Create a helper function akin to bindresvport(3) that instead binds to a dynamically assigned port. It uses the rules in RFC 6335 Section 6 to avoid all IANA-assigned service port numbers, even when the caller has the CAP_NET_ADMIN_BIND privilege. This is intended to remain an internal helper for the time being, so this commit provides no header declaration. All internal bindresvport(3) call sites manufacture an INADDR_ANY- type address to pass to bind(2), so the helper handles that as well, to avoid code duplication. This means that callers do not need to pass in a sockaddr. Only an open socket is required. BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=320 Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx> --- src/Makefile.am | 5 +- src/binddynport.c | 132 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+), 2 deletions(-) create mode 100644 src/binddynport.c diff --git a/src/Makefile.am b/src/Makefile.am index fba2aa4..932414d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -15,8 +15,9 @@ lib_LTLIBRARIES = libtirpc.la libtirpc_la_LDFLAGS = @LDFLAG_NOUNDEFINED@ -no-undefined -lpthread libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@ -libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \ - clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ +libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c \ + binddynport.c bindresvport.c \ + clnt_bcast.c clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ clnt_vc.c rpc_dtablesize.c getnetconfig.c getnetpath.c getrpcent.c \ getrpcport.c mt_misc.c pmap_clnt.c pmap_getmaps.c pmap_getport.c \ pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \ diff --git a/src/binddynport.c b/src/binddynport.c new file mode 100644 index 0000000..1580117 --- /dev/null +++ b/src/binddynport.c @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2018, Oracle America, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * - Neither the name of "Oracle America, Inc." nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include <sys/types.h> +#include <sys/socket.h> + +#include <netdb.h> +#include <netinet/in.h> + +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <string.h> + +#include <rpc/rpc.h> + +#include "reentrant.h" +#include "rpc_com.h" + +extern pthread_mutex_t port_lock; + +/* + * Dynamic port range as defined in RFC 6335 Section 6. + * This range avoids all IANA-assigned service port + * numbers. + */ +enum { + LOWPORT = 49152, + ENDPORT = 65534, + NPORTS = ENDPORT - LOWPORT + 1, +}; + +/* + * Bind a socket to a dynamically-assigned IP port. + * + * @fd is an open but unbound socket. + * + * On each call, a port number is chosen at random from + * within the dynamic/private port range, even if the + * caller has CAP_NET_ADMIN_BIND. + * + * Returns 0 on success, -1 on failure. errno may be + * set to a non-determinant value. + * + * This function is re-entrant. + */ +int __binddynport(int fd) +{ + struct sockaddr_storage ss; +#ifdef INET6 + struct sockaddr_in6 *sin6; +#endif + struct sockaddr_in *sin; + in_port_t port, *portp; + struct sockaddr *sap; + socklen_t salen; + unsigned int seed; + int i, res; + + if (__rpc_sockisbound(fd)) + return 0; + + res = -1; + sap = (struct sockaddr *)(void *)&ss; + memset(sap, 0, sizeof(ss)); + + mutex_lock(&port_lock); + + if (getsockname(fd, sap, &salen) == -1) + goto out; + + switch (ss.ss_family) { + case AF_INET: + sin = (struct sockaddr_in *)(void *)&ss; + portp = &sin->sin_port; + salen = sizeof(struct sockaddr_in); + break; +#ifdef INET6 + case AF_INET6: + sin6 = (struct sockaddr_in6 *)(void *)&ss; + portp = &sin6->sin6_port; + salen = sizeof(struct sockaddr_in6); + break; +#endif + default: + goto out; + } + + seed = time(NULL); + port = (rand_r(&seed) % NPORTS) + LOWPORT; + for (i = 0; i < NPORTS; ++i) { + *portp = htons(port++); + res = bind(fd, sap, salen); + if (res >= 0) { + res = 0; + break; + } + if (errno != EADDRINUSE) + break; + if (port > ENDPORT) + port = LOWPORT; + } + +out: + mutex_unlock(&port_lock); + return res; +} -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
