/*	$OpenBSD: procs.c,v 1.15 2015/01/16 06:40:20 deraadt Exp $	*/

/*

 * Copyright (c) 1995

 *	A.R. Gordon (andrew.gordon@net-tel.co.uk).  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 * 3. All advertising materials mentioning features or use of this software

 *    must display the following acknowledgement:

 *	This product includes software developed for the FreeBSD project

 * 4. Neither the name of the author nor the names of any co-contributors

 *    may be used to endorse or promote products derived from this software

 *    without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY ANDREW GORDON AND CONTRIBUTORS ``AS IS'' AND

 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 */

#include <sys/socket.h>

#include <netinet/in.h>

#include <rpc/rpc.h>

#include <rpc/pmap_clnt.h>

#include <rpcsvc/sm_inter.h>

#include "nlm_prot.h"

#include <arpa/inet.h>

#include <stdio.h>

#include <syslog.h>

#include <stdlib.h>

#include <string.h>

#include <netdb.h>

#include <limits.h>

#include "lockd.h"

#include "lockd_lock.h"

#define	CLIENT_CACHE_SIZE	64	/* No. of client sockets cached	 */

#define	CLIENT_CACHE_LIFETIME	120	/* In seconds			 */

/* log_from_addr ----------------------------------------------------------- */

/*

 * Purpose:	Log name of function called and source address

 * Returns:	Nothing

 * Notes:	Extracts the source address from the transport handle

 *		passed in as part of the called procedure specification

 */

static void

log_from_addr(char *fun_name, struct svc_req *req)

{

	struct	sockaddr_in *addr;

	struct	hostent *host;

	else

		    sizeof hostname_buf);

}

/* get_client -------------------------------------------------------------- */

/*

 * Purpose:	Get a CLIENT* for making RPC calls to lockd on given host

 * Returns:	CLIENT* pointer, from clnt_udp_create, or NULL if error

 * Notes:	Creating a CLIENT* is quite expensive, involving a

 *		conversation with the remote portmapper to get the

 *		port number.  Since a given client is quite likely

 *		to make several locking requests in succession, it is

 *		desirable to cache the created CLIENT*.

 *

 *		Since we are using UDP rather than TCP, there is no cost

 *		to the remote system in keeping these cached indefinitely.

 *		Unfortunately there is a snag: if the remote system

 *		reboots, the cached portmapper results will be invalid,

 *		and we will never detect this since all of the xxx_msg()

 *		calls return no result - we just fire off a udp packet

 *		and hope for the best.

 *

 *		We solve this by discarding cached values after two

 *		minutes, regardless of whether they have been used

 *		in the meanwhile (since a bad one might have been used

 *		plenty of times, as the host keeps retrying the request

 *		and we keep sending the reply back to the wrong port).

 *

 *		Given that the entries will always expire in the order

 *		that they were created, there is no point in a LRU

 *		algorithm for when the cache gets full - entries are

 *		always re-used in sequence.

 */

static CLIENT *clnt_cache_ptr[CLIENT_CACHE_SIZE];

static long clnt_cache_time[CLIENT_CACHE_SIZE];	/* time entry created */

static struct in_addr clnt_cache_addr[CLIENT_CACHE_SIZE];

static int clnt_cache_next_to_use = 0;

CLIENT *

get_client(struct sockaddr_in *host_addr, u_long vers)

{

	CLIENT *client;

	/*

	 * Search for the given client in the cache, zapping any expired

	 * entries that we happen to notice in passing.

	 */

			/* Cache entry has expired. */

			client = NULL;

		}

			sizeof(struct in_addr))) {

			/* Found it! */

		}

	}

	/* Not found in cache.  Free the next entry if it is in use. */

	}

	}

	/* Success - update the cache entry */

		clnt_cache_next_to_use = 0;

	/*

	 * Disable the default timeout, so we can specify our own in calls

	 * to clnt_call().  (Note that the timeout is a different concept

	 * from the retry period set in clnt_udp_create() above.)

	 */

}

/* transmit_result --------------------------------------------------------- */

/*

 * Purpose:	Transmit result for nlm_xxx_msg pseudo-RPCs

 * Returns:	Nothing - we have no idea if the datagram got there

 * Notes:	clnt_call() will always fail (with timeout) as we are

 *		calling it with timeout 0 as a hack to just issue a datagram

 *		without expecting a result

 */

void

transmit_result(int opcode, nlm_res *result, struct sockaddr_in *addr)

{

	static char dummy;

	CLIENT *cli;

	int success;

		/* No timeout - not expecting response */

		    result, xdr_void, &dummy, timeo);

	}

}

/* transmit4_result --------------------------------------------------------- */

/*

 * Purpose:	Transmit result for nlm4_xxx_msg pseudo-RPCs

 * Returns:	Nothing - we have no idea if the datagram got there

 * Notes:	clnt_call() will always fail (with timeout) as we are

 *		calling it with timeout 0 as a hack to just issue a datagram

 *		without expecting a result

 */

void

transmit4_result(int opcode, nlm4_res *result, struct sockaddr_in *addr)

{

	static char dummy;

	CLIENT *cli;

	int success;

		/* No timeout - not expecting response */

		    result, xdr_void, &dummy, timeo);

	}

}

/*

 * converts a struct nlm_lock to struct nlm4_lock

 */

static void

nlmtonlm4(struct nlm_lock *arg, struct nlm4_lock *arg4)

{

}

/* ------------------------------------------------------------------------- */

/*

 * Functions for Unix<->Unix locking (ie. monitored locking, with rpc.statd

 * involved to ensure reclaim of locks after a crash of the "stateless"

 * server.

 *

 * These all come in two flavours - nlm_xxx() and nlm_xxx_msg().

 * The first are standard RPCs with argument and result.

 * The nlm_xxx_msg() calls implement exactly the same functions, but

 * use two pseudo-RPCs (one in each direction).  These calls are NOT

 * standard use of the RPC protocol in that they do not return a result

 * at all (NB. this is quite different from returning a void result).

 * The effect of this is to make the nlm_xxx_msg() calls simple unacknowledged

 * datagrams, requiring higher-level code to perform retries.

 *

 * Despite the disadvantages of the nlm_xxx_msg() approach (some of which

 * are documented in the comments to get_client() above), this is the

 * interface used by all current commercial NFS implementations

 * [Solaris, SCO, AIX etc.].  This is presumed to be because these allow

 * implementations to continue using the standard RPC libraries, while

 * avoiding the block-until-result nature of the library interface.

 *

 * No client implementations have been identified so far that make use

 * of the true RPC version (early SunOS releases would be a likely candidate

 * for testing).

 */

/* nlm_test ---------------------------------------------------------------- */

/*

 * Purpose:	Test whether a specified lock would be granted if requested

 * Returns:	nlm_granted (or error code)

 * Notes:

 */

nlm_testres *

nlm_test_1_svc(nlm_testargs *arg, struct svc_req *rqstp)

{

	static nlm_testres result;

	struct nlm4_holder *holder;

	/*

	 * Copy the cookie from the argument into the result.  Note that this

	 * is slightly hazardous, as the structure contains a pointer to a

	 * malloc()ed buffer that will get freed by the caller.  However, the

	 * main function transmits the result before freeing the argument

	 * so it is in fact safe.

	 */

		    sizeof(struct nlm_holder));

	}

}

void *

nlm_test_msg_1_svc(nlm_testargs *arg, struct svc_req *rqstp)

{

	static char dummy;

	struct sockaddr_in *addr;

	CLIENT *cli;

	int success;

	struct nlm4_holder *holder;

		    sizeof(struct nlm_holder));

	}

	/*

	 * nlm_test has different result type to the other operations, so

	 * can't use transmit_result() in this case

	 */

		/* No timeout - not expecting response */

		    &result, xdr_void, &dummy, timeo);

	}

}

/* nlm_lock ---------------------------------------------------------------- */

/*

 * Purposes:	Establish a lock

 * Returns:	granted, denied or blocked

 * Notes:	*** grace period support missing

 */

nlm_res *

nlm_lock_1_svc(nlm_lockargs *arg, struct svc_req *rqstp)

{

	static nlm_res result;

	/* copy cookie from arg to result.  See comment in nlm_test_1() */

}

void *

nlm_lock_msg_1_svc(nlm_lockargs *arg, struct svc_req *rqstp)

{

	static nlm_res result;

}

/* nlm_cancel -------------------------------------------------------------- */

/*

 * Purpose:	Cancel a blocked lock request

 * Returns:	granted or denied

 * Notes:

 */

nlm_res *

nlm_cancel_1_svc(nlm_cancargs *arg, struct svc_req *rqstp)

{

	static nlm_res result;

	/* copy cookie from arg to result.  See comment in nlm_test_1() */

	/*

	 * Since at present we never return 'nlm_blocked', there can never be

	 * a lock to cancel, so this call always fails.

	 */

}

void *

nlm_cancel_msg_1_svc(nlm_cancargs *arg, struct svc_req *rqstp)

{

	static nlm_res result;

	/*

	 * Since at present we never return 'nlm_blocked', there can never be

	 * a lock to cancel, so this call always fails.

	 */

}

/* nlm_unlock -------------------------------------------------------------- */

/*

 * Purpose:	Release an existing lock

 * Returns:	Always granted, unless during grace period

 * Notes:	"no such lock" error condition is ignored, as the

 *		protocol uses unreliable UDP datagrams, and may well

 *		re-try an unlock that has already succeeded.

 */

nlm_res *

nlm_unlock_1_svc(nlm_unlockargs *arg, struct svc_req *rqstp)

{

	static nlm_res result;

}

void *

nlm_unlock_msg_1_svc(nlm_unlockargs *arg, struct svc_req *rqstp)

{

	static nlm_res result;

}

/* ------------------------------------------------------------------------- */

/*

 * Client-side pseudo-RPCs for results.  Note that for the client there

 * are only nlm_xxx_msg() versions of each call, since the 'real RPC'

 * version returns the results in the RPC result, and so the client

 * does not normally receive incoming RPCs.

 *

 * The exception to this is nlm_granted(), which is genuinely an RPC

 * call from the server to the client - a 'call-back' in normal procedure

 * call terms.

 */

/* nlm_granted ------------------------------------------------------------- */

/*

 * Purpose:	Receive notification that formerly blocked lock now granted

 * Returns:	always success ('granted')

 * Notes:

 */

nlm_res *

nlm_granted_1_svc(nlm_testargs *arg, struct svc_req *rqstp)

{

	static nlm_res result;

	/* copy cookie from arg to result.  See comment in nlm_test_1() */

}

void *

nlm_granted_msg_1_svc(nlm_testargs *arg, struct svc_req *rqstp)

{

	static nlm_res result;

}

/* nlm_test_res ------------------------------------------------------------ */

/*

 * Purpose:	Accept result from earlier nlm_test_msg() call

 * Returns:	Nothing

 */

void *

/*ARGSUSED*/

nlm_test_res_1_svc(nlm_testres *arg, struct svc_req *rqstp)

{

}

/* nlm_lock_res ------------------------------------------------------------ */

/*

 * Purpose:	Accept result from earlier nlm_lock_msg() call

 * Returns:	Nothing

 */

void *

/*ARGSUSED*/

nlm_lock_res_1_svc(nlm_res *arg, struct svc_req *rqstp)

{

}

/* nlm_cancel_res ---------------------------------------------------------- */

/*

 * Purpose:	Accept result from earlier nlm_cancel_msg() call

 * Returns:	Nothing

 */

void *

/*ARGSUSED*/

nlm_cancel_res_1_svc(nlm_res *arg, struct svc_req *rqstp)

{

}

/* nlm_unlock_res ---------------------------------------------------------- */

/*

 * Purpose:	Accept result from earlier nlm_unlock_msg() call

 * Returns:	Nothing

 */

void *

/*ARGSUSED*/

nlm_unlock_res_1_svc(nlm_res *arg, struct svc_req *rqstp)

{

}

/* nlm_granted_res --------------------------------------------------------- */

/*

 * Purpose:	Accept result from earlier nlm_granted_msg() call

 * Returns:	Nothing

 */

void *

/*ARGSUSED*/

nlm_granted_res_1_svc(nlm_res *arg, struct svc_req *rqstp)

{

}

/* ------------------------------------------------------------------------- */

/*

 * Calls for PCNFS locking (aka non-monitored locking, no involvement

 * of rpc.statd).

 *

 * These are all genuine RPCs - no nlm_xxx_msg() nonsense here.

 */

/* nlm_share --------------------------------------------------------------- */

/*

 * Purpose:	Establish a DOS-style lock

 * Returns:	success or failure

 * Notes:	Blocking locks are not supported - client is expected

 *		to retry if required.

 */

nlm_shareres *

nlm_share_3_svc(nlm_shareargs *arg, struct svc_req *rqstp)

{

	static nlm_shareres result;

}

/* nlm_unshare ------------------------------------------------------------ */

/*

 * Purpose:	Release a DOS-style lock

 * Returns:	nlm_granted, unless in grace period

 * Notes:

 */

nlm_shareres *

nlm_unshare_3_svc(nlm_shareargs *arg, struct svc_req *rqstp)

{

	static nlm_shareres result;

}

/* nlm_nm_lock ------------------------------------------------------------ */

/*

 * Purpose:	non-monitored version of nlm_lock()

 * Returns:	as for nlm_lock()

 * Notes:	These locks are in the same style as the standard nlm_lock,

 *		but the rpc.statd should not be called to establish a

 *		monitor for the client machine, since that machine is

 *		declared not to be running a rpc.statd, and so would not

 *		respond to the statd protocol.

 */

nlm_res *

nlm_nm_lock_3_svc(nlm_lockargs *arg, struct svc_req *rqstp)

{

	static nlm_res result;

	/* copy cookie from arg to result.  See comment in nlm_test_1() */

}

/* nlm_free_all ------------------------------------------------------------ */

/*

 * Purpose:	Release all locks held by a named client

 * Returns:	Nothing

 * Notes:	Potential denial of service security problem here - the

 *		locks to be released are specified by a host name, independent

 *		of the address from which the request has arrived.

 *		Should probably be rejected if the named host has been

 *		using monitored locks.

 */

void *

/*ARGSUSED*/

nlm_free_all_3_svc(nlm_notify *arg, struct svc_req *rqstp)

{

	static char dummy;

}

/* calls for nlm version 4 (NFSv3) */

/* nlm_test ---------------------------------------------------------------- */

/*

 * Purpose:	Test whether a specified lock would be granted if requested

 * Returns:	nlm_granted (or error code)

 * Notes:

 */

nlm4_testres *

nlm4_test_4_svc(nlm4_testargs *arg, struct svc_req *rqstp)

{

	static nlm4_testres result;

	struct nlm4_holder *holder;

	/*

	 * Copy the cookie from the argument into the result.  Note that this

	 * is slightly hazardous, as the structure contains a pointer to a

	 * malloc()ed buffer that will get freed by the caller.  However, the

	 * main function transmits the result before freeing the argument

	 * so it is in fact safe.

	 */

		    sizeof(struct nlm4_holder));

	}

}

void *

nlm4_test_msg_4_svc(nlm4_testargs *arg, struct svc_req *rqstp)

{

	static char dummy;

	struct sockaddr_in *addr;

	CLIENT *cli;

	int success;

	struct nlm4_holder *holder;

		    sizeof(struct nlm4_holder));

	}

	/*

	 * nlm_test has different result type to the other operations, so

	 * can't use transmit4_result() in this case

	 */

		/* No timeout - not expecting response */

		    &result, xdr_void, &dummy, timeo);

	}

}

/* nlm_lock ---------------------------------------------------------------- */

/*

 * Purposes:	Establish a lock

 * Returns:	granted, denied or blocked

 * Notes:	*** grace period support missing

 */

nlm4_res *

nlm4_lock_4_svc(nlm4_lockargs *arg, struct svc_req *rqstp)

{

	static nlm4_res result;

	/* copy cookie from arg to result.  See comment in nlm_test_4() */

}

void *

nlm4_lock_msg_4_svc(nlm4_lockargs *arg, struct svc_req *rqstp)

{

	static nlm4_res result;

}

/* nlm_cancel -------------------------------------------------------------- */

/*

 * Purpose:	Cancel a blocked lock request

 * Returns:	granted or denied

 * Notes:

 */

nlm4_res *

nlm4_cancel_4_svc(nlm4_cancargs *arg, struct svc_req *rqstp)

{

	static nlm4_res result;

	/* copy cookie from arg to result.  See comment in nlm_test_1() */

	/*

	 * Since at present we never return 'nlm_blocked', there can never be

	 * a lock to cancel, so this call always fails.

	 */

}

void *

nlm4_cancel_msg_4_svc(nlm4_cancargs *arg, struct svc_req *rqstp)

{

	static nlm4_res result;

	/*

	 * Since at present we never return 'nlm_blocked', there can never be

	 * a lock to cancel, so this call always fails.

	 */

}

/* nlm_unlock -------------------------------------------------------------- */

/*

 * Purpose:	Release an existing lock

 * Returns:	Always granted, unless during grace period

 * Notes:	"no such lock" error condition is ignored, as the

 *		protocol uses unreliable UDP datagrams, and may well

 *		re-try an unlock that has already succeeded.

 */

nlm4_res *

nlm4_unlock_4_svc(nlm4_unlockargs *arg, struct svc_req *rqstp)

{

	static nlm4_res result;

}

void *

nlm4_unlock_msg_4_svc(nlm4_unlockargs *arg, struct svc_req *rqstp)

{

	static nlm4_res result;

}

/* ------------------------------------------------------------------------- */

/*

 * Client-side pseudo-RPCs for results.  Note that for the client there

 * are only nlm_xxx_msg() versions of each call, since the 'real RPC'

 * version returns the results in the RPC result, and so the client

 * does not normally receive incoming RPCs.

 *

 * The exception to this is nlm_granted(), which is genuinely an RPC

 * call from the server to the client - a 'call-back' in normal procedure

 * call terms.

 */

/* nlm_granted ------------------------------------------------------------- */

/*

 * Purpose:	Receive notification that formerly blocked lock now granted

 * Returns:	always success ('granted')

 * Notes:

 */

nlm4_res *

nlm4_granted_4_svc(nlm4_testargs *arg, struct svc_req *rqstp)

{

	static nlm4_res result;

	/* copy cookie from arg to result.  See comment in nlm_test_1() */

}

void *

nlm4_granted_msg_4_svc(nlm4_testargs *arg, struct svc_req *rqstp)

{

	static nlm4_res result;

}

/* nlm_test_res ------------------------------------------------------------ */

/*

 * Purpose:	Accept result from earlier nlm_test_msg() call

 * Returns:	Nothing

 */

void *

/*ARGSUSED*/

nlm4_test_res_4_svc(nlm4_testres *arg, struct svc_req *rqstp)

{

}

/* nlm_lock_res ------------------------------------------------------------ */

/*

 * Purpose:	Accept result from earlier nlm_lock_msg() call

 * Returns:	Nothing

 */

void *

/*ARGSUSED*/

nlm4_lock_res_4_svc(nlm4_res *arg, struct svc_req *rqstp)