diff options
Diffstat (limited to 'usr/src/cmd/rpcbind')
| -rw-r--r-- | usr/src/cmd/rpcbind/bind.xml | 85 | ||||
| -rw-r--r-- | usr/src/cmd/rpcbind/rpcb_check.c | 10 | ||||
| -rw-r--r-- | usr/src/cmd/rpcbind/rpcbind.c | 72 | ||||
| -rw-r--r-- | usr/src/cmd/rpcbind/rpcbind.h | 21 |
4 files changed, 97 insertions, 91 deletions
diff --git a/usr/src/cmd/rpcbind/bind.xml b/usr/src/cmd/rpcbind/bind.xml index 5ddf2592e4..687ce1d12d 100644 --- a/usr/src/cmd/rpcbind/bind.xml +++ b/usr/src/cmd/rpcbind/bind.xml @@ -2,38 +2,36 @@ <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> <!-- - Copyright 2006 Sun Microsystems, Inc. All rights reserved. - Use is subject to license terms. - - - CDDL HEADER START - - The contents of this file are subject to the terms of the - Common Development and Distribution License (the "License"). - You may not use this file except in compliance with the License. - - You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - or http://www.opensolaris.org/os/licensing. - See the License for the specific language governing permissions - and limitations under the License. - - When distributing Covered Code, include this CDDL HEADER in each - file and include the License file at usr/src/OPENSOLARIS.LICENSE. - If applicable, add the following below this CDDL HEADER, with the - fields enclosed by brackets "[]" replaced with your own identifying - information: Portions Copyright [yyyy] [name of copyright owner] - - CDDL HEADER END - - - ident "%Z%%M% %I% %E% SMI" - - NOTE: This service manifest is not editable; its contents will - be overwritten by package or patch operations, including - operating system upgrade. Make customizations in a different - file. - - Service manifest for rpcbind + CDDL HEADER START + + The contents of this file are subject to the terms of the + Common Development and Distribution License (the "License"). + You may not use this file except in compliance with the License. + + You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + or http://www.opensolaris.org/os/licensing. + See the License for the specific language governing permissions + and limitations under the License. + + When distributing Covered Code, include this CDDL HEADER in each + file and include the License file at usr/src/OPENSOLARIS.LICENSE. + If applicable, add the following below this CDDL HEADER, with the + fields enclosed by brackets "[]" replaced with your own identifying + information: Portions Copyright [yyyy] [name of copyright owner] + + CDDL HEADER END + + Copyright 2006 Sun Microsystems, Inc. All rights reserved. + Use is subject to license terms. + + ident "%Z%%M% %I% %E% SMI" + + Service manifest for rpcbind + + NOTE: This service manifest is not editable; its contents will + be overwritten by package or patch operations, including + operating system upgrade. Make customizations in a different + file. --> <service_bundle type='manifest' name='SUNWcsr:rpcbind'> @@ -152,8 +150,31 @@ name='allow_indirect' type='boolean' value='true' /> + + <!-- local_only specifies whether rpcbind should allow + calls from hosts other than the localhost. + Setting local_only to true will make rpcbind serve + only those requests that come in from the local machine. + the default value is false, i.e. allow connections + from other systems too. + --> + <propval + name='local_only' + type='boolean' + value='false' /> + + <!-- to configure rpc/bind --> + <propval name='value_authorization' type='astring' + value='solaris.smf.value.rpc.bind' /> </property_group> + <!-- Authorization --> + <property_group name='general' type='framework'> + <!-- to enable/disable rpc/bind --> + <propval name='action_authorization' type='astring' + value='solaris.smf.manage.rpc.bind' /> + </property_group> + <stability value='Unstable' /> <template> diff --git a/usr/src/cmd/rpcbind/rpcb_check.c b/usr/src/cmd/rpcbind/rpcb_check.c index 7cda44f93a..10aade0b12 100644 --- a/usr/src/cmd/rpcbind/rpcb_check.c +++ b/usr/src/cmd/rpcbind/rpcb_check.c @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -43,7 +42,7 @@ * Single function for pmap* and rpcb*; * Local transport checks made using localxprt(). * - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -220,7 +219,8 @@ rpcb_check(SVCXPRT *transp, rpcproc_t procnum, boolean_t ispmap) const char *addr_string = sgen_toa(svc_getgencaller(transp)); if (!localxprt(transp, ispmap) && - hosts_ctl("rpcbind", addr_string, addr_string, "") == 0) { + (local_only || + hosts_ctl("rpcbind", addr_string, addr_string, "") == 0)) { res = B_FALSE; } } diff --git a/usr/src/cmd/rpcbind/rpcbind.c b/usr/src/cmd/rpcbind/rpcbind.c index 89d2d5714d..c0048484f0 100644 --- a/usr/src/cmd/rpcbind/rpcbind.c +++ b/usr/src/cmd/rpcbind/rpcbind.c @@ -118,6 +118,7 @@ char *loopback_vc_ord; /* COTS_ORD loopback transport, for set and unset */ boolean_t verboselog = B_FALSE; boolean_t wrap_enabled = B_FALSE; boolean_t allow_indirect = B_TRUE; +boolean_t local_only = B_FALSE; /* Local Variable */ static int warmstart = 0; /* Grab a old copy of registrations */ @@ -945,58 +946,41 @@ logthread(void *arg) /* NOTREACHED */ } -/* - * Initialize: read the configuration parameters from the default file. - */ -static void -rpcb_check_init(void) +static boolean_t +get_smf_prop(const char *var, boolean_t def_val) { - thread_t tid; scf_simple_prop_t *prop; - uint8_t *bool; - - if ((prop = scf_simple_prop_get(NULL, NULL, "config", - "enable_tcpwrappers")) != NULL) { + uint8_t *val; + boolean_t res = def_val; - if ((bool = scf_simple_prop_next_boolean(prop)) != NULL) { - wrap_enabled = (*bool == 0) ? B_FALSE : B_TRUE; - } else { - syslog(LOG_ALERT, "enable_tcpwrappers no value %s", - scf_strerror(scf_error())); - } + prop = scf_simple_prop_get(NULL, NULL, "config", var); + if (prop) { + if ((val = scf_simple_prop_next_boolean(prop)) != NULL) + res = (*val == 0) ? B_FALSE : B_TRUE; scf_simple_prop_free(prop); - } else { - syslog(LOG_ALERT, "unable to get enable_tcpwrappers %s", - scf_strerror(scf_error())); } - if ((prop = scf_simple_prop_get(NULL, NULL, "config", - "verbose_logging")) != NULL) { - if ((bool = scf_simple_prop_next_boolean(prop)) != NULL) { - verboselog = (*bool == 0) ? B_FALSE : B_TRUE; - } else { - syslog(LOG_ALERT, "verboselog no value %s", - scf_strerror(scf_error())); - } - scf_simple_prop_free(prop); - } else { - syslog(LOG_ALERT, "unable to get verbose_logging %s", - scf_strerror(scf_error())); + if (prop == NULL || val == NULL) { + syslog(LOG_ALERT, "no value for config/%s (%s). " + "Using default \"%s\"", var, scf_strerror(scf_error()), + def_val ? "true" : "false"); } - if ((prop = scf_simple_prop_get(NULL, NULL, "config", - "allow_indirect")) != NULL) { - if ((bool = scf_simple_prop_next_boolean(prop)) != NULL) { - allow_indirect = (*bool == 0) ? B_FALSE : B_TRUE; - } else { - syslog(LOG_ALERT, "allow_indirect no value %s", - scf_strerror(scf_error())); - } - scf_simple_prop_free(prop); - } else { - syslog(LOG_ALERT, "unable to get allow_indirect %s", - scf_strerror(scf_error())); - } + return (res); +} + +/* + * Initialize: read the configuration parameters from SMF + */ +static void +rpcb_check_init(void) +{ + thread_t tid; + + wrap_enabled = get_smf_prop("enable_tcpwrappers", B_FALSE); + verboselog = get_smf_prop("verbose_logging", B_FALSE); + allow_indirect = get_smf_prop("allow_indirect", B_TRUE); + local_only = get_smf_prop("local_only", B_FALSE); if (wrap_enabled) (void) thr_create(NULL, 0, logthread, NULL, THR_DETACHED, &tid); diff --git a/usr/src/cmd/rpcbind/rpcbind.h b/usr/src/cmd/rpcbind/rpcbind.h index 7762af3bf9..477079a00f 100644 --- a/usr/src/cmd/rpcbind/rpcbind.h +++ b/usr/src/cmd/rpcbind/rpcbind.h @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -18,9 +17,8 @@ * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END - */ -/* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -82,21 +80,24 @@ extern boolean_t localxprt(SVCXPRT *, boolean_t); extern void qsyslog(int pri, const char *fmt, ...); extern boolean_t rpcb_check(SVCXPRT *, rpcproc_t, boolean_t); extern void rpcb_log(boolean_t, SVCXPRT *, rpcproc_t, rpcprog_t, boolean_t); -extern boolean_t allow_indirect, wrap_enabled, verboselog; +extern boolean_t allow_indirect, wrap_enabled, verboselog, local_only; #define svc_getgencaller(transp) \ ((struct sockaddr_gen *)svc_getrpccaller((transp))->buf) #define RPCB_CHECK(xprt, proc) \ - if (wrap_enabled && !rpcb_check((xprt), (proc), B_FALSE)) \ + if ((wrap_enabled || local_only) && \ + !rpcb_check((xprt), (proc), B_FALSE)) \ return #define PMAP_CHECK(xprt, proc) \ - if (wrap_enabled && !rpcb_check((xprt), (proc), B_TRUE)) \ + if ((wrap_enabled || local_only) && \ + !rpcb_check((xprt), (proc), B_TRUE)) \ return #define PMAP_CHECK_RET(xprt, proc, ret) \ - if (wrap_enabled && !rpcb_check((xprt), (proc), B_TRUE)) \ + if ((wrap_enabled || local_only) && \ + !rpcb_check((xprt), (proc), B_TRUE)) \ return (ret) #define RPCB_LOG(xprt, proc, prog) \ |