtca; 130 static struct rmtcallres rmtcr; 131 static bool_t rmtcr_outval; 132 static unsigned long rmtcr_port; 133 134 /* The ypbind service transports */ 135 static SVCXPRT *udptransp, *tcptransp; 136 137 /* set if we get SIGHUP */ 138 static sig_atomic_t hupped; 139 140 //////////////////////////////////////////////////////////// 141 // utilities 142 143 /* 144 * Combo of open() and flock(). 145 */ 146 static int 147 open_locked(const char *path, int flags, mode_t mode) 148 { 149 int fd; 150 151 fd = open(path, flags|O_SHLOCK, mode); 152 if (fd < 0) { 153 return -1; 154 } 155 #if O_SHLOCK == 0 156 /* dholland 20110522 wouldn't it be better to check this for error? */ 157 (void)flock(fd, LOCK_SH); 158 #endif 159 return fd; 160 } 161 162 /* 163 * Exponential backoff for pinging servers for a dead domain. 164 * 165 * We go 10 -> 20 -> 40 -> 60 seconds, then 2 -> 4 -> 8 -> 15 -> 30 -> 166 * 60 minutes, and stay at 60 minutes. This is overengineered. 167 * 168 * With a 60 minute max backoff the response time for when things come 169 * back is not awful, but we only try (and log) about 60 times even if 170 * things are down for a whole long weekend. This is an acceptable log 171 * load, I think. 172 */ 173 static void 174 backoff(unsigned *psecs) 175 { 176 unsigned secs; 177 178 secs = *psecs; 179 if (secs < 60) { 180 secs *= 2; 181 if (secs > 60) { 182 secs = 60; 183 } 184 } else if (secs < 60 * 15) { 185 secs *= 2; 186 if (secs > 60 * 15) { 187 secs = 60 * 15; 188 } 189 } else if (secs < 60 * 60) { 190 secs *= 2; 191 } 192 *psecs = secs; 193 } 194 195 //////////////////////////////////////////////////////////// 196 // logging 197 198 #ifdef DEBUG 199 #define DPRINTF(...) (debug ? (void)printf(__VA_ARGS__) : (void)0) 200 static int debug; 201 #else 202 #define DPRINTF(...) 203 #endif 204 205 static void yp_log(int, const char *, ...) __printflike(2, 3); 206 207 /* 208 * Log some stuff, to syslog or stderr depending on the debug setting. 209 */ 210 static void 211 yp_log(int pri, const char *fmt, ...) 212 { 213 va_list ap; 214 215 va_start(ap, fmt); 216 217 #if defined(DEBUG) 218 if (debug) { 219 (void)vprintf(fmt, ap); 220 (void)printf("\n"); 221 } else 222 #endif 223 vsyslog(pri, fmt, ap); 224 va_end(ap); 225 } 226 227 //////////////////////////////////////////////////////////// 228 // ypservers file 229 230 /* 231 * Get pathname for the ypservers file for a given domain 232 * (/var/yp/binding/DOMAIN.ypservers) 233 */ 234 static const char * 235 ypservers_filename(const char *domain) 236 { 237 static char ret[PATH_MAX]; 238 239 (void)snprintf(ret, sizeof(ret), "%s/%s%s", 240 BINDINGDIR, domain, YPSERVERSSUFF); 241 return ret; 242 } 243 244 //////////////////////////////////////////////////////////// 245 // struct domain 246 247 /* 248 * The state transitions of a domain work as follows: 249 * 250 * in state NEW: 251 * nag_servers every 5 seconds 252 * upon answer, state is ALIVE 253 * 254 * in state ALIVE: 255 * every 60 seconds, send ping and switch to state PINGING 256 * 257 * in state PINGING: 258 * upon answer, go to state ALIVE 259 * if no answer in 5 seconds, go to state LOST and do nag_servers 260 * 261 * in state LOST: 262 * do nag_servers every 5 seconds 263 * upon answer, go to state ALIVE 264 * if no answer in 60 seconds, go to state DEAD 265 * 266 * in state DEAD 267 * do nag_servers every backofftime seconds (starts at 10) 268 * upon answer go to state ALIVE 269 * backofftime doubles (approximately) each try, with a cap of 1 hour 270 */ 271 272 /* 273 * Look up a domain by the XID we assigned it. 274 */ 275 static struct domain * 276 domain_find(uint32_t xid) 277 { 278 struct domain *dom; 279 280 for (dom = domains; dom != NULL; dom = dom->dom_next) 281 if (dom->dom_xid == xid) 282 break; 283 return dom; 284 } 285 286 /* 287 * Pick an XID for a domain. 288 * 289 * XXX: this should just generate a random number. 290 */ 291 static uint32_t 292 unique_xid(struct domain *dom) 293 { 294 uint32_t tmp_xid; 295 296 tmp_xid = ((uint32_t)(unsigned long)dom) & 0xffffffff; 297 while (domain_find(tmp_xid) != NULL) 298 tmp_xid++; 299 300 return tmp_xid; 301 } 302 303 /* 304 * Construct a new domain. Adds it to the global linked list of all 305 * domains. 306 */ 307 static struct domain * 308 domain_create(const char *name) 309 { 310 struct domain *dom; 311 const char *pathname; 312 struct stat st; 313 314 dom = malloc(sizeof *dom); 315 if (dom == NULL) { 316 yp_log(LOG_ERR, "domain_create: Out of memory"); 317 return NULL; 318 } 319 320 dom->dom_next = NULL; 321 322 (void)strlcpy(dom->dom_name, name, sizeof(dom->dom_name)); 323 (void)memset(&dom->dom_server_addr, 0, sizeof(dom->dom_server_addr)); 324 dom->dom_vers = YPVERS; 325 dom->dom_checktime = 0; 326 dom->dom_asktime = 0; 327 dom->dom_losttime = 0; 328 dom->dom_backofftime = 10; 329 dom->dom_lockfd = -1; 330 dom->dom_state = DOM_NEW; 331 dom->dom_xid = unique_xid(dom); 332 dom->dom_been_ypset = 0; 333 dom->dom_serversfile = NULL; 334 335 /* 336 * Per traditional ypbind(8) semantics, if a ypservers 337 * file does not exist, we revert to broadcast mode. 338 * 339 * The sysadmin can force broadcast mode by passing the 340 * -broadcast flag. There is currently no way to fail and 341 * reject domains for which there is no ypservers file. 342 */ 343 dom->dom_ypbindmode = default_ypbindmode; 344 if (dom->dom_ypbindmode == YPBIND_DIRECT) { 345 pathname = ypservers_filename(dom->dom_name); 346 if (stat(pathname, &st) < 0) { 347 /* XXX syslog a warning here? */ 348 DPRINTF("%s does not exist, defaulting to broadcast\n", 349 pathname); 350 dom->dom_ypbindmode = YPBIND_BROADCAST; 351 } 352 } 353 354 /* add to global list */ 355 dom->dom_next = domains; 356 domains = dom; 357 358 return dom; 359 } 360 361 //////////////////////////////////////////////////////////// 362 // locks 363 364 /* 365 * Open a new binding file. Does not write the contents out; the 366 * caller (there's only one) does that. 367 */ 368 static int 369 makelock(struct domain *dom) 370 { 371 int fd; 372 char path[MAXPATHLEN]; 373 374 (void)snprintf(path, sizeof(path), "%s/%s.%ld", BINDINGDIR, 375 dom->dom_name, dom->dom_vers); 376 377 fd = open_locked(path, O_CREAT|O_RDWR|O_TRUNC, 0644); 378 if (fd == -1) { 379 (void)mkdir(BINDINGDIR, 0755); 380 fd = open_locked(path, O_CREAT|O_RDWR|O_TRUNC, 0644); 381 if (fd == -1) { 382 return -1; 383 } 384 } 385 386 return fd; 387 } 388 389 /* 390 * Remove a binding file. 391 */ 392 static void 393 removelock(struct domain *dom) 394 { 395 char path[MAXPATHLEN]; 396 397 (void)snprintf(path, sizeof(path), "%s/%s.%ld", 398 BINDINGDIR, dom->dom_name, dom->dom_vers); 399 (void)unlink(path); 400 } 401 402 /* 403 * purge_bindingdir: remove old binding files (i.e. "rm *.[0-9]" in BINDINGDIR) 404 * 405 * The local YP functions [e.g. yp_master()] will fail without even 406 * talking to ypbind if there is a stale (non-flock'd) binding file 407 * present. 408 * 409 * We have to remove all binding files in BINDINGDIR, not just the one 410 * for the default domain. 411 */ 412 static int 413 purge_bindingdir(const char *dirpath) 414 { 415 DIR *dirp; 416 int unlinkedfiles, l; 417 struct dirent *dp; 418 char pathname[MAXPATHLEN]; 419 420 if ((dirp = opendir(dirpath)) == NULL) 421 return(-1); /* at this point, shouldn't ever happen */ 422 423 do { 424 unlinkedfiles = 0; 425 while ((dp = readdir(dirp)) != NULL) { 426 l = dp->d_namlen; 427 /* 'rm *.[0-9]' */ 428 if (l > 2 && dp->d_name[l-2] == '.' && 429 dp->d_name[l-1] >= '0' && dp->d_name[l-1] <= '9') { 430 (void)snprintf(pathname, sizeof(pathname), 431 "%s/%s", dirpath, dp->d_name); 432 if (unlink(pathname) < 0 && errno != ENOENT) 433 return(-1); 434 unlinkedfiles++; 435 } 436 } 437 438 /* rescan dir if we removed it */ 439 if (unlinkedfiles) 440 rewinddir(dirp); 441 442 } while (unlinkedfiles); 443 444 closedir(dirp); 445 return(0); 446 } 447 448 //////////////////////////////////////////////////////////// 449 // sunrpc twaddle 450 451 /* 452 * Check if the info coming in is (at least somewhat) valid. 453 */ 454 static int 455 rpc_is_valid_response(char *name, struct sockaddr_in *addr) 456 { 457 if (name == NULL) { 458 return 0; 459 } 460 461 if (_yp_invalid_domain(name)) { 462 return 0; 463 } 464 465 /* don't support insecure servers by default */ 466 if (!insecure && ntohs(addr->sin_port) >= IPPORT_RESERVED) { 467 return 0; 468 } 469 470 return 1; 471 } 472 473 /* 474 * Take note of the fact that we've received a reply from a ypserver. 475 * Or, in the case of being ypset, that we've been ypset, which 476 * functions much the same. 477 * 478 * Note that FORCE is set if and only if IS_YPSET is set. 479 * 480 * This function has also for the past 20+ years carried the annotation 481 * 482 * LOOPBACK IS MORE IMPORTANT: PUT IN HACK 483 * 484 * whose meaning isn't entirely clear. 485 */ 486 static int 487 rpc_received(char *dom_name, struct sockaddr_in *raddrp, int force, 488 int is_ypset) 489 { 490 struct domain *dom; 491 struct iovec iov[2]; 492 struct ypbind_resp ybr; 493 ssize_t result; 494 int fd; 495 496 DPRINTF("returned from %s about %s\n", 497 inet_ntoa(raddrp->sin_addr), dom_name); 498 499 /* validate some stuff */ 500 if (!rpc_is_valid_response(dom_name, raddrp)) { 501 return 0; 502 } 503 504 /* look for the domain */ 505 for (dom = domains; dom != NULL; dom = dom->dom_next) 506 if (!strcmp(dom->dom_name, dom_name)) 507 break; 508 509 /* if not found, create it, but only if FORCE; otherwise ignore */ 510 if (dom == NULL) { 511 if (force == 0) 512 return 0; 513 dom = domain_create(dom_name); 514 if (dom == NULL) 515 return 0; 516 } 517 518 /* the domain needs to know if it's been explicitly ypset */ 519 if (is_ypset) { 520 dom->dom_been_ypset = 1; 521 } 522 523 /* 524 * If the domain is alive and we aren't being called by ypset, 525 * we shouldn't be getting a response at all. Log it, as it 526 * might be hostile. 527 */ 528 if (dom->dom_state == DOM_ALIVE && force == 0) { 529 if (!memcmp(&dom->dom_server_addr, raddrp, 530 sizeof(dom->dom_server_addr))) { 531 yp_log(LOG_WARNING, 532 "Unexpected reply from server %s for domain %s", 533 inet_ntoa(dom->dom_server_addr.sin_addr), 534 dom->dom_name); 535 } else { 536 yp_log(LOG_WARNING, 537 "Falsified reply from %s for domain %s", 538 inet_ntoa(dom->dom_server_addr.sin_addr), 539 dom->dom_name); 540 } 541 return 0; 542 } 543 544 /* 545 * If we're expected a ping response, and we've got it 546 * (meaning we aren't being called by ypset), we don't need to 547 * do anything. 548 */ 549 if (dom->dom_state == DOM_PINGING && force == 0) { 550 /* 551 * If the reply came from the server we expect, set 552 * dom_state back to ALIVE and ping again in 60 553 * seconds. 554 * 555 * If it came from somewhere else, log it. 556 */ 557 if (!memcmp(&dom->dom_server_addr, raddrp, 558 sizeof(dom->dom_server_addr))) { 559 dom->dom_state = DOM_ALIVE; 560 /* recheck binding in 60 sec */ 561 dom->dom_checktime = time(NULL) + 60; 562 } else { 563 yp_log(LOG_WARNING, 564 "Falsified reply from %s for domain %s", 565 inet_ntoa(dom->dom_server_addr.sin_addr), 566 dom->dom_name); 567 } 568 return 0; 569 } 570 571 #ifdef HEURISTIC 572 /* 573 * If transitioning to the alive state from a non-alive state, 574 * clear dom_asktime. This will help prevent any requests that 575 * are still coming in from triggering unnecessary pings via 576 * the HEURISTIC code. 577 * 578 * XXX: this may not be an adequate measure; we may need to 579 * keep more state so we can disable the HEURISTIC code for 580 * the first few seconds after rebinding. 581 */ 582 if (dom->dom_state == DOM_NEW || 583 dom->dom_state == DOM_LOST || 584 dom->dom_state == DOM_DEAD) { 585 dom->dom_asktime = 0; 586 } 587 #endif 588 589 /* 590 * Take the address we got the message from (or in the case of 591 * ypset, the explicit address we were given) as the server 592 * address for this domain, mark the domain alive, and we'll 593 * check it again in 60 seconds. 594 * 595 * XXX: it looks like if we get a random unsolicited reply 596 * from somewhere, we'll silently switch to that server 597 * address, regardless of merit. 598 * 599 * 1. If we have a foo.ypservers file the address should be 600 * checked against it and rejected if it's not one of the 601 * addresses of one of the listed hostnames. Note that it 602 * might not be the same address we sent to; even fairly smart 603 * UDP daemons don't always handle multihomed hosts correctly 604 * and we can't expect sunrpc code to do anything intelligent 605 * at all. 606 * 607 * 2. If we're in broadcast mode the address should be 608 * checked against the local addresses and netmasks so we 609 * don't accept responses from Mars. 610 * 611 * 2a. If we're in broadcast mode and we've been ypset, we 612 * should not accept anything else until we drop the ypset 613 * state for not responding. 614 * 615 * 3. Either way we should not accept a response from an 616 * arbitrary host unless we don't currently have a binding. 617 * (This is now fixed above.) 618 * 619 * Note that for a random unsolicited reply to work it has to 620 * carry the XID of one of the domains we know about; but 621 * those values are predictable. 622 */ 623 (void)memcpy(&dom->dom_server_addr, raddrp, 624 sizeof(dom->dom_server_addr)); 625 /* recheck binding in 60 seconds */ 626 dom->dom_checktime = time(NULL) + 60; 627 dom->dom_state = DOM_ALIVE; 628 629 /* Clear the dead/backoff state. */ 630 dom->dom_losttime = 0; 631 dom->dom_backofftime = 10; 632 633 if (is_ypset == 0) { 634 yp_log(LOG_NOTICE, "Domain %s is alive; server %s", 635 dom->dom_name, 636 inet_ntoa(dom->dom_server_addr.sin_addr)); 637 } 638 639 /* 640 * Generate a new binding file. If this fails, forget about it. 641 * (But we keep the binding and we'll report it to anyone who 642 * asks via the ypbind service.) XXX: this will interact badly, 643 * maybe very badly, with the code in HEURISTIC. 644 * 645 * Note that makelock() doesn't log on failure. 646 */ 647 648 if (dom->dom_lockfd != -1) 649 (void)close(dom->dom_lockfd); 650 651 if ((fd = makelock(dom)) == -1) 652 return 0; 653 654 dom->dom_lockfd = fd; 655 656 iov[0].iov_base = &(udptransp->xp_port); 657 iov[0].iov_len = sizeof udptransp->xp_port; 658 iov[1].iov_base = &ybr; 659 iov[1].iov_len = sizeof ybr; 660 661 (void)memset(&ybr, 0, sizeof ybr); 662 ybr.ypbind_status = YPBIND_SUCC_VAL; 663 ybr.ypbind_respbody.ypbind_bindinfo.ypbind_binding_addr = 664 raddrp->sin_addr; 665 ybr.ypbind_respbody.ypbind_bindinfo.ypbind_binding_port = 666 raddrp->sin_port; 667 668 result = writev(dom->dom_lockfd, iov, 2); 669 if (result < 0 || (size_t)result != iov[0].iov_len + iov[1].iov_len) { 670 if (result < 0) 671 yp_log(LOG_WARNING, "writev: %s", strerror(errno)); 672 else 673 yp_log(LOG_WARNING, "writev: short count"); 674 (void)close(dom->dom_lockfd); 675 removelock(dom); 676 dom->dom_lockfd = -1; 677 return 0; 678 } 679 680 return 1; 681 } 682 683 /* 684 * The NULL call: do nothing. This is obliged to exist because of 685 * sunrpc silliness. 686 */ 687 static void * 688 /*ARGSUSED*/ 689 ypbindproc_null_2(SVCXPRT *transp, void *argp) 690 { 691 static char res; 692 693 DPRINTF("ypbindproc_null_2\n"); 694 (void)memset(&res, 0, sizeof(res)); 695 return (void *)&res; 696 } 697 698 /* 699 * The DOMAIN call: look up the ypserver for a specified domain. 700 */ 701 static void * 702 /*ARGSUSED*/ 703 ypbindproc_domain_2(SVCXPRT *transp, void *argp) 704 { 705 static struct ypbind_resp res; 706 struct domain *dom; 707 char *arg = *(char **) argp; 708 time_t now; 709 int count; 710 711 DPRINTF("ypbindproc_domain_2 %s\n", arg); 712 713 (void)memset(&res, 0, sizeof res); 714 res.ypbind_status = YPBIND_FAIL_VAL; 715 716 /* Reject invalid domains. */ 717 if (_yp_invalid_domain(arg)) { 718 res.ypbind_respbody.ypbind_error = YPBIND_ERR_NOSERV; 719 return &res; 720 } 721 722 /* 723 * Look for the domain. XXX: Behave erratically if we have 724 * more than 100 domains. The intent here is to avoid allowing 725 * arbitrary incoming requests to create more than 100 726 * domains; but this logic means that if we legitimately have 727 * more than 100 (e.g. via ypset) we'll only actually bind the 728 * first 100 and the rest will fail. The test on 'count' should 729 * be moved further down. 730 */ 731 for (count = 0, dom = domains; 732 dom != NULL; 733 dom = dom->dom_next, count++) { 734 if (count > 100) { 735 res.ypbind_respbody.ypbind_error = YPBIND_ERR_RESC; 736 return &res; /* prevent denial of service */ 737 } 738 if (!strcmp(dom->dom_name, arg)) 739 break; 740 } 741 742 /* 743 * If the domain doesn't exist, create it, then fail the call 744 * because we have no information yet. 745 * 746 * Set "check" so that checkwork() will run and look for a 747 * server. 748 * 749 * XXX: like during startup there's a spurious call to 750 * removelock() after domain_create(). 751 */ 752 if (dom == NULL) { 753 dom = domain_create(arg); 754 if (dom != NULL) { 755 removelock(dom); 756 check++; 757 DPRINTF("unknown domain %s\n", arg); 758 res.ypbind_respbody.ypbind_error = YPBIND_ERR_NOSERV; 759 } else { 760 res.ypbind_respbody.ypbind_error = YPBIND_ERR_RESC; 761 } 762 return &res; 763 } 764 765 if (dom->dom_state == DOM_NEW) { 766 DPRINTF("new domain %s\n", arg); 767 res.ypbind_respbody.ypbind_error = YPBIND_ERR_NOSERV; 768 return &res; 769 } 770 771 #ifdef HEURISTIC 772 /* 773 * Keep track of the last time we were explicitly asked about 774 * this domain. If it happens a lot, force a ping. This works 775 * (or "works") because we only get asked specifically when 776 * things aren't going; otherwise the client code in libc and 777 * elsewhere uses the binding file. 778 * 779 * Note: HEURISTIC is enabled by default. 780 * 781 * dholland 20140609: I think this is part of the mechanism 782 * that causes ypbind to spam. I'm changing this logic so it 783 * only triggers when the state is DOM_ALIVE: if the domain 784 * is new, lost, or dead we shouldn't send more requests than 785 * the ones already scheduled, and if we're already in the 786 * middle of pinging there's no point doing it again. 787 */ 788 (void)time(&now); 789 if (dom->dom_state == DOM_ALIVE && now < dom->dom_asktime + 5) { 790 /* 791 * Hmm. More than 2 requests in 5 seconds have indicated 792 * that my binding is possibly incorrect. 793 * Ok, do an immediate poll of the server. 794 */ 795 if (dom->dom_checktime >= now) { 796 /* don't flood it */ 797 dom->dom_checktime = 0; 798 check++; 799 } 800 } 801 dom->dom_asktime = now; 802 #endif 803 804 res.ypbind_status = YPBIND_SUCC_VAL; 805 res.ypbind_respbody.ypbind_bindinfo.ypbind_binding_addr.s_addr = 806 dom->dom_server_addr.sin_addr.s_addr; 807 res.ypbind_respbody.ypbind_bindinfo.ypbind_binding_port = 808 dom->dom_server_addr.sin_port; 809 DPRINTF("domain %s at %s/%d\n", dom->dom_name, 810 inet_ntoa(dom->dom_server_addr.sin_addr), 811 ntohs(dom->dom_server_addr.sin_port)); 812 return &res; 813 } 814 815 /* 816 * The SETDOM call: ypset. 817 * 818 * Unless -ypsetme was given on the command line, this is rejected; 819 * even then it's only allowed from localhost unless -ypset was 820 * given on the command line. 821 * 822 * Allowing anyone anywhere to ypset you (and therefore provide your 823 * password file and such) is a horrible thing and it isn't clear to 824 * me why this functionality even exists. 825 * 826 * ypset from localhost has some but limited utility. 827 */ 828 static void * 829 ypbindproc_setdom_2(SVCXPRT *transp, void *argp) 830 { 831 struct ypbind_setdom *sd = argp; 832 struct sockaddr_in *fromsin, bindsin; 833 static bool_t res; 834 835 (void)memset(&res, 0, sizeof(res)); 836 fromsin = svc_getcaller(transp); 837 DPRINTF("ypbindproc_setdom_2 from %s\n", inet_ntoa(fromsin->sin_addr)); 838 839 /* 840 * Reject unless enabled. 841 */ 842 843 if (allow_any_ypset) { 844 /* nothing */ 845 } else if (allow_local_ypset) { 846 if (fromsin->sin_addr.s_addr != htonl(INADDR_LOOPBACK)) { 847 DPRINTF("ypset denied from %s\n", 848 inet_ntoa(fromsin->sin_addr)); 849 return NULL; 850 } 851 } else { 852 DPRINTF("ypset denied\n"); 853 return NULL; 854 } 855 856 /* Make a "security" check. */ 857 if (ntohs(fromsin->sin_port) >= IPPORT_RESERVED) { 858 DPRINTF("ypset from unprivileged port denied\n"); 859 return &res; 860 } 861 862 /* Ignore requests we don't understand. */ 863 if (sd->ypsetdom_vers != YPVERS) { 864 DPRINTF("ypset with wrong version denied\n"); 865 return &res; 866 } 867 868 /* 869 * Fetch the arguments out of the xdr-decoded blob and call 870 * rpc_received(), setting FORCE so that the domain will be 871 * created if we don't already know about it, and also saying 872 * that it's actually a ypset. 873 * 874 * Effectively we're telilng rpc_received() that we got an 875 * RPC response from the server specified by ypset. 876 */ 877 (void)memset(&bindsin, 0, sizeof bindsin); 878 bindsin.sin_family = AF_INET; 879 bindsin.sin_len = sizeof(bindsin); 880 bindsin.sin_addr = sd->ypsetdom_addr; 881 bindsin.sin_port = sd->ypsetdom_port; 882 if (rpc_received(sd->ypsetdom_domain, &bindsin, 1, 1)) { 883 DPRINTF("ypset to %s for domain %s succeeded\n", 884 inet_ntoa(bindsin.sin_addr), sd->ypsetdom_domain); 885 res = 1; 886 } 887 888 return &res; 889 } 890 891 /* 892 * Dispatcher for the ypbind service. 893 * 894 * There are three calls: NULL, which does nothing, DOMAIN, which 895 * gets the binding for a particular domain, and SETDOM, which 896 * does ypset. 897 */ 898 static void 899 ypbindprog_2(struct svc_req *rqstp, register SVCXPRT *transp) 900 { 901 union { 902 char ypbindproc_domain_2_arg[YPMAXDOMAIN + 1]; 903 struct ypbind_setdom ypbindproc_setdom_2_arg; 904 void *alignment; 905 } argument; 906 struct authunix_parms *creds; 907 char *result; 908 xdrproc_t xdr_argument, xdr_result; 909 void *(*local)(SVCXPRT *, void *); 910 911 switch (rqstp->rq_proc) { 912 case YPBINDPROC_NULL: 913 xdr_argument = (xdrproc_t)xdr_void; 914 xdr_result = (xdrproc_t)xdr_void; 915 local = ypbindproc_null_2; 916 break; 917 918 case YPBINDPROC_DOMAIN: 919 xdr_argument = (xdrproc_t)xdr_ypdomain_wrap_string; 920 xdr_result = (xdrproc_t)xdr_ypbind_resp; 921 local = ypbindproc_domain_2; 922 break; 923 924 case YPBINDPROC_SETDOM: 925 switch (rqstp->rq_cred.oa_flavor) { 926 case AUTH_UNIX: 927 creds = (struct authunix_parms *)rqstp->rq_clntcred; 928 if (creds->aup_uid != 0) { 929 svcerr_auth(transp, AUTH_BADCRED); 930 return; 931 } 932 break; 933 default: 934 svcerr_auth(transp, AUTH_TOOWEAK); 935 return; 936 } 937 938 xdr_argument = (xdrproc_t)xdr_ypbind_setdom; 939 xdr_result = (xdrproc_t)xdr_void; 940 local = ypbindproc_setdom_2; 941 break; 942 943 default: 944 svcerr_noproc(transp); 945 return; 946 } 947 (void)memset(&argument, 0, sizeof(argument)); 948 if (!svc_getargs(transp, xdr_argument, (caddr_t)(void *)&argument)) { 949 svcerr_decode(transp); 950 return; 951 } 952 result = (*local)(transp, &argument); 953 if (result != NULL && !svc_sendreply(transp, xdr_result, result)) { 954 svcerr_systemerr(transp); 955 } 956 return; 957 } 958 959 /* 960 * Set up sunrpc stuff. 961 * 962 * This sets up the ypbind service (both TCP and UDP) and also opens 963 * the sockets we use for talking to ypservers. 964 */ 965 static void 966 sunrpc_setup(void) 967 { 968 int one; 969 970 (void)pmap_unset(YPBINDPROG, YPBINDVERS); 971 972 udptransp = svcudp_create(RPC_ANYSOCK); 973 if (udptransp == NULL) 974 errx(1, "Cannot create udp service."); 975 976 if (!svc_register(udptransp, YPBINDPROG, YPBINDVERS, ypbindprog_2, 977 IPPROTO_UDP)) 978 errx(1, "Unable to register (YPBINDPROG, YPBINDVERS, udp)."); 979 980 tcptransp = svctcp_create(RPC_ANYSOCK, 0, 0); 981 if (tcptransp == NULL) 982 errx(1, "Cannot create tcp service."); 983 984 if (!svc_register(tcptransp, YPBINDPROG, YPBINDVERS, ypbindprog_2, 985 IPPROTO_TCP)) 986 errx(1, "Unable to register (YPBINDPROG, YPBINDVERS, tcp)."); 987 988 /* XXX use SOCK_STREAM for direct queries? */ 989 if ((rpcsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) 990 err(1, "rpc socket"); 991 if ((pingsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) 992 err(1, "ping socket"); 993 994 (void)fcntl(rpcsock, F_SETFL, fcntl(rpcsock, F_GETFL, 0) | FNDELAY); 995 (void)fcntl(pingsock, F_SETFL, fcntl(pingsock, F_GETFL, 0) | FNDELAY); 996 997 one = 1; 998 (void)setsockopt(rpcsock, SOL_SOCKET, SO_BROADCAST, &one, 999 (socklen_t)sizeof(one)); 1000 rmtca.prog = YPPROG; 1001 rmtca.vers = YPVERS; 1002 rmtca.proc = YPPROC_DOMAIN_NONACK; 1003 rmtca.xdr_args = NULL; /* set at call time */ 1004 rmtca.args_ptr = NULL; /* set at call time */ 1005 rmtcr.port_ptr = &rmtcr_port; 1006 rmtcr.xdr_results = (xdrproc_t)xdr_bool; 1007 rmtcr.results_ptr = (caddr_t)(void *)&rmtcr_outval; 1008 } 1009 1010 //////////////////////////////////////////////////////////// 1011 // operational logic 1012 1013 /* 1014 * Broadcast an RPC packet to hopefully contact some servers for a 1015 * domain. 1016 */ 1017 static int 1018 broadcast(char *buf, int outlen) 1019 { 1020 struct ifaddrs *ifap, *ifa; 1021 struct sockaddr_in bindsin; 1022 struct in_addr in; 1023 1024 (void)memset(&bindsin, 0, sizeof bindsin); 1025 bindsin.sin_family = AF_INET; 1026 bindsin.sin_len = sizeof(bindsin); 1027 bindsin.sin_port = htons(PMAPPORT); 1028 1029 if (getifaddrs(&ifap) != 0) { 1030 yp_log(LOG_WARNING, "broadcast: getifaddrs: %s", 1031 strerror(errno)); 1032 return (-1); 1033 } 1034 for (ifa = ifap; ifa; ifa = ifa->ifa_next) { 1035 if (ifa->ifa_addr->sa_family != AF_INET) 1036 continue; 1037 if ((ifa->ifa_flags & IFF_UP) == 0) 1038 continue; 1039 1040 switch (ifa->ifa_flags & (IFF_LOOPBACK | IFF_BROADCAST)) { 1041 case IFF_BROADCAST: 1042 if (!ifa->ifa_broadaddr) 1043 continue; 1044 if (ifa->ifa_broadaddr->sa_family != AF_INET) 1045 continue; 1046 in = ((struct sockaddr_in *)(void *)ifa->ifa_broadaddr)->sin_addr; 1047 break; 1048 case IFF_LOOPBACK: 1049 in = ((struct sockaddr_in *)(void *)ifa->ifa_addr)->sin_addr; 1050 break; 1051 default: 1052 continue; 1053 } 1054 1055 bindsin.sin_addr = in; 1056 DPRINTF("broadcast %x\n", bindsin.sin_addr.s_addr); 1057 if (sendto(rpcsock, buf, outlen, 0, 1058 (struct sockaddr *)(void *)&bindsin, 1059 (socklen_t)bindsin.sin_len) == -1) 1060 yp_log(LOG_WARNING, "broadcast: sendto: %s", 1061 strerror(errno)); 1062 } 1063 freeifaddrs(ifap); 1064 return (0); 1065 } 1066 1067 /* 1068 * Send an RPC packet to all the configured (in /var/yp/foo.ypservers) 1069 * servers for a domain. 1070 * 1071 * XXX: we should read and parse the file up front and reread it only 1072 * if it changes. 1073 */ 1074 static int 1075 direct(char *buf, int outlen, struct domain *dom) 1076 { 1077 const char *path; 1078 char line[_POSIX2_LINE_MAX]; 1079 char *p; 1080 struct hostent *hp; 1081 struct sockaddr_in bindsin; 1082 int i, count = 0; 1083 1084 /* 1085 * XXX what happens if someone's editor unlinks and replaces 1086 * the servers file? 1087 */ 1088 1089 if (dom->dom_serversfile != NULL) { 1090 rewind(dom->dom_serversfile); 1091 } else { 1092 path = ypservers_filename(dom->dom_name); 1093 dom->dom_serversfile = fopen(path, "r"); 1094 if (dom->dom_serversfile == NULL) { 1095 /* 1096 * XXX there should be a time restriction on 1097 * this (and/or on trying the open) so we 1098 * don't flood the log. Or should we fall back 1099 * to broadcast mode? 1100 */ 1101 yp_log(LOG_ERR, "%s: %s", path, 1102 strerror(errno)); 1103 return -1; 1104 } 1105 } 1106 1107 (void)memset(&bindsin, 0, sizeof bindsin); 1108 bindsin.sin_family = AF_INET; 1109 bindsin.sin_len = sizeof(bindsin); 1110 bindsin.sin_port = htons(PMAPPORT); 1111 1112 while (fgets(line, (int)sizeof(line), dom->dom_serversfile) != NULL) { 1113 /* skip lines that are too big */ 1114 p = strchr(line, '\n'); 1115 if (p == NULL) { 1116 int c; 1117 1118 while ((c = getc(dom->dom_serversfile)) != '\n' && c != EOF) 1119 ; 1120 continue; 1121 } 1122 *p = '\0'; 1123 p = line; 1124 while (isspace((unsigned char)*p)) 1125 p++; 1126 if (*p == '#') 1127 continue; 1128 hp = gethostbyname(p); 1129 if (!hp) { 1130 yp_log(LOG_WARNING, "%s: %s", p, hstrerror(h_errno)); 1131 continue; 1132 } 1133 /* step through all addresses in case first is unavailable */ 1134 for (i = 0; hp->h_addr_list[i]; i++) { 1135 (void)memcpy(&bindsin.sin_addr, hp->h_addr_list[0], 1136 hp->h_length); 1137 if (sendto(rpcsock, buf, outlen, 0, 1138 (struct sockaddr *)(void *)&bindsin, 1139 (socklen_t)sizeof(bindsin)) < 0) { 1140 yp_log(LOG_WARNING, "direct: sendto: %s", 1141 strerror(errno)); 1142 continue; 1143 } else 1144 count++; 1145 } 1146 } 1147 if (!count) { 1148 yp_log(LOG_WARNING, "No contactable servers found in %s", 1149 ypservers_filename(dom->dom_name)); 1150 return -1; 1151 } 1152 return 0; 1153 } 1154 1155 /* 1156 * Send an RPC packet to the server that's been selected with ypset. 1157 * (This is only used when in broadcast mode and when ypset is 1158 * allowed.) 1159 */ 1160 static int 1161 direct_set(char *buf, int outlen, struct domain *dom) 1162 { 1163 struct sockaddr_in bindsin; 1164 char path[MAXPATHLEN]; 1165 struct iovec iov[2]; 1166 struct ypbind_resp ybr; 1167 SVCXPRT dummy_svc; 1168 int fd; 1169 ssize_t bytes; 1170 1171 /* 1172 * Gack, we lose if binding file went away. We reset 1173 * "been_set" if this happens, otherwise we'll never 1174 * bind again. 1175 */ 1176 (void)snprintf(path, sizeof(path), "%s/%s.%ld", BINDINGDIR, 1177 dom->dom_name, dom->dom_vers); 1178 1179 fd = open_locked(path, O_RDONLY, 0644); 1180 if (fd == -1) { 1181 yp_log(LOG_WARNING, "%s: %s", path, strerror(errno)); 1182 dom->dom_been_ypset = 0; 1183 return -1; 1184 } 1185 1186 /* Read the binding file... */ 1187 iov[0].iov_base = &(dummy_svc.xp_port); 1188 iov[0].iov_len = sizeof(dummy_svc.xp_port); 1189 iov[1].iov_base = &ybr; 1190 iov[1].iov_len = sizeof(ybr); 1191 bytes = readv(fd, iov, 2); 1192 (void)close(fd); 1193 if (bytes <0 || (size_t)bytes != (iov[0].iov_len + iov[1].iov_len)) { 1194 /* Binding file corrupt? */ 1195 if (bytes < 0) 1196 yp_log(LOG_WARNING, "%s: %s", path, strerror(errno)); 1197 else 1198 yp_log(LOG_WARNING, "%s: short read", path); 1199 dom->dom_been_ypset = 0; 1200 return -1; 1201 } 1202 1203 bindsin.sin_addr = 1204 ybr.ypbind_respbody.ypbind_bindinfo.ypbind_binding_addr; 1205 1206 if (sendto(rpcsock, buf, outlen, 0, 1207 (struct sockaddr *)(void *)&bindsin, 1208 (socklen_t)sizeof(bindsin)) < 0) { 1209 yp_log(LOG_WARNING, "direct_set: sendto: %s", strerror(errno)); 1210 return -1; 1211 } 1212 1213 return 0; 1214 } 1215 1216 /* 1217 * Receive and dispatch packets on the general RPC socket. 1218 */ 1219 static enum clnt_stat 1220 handle_replies(void) 1221 { 1222 char buf[BUFSIZE]; 1223 socklen_t fromlen; 1224 ssize_t inlen; 1225 struct domain *dom; 1226 struct sockaddr_in raddr; 1227 struct rpc_msg msg; 1228 XDR xdr; 1229 1230 recv_again: 1231 DPRINTF("handle_replies receiving\n"); 1232 (void)memset(&xdr, 0, sizeof(xdr)); 1233 (void)memset(&msg, 0, sizeof(msg)); 1234 msg.acpted_rply.ar_verf = _null_auth; 1235 msg.acpted_rply.ar_results.where = (caddr_t)(void *)&rmtcr; 1236 msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_rmtcallres; 1237 1238 try_again: 1239 fromlen = sizeof(struct sockaddr); 1240 inlen = recvfrom(rpcsock, buf, sizeof buf, 0, 1241 (struct sockaddr *)(void *)&raddr, &fromlen); 1242 if (inlen < 0) { 1243 if (errno == EINTR) 1244 goto try_again; 1245 DPRINTF("handle_replies: recvfrom failed (%s)\n", 1246 strerror(errno)); 1247 return RPC_CANTRECV; 1248 } 1249 if ((size_t)inlen < sizeof(uint32_t)) 1250 goto recv_again; 1251 1252 /* 1253 * see if reply transaction id matches sent id. 1254 * If so, decode the results. 1255 */ 1256 xdrmem_create(&xdr, buf, (unsigned)inlen, XDR_DECODE); 1257 if (xdr_replymsg(&xdr, &msg)) { 1258 if ((msg.rm_reply.rp_stat == MSG_ACCEPTED) && 1259 (msg.acpted_rply.ar_stat == SUCCESS)) { 1260 raddr.sin_port = htons((uint16_t)rmtcr_port); 1261 dom = domain_find(msg.rm_xid); 1262 if (dom != NULL) 1263 (void)rpc_received(dom->dom_name, &raddr, 0, 0); 1264 } 1265 } 1266 xdr.x_op = XDR_FREE; 1267 msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_void; 1268 xdr_destroy(&xdr); 1269 1270 return RPC_SUCCESS; 1271 } 1272 1273 /* 1274 * Receive and dispatch packets on the ping socket. 1275 */ 1276 static enum clnt_stat 1277 handle_ping(void) 1278 { 1279 char buf[BUFSIZE]; 1280 socklen_t fromlen; 1281 ssize_t inlen; 1282 struct domain *dom; 1283 struct sockaddr_in raddr; 1284 struct rpc_msg msg; 1285 XDR xdr; 1286 bool_t res; 1287 1288 recv_again: 1289 DPRINTF("handle_ping receiving\n"); 1290 (void)memset(&xdr, 0, sizeof(xdr)); 1291 (void)memset(&msg, 0, sizeof(msg)); 1292 msg.acpted_rply.ar_verf = _null_auth; 1293 msg.acpted_rply.ar_results.where = (caddr_t)(void *)&res; 1294 msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_bool; 1295 1296 try_again: 1297 fromlen = sizeof (struct sockaddr); 1298 inlen = recvfrom(pingsock, buf, sizeof buf, 0, 1299 (struct sockaddr *)(void *)&raddr, &fromlen); 1300 if (inlen < 0) { 1301 if (errno == EINTR) 1302 goto try_again; 1303 DPRINTF("handle_ping: recvfrom failed (%s)\n", 1304 strerror(errno)); 1305 return RPC_CANTRECV; 1306 } 1307 if ((size_t)inlen < sizeof(uint32_t)) 1308 goto recv_again; 1309 1310 /* 1311 * see if reply transaction id matches sent id. 1312 * If so, decode the results. 1313 */ 1314 xdrmem_create(&xdr, buf, (unsigned)inlen, XDR_DECODE); 1315 if (xdr_replymsg(&xdr, &msg)) { 1316 if ((msg.rm_reply.rp_stat == MSG_ACCEPTED) && 1317 (msg.acpted_rply.ar_stat == SUCCESS)) { 1318 dom = domain_find(msg.rm_xid); 1319 if (dom != NULL) 1320 (void)rpc_received(dom->dom_name, &raddr, 0, 0); 1321 } 1322 } 1323 xdr.x_op = XDR_FREE; 1324 msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_void; 1325 xdr_destroy(&xdr); 1326 1327 return RPC_SUCCESS; 1328 } 1329 1330 /* 1331 * Contact all known servers for a domain in the hopes that one of 1332 * them's awake. Also, if we previously had a binding but it timed 1333 * out, try the portmapper on that host in case ypserv moved ports for 1334 * some reason. 1335 * 1336 * As a side effect, wipe out any existing binding file. 1337 */ 1338 static int 1339 nag_servers(struct domain *dom) 1340 { 1341 char *dom_name = dom->dom_name; 1342 struct rpc_msg msg; 1343 char buf[BUFSIZE]; 1344 enum clnt_stat st; 1345 int outlen; 1346 AUTH *rpcua; 1347 XDR xdr; 1348 1349 DPRINTF("nag_servers\n"); 1350 rmtca.xdr_args = (xdrproc_t)xdr_ypdomain_wrap_string; 1351 rmtca.args_ptr = (caddr_t)(void *)&dom_name; 1352 1353 (void)memset(&xdr, 0, sizeof xdr); 1354 (void)memset(&msg, 0, sizeof msg); 1355 1356 rpcua = authunix_create_default(); 1357 if (rpcua == NULL) { 1358 DPRINTF("cannot get unix auth\n"); 1359 return RPC_SYSTEMERROR; 1360 } 1361 msg.rm_direction = CALL; 1362 msg.rm_call.cb_rpcvers = RPC_MSG_VERSION; 1363 msg.rm_call.cb_prog = PMAPPROG; 1364 msg.rm_call.cb_vers = PMAPVERS; 1365 msg.rm_call.cb_proc = PMAPPROC_CALLIT; 1366 msg.rm_call.cb_cred = rpcua->ah_cred; 1367 msg.rm_call.cb_verf = rpcua->ah_verf; 1368 1369 msg.rm_xid = dom->dom_xid; 1370 xdrmem_create(&xdr, buf, (unsigned)sizeof(buf), XDR_ENCODE); 1371 if (!xdr_callmsg(&xdr, &msg)) { 1372 st = RPC_CANTENCODEARGS; 1373 AUTH_DESTROY(rpcua); 1374 return st; 1375 } 1376 if (!xdr_rmtcall_args(&xdr, &rmtca)) { 1377 st = RPC_CANTENCODEARGS; 1378 AUTH_DESTROY(rpcua); 1379 return st; 1380 } 1381 outlen = (int)xdr_getpos(&xdr); 1382 xdr_destroy(&xdr); 1383 if (outlen < 1) { 1384 st = RPC_CANTENCODEARGS; 1385 AUTH_DESTROY(rpcua); 1386 return st; 1387 } 1388 AUTH_DESTROY(rpcua); 1389 1390 if (dom->dom_lockfd != -1) { 1391 (void)close(dom->dom_lockfd); 1392 dom->dom_lockfd = -1; 1393 removelock(dom); 1394 } 1395 1396 if (dom->dom_state == DOM_PINGING || dom->dom_state == DOM_LOST) { 1397 /* 1398 * This resolves the following situation: 1399 * ypserver on other subnet was once bound, 1400 * but rebooted and is now using a different port 1401 */ 1402 struct sockaddr_in bindsin; 1403 1404 (void)memset(&bindsin, 0, sizeof bindsin); 1405 bindsin.sin_family = AF_INET; 1406 bindsin.sin_len = sizeof(bindsin); 1407 bindsin.sin_port = htons(PMAPPORT); 1408 bindsin.sin_addr = dom->dom_server_addr.sin_addr; 1409 1410 if (sendto(rpcsock, buf, outlen, 0, 1411 (struct sockaddr *)(void *)&bindsin, 1412 (socklen_t)sizeof bindsin) == -1) 1413 yp_log(LOG_WARNING, "nag_servers: sendto: %s", 1414 strerror(errno)); 1415 } 1416 1417 switch (dom->dom_ypbindmode) { 1418 case YPBIND_BROADCAST: 1419 if (dom->dom_been_ypset) { 1420 return direct_set(buf, outlen, dom); 1421 } 1422 return broadcast(buf, outlen); 1423 1424 case YPBIND_DIRECT: 1425 return direct(buf, outlen, dom); 1426 } 1427 /*NOTREACHED*/ 1428 return -1; 1429 } 1430 1431 /* 1432 * Send a ping message to a domain's current ypserver. 1433 */ 1434 static int 1435 ping(struct domain *dom) 1436 { 1437 char *dom_name = dom->dom_name; 1438 struct rpc_msg msg; 1439 char buf[BUFSIZE]; 1440 enum clnt_stat st; 1441 int outlen; 1442 AUTH *rpcua; 1443 XDR xdr; 1444 1445 (void)memset(&xdr, 0, sizeof xdr); 1446 (void)memset(&msg, 0, sizeof msg); 1447 1448 rpcua = authunix_create_default(); 1449 if (rpcua == NULL) { 1450 DPRINTF("cannot get unix auth\n"); 1451 return RPC_SYSTEMERROR; 1452 } 1453 1454 msg.rm_direction = CALL; 1455 msg.rm_call.cb_rpcvers = RPC_MSG_VERSION; 1456 msg.rm_call.cb_prog = YPPROG; 1457 msg.rm_call.cb_vers = YPVERS; 1458 msg.rm_call.cb_proc = YPPROC_DOMAIN_NONACK; 1459 msg.rm_call.cb_cred = rpcua->ah_cred; 1460 msg.rm_call.cb_verf = rpcua->ah_verf; 1461 1462 msg.rm_xid = dom->dom_xid; 1463 xdrmem_create(&xdr, buf, (unsigned)sizeof(buf), XDR_ENCODE); 1464 if (!xdr_callmsg(&xdr, &msg)) { 1465 st = RPC_CANTENCODEARGS; 1466 AUTH_DESTROY(rpcua); 1467 return st; 1468 } 1469 if (!xdr_ypdomain_wrap_string(&xdr, &dom_name)) { 1470 st = RPC_CANTENCODEARGS; 1471 AUTH_DESTROY(rpcua); 1472 return st; 1473 } 1474 outlen = (int)xdr_getpos(&xdr); 1475 xdr_destroy(&xdr); 1476 if (outlen < 1) { 1477 st = RPC_CANTENCODEARGS; 1478 AUTH_DESTROY(rpcua); 1479 return st; 1480 } 1481 AUTH_DESTROY(rpcua); 1482 1483 DPRINTF("ping %x\n", dom->dom_server_addr.sin_addr.s_addr); 1484 1485 if (sendto(pingsock, buf, outlen, 0, 1486 (struct sockaddr *)(void *)&dom->dom_server_addr, 1487 (socklen_t)(sizeof dom->dom_server_addr)) == -1) 1488 yp_log(LOG_WARNING, "ping: sendto: %s", strerror(errno)); 1489 return 0; 1490 1491 } 1492 1493 /* 1494 * Scan for timer-based work to do. 1495 * 1496 * If the domain is currently alive, ping the server we're currently 1497 * bound to. Otherwise, try all known servers and/or broadcast for a 1498 * server via nag_servers. 1499 * 1500 * Try again in five seconds. 1501 * 1502 * If we get back here and the state is still DOM_PINGING, it means 1503 * we didn't receive a ping response within five seconds. Declare the 1504 * binding lost. If the binding is already lost, and it's been lost 1505 * for 60 seconds, switch to DOM_DEAD and begin exponential backoff. 1506 * The exponential backoff starts at 10 seconds and tops out at one 1507 * hour; see above. 1508 */ 1509 static void 1510 checkwork(void) 1511 { 1512 struct domain *dom; 1513 time_t t; 1514 1515 check = 0; 1516 1517 (void)time(&t); 1518 for (dom = domains; dom != NULL; dom = dom->dom_next) { 1519 if (dom->dom_checktime >= t) { 1520 continue; 1521 } 1522 switch (dom->dom_state) { 1523 case DOM_NEW: 1524 /* XXX should be a timeout for this state */ 1525 dom->dom_checktime = t + 5; 1526 (void)nag_servers(dom); 1527 break; 1528 1529 case DOM_ALIVE: 1530 dom->dom_state = DOM_PINGING; 1531 dom->dom_checktime = t + 5; 1532 (void)ping(dom); 1533 break; 1534 1535 case DOM_PINGING: 1536 dom->dom_state = DOM_LOST; 1537 dom->dom_losttime = t; 1538 dom->dom_checktime = t + 5; 1539 yp_log(LOG_NOTICE, "Domain %s lost its binding to " 1540 "server %s", dom->dom_name, 1541 inet_ntoa(dom->dom_server_addr.sin_addr)); 1542 (void)nag_servers(dom); 1543 break; 1544 1545 case DOM_LOST: 1546 if (t > dom->dom_losttime + 60) { 1547 dom->dom_state = DOM_DEAD; 1548 dom->dom_backofftime = 10; 1549 yp_log(LOG_NOTICE, "Domain %s dead; " 1550 "going to exponential backoff", 1551 dom->dom_name); 1552 } 1553 dom->dom_checktime = t + 5; 1554 (void)nag_servers(dom); 1555 break; 1556 1557 case DOM_DEAD: 1558 dom->dom_checktime = t + dom->dom_backofftime; 1559 backoff(&dom->dom_backofftime); 1560 (void)nag_servers(dom); 1561 break; 1562 } 1563 /* re-fetch the time in case we hung sending packets */ 1564 (void)time(&t); 1565 } 1566 } 1567 1568 /* 1569 * Process a hangup signal. 1570 * 1571 * Do an extra nag_servers() for any domains that are DEAD. This way 1572 * if you know things are back up you can restore service by sending 1573 * ypbind a SIGHUP rather than waiting for the timeout period. 1574 */ 1575 static void 1576 dohup(void) 1577 { 1578 struct domain *dom; 1579 1580 hupped = 0; 1581 for (dom = domains; dom != NULL; dom = dom->dom_next) { 1582 if (dom->dom_state == DOM_DEAD) { 1583 (void)nag_servers(dom); 1584 } 1585 } 1586 } 1587 1588 /* 1589 * Receive a hangup signal. 1590 */ 1591 static void 1592 hup(int __unused sig) 1593 { 1594 hupped = 1; 1595 } 1596 1597 /* 1598 * Initialize hangup processing. 1599 */ 1600 static void 1601 starthup(void) 1602 { 1603 struct sigaction sa; 1604 1605 sa.sa_handler = hup; 1606 sigemptyset(&sa.sa_mask); 1607 sa.sa_flags = SA_RESTART; 1608 if (sigaction(SIGHUP, &sa, NULL) == -1) { 1609 err(1, "sigaction"); 1610 } 1611 } 1612 1613 //////////////////////////////////////////////////////////// 1614 // main 1615 1616 /* 1617 * Usage message. 1618 */ 1619 __dead static void 1620 usage(void) 1621 { 1622 const char *opt = ""; 1623 #ifdef DEBUG 1624 opt = " [-d]"; 1625 #endif 1626 1627 (void)fprintf(stderr, 1628 "Usage: %s [-broadcast] [-insecure] [-ypset] [-ypsetme]%s\n", 1629 getprogname(), opt); 1630 exit(1); 1631 } 1632 1633 /* 1634 * Main. 1635 */ 1636 int 1637 main(int argc, char *argv[]) 1638 { 1639 struct timeval tv; 1640 fd_set fdsr; 1641 int width, lockfd; 1642 int started = 0; 1643 char *domainname; 1644 1645 setprogname(argv[0]); 1646 1647 /* 1648 * Process arguments. 1649 */ 1650 1651 default_ypbindmode = YPBIND_DIRECT; 1652 while (--argc) { 1653 ++argv; 1654 if (!strcmp("-insecure", *argv)) { 1655 insecure = 1; 1656 } else if (!strcmp("-ypset", *argv)) { 1657 allow_any_ypset = 1; 1658 allow_local_ypset = 1; 1659 } else if (!strcmp("-ypsetme", *argv)) { 1660 allow_any_ypset = 0; 1661 allow_local_ypset = 1; 1662 } else if (!strcmp("-broadcast", *argv)) { 1663 default_ypbindmode = YPBIND_BROADCAST; 1664 #ifdef DEBUG 1665 } else if (!strcmp("-d", *argv)) { 1666 debug = 1; 1667 #endif 1668 } else { 1669 usage(); 1670 } 1671 } 1672 1673 /* 1674 * Look up the name of the default domain. 1675 */ 1676 1677 (void)yp_get_default_domain(&domainname); 1678 if (domainname[0] == '\0') 1679 errx(1, "Domainname not set. Aborting."); 1680 if (_yp_invalid_domain(domainname)) 1681 errx(1, "Invalid domainname: %s", domainname); 1682 1683 /* 1684 * Start things up. 1685 */ 1686 1687 /* Open the system log. */ 1688 openlog("ypbind", LOG_PERROR | LOG_PID, LOG_DAEMON); 1689 1690 /* Acquire /var/run/ypbind.lock. */ 1691 lockfd = open_locked(_PATH_YPBIND_LOCK, O_CREAT|O_RDWR|O_TRUNC, 0644); 1692 if (lockfd == -1) 1693 err(1, "Cannot create %s", _PATH_YPBIND_LOCK); 1694 1695 /* Accept hangups. */ 1696 starthup(); 1697 1698 /* Initialize sunrpc stuff. */ 1699 sunrpc_setup(); 1700 1701 /* Clean out BINDINGDIR, deleting all existing (now stale) bindings */ 1702 if (purge_bindingdir(BINDINGDIR) < 0) 1703 errx(1, "Unable to purge old bindings from %s", BINDINGDIR); 1704 1705 /* 1706 * We start with one binding, for the default domain. It starts 1707 * out "unsuccessful". 1708 */ 1709 1710 if (domain_create(domainname) == NULL) 1711 err(1, "initial domain binding failed"); 1712 1713 /* 1714 * Delete the lock for the default domain again, just in case something 1715 * magically caused it to appear since purge_bindingdir() was called. 1716 * XXX: this is useless and redundant; remove it. 1717 */ 1718 removelock(domains); 1719 1720 /* 1721 * Main loop. Wake up at least once a second and check for 1722 * timer-based work to do (checkwork) and also handle incoming 1723 * responses from ypservers and any RPCs made to the ypbind 1724 * service. 1725 * 1726 * There are two sockets used for ypserver traffic: one for 1727 * pings and one for everything else. These call XDR manually 1728 * for encoding and are *not* dispatched via the sunrpc 1729 * libraries. 1730 * 1731 * The ypbind serivce *is* dispatched via the sunrpc libraries. 1732 * svc_getreqset() does whatever internal muck and ultimately 1733 * ypbind service calls arrive at ypbindprog_2(). 1734 */ 1735 checkwork(); 1736 for (;;) { 1737 width = svc_maxfd; 1738 if (rpcsock > width) 1739 width = rpcsock; 1740 if (pingsock > width) 1741 width = pingsock; 1742 width++; 1743 fdsr = svc_fdset; 1744 FD_SET(rpcsock, &fdsr); 1745 FD_SET(pingsock, &fdsr); 1746 tv.tv_sec = 1; 1747 tv.tv_usec = 0; 1748 1749 switch (select(width, &fdsr, NULL, NULL, &tv)) { 1750 case 0: 1751 /* select timed out - check for timer-based work */ 1752 if (hupped) { 1753 dohup(); 1754 } 1755 checkwork(); 1756 break; 1757 case -1: 1758 if (hupped) { 1759 dohup(); 1760 } 1761 if (errno != EINTR) { 1762 yp_log(LOG_WARNING, "select: %s", 1763 strerror(errno)); 1764 } 1765 break; 1766 default: 1767 if (hupped) { 1768 dohup(); 1769 } 1770 /* incoming of our own; read it */ 1771 if (FD_ISSET(rpcsock, &fdsr)) 1772 (void)handle_replies(); 1773 if (FD_ISSET(pingsock, &fdsr)) 1774 (void)handle_ping(); 1775 1776 /* read any incoming packets for the ypbind service */ 1777 svc_getreqset(&fdsr); 1778 1779 /* 1780 * Only check for timer-based work if 1781 * something in the incoming RPC logic said 1782 * to. This might be just a hack to avoid 1783 * scanning the list unnecessarily, but I 1784 * suspect it's also a hack to cover wrong 1785 * state logic. - dholland 20140609 1786 */ 1787 if (check) 1788 checkwork(); 1789 break; 1790 } 1791 1792 /* 1793 * Defer daemonizing until the default domain binds 1794 * successfully. XXX: there seems to be no timeout 1795 * on this, which means that if the default domain 1796 * is dead upstream boot will hang indefinitely. 1797 */ 1798 if (!started && domains->dom_state == DOM_ALIVE) { 1799 started = 1; 1800 #ifdef DEBUG 1801 if (!debug) 1802 #endif 1803 (void)daemon(0, 0); 1804 (void)pidfile(NULL); 1805 } 1806 } 1807 } 1808