2 * Copyright (c) 1990 The Regents of the University of California.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 "@(#) Copyright (c) 1990 The Regents of the University of California.\n\
37 All rights reserved.\n";
41 @(#)portmap.c 2.3 88/08/11 4.0 RPCSRC
42 static char sccsid[] = "@(#)portmap.c 1.32 87/08/06 Copyr 1984 Sun Micro";
46 * portmap.c, Implements the program,version to port number mapping for
51 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
52 * unrestricted use provided that this legend is included on all tape
53 * media and as a part of the software program in whole or part. Users
54 * may copy or modify Sun RPC without charge, but are not authorized
55 * to license or distribute it to anyone else except as part of a product or
56 * program developed by the user.
58 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
59 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
60 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
62 * Sun RPC is provided with no support and without any obligation on the
63 * part of Sun Microsystems, Inc. to assist in its use, correction,
64 * modification or enhancement.
66 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
67 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
68 * OR ANY PART THEREOF.
70 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
71 * or profits or other special, indirect and consequential damages, even if
72 * Sun has been advised of the possibility of such damages.
74 * Sun Microsystems, Inc.
76 * Mountain View, California 94043
80 #include <rpc/pmap_prot.h>
87 #include <sys/socket.h>
88 #include <sys/ioctl.h>
90 #include <sys/signal.h>
92 #include <sys/resource.h>
93 #include <sys/types.h>
95 #include <netinet/in.h>
97 #include <arpa/inet.h>
111 #if !defined(SIGCHLD) && defined(SIGCLD)
112 #define SIGCHLD SIGCLD
115 #ifndef svc_getcaller /* SYSV4 */
116 # define svc_getcaller svc_getrpccaller
119 static void reg_service(struct svc_req *rqstp, SVCXPRT *xprt);
120 #ifndef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */
121 static void reap(int);
123 static void callit(struct svc_req *rqstp, SVCXPRT *xprt);
124 struct pmaplist *pmaplist;
127 static void dump_table(void);
128 static void load_table(void);
130 #include "pmap_check.h"
133 * How desperate can one be. It is possible to prevent an attacker from
134 * manipulating your portmapper tables from outside with requests that
135 * contain spoofed source address information. The countermeasure is to
136 * force all rpc servers to register and unregister with the portmapper via
137 * the loopback network interface, instead of via the primary network
138 * interface that every host can talk to. For this countermeasure to work it
139 * is necessary to #define LOOPBACK_SETUNSET, to disable source routing in
140 * the kernel, and to modify libc so that get_myaddress() chooses the
141 * loopback interface address.
144 #ifdef LOOPBACK_SETUNSET
145 static SVCXPRT *ludpxprt, *ltcpxprt;
147 #ifndef INADDR_LOOPBACK
148 #define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1"))
153 int daemon_uid = DAEMON_UID;
154 int daemon_gid = DAEMON_GID;
161 * We record with each registration a flag telling whether it was
162 * registered with a privilege port or not.
163 * If it was, it can only be unregistered with a privileged port.
164 * So that we can still use standard pmap xdr routines, we store
165 * this flag in a structure wrapped around a pmaplist.
173 main(int argc, char **argv)
177 struct sockaddr_in addr;
178 int len = sizeof(struct sockaddr_in);
179 struct pmaplist *pml;
180 struct flagged_pml *fpml;
181 char *chroot_path = NULL;
182 struct in_addr bindaddr;
183 int have_bindaddr = 0;
187 while ((c = getopt(argc, argv, "Vdflt:vi:u:g:")) != EOF) {
191 printf("portmap version 6.0 - 2007-May-11\n");
195 daemon_uid = atoi(optarg);
196 if (daemon_uid <= 0) {
198 "portmap: illegal uid: %s\n", optarg);
204 daemon_gid = atoi(optarg);
205 if (daemon_gid <= 0) {
207 "portmap: illegal gid: %s\n", optarg);
219 chroot_path = optarg;
227 optarg = "127.0.0.1";
230 have_bindaddr = inet_aton(optarg, &bindaddr);
234 "usage: %s [-dflv] [-t dir] [-i address] "
235 "[-u uid] [-g gid]\n",
237 fprintf(stderr, "-d: debugging mode\n");
239 "-f: don't daemonize, log to standard error\n");
240 fprintf(stderr, "-t dir: chroot into dir\n");
241 fprintf(stderr, "-v: verbose logging\n");
242 fprintf(stderr, "-i address: bind to address\n");
243 fprintf(stderr, "-l: same as -i 127.0.0.1\n");
244 fprintf(stderr, "-u uid : setuid to this uid\n");
245 fprintf(stderr, "-g uid : setgid to this gid\n");
250 if (!foreground && daemon(0, 0)) {
251 (void) fprintf(stderr, "portmap: fork: %s", strerror(errno));
256 openlog("portmap", LOG_PID|LOG_NDELAY | ( foreground ? LOG_PERROR : 0),
259 openlog("portmap", LOG_PID|LOG_NDELAY | ( foreground ? LOG_PERROR : 0));
264 struct passwd *pwent;
265 pwent = getpwnam(RPCUSER);
267 daemon_uid = pwent->pw_uid;
268 daemon_gid = pwent->pw_gid;
270 syslog(LOG_WARNING, "user '" RPCUSER
271 "' not found, reverting to default uid");
275 if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
276 syslog(LOG_ERR, "cannot create udp socket: %m");
279 #ifdef LOOPBACK_SETUNSET
280 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
283 memset((char *) &addr, 0, sizeof(addr));
284 addr.sin_addr.s_addr = 0;
285 addr.sin_family = AF_INET;
286 addr.sin_port = htons(PMAPPORT);
288 memcpy(&addr.sin_addr, &bindaddr, sizeof(bindaddr));
290 if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
291 syslog(LOG_ERR, "cannot bind udp: %m");
295 if ((xprt = svcudp_create(sock)) == (SVCXPRT *)NULL) {
296 syslog(LOG_ERR, "couldn't do udp_create");
299 /* make an entry for ourself */
300 fpml = malloc(sizeof(struct flagged_pml));
303 pml->pml_next = NULL;
304 pml->pml_map.pm_prog = PMAPPROG;
305 pml->pml_map.pm_vers = PMAPVERS;
306 pml->pml_map.pm_prot = IPPROTO_UDP;
307 pml->pml_map.pm_port = PMAPPORT;
310 if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
311 syslog(LOG_ERR, "cannot create tcp socket: %m");
314 #ifdef LOOPBACK_SETUNSET
315 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
317 if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
318 syslog(LOG_ERR, "cannot bind tcp: %m");
321 if ((xprt = svctcp_create(sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE))
322 == (SVCXPRT *)NULL) {
323 syslog(LOG_ERR, "couldn't do tcp_create");
326 /* make an entry for ourself */
327 fpml = malloc(sizeof(struct flagged_pml));
330 pml->pml_map.pm_prog = PMAPPROG;
331 pml->pml_map.pm_vers = PMAPVERS;
332 pml->pml_map.pm_prot = IPPROTO_TCP;
333 pml->pml_map.pm_port = PMAPPORT;
334 pml->pml_next = pmaplist;
337 #ifdef LOOPBACK_SETUNSET
338 if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
339 syslog(LOG_ERR, "cannot create udp socket: %m");
342 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
344 addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
345 if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
346 syslog(LOG_ERR, "cannot bind udp: %m");
350 if ((ludpxprt = svcudp_create(sock)) == (SVCXPRT *)NULL) {
351 syslog(LOG_ERR, "couldn't do udp_create");
354 if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
355 syslog(LOG_ERR, "cannot create tcp socket: %m");
358 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
359 if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
360 syslog(LOG_ERR, "cannot bind tcp: %m");
363 if ((ltcpxprt = svctcp_create(sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE))
364 == (SVCXPRT *)NULL) {
365 syslog(LOG_ERR, "couldn't do tcp_create");
370 (void)svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE);
372 store_fd = open("/var/run/portmap_mapping", O_RDWR|O_CREAT, 0600);
375 /* additional initializations */
377 if (chroot(chroot_path) < 0) {
378 syslog(LOG_ERR, "couldn't do chroot");
383 #ifdef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */
384 (void)signal(SIGCHLD, SIG_IGN);
386 (void)signal(SIGCHLD, reap);
388 (void)signal(SIGPIPE, SIG_IGN);
390 syslog(LOG_ERR, "run_svc returned unexpectedly");
394 /* need to override perror calls in rpc library */
395 void perror(const char *what)
398 syslog(LOG_ERR, "%s: %m", what);
401 static struct pmaplist *
402 find_service(u_long prog, u_long vers, u_long prot)
404 struct pmaplist *hit = NULL;
405 struct pmaplist *pml;
407 for (pml = pmaplist; pml != NULL; pml = pml->pml_next) {
408 if ((pml->pml_map.pm_prog != prog) ||
409 (pml->pml_map.pm_prot != prot))
412 if (pml->pml_map.pm_vers == vers)
421 static void reg_service(struct svc_req *rqstp, SVCXPRT *xprt)
424 struct pmaplist *pml, *prevpml, *fnd;
425 struct flagged_pml *fpml;
430 * Later wrappers change the logging severity on the fly. Reset to
431 * defaults before handling the next request.
433 allow_severity = LOG_INFO;
434 deny_severity = LOG_WARNING;
437 (void) fprintf(stderr, "server: about do a switch\n");
438 switch (rqstp->rq_proc) {
444 /* remote host authorization check */
445 check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0);
446 if (!svc_sendreply(xprt, (xdrproc_t) xdr_void, (caddr_t)0)
454 * Set a program,version to port mapping
456 if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t)®))
459 /* reject non-local requests, protect priv. ports */
460 if (!CHECK_SETUNSET(xprt, ludpxprt, ltcpxprt,
461 rqstp->rq_proc, reg.pm_prog, reg.pm_port)) {
466 * check to see if already used
467 * find_service returns a hit even if
468 * the versions don't match, so check for it
470 fnd = find_service(reg.pm_prog, reg.pm_vers, reg.pm_prot);
471 if (fnd && fnd->pml_map.pm_vers == reg.pm_vers) {
472 if (fnd->pml_map.pm_port == reg.pm_port) {
484 fpml = (struct flagged_pml *)
485 malloc((u_int)sizeof(struct flagged_pml));
488 (ntohs(svc_getcaller(xprt)->sin_port)
496 for (fnd= pmaplist; fnd->pml_next != 0;
497 fnd = fnd->pml_next);
504 if ((!svc_sendreply(xprt, (xdrproc_t)xdr_int,
507 (void) fprintf(stderr, "svc_sendreply\n");
515 * Remove a program,version to port mapping.
517 if (!svc_getargs(xprt, (xdrproc_t)xdr_pmap, (caddr_t)®))
521 /* reject non-local requests */
522 if (!CHECK_SETUNSET(xprt, ludpxprt, ltcpxprt,
523 rqstp->rq_proc, reg.pm_prog, (u_long) 0))
525 for (prevpml = NULL, pml = pmaplist; pml != NULL; ) {
526 if ((pml->pml_map.pm_prog != reg.pm_prog) ||
527 (pml->pml_map.pm_vers != reg.pm_vers)) {
528 /* both pml & prevpml move forwards */
533 /* found it; pml moves forward, prevpml stays */
534 /* privileged port check */
535 if (!check_privileged_port(svc_getcaller(xprt),
538 pml->pml_map.pm_port)) {
542 fpml = (struct flagged_pml*)pml;
544 (ntohs(svc_getcaller(xprt)->sin_port)
545 >= IPPORT_RESERVED)) {
556 prevpml->pml_next = pml;
560 if ((!svc_sendreply(xprt, (xdrproc_t)xdr_int,
563 (void) fprintf(stderr, "svc_sendreply\n");
569 case PMAPPROC_GETPORT:
571 * Lookup the mapping for a program,version and return its port
573 if (!svc_getargs(xprt, (xdrproc_t)xdr_pmap, (caddr_t)®))
576 /* remote host authorization check */
577 if (!check_default(svc_getcaller(xprt),
583 fnd = find_service(reg.pm_prog, reg.pm_vers, reg.pm_prot);
585 port = fnd->pml_map.pm_port;
588 if ((!svc_sendreply(xprt, (xdrproc_t)xdr_int,
591 (void) fprintf(stderr, "svc_sendreply\n");
599 * Return the current set of mapped program,version
601 if (!svc_getargs(xprt, (xdrproc_t)xdr_void, NULL))
604 /* remote host authorization check */
606 if (!check_default(svc_getcaller(xprt),
607 rqstp->rq_proc, (u_long) 0)) {
608 p = 0; /* send empty list */
612 if ((!svc_sendreply(xprt, (xdrproc_t)xdr_pmaplist,
613 (caddr_t)&p)) && debugging) {
614 (void) fprintf(stderr, "svc_sendreply\n");
620 case PMAPPROC_CALLIT:
622 * Calls a procedure on the local machine. If the requested
623 * procedure is not registered this procedure does not return
624 * error information!!
625 * This procedure is only supported on rpc/udp and calls via
626 * rpc/udp. It passes null authentication parameters.
632 /* remote host authorization check */
633 check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0);
641 * Stuff for the rmtcall service
651 xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
654 return (xdr_bytes(xdrs, &(epp->args), &(epp->arglen), ARGSIZE));
662 struct encap_parms rmt_args;
666 xdr_rmtcall_args(XDR *xdrs, struct rmtcallargs *cap)
669 /* does not get a port number */
670 if (xdr_u_long(xdrs, &(cap->rmt_prog)) &&
671 xdr_u_long(xdrs, &(cap->rmt_vers)) &&
672 xdr_u_long(xdrs, &(cap->rmt_proc))) {
673 return (xdr_encap_parms(xdrs, &(cap->rmt_args)));
679 xdr_rmtcall_result(XDR *xdrs, struct rmtcallargs *cap)
681 if (xdr_u_long(xdrs, &(cap->rmt_port)))
682 return (xdr_encap_parms(xdrs, &(cap->rmt_args)));
687 * only worries about the struct encap_parms part of struct rmtcallargs.
688 * The arglen must already be set!!
691 xdr_opaque_parms(XDR *xdrs, struct rmtcallargs *cap)
694 return (xdr_opaque(xdrs, cap->rmt_args.args, cap->rmt_args.arglen));
698 * This routine finds and sets the length of incoming opaque paraters
699 * and then calls xdr_opaque_parms.
702 xdr_len_opaque_parms(XDR *xdrs, struct rmtcallargs *cap)
704 u_int beginpos, lowpos, highpos, currpos, pos;
706 beginpos = lowpos = pos = xdr_getpos(xdrs);
707 highpos = lowpos + ARGSIZE;
708 while ((int)(highpos - lowpos) >= 0) {
709 currpos = (lowpos + highpos) / 2;
710 if (xdr_setpos(xdrs, currpos)) {
712 lowpos = currpos + 1;
714 highpos = currpos - 1;
717 xdr_setpos(xdrs, beginpos);
718 cap->rmt_args.arglen = pos - beginpos;
719 return (xdr_opaque_parms(xdrs, cap));
723 * Call a remote procedure service
724 * This procedure is very quiet when things go wrong.
725 * The proc is written to support broadcast rpc. In the broadcast case,
726 * a machine should shut-up instead of complain, less the requestor be
727 * overrun with complaints at the expense of not hearing a valid reply ...
729 * This now forks so that the program & process that it calls can call
730 * back to the portmapper.
732 static void callit(struct svc_req *rqstp, SVCXPRT *xprt)
734 struct rmtcallargs a;
735 struct pmaplist *pml;
737 struct sockaddr_in me;
740 struct authunix_parms *au = (struct authunix_parms *)rqstp->rq_clntcred;
741 struct timeval timeout;
746 a.rmt_args.args = buf;
747 if (!svc_getargs(xprt, (xdrproc_t)xdr_rmtcall_args, (caddr_t)&a))
749 /* host and service access control */
750 if (!check_callit(svc_getcaller(xprt),
751 rqstp->rq_proc, a.rmt_prog, a.rmt_proc))
753 if ((pml = find_service(a.rmt_prog, a.rmt_vers,
754 (u_long)IPPROTO_UDP)) == NULL)
757 * fork a child to do the work. Parent immediately returns.
758 * Child exits upon completion.
760 if ((pid = fork()) != 0) {
762 syslog(LOG_ERR, "CALLIT (prog %lu): fork: %m",
766 port = pml->pml_map.pm_port;
768 me.sin_port = htons(port);
769 client = clntudp_create(&me, a.rmt_prog, a.rmt_vers, timeout, &so);
770 if (client != (CLIENT *)NULL) {
771 if (rqstp->rq_cred.oa_flavor == AUTH_UNIX) {
772 client->cl_auth = authunix_create(au->aup_machname,
773 au->aup_uid, au->aup_gid, au->aup_len, au->aup_gids);
775 a.rmt_port = (u_long)port;
776 if (clnt_call(client, a.rmt_proc, (xdrproc_t)xdr_opaque_parms,
777 (caddr_t)&a, (xdrproc_t)xdr_len_opaque_parms,
778 (caddr_t)&a, timeout) == RPC_SUCCESS) {
779 svc_sendreply(xprt, (xdrproc_t)xdr_rmtcall_result,
782 AUTH_DESTROY(client->cl_auth);
783 clnt_destroy(client);
789 #ifndef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */
790 static void reap(int ignore)
792 int save_errno = errno;
793 while (wait3((int *)NULL, WNOHANG, (struct rusage *)NULL) > 0);
798 /* Dump and restore mapping table so that we can survive kill/restart.
799 * To cope with chroot, an fd is opened early and we just write to that.
800 * If we are killed while writing the file, we lose, but that isn't
804 static void dump_table(void)
807 struct pmaplist *pml;
811 ftruncate(store_fd, 0);
812 lseek(store_fd, 0, 0);
813 f = fdopen(dup(store_fd), "w");
817 for (pml = pmaplist ; pml ; pml = pml->pml_next) {
818 struct flagged_pml *fpml = (struct flagged_pml*)pml;
820 fprintf(f, "%lu %lu %lu %lu %d\n",
821 pml->pml_map.pm_prog,
822 pml->pml_map.pm_vers,
823 pml->pml_map.pm_prot,
824 pml->pml_map.pm_port,
830 static void load_table(void)
833 struct pmaplist **ep;
834 struct flagged_pml fpml, *fpmlp;
837 while ((*ep)->pml_next)
838 ep = & (*ep)->pml_next;
842 lseek(store_fd, 0, 0);
843 f = fdopen(dup(store_fd), "r");
847 while (fscanf(f, "%lu %lu %lu %lu %d\n",
848 &fpml.pml.pml_map.pm_prog,
849 &fpml.pml.pml_map.pm_vers,
850 &fpml.pml.pml_map.pm_prot,
851 &fpml.pml.pml_map.pm_port,
853 if (fpml.pml.pml_map.pm_port == PMAPPORT)
855 fpmlp = malloc(sizeof(struct flagged_pml));
860 ep = &fpmlp->pml.pml_next;