Date: Sun, 22 Nov 1998 20:52:46 +0000 From: dmlb@ragnet.demon.co.uk To: FreeBSD-gnats-submit@FreeBSD.ORG Cc: dmlb@ragnet.demon.co.uk Subject: kern/8798: Patches to make mount_portal work. Message-ID: <E0zhgUw-0000CB-00@ragnet.demon.co.uk>
next in thread | raw e-mail | index | archive | help
>Number: 8798 >Category: kern >Synopsis: Bug to to portal code. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Nov 22 13:10:01 PST 1998 >Last-Modified: >Originator: Duncan Barclay >Organization: >Release: FreeBSD 3.0-CURRENT i386 >Environment: -current >Description: mount_portal is broken, when run and an attempt is made to open a socket with $ cat /p/tcp/localhost/daytime an error will occur. This is due to bugs in the call to sendmsg in send_reply(), activate.c. There is also a security issue in pt_tcp.c and opening privilaged ports. I think the whole code is bogus but will submit another pr dealing with it. >How-To-Repeat: $ mount_portal /etc/portal.conf /p $ cat /p/tcp/localhost/daytime Nov 22 11:07:54 computer portald[4459]: send: Invalid argument >Fix: Patches included below, diff'd against current CVSup'd 06:30 22/11/98. They may not link as I haven't included pt_tcplisten.c in this pr. Will be following. Index: Makefile =================================================================== RCS file: /ide0.e/ncvs/src/sbin/mount_portal/Makefile,v retrieving revision 1.8 diff -u -r1.8 Makefile --- Makefile 1998/01/20 10:40:04 1.8 +++ Makefile 1998/11/22 16:59:32 @@ -3,7 +3,7 @@ PROG= mount_portal SRCS= mount_portal.c activate.c conf.c getmntopts.c pt_conf.c \ - pt_exec.c pt_file.c pt_tcp.c + pt_exec.c pt_file.c pt_tcp.c MAN8= mount_portal.8 MOUNT= ${.CURDIR}/../mount Index: activate.c =================================================================== RCS file: /ide0.e/ncvs/src/sbin/mount_portal/activate.c,v retrieving revision 1.5 diff -u -r1.5 activate.c --- activate.c 1998/07/06 07:19:23 1.5 +++ activate.c 1998/11/22 20:40:05 @@ -45,6 +45,9 @@ #include <errno.h> #include <string.h> #include <unistd.h> +#ifdef DEBUG +#include <stdio.h> +#endif /* DEBUG */ #include <sys/types.h> #include <sys/param.h> #include <sys/socket.h> @@ -111,7 +114,7 @@ int error; { int n; - struct iovec iov; + struct iovec iov[1]; struct msghdr msg; struct { struct cmsghdr cmsg; @@ -122,15 +125,17 @@ * Line up error code. Don't worry about byte ordering * because we must be sending to the local machine. */ - iov.iov_base = (caddr_t) &error; - iov.iov_len = sizeof(error); + iov[0].iov_base = (caddr_t) &error; + iov[0].iov_len = sizeof(error); /* * Build a msghdr */ memset(&msg, 0, sizeof(msg)); - msg.msg_iov = &iov; + msg.msg_iov = iov; msg.msg_iovlen = 1; + msg.msg_name = NULL; + msg.msg_namelen = 0; /* * If there is a file descriptor to send then @@ -148,7 +153,7 @@ /* * Send to kernel... */ - if ((n = sendmsg(so, &msg, MSG_EOR)) < 0) + if ((n = sendmsg(so, &msg, 0)) < 0) syslog(LOG_ERR, "send: %s", strerror(errno)); #ifdef DEBUG fprintf(stderr, "sent %d bytes\n", n); @@ -206,6 +211,10 @@ error = ENOENT; } +#ifdef DEBUG + fprintf(stderr, "returning fd = %d\n", fd); + fprintf(stderr, " error = %d [%s]\n", error, strerror(error)); +#endif DEBUG if (error >= 0) send_reply(so, fd, error); Index: mount_portal.8 =================================================================== RCS file: /ide0.e/ncvs/src/sbin/mount_portal/mount_portal.8,v retrieving revision 1.3 diff -u -r1.3 mount_portal.8 --- mount_portal.8 1998/07/06 07:19:25 1.3 +++ mount_portal.8 1998/11/22 17:05:05 @@ -89,11 +89,22 @@ By convention, the portal daemon divides the namespace into sub-namespaces, each of which handles objects of a particular type. .Pp -Currently, two sub-namespaces are implemented: +Currently, three sub-namespaces are implemented: +.Pa tcplisten , .Pa tcp and .Pa fs . The +.Pa tcplisten +namespace takes a slash separated hostname and port and creates a TCP/IP +socket bound to the given hostname-port pair. The hostname may be +specified as "ANY" to allow any other host to connect to the socket. A +port number of 0 will dynamically allocate a port, this can be +discovered by calling +.Xr getsockname 8 +with the returned file descriptor. Privilaged ports can only be bound to +by the super-user. +The .Pa tcp namespace takes a hostname and a port (slash separated) and creates an open TCP/IP connection. @@ -116,6 +127,7 @@ Subsequent fields are passed to the creation function. .Bd -literal # @(#)portal.conf 5.1 (Berkeley) 7/13/92 +tcplisten/ tcplisten tcplisten/ tcp/ tcp tcp/ fs/ file fs/ .Ed Index: mount_portal.c =================================================================== RCS file: /ide0.e/ncvs/src/sbin/mount_portal/mount_portal.c,v retrieving revision 1.13 diff -u -r1.13 mount_portal.c --- mount_portal.c 1998/07/06 07:19:25 1.13 +++ mount_portal.c 1998/11/22 17:05:53 @@ -190,7 +190,9 @@ /* * Everything is ready to go - now is a good time to fork */ +#ifndef DEBUG daemon(0, 0); +#endif /* * Start logging (and change name) Index: portald.h =================================================================== RCS file: /ide0.e/ncvs/src/sbin/mount_portal/portald.h,v retrieving revision 1.3 diff -u -r1.3 portald.h --- portald.h 1997/02/22 14:32:55 1.3 +++ portald.h 1998/11/22 17:06:52 @@ -73,6 +73,8 @@ char *key, char **v, int so, int *fdp)); extern int portal_tcp __P((struct portal_cred *, char *key, char **v, int so, int *fdp)); +extern int portal_tcplisten __P((struct portal_cred *, + char *key, char **v, int so, int *fdp)); /* * Global functions Index: pt_conf.c =================================================================== RCS file: /ide0.e/ncvs/src/sbin/mount_portal/pt_conf.c,v retrieving revision 1.4 diff -u -r1.4 pt_conf.c --- pt_conf.c 1998/07/06 07:19:25 1.4 +++ pt_conf.c 1998/11/22 17:07:19 @@ -50,5 +50,6 @@ { "exec", portal_exec }, { "file", portal_file }, { "tcp", portal_tcp }, + { "tcplisten", portal_tcplisten }, { 0, 0 } }; Index: pt_file.c =================================================================== RCS file: /ide0.e/ncvs/src/sbin/mount_portal/pt_file.c,v retrieving revision 1.7 diff -u -r1.7 pt_file.c --- pt_file.c 1998/07/06 07:19:26 1.7 +++ pt_file.c 1998/11/22 20:39:51 @@ -46,6 +46,9 @@ #include <fcntl.h> #include <string.h> #include <unistd.h> +#ifdef DEBUG +#include <stdio.h> +#endif /* DEBUG */ #include <sys/types.h> #include <sys/param.h> #include <sys/syslog.h> Index: pt_tcp.c =================================================================== RCS file: /ide0.e/ncvs/src/sbin/mount_portal/pt_tcp.c,v retrieving revision 1.7 diff -u -r1.7 pt_tcp.c --- pt_tcp.c 1998/07/06 07:19:27 1.7 +++ pt_tcp.c 1998/11/22 17:08:14 @@ -124,9 +124,9 @@ #endif sp = getservbyname(port, "tcp"); - if (sp != NULL) + if (sp != NULL) { s_port = (u_short)sp->s_port; - else { + } else { s_port = strtoul(port, &p, 0); if (s_port == 0 || *p != '\0') return (EINVAL); >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0zhgUw-0000CB-00>