usr.sbin/rpcbind/security.c

74462Salfred/*	$NetBSD: security.c,v 1.5 2000/06/08 09:01:05 fvdl Exp $	*/
74462Salfred/*	$FreeBSD$ */
74462Salfred
74462Salfred#include <sys/types.h>
74462Salfred#include <sys/time.h>
74462Salfred#include <sys/socket.h>
74462Salfred#include <netinet/in.h>
74462Salfred#include <arpa/inet.h>
74462Salfred#include <rpc/rpc.h>
74462Salfred#include <rpc/rpcb_prot.h>
74462Salfred#include <rpc/pmap_prot.h>
74462Salfred#include <err.h>
79721Siedowse#include <stdio.h>
74462Salfred#include <stdlib.h>
74462Salfred#include <string.h>
74462Salfred#include <unistd.h>
74462Salfred#include <libutil.h>
74462Salfred#include <syslog.h>
74462Salfred#include <netdb.h>
74462Salfred
74462Salfred/*
74462Salfred * XXX for special case checks in check_callit.
74462Salfred */
74462Salfred#include <rpcsvc/mount.h>
74462Salfred#include <rpcsvc/rquota.h>
74462Salfred#include <rpcsvc/nfs_prot.h>
74462Salfred#include <rpcsvc/yp.h>
74462Salfred#include <rpcsvc/ypclnt.h>
74462Salfred#include <rpcsvc/yppasswd.h>
74462Salfred
74462Salfred#include "rpcbind.h"
74462Salfred
74462Salfred#ifdef LIBWRAP
74462Salfred# include <tcpd.h>
74462Salfred#ifndef LIBWRAP_ALLOW_FACILITY
74462Salfred# define LIBWRAP_ALLOW_FACILITY LOG_AUTH
74462Salfred#endif
74462Salfred#ifndef LIBWRAP_ALLOW_SEVERITY
74462Salfred# define LIBWRAP_ALLOW_SEVERITY LOG_INFO
74462Salfred#endif
74462Salfred#ifndef LIBWRAP_DENY_FACILITY
74462Salfred# define LIBWRAP_DENY_FACILITY LOG_AUTH
74462Salfred#endif
74462Salfred#ifndef LIBWRAP_DENY_SEVERITY
74462Salfred# define LIBWRAP_DENY_SEVERITY LOG_WARNING
74462Salfred#endif
74462Salfredint allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
74462Salfredint deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
74462Salfred#endif
74462Salfred
74462Salfred#ifndef PORTMAP_LOG_FACILITY
74462Salfred# define PORTMAP_LOG_FACILITY LOG_AUTH
74462Salfred#endif
74462Salfred#ifndef PORTMAP_LOG_SEVERITY
74462Salfred# define PORTMAP_LOG_SEVERITY LOG_INFO
74462Salfred#endif
74462Salfredint log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY;
74462Salfred
74462Salfredextern int verboselog;
74462Salfred
74462Salfredint
104592Salfredcheck_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
74462Salfred{
74462Salfred	struct netbuf *caller = svc_getrpccaller(xprt);
74462Salfred	struct sockaddr *addr = (struct sockaddr *)caller->buf;
74462Salfred#ifdef LIBWRAP
74462Salfred	struct request_info req;
74462Salfred#endif
74462Salfred	rpcprog_t prog = 0;
74462Salfred	rpcb *rpcbp;
74462Salfred	struct pmap *pmap;
74462Salfred
74462Salfred	/*
74462Salfred	 * The older PMAP_* equivalents have the same numbers, so
74462Salfred	 * they are accounted for here as well.
74462Salfred	 */
74462Salfred	switch (proc) {
74462Salfred	case RPCBPROC_GETADDR:
74462Salfred	case RPCBPROC_SET:
74462Salfred	case RPCBPROC_UNSET:
74462Salfred		if (rpcbvers > PMAPVERS) {
74462Salfred			rpcbp = (rpcb *)args;
74462Salfred			prog = rpcbp->r_prog;
74462Salfred		} else {
74462Salfred			pmap = (struct pmap *)args;
74462Salfred			prog = pmap->pm_prog;
74462Salfred		}
74462Salfred		if (proc == RPCBPROC_GETADDR)
74462Salfred			break;
74462Salfred		if (!insecure && !is_loopback(caller)) {
74462Salfred			if (verboselog)
74462Salfred				logit(log_severity, addr, proc, prog,
74462Salfred				    " declined (non-loopback sender)");
74462Salfred			return 0;
74462Salfred		}
74462Salfred		break;
74462Salfred	case RPCBPROC_CALLIT:
74462Salfred	case RPCBPROC_INDIRECT:
74462Salfred	case RPCBPROC_DUMP:
74462Salfred	case RPCBPROC_GETTIME:
74462Salfred	case RPCBPROC_UADDR2TADDR:
74462Salfred	case RPCBPROC_TADDR2UADDR:
74462Salfred	case RPCBPROC_GETVERSADDR:
74462Salfred	case RPCBPROC_GETADDRLIST:
74462Salfred	case RPCBPROC_GETSTAT:
74462Salfred	default:
104593Salfred		break;
74462Salfred	}
74462Salfred
74462Salfred#ifdef LIBWRAP
74462Salfred	if (addr->sa_family == AF_LOCAL)
74462Salfred		return 1;
74462Salfred	request_init(&req, RQ_DAEMON, "rpcbind", RQ_CLIENT_SIN, addr, 0);
74462Salfred	sock_methods(&req);
74462Salfred	if(!hosts_access(&req)) {
74462Salfred		logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
74462Salfred		return 0;
74462Salfred	}
74462Salfred#endif
74462Salfred	if (verboselog)
74462Salfred		logit(log_severity, addr, proc, prog, "");
74462Salfred    	return 1;
74462Salfred}
74462Salfred
74462Salfredint
74462Salfredis_loopback(struct netbuf *nbuf)
74462Salfred{
74462Salfred	struct sockaddr *addr = (struct sockaddr *)nbuf->buf;
74462Salfred	struct sockaddr_in *sin;
74462Salfred#ifdef INET6
74462Salfred	struct sockaddr_in6 *sin6;
74462Salfred#endif
74462Salfred
74462Salfred	switch (addr->sa_family) {
74462Salfred	case AF_INET:
74462Salfred		if (!oldstyle_local)
74462Salfred			return 0;
74462Salfred		sin = (struct sockaddr_in *)addr;
74462Salfred        	return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) &&
74462Salfred		    (ntohs(sin->sin_port) < IPPORT_RESERVED));
74462Salfred#ifdef INET6
74462Salfred	case AF_INET6:
74462Salfred		if (!oldstyle_local)
74462Salfred			return 0;
74462Salfred		sin6 = (struct sockaddr_in6 *)addr;
74462Salfred		return (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
74462Salfred		    (ntohs(sin6->sin6_port) < IPV6PORT_RESERVED));
74462Salfred#endif
74462Salfred	case AF_LOCAL:
74462Salfred		return 1;
74462Salfred	default:
104593Salfred		break;
74462Salfred	}
74462Salfred
74462Salfred	return 0;
74462Salfred}
74462Salfred
74462Salfred
74462Salfred/* logit - report events of interest via the syslog daemon */
74462Salfredvoid
74462Salfredlogit(int severity, struct sockaddr *addr, rpcproc_t procnum, rpcprog_t prognum,
74462Salfred      const char *text)
74462Salfred{
74462Salfred	const char *procname;
74462Salfred	char	procbuf[32];
74462Salfred	char   *progname;
74462Salfred	char	progbuf[32];
74462Salfred	char fromname[NI_MAXHOST];
74462Salfred	struct rpcent *rpc;
74462Salfred	static const char *procmap[] = {
74462Salfred	/* RPCBPROC_NULL */		"null",
74462Salfred	/* RPCBPROC_SET */		"set",
74462Salfred	/* RPCBPROC_UNSET */		"unset",
74462Salfred	/* RPCBPROC_GETADDR */		"getport/addr",
74462Salfred	/* RPCBPROC_DUMP */		"dump",
74462Salfred	/* RPCBPROC_CALLIT */		"callit",
74462Salfred	/* RPCBPROC_GETTIME */		"gettime",
74462Salfred	/* RPCBPROC_UADDR2TADDR */	"uaddr2taddr",
74462Salfred	/* RPCBPROC_TADDR2UADDR */	"taddr2uaddr",
74462Salfred	/* RPCBPROC_GETVERSADDR */	"getversaddr",
74462Salfred	/* RPCBPROC_INDIRECT */		"indirect",
74462Salfred	/* RPCBPROC_GETADDRLIST */	"getaddrlist",
74462Salfred	/* RPCBPROC_GETSTAT */		"getstat"
74462Salfred	};
74462Salfred
74462Salfred	/*
74462Salfred	 * Fork off a process or the portmap daemon might hang while
74462Salfred	 * getrpcbynumber() or syslog() does its thing.
74462Salfred	 */
74462Salfred
74462Salfred	if (fork() == 0) {
74462Salfred		setproctitle("logit");
74462Salfred
74462Salfred		/* Try to map program number to name. */
74462Salfred
74462Salfred		if (prognum == 0) {
74462Salfred			progname = "";
74462Salfred		} else if ((rpc = getrpcbynumber((int) prognum))) {
74462Salfred			progname = rpc->r_name;
74462Salfred		} else {
74462Salfred			snprintf(progname = progbuf, sizeof(progbuf), "%u",
74462Salfred			    (unsigned)prognum);
74462Salfred		}
74462Salfred
74462Salfred		/* Try to map procedure number to name. */
74462Salfred
79721Siedowse		if (procnum >= (sizeof procmap / sizeof (char *))) {
74462Salfred			snprintf(procbuf, sizeof procbuf, "%u",
74462Salfred			    (unsigned)procnum);
74462Salfred			procname = procbuf;
74462Salfred		} else
74462Salfred			procname = procmap[procnum];
74462Salfred
74462Salfred		/* Write syslog record. */
74462Salfred
74462Salfred		if (addr->sa_family == AF_LOCAL)
107952Smbr			strcpy(fromname, "local");
74462Salfred		else
74462Salfred			getnameinfo(addr, addr->sa_len, fromname,
74462Salfred			    sizeof fromname, NULL, 0, NI_NUMERICHOST);
74462Salfred
74462Salfred		syslog(severity, "connect from %s to %s(%s)%s",
74462Salfred			fromname, procname, progname, text);
74462Salfred		_exit(0);
74462Salfred	}
74462Salfred}
74462Salfred
74462Salfredint
104592Salfredcheck_callit(SVCXPRT *xprt, struct r_rmtcall_args *args, int versnum __unused)
74462Salfred{
74462Salfred	struct sockaddr *sa = (struct sockaddr *)svc_getrpccaller(xprt)->buf;
74462Salfred
74462Salfred	/*
74462Salfred	 * Always allow calling NULLPROC
74462Salfred	 */
74462Salfred	if (args->rmt_proc == 0)
74462Salfred		return 1;
74462Salfred
74462Salfred	/*
74462Salfred	 * XXX - this special casing sucks.
74462Salfred	 */
74462Salfred	switch (args->rmt_prog) {
74462Salfred	case RPCBPROG:
74462Salfred		/*
74462Salfred		 * Allow indirect calls to ourselves in insecure mode.
74462Salfred		 * The is_loopback checks aren't useful then anyway.
74462Salfred		 */
74462Salfred		if (!insecure)
74462Salfred			goto deny;
74462Salfred		break;
74462Salfred	case MOUNTPROG:
74462Salfred		if (args->rmt_proc != MOUNTPROC_MNT &&
74462Salfred		    args->rmt_proc != MOUNTPROC_UMNT)
74462Salfred			break;
74462Salfred		goto deny;
74462Salfred	case YPBINDPROG:
74462Salfred		if (args->rmt_proc != YPBINDPROC_SETDOM)
74462Salfred			break;
74462Salfred		/* FALLTHROUGH */
74462Salfred	case YPPASSWDPROG:
74462Salfred	case NFS_PROGRAM:
74462Salfred	case RQUOTAPROG:
74462Salfred		goto deny;
74462Salfred	case YPPROG:
74462Salfred		switch (args->rmt_proc) {
74462Salfred		case YPPROC_ALL:
74462Salfred		case YPPROC_MATCH:
74462Salfred		case YPPROC_FIRST:
74462Salfred		case YPPROC_NEXT:
74462Salfred			goto deny;
74462Salfred		default:
104593Salfred			break;
74462Salfred		}
74462Salfred	default:
104593Salfred		break;
74462Salfred	}
74462Salfred
74462Salfred	return 1;
74462Salfreddeny:
74462Salfred#ifdef LIBWRAP
74462Salfred	logit(deny_severity, sa, args->rmt_proc, args->rmt_prog,
74462Salfred	    ": indirect call not allowed");
74462Salfred#else
74462Salfred	logit(0, sa, args->rmt_proc, args->rmt_prog,
74462Salfred	    ": indirect call not allowed");
74462Salfred#endif
74462Salfred	return 0;
74462Salfred}