Three files in libtirpc have the "BSD with advertising" or "BSD 4
clause" license on them (Free, but GPL incompatible). Thankfully, two of
the three files (tirpc/libc_private.h and tirpc/nss_tls.h) aren't
necessary on Linux at all. They were copied from FreeBSD, but FreeBSD
(and NetBSD) include those headers, so they can be conditionalized out
in the code. The third header, tirpc/reentrant.h originally came from
FreeBSD, but had been modified to point to the Linux pthread equivalent
functions. I'm pretty sure that would cause the code to break on
FreeBSD/NetBSD.
This patch does the following:
- Zeros out tirpc/libc_private.h (This file should be deleted from the
source control)
- Zeros out tirpc/nss_tls.h (This file should be deleted from the source
control)
- Takes a fresh copy of tirpc/reentrant.h from FreeBSD CVS to inherit
the new license (the advertising clause has been dropped in FreeBSD)
- Updates tirpc/reentrant.h so that it contains the correct definition
mappings for Linux, conditionalized only for Linux.
- Updates all source files which #include libc_private.h so that the
include is conditionalized on FreeBSD or NetBSD. I honestly don't think
these files even need to be included on those platforms, but I'd rather
be safe than sorry here.
Ulrich Drepper [Tue, 18 May 2010 23:18:38 +0000 (19:18 -0400)]
Automount with nis maps crashes and generates a core
I think I added the appropriate backward compatibility support to handle
old kernels. And certainly the existing libtirpc functions are unchanged.
Only one additional extenal interface (__libc_clntudp_bufcreate) is added.
The remaining changes are necessary to implement it. The changes are
straightforward.
See https://bugzilla.redhat.com/show_bug.cgi?id=519430
Signed-off-by: Ulrich Drepper <drepper@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 25 Mar 2010 17:34:27 +0000 (13:34 -0400)]
Add a note about rpcbind's use of __svc_clean_idle()
__svc_clean_idle() is an internal function that is also called by
the version of rpcbind we are currently using. Make a note of this
so that the function does not get accidentally removed or changed.
We should keep an eye out for other APIs like this, and document
them accordingly.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 25 Mar 2010 17:32:54 +0000 (13:32 -0400)]
libtoolize: Squelch libtoolize warnings
Address these build-time complaints from libtoolize:
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac
and
libtoolize: rerunning libtoolize, to keep the correct libtool macros
in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
libtoolize: `AC_PROG_RANLIB' is rendered obsolete by `LT_INIT'
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Reported-by: Jens-Uwe Mozdzen <jmozdzen@nde.de Fix-by: Jay Lan <jlan@sgi.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 25 Mar 2010 17:24:44 +0000 (13:24 -0400)]
Fix memory leak in getclnthandle()
getclnthandle() can return a NULL RPC client, but sometimes it does
this without ensuring that *targaddr is freed. Even though the
documenting comment claims that callers must free *targaddr, callers
don't check the value of *targaddr if getclnthandle() returns NULL.
Reported-by: Jens-Uwe Mozdzen <jmozdzen@nde.ag> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Fri, 5 Mar 2010 19:27:13 +0000 (14:27 -0500)]
libtirpc: allow larger ticket sizes with RPCSEC_GSS
libtirpc currently limits RPCSEC_GSS args to MAX_NETOBJ_SZ (1024) bytes.
This causes problems when you try to use large krb5 tickets, such as
those handed out by MS' Active Directory when the user has a large PAC.
This patch backports a set of changes from librpcsecgss which fixed this
problem there. It declares a new routine specifically for encoding
gss_buffer_t's and has the various auth_gss routines use that instead of
calling xdr_bytes directly.
An RPC_SLACK_SPACE constant is defined and added to the buffer length to
get a max buffer length to pass to xdr_rpc_gss_buf for the appropriate
callers.
Jeff Layton [Fri, 5 Mar 2010 17:55:31 +0000 (12:55 -0500)]
libtirpc: don't call abort() in the AUTH_UNIX creation codepaths
When there are problems creating an AUTH_UNIX auth handle, libtirpc will
sometimes call abort(). It's bad for a library to do this since
decisions about how to handle errors are better left up to the
application and abort() generally causes the app to crash and dump core.
Make it so that these functions return NULL instead in these situations.
authunix_create already returns NULL for other error conditions so it
seems like an appropriate way to handle errors in these codepaths.
Have authunix_create and authunix_create_default set appropriate errors
in the rpc_createerr struct. It seems a little odd to do this since
rpc_createerr is supposed to report information about why CLIENT
creation failed, and the problem here is in creating an AUTH handle.
authgss_create does this already however, so there is some precedent.
While we're at it, it's also bad for libraries to log to stderr. It's
possible that a daemon is calling here and it has closed stderr and is
resuing fd 2 for something else. Rip out the warnx calls from these two
functions to make sure that they don't cause problems.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 30 Nov 2009 13:55:43 +0000 (08:55 -0500)]
rpcb_getaddr: Handle only "udp" and "tcp" netids when using PMAP_GETPORT
The PORTMAP logic in __rpcb_findaddr_timed() already prevents its
use if the protocol family is not PF_INET. In addition, ensure that
the rpcbind v2 logic in __rpcb_findaddr_timed() is executed only if
the requested transport protocol name is "tcp" or "udp".
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 30 Nov 2009 13:54:02 +0000 (08:54 -0500)]
rpcb_getaddr: Always do PMAP_GETPORT first for NC_INET transports
For PF_INET transports, use PMAP_GETPORT. This is what network
captures show that Solaris user space does, what the Linux mount.nfs
command does, and what the Linux kernel rpcbind client does. It's
more efficient when querying legacy hosts, of which there are still
many.
An additional benefit of this change is that since libtirpc uses
only UDP for PMAP_GETPORT requests, and it now tries PMAP_GETPORT
first, the creation of a TCP socket in a very common case is now
avoided. This reduces the consumption of ephemeral ports that
can be left in TIME_WAIT after a request.
It appears that the order in which __rpcb_findaddr_timed() tries the
rpcbind protocol versions was changed in the FreeBSD port of libtirpc.
The documenting comment that appears before __rpcb_findaddr_timed()
was never updated. This patch restores the original behavior, which
is "try v2 first if the remote is a PF_INET; then try v4, then v3."
The FreeBSD change introduced two bugs: one serious, the other
harmless but wasteful.
The PORTMAP logic overwrites the pointer in "client" instead of
invoking CLNT_DESTROY(). Since the portmap code was originally
executed first, it had no need to invoke CLNT_DESTROY().
This orphans the RPC client previously created for the v3/v4 query.
If a connection-oriented socket was used during the v3/v4 query,
this socket is left connected to the remote portmapper, resulting in
an inadvertant denial of service attack on the remote.
For short-lived programs, this bug is hidden, because a program
exit causes all sockets to be closed automatically. Long-running
programs leave these sockets connected indefinitely.
The harmless bug is that even though a portmapper replies to a v4
RPCB_GETADDR request with "version 4 not supported; use only version
2", libtirpc tries again with a v3 RPCB_GETADDR anyway. Though
harmless, this is obviously a wasted round trip. Perform these
requests in the original order (v2, then v4, then v3), then the
original code makes sense, and the extra v3 round trip is avoided.
Reverting the FreeBSD change fixes both problems.
Reported-by: Jens-Uwe Mozdzen <jmozdzen@nde.ag>. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 29 Jun 2009 16:44:17 +0000 (12:44 -0400)]
rpcb_clnt: RPC_PROGNOTREGISTERED is a permanent error
rpcbind returns RPC_PROGNOTREGISTERED if it knows for certain that an
RPC
program is not supported for a given transport. This is a permanent and
authoritative error, so the library's rpcbind query API should never
retry the query -- it will only get the same answer.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 29 Jun 2009 16:43:26 +0000 (12:43 -0400)]
clnt_dg: Fix infinite loop when datagram call times out
After an RPC over datagram call times out, clnt_dg_call() goes into a
loop, spamming the server with endless retransmits. Since signals
are masked, a ^C doesn't break the loop -- the process must be KILLed.
Add missing logic to exit appropriately after the call's total time
has expired.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 28 May 2009 19:13:23 +0000 (15:13 -0400)]
make install fails when --prefix is used.
Moved the install rules for etc_netconfig into
its own doc/Makefile.am so $(DESTDIR) is defined
correctly when the --prefix configuration argument
is used.
Chuck Lever [Thu, 28 May 2009 18:58:50 +0000 (14:58 -0400)]
Update libtirpc.so library version information
Bump the library version information for libtirpc to match the latest
version distributed by Red Hat (libtirpc.so.1.0.10). Without this
change, the latest git repo installs libtirpc.so.1.0.9.
Add an annoying block comment in the Makefile describing how to keep
the library version up to date, 'cause it's kind of confusing, and
apparently entirely unrelated to the package and release version.
Before each release of upstream libtirpc, these version information
rules should be revisited.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 28 May 2009 14:30:56 +0000 (10:30 -0400)]
libtirpc: Don't install FreeBSD and Solaris headers
Only install headers specific to tirpc.
There are some extra headers in the libtirpc tarball that are just
for the library to build. They are required because libtirpc is
a port from FreeBSD (and before that, Solaris).
These headers are not meant to be installed in /usr/include, and do not
exist on the reference implementation (ie. Solaris).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Ian Kent [Mon, 20 Apr 2009 13:50:57 +0000 (09:50 -0400)]
libtirpc-0.1.10 - tsd destory at unload
If tsd keys are created that use a function local to the library and
are not destroyed at library unload this can lead to a SEGV if the
library is unloaded before the last thread is unloaded.
Also, calling free() on an address previously belonging to the now
unloaded library might not be very good either. I'm not to clear
about what happens to data areas used by shared libraries in terms
of their presence or otherwise in the lifcycle of a shared library.
This patch assumes that all threads using the library have exited
prior to the library being unloaded but may be worth more thought.
Signed-off-by: Ian Kent <ikent@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Ian Kent [Mon, 20 Apr 2009 13:44:28 +0000 (09:44 -0400)]
libtirpc-0.1.10 - fix rpc_createerr tsd create
The pthread_getspecific() call returns either the address of the tsd or
NULL and a call to pthread_getspecific() on a key value not obtained by a
call to pthread_key_create() is undefined.
The pthread_key_create() call returns either zero or a negative error
code.
So the __rpc_createerr() routine looks kinda broken.
Signed-off-by: Ian Kent <ikent@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Fri, 13 Mar 2009 16:47:36 +0000 (12:47 -0400)]
libtirpc: be sure to free cl_netid and cl_tp
When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the same
way.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Fri, 13 Mar 2009 16:44:16 +0000 (12:44 -0400)]
libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed
These fields in the rpcbind GETADDR call are being passed uninitialized
to CLNT_CALL. In the case of x86_64 at least, this usually leads to a
segfault. On x86, it sometimes causes segfaults and other times causes
garbage to be sent on the wire.
rpcbind generally ignores the r_owner field for calls that come in over
the wire, so it really doesn't matter what we send in that slot. We just
need to send something. The reference implementation from Sun seems to
send a blank string. Have ours follow suit.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 28 Jan 2009 14:19:07 +0000 (09:19 -0500)]
backwards compatibility: fix order of fields in TI-RPC's svc_req
Preserve ABI compatibility between glibc's RPC implementation and
the legacy RPC implementation in libtirpc by moving the rq_xprt
field in the TI-RPC version of the svc_req struct so it is
backwards compatible with the legacy version of this structure.
Linux's legacy svc_req struct, from /usr/include/rpc/svc.h, looks
like this:
struct svc_req {
rpcprog_t rq_prog; /* service program number */
rpcvers_t rq_vers; /* service protocol version */
rpcproc_t rq_proc; /* the desired procedure */
struct opaque_auth rq_cred; /* raw creds from the wire */
caddr_t rq_clntcred; /* read only cooked cred */
SVCXPRT *rq_xprt; /* associated transport */
};
The new TI-RPC svc_req struct, from /usr/include/tirpc/rpc/svc.h,
looks like this:
struct svc_req {
u_int32_t rq_prog; /* service program number */
u_int32_t rq_vers; /* service protocol version */
u_int32_t rq_proc; /* the desired procedure */
struct opaque_auth rq_cred; /* raw creds from the wire */
void *rq_clntcred; /* read only cooked cred */
caddr_t rq_clntname; /* read only client name */
caddr_t rq_svcname; /* read only cooked service cred */
SVCXPRT *rq_xprt; /* associated transport */
};
Note the extra fields rq_clntname and rq_svcname. These are used for
TI-RPC's RPCSEC GSS flavor support.
This issue came to light because rpc.statd still uses only legacy RPC
calls, and thus includes /usr/include/rpc/svc.h. However, other parts
of nfs-utils now link with TI-RPC, so the legacy RPC functions in
libtirpc are used in favor of glibc's RPC functions. The libtirpc svc
functions use the new svc_req struct, but rpc.statd uses the old
svc_req struct.
Since the svc_req fields were different, rpc.statd broke after recent
IPv6-related changes, even though I hadn't made any changes to it.
Note that rpc.mountd also references the rq_xprt field, so it has the
same issue.
In most operating systems, there is only one rpc/svc.h and one version
of svc_req so this is not a problem. We should audit all of the
structures and functions under /usr/include/rpc and
/usr/include/tirpc/rpc to ensure we have a reasonable level of
backwards compatibility until such a time it is decided to merge these
implementations or get rid of RPC support in glibc.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 27 Oct 2008 16:46:54 +0000 (12:46 -0400)]
__rpc_taddr2uaddr_af() assumes the netbuf to always have a
non-zero data. This is a bad assumption and can lead to a
seg-fault. This patch adds a check for zero length and returns
NULL when found.
Olaf Kirch [Tue, 30 Sep 2008 19:10:43 +0000 (15:10 -0400)]
Fix __rpc_getconfip
__rpc_getconfip is supposed to return the first netconf
entry supporting tcp or udp, respectively. The code will
currently return the *last* entry, plus it will leak
memory when there is more than one such entry.
This patch fixes this issue.
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Olaf Kirch [Tue, 30 Sep 2008 19:09:06 +0000 (15:09 -0400)]
Fix getpeereid
getpeereid fails because it uses an incorrect getsockopt call to obtain
the peer credentials on a AF_LOCAL socket. This in turn will cause all
RPC services to be registered with rpcbind to show up as having been
registered by "unknown".
This has a serious impact on security - a service owned by "unknown"
can essentially be unregistered (and thus replaced) by anyone.
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Olaf Kirch [Tue, 30 Sep 2008 19:08:07 +0000 (15:08 -0400)]
svc_getcaller_netbuf macro seems broken
I haven't found any documentation, but the comment in the header
file seems to suggest that svc_getcaller_netbuf should return the
xp_rtaddr netbuf. Returning the address of the socket descripor
seems to be wrong at any rate.
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Olaf Kirch [Tue, 30 Sep 2008 19:06:54 +0000 (15:06 -0400)]
Introduce __rpc_set_netbuf helper
The RPC code contains a number of places where a netbuf
is initialized with some data. All the mem_alloc/memcpy
stuff is open-coded. Introduce a helper function and
convert the code.
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Olaf Kirch [Tue, 30 Sep 2008 19:04:17 +0000 (15:04 -0400)]
Fix xp_raddr handling in svc_fd_create etc
Currently svc_fd_create tries to do some clever tricks
with IPv4/v6 address mapping.
This is broken for several reasons.
1. We don't want IPv4 based transport to look like IPv6
transports. Old applications compiled against tirpc
will expect AF_INET addresses, and are not equipped
to deal with AF_INET6.
2. There's a buffer overflow.
memcpy(&sin6, &ss, sizeof(ss));
copies a full struct sockaddr to a sockaddr_in6 on
the stack. Unlikely to be exploitable, but I wonder
if this ever worked....
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 16 Sep 2008 15:32:31 +0000 (11:32 -0400)]
- Fixed version-info in src/Makefile.am to reflect the correct version
- Fixed some of warnings in: src/auth_time.c, src/clnt_dg.c and
src/clnt_raw.c
- Added some #ifdef NOTUSED around some code in src/rpbc_clnt.c
that was not being used...
Olaf Kirch [Tue, 16 Sep 2008 12:46:29 +0000 (08:46 -0400)]
Fix for taddr2addr conversion bug of local addresses
When converting af_local socket addresses in taddr2uaddr, an incorrect
sizeof() would result in a truncated path string. As a result,
rpcbind will report the local /var/lib/rpcbind address to clients
as "/v" on a 32bit machine.
Signed-off-by: okir@suse.de Signed-off-by: Steve Dickson <steved@redhat.com>
Olaf Kirch [Tue, 2 Sep 2008 16:11:15 +0000 (12:11 -0400)]
Always make IPv6 sockets V6ONLY
Assume you have a netconfig file looking like this:
udp tpi_clts v inet udp - -
udp6 tpi_clts v inet6 udp - -
...
a call to svc_tli_create(... &someaddr, "udp") will fail to create an
IPv6 server socket. The problem is that on Linux, passive IPv6 sockets
will also accept packets/connections from IPv4, and will simply map
the sender's address to an IPv6 mapped IPv4 address. So if you want to
bind both a UDPv4 and UDPv6 socket to the same port, this will fail with
EADDRINUSE.
The way to avoid this behavior is to change the socket to V6ONLY,
which tells the kernel to avoid the autmatic mapping.
The change proposed in the patch below does this. I *think* this is
a good place to do this, as it will also fix applications that do not
use svc_tli_create() - such as rpcbind, which creates the sockets on
its own using __rpc_nconf2fd.
I think this also improves portability, as BSD code assumes BSD
behavior, where this mapping does not occur either.
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Olaf Kirch [Tue, 2 Sep 2008 16:09:39 +0000 (12:09 -0400)]
Fix incorrect sizeof() in __rpc_getbroadifs
__rpc_getbroadifs returns bad broadcast addresses on 32bit
machines because when copying the broadcast addresses, ite
applies the sizeof() operator to a pointer to a sockaddr,
rather than the sockaddr itself.
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
projects / libtirpc / log