xref: /titanic_44/usr/src/lib/libnsl/rpc/xdr_rec.c (revision 61961e0f20c7637a3846bb39786bb9dffa91dfb9)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 
23 /*
24  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
25  * Use is subject to license terms.
26  */
27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
28 /* All Rights Reserved */
29 /*
30  * Portions of this source code were derived from Berkeley
31  * 4.3 BSD under license from the Regents of the University of
32  * California.
33  */
34 
35 #pragma ident	"%Z%%M%	%I%	%E% SMI"
36 
37 /*
38  * xdr_rec.c, Implements (TCP/IP based) XDR streams with a "record marking"
39  * layer above connection oriented transport layer (e.g. tcp) (for rpc's use).
40  *
41  *
42  * These routines interface XDRSTREAMS to a (tcp/ip) connection transport.
43  * There is a record marking layer between the xdr stream
44  * and the (tcp) cv transport level.  A record is composed on one or more
45  * record fragments.  A record fragment is a thirty-two bit header followed
46  * by n bytes of data, where n is contained in the header.  The header
47  * is represented as a htonl(ulong_t).  The order bit encodes
48  * whether or not the fragment is the last fragment of the record
49  * (1 => fragment is last, 0 => more fragments to follow.
50  * The other 31 bits encode the byte length of the fragment.
51  */
52 
53 #include "mt.h"
54 #include "rpc_mt.h"
55 #include <stdio.h>
56 #include <rpc/types.h>
57 #include <rpc/rpc.h>
58 #include <sys/types.h>
59 #include <syslog.h>
60 #include <memory.h>
61 #include <stdlib.h>
62 #include <unistd.h>
63 #include <inttypes.h>
64 #include <string.h>
65 
66 /*
67  * A record is composed of one or more record fragments.
68  * A record fragment is a four-byte header followed by zero to
69  * 2**32-1 bytes.  The header is treated as a long unsigned and is
70  * encode/decoded to the network via htonl/ntohl.  The low order 31 bits
71  * are a byte count of the fragment.  The highest order bit is a boolean:
72  * 1 => this fragment is the last fragment of the record,
73  * 0 => this fragment is followed by more fragment(s).
74  *
75  * The fragment/record machinery is not general;  it is constructed to
76  * meet the needs of xdr and rpc based on tcp.
77  */
78 
79 #define	LAST_FRAG (((uint32_t)1 << 31))
80 
81 /*
82  * Minimum fragment size is size of rpc callmsg over TCP:
83  * xid direction vers prog vers proc
84  *   cred flavor, cred length, cred
85  *   verf flavor, verf length, verf
86  *   (with no cred or verf allocated)
87  */
88 #define	MIN_FRAG	(10 * BYTES_PER_XDR_UNIT)
89 
90 typedef struct rec_strm {
91 	caddr_t tcp_handle;
92 	/*
93 	 * out-going bits
94 	 */
95 	int (*writeit)();
96 	caddr_t out_base;	/* output buffer (points to frag header) */
97 	caddr_t out_finger;	/* next output position */
98 	caddr_t out_boundry;	/* data cannot up to this address */
99 	uint32_t *frag_header;	/* beginning of current fragment */
100 	bool_t frag_sent;	/* true if buffer sent in middle of record */
101 	/*
102 	 * in-coming bits
103 	 */
104 	int (*readit)();
105 	caddr_t in_base;	/* input buffer */
106 	caddr_t in_finger;	/* location of next byte to be had */
107 	caddr_t in_boundry;	/* can read up to this location */
108 	int fbtbc;		/* fragment bytes to be consumed */
109 	bool_t last_frag;
110 	uint_t sendsize;
111 	uint_t recvsize;
112 	/*
113 	 * Is this the first time that the
114 	 * getbytes routine has been called ?
115 	 */
116 	uint_t firsttime;
117 	/*
118 	 * Is this non-blocked?
119 	 */
120 	uint_t in_nonblock;	/* non-blocked input */
121 	uint_t in_needpoll;	/* need to poll to get more data ? */
122 	uint32_t in_maxrecsz;	/* maximum record size */
123 	caddr_t in_nextrec;	/* start of next record */
124 	uint32_t in_nextrecsz;	/* part of next record in buffer */
125 } RECSTREAM;
126 
127 static uint_t	fix_buf_size(uint_t);
128 static struct	xdr_ops *xdrrec_ops(void);
129 static bool_t	xdrrec_getbytes(XDR *, caddr_t, int);
130 static bool_t	flush_out(RECSTREAM *, bool_t);
131 static bool_t	get_input_bytes(RECSTREAM *, caddr_t, int, bool_t);
132 static bool_t	set_input_fragment(RECSTREAM *);
133 static bool_t	skip_input_bytes(RECSTREAM *, int32_t);
134 
135 bool_t		__xdrrec_getbytes_nonblock(XDR *, enum xprt_stat *);
136 
137 /*
138  * Create an xdr handle for xdrrec
139  * xdrrec_create fills in xdrs.  Sendsize and recvsize are
140  * send and recv buffer sizes (0 => use default).
141  * vc_handle is an opaque handle that is passed as the first parameter to
142  * the procedures readit and writeit.  Readit and writeit are read and
143  * write respectively. They are like the system calls expect that they
144  * take an opaque handle rather than an fd.
145  */
146 
147 static const char mem_err_msg_rec[] = "xdrrec_create: out of memory";
148 
149 void
xdrrec_create(XDR * xdrs,const uint_t sendsize,const uint_t recvsize,const caddr_t tcp_handle,int (* readit)(),int (* writeit)())150 xdrrec_create(XDR *xdrs, const uint_t sendsize, const uint_t recvsize,
151     const caddr_t tcp_handle, int (*readit)(), int (*writeit)())
152 {
153 	RECSTREAM *rstrm = malloc(sizeof (RECSTREAM));
154 
155 	/*
156 	 * XXX: Should still rework xdrrec_create to return a handle,
157 	 * and in any malloc-failure case return NULL.
158 	 */
159 	if (rstrm == NULL) {
160 		(void) syslog(LOG_ERR, mem_err_msg_rec);
161 		return;
162 	}
163 	/*
164 	 * Adjust sizes and allocate buffers; malloc(3C)
165 	 * provides a buffer suitably aligned for any use, so
166 	 * there's no need for us to mess around with alignment.
167 	 *
168 	 * Since non-blocking connections may need to reallocate the input
169 	 * buffer, we use separate malloc()s for input and output.
170 	 */
171 	rstrm->sendsize = fix_buf_size(sendsize);
172 	rstrm->recvsize = fix_buf_size(recvsize);
173 	rstrm->out_base = malloc(rstrm->sendsize);
174 	if (rstrm->out_base == NULL) {
175 		(void) syslog(LOG_ERR, mem_err_msg_rec);
176 		free(rstrm);
177 		return;
178 	}
179 	rstrm->in_base = malloc(rstrm->recvsize);
180 	if (rstrm->in_base == NULL) {
181 		(void) syslog(LOG_ERR, mem_err_msg_rec);
182 		free(rstrm->out_base);
183 		free(rstrm);
184 		return;
185 	}
186 
187 	/*
188 	 * now the rest ...
189 	 */
190 
191 	xdrs->x_ops = xdrrec_ops();
192 	xdrs->x_private = (caddr_t)rstrm;
193 	rstrm->tcp_handle = tcp_handle;
194 	rstrm->readit = readit;
195 	rstrm->writeit = writeit;
196 	rstrm->out_finger = rstrm->out_boundry = rstrm->out_base;
197 	/* LINTED pointer cast */
198 	rstrm->frag_header = (uint32_t *)rstrm->out_base;
199 	rstrm->out_finger += sizeof (uint_t);
200 	rstrm->out_boundry += rstrm->sendsize;
201 	rstrm->frag_sent = FALSE;
202 	rstrm->in_boundry = rstrm->in_base;
203 	rstrm->in_finger = (rstrm->in_boundry += rstrm->recvsize);
204 	rstrm->fbtbc = 0;
205 	rstrm->last_frag = TRUE;
206 	rstrm->firsttime = 0;
207 	rstrm->in_nonblock = 0;
208 	rstrm->in_needpoll = 1;
209 	rstrm->in_maxrecsz = 0;
210 	rstrm->in_nextrec = rstrm->in_base;
211 	rstrm->in_nextrecsz = 0;
212 }
213 
214 /*
215  * Align input stream.  If all applications behaved correctly, this
216  * defensive procedure will not be necessary, since received data will be
217  * aligned correctly.
218  */
219 static void
align_instream(RECSTREAM * rstrm)220 align_instream(RECSTREAM *rstrm)
221 {
222 	int current = rstrm->in_boundry - rstrm->in_finger;
223 
224 	(void) memcpy(rstrm->in_base, rstrm->in_finger, current);
225 	rstrm->in_finger = rstrm->in_base;
226 	rstrm->in_boundry = rstrm->in_finger + current;
227 }
228 
229 /*
230  * The routines defined below are the xdr ops which will go into the
231  * xdr handle filled in by xdrrec_create.
232  */
233 static bool_t
xdrrec_getint32(XDR * xdrs,int32_t * ip)234 xdrrec_getint32(XDR *xdrs, int32_t *ip)
235 {
236 	/* LINTED pointer cast */
237 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
238 	/* LINTED pointer cast */
239 	int32_t *buflp = (int32_t *)(rstrm->in_finger);
240 	int32_t mylong;
241 
242 	/* first try the inline, fast case */
243 	if ((rstrm->fbtbc >= (int)sizeof (int32_t)) &&
244 		((uint_t)(rstrm->in_boundry - (caddr_t)buflp) >=
245 					(uint_t)sizeof (int32_t))) {
246 		/*
247 		 * Check if buflp is longword aligned.  If not, align it.
248 		 */
249 		if (((uintptr_t)buflp) & ((int)sizeof (int32_t) - 1)) {
250 			align_instream(rstrm);
251 			/* LINTED pointer cast */
252 			buflp = (int32_t *)(rstrm->in_finger);
253 		}
254 		*ip = (int32_t)ntohl((uint32_t)(*buflp));
255 		rstrm->fbtbc -= (int)sizeof (int32_t);
256 		rstrm->in_finger += sizeof (int32_t);
257 	} else {
258 		if (!xdrrec_getbytes(xdrs, (caddr_t)&mylong, sizeof (int32_t)))
259 			return (FALSE);
260 		*ip = (int32_t)ntohl((uint32_t)mylong);
261 	}
262 	return (TRUE);
263 }
264 
265 static bool_t
xdrrec_putint32(XDR * xdrs,int32_t * ip)266 xdrrec_putint32(XDR *xdrs, int32_t *ip)
267 {
268 	/* LINTED pointer cast */
269 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
270 	/* LINTED pointer cast */
271 	int32_t *dest_lp = ((int32_t *)(rstrm->out_finger));
272 
273 	if ((rstrm->out_finger += sizeof (int32_t)) > rstrm->out_boundry) {
274 		/*
275 		 * this case should almost never happen so the code is
276 		 * inefficient
277 		 */
278 		rstrm->out_finger -= sizeof (int32_t);
279 		rstrm->frag_sent = TRUE;
280 		if (!flush_out(rstrm, FALSE))
281 			return (FALSE);
282 		/* LINTED pointer cast */
283 		dest_lp = ((int32_t *)(rstrm->out_finger));
284 		rstrm->out_finger += sizeof (int32_t);
285 	}
286 	*dest_lp = (int32_t)htonl((uint32_t)(*ip));
287 	return (TRUE);
288 }
289 
290 static bool_t
xdrrec_getlong(XDR * xdrs,long * lp)291 xdrrec_getlong(XDR *xdrs, long *lp)
292 {
293 	int32_t i;
294 
295 	if (!xdrrec_getint32(xdrs, &i))
296 		return (FALSE);
297 	*lp = (long)i;
298 	return (TRUE);
299 }
300 
301 static bool_t
xdrrec_putlong(XDR * xdrs,long * lp)302 xdrrec_putlong(XDR *xdrs, long *lp)
303 {
304 	int32_t i;
305 
306 #if defined(_LP64)
307 	if ((*lp > INT32_MAX) || (*lp < INT32_MIN))
308 		return (FALSE);
309 #endif
310 
311 	i = (int32_t)*lp;
312 
313 	return (xdrrec_putint32(xdrs, &i));
314 }
315 
316 static bool_t	/* must manage buffers, fragments, and records */
xdrrec_getbytes(XDR * xdrs,caddr_t addr,int len)317 xdrrec_getbytes(XDR *xdrs, caddr_t addr, int len)
318 {
319 	/* LINTED pointer cast */
320 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
321 	int current;
322 
323 	while (len > 0) {
324 		current = rstrm->fbtbc;
325 		if (current == 0) {
326 			if (rstrm->last_frag)
327 				return (FALSE);
328 			if (!set_input_fragment(rstrm))
329 				return (FALSE);
330 			continue;
331 		}
332 		current = (len < current) ? len : current;
333 		if (!get_input_bytes(rstrm, addr, current, FALSE))
334 			return (FALSE);
335 		addr += current;
336 		rstrm->fbtbc -= current;
337 		len -= current;
338 	}
339 	return (TRUE);
340 }
341 
342 static bool_t
xdrrec_putbytes(XDR * xdrs,caddr_t addr,int len)343 xdrrec_putbytes(XDR *xdrs, caddr_t addr, int len)
344 {
345 	/* LINTED pointer cast */
346 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
347 	int current;
348 
349 	while (len > 0) {
350 
351 		current = (uintptr_t)rstrm->out_boundry -
352 			(uintptr_t)rstrm->out_finger;
353 		current = (len < current) ? len : current;
354 		(void) memcpy(rstrm->out_finger, addr, current);
355 		rstrm->out_finger += current;
356 		addr += current;
357 		len -= current;
358 		if (rstrm->out_finger == rstrm->out_boundry) {
359 			rstrm->frag_sent = TRUE;
360 			if (!flush_out(rstrm, FALSE))
361 				return (FALSE);
362 		}
363 	}
364 	return (TRUE);
365 }
366 /*
367  * This is just like the ops vector x_getbytes(), except that
368  * instead of returning success or failure on getting a certain number
369  * of bytes, it behaves much more like the read() system call against a
370  * pipe -- it returns up to the number of bytes requested and a return of
371  * zero indicates end-of-record.  A -1 means something very bad happened.
372  */
373 uint_t /* must manage buffers, fragments, and records */
xdrrec_readbytes(XDR * xdrs,caddr_t addr,uint_t l)374 xdrrec_readbytes(XDR *xdrs, caddr_t addr, uint_t l)
375 {
376 	/* LINTED pointer cast */
377 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
378 	int current, len;
379 
380 	len = l;
381 	while (len > 0) {
382 		current = rstrm->fbtbc;
383 		if (current == 0) {
384 			if (rstrm->last_frag)
385 				return (l - len);
386 			if (!set_input_fragment(rstrm))
387 				return ((uint_t)-1);
388 			continue;
389 		}
390 		current = (len < current) ? len : current;
391 		if (!get_input_bytes(rstrm, addr, current, FALSE))
392 			return ((uint_t)-1);
393 		addr += current;
394 		rstrm->fbtbc -= current;
395 		len -= current;
396 	}
397 	return (l - len);
398 }
399 
400 static uint_t
xdrrec_getpos(XDR * xdrs)401 xdrrec_getpos(XDR *xdrs)
402 {
403 	/* LINTED pointer cast */
404 	RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
405 	int32_t pos;
406 
407 	pos = lseek((intptr_t)rstrm->tcp_handle, 0, 1);
408 	if (pos != -1)
409 		switch (xdrs->x_op) {
410 
411 		case XDR_ENCODE:
412 			pos += rstrm->out_finger - rstrm->out_base;
413 			break;
414 
415 		case XDR_DECODE:
416 			pos -= rstrm->in_boundry - rstrm->in_finger;
417 			break;
418 
419 		default:
420 			pos = (uint_t)-1;
421 			break;
422 		}
423 	return ((uint_t)pos);
424 }
425 
426 static bool_t
xdrrec_setpos(XDR * xdrs,uint_t pos)427 xdrrec_setpos(XDR *xdrs, uint_t pos)
428 {
429 	/* LINTED pointer cast */
430 	RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
431 	uint_t currpos = xdrrec_getpos(xdrs);
432 	int delta = currpos - pos;
433 	caddr_t newpos;
434 
435 	if ((int)currpos != -1)
436 		switch (xdrs->x_op) {
437 
438 		case XDR_ENCODE:
439 			newpos = rstrm->out_finger - delta;
440 			if ((newpos > (caddr_t)(rstrm->frag_header)) &&
441 				(newpos < rstrm->out_boundry)) {
442 				rstrm->out_finger = newpos;
443 				return (TRUE);
444 			}
445 			break;
446 
447 		case XDR_DECODE:
448 			newpos = rstrm->in_finger - delta;
449 			if ((delta < (int)(rstrm->fbtbc)) &&
450 				(newpos <= rstrm->in_boundry) &&
451 				(newpos >= rstrm->in_base)) {
452 				rstrm->in_finger = newpos;
453 				rstrm->fbtbc -= delta;
454 				return (TRUE);
455 			}
456 			break;
457 		}
458 	return (FALSE);
459 }
460 
461 static rpc_inline_t *
xdrrec_inline(XDR * xdrs,int len)462 xdrrec_inline(XDR *xdrs, int len)
463 {
464 	/* LINTED pointer cast */
465 	RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
466 	rpc_inline_t *buf = NULL;
467 
468 	switch (xdrs->x_op) {
469 
470 	case XDR_ENCODE:
471 		if ((rstrm->out_finger + len) <= rstrm->out_boundry) {
472 			/* LINTED pointer cast */
473 			buf = (rpc_inline_t *)rstrm->out_finger;
474 			rstrm->out_finger += len;
475 		}
476 		break;
477 
478 	case XDR_DECODE:
479 		if ((len <= rstrm->fbtbc) &&
480 			((rstrm->in_finger + len) <= rstrm->in_boundry)) {
481 			/*
482 			 * Check if rstrm->in_finger is longword aligned;
483 			 * if not, align it.
484 			 */
485 			if (((intptr_t)rstrm->in_finger) &
486 			    (sizeof (int32_t) - 1))
487 				align_instream(rstrm);
488 			/* LINTED pointer cast */
489 			buf = (rpc_inline_t *)rstrm->in_finger;
490 			rstrm->fbtbc -= len;
491 			rstrm->in_finger += len;
492 		}
493 		break;
494 	}
495 	return (buf);
496 }
497 
498 static void
xdrrec_destroy(XDR * xdrs)499 xdrrec_destroy(XDR *xdrs)
500 {
501 	/* LINTED pointer cast */
502 	RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
503 
504 	free(rstrm->out_base);
505 	free(rstrm->in_base);
506 	free(rstrm);
507 }
508 
509 
510 /*
511  * Exported routines to manage xdr records
512  */
513 
514 /*
515  * Before reading (deserializing) from the stream, one should always call
516  * this procedure to guarantee proper record alignment.
517  */
518 bool_t
xdrrec_skiprecord(XDR * xdrs)519 xdrrec_skiprecord(XDR *xdrs)
520 {
521 	/* LINTED pointer cast */
522 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
523 
524 	if (rstrm->in_nonblock) {
525 		enum xprt_stat pstat;
526 		/*
527 		 * Read and discard a record from the non-blocking
528 		 * buffer. Return succes only if a complete record can
529 		 * be retrieved without blocking, or if the buffer was
530 		 * empty and there was no data to fetch.
531 		 */
532 		if (__xdrrec_getbytes_nonblock(xdrs, &pstat) ||
533 			(pstat == XPRT_MOREREQS &&
534 				rstrm->in_finger == rstrm->in_boundry)) {
535 			rstrm->fbtbc = 0;
536 			return (TRUE);
537 		}
538 		return (FALSE);
539 	}
540 	while (rstrm->fbtbc > 0 || (!rstrm->last_frag)) {
541 		if (!skip_input_bytes(rstrm, rstrm->fbtbc))
542 			return (FALSE);
543 		rstrm->fbtbc = 0;
544 		if ((!rstrm->last_frag) && (!set_input_fragment(rstrm)))
545 			return (FALSE);
546 	}
547 	rstrm->last_frag = FALSE;
548 	return (TRUE);
549 }
550 
551 /*
552  * Look ahead fuction.
553  * Returns TRUE iff there is no more input in the buffer
554  * after consuming the rest of the current record.
555  */
556 bool_t
xdrrec_eof(XDR * xdrs)557 xdrrec_eof(XDR *xdrs)
558 {
559 	/* LINTED pointer cast */
560 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
561 
562 	if (rstrm->in_nonblock) {
563 		/*
564 		 * If in_needpoll is true, the non-blocking XDR stream
565 		 * does not have a complete record.
566 		 */
567 		return (rstrm->in_needpoll);
568 	}
569 	while (rstrm->fbtbc > 0 || (!rstrm->last_frag)) {
570 		if (!skip_input_bytes(rstrm, rstrm->fbtbc))
571 			return (TRUE);
572 		rstrm->fbtbc = 0;
573 		if ((!rstrm->last_frag) && (!set_input_fragment(rstrm)))
574 			return (TRUE);
575 	}
576 	if (rstrm->in_finger == rstrm->in_boundry)
577 		return (TRUE);
578 	return (FALSE);
579 }
580 
581 /*
582  * The client must tell the package when an end-of-record has occurred.
583  * The second parameters tells whether the record should be flushed to the
584  * (output) tcp stream.  (This let's the package support batched or
585  * pipelined procedure calls.)  TRUE => immmediate flush to tcp connection.
586  */
587 bool_t
xdrrec_endofrecord(XDR * xdrs,bool_t sendnow)588 xdrrec_endofrecord(XDR *xdrs, bool_t sendnow)
589 {
590 	/* LINTED pointer cast */
591 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
592 	uint32_t len;	/* fragment length */
593 
594 	if (sendnow || rstrm->frag_sent ||
595 		((uintptr_t)rstrm->out_finger + sizeof (uint32_t) >=
596 		(uintptr_t)rstrm->out_boundry)) {
597 		rstrm->frag_sent = FALSE;
598 		return (flush_out(rstrm, TRUE));
599 	}
600 	len = (uintptr_t)(rstrm->out_finger) - (uintptr_t)(rstrm->frag_header) -
601 		sizeof (uint32_t);
602 	*(rstrm->frag_header) = htonl((uint32_t)len | LAST_FRAG);
603 	/* LINTED pointer cast */
604 	rstrm->frag_header = (uint32_t *)rstrm->out_finger;
605 	rstrm->out_finger += sizeof (uint32_t);
606 	return (TRUE);
607 }
608 
609 
610 /*
611  * Internal useful routines
612  */
613 static bool_t
flush_out(RECSTREAM * rstrm,bool_t eor)614 flush_out(RECSTREAM *rstrm, bool_t eor)
615 {
616 	uint32_t eormask = (eor == TRUE) ? LAST_FRAG : 0;
617 	uint32_t len = (uintptr_t)(rstrm->out_finger) -
618 		(uintptr_t)(rstrm->frag_header) - sizeof (uint32_t);
619 	int written;
620 
621 	*(rstrm->frag_header) = htonl(len | eormask);
622 	len = (uintptr_t)(rstrm->out_finger) - (uintptr_t)(rstrm->out_base);
623 
624 	written = (*(rstrm->writeit))
625 	    (rstrm->tcp_handle, rstrm->out_base, (int)len);
626 	/*
627 	 * Handle the specific 'CANT_STORE' error. In this case, the
628 	 * fragment must be cleared.
629 	 */
630 	if ((written != (int)len) && (written != -2))
631 		return (FALSE);
632 	/* LINTED pointer cast */
633 	rstrm->frag_header = (uint32_t *)rstrm->out_base;
634 	rstrm->out_finger = (caddr_t)rstrm->out_base + sizeof (uint32_t);
635 
636 	return (TRUE);
637 }
638 
639 /* knows nothing about records!  Only about input buffers */
640 static bool_t
fill_input_buf(RECSTREAM * rstrm,bool_t do_align)641 fill_input_buf(RECSTREAM *rstrm, bool_t do_align)
642 {
643 	caddr_t where;
644 	int len;
645 
646 	if (rstrm->in_nonblock) {
647 		/* Should never get here in the non-blocking case */
648 		return (FALSE);
649 	}
650 	where = rstrm->in_base;
651 	if (do_align) {
652 		len = rstrm->recvsize;
653 	} else {
654 		uint_t i = (uintptr_t)rstrm->in_boundry % BYTES_PER_XDR_UNIT;
655 
656 		where += i;
657 		len = rstrm->recvsize - i;
658 	}
659 	if ((len = (*(rstrm->readit))(rstrm->tcp_handle, where, len)) == -1)
660 		return (FALSE);
661 	rstrm->in_finger = where;
662 	where += len;
663 	rstrm->in_boundry = where;
664 	return (TRUE);
665 }
666 
667 /* knows nothing about records!  Only about input buffers */
668 static bool_t
get_input_bytes(RECSTREAM * rstrm,caddr_t addr,int len,bool_t do_align)669 get_input_bytes(RECSTREAM *rstrm, caddr_t addr,
670 		int len, bool_t do_align)
671 {
672 	int current;
673 
674 	if (rstrm->in_nonblock) {
675 		/*
676 		 * Data should already be in the rstrm buffer, so we just
677 		 * need to copy it to 'addr'.
678 		 */
679 		current = (int)(rstrm->in_boundry - rstrm->in_finger);
680 		if (len > current)
681 			return (FALSE);
682 		(void) memcpy(addr, rstrm->in_finger, len);
683 		rstrm->in_finger += len;
684 		addr += len;
685 		return (TRUE);
686 	}
687 
688 	while (len > 0) {
689 		current = (intptr_t)rstrm->in_boundry -
690 			(intptr_t)rstrm->in_finger;
691 		if (current == 0) {
692 			if (!fill_input_buf(rstrm, do_align))
693 				return (FALSE);
694 			continue;
695 		}
696 		current = (len < current) ? len : current;
697 		(void) memcpy(addr, rstrm->in_finger, current);
698 		rstrm->in_finger += current;
699 		addr += current;
700 		len -= current;
701 		do_align = FALSE;
702 	}
703 	return (TRUE);
704 }
705 
706 /* next four bytes of the input stream are treated as a header */
707 static bool_t
set_input_fragment(RECSTREAM * rstrm)708 set_input_fragment(RECSTREAM *rstrm)
709 {
710 	uint32_t header;
711 
712 	if (rstrm->in_nonblock) {
713 		/*
714 		 * In the non-blocking case, the fragment headers should
715 		 * already have been consumed, so we should never get
716 		 * here. Might as well return failure right away.
717 		 */
718 		return (FALSE);
719 	}
720 	if (!get_input_bytes(rstrm, (caddr_t)&header, (int)sizeof (header),
721 							rstrm->last_frag))
722 		return (FALSE);
723 	header = (uint32_t)ntohl(header);
724 	rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE;
725 	rstrm->fbtbc = header & (~LAST_FRAG);
726 	return (TRUE);
727 }
728 
729 /* consumes input bytes; knows nothing about records! */
730 static bool_t
skip_input_bytes(RECSTREAM * rstrm,int32_t cnt)731 skip_input_bytes(RECSTREAM *rstrm, int32_t cnt)
732 {
733 	int current;
734 
735 	while (cnt > 0) {
736 		current = (intptr_t)rstrm->in_boundry -
737 			(intptr_t)rstrm->in_finger;
738 		if (current == 0) {
739 			if (!fill_input_buf(rstrm, FALSE))
740 				return (FALSE);
741 			continue;
742 		}
743 		current = (cnt < current) ? cnt : current;
744 		rstrm->in_finger += current;
745 		cnt -= current;
746 	}
747 	return (TRUE);
748 }
749 
750 
751 static bool_t
__xdrrec_nonblock_realloc(RECSTREAM * rstrm,uint32_t newsize)752 __xdrrec_nonblock_realloc(RECSTREAM *rstrm, uint32_t newsize)
753 {
754 	caddr_t newbuf = rstrm->in_base;
755 	ptrdiff_t offset;
756 	bool_t ret = TRUE;
757 
758 	if (newsize > rstrm->recvsize) {
759 		newbuf = (caddr_t)realloc(newbuf, newsize);
760 		if (newbuf == 0) {
761 			ret = FALSE;
762 		} else {
763 			/* Make pointers valid for the new buffer */
764 			offset = newbuf - rstrm->in_base;
765 			rstrm->in_finger += offset;
766 			rstrm->in_boundry += offset;
767 			rstrm->in_nextrec += offset;
768 			rstrm->in_base = newbuf;
769 			rstrm->recvsize = newsize;
770 		}
771 	}
772 
773 	return (ret);
774 }
775 
776 /*
777  * adjust sizes and allocate buffer quad byte aligned
778  */
779 bool_t
__xdrrec_set_conn_nonblock(XDR * xdrs,uint32_t tcp_maxrecsz)780 __xdrrec_set_conn_nonblock(XDR *xdrs, uint32_t tcp_maxrecsz)
781 {
782 	/* LINTED pointer cast */
783 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
784 	size_t newsize;
785 
786 	rstrm->in_nonblock = TRUE;
787 	if (tcp_maxrecsz == 0) {
788 		/*
789 		 * If maxrecsz has not been set, use the default
790 		 * that was set from xdrrec_create() and
791 		 * fix_buf_size()
792 		 */
793 		rstrm->in_maxrecsz = rstrm->recvsize;
794 		return (TRUE);
795 	}
796 	rstrm->in_maxrecsz = tcp_maxrecsz;
797 	if (tcp_maxrecsz <= rstrm->recvsize)
798 		return (TRUE);
799 
800 	/*
801 	 * For nonblocked connection, the entire record is read into the
802 	 * buffer before any xdr processing. This implies that the record
803 	 * size must allow for the maximum expected message size of the
804 	 * service. However, it's inconvenient to allocate very large
805 	 * buffers up front, so we limit ourselves to a reasonable
806 	 * default size here, and reallocate (up to the maximum record
807 	 * size allowed for the connection) as necessary.
808 	 */
809 	if ((newsize = tcp_maxrecsz) > RPC_MAXDATASIZE) {
810 		newsize = RPC_MAXDATASIZE;
811 	}
812 	if (!__xdrrec_nonblock_realloc(rstrm, newsize)) {
813 		(void) syslog(LOG_ERR, mem_err_msg_rec);
814 		free(rstrm->out_base);
815 		free(rstrm->in_base);
816 		free(rstrm);
817 		return (FALSE);
818 	}
819 
820 	return (TRUE);
821 }
822 
823 /*
824  * Retrieve input data from the non-blocking connection, increase
825  * the size of the read buffer if necessary, and check that the
826  * record size stays below the allowed maximum for the connection.
827  */
828 bool_t
__xdrrec_getbytes_nonblock(XDR * xdrs,enum xprt_stat * pstat)829 __xdrrec_getbytes_nonblock(XDR *xdrs, enum xprt_stat *pstat)
830 {
831 	/* LINTED pointer cast */
832 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
833 	uint32_t prevbytes_thisrec, minreqrecsize;
834 	uint32_t *header;
835 	int32_t len_received = 0;
836 	uint32_t unprocessed = 0;
837 
838 	/*
839 	 * For connection oriented protocols, there's no guarantee that
840 	 * we will receive the data nicely chopped into records, no
841 	 * matter how it was sent. We use the in_nextrec pointer to
842 	 * indicate where in the buffer the next record starts. If
843 	 * in_nextrec != in_base, there's data in the buffer from
844 	 * previous reads, and if in_nextrecsz > 0, we need to copy
845 	 * the portion of the next record already read to the start of
846 	 * the input buffer
847 	 */
848 	if (rstrm->in_nextrecsz > 0) {
849 		/* Starting on new record with data already in the buffer */
850 		(void) memmove(rstrm->in_base, rstrm->in_nextrec,
851 			rstrm->in_nextrecsz);
852 		rstrm->in_nextrec = rstrm->in_finger = rstrm->in_base;
853 		rstrm->in_boundry = rstrm->in_nextrec + rstrm->in_nextrecsz;
854 		unprocessed = rstrm->in_nextrecsz;
855 		rstrm->in_nextrecsz = 0;
856 	} else if (rstrm->in_nextrec == rstrm->in_base) {
857 		/* Starting on new record with empty buffer */
858 		rstrm->in_boundry = rstrm->in_finger = rstrm->in_base;
859 		rstrm->last_frag = FALSE;
860 		rstrm->in_needpoll = TRUE;
861 	}
862 
863 	prevbytes_thisrec = (uint32_t)(rstrm->in_boundry - rstrm->in_base);
864 
865 	/* Do we need to retrieve data ? */
866 	if (rstrm->in_needpoll) {
867 		int len_requested, len_total_received;
868 
869 		rstrm->in_needpoll = FALSE;
870 		len_total_received =
871 			(int)(rstrm->in_boundry - rstrm->in_base);
872 		len_requested = rstrm->recvsize - len_total_received;
873 		/*
874 		 * if len_requested is 0, this means that the input
875 		 * buffer is full and need to be increased.
876 		 * The minimum record size we will need is whatever's
877 		 * already in the buffer, plus what's yet to be
878 		 * consumed in the current fragment, plus space for at
879 		 * least one more fragment header, if this is not the
880 		 * last fragment. We use the RNDUP() macro to
881 		 * account for possible realignment of the next
882 		 * fragment header.
883 		 */
884 		if (len_requested == 0) {
885 			minreqrecsize = rstrm->recvsize +
886 			    rstrm->fbtbc +
887 			    (rstrm->last_frag ? 0 : sizeof (*header));
888 			minreqrecsize = RNDUP(minreqrecsize);
889 			if (minreqrecsize == rstrm->recvsize) {
890 				/*
891 				 * no more bytes to be consumed and
892 				 * last fragment. We should never end up
893 				 * here. Might as well return failure
894 				 * right away.
895 				 */
896 				*pstat = XPRT_DIED;
897 				return (FALSE);
898 			}
899 			if (minreqrecsize > rstrm->in_maxrecsz)
900 				goto recsz_invalid;
901 			else
902 				goto needpoll;
903 		}
904 		if ((len_received = (*(rstrm->readit))(rstrm->tcp_handle,
905 				rstrm->in_boundry, len_requested)) == -1) {
906 			*pstat = XPRT_DIED;
907 			return (FALSE);
908 		}
909 		rstrm->in_boundry += len_received;
910 		rstrm->in_nextrec = rstrm->in_boundry;
911 	}
912 
913 	/* Account for any left over data from previous processing */
914 	len_received += unprocessed;
915 
916 	/* Set a lower limit on the buffer space we'll need */
917 	minreqrecsize = prevbytes_thisrec + rstrm->fbtbc;
918 
919 	/*
920 	 * Consume bytes for this record until it's either complete,
921 	 * rejected, or we need to poll for more bytes.
922 	 *
923 	 * If fbtbc == 0, in_finger points to the start of the fragment
924 	 * header. Otherwise, it points to the start of the fragment data.
925 	 */
926 	while (len_received > 0) {
927 		if (rstrm->fbtbc == 0) {
928 			uint32_t hdrlen, minfraglen = 0;
929 			uint32_t len_recvd_thisfrag;
930 			bool_t last_frag;
931 
932 			len_recvd_thisfrag = (uint32_t)(rstrm->in_boundry -
933 						rstrm->in_finger);
934 			/* LINTED pointer cast */
935 			header = (uint32_t *)rstrm->in_finger;
936 			hdrlen = (len_recvd_thisfrag < sizeof (*header)) ?
937 				len_recvd_thisfrag : sizeof (*header);
938 			(void) memcpy(&minfraglen, header, hdrlen);
939 			last_frag = (ntohl(minfraglen) & LAST_FRAG) != 0;
940 			minfraglen = ntohl(minfraglen) & (~LAST_FRAG);
941 			/*
942 			 * The minimum record size we will need is whatever's
943 			 * already in the buffer, plus the size of this
944 			 * fragment, plus (if this isn't the last fragment)
945 			 * space for at least one more fragment header. We
946 			 * use the RNDUP() macro to account for possible
947 			 * realignment of the next fragment header.
948 			 */
949 			minreqrecsize += minfraglen +
950 					(last_frag?0:sizeof (*header));
951 			minreqrecsize = RNDUP(minreqrecsize);
952 
953 			if (hdrlen < sizeof (*header)) {
954 				/*
955 				 * We only have a partial fragment header,
956 				 * but we can still put a lower limit on the
957 				 * final fragment size, and check against the
958 				 * maximum allowed.
959 				 */
960 				if (len_recvd_thisfrag > 0 &&
961 					(minreqrecsize > rstrm->in_maxrecsz)) {
962 					goto recsz_invalid;
963 				}
964 				/* Need more bytes to obtain fbtbc value */
965 				goto needpoll;
966 			}
967 			/*
968 			 * We've got a complete fragment header, so
969 			 * 'minfraglen' is the actual fragment length, and
970 			 * 'minreqrecsize' the requested record size.
971 			 */
972 			rstrm->last_frag = last_frag;
973 			rstrm->fbtbc = minfraglen;
974 			/*
975 			 * Check that the sum of the total number of bytes read
976 			 * so far (for the record) and the size of the incoming
977 			 * fragment is less than the maximum allowed.
978 			 *
979 			 * If this is the last fragment, also check that the
980 			 * record (message) meets the minimum length
981 			 * requirement.
982 			 *
983 			 * If this isn't the last fragment, check for a zero
984 			 * fragment length. Accepting such fragments would
985 			 * leave us open to an attack where the sender keeps
986 			 * the connection open indefinitely, without any
987 			 * progress, by occasionally sending a zero length
988 			 * fragment.
989 			 */
990 			if ((minreqrecsize > rstrm->in_maxrecsz) ||
991 			(rstrm->last_frag && minreqrecsize < MIN_FRAG) ||
992 			(!rstrm->last_frag && minfraglen == 0)) {
993 recsz_invalid:
994 				rstrm->fbtbc = 0;
995 				rstrm->last_frag = 1;
996 				*pstat = XPRT_DIED;
997 				return (FALSE);
998 			}
999 			/*
1000 			 * Make this fragment abut the previous one. If it's
1001 			 * the first fragment, just advance in_finger past
1002 			 * the header. This avoids buffer copying for the
1003 			 * usual case where there's one fragment per record.
1004 			 */
1005 			if (rstrm->in_finger == rstrm->in_base) {
1006 				rstrm->in_finger += sizeof (*header);
1007 			} else {
1008 				rstrm->in_boundry -= sizeof (*header);
1009 				(void) memmove(rstrm->in_finger,
1010 					rstrm->in_finger + sizeof (*header),
1011 					rstrm->in_boundry - rstrm->in_finger);
1012 			}
1013 			/* Consume the fragment header */
1014 			if (len_received > sizeof (*header)) {
1015 				len_received -= sizeof (*header);
1016 			} else {
1017 				len_received = 0;
1018 			}
1019 		}
1020 		/*
1021 		 * Consume whatever fragment bytes we have.
1022 		 * If we've received all bytes for this fragment, advance
1023 		 * in_finger to point to the start of the next fragment
1024 		 * header. Otherwise, make fbtbc tell how much is left in
1025 		 * in this fragment and advance finger to point to end of
1026 		 * fragment data.
1027 		 */
1028 		if (len_received >= rstrm->fbtbc) {
1029 			len_received -= rstrm->fbtbc;
1030 			rstrm->in_finger += rstrm->fbtbc;
1031 			rstrm->fbtbc = 0;
1032 		} else {
1033 			rstrm->fbtbc -= len_received;
1034 			rstrm->in_finger += len_received;
1035 			len_received = 0;
1036 		}
1037 		/*
1038 		 * If there's more data in the buffer, there are two
1039 		 * possibilities:
1040 		 *
1041 		 * (1)	This is the last fragment, so the extra data
1042 		 *	presumably belongs to the next record.
1043 		 *
1044 		 * (2)	Not the last fragment, so we'll start over
1045 		 *	from the top of the loop.
1046 		 */
1047 		if (len_received > 0 && rstrm->last_frag) {
1048 			rstrm->in_nextrec = rstrm->in_finger;
1049 			rstrm->in_nextrecsz = (uint32_t)(rstrm->in_boundry -
1050 							rstrm->in_nextrec);
1051 			len_received = 0;
1052 		}
1053 	}
1054 
1055 	/* Was this the last fragment, and have we read the entire record ? */
1056 	if (rstrm->last_frag && rstrm->fbtbc == 0) {
1057 		*pstat = XPRT_MOREREQS;
1058 		/*
1059 		 * We've been using both in_finger and fbtbc for our own
1060 		 * purposes. Now's the time to update them to be what
1061 		 * xdrrec_inline() expects. Set in_finger to point to the
1062 		 * start of data for this record, and fbtbc to the number
1063 		 * of bytes in the record.
1064 		 */
1065 		rstrm->fbtbc = (int)(rstrm->in_finger -
1066 				rstrm->in_base - sizeof (*header));
1067 		rstrm->in_finger = rstrm->in_base + sizeof (*header);
1068 		if (rstrm->in_nextrecsz == 0)
1069 			rstrm->in_nextrec = rstrm->in_base;
1070 		return (TRUE);
1071 	}
1072 needpoll:
1073 	/*
1074 	 * Need more bytes, so we set the needpoll flag, and go back to
1075 	 * the main RPC request loop. However, first we reallocate the
1076 	 * input buffer, if necessary.
1077 	 */
1078 	if (minreqrecsize > rstrm->recvsize) {
1079 		if (!__xdrrec_nonblock_realloc(rstrm, minreqrecsize)) {
1080 			rstrm->fbtbc = 0;
1081 			rstrm->last_frag = 1;
1082 			*pstat = XPRT_DIED;
1083 			return (FALSE);
1084 		}
1085 	}
1086 
1087 	rstrm->in_needpoll = TRUE;
1088 	*pstat = XPRT_MOREREQS;
1089 	return (FALSE);
1090 }
1091 
1092 int
__is_xdrrec_first(XDR * xdrs)1093 __is_xdrrec_first(XDR *xdrs)
1094 {
1095 	/* LINTED pointer cast */
1096 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
1097 	return ((rstrm->firsttime == TRUE) ? 1 : 0);
1098 }
1099 
1100 int
__xdrrec_setfirst(XDR * xdrs)1101 __xdrrec_setfirst(XDR *xdrs)
1102 {
1103 	/* LINTED pointer cast */
1104 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
1105 
1106 	/*
1107 	 * Set rstrm->firsttime only if the input buffer is empty.
1108 	 * Otherwise, the first read from the network could skip
1109 	 * a poll.
1110 	 */
1111 	if (rstrm->in_finger == rstrm->in_boundry)
1112 		rstrm->firsttime = TRUE;
1113 	else
1114 		rstrm->firsttime = FALSE;
1115 	return (1);
1116 }
1117 
1118 int
__xdrrec_resetfirst(XDR * xdrs)1119 __xdrrec_resetfirst(XDR *xdrs)
1120 {
1121 	/* LINTED pointer cast */
1122 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
1123 
1124 	rstrm->firsttime = FALSE;
1125 	return (1);
1126 }
1127 
1128 
1129 static uint_t
fix_buf_size(uint_t s)1130 fix_buf_size(uint_t s)
1131 {
1132 	if (s < 100)
1133 		s = 4000;
1134 	return (RNDUP(s));
1135 }
1136 
1137 
1138 
1139 static bool_t
xdrrec_control(XDR * xdrs,int request,void * info)1140 xdrrec_control(XDR *xdrs, int request, void *info)
1141 {
1142 	/* LINTED pointer cast */
1143 	RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
1144 	xdr_bytesrec *xptr;
1145 
1146 	switch (request) {
1147 
1148 	case XDR_GET_BYTES_AVAIL:
1149 		/* Check if at end of fragment and not last fragment */
1150 		if ((rstrm->fbtbc == 0)	&& (!rstrm->last_frag))
1151 			if (!set_input_fragment(rstrm)) {
1152 				return (FALSE);
1153 			};
1154 
1155 		xptr = (xdr_bytesrec *)info;
1156 		xptr->xc_is_last_record = rstrm->last_frag;
1157 		xptr->xc_num_avail = rstrm->fbtbc;
1158 
1159 		return (TRUE);
1160 	default:
1161 		return (FALSE);
1162 
1163 	}
1164 
1165 }
1166 
1167 static struct xdr_ops *
xdrrec_ops(void)1168 xdrrec_ops(void)
1169 {
1170 	static struct xdr_ops ops;
1171 	extern mutex_t	ops_lock;
1172 
1173 /* VARIABLES PROTECTED BY ops_lock: ops */
1174 
1175 	(void) mutex_lock(&ops_lock);
1176 	if (ops.x_getlong == NULL) {
1177 		ops.x_getlong = xdrrec_getlong;
1178 		ops.x_putlong = xdrrec_putlong;
1179 		ops.x_getbytes = xdrrec_getbytes;
1180 		ops.x_putbytes = xdrrec_putbytes;
1181 		ops.x_getpostn = xdrrec_getpos;
1182 		ops.x_setpostn = xdrrec_setpos;
1183 		ops.x_inline = xdrrec_inline;
1184 		ops.x_destroy = xdrrec_destroy;
1185 		ops.x_control = xdrrec_control;
1186 #if defined(_LP64)
1187 		ops.x_getint32 = xdrrec_getint32;
1188 		ops.x_putint32 = xdrrec_putint32;
1189 #endif
1190 	}
1191 	(void) mutex_unlock(&ops_lock);
1192 	return (&ops);
1193 }
1194