1 /* $OpenBSD: krpc_subr.c,v 1.38 2023/08/03 09:49:09 mvs Exp $ */ 2 /* $NetBSD: krpc_subr.c,v 1.12.4.1 1996/06/07 00:52:26 cgd Exp $ */ 3 4 /* 5 * Copyright (c) 1995 Gordon Ross, Adam Glass 6 * Copyright (c) 1992 Regents of the University of California. 7 * All rights reserved. 8 * 9 * This software was developed by the Computer Systems Engineering group 10 * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and 11 * contributed to Berkeley. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. All advertising materials mentioning features or use of this software 22 * must display the following acknowledgement: 23 * This product includes software developed by the University of 24 * California, Lawrence Berkeley Laboratory and its contributors. 25 * 4. Neither the name of the University nor the names of its contributors 26 * may be used to endorse or promote products derived from this software 27 * without specific prior written permission. 28 * 29 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 32 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 39 * SUCH DAMAGE. 40 * 41 * partially based on: 42 * libnetboot/rpc.c 43 * @(#) Header: rpc.c,v 1.12 93/09/28 08:31:56 leres Exp (LBL) 44 */ 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/conf.h> 49 #include <sys/ioctl.h> 50 #include <sys/proc.h> 51 #include <sys/mount.h> 52 #include <sys/mbuf.h> 53 #include <sys/reboot.h> 54 #include <sys/socket.h> 55 #include <sys/socketvar.h> 56 57 #include <netinet/in.h> 58 59 #include <nfs/rpcv2.h> 60 #include <nfs/krpc.h> 61 #include <nfs/xdr_subs.h> 62 #include <crypto/idgen.h> 63 64 /* 65 * Kernel support for Sun RPC 66 * 67 * Used currently for bootstrapping in nfs diskless configurations. 68 */ 69 70 /* 71 * Generic RPC headers 72 */ 73 74 struct auth_info { 75 u_int32_t authtype; /* auth type */ 76 u_int32_t authlen; /* auth length */ 77 }; 78 79 struct auth_unix { 80 int32_t ua_time; 81 int32_t ua_hostname; /* null */ 82 int32_t ua_uid; 83 int32_t ua_gid; 84 int32_t ua_gidlist; /* null */ 85 }; 86 87 struct rpc_call { 88 u_int32_t rp_xid; /* request transaction id */ 89 int32_t rp_direction; /* call direction (0) */ 90 u_int32_t rp_rpcvers; /* rpc version (2) */ 91 u_int32_t rp_prog; /* program */ 92 u_int32_t rp_vers; /* version */ 93 u_int32_t rp_proc; /* procedure */ 94 struct auth_info rpc_auth; 95 struct auth_unix rpc_unix; 96 struct auth_info rpc_verf; 97 }; 98 99 struct rpc_reply { 100 u_int32_t rp_xid; /* request transaction id */ 101 int32_t rp_direction; /* call direction (1) */ 102 int32_t rp_astatus; /* accept status (0: accepted) */ 103 union { 104 u_int32_t rpu_errno; 105 struct { 106 struct auth_info rok_auth; 107 u_int32_t rok_status; 108 } rpu_rok; 109 } rp_u; 110 }; 111 #define rp_errno rp_u.rpu_errno 112 #define rp_auth rp_u.rpu_rok.rok_auth 113 #define rp_status rp_u.rpu_rok.rok_status 114 115 #define MIN_REPLY_HDR 16 /* xid, dir, astat, errno */ 116 117 u_int32_t krpc_get_xid(void); 118 119 /* 120 * Return an unpredictable XID. 121 */ 122 u_int32_t 123 krpc_get_xid(void) 124 { 125 static struct idgen32_ctx krpc_xid_ctx; 126 static int called = 0; 127 128 if (!called) { 129 called = 1; 130 idgen32_init(&krpc_xid_ctx); 131 } 132 return idgen32(&krpc_xid_ctx); 133 } 134 135 /* 136 * What is the longest we will wait before re-sending a request? 137 * Note this is also the frequency of "RPC timeout" messages. 138 * The re-send loop count sup linearly to this maximum, so the 139 * first complaint will happen after (1+2+3+4+5)=15 seconds. 140 */ 141 #define MAX_RESEND_DELAY 5 /* seconds */ 142 143 /* 144 * Call portmap to lookup a port number for a particular rpc program 145 * Returns non-zero error on failure. 146 */ 147 int 148 krpc_portmap(struct sockaddr_in *sin, u_int prog, u_int vers, u_int16_t *portp) 149 { 150 struct sdata { 151 u_int32_t prog; /* call program */ 152 u_int32_t vers; /* call version */ 153 u_int32_t proto; /* call protocol */ 154 u_int32_t port; /* call port (unused) */ 155 } *sdata; 156 struct rdata { 157 u_int16_t pad; 158 u_int16_t port; 159 } *rdata; 160 struct mbuf *m; 161 int error; 162 163 /* The portmapper port is fixed. */ 164 if (prog == PMAPPROG) { 165 *portp = htons(PMAPPORT); 166 return 0; 167 } 168 169 m = m_get(M_WAIT, MT_DATA); 170 sdata = mtod(m, struct sdata *); 171 m->m_len = sizeof(*sdata); 172 173 /* Do the RPC to get it. */ 174 sdata->prog = txdr_unsigned(prog); 175 sdata->vers = txdr_unsigned(vers); 176 sdata->proto = txdr_unsigned(IPPROTO_UDP); 177 sdata->port = 0; 178 179 sin->sin_port = htons(PMAPPORT); 180 error = krpc_call(sin, PMAPPROG, PMAPVERS, 181 PMAPPROC_GETPORT, &m, NULL, -1); 182 if (error) 183 return error; 184 185 if (m->m_len < sizeof(*rdata)) { 186 m = m_pullup(m, sizeof(*rdata)); 187 if (m == NULL) 188 return ENOBUFS; 189 } 190 rdata = mtod(m, struct rdata *); 191 *portp = rdata->port; 192 193 m_freem(m); 194 return 0; 195 } 196 197 /* 198 * Do a remote procedure call (RPC) and wait for its reply. 199 * If from_p is non-null, then we are doing broadcast, and 200 * the address from whence the response came is saved there. 201 * data: input/output 202 * from_p: output 203 */ 204 int 205 krpc_call(struct sockaddr_in *sa, u_int prog, u_int vers, u_int func, 206 struct mbuf **data, struct mbuf **from_p, int retries) 207 { 208 struct socket *so; 209 struct sockaddr_in *sin; 210 struct mbuf *m, *nam, *mhead, *from, *mopt; 211 struct rpc_call *call; 212 struct rpc_reply *reply; 213 struct uio auio; 214 int error, rcvflg, timo, secs, len, authlen; 215 static u_int32_t xid = 0; 216 char addr[INET_ADDRSTRLEN]; 217 int *ip; 218 struct timeval tv; 219 220 /* 221 * Validate address family. 222 * Sorry, this is INET specific... 223 */ 224 if (sa->sin_family != AF_INET) 225 return (EAFNOSUPPORT); 226 227 /* Free at end if not null. */ 228 nam = mhead = NULL; 229 from = NULL; 230 231 /* 232 * Create socket and set its receive timeout. 233 */ 234 if ((error = socreate(AF_INET, &so, SOCK_DGRAM, 0))) 235 goto out; 236 237 m = m_get(M_WAIT, MT_SOOPTS); 238 tv.tv_sec = 1; 239 tv.tv_usec = 0; 240 memcpy(mtod(m, struct timeval *), &tv, sizeof tv); 241 m->m_len = sizeof(tv); 242 error = sosetopt(so, SOL_SOCKET, SO_RCVTIMEO, m); 243 m_freem(m); 244 if (error) 245 goto out; 246 247 /* 248 * Enable broadcast if necessary. 249 */ 250 if (from_p) { 251 int32_t *on; 252 m = m_get(M_WAIT, MT_SOOPTS); 253 on = mtod(m, int32_t *); 254 m->m_len = sizeof(*on); 255 *on = 1; 256 error = sosetopt(so, SOL_SOCKET, SO_BROADCAST, m); 257 m_freem(m); 258 if (error) 259 goto out; 260 } 261 262 /* 263 * Bind the local endpoint to a reserved port, 264 * because some NFS servers refuse requests from 265 * non-reserved (non-privileged) ports. 266 */ 267 MGET(mopt, M_WAIT, MT_SOOPTS); 268 mopt->m_len = sizeof(int); 269 ip = mtod(mopt, int *); 270 *ip = IP_PORTRANGE_LOW; 271 error = sosetopt(so, IPPROTO_IP, IP_PORTRANGE, mopt); 272 m_freem(mopt); 273 if (error) 274 goto out; 275 276 MGET(m, M_WAIT, MT_SONAME); 277 sin = mtod(m, struct sockaddr_in *); 278 memset(sin, 0, sizeof(*sin)); 279 sin->sin_len = m->m_len = sizeof(struct sockaddr_in); 280 sin->sin_family = AF_INET; 281 sin->sin_addr.s_addr = INADDR_ANY; 282 sin->sin_port = htons(0); 283 solock(so); 284 error = sobind(so, m, &proc0); 285 sounlock(so); 286 m_freem(m); 287 if (error) { 288 printf("bind failed\n"); 289 goto out; 290 } 291 292 MGET(mopt, M_WAIT, MT_SOOPTS); 293 mopt->m_len = sizeof(int); 294 ip = mtod(mopt, int *); 295 *ip = IP_PORTRANGE_DEFAULT; 296 error = sosetopt(so, IPPROTO_IP, IP_PORTRANGE, mopt); 297 m_freem(mopt); 298 if (error) 299 goto out; 300 301 /* 302 * Setup socket address for the server. 303 */ 304 nam = m_get(M_WAIT, MT_SONAME); 305 sin = mtod(nam, struct sockaddr_in *); 306 bcopy(sa, sin, (nam->m_len = sa->sin_len)); 307 308 /* 309 * Prepend RPC message header. 310 */ 311 mhead = m_gethdr(M_WAIT, MT_DATA); 312 mhead->m_next = *data; 313 call = mtod(mhead, struct rpc_call *); 314 mhead->m_len = sizeof(*call); 315 memset(call, 0, sizeof(*call)); 316 /* rpc_call part */ 317 xid = krpc_get_xid(); 318 call->rp_xid = txdr_unsigned(xid); 319 /* call->rp_direction = 0; */ 320 call->rp_rpcvers = txdr_unsigned(2); 321 call->rp_prog = txdr_unsigned(prog); 322 call->rp_vers = txdr_unsigned(vers); 323 call->rp_proc = txdr_unsigned(func); 324 /* rpc_auth part (auth_unix as root) */ 325 call->rpc_auth.authtype = txdr_unsigned(RPCAUTH_UNIX); 326 call->rpc_auth.authlen = txdr_unsigned(sizeof(struct auth_unix)); 327 /* rpc_verf part (auth_null) */ 328 call->rpc_verf.authtype = 0; 329 call->rpc_verf.authlen = 0; 330 331 /* 332 * Setup packet header 333 */ 334 m_calchdrlen(mhead); 335 mhead->m_pkthdr.ph_ifidx = 0; 336 337 /* 338 * Send it, repeatedly, until a reply is received, 339 * but delay each re-send by an increasing amount. 340 * If the delay hits the maximum, start complaining. 341 */ 342 for (timo = 0; retries; retries--) { 343 /* Send RPC request (or re-send). */ 344 m = m_copym(mhead, 0, M_COPYALL, M_WAIT); 345 if (m == NULL) { 346 error = ENOBUFS; 347 goto out; 348 } 349 error = sosend(so, nam, NULL, m, NULL, 0); 350 if (error) { 351 printf("krpc_call: sosend: %d\n", error); 352 goto out; 353 } 354 m = NULL; 355 356 /* Determine new timeout. */ 357 if (timo < MAX_RESEND_DELAY) 358 timo++; 359 else 360 printf("RPC timeout for server %s (0x%x) prog %u\n", 361 inet_ntop(AF_INET, &sin->sin_addr, 362 addr, sizeof(addr)), 363 ntohl(sin->sin_addr.s_addr), prog); 364 365 /* 366 * Wait for up to timo seconds for a reply. 367 * The socket receive timeout was set to 1 second. 368 */ 369 secs = timo; 370 while (secs > 0) { 371 m_freem(from); 372 from = NULL; 373 374 m_freem(m); 375 m = NULL; 376 377 auio.uio_resid = len = 1<<16; 378 auio.uio_procp = NULL; 379 rcvflg = 0; 380 error = soreceive(so, &from, &auio, &m, NULL, &rcvflg, 381 0); 382 if (error == EWOULDBLOCK) { 383 secs--; 384 continue; 385 } 386 if (error) 387 goto out; 388 len -= auio.uio_resid; 389 390 /* Does the reply contain at least a header? */ 391 if (len < MIN_REPLY_HDR) 392 continue; 393 if (m->m_len < MIN_REPLY_HDR) 394 continue; 395 reply = mtod(m, struct rpc_reply *); 396 397 /* Is it the right reply? */ 398 if (reply->rp_direction != txdr_unsigned(RPC_REPLY)) 399 continue; 400 401 if (reply->rp_xid != txdr_unsigned(xid)) 402 continue; 403 404 /* Was RPC accepted? (authorization OK) */ 405 if (reply->rp_astatus != 0) { 406 error = fxdr_unsigned(u_int32_t, reply->rp_errno); 407 printf("rpc denied, error=%d\n", error); 408 continue; 409 } 410 411 /* Did the call succeed? */ 412 if (reply->rp_status != 0) { 413 error = fxdr_unsigned(u_int32_t, reply->rp_status); 414 printf("rpc denied, status=%d\n", error); 415 continue; 416 } 417 418 goto gotreply; /* break two levels */ 419 420 } /* while secs */ 421 } /* forever send/receive */ 422 423 error = ETIMEDOUT; 424 goto out; 425 426 gotreply: 427 428 /* 429 * Get RPC reply header into first mbuf, 430 * get its length, then strip it off. 431 */ 432 len = sizeof(*reply); 433 KASSERT(m->m_flags & M_PKTHDR); 434 if (m->m_pkthdr.len < len) { 435 error = EBADRPC; 436 goto out; 437 } 438 if (m->m_len < len) { 439 m = m_pullup(m, len); 440 if (m == NULL) { 441 error = ENOBUFS; 442 goto out; 443 } 444 } 445 reply = mtod(m, struct rpc_reply *); 446 if (reply->rp_auth.authtype != 0) { 447 authlen = fxdr_unsigned(u_int32_t, reply->rp_auth.authlen); 448 if (authlen < 0 || authlen > RPCAUTH_MAXSIZ) { 449 error = EBADRPC; 450 goto out; 451 } 452 len += (authlen + 3) & ~3; /* XXX? */ 453 } 454 if (len < 0 || m->m_pkthdr.len < len) { 455 error = EBADRPC; 456 goto out; 457 } 458 m_adj(m, len); 459 460 /* result */ 461 *data = m; 462 if (from_p && error == 0) { 463 *from_p = from; 464 from = NULL; 465 } 466 467 out: 468 m_freem(nam); 469 m_freem(mhead); 470 m_freem(from); 471 soclose(so, 0); 472 return error; 473 } 474 475 /* 476 * eXternal Data Representation routines. 477 * (but with non-standard args...) 478 */ 479 480 /* 481 * String representation for RPC. 482 */ 483 struct xdr_string { 484 u_int32_t len; /* length without null or padding */ 485 char data[4]; /* data (longer, of course) */ 486 /* data is padded to a long-word boundary */ 487 }; 488 489 struct mbuf * 490 xdr_string_encode(char *str, int len) 491 { 492 struct mbuf *m; 493 struct xdr_string *xs; 494 int dlen; /* padded string length */ 495 int mlen; /* message length */ 496 497 dlen = (len + 3) & ~3; 498 mlen = dlen + 4; 499 500 if (mlen > MCLBYTES) /* If too big, we just can't do it. */ 501 return (NULL); 502 503 m = m_get(M_WAIT, MT_DATA); 504 if (mlen > MLEN) { 505 MCLGET(m, M_WAIT); 506 if ((m->m_flags & M_EXT) == 0) { 507 (void) m_free(m); /* There can be only one. */ 508 return (NULL); 509 } 510 } 511 xs = mtod(m, struct xdr_string *); 512 m->m_len = mlen; 513 xs->len = txdr_unsigned(len); 514 bcopy(str, xs->data, len); 515 return (m); 516 } 517 518 struct mbuf * 519 xdr_string_decode(struct mbuf *m, char *str, int *len_p) 520 { 521 struct xdr_string *xs; 522 int mlen; /* message length */ 523 int slen; /* string length */ 524 525 mlen = sizeof(u_int32_t); 526 KASSERT(m->m_flags & M_PKTHDR); 527 if (m->m_pkthdr.len < mlen) { 528 m_freem(m); 529 return (NULL); 530 } 531 if (m->m_len < mlen) { 532 m = m_pullup(m, mlen); 533 if (m == NULL) 534 return (NULL); 535 } 536 xs = mtod(m, struct xdr_string *); 537 slen = fxdr_unsigned(u_int32_t, xs->len); 538 if (slen < 0 || slen > INT_MAX - 3 - mlen) { 539 m_freem(m); 540 return (NULL); 541 } 542 mlen += (slen + 3) & ~3; 543 544 if (slen > *len_p) 545 slen = *len_p; 546 if (m->m_pkthdr.len < mlen) { 547 m_freem(m); 548 return (NULL); 549 } 550 m_copydata(m, 4, slen, str); 551 m_adj(m, mlen); 552 553 str[slen] = '\0'; 554 *len_p = slen; 555 556 return (m); 557 } 558 559 560 /* 561 * Inet address in RPC messages 562 * (Note, really four ints, NOT chars. Blech.) 563 */ 564 struct xdr_inaddr { 565 u_int32_t atype; 566 u_int32_t addr[4]; 567 }; 568 569 struct mbuf * 570 xdr_inaddr_encode(struct in_addr *ia) 571 { 572 struct mbuf *m; 573 struct xdr_inaddr *xi; 574 u_int8_t *cp; 575 u_int32_t *ip; 576 577 m = m_get(M_WAIT, MT_DATA); 578 xi = mtod(m, struct xdr_inaddr *); 579 m->m_len = sizeof(*xi); 580 xi->atype = txdr_unsigned(1); 581 ip = xi->addr; 582 cp = (u_int8_t *)&ia->s_addr; 583 *ip++ = txdr_unsigned(*cp++); 584 *ip++ = txdr_unsigned(*cp++); 585 *ip++ = txdr_unsigned(*cp++); 586 *ip++ = txdr_unsigned(*cp++); 587 588 return (m); 589 } 590 591 struct mbuf * 592 xdr_inaddr_decode(struct mbuf *m, struct in_addr *ia) 593 { 594 struct xdr_inaddr *xi; 595 u_int8_t *cp; 596 u_int32_t *ip; 597 598 if (m->m_len < sizeof(*xi)) { 599 m = m_pullup(m, sizeof(*xi)); 600 if (m == NULL) 601 return (NULL); 602 } 603 xi = mtod(m, struct xdr_inaddr *); 604 if (xi->atype != txdr_unsigned(1)) { 605 ia->s_addr = INADDR_ANY; 606 goto out; 607 } 608 ip = xi->addr; 609 cp = (u_int8_t *)&ia->s_addr; 610 *cp++ = fxdr_unsigned(u_int8_t, *ip++); 611 *cp++ = fxdr_unsigned(u_int8_t, *ip++); 612 *cp++ = fxdr_unsigned(u_int8_t, *ip++); 613 *cp++ = fxdr_unsigned(u_int8_t, *ip++); 614 615 out: 616 m_adj(m, sizeof(*xi)); 617 return (m); 618 } 619