[LIBTIRPC] Fix CVE-2018-14622 by backporting its fix
[reactos.git] / dll / 3rdparty / libtirpc / src / svc_vc.c
1
2 /*
3 * Copyright (c) 2009, Sun Microsystems, Inc.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 * - Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * - Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * - Neither the name of Sun Microsystems, Inc. nor the names of its
14 * contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
18 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
21 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 //#include <sys/cdefs.h>
31
32 /*
33 * svc_vc.c, Server side for Connection Oriented based RPC.
34 *
35 * Actually implements two flavors of transporter -
36 * a tcp rendezvouser (a listner and connection establisher)
37 * and a record/tcp stream.
38 */
39 #include <wintirpc.h>
40 //#include <pthread.h>
41 #include <reentrant.h>
42 //#include <sys/socket.h>
43 #include <sys/types.h>
44 //#include <sys/param.h>
45 //#include <sys/poll.h>
46 //#include <sys/un.h>
47 //#include <sys/time.h>
48 //#include <sys/uio.h>
49 //#include <netinet/in.h>
50 //#include <netinet/tcp.h>
51
52 #include <assert.h>
53 //#include <err.h>
54 #include <errno.h>
55 #include <fcntl.h>
56 #include <stdio.h>
57 #include <stdlib.h>
58 #include <string.h>
59 //#include <unistd.h>
60
61 #include <rpc/rpc.h>
62
63 #include "rpc_com.h"
64
65 #include <getpeereid.h>
66
67
68 extern rwlock_t svc_fd_lock;
69
70 static SVCXPRT *makefd_xprt(SOCKET, u_int, u_int);
71 static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *);
72 static enum xprt_stat rendezvous_stat(SVCXPRT *);
73 static void svc_vc_destroy(SVCXPRT *);
74 static void __svc_vc_dodestroy (SVCXPRT *);
75 static int read_vc(void *, void *, int);
76 static int write_vc(void *, void *, int);
77 static enum xprt_stat svc_vc_stat(SVCXPRT *);
78 static bool_t svc_vc_recv(SVCXPRT *, struct rpc_msg *);
79 static bool_t svc_vc_getargs(SVCXPRT *, xdrproc_t, void *);
80 static bool_t svc_vc_freeargs(SVCXPRT *, xdrproc_t, void *);
81 static bool_t svc_vc_reply(SVCXPRT *, struct rpc_msg *);
82 static void svc_vc_rendezvous_ops(SVCXPRT *);
83 static void svc_vc_ops(SVCXPRT *);
84 static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in);
85 static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq,
86 void *in);
87
88 struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */
89 u_int sendsize;
90 u_int recvsize;
91 int maxrec;
92 };
93
94 struct cf_conn { /* kept in xprt->xp_p1 for actual connection */
95 enum xprt_stat strm_stat;
96 u_int32_t x_id;
97 XDR xdrs;
98 char verf_body[MAX_AUTH_BYTES];
99 u_int sendsize;
100 u_int recvsize;
101 int maxrec;
102 bool_t nonblock;
103 struct timeval last_recv_time;
104 };
105
106 /*
107 * This is used to set xprt->xp_raddr in a way legacy
108 * apps can deal with
109 */
110 void
111 __xprt_set_raddr(SVCXPRT *xprt, const struct sockaddr_storage *ss)
112 {
113 switch (ss->ss_family) {
114 case AF_INET6:
115 memcpy(&xprt->xp_raddr, ss, sizeof(struct sockaddr_in6));
116 xprt->xp_addrlen = sizeof (struct sockaddr_in6);
117 break;
118 case AF_INET:
119 memcpy(&xprt->xp_raddr, ss, sizeof(struct sockaddr_in));
120 xprt->xp_addrlen = sizeof (struct sockaddr_in);
121 break;
122 default:
123 xprt->xp_raddr.sin6_family = AF_UNSPEC;
124 xprt->xp_addrlen = sizeof (struct sockaddr);
125 break;
126 }
127 }
128
129 /*
130 * Usage:
131 * xprt = svc_vc_create(sock, send_buf_size, recv_buf_size);
132 *
133 * Creates, registers, and returns a (rpc) tcp based transporter.
134 * Once *xprt is initialized, it is registered as a transporter
135 * see (svc.h, xprt_register). This routine returns
136 * a NULL if a problem occurred.
137 *
138 * The filedescriptor passed in is expected to refer to a bound, but
139 * not yet connected socket.
140 *
141 * Since streams do buffered io similar to stdio, the caller can specify
142 * how big the send and receive buffers are via the second and third parms;
143 * 0 => use the system default.
144 */
145 SVCXPRT *
146 svc_vc_create(fd, sendsize, recvsize)
147 int fd;
148 u_int sendsize;
149 u_int recvsize;
150 {
151 SVCXPRT *xprt;
152 struct cf_rendezvous *r = NULL;
153 struct __rpc_sockinfo si;
154 struct sockaddr_storage sslocal;
155 socklen_t slen;
156
157 r = mem_alloc(sizeof(*r));
158 if (r == NULL) {
159 // XXX warnx("svc_vc_create: out of memory");
160 goto cleanup_svc_vc_create;
161 }
162 if (!__rpc_fd2sockinfo(fd, &si))
163 return NULL;
164 r->sendsize = __rpc_get_t_size(si.si_af, si.si_proto, (int)sendsize);
165 r->recvsize = __rpc_get_t_size(si.si_af, si.si_proto, (int)recvsize);
166 r->maxrec = __svc_maxrec;
167 xprt = mem_alloc(sizeof(SVCXPRT));
168 if (xprt == NULL) {
169 // XXX warnx("svc_vc_create: out of memory");
170 goto cleanup_svc_vc_create;
171 }
172 xprt->xp_tp = NULL;
173 xprt->xp_p1 = r;
174 xprt->xp_p2 = NULL;
175 xprt->xp_p3 = NULL;
176 xprt->xp_verf = _null_auth;
177 svc_vc_rendezvous_ops(xprt);
178 xprt->xp_port = (u_short)-1; /* It is the rendezvouser */
179 xprt->xp_fd = fd;
180
181 slen = sizeof (struct sockaddr_storage);
182 if (getsockname(fd, (struct sockaddr *)(void *)&sslocal, &slen) == SOCKET_ERROR) {
183 // XXX warnx("svc_vc_create: could not retrieve local addr");
184 goto cleanup_svc_vc_create;
185 }
186
187 if (!__rpc_set_netbuf(&xprt->xp_ltaddr, &sslocal, sizeof(sslocal))) {
188 // XXX warnx("svc_vc_create: no mem for local addr");
189 goto cleanup_svc_vc_create;
190 }
191 xprt_register(xprt);
192 return (xprt);
193 cleanup_svc_vc_create:
194 if (r != NULL)
195 mem_free(r, sizeof(*r));
196 return (NULL);
197 }
198
199 /*
200 * Like svtcp_create(), except the routine takes any *open* UNIX file
201 * descriptor as its first input.
202 */
203 SVCXPRT *
204 svc_fd_create(fd, sendsize, recvsize)
205 SOCKET fd;
206 u_int sendsize;
207 u_int recvsize;
208 {
209 struct sockaddr_storage ss;
210 socklen_t slen;
211 SVCXPRT *ret;
212
213 assert(fd != -1);
214
215 ret = makefd_xprt(fd, sendsize, recvsize);
216 if (ret == NULL)
217 return NULL;
218
219 slen = sizeof (struct sockaddr_storage);
220 if (getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) == SOCKET_ERROR) {
221 // XXX warnx("svc_fd_create: could not retrieve local addr");
222 goto freedata;
223 }
224 if (!__rpc_set_netbuf(&ret->xp_ltaddr, &ss, sizeof(ss))) {
225 // XXX warnx("svc_fd_create: no mem for local addr");
226 goto freedata;
227 }
228
229 slen = sizeof (struct sockaddr_storage);
230 if (getpeername(fd, (struct sockaddr *)(void *)&ss, &slen) == SOCKET_ERROR) {
231 // XXX warnx("svc_fd_create: could not retrieve remote addr");
232 goto freedata;
233 }
234 if (!__rpc_set_netbuf(&ret->xp_rtaddr, &ss, sizeof(ss))) {
235 // XXX warnx("svc_fd_create: no mem for local addr");
236 goto freedata;
237 }
238
239 /* Set xp_raddr for compatibility */
240 __xprt_set_raddr(ret, &ss);
241
242 return ret;
243
244 freedata:
245 if (ret->xp_ltaddr.buf != NULL)
246 mem_free(ret->xp_ltaddr.buf, rep->xp_ltaddr.maxlen);
247
248 return NULL;
249 }
250
251 static SVCXPRT *
252 makefd_xprt(fd, sendsize, recvsize)
253 SOCKET fd;
254 u_int sendsize;
255 u_int recvsize;
256 {
257 SVCXPRT *xprt;
258 struct cf_conn *cd;
259 const char *netid;
260 struct __rpc_sockinfo si;
261
262 assert(fd != SOCKET_ERROR);
263
264 if (fd >= FD_SETSIZE) {
265 // XXX warnx("svc_vc: makefd_xprt: fd too high\n");
266 xprt = NULL;
267 goto done;
268 }
269
270 xprt = mem_alloc(sizeof(SVCXPRT));
271 if (xprt == NULL) {
272 // XXX warnx("svc_vc: makefd_xprt: out of memory");
273 goto done;
274 }
275 memset(xprt, 0, sizeof *xprt);
276 cd = mem_alloc(sizeof(struct cf_conn));
277 if (cd == NULL) {
278 // XXX warnx("svc_tcp: makefd_xprt: out of memory");
279 mem_free(xprt, sizeof(SVCXPRT));
280 xprt = NULL;
281 goto done;
282 }
283 cd->strm_stat = XPRT_IDLE;
284 xdrrec_create(&(cd->xdrs), sendsize, recvsize,
285 xprt, read_vc, write_vc);
286 xprt->xp_p1 = cd;
287 xprt->xp_verf.oa_base = cd->verf_body;
288 svc_vc_ops(xprt); /* truely deals with calls */
289 xprt->xp_port = 0; /* this is a connection, not a rendezvouser */
290 xprt->xp_fd = fd;
291 if (__rpc_fd2sockinfo(fd, &si) && __rpc_sockinfo2netid(&si, &netid))
292 xprt->xp_netid = strdup(netid);
293
294 xprt_register(xprt);
295 done:
296 return (xprt);
297 }
298
299 /*ARGSUSED*/
300 static bool_t
301 rendezvous_request(xprt, msg)
302 SVCXPRT *xprt;
303 struct rpc_msg *msg;
304 {
305 SOCKET sock;
306 #ifndef _WIN32
307 int flags;
308 #endif
309 struct cf_rendezvous *r;
310 struct cf_conn *cd;
311 struct sockaddr_storage addr;
312 socklen_t len;
313 struct __rpc_sockinfo si;
314 SVCXPRT *newxprt;
315 fd_set cleanfds;
316
317 assert(xprt != NULL);
318 assert(msg != NULL);
319
320 r = (struct cf_rendezvous *)xprt->xp_p1;
321 again:
322 len = sizeof addr;
323 if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr,
324 &len)) == SOCKET_ERROR) {
325 if (errno == EINTR)
326 goto again;
327 /*
328 * Clean out the most idle file descriptor when we're
329 * running out.
330 */
331 if (errno == EMFILE || errno == ENFILE) {
332 cleanfds = svc_fdset;
333 __svc_clean_idle(&cleanfds, 0, FALSE);
334 goto again;
335 }
336 return (FALSE);
337 }
338 /*
339 * make a new transporter (re-uses xprt)
340 */
341
342 newxprt = makefd_xprt(sock, r->sendsize, r->recvsize);
343 #ifdef __REACTOS__ // CVE-2018-14622
344 if (!newxprt)
345 return (FALSE);
346 #endif
347
348 if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len))
349 return (FALSE);
350
351 __xprt_set_raddr(newxprt, &addr);
352
353 if (__rpc_fd2sockinfo(sock, &si) && si.si_proto == IPPROTO_TCP) {
354 len = 1;
355 /* XXX fvdl - is this useful? */
356 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&len, sizeof (len));
357 }
358
359 cd = (struct cf_conn *)newxprt->xp_p1;
360
361 cd->recvsize = r->recvsize;
362 cd->sendsize = r->sendsize;
363 cd->maxrec = r->maxrec;
364
365 #ifndef _WIN32
366 if (cd->maxrec != 0) {
367 flags = fcntl(sock, F_GETFL, 0);
368 if (flags == -1)
369 return (FALSE);
370 if (fcntl(sock, F_SETFL, flags | O_NONBLOCK) == -1)
371 return (FALSE);
372 if (cd->recvsize > cd->maxrec)
373 cd->recvsize = cd->maxrec;
374 cd->nonblock = TRUE;
375 __xdrrec_setnonblock(&cd->xdrs, cd->maxrec);
376 } else
377 cd->nonblock = FALSE;
378 #endif /* _WIN32 */
379
380 gettimeofday(&cd->last_recv_time, NULL);
381
382 return (FALSE); /* there is never an rpc msg to be processed */
383 }
384
385 /*ARGSUSED*/
386 static enum xprt_stat
387 rendezvous_stat(xprt)
388 SVCXPRT *xprt;
389 {
390
391 return (XPRT_IDLE);
392 }
393
394 static void
395 svc_vc_destroy(xprt)
396 SVCXPRT *xprt;
397 {
398 assert(xprt != NULL);
399
400 xprt_unregister(xprt);
401 __svc_vc_dodestroy(xprt);
402 }
403
404 static void
405 __svc_vc_dodestroy(xprt)
406 SVCXPRT *xprt;
407 {
408 struct cf_conn *cd;
409 struct cf_rendezvous *r;
410
411 cd = (struct cf_conn *)xprt->xp_p1;
412
413 if (xprt->xp_fd != RPC_ANYFD)
414 (void)closesocket(xprt->xp_fd);
415 if (xprt->xp_port != 0) {
416 /* a rendezvouser socket */
417 r = (struct cf_rendezvous *)xprt->xp_p1;
418 mem_free(r, sizeof (struct cf_rendezvous));
419 xprt->xp_port = 0;
420 } else {
421 /* an actual connection socket */
422 XDR_DESTROY(&(cd->xdrs));
423 mem_free(cd, sizeof(struct cf_conn));
424 }
425 if (xprt->xp_rtaddr.buf)
426 mem_free(xprt->xp_rtaddr.buf, xprt->xp_rtaddr.maxlen);
427 if (xprt->xp_ltaddr.buf)
428 mem_free(xprt->xp_ltaddr.buf, xprt->xp_ltaddr.maxlen);
429 if (xprt->xp_tp)
430 free(xprt->xp_tp);
431 if (xprt->xp_netid)
432 free(xprt->xp_netid);
433 mem_free(xprt, sizeof(SVCXPRT));
434 }
435
436 /*ARGSUSED*/
437 static bool_t
438 svc_vc_control(xprt, rq, in)
439 SVCXPRT *xprt;
440 const u_int rq;
441 void *in;
442 {
443 return (FALSE);
444 }
445
446 static bool_t
447 svc_vc_rendezvous_control(xprt, rq, in)
448 SVCXPRT *xprt;
449 const u_int rq;
450 void *in;
451 {
452 struct cf_rendezvous *cfp;
453
454 cfp = (struct cf_rendezvous *)xprt->xp_p1;
455 if (cfp == NULL)
456 return (FALSE);
457 switch (rq) {
458 case SVCGET_CONNMAXREC:
459 *(int *)in = cfp->maxrec;
460 break;
461 case SVCSET_CONNMAXREC:
462 cfp->maxrec = *(int *)in;
463 break;
464 default:
465 return (FALSE);
466 }
467 return (TRUE);
468 }
469
470 /*
471 * reads data from the tcp or uip connection.
472 * any error is fatal and the connection is closed.
473 * (And a read of zero bytes is a half closed stream => error.)
474 * All read operations timeout after 35 seconds. A timeout is
475 * fatal for the connection.
476 */
477 static int
478 read_vc(xprtp, buf, len)
479 void *xprtp;
480 void *buf;
481 int len;
482 {
483 SVCXPRT *xprt;
484 SOCKET sock;
485 int milliseconds = 35 * 1000;
486 struct pollfd pollfd;
487 struct cf_conn *cfp;
488
489 xprt = (SVCXPRT *)xprtp;
490 assert(xprt != NULL);
491
492 sock = xprt->xp_fd;
493
494 cfp = (struct cf_conn *)xprt->xp_p1;
495
496 if (cfp->nonblock) {
497 #ifdef _WIN32
498 len = recv(sock, buf, (size_t)len, 0);
499 #else
500 len = read(sock, buf, (size_t)len);
501 #endif
502 if (len == SOCKET_ERROR) {
503 if (WSAGetLastError() == EAGAIN)
504 len = 0;
505 else
506 goto fatal_err;
507 }
508 if (len != 0)
509 gettimeofday(&cfp->last_recv_time, NULL);
510 return len;
511 }
512
513 do {
514 #ifndef __REACTOS__
515 pollfd.fd = sock;
516 pollfd.events = POLLIN;
517 pollfd.revents = 0;
518 switch (poll(&pollfd, 1, milliseconds)) {
519 #else
520 /* ReactOS: use select instead of poll */
521 fd_set infd;
522 struct timeval timeout;
523
524 FD_ZERO(&infd);
525 FD_SET(sock, &infd);
526
527 timeout.tv_sec = 0;
528 timeout.tv_usec = milliseconds * 1000;
529
530 switch (select(0, &infd, NULL, NULL, &timeout)) {
531 #endif
532 case -1:
533 if (errno == EINTR)
534 continue;
535 /*FALLTHROUGH*/
536 case 0:
537 goto fatal_err;
538
539 default:
540 break;
541 }
542 #ifndef __REACTOS__
543 } while ((pollfd.revents & POLLIN) == 0);
544 #else
545 } while (TRUE);
546 #endif
547
548 #ifdef _WIN32
549 if ((len = recv(sock, buf, (size_t)len, 0)) > 0) {
550 #else
551 if ((len = read(sock, buf, (size_t)len)) > 0) {
552 #endif
553 gettimeofday(&cfp->last_recv_time, NULL);
554 return (len);
555 }
556
557 fatal_err:
558 ((struct cf_conn *)(xprt->xp_p1))->strm_stat = XPRT_DIED;
559 return (-1);
560 }
561
562 /*
563 * writes data to the tcp connection.
564 * Any error is fatal and the connection is closed.
565 */
566 static int
567 #ifdef __REACTOS__
568 write_vc(xprtp, ptr, len)
569 #else
570 write_vc(xprtp, buf, len)
571 #endif
572 void *xprtp;
573 #ifdef __REACTOS__
574 void *ptr;
575 #else
576 char *buf;
577 #endif
578 int len;
579 {
580 SVCXPRT *xprt;
581 int i, cnt;
582 struct cf_conn *cd;
583 struct timeval tv0, tv1;
584 #ifdef __REACTOS__
585 char *buf = ptr;
586 #endif
587
588 xprt = (SVCXPRT *)xprtp;
589 assert(xprt != NULL);
590
591 cd = (struct cf_conn *)xprt->xp_p1;
592
593 if (cd->nonblock)
594 gettimeofday(&tv0, NULL);
595
596 for (cnt = len; cnt > 0; cnt -= i, buf += i) {
597 #ifdef _WIN32
598 i = send(xprt->xp_fd, buf, (size_t)cnt, 0);
599 #else
600 i = write(xprt->xp_fd, buf, (size_t)cnt);
601 #endif
602 if (i == SOCKET_ERROR) {
603 if (WSAGetLastError() != EAGAIN || !cd->nonblock) {
604 cd->strm_stat = XPRT_DIED;
605 return (-1);
606 }
607 if (cd->nonblock && i != cnt) {
608 /*
609 * For non-blocking connections, do not
610 * take more than 2 seconds writing the
611 * data out.
612 *
613 * XXX 2 is an arbitrary amount.
614 */
615 gettimeofday(&tv1, NULL);
616 if (tv1.tv_sec - tv0.tv_sec >= 2) {
617 cd->strm_stat = XPRT_DIED;
618 return (-1);
619 }
620 }
621 }
622 }
623
624 return (len);
625 }
626
627 static enum xprt_stat
628 svc_vc_stat(xprt)
629 SVCXPRT *xprt;
630 {
631 struct cf_conn *cd;
632
633 assert(xprt != NULL);
634
635 cd = (struct cf_conn *)(xprt->xp_p1);
636
637 if (cd->strm_stat == XPRT_DIED)
638 return (XPRT_DIED);
639 if (! xdrrec_eof(&(cd->xdrs)))
640 return (XPRT_MOREREQS);
641 return (XPRT_IDLE);
642 }
643
644 static bool_t
645 svc_vc_recv(xprt, msg)
646 SVCXPRT *xprt;
647 struct rpc_msg *msg;
648 {
649 struct cf_conn *cd;
650 XDR *xdrs;
651
652 assert(xprt != NULL);
653 assert(msg != NULL);
654
655 cd = (struct cf_conn *)(xprt->xp_p1);
656 xdrs = &(cd->xdrs);
657
658 if (cd->nonblock) {
659 if (!__xdrrec_getrec(xdrs, &cd->strm_stat, TRUE))
660 return FALSE;
661 }
662
663 xdrs->x_op = XDR_DECODE;
664 (void)xdrrec_skiprecord(xdrs);
665 if (xdr_callmsg(xdrs, msg)) {
666 cd->x_id = msg->rm_xid;
667 return (TRUE);
668 }
669 cd->strm_stat = XPRT_DIED;
670 return (FALSE);
671 }
672
673 static bool_t
674 svc_vc_getargs(xprt, xdr_args, args_ptr)
675 SVCXPRT *xprt;
676 xdrproc_t xdr_args;
677 void *args_ptr;
678 {
679
680 assert(xprt != NULL);
681 /* args_ptr may be NULL */
682 return ((*xdr_args)(&(((struct cf_conn *)(xprt->xp_p1))->xdrs),
683 args_ptr));
684 }
685
686 static bool_t
687 svc_vc_freeargs(xprt, xdr_args, args_ptr)
688 SVCXPRT *xprt;
689 xdrproc_t xdr_args;
690 void *args_ptr;
691 {
692 XDR *xdrs;
693
694 assert(xprt != NULL);
695 /* args_ptr may be NULL */
696
697 xdrs = &(((struct cf_conn *)(xprt->xp_p1))->xdrs);
698
699 xdrs->x_op = XDR_FREE;
700 return ((*xdr_args)(xdrs, args_ptr));
701 }
702
703 static bool_t
704 svc_vc_reply(xprt, msg)
705 SVCXPRT *xprt;
706 struct rpc_msg *msg;
707 {
708 struct cf_conn *cd;
709 XDR *xdrs;
710 bool_t rstat;
711
712 assert(xprt != NULL);
713 assert(msg != NULL);
714
715 cd = (struct cf_conn *)(xprt->xp_p1);
716 xdrs = &(cd->xdrs);
717
718 xdrs->x_op = XDR_ENCODE;
719 msg->rm_xid = cd->x_id;
720 rstat = xdr_replymsg(xdrs, msg);
721 (void)xdrrec_endofrecord(xdrs, TRUE);
722 return (rstat);
723 }
724
725 static void
726 svc_vc_ops(xprt)
727 SVCXPRT *xprt;
728 {
729 static struct xp_ops ops;
730 static struct xp_ops2 ops2;
731 extern mutex_t ops_lock;
732
733 /* VARIABLES PROTECTED BY ops_lock: ops, ops2 */
734
735 mutex_lock(&ops_lock);
736 if (ops.xp_recv == NULL) {
737 ops.xp_recv = svc_vc_recv;
738 ops.xp_stat = svc_vc_stat;
739 ops.xp_getargs = svc_vc_getargs;
740 ops.xp_reply = svc_vc_reply;
741 ops.xp_freeargs = svc_vc_freeargs;
742 ops.xp_destroy = svc_vc_destroy;
743 ops2.xp_control = svc_vc_control;
744 }
745 xprt->xp_ops = &ops;
746 xprt->xp_ops2 = &ops2;
747 mutex_unlock(&ops_lock);
748 }
749
750 static void
751 svc_vc_rendezvous_ops(xprt)
752 SVCXPRT *xprt;
753 {
754 static struct xp_ops ops;
755 static struct xp_ops2 ops2;
756 extern mutex_t ops_lock;
757
758 mutex_lock(&ops_lock);
759 if (ops.xp_recv == NULL) {
760 ops.xp_recv = rendezvous_request;
761 ops.xp_stat = rendezvous_stat;
762 ops.xp_getargs =
763 (bool_t (*)(SVCXPRT *, xdrproc_t, void *))abort;
764 ops.xp_reply =
765 (bool_t (*)(SVCXPRT *, struct rpc_msg *))abort;
766 ops.xp_freeargs =
767 (bool_t (*)(SVCXPRT *, xdrproc_t, void *))abort,
768 ops.xp_destroy = svc_vc_destroy;
769 ops2.xp_control = svc_vc_rendezvous_control;
770 }
771 xprt->xp_ops = &ops;
772 xprt->xp_ops2 = &ops2;
773 mutex_unlock(&ops_lock);
774 }
775
776 /*
777 * Get the effective UID of the sending process. Used by rpcbind, keyserv
778 * and rpc.yppasswdd on AF_LOCAL.
779 */
780 int
781 __rpc_get_local_uid(SVCXPRT *transp, uid_t *uid) {
782 SOCKET sock;
783 int ret;
784 gid_t egid;
785 uid_t euid;
786 struct sockaddr *sa;
787
788 sock = transp->xp_fd;
789 sa = (struct sockaddr *)transp->xp_rtaddr.buf;
790 if (sa->sa_family == AF_UNIX) {
791 ret = getpeereid(sock, &euid, &egid);
792 if (ret == 0)
793 *uid = euid;
794 return (ret);
795 } else
796 return (-1);
797 }
798
799 #ifdef _WIN32
800 void timersub( const struct timeval *tvp, const struct timeval *uvp, struct timeval *vvp )
801 {
802 vvp->tv_sec = tvp->tv_sec - uvp->tv_sec;
803 vvp->tv_usec = tvp->tv_usec - uvp->tv_usec;
804 if( vvp->tv_usec < 0 )
805 {
806 --vvp->tv_sec;
807 vvp->tv_usec += 1000000;
808 }
809 }
810 #endif
811
812 /*
813 * Destroy xprts that have not have had any activity in 'timeout' seconds.
814 * If 'cleanblock' is true, blocking connections (the default) are also
815 * cleaned. If timeout is 0, the least active connection is picked.
816 */
817 bool_t
818 __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock)
819 {
820 int i, ncleaned;
821 SVCXPRT *xprt, *least_active;
822 struct timeval tv, tdiff, tmax;
823 struct cf_conn *cd;
824
825 gettimeofday(&tv, NULL);
826 tmax.tv_sec = tmax.tv_usec = 0;
827 least_active = NULL;
828 rwlock_wrlock(&svc_fd_lock);
829 for (i = ncleaned = 0; i <= svc_maxfd; i++) {
830 if (FD_ISSET(i, fds)) {
831 xprt = __svc_xports[i];
832 if (xprt == NULL || xprt->xp_ops == NULL ||
833 xprt->xp_ops->xp_recv != svc_vc_recv)
834 continue;
835 cd = (struct cf_conn *)xprt->xp_p1;
836 if (!cleanblock && !cd->nonblock)
837 continue;
838 if (timeout == 0) {
839 timersub(&tv, &cd->last_recv_time, &tdiff);
840 if (timercmp(&tdiff, &tmax, >)) {
841 tmax = tdiff;
842 least_active = xprt;
843 }
844 continue;
845 }
846 if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) {
847 __xprt_unregister_unlocked(xprt);
848 __svc_vc_dodestroy(xprt);
849 ncleaned++;
850 }
851 }
852 }
853 if (timeout == 0 && least_active != NULL) {
854 __xprt_unregister_unlocked(least_active);
855 __svc_vc_dodestroy(least_active);
856 ncleaned++;
857 }
858 rwlock_unlock(&svc_fd_lock);
859 return ncleaned > 0 ? TRUE : FALSE;
860 }