diff options
author | Olaf Kirch <okir@suse.de> | 2011-03-15 13:00:36 -0400 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2011-03-15 13:14:46 -0400 |
commit | a81ad2e02d4bdf4066a987ba7363c3e9dcd33f42 (patch) | |
tree | 74ea3a66c4c7aab02b05d4cc90b6ab252701a43a | |
parent | 7c79c279f3f2f80a1cf01707c88c2b29da9aa7ad (diff) | |
download | rpcbind-a81ad2e02d4bdf4066a987ba7363c3e9dcd33f42.tar.gz |
Clean up the check_access interface
Previously, check_access() would take a void pointer argument, which
could be either a struct pmap, or a struct rpcb. The only bit of
information which is really needed is the RPC program number,
so we pass that instead.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
-rw-r--r-- | src/pmap_svc.c | 10 | ||||
-rw-r--r-- | src/rpcb_svc.c | 11 | ||||
-rw-r--r-- | src/rpcb_svc_4.c | 11 | ||||
-rw-r--r-- | src/rpcbind.h | 2 | ||||
-rw-r--r-- | src/security.c | 16 |
5 files changed, 26 insertions, 24 deletions
diff --git a/src/pmap_svc.c b/src/pmap_svc.c index 4736700..337e64d 100644 --- a/src/pmap_svc.c +++ b/src/pmap_svc.c @@ -80,7 +80,7 @@ pmap_service(struct svc_req *rqstp, SVCXPRT *xprt) if (debugging) fprintf(stderr, "PMAPPROC_NULL\n"); #endif - check_access(xprt, rqstp->rq_proc, NULL, PMAPVERS); + check_access(xprt, rqstp->rq_proc, 0, PMAPVERS); if ((!svc_sendreply(xprt, (xdrproc_t) xdr_void, NULL)) && debugging) { if (doabort) { @@ -201,11 +201,11 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long reg.pm_prog, reg.pm_vers); #endif - if (!check_access(xprt, op, ®, PMAPVERS)) { + if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) { svcerr_weakauth(xprt); return (FALSE); } - + rpcbreg.r_prog = reg.pm_prog; rpcbreg.r_vers = reg.pm_vers; @@ -276,7 +276,7 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt) return (FALSE); } - if (!check_access(xprt, PMAPPROC_GETPORT, ®, PMAPVERS)) { + if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) { svcerr_weakauth(xprt); return FALSE; } @@ -340,7 +340,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt) return (FALSE); } - if (!check_access(xprt, PMAPPROC_DUMP, NULL, PMAPVERS)) { + if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) { svcerr_weakauth(xprt); return FALSE; } diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c index 0514ba5..e350f85 100644 --- a/src/rpcb_svc.c +++ b/src/rpcb_svc.c @@ -75,6 +75,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) char *result; xdrproc_t xdr_argument, xdr_result; void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t)); + rpcprog_t setprog = 0; rpcbs_procinfo(RPCBVERS_3_STAT, rqstp->rq_proc); @@ -88,7 +89,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) fprintf(stderr, "RPCBPROC_NULL\n"); #endif /* This call just logs, no actual checks */ - check_access(transp, rqstp->rq_proc, NULL, RPCBVERS); + check_access(transp, rqstp->rq_proc, 0, RPCBVERS); (void) svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL); return; @@ -166,7 +167,13 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) (void) fprintf(stderr, "rpcbind: could not decode\n"); return; } - if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS)) { + + if (rqstp->rq_proc == RPCBPROC_SET + || rqstp->rq_proc == RPCBPROC_UNSET + || rqstp->rq_proc == RPCBPROC_GETADDR) + setprog = argument.rpcbproc_set_3_arg.r_prog; + + if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS)) { svcerr_weakauth(transp); goto done; } diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c index 9fd5bef..313e6d1 100644 --- a/src/rpcb_svc_4.c +++ b/src/rpcb_svc_4.c @@ -78,6 +78,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) char *result; xdrproc_t xdr_argument, xdr_result; void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t)); + rpcprog_t setprog = 0; rpcbs_procinfo(RPCBVERS_4_STAT, rqstp->rq_proc); @@ -90,7 +91,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) if (debugging) fprintf(stderr, "RPCBPROC_NULL\n"); #endif - check_access(transp, rqstp->rq_proc, NULL, RPCBVERS4); + check_access(transp, rqstp->rq_proc, 0, RPCBVERS4); (void) svc_sendreply(transp, (xdrproc_t) xdr_void, (char *)NULL); return; @@ -220,7 +221,13 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) (void) fprintf(stderr, "rpcbind: could not decode\n"); return; } - if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS4)) { + + if (rqstp->rq_proc == RPCBPROC_SET + || rqstp->rq_proc == RPCBPROC_UNSET + || rqstp->rq_proc == RPCBPROC_GETADDR) + setprog = argument.rpcbproc_set_4_arg.r_prog; + + if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS4)) { svcerr_weakauth(transp); goto done; } diff --git a/src/rpcbind.h b/src/rpcbind.h index c800577..74f9591 100644 --- a/src/rpcbind.h +++ b/src/rpcbind.h @@ -119,7 +119,7 @@ void rpcbind_abort(void); void reap(int); void toggle_verboselog(int); -int check_access(SVCXPRT *, rpcproc_t, void *, unsigned int); +int check_access(SVCXPRT *, rpcproc_t, rpcprog_t, unsigned int); int check_callit(SVCXPRT *, struct r_rmtcall_args *, int); void logit(int, struct sockaddr *, rpcproc_t, rpcprog_t, const char *); int is_loopback(struct netbuf *); diff --git a/src/security.c b/src/security.c index 0edeac6..07c8933 100644 --- a/src/security.c +++ b/src/security.c @@ -62,34 +62,21 @@ int log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY; extern int verboselog; int -check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers) +check_access(SVCXPRT *xprt, rpcproc_t proc, rpcprog_t prog, unsigned int rpcbvers) { struct netbuf *caller = svc_getrpccaller(xprt); struct sockaddr *addr = (struct sockaddr *)caller->buf; #ifdef LIBWRAP struct request_info req; #endif - rpcprog_t prog = 0; - rpcb *rpcbp; - struct pmap *pmap; /* * The older PMAP_* equivalents have the same numbers, so * they are accounted for here as well. */ switch (proc) { - case RPCBPROC_GETADDR: case RPCBPROC_SET: case RPCBPROC_UNSET: - if (rpcbvers > PMAPVERS) { - rpcbp = (rpcb *)args; - prog = rpcbp->r_prog; - } else { - pmap = (struct pmap *)args; - prog = pmap->pm_prog; - } - if (proc == RPCBPROC_GETADDR) - break; if (!insecure && !is_loopback(caller)) { #ifdef RPCBIND_DEBUG if (debugging) @@ -101,6 +88,7 @@ check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers) return 0; } break; + case RPCBPROC_GETADDR: case RPCBPROC_CALLIT: case RPCBPROC_INDIRECT: case RPCBPROC_DUMP: |