Commit Graph

326 Commits

Author SHA1 Message Date
Kevin Lo
5ee7403731 Assign the len field of the netbuf structure to the current length of
a sockaddr.

Obtained from:	NetBSD
2013-03-01 15:45:57 +00:00
Pedro F. Giffuni
0d1040e5e1 rpc: convert all uid and gid variables to u_int.
After further discussion, instead of pretending to use
uid_t and gid_t as upstream Solaris and linux try to, we
are better using u_int, which is in fact what the code
can handle and best approaches the range of values used
by uid and gid.

Discussed with:	bde
Reviewed by:	bde
2012-10-04 04:15:18 +00:00
Pedro F. Giffuni
ff12c59d9c rpc: convert all uid and gid variables of the type uid_t and gid_t.
The previous change (based on Solaris) doesn't work properly either
as the casting only has the effect of quieting the compiler.

Move back to the previous solution but adjust the sizeof()
type in xdr_array(). This should mostly work (by accident).

Reported by:	bde
2012-10-03 20:39:11 +00:00
Pedro F. Giffuni
e9f7ad1fa4 rpc: convert all uid and gid variables of the type uid_t and gid_t.
As part of the previous commit, uses of xdr_int() were replaced
with xdr_u_int(). This has undesired effects as the second
argument doesn't match exactly uid_t or gid_t. It also breaks
assumptions in the size of the provided types.

To work around those issues we revert back to the use of xdr_int()
but provide proper casting so the behaviour doesn't change.

While here fix a style issue in the affected lines.

Reported by:	bde
2012-10-03 03:44:23 +00:00
Pedro F. Giffuni
0c2222baf4 libtirpc: be sure to free cl_netid and cl_tp
When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the same
way.

This change matches the reference (OpenSolaris) implementation.

Tested by:	David Wolfskill
Obtained from:	Bull GNU/Linux NFSv4 Project (libtirpc)
MFC after:	2 weeks
2012-10-02 19:10:19 +00:00
Pedro F. Giffuni
b4e7a879ab Fix __rpc_getconfip
__rpc_getconfip is supposed to return the first netconf
entry supporting tcp or udp, respectively. The code will
currently return the *last* entry, plus it will leak
memory when there is more than one such entry.

This change matches the reference (OpenSolaris)
implementation.

Tested by:	David Wolfskill
Obtained from:	Bull GNU/linux NFSv4 Project (libtirpc)
MFC after:	1 week
2012-10-02 19:03:21 +00:00
Pedro F. Giffuni
f3c3ef7b2a RPC: Convert all uid and gid variables of the type uid_t and gid_t.
This matches what upstream (OpenSolaris) does.

Tested by:	David Wolfskill
Obtained from:	Bull GNU/Linux NFSv4 project (libtirpc)
MFC after:	3 days
2012-10-02 19:00:56 +00:00
Pedro F. Giffuni
06f13fb3f4 Complete revert of r239963:
The attempt to merge changes from the linux libtirpc caused
rpc.lockd to exit after startup under unclear conditions.

After many hours of selective experiments and inconsistent results
the conclusion is that it's better to just revert everything and
restart in a future time with a much smaller subset of the
changes.
____

MFC after:	3 days
Reported by:	David Wolfskill
Tested by:	David Wolfskill
2012-09-27 19:10:25 +00:00
Pedro F. Giffuni
c148237d44 Partial revert of r239963:
The following change caused rpc.lockd to exit after startup:
____

libtirpc: be sure to free cl_netid and cl_tp

When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the
same way.
____

MFC after:	3 days
Reported by:	David Wolfskill
Tested by:	David Wolfskill
2012-09-24 03:14:17 +00:00
Ed Schouten
902d9eafbf Rework all non-contributed files that use `struct timezone'.
This structure is not part of POSIX. According to POSIX, gettimeofday()
has the following prototype:

	int gettimeofday(struct timeval *restrict tp, void *restrict tzp);

Also, POSIX states that gettimeofday() shall return 0 (as long as tzp is
not used). Remove dead error handling code. Also use NULL for a
nul-pointer instead of integer 0.

While there, change all pieces of code that only use tv_sec to use
time(3), as this provides less overhead.
2012-09-01 14:45:15 +00:00
Pedro F. Giffuni
43981b6c53 Bring some changes from Bull's NFSv4 libtirpc implementation.
We especifically ignored the glibc compatibility changes
but this should help interaction with Solaris and Linux.
____

Fixed infinite loop in svc_run()
author	Steve Dickson
Tue, 10 Jun 2008 12:35:52 -0500 (13:35 -0400)
Fixed infinite loop in svc_run()
____

__rpc_taddr2uaddr_af() assumes the netbuf to always have a
non-zero data. This is a bad assumption and can lead to a
seg-fault. This patch adds a check for zero length and returns
NULL when found.
author	Steve Dickson
Mon, 27 Oct 2008 11:46:54 -0500 (12:46 -0400)
____

Changed clnt_spcreateerror() to return clearer
and more concise error messages.
author	Steve Dickson
Thu, 20 Nov 2008 08:55:31 -0500 (08:55 -0500)
____

Converted all uid and gid variables of the type uid_t and gid_t.
author	Steve Dickson
Wed, 28 Jan 2009 12:44:46 -0500 (12:44 -0500)
____

libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed

These fields in the rpcbind GETADDR call are being passed uninitialized
to CLNT_CALL. In the case of x86_64 at least, this usually leads to a
segfault. On x86, it sometimes causes segfaults and other times causes
garbage to be sent on the wire.

rpcbind generally ignores the r_owner field for calls that come in over
the wire, so it really doesn't matter what we send in that slot. We just
need to send something. The reference implementation from Sun seems to
send a blank string. Have ours follow suit.
author	Jeff Layton
Fri, 13 Mar 2009 11:44:16 -0500 (12:44 -0400)
____

libtirpc: be sure to free cl_netid and cl_tp

When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the same
way.

author	Jeff Layton
Fri, 13 Mar 2009 11:47:36 -0500 (12:47 -0400)

Obtained from:	Bull GNU/Linux NFSv4 Project
MFC after:	3 weeks
2012-09-01 02:56:17 +00:00
Christian Brueffer
42c9e355b6 Jump to the failed label instead of doing cleanup ourselves.
Obtained from:	DragonFly BSD
MFC after:	2 weeks
2012-07-15 11:52:24 +00:00
Glen Barber
a3fb6da9ba General mdoc(7) and typo fixes.
PR:		167734
Submitted by:	Nobuyuki Koganemaru (kogane!jp.freebsd.org)
MFC after:	3 days
2012-05-11 20:06:46 +00:00
Konstantin Belousov
9a36eaa36e Plug a leak.
Submitted by:	Greg Bednarek <gbednarek averesystems com>
MFC after:	1 week
2012-05-08 19:47:52 +00:00
Konstantin Belousov
ed8ddc6ea0 Fix several memory and lock leaks on the out of memory condition.
Reported by:	Matt Miller <matt matthewjmiller net>
MFC after:	1 week
2012-04-28 18:57:27 +00:00
Joel Dahl
10b4d262da Remove unnecessary Xo/Xc.
Reviewed by:	brueffer
2012-03-29 20:23:35 +00:00
Joel Dahl
c1f71e84f1 Minor mdoc nit. 2012-03-27 15:22:10 +00:00
Ed Schouten
6b99842ada Globally replace u_int*_t from (non-contributed) man pages.
The reasoning behind this, is that if we are consistent in our
documentation about the uint*_t stuff, people will be less tempted to
write new code that uses the non-standard types.

I am not going to bump the man page dates, as these changes can be
considered style nits. The meaning of the man pages is unaffected.

MFC after:	1 month
2012-02-12 18:29:56 +00:00
Dimitry Andric
5e0a19bdee Consistently set RPCGEN_CPP when running rpcgen, so the C preprocessor
set via ${CPP} is used, instead of always using hardcoded /usr/bin/cpp.

MFC after:	1 week
2012-02-07 09:27:07 +00:00
Dimitry Andric
51907e6434 In lib/libc/rpc/crypt_client.c, fix a clang warning about an implicit
conversion between enum desdir/desmode from include/rpc/des.h, and enum
desdir/desmode from include/rpcsvc/crypt.x.  These are actually
different enums, with different value names, but by accident the integer
representation of the enum values happened to be the same.

MFC after:	1 week
2011-12-15 20:27:36 +00:00
Rick Macklem
e2c83f74f4 Fix a bug in the userland rpc library, where it would use a
negative return value from write to update its position in
a buffer. The patch, courtesy of Andrey Simonenko, also simplifies
a conditional by removing the "i != cnt" clause, since it is
always true at this point in the code. The bug caused problems
for mountd, when it generated a large reply to an exports RPC
request.

Submitted by:	simon at comsys.ntu-kpi.kiev.ua
MFC after:	2 weeks
2011-04-10 14:11:07 +00:00
Ulrich Spörlein
20a95cd6fc Revert most of r210764, now that mdocml does the right
thing with empty quotation macros.

Requested by:	Alex Kozlov
2010-12-28 10:08:50 +00:00
Ulrich Spörlein
cded07a878 Move most of the remaining USD/PSD/SMM papers into share/doc 2010-12-04 10:11:20 +00:00
Ulrich Spörlein
c0da74038d mdoc: make sure to pass at least one argument to quotation macros 2010-08-02 13:11:35 +00:00
John Baldwin
f458b72661 Fix a bug in the previous change: remove function-local definition of
tcp_key and udp_key that shadows the global definition.

PR:		threads/144558
Submitted by:	Sam Robb
2010-03-11 16:58:15 +00:00
John Baldwin
6f88d2a870 Use thr_once() with once_t controls to initialize various thread_key_t
objects used to provide per-thread storage in the RPC code.  Almost all
of these used double-checking with a dedicated mutex (tsd_lock) to do this
before.  However, that is not always safe with more relaxed memory orders.
There were also other bugs, such as one in __rpc_createrr() that caused a
new key to be allocated each time __rpc_createrr() was invoked.

PR:		threads/144558
Reported by:	Sam Robb  samrobb of averesystems com (key leak)
MFC after:	1 week
2010-03-10 13:23:25 +00:00
Brooks Davis
9d8e1a8300 Use the correct types to store uids and gids in the credential cache. 2010-01-09 23:36:51 +00:00
Christian Brueffer
7b331f63c5 Fix a double free().
PR:		142339
Submitted by:	Henning Petersen <henning.petersen@t-online.de>
MFC after:	2 weeks
2010-01-05 20:18:41 +00:00
John Baldwin
55fdae4cae The fd_mask type is an unsigned long, not an int, so treat the mask as a
long instead of an int when examining the results of select() to look for
RPC requests.  Previously this routine would ignore RPC requests to sockets
whose file descriptor mod 64 was greater than 31 on a 64-bit platform.

PR:		amd64/141130
Submitted by:	liujb of array networks
MFC after:	3 days
2009-12-03 15:14:30 +00:00
Garrett Wollman
87541d3110 Style: use structure assignment rather than memcpy() to copy a
structure.
2009-11-25 04:53:38 +00:00
Garrett Wollman
bedffadccc In clnt_raw_create(), avoid minor race condition initializing the
file-scope variable clntraw_private.

Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:52:12 +00:00
Garrett Wollman
fcbfc882d6 In svc_raw_reply(), don't leave stat uninitialized if the MSG_ACCEPTED
&& SUCCESS case succeeds.  The stack garbage might be zero.

Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:49:41 +00:00
Garrett Wollman
0c0349bfa4 Eliminate more dead stores.
Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:45:45 +00:00
Xin LI
5f4faf74cb Lock around access to nc_file and netconfig_info ("ni"). The RPC
part of libc is still not thread safe but this would at least
reduce the problems we have.

PR:		threads/118544
Submitted by:	Changming Sun <snnn119 gmail com>
MFC after:	2 weeks
2009-06-24 23:17:16 +00:00
Brooks Davis
838d985825 Rework the credential code to support larger values of NGROUPS and
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively.  (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)

The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer.  Do the equivalent in
kinfo_proc.

Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively.  Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary.  In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.

Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups.  When feasible, truncate
the group list rather than generating an error.

Minor changes:
  - Reduce the number of hand rolled versions of groupmember().
  - Do not assign to both cr_gid and cr_groups[0].
  - Modify ipfw to cache ucreds instead of part of their contents since
    they are immutable once referenced by more than one entity.

Submitted by:	Isilon Systems (initial implementation)
X-MFC after:	never
PR:		bin/113398 kern/133867
2009-06-19 17:10:35 +00:00
Brooks Davis
54404cfb13 In preparation for raising NGROUPS and NGROUPS_MAX, change base
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically.  Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).

This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.

In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups().  In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.

Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages.  We do not yet support a dynamic NGROUPS, but we
may in the future.

MFC after:	2 weeks
2009-06-19 15:58:24 +00:00
Alexander Kabaev
e7733ffa39 Re-do r192913 in less intrusive way. Only do IP_RECVDSTADDR/IP_SENDSRCADDR
dace for UPDv4 sockets bound to INADDR_ANY. Move the code to set
IP_RECVDSTADDR/IP_SENDSRCADDR into svc_dg.c, so that both TLI and non-TLI
users will be using it.

Back out my previous commit to mountd. Turns out the problem was affecting
more than one binary so it needs to me addressed in generic rpc code in
libc in order to fix them all.

Reported by:	lstewart
Tested by:	lstewart
2009-06-18 17:10:43 +00:00
Alexander Kabaev
8a784b73d3 Do not attempt to set source address on outgoing messages
on UDP socket if we do not have a valid IP address.
2009-06-08 03:39:15 +00:00
Zachary Loafman
fcd3177f90 Match type for socket option (in practice, unnecessary, but stylistically it's a little nicer).
Suggested by:       jilles
Approved by:        dfr (mentor)
2009-05-28 15:02:44 +00:00
Zachary Loafman
35941cc841 Handle UDP RPC replies correctly on a multi-homed system, in userland RPC. Corrects an issue with mountd replies to OS X.
Approved by:        dfr (mentor)
2009-05-27 17:02:15 +00:00
Ed Maste
14846f9b49 Include a space between "send" and "broadcast". 2009-04-09 20:57:35 +00:00
Xin LI
985a73f6d3 Remove a warning which is supposed to have been removed on 20030301. 2009-04-02 21:51:54 +00:00
Doug Rabson
3d3ec67618 Fix async mode (required for ypbind in manycast mode). 2008-09-15 14:02:49 +00:00
Doug Rabson
4efa8f3e07 Initialise the SVCAUTH field for new transport structures when they are
allocated instead of waiting for the first request. This fixes an issue with
rpcbind's support for PMAPPROC_CALLIT.

Reviewed by:	markm
2008-09-09 14:15:55 +00:00
Doug Rabson
8f55a568f6 Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This
is based on an old implementation from the University of Michigan with lots of
changes and fixes by me and the addition of a Solaris-compatible API.

Sponsored by:	Isilon Systems
Reviewed by:	alfred
2008-08-06 14:02:05 +00:00
Doug Rabson
ecc03b80f1 Don't call xdrrec_skiprecord in the non-blocking case. If
__xdrrec_getrec has returned TRUE, then we have a complete request in
the buffer - calling xdrrec_skiprecord is not necessary. In particular,
if there is another record already buffered on the stream,
xdrrec_skiprecord will discard both this request and the next
one, causing the call to xdr_callmsg to fail and the stream to be
closed.

Sponsored by:	Isilon Systems
2008-03-30 09:36:17 +00:00
John Birrell
102c7c9299 Use intermediate pointers to avoid strict alias type check failures
using gcc 4.2. This is required for tinderbox which doesn't have
-fno-strict-aliasing in it's custom CFLAGS.
2007-11-20 01:51:20 +00:00
Matteo Riondato
330e445c29 Fix some improper handling of malloc failures
PR:		bin/83344 , kern/81987
Reviewed by:	alfred
Approved by:	re (kensmith)
MFC after:	1 week
2007-09-20 22:35:24 +00:00
Hartmut Brandt
e62e610b7d Use an array of size NGROUP_MAX for the getgroups() call instead of NGRP.
When NGROUP_MAX is larger than NGRP the call used to fail. Now the call
succeedes, but only the first NGRP groups are actually used for authentication.
2007-06-14 20:07:35 +00:00
Daniel Eischen
2665faf497 Some libc symbol map cleanups.
net: endhostdnsent is named _endhostdnsent and is
  private to netdb family of functions.

  posix1e: acl_size.c has been never compiled in,
  so there's no "acl_size".

  rpc: "getnetid" is a static function.

  stdtime: "gtime" is #ifdef'ed out in the source.

  some symbols are specific only to some architectures,
  e.g., ___tls_get_addr is only defined on i386.

  __htonl, __htons, __ntohl and __ntohs are no longer
  functions, they are now (internal) defines in
  <machine/endian.h>.

Submitted by:	ru
2007-05-31 13:01:34 +00:00