1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2020 Tintri by DDN, Inc. All rights reserved.
25 */
26
27 /*
28 * Server-side NDR stream (PDU) operations. Stream operations should
29 * return TRUE (non-zero) on success or FALSE (zero or a null pointer)
30 * on failure. When an operation returns FALSE, including ndo_malloc()
31 * returning NULL, it should set the nds->error to indicate what went
32 * wrong.
33 *
34 * When available, the relevant ndr reference is passed to the
35 * operation but keep in mind that it may be a null pointer.
36 *
37 * Functions ndo_get_pdu(), ndo_put_pdu(), and ndo_pad_pdu()
38 * must never grow the PDU data. A request for out-of-bounds data is
39 * an error. The swap_bytes flag is 1 if NDR knows that the byte-
40 * order in the PDU is different from the local system.
41 */
42
43 #include <sys/types.h>
44 #include <stdarg.h>
45 #include <ctype.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <strings.h>
49 #include <string.h>
50 #include <assert.h>
51
52 #include <libmlrpc.h>
53
54 #define NDOBUFSZ 128
55
56 #define NDR_PDU_BLOCK_SIZE (4*1024)
57 #define NDR_PDU_BLOCK_MASK (NDR_PDU_BLOCK_SIZE - 1)
58 #define NDR_PDU_ALIGN(N) \
59 (((N) + NDR_PDU_BLOCK_SIZE) & ~NDR_PDU_BLOCK_MASK)
60 #define NDR_PDU_MAX_SIZE (64*1024*1024)
61
62 static char *ndo_malloc(ndr_stream_t *, unsigned, ndr_ref_t *);
63 static int ndo_free(ndr_stream_t *, char *, ndr_ref_t *);
64 static int ndo_grow_pdu(ndr_stream_t *, unsigned long, ndr_ref_t *);
65 static int ndo_pad_pdu(ndr_stream_t *, unsigned long, unsigned long,
66 ndr_ref_t *);
67 static int ndo_get_pdu(ndr_stream_t *, unsigned long, unsigned long,
68 char *, int, ndr_ref_t *);
69 static int ndo_put_pdu(ndr_stream_t *, unsigned long, unsigned long,
70 char *, int, ndr_ref_t *);
71 static void ndo_tattle(ndr_stream_t *, char *, ndr_ref_t *);
72 static void ndo_tattle_error(ndr_stream_t *, ndr_ref_t *);
73 static int ndo_reset(ndr_stream_t *);
74 static void ndo_destruct(ndr_stream_t *);
75 static void ndo_hexfmt(uint8_t *, int, int, char *, int);
76
77 /*
78 * The ndr stream operations table.
79 */
80 static ndr_stream_ops_t nds_ops = {
81 ndo_malloc,
82 ndo_free,
83 ndo_grow_pdu,
84 ndo_pad_pdu,
85 ndo_get_pdu,
86 ndo_put_pdu,
87 ndo_tattle,
88 ndo_tattle_error,
89 ndo_reset,
90 ndo_destruct
91 };
92
93 /*
94 * nds_bswap
95 *
96 * Copies len bytes from src to dst such that dst contains the bytes
97 * from src in reverse order.
98 *
99 * We expect to be dealing with bytes, words, dwords etc. So the
100 * length must be non-zero and a power of 2.
101 */
102 void
nds_bswap(void * srcbuf,void * dstbuf,size_t len)103 nds_bswap(void *srcbuf, void *dstbuf, size_t len)
104 {
105 uint8_t *src = (uint8_t *)srcbuf;
106 uint8_t *dst = (uint8_t *)dstbuf;
107
108 if ((len != 0) && ((len & (len - 1)) == 0)) {
109 src += len;
110
111 while (len--)
112 *dst++ = *(--src);
113 }
114 }
115
116 /*
117 * nds_initialize
118 *
119 * Initialize a stream. Sets up the PDU parameters and assigns the stream
120 * operations and the reference to the heap. An external heap is provided
121 * to the stream, rather than each stream creating its own heap.
122 */
123 int
nds_initialize(ndr_stream_t * nds,unsigned pdu_size_hint,int composite_op,ndr_heap_t * heap)124 nds_initialize(ndr_stream_t *nds, unsigned pdu_size_hint,
125 int composite_op, ndr_heap_t *heap)
126 {
127 unsigned size;
128
129 assert(nds);
130 assert(heap);
131
132 bzero(nds, sizeof (*nds));
133 nds->ndo = &nds_ops;
134 nds->heap = (struct ndr_heap *)heap;
135
136 if (pdu_size_hint > NDR_PDU_MAX_SIZE) {
137 nds->error = NDR_ERR_BOUNDS_CHECK;
138 nds->error_ref = __LINE__;
139 NDS_TATTLE_ERROR(nds, NULL, NULL);
140 return (NDR_DRC_FAULT_RESOURCE_1);
141 }
142
143 size = (pdu_size_hint == 0) ? NDR_PDU_BLOCK_SIZE : pdu_size_hint;
144
145 if ((nds->pdu_base_addr = malloc(size)) == NULL) {
146 nds->error = NDR_ERR_MALLOC_FAILED;
147 nds->error_ref = __LINE__;
148 NDS_TATTLE_ERROR(nds, NULL, NULL);
149 return (NDR_DRC_FAULT_OUT_OF_MEMORY);
150 }
151
152 nds->pdu_max_size = size;
153 nds->pdu_size = 0;
154 nds->pdu_base_offset = (unsigned long)nds->pdu_base_addr;
155
156 nds->m_op = NDR_MODE_TO_M_OP(composite_op);
157 nds->dir = NDR_MODE_TO_DIR(composite_op);
158
159 nds->outer_queue_tailp = &nds->outer_queue_head;
160 return (0);
161 }
162
163 /*
164 * nds_destruct
165 *
166 * Destroy a stream. This is an external interface to provide access to
167 * the stream's destruct operation.
168 */
169 void
nds_destruct(ndr_stream_t * nds)170 nds_destruct(ndr_stream_t *nds)
171 {
172 if ((nds == NULL) || (nds->ndo == NULL))
173 return;
174
175 NDS_DESTRUCT(nds);
176 }
177
178 /*
179 * Print NDR stream state.
180 */
181 void
nds_show_state(ndr_stream_t * nds)182 nds_show_state(ndr_stream_t *nds)
183 {
184 if (nds == NULL) {
185 ndo_printf(NULL, NULL, "nds: <null");
186 return;
187 }
188
189 ndo_printf(NULL, NULL, "nds: base=0x%x, size=%d, max=%d, scan=%d, "
190 "hdr_size=%d, body_size=%d, body_offset=%d",
191 nds->pdu_base_offset, nds->pdu_size, nds->pdu_max_size,
192 nds->pdu_scan_offset, nds->pdu_hdr_size, nds->pdu_body_size,
193 nds->pdu_body_offset);
194 }
195
196 /*
197 * ndo_malloc
198 *
199 * Allocate memory from the stream heap.
200 */
201 /*ARGSUSED*/
202 static char *
ndo_malloc(ndr_stream_t * nds,unsigned len,ndr_ref_t * ref)203 ndo_malloc(ndr_stream_t *nds, unsigned len, ndr_ref_t *ref)
204 {
205 return (ndr_heap_malloc((ndr_heap_t *)nds->heap, len));
206 }
207
208 /*
209 * ndo_free
210 *
211 * Always succeeds: cannot free individual stream allocations.
212 */
213 /*ARGSUSED*/
214 static int
ndo_free(ndr_stream_t * nds,char * p,ndr_ref_t * ref)215 ndo_free(ndr_stream_t *nds, char *p, ndr_ref_t *ref)
216 {
217 return (1);
218 }
219
220 /*
221 * ndo_grow_pdu
222 *
223 * This is the only place that should change the size of the PDU. If the
224 * desired offset is beyond the current PDU size, we realloc the PDU
225 * buffer to accommodate the request. For efficiency, the PDU is always
226 * extended to a NDR_PDU_BLOCK_SIZE boundary. Requests to grow the PDU
227 * beyond NDR_PDU_MAX_SIZE are rejected.
228 *
229 * Returns 1 to indicate success. Otherwise 0 to indicate failure.
230 */
231 static int
ndo_grow_pdu(ndr_stream_t * nds,unsigned long want_end_offset,ndr_ref_t * ref)232 ndo_grow_pdu(ndr_stream_t *nds, unsigned long want_end_offset, ndr_ref_t *ref)
233 {
234 unsigned char *pdu_addr;
235 unsigned pdu_max_size;
236
237 ndo_printf(nds, ref, "grow %d", want_end_offset);
238
239 pdu_max_size = nds->pdu_max_size;
240
241 if (want_end_offset > pdu_max_size) {
242 pdu_max_size = NDR_PDU_ALIGN(want_end_offset);
243
244 if (pdu_max_size >= NDR_PDU_MAX_SIZE)
245 return (0);
246
247 pdu_addr = realloc(nds->pdu_base_addr, pdu_max_size);
248 if (pdu_addr == 0)
249 return (0);
250
251 nds->pdu_max_size = pdu_max_size;
252 nds->pdu_base_addr = pdu_addr;
253 nds->pdu_base_offset = (unsigned long)pdu_addr;
254 }
255
256 nds->pdu_size = want_end_offset;
257 return (1);
258 }
259
260 static int
ndo_pad_pdu(ndr_stream_t * nds,unsigned long pdu_offset,unsigned long n_bytes,ndr_ref_t * ref)261 ndo_pad_pdu(ndr_stream_t *nds, unsigned long pdu_offset,
262 unsigned long n_bytes, ndr_ref_t *ref)
263 {
264 unsigned char *data;
265
266 data = (unsigned char *)nds->pdu_base_offset;
267 data += pdu_offset;
268
269 ndo_printf(nds, ref, "pad %d@%-3d", n_bytes, pdu_offset);
270
271 bzero(data, n_bytes);
272 return (1);
273 }
274
275 /*
276 * ndo_get_pdu
277 *
278 * The swap flag is 1 if NDR knows that the byte-order in the PDU
279 * is different from the local system.
280 *
281 * Returns 1 on success or 0 to indicate failure.
282 */
283 static int
ndo_get_pdu(ndr_stream_t * nds,unsigned long pdu_offset,unsigned long n_bytes,char * buf,int swap_bytes,ndr_ref_t * ref)284 ndo_get_pdu(ndr_stream_t *nds, unsigned long pdu_offset,
285 unsigned long n_bytes, char *buf, int swap_bytes, ndr_ref_t *ref)
286 {
287 unsigned char *data;
288 char hexbuf[NDOBUFSZ];
289
290 data = (unsigned char *)nds->pdu_base_offset;
291 data += pdu_offset;
292
293 ndo_hexfmt(data, n_bytes, swap_bytes, hexbuf, NDOBUFSZ);
294
295 ndo_printf(nds, ref, "get %d@%-3d = %s",
296 n_bytes, pdu_offset, hexbuf);
297
298 if (!swap_bytes)
299 bcopy(data, buf, n_bytes);
300 else
301 nds_bswap(data, (unsigned char *)buf, n_bytes);
302
303 return (1);
304 }
305
306 /*
307 * ndo_put_pdu
308 *
309 * This is a receiver makes right protocol. So we do not need
310 * to be concerned about the byte-order of an outgoing PDU.
311 */
312 /*ARGSUSED*/
313 static int
ndo_put_pdu(ndr_stream_t * nds,unsigned long pdu_offset,unsigned long n_bytes,char * buf,int swap_bytes,ndr_ref_t * ref)314 ndo_put_pdu(ndr_stream_t *nds, unsigned long pdu_offset,
315 unsigned long n_bytes, char *buf, int swap_bytes, ndr_ref_t *ref)
316 {
317 unsigned char *data;
318 char hexbuf[NDOBUFSZ];
319
320 data = (unsigned char *)nds->pdu_base_offset;
321 data += pdu_offset;
322
323 ndo_hexfmt((uint8_t *)buf, n_bytes, 0, hexbuf, NDOBUFSZ);
324
325 ndo_printf(nds, ref, "put %d@%-3d = %s",
326 n_bytes, pdu_offset, hexbuf);
327
328 bcopy(buf, data, n_bytes);
329 return (1);
330 }
331
332 static void
ndo_tattle(ndr_stream_t * nds,char * what,ndr_ref_t * ref)333 ndo_tattle(ndr_stream_t *nds, char *what, ndr_ref_t *ref)
334 {
335 ndo_printf(nds, ref, what);
336 }
337
338 static void
ndo_tattle_error(ndr_stream_t * nds,ndr_ref_t * ref)339 ndo_tattle_error(ndr_stream_t *nds, ndr_ref_t *ref)
340 {
341 unsigned char *data;
342 char hexbuf[NDOBUFSZ];
343
344 if (nds->pdu_base_addr != NULL) {
345 data = (unsigned char *)nds->pdu_base_offset;
346 if (ref)
347 data += ref->pdu_offset;
348 else
349 data += nds->pdu_scan_offset;
350
351 ndo_hexfmt(data, 16, 0, hexbuf, NDOBUFSZ);
352 } else {
353 bzero(hexbuf, NDOBUFSZ);
354 }
355
356 ndo_printf(nds, ref, "ERROR=%d REF=%d OFFSET=%d SIZE=%d/%d",
357 nds->error, nds->error_ref, nds->pdu_scan_offset,
358 nds->pdu_size, nds->pdu_max_size);
359 ndo_printf(nds, ref, " %s", hexbuf);
360 }
361
362 /*
363 * ndo_reset
364 *
365 * Reset a stream: zap the outer_queue. We don't need to tamper
366 * with the stream heap: it's handled externally to the stream.
367 */
368 static int
ndo_reset(ndr_stream_t * nds)369 ndo_reset(ndr_stream_t *nds)
370 {
371 ndo_printf(nds, 0, "reset");
372
373 nds->pdu_size = 0;
374 nds->pdu_scan_offset = 0;
375 nds->outer_queue_head = 0;
376 nds->outer_current = 0;
377 nds->outer_queue_tailp = &nds->outer_queue_head;
378
379 return (1);
380 }
381
382 /*
383 * ndo_destruct
384 *
385 * Destruct a stream: zap the outer_queue.
386 * Note: heap management (creation/destruction) is external to the stream.
387 */
388 static void
ndo_destruct(ndr_stream_t * nds)389 ndo_destruct(ndr_stream_t *nds)
390 {
391
392 ndo_printf(nds, 0, "destruct");
393
394 if (nds == NULL)
395 return;
396
397 if (nds->pdu_base_addr != NULL) {
398 free(nds->pdu_base_addr);
399 nds->pdu_base_addr = NULL;
400 nds->pdu_base_offset = 0;
401 }
402
403 nds->outer_queue_head = 0;
404 nds->outer_current = 0;
405 nds->outer_queue_tailp = &nds->outer_queue_head;
406 }
407
408 /*
409 * Printf style formatting for NDR operations.
410 */
411 void
ndo_printf(ndr_stream_t * nds,ndr_ref_t * ref,const char * fmt,...)412 ndo_printf(ndr_stream_t *nds, ndr_ref_t *ref, const char *fmt, ...)
413 {
414 va_list ap;
415 char buf[NDOBUFSZ];
416
417 va_start(ap, fmt);
418 (void) vsnprintf(buf, NDOBUFSZ, fmt, ap);
419 va_end(ap);
420
421 if (nds)
422 ndo_fmt(nds, ref, buf);
423 else
424 ndo_trace(buf);
425 }
426
427 /*
428 * Main output formatter for NDR operations.
429 *
430 * UI 03 ... rpc_vers get 1@0 = 5 {05}
431 * UI 03 ... rpc_vers_minor get 1@1 = 0 {00}
432 *
433 * U Marshalling flag (M=marshal, U=unmarshal)
434 * I Direction flag (I=in, O=out)
435 * ... Field name
436 * get PDU operation (get or put)
437 * 1@0 Bytes @ offset (i.e. 1 byte at offset 0)
438 * {05} Value
439 */
440 void
ndo_fmt(ndr_stream_t * nds,ndr_ref_t * ref,char * note)441 ndo_fmt(ndr_stream_t *nds, ndr_ref_t *ref, char *note)
442 {
443 ndr_ref_t *p;
444 int indent;
445 char ref_name[NDOBUFSZ];
446 char buf[NDOBUFSZ];
447 int m_op_c = '?', dir_c = '?';
448
449 switch (nds->m_op) {
450 case 0: m_op_c = '-'; break;
451 case NDR_M_OP_MARSHALL: m_op_c = 'M'; break;
452 case NDR_M_OP_UNMARSHALL: m_op_c = 'U'; break;
453 default: m_op_c = '?'; break;
454 }
455
456 switch (nds->dir) {
457 case 0: dir_c = '-'; break;
458 case NDR_DIR_IN: dir_c = 'I'; break;
459 case NDR_DIR_OUT: dir_c = 'O'; break;
460 default: dir_c = '?'; break;
461 }
462
463 for (indent = 0, p = ref; p; p = p->enclosing)
464 indent++;
465
466 if (ref && ref->name) {
467 if (*ref->name == '[' && ref->enclosing) {
468 indent--;
469 (void) snprintf(ref_name, NDOBUFSZ, "%s%s",
470 ref->enclosing->name, ref->name);
471 } else {
472 (void) strlcpy(ref_name, ref->name, NDOBUFSZ);
473 }
474 } else {
475 (void) strlcpy(ref_name, "----", NDOBUFSZ);
476 }
477
478 (void) snprintf(buf, NDOBUFSZ, "%c%c %-.*s %-*s %s",
479 m_op_c, dir_c, indent,
480 "....+....+....+....+....+....",
481 20 - indent, ref_name, note);
482
483 ndo_trace(buf);
484 }
485
486 /*ARGSUSED*/
487 void
ndo_trace(const char * s)488 ndo_trace(const char *s)
489 {
490 /*
491 * Temporary fbt for dtrace until user space sdt enabled.
492 */
493 }
494
495 /*
496 * Format data as hex bytes (limit is 10 bytes):
497 *
498 * 1188689424 {10 f6 d9 46}
499 *
500 * If the input data is greater than 10 bytes, an ellipsis will
501 * be inserted before the closing brace.
502 */
503 static void
ndo_hexfmt(uint8_t * data,int size,int swap_bytes,char * buf,int len)504 ndo_hexfmt(uint8_t *data, int size, int swap_bytes, char *buf, int len)
505 {
506 char *p = buf;
507 int interp = 1;
508 uint32_t c;
509 int n;
510 int i;
511
512 n = (size > 10) ? 10 : size;
513 if (n > len-1)
514 n = len-1;
515
516 switch (size) {
517 case 1:
518 c = *(uint8_t *)data;
519 break;
520 case 2:
521 if (swap_bytes == 0) /*LINTED E_BAD_PTR_CAST_ALIGN*/
522 c = *(uint16_t *)data;
523 else
524 c = (data[0] << 8) | data[1];
525 break;
526 case 4:
527 if (swap_bytes == 0) { /*LINTED E_BAD_PTR_CAST_ALIGN*/
528 c = *(uint32_t *)data;
529 } else {
530 c = (data[0] << 24) | (data[1] << 16)
531 | (data[2] << 8) | data[3];
532 }
533 break;
534 default:
535 c = 0;
536 interp = 0;
537 break;
538 }
539
540 if (interp)
541 p += sprintf(p, "%4u {", c);
542 else
543 p += sprintf(p, " {");
544
545 p += sprintf(p, "%02x", data[0]);
546 for (i = 1; i < n; i++)
547 p += sprintf(p, " %02x", data[i]);
548 if (size > 10)
549 p += sprintf(p, " ...}");
550 else
551 p += sprintf(p, "}");
552
553 /*
554 * Show c if it's a printable character or wide-char.
555 */
556 if (size < 4 && isprint((uint8_t)c))
557 (void) sprintf(p, " %c", (uint8_t)c);
558 }
559