2 * Copyright (c) 1990 The Regents of the University of California.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 "@(#) Copyright (c) 1990 The Regents of the University of California.\n\
37 All rights reserved.\n";
41 @(#)portmap.c 2.3 88/08/11 4.0 RPCSRC
42 static char sccsid[] = "@(#)portmap.c 1.32 87/08/06 Copyr 1984 Sun Micro";
46 * portmap.c, Implements the program,version to port number mapping for
51 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
52 * unrestricted use provided that this legend is included on all tape
53 * media and as a part of the software program in whole or part. Users
54 * may copy or modify Sun RPC without charge, but are not authorized
55 * to license or distribute it to anyone else except as part of a product or
56 * program developed by the user.
58 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
59 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
60 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
62 * Sun RPC is provided with no support and without any obligation on the
63 * part of Sun Microsystems, Inc. to assist in its use, correction,
64 * modification or enhancement.
66 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
67 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
68 * OR ANY PART THEREOF.
70 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
71 * or profits or other special, indirect and consequential damages, even if
72 * Sun has been advised of the possibility of such damages.
74 * Sun Microsystems, Inc.
76 * Mountain View, California 94043
80 #include <rpc/pmap_prot.h>
87 #include <sys/socket.h>
88 #include <sys/ioctl.h>
90 #include <sys/signal.h>
92 #include <sys/resource.h>
93 #include <sys/types.h>
95 #include <netinet/in.h>
97 #include <arpa/inet.h>
105 #if !defined(SIGCHLD) && defined(SIGCLD)
106 #define SIGCHLD SIGCLD
109 #ifndef svc_getcaller /* SYSV4 */
110 # define svc_getcaller svc_getrpccaller
113 static void reg_service(struct svc_req *rqstp, SVCXPRT *xprt);
114 #ifndef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */
115 static void reap(int);
117 static void callit(struct svc_req *rqstp, SVCXPRT *xprt);
118 struct pmaplist *pmaplist;
121 static void dump_table(void);
122 static void load_table(void);
124 #include "pmap_check.h"
127 * How desperate can one be. It is possible to prevent an attacker from
128 * manipulating your portmapper tables from outside with requests that
129 * contain spoofed source address information. The countermeasure is to
130 * force all rpc servers to register and unregister with the portmapper via
131 * the loopback network interface, instead of via the primary network
132 * interface that every host can talk to. For this countermeasure to work it
133 * is necessary to #define LOOPBACK_SETUNSET, to disable source routing in
134 * the kernel, and to modify libc so that get_myaddress() chooses the
135 * loopback interface address.
138 #ifdef LOOPBACK_SETUNSET
139 static SVCXPRT *ludpxprt, *ltcpxprt;
141 #ifndef INADDR_LOOPBACK
142 #define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1"))
146 int daemon_port = PMAPPORT;
147 int daemon_uid = DAEMON_UID;
148 int daemon_gid = DAEMON_GID;
149 const char* mapping_file = PORTMAP_MAPPING_FILE;
152 * We record with each registration a flag telling whether it was
153 * registered with a privilege port or not.
154 * If it was, it can only be unregistered with a privileged port.
155 * So that we can still use standard pmap xdr routines, we store
156 * this flag in a structure wrapped around a pmaplist.
163 static inline int __getuid(const char* username)
165 struct passwd* pw = getpwnam(username);
170 daemon_uid = pw->pw_uid;
171 daemon_gid = pw->pw_gid;
175 static void usage(char *progname)
177 fprintf(stderr, "usage: %s [-dfFlv] [-t dir] [-i address] "
178 "[-u uid] [-g gid] [-U username] \n",
180 fprintf(stderr, "-v verbose logging\n");
181 fprintf(stderr, "-d debugging mode\n");
182 fprintf(stderr, "-f don't daemonize, log to standard error\n");
183 fprintf(stderr, "-F don't daemonize, log as usual\n");
184 fprintf(stderr, "-t <dir> chroot into dir\n");
185 fprintf(stderr, "-i <address> bind to address\n");
186 fprintf(stderr, "-l same as -i 127.0.0.1\n");
187 fprintf(stderr, "-u <uid> run as this uid (default: %d)\n", DAEMON_UID);
188 fprintf(stderr, "-g <uid> run as this gid (default: %d)\n", DAEMON_GID);
189 fprintf(stderr, "-p <port> run on nonstandard port (default: %d)\n", daemon_port);
190 fprintf(stderr, "-U <username> suid/sgid to this user\n");
191 fprintf(stderr, "-m <mapfile> specify the mapping file name "
192 "(default: "PORTMAP_MAPPING_FILE")\n");
196 main(int argc, char **argv)
200 struct sockaddr_in addr;
201 int len = sizeof(struct sockaddr_in);
202 struct pmaplist *pml;
203 struct flagged_pml *fpml;
204 char *chroot_path = NULL;
205 struct in_addr bindaddr;
206 int have_bindaddr = 0;
210 while ((c = getopt(argc, argv, "hVdfFlt:vi:u:U:g:m:p:")) != EOF) {
214 printf("portmap version 6.0.0.1 - 2008-05-10\n");
218 mapping_file = optarg;
222 /* try to fetch user-given uid/gid by name */
223 if (!__getuid(optarg))
226 "portmap: illegal username: \"%s\"\n",
233 daemon_uid = atoi(optarg);
234 if (daemon_uid <= 0) {
236 "portmap: illegal uid: %s\n", optarg);
242 daemon_gid = atoi(optarg);
243 if (daemon_gid <= 0) {
245 "portmap: illegal gid: %s\n", optarg);
256 /* run in foreground, but still log as usual */
261 chroot_path = optarg;
269 optarg = (char*)"127.0.0.1";
272 have_bindaddr = inet_aton(optarg, &bindaddr);
275 daemon_port = atoi(optarg);
284 if (!foreground && daemon(0, 0)) {
285 (void) fprintf(stderr, "portmap: fork: %s", strerror(errno));
291 LOG_PID|LOG_NDELAY | ( (foreground==1) ? LOG_PERROR : 0),
295 LOG_PID|LOG_NDELAY | ( (foreground==1) ? LOG_PERROR : 0));
300 if (!__getuid(RPCUSER))
301 syslog(LOG_WARNING, "user '" RPCUSER
302 "' not found, reverting to default uid");
306 if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
307 syslog(LOG_ERR, "cannot create udp socket: %m");
310 #ifdef LOOPBACK_SETUNSET
311 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
314 memset((char *) &addr, 0, sizeof(addr));
315 addr.sin_addr.s_addr = 0;
316 addr.sin_family = AF_INET;
317 addr.sin_port = htons(daemon_port);
319 memcpy(&addr.sin_addr, &bindaddr, sizeof(bindaddr));
321 if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
322 syslog(LOG_ERR, "cannot bind udp: %m");
326 if ((xprt = svcudp_create(sock)) == (SVCXPRT *)NULL) {
327 syslog(LOG_ERR, "couldn't do udp_create");
330 /* make an entry for ourself */
331 fpml = malloc(sizeof(struct flagged_pml));
334 pml->pml_next = NULL;
335 pml->pml_map.pm_prog = PMAPPROG;
336 pml->pml_map.pm_vers = PMAPVERS;
337 pml->pml_map.pm_prot = IPPROTO_UDP;
338 pml->pml_map.pm_port = daemon_port;
341 if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
342 syslog(LOG_ERR, "cannot create tcp socket: %m");
345 #ifdef LOOPBACK_SETUNSET
346 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
348 if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
349 syslog(LOG_ERR, "cannot bind tcp: %m");
352 if ((xprt = svctcp_create(sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE))
353 == (SVCXPRT *)NULL) {
354 syslog(LOG_ERR, "couldn't do tcp_create");
357 /* make an entry for ourself */
358 fpml = malloc(sizeof(struct flagged_pml));
361 pml->pml_map.pm_prog = PMAPPROG;
362 pml->pml_map.pm_vers = PMAPVERS;
363 pml->pml_map.pm_prot = IPPROTO_TCP;
364 pml->pml_map.pm_port = daemon_port;
365 pml->pml_next = pmaplist;
368 #ifdef LOOPBACK_SETUNSET
369 if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
370 syslog(LOG_ERR, "cannot create udp socket: %m");
373 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
375 addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
376 if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
377 syslog(LOG_ERR, "cannot bind udp: %m");
381 if ((ludpxprt = svcudp_create(sock)) == (SVCXPRT *)NULL) {
382 syslog(LOG_ERR, "couldn't do udp_create");
385 if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
386 syslog(LOG_ERR, "cannot create tcp socket: %m");
389 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
390 if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
391 syslog(LOG_ERR, "cannot bind tcp: %m");
394 if ((ltcpxprt = svctcp_create(sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE))
395 == (SVCXPRT *)NULL) {
396 syslog(LOG_ERR, "couldn't do tcp_create");
401 (void)svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE);
403 store_fd = open(mapping_file, O_RDWR|O_CREAT, PORTMAP_MAPPING_FMODE);
406 /* additional initializations */
408 if (chroot(chroot_path) < 0) {
409 syslog(LOG_ERR, "couldn't do chroot");
414 #ifdef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */
415 (void)signal(SIGCHLD, SIG_IGN);
417 (void)signal(SIGCHLD, reap);
419 (void)signal(SIGPIPE, SIG_IGN);
421 syslog(LOG_ERR, "run_svc returned unexpectedly");
426 /* need to override perror calls in rpc library */
427 void perror(const char *what)
430 syslog(LOG_ERR, "%s: %m", what);
434 static struct pmaplist *
435 find_service(u_long prog, u_long vers, u_long prot)
437 struct pmaplist *hit = NULL;
438 struct pmaplist *pml;
440 for (pml = pmaplist; pml != NULL; pml = pml->pml_next) {
441 if ((pml->pml_map.pm_prog != prog) ||
442 (pml->pml_map.pm_prot != prot))
445 if (pml->pml_map.pm_vers == vers)
454 static void reg_service(struct svc_req *rqstp, SVCXPRT *xprt)
457 struct pmaplist *pml, *prevpml, *fnd;
458 struct flagged_pml *fpml;
463 * Later wrappers change the logging severity on the fly. Reset to
464 * defaults before handling the next request.
466 allow_severity = LOG_INFO;
467 deny_severity = LOG_WARNING;
470 (void) fprintf(stderr, "server: about do a switch\n");
471 switch (rqstp->rq_proc) {
477 /* remote host authorization check */
478 check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0);
479 if (!svc_sendreply(xprt, (xdrproc_t) xdr_void, (caddr_t)0)
487 * Set a program,version to port mapping
489 if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t)®))
492 /* reject non-local requests, protect priv. ports */
493 if (!CHECK_SETUNSET(xprt, ludpxprt, ltcpxprt,
494 rqstp->rq_proc, reg.pm_prog, reg.pm_port)) {
499 * check to see if already used
500 * find_service returns a hit even if
501 * the versions don't match, so check for it
503 fnd = find_service(reg.pm_prog, reg.pm_vers, reg.pm_prot);
504 if (fnd && fnd->pml_map.pm_vers == reg.pm_vers) {
505 if (fnd->pml_map.pm_port == reg.pm_port) {
517 fpml = (struct flagged_pml *)
518 malloc((u_int)sizeof(struct flagged_pml));
521 (ntohs(svc_getcaller(xprt)->sin_port)
529 for (fnd= pmaplist; fnd->pml_next != 0;
530 fnd = fnd->pml_next);
537 if ((!svc_sendreply(xprt, (xdrproc_t)xdr_int,
540 (void) fprintf(stderr, "svc_sendreply\n");
548 * Remove a program,version to port mapping.
550 if (!svc_getargs(xprt, (xdrproc_t)xdr_pmap, (caddr_t)®))
554 /* reject non-local requests */
555 if (!CHECK_SETUNSET(xprt, ludpxprt, ltcpxprt,
556 rqstp->rq_proc, reg.pm_prog, (u_long) 0))
558 for (prevpml = NULL, pml = pmaplist; pml != NULL; ) {
559 if ((pml->pml_map.pm_prog != reg.pm_prog) ||
560 (pml->pml_map.pm_vers != reg.pm_vers)) {
561 /* both pml & prevpml move forwards */
566 /* found it; pml moves forward, prevpml stays */
567 /* privileged port check */
568 if (!check_privileged_port(svc_getcaller(xprt),
571 pml->pml_map.pm_port))
574 fpml = (struct flagged_pml*)pml;
576 (ntohs(svc_getcaller(xprt)->sin_port)
586 prevpml->pml_next = pml;
590 if ((!svc_sendreply(xprt, (xdrproc_t)xdr_int,
593 (void) fprintf(stderr, "svc_sendreply\n");
599 case PMAPPROC_GETPORT:
601 * Lookup the mapping for a program,version and return its port
603 if (!svc_getargs(xprt, (xdrproc_t)xdr_pmap, (caddr_t)®))
606 /* remote host authorization check */
607 if (!check_default(svc_getcaller(xprt),
613 fnd = find_service(reg.pm_prog, reg.pm_vers, reg.pm_prot);
615 port = fnd->pml_map.pm_port;
618 if ((!svc_sendreply(xprt, (xdrproc_t)xdr_int,
621 (void) fprintf(stderr, "svc_sendreply\n");
629 * Return the current set of mapped program,version
631 if (!svc_getargs(xprt, (xdrproc_t)xdr_void, NULL))
634 /* remote host authorization check */
636 if (!check_default(svc_getcaller(xprt),
637 rqstp->rq_proc, (u_long) 0)) {
638 p = 0; /* send empty list */
642 if ((!svc_sendreply(xprt, (xdrproc_t)xdr_pmaplist,
643 (caddr_t)&p)) && debugging) {
644 (void) fprintf(stderr, "svc_sendreply\n");
650 case PMAPPROC_CALLIT:
652 * Calls a procedure on the local machine. If the requested
653 * procedure is not registered this procedure does not return
654 * error information!!
655 * This procedure is only supported on rpc/udp and calls via
656 * rpc/udp. It passes null authentication parameters.
662 /* remote host authorization check */
663 check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0);
671 * Stuff for the rmtcall service
681 xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
684 return (xdr_bytes(xdrs, &(epp->args), &(epp->arglen), ARGSIZE));
692 struct encap_parms rmt_args;
696 xdr_rmtcall_args(XDR *xdrs, struct rmtcallargs *cap)
699 /* does not get a port number */
700 if (xdr_u_long(xdrs, &(cap->rmt_prog)) &&
701 xdr_u_long(xdrs, &(cap->rmt_vers)) &&
702 xdr_u_long(xdrs, &(cap->rmt_proc))) {
703 return (xdr_encap_parms(xdrs, &(cap->rmt_args)));
709 xdr_rmtcall_result(XDR *xdrs, struct rmtcallargs *cap)
711 if (xdr_u_long(xdrs, &(cap->rmt_port)))
712 return (xdr_encap_parms(xdrs, &(cap->rmt_args)));
717 * only worries about the struct encap_parms part of struct rmtcallargs.
718 * The arglen must already be set!!
721 xdr_opaque_parms(XDR *xdrs, struct rmtcallargs *cap)
724 return (xdr_opaque(xdrs, cap->rmt_args.args, cap->rmt_args.arglen));
728 * This routine finds and sets the length of incoming opaque paraters
729 * and then calls xdr_opaque_parms.
732 xdr_len_opaque_parms(XDR *xdrs, struct rmtcallargs *cap)
734 u_int beginpos, lowpos, highpos, currpos, pos;
736 beginpos = lowpos = pos = xdr_getpos(xdrs);
737 highpos = lowpos + ARGSIZE;
738 while ((int)(highpos - lowpos) >= 0) {
739 currpos = (lowpos + highpos) / 2;
740 if (xdr_setpos(xdrs, currpos)) {
742 lowpos = currpos + 1;
744 highpos = currpos - 1;
747 xdr_setpos(xdrs, beginpos);
748 cap->rmt_args.arglen = pos - beginpos;
749 return (xdr_opaque_parms(xdrs, cap));
753 * Call a remote procedure service
754 * This procedure is very quiet when things go wrong.
755 * The proc is written to support broadcast rpc. In the broadcast case,
756 * a machine should shut-up instead of complain, less the requestor be
757 * overrun with complaints at the expense of not hearing a valid reply ...
759 * This now forks so that the program & process that it calls can call
760 * back to the portmapper.
762 static void callit(struct svc_req *rqstp, SVCXPRT *xprt)
764 struct rmtcallargs a;
765 struct pmaplist *pml;
767 struct sockaddr_in me;
770 struct authunix_parms *au = (struct authunix_parms *)rqstp->rq_clntcred;
771 struct timeval timeout;
776 a.rmt_args.args = buf;
777 if (!svc_getargs(xprt, (xdrproc_t)xdr_rmtcall_args, (caddr_t)&a))
779 /* host and service access control */
780 if (!check_callit(svc_getcaller(xprt),
781 rqstp->rq_proc, a.rmt_prog, a.rmt_proc))
783 if ((pml = find_service(a.rmt_prog, a.rmt_vers,
784 (u_long)IPPROTO_UDP)) == NULL)
788 * fork a child to do the work. Parent immediately returns.
789 * Child exits upon completion.
791 if ((pid = fork()) != 0) {
793 syslog(LOG_ERR, "CALLIT (prog %lu): fork: %m",
798 port = pml->pml_map.pm_port;
800 me.sin_port = htons(port);
801 client = clntudp_create(&me, a.rmt_prog, a.rmt_vers, timeout, &so);
802 if (client != (CLIENT *)NULL) {
803 if (rqstp->rq_cred.oa_flavor == AUTH_UNIX) {
804 client->cl_auth = authunix_create(au->aup_machname,
805 au->aup_uid, au->aup_gid, au->aup_len, au->aup_gids);
807 a.rmt_port = (u_long)port;
808 if (clnt_call(client, a.rmt_proc, (xdrproc_t)xdr_opaque_parms,
809 (caddr_t)&a, (xdrproc_t)xdr_len_opaque_parms,
810 (caddr_t)&a, timeout) == RPC_SUCCESS) {
811 svc_sendreply(xprt, (xdrproc_t)xdr_rmtcall_result,
814 AUTH_DESTROY(client->cl_auth);
815 clnt_destroy(client);
823 #ifndef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */
824 static void reap(int ignore)
826 int save_errno = errno;
827 while (wait3((int *)NULL, WNOHANG, (struct rusage *)NULL) > 0);
832 /* Dump and restore mapping table so that we can survive kill/restart.
833 * To cope with chroot, an fd is opened early and we just write to that.
834 * If we are killed while writing the file, we lose, but that isn't
838 static void dump_table(void)
841 struct pmaplist *pml;
845 ftruncate(store_fd, 0);
846 lseek(store_fd, 0, 0);
847 f = fdopen(dup(store_fd), "w");
851 for (pml = pmaplist ; pml ; pml = pml->pml_next) {
852 struct flagged_pml *fpml = (struct flagged_pml*)pml;
854 fprintf(f, "%lu %lu %lu %lu %d\n",
855 pml->pml_map.pm_prog,
856 pml->pml_map.pm_vers,
857 pml->pml_map.pm_prot,
858 pml->pml_map.pm_port,
864 static void load_table(void)
867 struct pmaplist **ep;
868 struct flagged_pml fpml, *fpmlp;
872 ep = & (*ep)->pml_next;
876 lseek(store_fd, 0, 0);
877 f = fdopen(dup(store_fd), "r");
881 while (fscanf(f, "%lu %lu %lu %lu %d\n",
882 &fpml.pml.pml_map.pm_prog,
883 &fpml.pml.pml_map.pm_vers,
884 &fpml.pml.pml_map.pm_prot,
885 &fpml.pml.pml_map.pm_port,
887 if (fpml.pml.pml_map.pm_port == daemon_port)
889 fpmlp = malloc(sizeof(struct flagged_pml));
894 ep = &fpmlp->pml.pml_next;