1 /* $NetBSD: security.c,v 1.5 2000/06/08 09:01:05 fvdl Exp $ */
2 /* $FreeBSD: src/usr.sbin/rpcbind/security.c,v 1.6 2002/12/16 22:24:26 mbr Exp $ */
7 #include <sys/socket.h>
8 #include <netinet/in.h>
11 #include <rpc/rpcb_prot.h>
12 #include <rpc/pmap_prot.h>
23 * XXX for special case checks in check_callit.
25 #include <rpcsvc/mount.h>
26 #include <rpcsvc/rquota.h>
27 #include <rpcsvc/nfs_prot.h>
28 #include <rpcsvc/yp.h>
29 #include <rpcsvc/ypclnt.h>
30 #include <rpcsvc/yppasswd.h>
36 #ifndef LIBWRAP_ALLOW_FACILITY
37 # define LIBWRAP_ALLOW_FACILITY LOG_AUTH
39 #ifndef LIBWRAP_ALLOW_SEVERITY
40 # define LIBWRAP_ALLOW_SEVERITY LOG_INFO
42 #ifndef LIBWRAP_DENY_FACILITY
43 # define LIBWRAP_DENY_FACILITY LOG_AUTH
45 #ifndef LIBWRAP_DENY_SEVERITY
46 # define LIBWRAP_DENY_SEVERITY LOG_WARNING
48 int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
49 int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
52 #ifndef PORTMAP_LOG_FACILITY
53 # define PORTMAP_LOG_FACILITY LOG_AUTH
55 #ifndef PORTMAP_LOG_SEVERITY
56 # define PORTMAP_LOG_SEVERITY LOG_INFO
58 int log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY;
60 extern int verboselog;
63 check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
65 struct netbuf *caller = svc_getrpccaller(xprt);
66 struct sockaddr *addr = (struct sockaddr *)caller->buf;
68 struct request_info req;
75 * The older PMAP_* equivalents have the same numbers, so
76 * they are accounted for here as well.
79 case RPCBPROC_GETADDR:
82 if (rpcbvers > PMAPVERS) {
86 pmap = (struct pmap *)args;
89 if (proc == RPCBPROC_GETADDR)
91 if (!insecure && !is_loopback(caller)) {
93 logit(log_severity, addr, proc, prog,
94 " declined (non-loopback sender)");
99 case RPCBPROC_INDIRECT:
101 case RPCBPROC_GETTIME:
102 case RPCBPROC_UADDR2TADDR:
103 case RPCBPROC_TADDR2UADDR:
104 case RPCBPROC_GETVERSADDR:
105 case RPCBPROC_GETADDRLIST:
106 case RPCBPROC_GETSTAT:
112 if (addr->sa_family == AF_LOCAL)
114 request_init(&req, RQ_DAEMON, "rpcbind", RQ_CLIENT_SIN, addr, 0);
116 if(!hosts_access(&req)) {
117 logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
122 logit(log_severity, addr, proc, prog, "");
127 is_loopback(struct netbuf *nbuf)
129 struct sockaddr *addr = (struct sockaddr *)nbuf->buf;
130 struct sockaddr_in *sin;
132 struct sockaddr_in6 *sin6;
135 switch (addr->sa_family) {
139 sin = (struct sockaddr_in *)addr;
140 return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) &&
141 (ntohs(sin->sin_port) < IPPORT_RESERVED));
146 sin6 = (struct sockaddr_in6 *)addr;
147 return (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
148 (ntohs(sin6->sin6_port) < IPV6PORT_RESERVED));
160 /* logit - report events of interest via the syslog daemon */
162 logit(int severity, struct sockaddr *addr, rpcproc_t procnum, rpcprog_t prognum,
165 const char *procname;
169 char fromname[NI_MAXHOST];
171 static const char *procmap[] = {
172 /* RPCBPROC_NULL */ "null",
173 /* RPCBPROC_SET */ "set",
174 /* RPCBPROC_UNSET */ "unset",
175 /* RPCBPROC_GETADDR */ "getport/addr",
176 /* RPCBPROC_DUMP */ "dump",
177 /* RPCBPROC_CALLIT */ "callit",
178 /* RPCBPROC_GETTIME */ "gettime",
179 /* RPCBPROC_UADDR2TADDR */ "uaddr2taddr",
180 /* RPCBPROC_TADDR2UADDR */ "taddr2uaddr",
181 /* RPCBPROC_GETVERSADDR */ "getversaddr",
182 /* RPCBPROC_INDIRECT */ "indirect",
183 /* RPCBPROC_GETADDRLIST */ "getaddrlist",
184 /* RPCBPROC_GETSTAT */ "getstat"
188 * Fork off a process or the portmap daemon might hang while
189 * getrpcbynumber() or syslog() does its thing.
193 setproctitle("logit");
195 /* Try to map program number to name. */
199 } else if ((rpc = getrpcbynumber((int) prognum))) {
200 progname = rpc->r_name;
202 snprintf(progname = progbuf, sizeof(progbuf), "%u",
206 /* Try to map procedure number to name. */
208 if (procnum >= (sizeof procmap / sizeof (char *))) {
209 snprintf(procbuf, sizeof procbuf, "%u",
213 procname = procmap[procnum];
215 /* Write syslog record. */
217 if (addr->sa_family == AF_LOCAL)
218 strcpy(fromname, "local");
220 getnameinfo(addr, addr->sa_len, fromname,
221 sizeof fromname, NULL, 0, NI_NUMERICHOST);
223 syslog(severity, "connect from %s to %s(%s)%s",
224 fromname, procname, progname, text);
230 check_callit(SVCXPRT *xprt, struct r_rmtcall_args *args, int versnum __unused)
232 struct sockaddr *sa = (struct sockaddr *)svc_getrpccaller(xprt)->buf;
235 * Always allow calling NULLPROC
237 if (args->rmt_proc == 0)
241 * XXX - this special casing sucks.
243 switch (args->rmt_prog) {
246 * Allow indirect calls to ourselves in insecure mode.
247 * The is_loopback checks aren't useful then anyway.
253 if (args->rmt_proc != MOUNTPROC_MNT &&
254 args->rmt_proc != MOUNTPROC_UMNT)
258 if (args->rmt_proc != YPBINDPROC_SETDOM)
266 switch (args->rmt_proc) {
282 logit(deny_severity, sa, args->rmt_proc, args->rmt_prog,
283 ": indirect call not allowed");
285 logit(0, sa, args->rmt_proc, args->rmt_prog,
286 ": indirect call not allowed");