1/*	$OpenBSD: pmap_rmt.c,v 1.36 2020/12/30 18:56:35 benno Exp $ */
2
3/*
4 * Copyright (c) 2010, Oracle America, Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are
8 * met:
9 *
10 *     * Redistributions of source code must retain the above copyright
11 *       notice, this list of conditions and the following disclaimer.
12 *     * Redistributions in binary form must reproduce the above
13 *       copyright notice, this list of conditions and the following
14 *       disclaimer in the documentation and/or other materials
15 *       provided with the distribution.
16 *     * Neither the name of the "Oracle America, Inc." nor the names of its
17 *       contributors may be used to endorse or promote products derived
18 *       from this software without specific prior written permission.
19 *
20 *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
27 *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/*
35 * pmap_rmt.c
36 * Client interface to pmap rpc service.
37 * remote call and broadcast service
38 */
39
40#include <rpc/rpc.h>
41#include <rpc/pmap_prot.h>
42#include <rpc/pmap_clnt.h>
43#include <rpc/pmap_rmt.h>
44#include <sys/socket.h>
45#include <stdio.h>
46#include <stdlib.h>
47#include <unistd.h>
48#include <errno.h>
49#include <string.h>
50#include <net/if.h>
51#include <sys/ioctl.h>
52#include <arpa/inet.h>
53#include <ifaddrs.h>
54#define MAX_BROADCAST_SIZE 1400
55
56static struct timeval timeout = { 3, 0 };
57
58
59/*
60 * pmapper remote-call-service interface.
61 * This routine is used to call the pmapper remote call service
62 * which will look up a service program in the port maps, and then
63 * remotely call that routine with the given parameters.  This allows
64 * programs to do a lookup and call in one step.
65*/
66enum clnt_stat
67pmap_rmtcall(struct sockaddr_in *addr, u_long prog, u_long vers, u_long proc,
68    xdrproc_t xdrargs, caddr_t argsp, xdrproc_t xdrres, caddr_t resp,
69    struct timeval tout, u_long *port_ptr)
70{
71	int sock = -1;
72	CLIENT *client;
73	struct rmtcallargs a;
74	struct rmtcallres r;
75	enum clnt_stat stat;
76
77	addr->sin_port = htons(PMAPPORT);
78	client = clntudp_create(addr, PMAPPROG, PMAPVERS, timeout, &sock);
79	if (client != NULL) {
80		a.prog = prog;
81		a.vers = vers;
82		a.proc = proc;
83		a.args_ptr = argsp;
84		a.xdr_args = xdrargs;
85		r.port_ptr = port_ptr;
86		r.results_ptr = resp;
87		r.xdr_results = xdrres;
88		stat = CLNT_CALL(client, PMAPPROC_CALLIT, xdr_rmtcall_args, &a,
89		    xdr_rmtcallres, &r, tout);
90		CLNT_DESTROY(client);
91	} else {
92		stat = RPC_FAILED;
93	}
94	addr->sin_port = 0;
95	return (stat);
96}
97
98
99/*
100 * XDR remote call arguments
101 * written for XDR_ENCODE direction only
102 */
103bool_t
104xdr_rmtcall_args(XDR *xdrs, struct rmtcallargs *cap)
105{
106	u_int lenposition, argposition, position;
107
108	if (xdr_u_long(xdrs, &(cap->prog)) &&
109	    xdr_u_long(xdrs, &(cap->vers)) &&
110	    xdr_u_long(xdrs, &(cap->proc))) {
111		lenposition = XDR_GETPOS(xdrs);
112		if (! xdr_u_long(xdrs, &(cap->arglen)))
113		    return (FALSE);
114		argposition = XDR_GETPOS(xdrs);
115		if (! (*(cap->xdr_args))(xdrs, cap->args_ptr))
116		    return (FALSE);
117		position = XDR_GETPOS(xdrs);
118		cap->arglen = (u_long)position - (u_long)argposition;
119		XDR_SETPOS(xdrs, lenposition);
120		if (! xdr_u_long(xdrs, &(cap->arglen)))
121		    return (FALSE);
122		XDR_SETPOS(xdrs, position);
123		return (TRUE);
124	}
125	return (FALSE);
126}
127DEF_WEAK(xdr_rmtcall_args);
128
129/*
130 * XDR remote call results
131 * written for XDR_DECODE direction only
132 */
133bool_t
134xdr_rmtcallres(XDR *xdrs, struct rmtcallres *crp)
135{
136	caddr_t port_ptr;
137
138	port_ptr = (caddr_t)crp->port_ptr;
139	if (xdr_reference(xdrs, &port_ptr, sizeof (u_long),
140	    xdr_u_long) && xdr_u_long(xdrs, &crp->resultslen)) {
141		crp->port_ptr = (u_long *)port_ptr;
142		return ((*(crp->xdr_results))(xdrs, crp->results_ptr));
143	}
144	return (FALSE);
145}
146DEF_WEAK(xdr_rmtcallres);
147
148
149/*
150 * The following is kludged-up support for simple rpc broadcasts.
151 * Someday a large, complicated system will replace these trivial
152 * routines which only support udp/ip .
153 */
154static int
155newgetbroadcastnets(struct in_addr **addrsp)
156{
157	struct ifaddrs *ifap, *ifa;
158	struct sockaddr_in *sin;
159	struct in_addr *addrs;
160	int i = 0, n = 0;
161
162	if (getifaddrs(&ifap) != 0)
163		return 0;
164
165	for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
166		if (ifa->ifa_addr == NULL ||
167		    ifa->ifa_addr->sa_family != AF_INET)
168			continue;
169		if ((ifa->ifa_flags & IFF_BROADCAST) &&
170		    (ifa->ifa_flags & IFF_UP) &&
171		    ifa->ifa_broadaddr &&
172		    ifa->ifa_broadaddr->sa_family == AF_INET) {
173			n++;
174		}
175	}
176
177	addrs = calloc(n, sizeof(*addrs));
178	if (addrs == NULL) {
179		freeifaddrs(ifap);
180		return 0;
181	}
182
183	for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
184		if (ifa->ifa_addr == NULL ||
185		    ifa->ifa_addr->sa_family != AF_INET)
186			continue;
187		if ((ifa->ifa_flags & IFF_BROADCAST) &&
188		    (ifa->ifa_flags & IFF_UP) &&
189		    ifa->ifa_broadaddr &&
190		    ifa->ifa_broadaddr->sa_family == AF_INET) {
191			sin = (struct sockaddr_in *)ifa->ifa_broadaddr;
192			addrs[i++] = sin->sin_addr;
193		}
194	}
195
196	freeifaddrs(ifap);
197	*addrsp = addrs;
198	return i;
199}
200
201typedef bool_t (*resultproc_t)(caddr_t, struct sockaddr_in *);
202
203enum clnt_stat
204clnt_broadcast(u_long prog,	/* program number */
205    u_long vers,		/* version number */
206    u_long proc,		/* procedure number */
207    xdrproc_t xargs,		/* xdr routine for args */
208    caddr_t argsp,		/* pointer to args */
209    xdrproc_t xresults,		/* xdr routine for results */
210    caddr_t resultsp,		/* pointer to results */
211    resultproc_t eachresult)	/* call with each result obtained */
212{
213	enum clnt_stat stat;
214	AUTH *unix_auth;
215	XDR xdr_stream;
216	XDR *xdrs = &xdr_stream;
217	int outlen, inlen, nets;
218	socklen_t fromlen;
219	int sock = -1;
220	int on = 1;
221	struct pollfd pfd[1];
222	int i;
223	int timo;
224	bool_t done = FALSE;
225	u_long xid;
226	u_long port;
227	struct in_addr *addrs = NULL;
228	struct sockaddr_in baddr, raddr; /* broadcast and response addresses */
229	struct rmtcallargs a;
230	struct rmtcallres r;
231	struct rpc_msg msg;
232	char outbuf[MAX_BROADCAST_SIZE], inbuf[UDPMSGSIZE];
233
234	if ((unix_auth = authunix_create_default()) == NULL) {
235		stat = RPC_AUTHERROR;
236		goto done_broad;
237	}
238
239	/*
240	 * initialization: create a socket, a broadcast address, and
241	 * preserialize the arguments into a send buffer.
242	 */
243	if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
244		stat = RPC_CANTSEND;
245		goto done_broad;
246	}
247#ifdef SO_BROADCAST
248	if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, &on, sizeof (on)) == -1) {
249		stat = RPC_CANTSEND;
250		goto done_broad;
251	}
252#endif /* def SO_BROADCAST */
253
254	pfd[0].fd = sock;
255	pfd[0].events = POLLIN;
256
257	nets = newgetbroadcastnets(&addrs);
258	if (nets == 0) {
259		stat = RPC_CANTSEND;
260		goto done_broad;
261	}
262
263	memset(&baddr, 0, sizeof (baddr));
264	baddr.sin_len = sizeof(struct sockaddr_in);
265	baddr.sin_family = AF_INET;
266	baddr.sin_port = htons(PMAPPORT);
267	baddr.sin_addr.s_addr = htonl(INADDR_ANY);
268	msg.rm_xid = xid = arc4random();
269	msg.rm_direction = CALL;
270	msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
271	msg.rm_call.cb_prog = PMAPPROG;
272	msg.rm_call.cb_vers = PMAPVERS;
273	msg.rm_call.cb_proc = PMAPPROC_CALLIT;
274	msg.rm_call.cb_cred = unix_auth->ah_cred;
275	msg.rm_call.cb_verf = unix_auth->ah_verf;
276	a.prog = prog;
277	a.vers = vers;
278	a.proc = proc;
279	a.xdr_args = xargs;
280	a.args_ptr = argsp;
281	r.port_ptr = &port;
282	r.xdr_results = xresults;
283	r.results_ptr = resultsp;
284	xdrmem_create(xdrs, outbuf, MAX_BROADCAST_SIZE, XDR_ENCODE);
285	if (!xdr_callmsg(xdrs, &msg) || !xdr_rmtcall_args(xdrs, &a)) {
286		stat = RPC_CANTENCODEARGS;
287		goto done_broad;
288	}
289	outlen = (int)xdr_getpos(xdrs);
290	xdr_destroy(xdrs);
291
292	/*
293	 * Basic loop: broadcast a packet and wait a while for response(s).
294	 * The response timeout grows larger per iteration.
295	 *
296	 * XXX This will loop about 5 times the stop. If there are
297	 * lots of signals being received by the process it will quit
298	 * send them all in one quick burst, not paying attention to
299	 * the intended function of sending them slowly over half a
300	 * minute or so
301	 */
302	for (timo = 4000; timo <= 14000; timo += 2000) {
303		for (i = 0; i < nets; i++) {
304			baddr.sin_addr = addrs[i];
305			if (sendto(sock, outbuf, outlen, 0,
306			    (struct sockaddr *)&baddr,
307			    sizeof (struct sockaddr)) != outlen) {
308				stat = RPC_CANTSEND;
309				goto done_broad;
310			}
311		}
312		if (eachresult == NULL) {
313			stat = RPC_SUCCESS;
314			goto done_broad;
315		}
316	recv_again:
317		msg.acpted_rply.ar_verf = _null_auth;
318		msg.acpted_rply.ar_results.where = (caddr_t)&r;
319		msg.acpted_rply.ar_results.proc = xdr_rmtcallres;
320
321		switch (poll(pfd, 1, timo)) {
322		case 0:  /* timed out */
323			stat = RPC_TIMEDOUT;
324			continue;
325		case 1:
326			if (pfd[0].revents & POLLNVAL)
327				errno = EBADF;
328			else if (pfd[0].revents & POLLERR)
329				errno = EIO;
330			else
331				break;
332			/* FALLTHROUGH */
333		case -1:  /* some kind of error */
334			if (errno == EINTR)
335				goto recv_again;
336			stat = RPC_CANTRECV;
337			goto done_broad;
338		}
339	try_again:
340		fromlen = sizeof(struct sockaddr);
341		inlen = recvfrom(sock, inbuf, UDPMSGSIZE, 0,
342		    (struct sockaddr *)&raddr, &fromlen);
343		if (inlen == -1) {
344			if (errno == EINTR)
345				goto try_again;
346			stat = RPC_CANTRECV;
347			goto done_broad;
348		}
349		if (inlen < sizeof(u_int32_t))
350			goto recv_again;
351		/*
352		 * see if reply transaction id matches sent id.
353		 * If so, decode the results.
354		 */
355		xdrmem_create(xdrs, inbuf, (u_int)inlen, XDR_DECODE);
356		if (xdr_replymsg(xdrs, &msg)) {
357			if ((msg.rm_xid == xid) &&
358			    (msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
359			    (msg.acpted_rply.ar_stat == SUCCESS)) {
360				raddr.sin_port = htons((u_short)port);
361				done = (*eachresult)(resultsp, &raddr);
362			}
363			/* otherwise, we just ignore the errors ... */
364		}
365		xdrs->x_op = XDR_FREE;
366		msg.acpted_rply.ar_results.proc = xdr_void;
367		(void)xdr_replymsg(xdrs, &msg);
368		(void)(*xresults)(xdrs, resultsp);
369		xdr_destroy(xdrs);
370		if (done) {
371			stat = RPC_SUCCESS;
372			goto done_broad;
373		} else {
374			goto recv_again;
375		}
376	}
377done_broad:
378	free(addrs);
379	if (sock >= 0)
380		(void)close(sock);
381	if (unix_auth != NULL)
382		AUTH_DESTROY(unix_auth);
383	return (stat);
384}
385