1 /*
2  * svc_tcp.c, Server side for TCP/IP based RPC.
3  *
4  * Copyright (C) 2012-2022 Free Software Foundation, Inc.
5  * This file is part of the GNU C Library.
6  *
7  * The GNU C Library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * The GNU C Library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with the GNU C Library; if not, see
19  * <https://www.gnu.org/licenses/>.
20  *
21  * Copyright (c) 2010, Oracle America, Inc.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions are
25  * met:
26  *
27  *     * Redistributions of source code must retain the above copyright
28  *       notice, this list of conditions and the following disclaimer.
29  *     * Redistributions in binary form must reproduce the above
30  *       copyright notice, this list of conditions and the following
31  *       disclaimer in the documentation and/or other materials
32  *       provided with the distribution.
33  *     * Neither the name of the "Oracle America, Inc." nor the names of its
34  *       contributors may be used to endorse or promote products derived
35  *       from this software without specific prior written permission.
36  *
37  *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
38  *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
39  *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
40  *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
41  *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
42  *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
43  *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
44  *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
45  *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
46  *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
47  *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
48  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
49  *
50  * Actually implements two flavors of transporter -
51  * a tcp rendezvouser (a listener and connection establisher)
52  * and a record/tcp stream.
53  */
54 
55 #include <stdio.h>
56 #include <unistd.h>
57 #include <string.h>
58 #include <libintl.h>
59 #include <rpc/rpc.h>
60 #include <sys/socket.h>
61 #include <sys/poll.h>
62 #include <errno.h>
63 #include <stdlib.h>
64 
65 #include <wchar.h>
66 #include <libio/iolibio.h>
67 #include <shlib-compat.h>
68 
69 /*
70  * Ops vector for TCP/IP based rpc service handle
71  */
72 static bool_t svctcp_recv (SVCXPRT *, struct rpc_msg *);
73 static enum xprt_stat svctcp_stat (SVCXPRT *);
74 static bool_t svctcp_getargs (SVCXPRT *, xdrproc_t, caddr_t);
75 static bool_t svctcp_reply (SVCXPRT *, struct rpc_msg *);
76 static bool_t svctcp_freeargs (SVCXPRT *, xdrproc_t, caddr_t);
77 static void svctcp_destroy (SVCXPRT *);
78 
79 static const struct xp_ops svctcp_op =
80 {
81   svctcp_recv,
82   svctcp_stat,
83   svctcp_getargs,
84   svctcp_reply,
85   svctcp_freeargs,
86   svctcp_destroy
87 };
88 
89 /*
90  * Ops vector for TCP/IP rendezvous handler
91  */
92 static bool_t rendezvous_request (SVCXPRT *, struct rpc_msg *);
93 static enum xprt_stat rendezvous_stat (SVCXPRT *);
94 static void svctcp_rendezvous_abort (void) __attribute__ ((__noreturn__));
95 
96 /* This function makes sure abort() relocation goes through PLT
97    and thus can be lazy bound.  */
98 static void
svctcp_rendezvous_abort(void)99 svctcp_rendezvous_abort (void)
100 {
101   abort ();
102 };
103 
104 static const struct xp_ops svctcp_rendezvous_op =
105 {
106   rendezvous_request,
107   rendezvous_stat,
108   (bool_t (*) (SVCXPRT *, xdrproc_t, caddr_t)) svctcp_rendezvous_abort,
109   (bool_t (*) (SVCXPRT *, struct rpc_msg *)) svctcp_rendezvous_abort,
110   (bool_t (*) (SVCXPRT *, xdrproc_t, caddr_t)) svctcp_rendezvous_abort,
111   svctcp_destroy
112 };
113 
114 static int readtcp (char*, char *, int);
115 static int writetcp (char *, char *, int);
116 static SVCXPRT *makefd_xprt (int, u_int, u_int);
117 
118 struct tcp_rendezvous
119   {				/* kept in xprt->xp_p1 */
120     u_int sendsize;
121     u_int recvsize;
122   };
123 
124 struct tcp_conn
125   {				/* kept in xprt->xp_p1 */
126     enum xprt_stat strm_stat;
127     u_long x_id;
128     XDR xdrs;
129     char verf_body[MAX_AUTH_BYTES];
130   };
131 
132 /*
133  * Usage:
134  *      xprt = svctcp_create(sock, send_buf_size, recv_buf_size);
135  *
136  * Creates, registers, and returns a (rpc) tcp based transporter.
137  * Once *xprt is initialized, it is registered as a transporter
138  * see (svc.h, xprt_register).  This routine returns
139  * a NULL if a problem occurred.
140  *
141  * If sock<0 then a socket is created, else sock is used.
142  * If the socket, sock is not bound to a port then svctcp_create
143  * binds it to an arbitrary port.  The routine then starts a tcp
144  * listener on the socket's associated port.  In any (successful) case,
145  * xprt->xp_sock is the registered socket number and xprt->xp_port is the
146  * associated port number.
147  *
148  * Since tcp streams do buffered io similar to stdio, the caller can specify
149  * how big the send and receive buffers are via the second and third parms;
150  * 0 => use the system default.
151  */
152 SVCXPRT *
svctcp_create(int sock,u_int sendsize,u_int recvsize)153 svctcp_create (int sock, u_int sendsize, u_int recvsize)
154 {
155   bool_t madesock = FALSE;
156   SVCXPRT *xprt;
157   struct tcp_rendezvous *r;
158   struct sockaddr_in addr;
159   socklen_t len = sizeof (struct sockaddr_in);
160 
161   if (sock == RPC_ANYSOCK)
162     {
163       if ((sock = __socket (AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
164 	{
165 	  perror (_("svc_tcp.c - tcp socket creation problem"));
166 	  return (SVCXPRT *) NULL;
167 	}
168       madesock = TRUE;
169     }
170   memset ((char *) &addr, 0, sizeof (addr));
171   addr.sin_family = AF_INET;
172   if (bindresvport (sock, &addr))
173     {
174       addr.sin_port = 0;
175       (void) __bind (sock, (struct sockaddr *) &addr, len);
176     }
177   if ((__getsockname (sock, (struct sockaddr *) &addr, &len) != 0) ||
178       (__listen (sock, SOMAXCONN) != 0))
179     {
180       perror (_("svc_tcp.c - cannot getsockname or listen"));
181       if (madesock)
182 	(void) __close (sock);
183       return (SVCXPRT *) NULL;
184     }
185   r = (struct tcp_rendezvous *) mem_alloc (sizeof (*r));
186   xprt = (SVCXPRT *) mem_alloc (sizeof (SVCXPRT));
187   if (r == NULL || xprt == NULL)
188     {
189       (void) __fxprintf (NULL, "%s: %s", __func__, _("out of memory\n"));
190       mem_free (r, sizeof (*r));
191       mem_free (xprt, sizeof (SVCXPRT));
192       return NULL;
193     }
194   r->sendsize = sendsize;
195   r->recvsize = recvsize;
196   xprt->xp_p2 = NULL;
197   xprt->xp_p1 = (caddr_t) r;
198   xprt->xp_verf = _null_auth;
199   xprt->xp_ops = &svctcp_rendezvous_op;
200   xprt->xp_port = ntohs (addr.sin_port);
201   xprt->xp_sock = sock;
202   xprt_register (xprt);
203   return xprt;
204 }
205 #ifdef EXPORT_RPC_SYMBOLS
libc_hidden_def(svctcp_create)206 libc_hidden_def (svctcp_create)
207 #else
208 libc_hidden_nolink_sunrpc (svctcp_create, GLIBC_2_0)
209 #endif
210 
211 /*
212  * Like svtcp_create(), except the routine takes any *open* UNIX file
213  * descriptor as its first input.
214  */
215 SVCXPRT *
216 svcfd_create (int fd, u_int sendsize, u_int recvsize)
217 {
218   return makefd_xprt (fd, sendsize, recvsize);
219 }
libc_hidden_nolink_sunrpc(svcfd_create,GLIBC_2_0)220 libc_hidden_nolink_sunrpc (svcfd_create, GLIBC_2_0)
221 
222 static SVCXPRT *
223 makefd_xprt (int fd, u_int sendsize, u_int recvsize)
224 {
225   SVCXPRT *xprt;
226   struct tcp_conn *cd;
227 
228   xprt = (SVCXPRT *) mem_alloc (sizeof (SVCXPRT));
229   cd = (struct tcp_conn *) mem_alloc (sizeof (struct tcp_conn));
230   if (xprt == (SVCXPRT *) NULL || cd == NULL)
231     {
232       (void) __fxprintf (NULL, "%s: %s", "svc_tcp: makefd_xprt",
233 			 _("out of memory\n"));
234       mem_free (xprt, sizeof (SVCXPRT));
235       mem_free (cd, sizeof (struct tcp_conn));
236       return NULL;
237     }
238   cd->strm_stat = XPRT_IDLE;
239   xdrrec_create (&(cd->xdrs), sendsize, recvsize,
240 		 (caddr_t) xprt, readtcp, writetcp);
241   xprt->xp_p2 = NULL;
242   xprt->xp_p1 = (caddr_t) cd;
243   xprt->xp_verf.oa_base = cd->verf_body;
244   xprt->xp_addrlen = 0;
245   xprt->xp_ops = &svctcp_op;	/* truly deals with calls */
246   xprt->xp_port = 0;		/* this is a connection, not a rendezvouser */
247   xprt->xp_sock = fd;
248   xprt_register (xprt);
249   return xprt;
250 }
251 
252 static bool_t
rendezvous_request(SVCXPRT * xprt,struct rpc_msg * errmsg)253 rendezvous_request (SVCXPRT *xprt, struct rpc_msg *errmsg)
254 {
255   int sock;
256   struct tcp_rendezvous *r;
257   struct sockaddr_in addr;
258   socklen_t len;
259 
260   r = (struct tcp_rendezvous *) xprt->xp_p1;
261 again:
262   len = sizeof (struct sockaddr_in);
263   if ((sock = accept (xprt->xp_sock, (struct sockaddr *) &addr, &len)) < 0)
264     {
265       if (errno == EINTR)
266 	goto again;
267       __svc_accept_failed ();
268       return FALSE;
269     }
270   /*
271    * make a new transporter (re-uses xprt)
272    */
273   xprt = makefd_xprt (sock, r->sendsize, r->recvsize);
274 
275   /* If we are out of memory, makefd_xprt has already dumped an error.  */
276   if (xprt == NULL)
277     {
278       __svc_wait_on_error ();
279       return FALSE;
280     }
281 
282   memcpy (&xprt->xp_raddr, &addr, sizeof (addr));
283   xprt->xp_addrlen = len;
284   return FALSE;		/* there is never an rpc msg to be processed */
285 }
286 
287 static enum xprt_stat
rendezvous_stat(SVCXPRT * xprt)288 rendezvous_stat (SVCXPRT *xprt)
289 {
290   return XPRT_IDLE;
291 }
292 
293 static void
svctcp_destroy(SVCXPRT * xprt)294 svctcp_destroy (SVCXPRT *xprt)
295 {
296   struct tcp_conn *cd = (struct tcp_conn *) xprt->xp_p1;
297 
298   xprt_unregister (xprt);
299   (void) __close (xprt->xp_sock);
300   if (xprt->xp_port != 0)
301     {
302       /* a rendezvouser socket */
303       xprt->xp_port = 0;
304     }
305   else
306     {
307       /* an actual connection socket */
308       XDR_DESTROY (&(cd->xdrs));
309     }
310   mem_free ((caddr_t) cd, sizeof (struct tcp_conn));
311   mem_free ((caddr_t) xprt, sizeof (SVCXPRT));
312 }
313 
314 
315 /*
316  * reads data from the tcp connection.
317  * any error is fatal and the connection is closed.
318  * (And a read of zero bytes is a half closed stream => error.)
319  */
320 static int
readtcp(char * xprtptr,char * buf,int len)321 readtcp (char *xprtptr, char *buf, int len)
322 {
323   SVCXPRT *xprt = (SVCXPRT *)xprtptr;
324   int sock = xprt->xp_sock;
325   int milliseconds = 35 * 1000;
326   struct pollfd pollfd;
327 
328   do
329     {
330       pollfd.fd = sock;
331       pollfd.events = POLLIN;
332       switch (__poll (&pollfd, 1, milliseconds))
333 	{
334 	case -1:
335 	  if (errno == EINTR)
336 	    continue;
337 	  /*FALLTHROUGH*/
338 	case 0:
339 	  goto fatal_err;
340 	default:
341 	  if ((pollfd.revents & POLLERR) || (pollfd.revents & POLLHUP)
342 	      || (pollfd.revents & POLLNVAL))
343 	    goto fatal_err;
344 	  break;
345 	}
346     }
347   while ((pollfd.revents & POLLIN) == 0);
348 
349   if ((len = __read (sock, buf, len)) > 0)
350     return len;
351 
352  fatal_err:
353   ((struct tcp_conn *) (xprt->xp_p1))->strm_stat = XPRT_DIED;
354   return -1;
355 }
356 
357 /*
358  * writes data to the tcp connection.
359  * Any error is fatal and the connection is closed.
360  */
361 static int
writetcp(char * xprtptr,char * buf,int len)362 writetcp (char *xprtptr, char * buf, int len)
363 {
364   SVCXPRT *xprt = (SVCXPRT *)xprtptr;
365   int i, cnt;
366 
367   for (cnt = len; cnt > 0; cnt -= i, buf += i)
368     {
369       if ((i = __write (xprt->xp_sock, buf, cnt)) < 0)
370 	{
371 	  ((struct tcp_conn *) (xprt->xp_p1))->strm_stat = XPRT_DIED;
372 	  return -1;
373 	}
374     }
375   return len;
376 }
377 
378 static enum xprt_stat
svctcp_stat(SVCXPRT * xprt)379 svctcp_stat (SVCXPRT *xprt)
380 {
381   struct tcp_conn *cd =
382   (struct tcp_conn *) (xprt->xp_p1);
383 
384   if (cd->strm_stat == XPRT_DIED)
385     return XPRT_DIED;
386   if (!xdrrec_eof (&(cd->xdrs)))
387     return XPRT_MOREREQS;
388   return XPRT_IDLE;
389 }
390 
391 static bool_t
svctcp_recv(SVCXPRT * xprt,struct rpc_msg * msg)392 svctcp_recv (SVCXPRT *xprt, struct rpc_msg *msg)
393 {
394   struct tcp_conn *cd = (struct tcp_conn *) (xprt->xp_p1);
395   XDR *xdrs = &(cd->xdrs);
396 
397   xdrs->x_op = XDR_DECODE;
398   (void) xdrrec_skiprecord (xdrs);
399   if (xdr_callmsg (xdrs, msg))
400     {
401       cd->x_id = msg->rm_xid;
402       return TRUE;
403     }
404   cd->strm_stat = XPRT_DIED;	/* XXXX */
405   return FALSE;
406 }
407 
408 static bool_t
svctcp_getargs(SVCXPRT * xprt,xdrproc_t xdr_args,caddr_t args_ptr)409 svctcp_getargs (SVCXPRT *xprt, xdrproc_t xdr_args, caddr_t args_ptr)
410 {
411   return ((*xdr_args) (&(((struct tcp_conn *)
412 			  (xprt->xp_p1))->xdrs), args_ptr));
413 }
414 
415 static bool_t
svctcp_freeargs(SVCXPRT * xprt,xdrproc_t xdr_args,caddr_t args_ptr)416 svctcp_freeargs (SVCXPRT *xprt, xdrproc_t xdr_args, caddr_t args_ptr)
417 {
418   XDR *xdrs = &(((struct tcp_conn *) (xprt->xp_p1))->xdrs);
419 
420   xdrs->x_op = XDR_FREE;
421   return ((*xdr_args) (xdrs, args_ptr));
422 }
423 
424 static bool_t
svctcp_reply(SVCXPRT * xprt,struct rpc_msg * msg)425 svctcp_reply (SVCXPRT *xprt, struct rpc_msg *msg)
426 {
427   struct tcp_conn *cd = (struct tcp_conn *) (xprt->xp_p1);
428   XDR *xdrs = &(cd->xdrs);
429   bool_t stat;
430 
431   xdrs->x_op = XDR_ENCODE;
432   msg->rm_xid = cd->x_id;
433   stat = xdr_replymsg (xdrs, msg);
434   (void) xdrrec_endofrecord (xdrs, TRUE);
435   return stat;
436 }
437