Clean up the check_access interface

Previously, check_access() would take a void pointer argument, which
could be either a struct pmap, or a struct rpcb. The only bit of
information which is really needed is the RPC program number,
so we pass that instead.

Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>

5 files changed, 26 insertions, 24 deletions

diff --git a/src/pmap_svc.c b/src/pmap_svc.c
index 4736700..337e64d 100644
--- a/src/pmap_svc.c
+++ b/src/pmap_svc.c
@@ -80,7 +80,7 @@ pmap_service(struct svc_req *rqstp, SVCXPRT *xprt)
 		if (debugging)
 			fprintf(stderr, "PMAPPROC_NULL\n");
 #endif
-		check_access(xprt, rqstp->rq_proc, NULL, PMAPVERS);
+		check_access(xprt, rqstp->rq_proc, 0, PMAPVERS);
 		if ((!svc_sendreply(xprt, (xdrproc_t) xdr_void, NULL)) &&
 			debugging) {
 			if (doabort) {
@@ -201,11 +201,11 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
 		  reg.pm_prog, reg.pm_vers);
 #endif
 
-	if (!check_access(xprt, op, &reg, PMAPVERS)) {
+	if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) {
 		svcerr_weakauth(xprt);
 		return (FALSE);
 	}
-		
+
 	rpcbreg.r_prog = reg.pm_prog;
 	rpcbreg.r_vers = reg.pm_vers;
 
@@ -276,7 +276,7 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
 		return (FALSE);
 	}
 
-	if (!check_access(xprt, PMAPPROC_GETPORT, &reg, PMAPVERS)) {
+	if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) {
 		svcerr_weakauth(xprt);
 		return FALSE;
 	}
@@ -340,7 +340,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
 		return (FALSE);
 	}
 
-	if (!check_access(xprt, PMAPPROC_DUMP, NULL, PMAPVERS)) {
+	if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) {
 		svcerr_weakauth(xprt);
 		return FALSE;
 	}
diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c
index 0514ba5..e350f85 100644
--- a/src/rpcb_svc.c
+++ b/src/rpcb_svc.c
@@ -75,6 +75,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
 	char *result;
 	xdrproc_t xdr_argument, xdr_result;
 	void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t));
+	rpcprog_t setprog = 0;
 
 	rpcbs_procinfo(RPCBVERS_3_STAT, rqstp->rq_proc);
 
@@ -88,7 +89,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
 			fprintf(stderr, "RPCBPROC_NULL\n");
 #endif
 		/* This call just logs, no actual checks */
-		check_access(transp, rqstp->rq_proc, NULL, RPCBVERS);
+		check_access(transp, rqstp->rq_proc, 0, RPCBVERS);
 		(void) svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL);
 		return;
 
@@ -166,7 +167,13 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
 			(void) fprintf(stderr, "rpcbind: could not decode\n");
 		return;
 	}
-	if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS)) {
+
+	if (rqstp->rq_proc == RPCBPROC_SET
+	 || rqstp->rq_proc == RPCBPROC_UNSET
+	 || rqstp->rq_proc == RPCBPROC_GETADDR)
+		setprog = argument.rpcbproc_set_3_arg.r_prog;
+
+	if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS)) {
 		svcerr_weakauth(transp);
 		goto done;
 	}
diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c
index 9fd5bef..313e6d1 100644
--- a/src/rpcb_svc_4.c
+++ b/src/rpcb_svc_4.c
@@ -78,6 +78,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
 	char *result;
 	xdrproc_t xdr_argument, xdr_result;
 	void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t));
+	rpcprog_t setprog = 0;
 
 	rpcbs_procinfo(RPCBVERS_4_STAT, rqstp->rq_proc);
 
@@ -90,7 +91,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
 		if (debugging)
 			fprintf(stderr, "RPCBPROC_NULL\n");
 #endif
-		check_access(transp, rqstp->rq_proc, NULL, RPCBVERS4);
+		check_access(transp, rqstp->rq_proc, 0, RPCBVERS4);
 		(void) svc_sendreply(transp, (xdrproc_t) xdr_void,
 					(char *)NULL);
 		return;
@@ -220,7 +221,13 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
 			(void) fprintf(stderr, "rpcbind: could not decode\n");
 		return;
 	}
-	if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS4)) {
+
+	if (rqstp->rq_proc == RPCBPROC_SET
+	 || rqstp->rq_proc == RPCBPROC_UNSET
+	 || rqstp->rq_proc == RPCBPROC_GETADDR)
+		setprog = argument.rpcbproc_set_4_arg.r_prog;
+
+	if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS4)) {
 		svcerr_weakauth(transp);
 		goto done;
 	}
diff --git a/src/rpcbind.h b/src/rpcbind.h
index c800577..74f9591 100644
--- a/src/rpcbind.h
+++ b/src/rpcbind.h
@@ -119,7 +119,7 @@ void rpcbind_abort(void);
 void reap(int);
 void toggle_verboselog(int);
 
-int check_access(SVCXPRT *, rpcproc_t, void *, unsigned int);
+int check_access(SVCXPRT *, rpcproc_t, rpcprog_t, unsigned int);
 int check_callit(SVCXPRT *, struct r_rmtcall_args *, int);
 void logit(int, struct sockaddr *, rpcproc_t, rpcprog_t, const char *);
 int is_loopback(struct netbuf *);
diff --git a/src/security.c b/src/security.c
index 0edeac6..07c8933 100644
--- a/src/security.c
+++ b/src/security.c
@@ -62,34 +62,21 @@ int log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY;
 extern int verboselog;
 
 int 
-check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
+check_access(SVCXPRT *xprt, rpcproc_t proc, rpcprog_t prog, unsigned int rpcbvers)
 {
 	struct netbuf *caller = svc_getrpccaller(xprt);
 	struct sockaddr *addr = (struct sockaddr *)caller->buf;
 #ifdef LIBWRAP
 	struct request_info req;
 #endif
-	rpcprog_t prog = 0;
-	rpcb *rpcbp;
-	struct pmap *pmap;
 
 	/*
 	 * The older PMAP_* equivalents have the same numbers, so
 	 * they are accounted for here as well.
 	 */
 	switch (proc) {
-	case RPCBPROC_GETADDR:
 	case RPCBPROC_SET:
 	case RPCBPROC_UNSET:
-		if (rpcbvers > PMAPVERS) {
-			rpcbp = (rpcb *)args;
-			prog = rpcbp->r_prog;
-		} else {
-			pmap = (struct pmap *)args;
-			prog = pmap->pm_prog;
-		}
-		if (proc == RPCBPROC_GETADDR)
-			break;
 		if (!insecure && !is_loopback(caller)) {
 #ifdef RPCBIND_DEBUG
 			  if (debugging)
@@ -101,6 +88,7 @@ check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
 			return 0;
 		}
 		break;
+	case RPCBPROC_GETADDR:
 	case RPCBPROC_CALLIT:
 	case RPCBPROC_INDIRECT:
 	case RPCBPROC_DUMP: