From nobody Sat Feb 01 09:02:12 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YlRbS5F02z5mbHX; Sat, 01 Feb 2025 09:02:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YlRbS2fKHz41PP; Sat, 01 Feb 2025 09:02:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XeUMS7oKhsidz5VBDLFOBk94cnX32H9LHKP2U42ylqg=; b=cIrEu8FbqyAPteCP8wyyA/t5b6mc7ontFKG9C9+fN8Rx/amKZH69vsJcVW09GOcyYvOe2w ds4EISVeyGyQB9YQqvfGNH7skpRUQQYiKSOcJ3ARqhhOOE93TSMf6Dt6KLPDrQTVIJjiks ONzo1gLmuMG2qO+hRWA/hqKGdCpDTme5KVIT4VoU7IFevcWIr0CWHJFzBeeIfWCyxu621l uFBBg53BfYAvyrvO0wbwGp4WtELmaJsjArQyZu0ecX0j/6JDAJbnDgh2+MegrcsuXMpttf PplFp4SemYsvDlWOWqRXs81/mL3Cx1vj3N7ultBkxW7E2zoCKaDPQbaYPLXfpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XeUMS7oKhsidz5VBDLFOBk94cnX32H9LHKP2U42ylqg=; b=td8opQHszHv6bkNL8fZUm2tbSlCezJgvW3kVAihM1+8oESS0IPENeOFmrv5L3+bQzdEo+R PlBSS14WYlQNw431aBvNvEiakOkd/LbhdAjEkvuVshVMoovTuselD22XRCRNJSdlSbo9Ry rlto9zomJaF/U5ijWtG5BwAY0NpLaEsmRcyQfrk+cUtJTx0GPs6K8532zqln4dWcc7u6Iu 5EX602bB+9Db9W2huQ7CWBsu+MDFuhBf8f5rmol99sfY2VEccDmLgJvPRs8MzM9zHkmm4H h4kRE9ElcF1WzoRAanmnUPVnf9hB7C9WtTxWuVM87b4cReWtXT6eufRrPI1Grg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1738400532; a=rsa-sha256; cv=none; b=LWA3fuo/1SLSanSq4ziFmfuwA3RpG63+av8zdjEhuj+U0ehlI+42Kxz86IRO7Ge7tyXrFU JcoxREKQ+wToBnhByV7+yY1xhmrQIJHckdDjC/cxc4ZikNp4a8GZaWi6lcegS3xrVOa9b6 B9X2z3RFmc2gXHZlv4/XtDEENXn14VW3FyW29GsJ7sssEqEd00HGUiI3yNdU/iqxgS4MAV xmwNvjdSaAvpXRlK6nArLS0r6i9m2C3dHAX2Ze5D9gf7CLhHWDkm5H59D9KoYpyDrnFsS7 Ao4wod1NFx9fC+XeXjGI460uqiRS6SIWVnNy9Q+P+/Y5fi12WB2u94n4GQolAA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YlRbS2FsDzxk9; Sat, 01 Feb 2025 09:02:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51192C6S048024; Sat, 1 Feb 2025 09:02:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51192CBZ048021; Sat, 1 Feb 2025 09:02:12 GMT (envelope-from git) Date: Sat, 1 Feb 2025 09:02:12 GMT Message-Id: <202502010902.51192CBZ048021@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: d50fc4ba54e6 - main - rpcbind: run netlink(4) service List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d50fc4ba54e6c95fcff9acf1a137fa037294ffbf Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=d50fc4ba54e6c95fcff9acf1a137fa037294ffbf commit d50fc4ba54e6c95fcff9acf1a137fa037294ffbf Author: Gleb Smirnoff AuthorDate: 2025-02-01 01:02:21 +0000 Commit: Gleb Smirnoff CommitDate: 2025-02-01 09:00:26 +0000 rpcbind: run netlink(4) service To register RPC bindings coming from the kernel. At the moment, we expect such bindings only from the kernel NLM service. Reviewed by: rmacklem Differential Revision: https://reviews.freebsd.org/D48556 --- usr.sbin/rpcbind/rpcbind.c | 69 +++++++++++++++++++++++++++------------------ usr.sbin/rpcbind/security.c | 1 + 2 files changed, 43 insertions(+), 27 deletions(-) diff --git a/usr.sbin/rpcbind/rpcbind.c b/usr.sbin/rpcbind/rpcbind.c index a836afd24009..1397a0222396 100644 --- a/usr.sbin/rpcbind/rpcbind.c +++ b/usr.sbin/rpcbind/rpcbind.c @@ -54,8 +54,10 @@ #include #endif #include +#include #include #include +#include #include #include #include @@ -111,8 +113,20 @@ char *tcp_uaddr; /* Universal TCP address */ #endif static char servname[] = "rpcbind"; static char superuser[] = "superuser"; +static char nlname[] = "netlink"; -int main(int, char *[]); +static struct netconfig netlink_nconf = { + .nc_netid = nlname, + .nc_semantics = NC_TPI_CLTS, +}; + +static struct t_bind netlink_taddr = { + .addr = { + .maxlen = sizeof(nlname), + .len = sizeof(nlname), + .buf = nlname, + }, +}; static int init_transport(struct netconfig *); static void rbllist_add(rpcprog_t, rpcvers_t, struct netconfig *, @@ -188,6 +202,8 @@ main(int argc, char *argv[]) } endnetconfig(nc_handle); + init_transport(&netlink_nconf); + /* * Allocate pipe fd to wake main thread from signal handler in non-racy * way. @@ -256,11 +272,11 @@ main(int argc, char *argv[]) static int init_transport(struct netconfig *nconf) { - int fd; + int fd = -1; struct t_bind taddr; struct addrinfo hints, *res = NULL; struct __rpc_sockinfo si; - SVCXPRT *my_xprt; + SVCXPRT *my_xprt = NULL; int status; /* bound checking ? */ int aicode; int addrlen; @@ -270,6 +286,11 @@ init_transport(struct netconfig *nconf) u_int32_t host_addr[4]; /* IPv4 or IPv6 */ struct sockaddr_un sun; mode_t oldmask; + bool local, netlink; + + local = strcmp(nconf->nc_netid, "local") == 0 || + strcmp(nconf->nc_netid, "unix") == 0; + netlink = strcmp(nconf->nc_netid, "netlink") == 0; if ((nconf->nc_semantics != NC_TPI_CLTS) && (nconf->nc_semantics != NC_TPI_COTS) && @@ -291,8 +312,7 @@ init_transport(struct netconfig *nconf) /* * XXX - using RPC library internal functions. */ - if ((strcmp(nconf->nc_netid, "local") == 0) || - (strcmp(nconf->nc_netid, "unix") == 0)) { + if (local) { /* * For other transports we call this later, for each socket we * like to bind. @@ -313,8 +333,7 @@ init_transport(struct netconfig *nconf) return (1); } - if ((strcmp(nconf->nc_netid, "local") == 0) || - (strcmp(nconf->nc_netid, "unix") == 0)) { + if (local) { memset(&sun, 0, sizeof sun); sun.sun_family = AF_LOCAL; unlink(_PATH_RPCBINDSOCK); @@ -322,7 +341,7 @@ init_transport(struct netconfig *nconf) sun.sun_len = SUN_LEN(&sun); addrlen = sizeof (struct sockaddr_un); sa = (struct sockaddr *)&sun; - } else { + } else if (!netlink) { /* Get rpcbind's address on this transport */ memset(&hints, 0, sizeof hints); @@ -332,8 +351,7 @@ init_transport(struct netconfig *nconf) hints.ai_protocol = si.si_proto; } - if ((strcmp(nconf->nc_netid, "local") != 0) && - (strcmp(nconf->nc_netid, "unix") != 0)) { + if (!local && !netlink) { /* * If no hosts were specified, just bind to INADDR_ANY. * Otherwise make sure 127.0.0.1 is added to the list. @@ -471,15 +489,8 @@ init_transport(struct netconfig *nconf) my_xprt = (SVCXPRT *)svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE); - if (my_xprt == (SVCXPRT *)NULL) { - syslog(LOG_ERR, "%s: could not create service", - nconf->nc_netid); - goto error; - } } - if (!bound) - return 1; - } else { + } else if (local) { oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH); if (bind(fd, sa, addrlen) < 0) { syslog(LOG_ERR, "cannot bind %s: %m", nconf->nc_netid); @@ -520,22 +531,25 @@ init_transport(struct netconfig *nconf) my_xprt = (SVCXPRT *)svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE); - if (my_xprt == (SVCXPRT *)NULL) { + } else { + assert(netlink); + taddr = netlink_taddr; + my_xprt = svc_nl_create("rpcbind"); + } + + if (my_xprt == (SVCXPRT *)NULL) { syslog(LOG_ERR, "%s: could not create service", nconf->nc_netid); goto error; - } } #ifdef PORTMAP /* * Register both the versions for tcp/ip, udp/ip and local. */ - if ((strcmp(nconf->nc_protofmly, NC_INET) == 0 && - (strcmp(nconf->nc_proto, NC_TCP) == 0 || - strcmp(nconf->nc_proto, NC_UDP) == 0)) || - (strcmp(nconf->nc_netid, "unix") == 0) || - (strcmp(nconf->nc_netid, "local") == 0)) { + if (!netlink && (local || (strcmp(nconf->nc_protofmly, NC_INET) == 0 && + (strcmp(nconf->nc_proto, NC_TCP) == 0 || + strcmp(nconf->nc_proto, NC_UDP) == 0)))) { struct pmaplist *pml; if (!svc_register(my_xprt, PMAPPROG, PMAPVERS, @@ -647,7 +661,7 @@ init_transport(struct netconfig *nconf) /* * rmtcall only supported on CLTS transports for now. */ - if (nconf->nc_semantics == NC_TPI_CLTS) { + if (!netlink && nconf->nc_semantics == NC_TPI_CLTS) { status = create_rmtcall_fd(nconf); #ifdef BIND_DEBUG @@ -665,7 +679,8 @@ init_transport(struct netconfig *nconf) } return (0); error: - close(fd); + if (fd != -1) + close(fd); return (1); } diff --git a/usr.sbin/rpcbind/security.c b/usr.sbin/rpcbind/security.c index 6d899f0a9269..d345ffb510d4 100644 --- a/usr.sbin/rpcbind/security.c +++ b/usr.sbin/rpcbind/security.c @@ -145,6 +145,7 @@ is_loopback(struct netbuf *nbuf) (ntohs(sin6->sin6_port) < IPV6PORT_RESERVED)); #endif case AF_LOCAL: + case AF_NETLINK: return 1; default: break;