+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ Remove the rpcsec_gss code and rely on an external library instead.
+
2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
*utils/mountd/mountd.c:
mountd currently always returns AUTH_NULL and AUTH_SYS as the
AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
fi
+ dnl This is not done until here because we need to have KRBLIB set
+ dnl "librpcsecgss=1" is so that it doesn't get added to LIBS
+ AC_CHECK_LIB(rpcsecgss, authgss_create_default, [librpcsecgss=1], [AC_MSG_ERROR(librpcsecgss needed for nfsv4 support)], $KRBLIB)
+ AC_CHECK_LIB(rpcsecgss, authgss_set_debug_level,
+ AC_DEFINE(HAVE_AUTHGSS_SET_DEBUG_LEVEL, 1, [Define this if the rpcsec_gss library has the function authgss_set_debug_level]),, $KRBLIB)
+
AC_SUBST([KRBDIR])
AC_SUBST([KRBLIB])
AC_SUBST([KRBINC])
* gss_krb5_cache_name */
#undef HAVE_GSS_KRB5_CCACHE_NAME
+/* Define this if the rpcsec_gss library has the function
+ * authgss_set_debug_level */
+#undef HAVE_AUTHGSS_SET_DEBUG_LEVEL
+
/* Define this if we want to use the private Kerberos
* gssapi library function, gss_krb5_cache_name, to
* specify the credentials cache file to be used by
+++ /dev/null
-/* $OpenBSD: DISCLAIMER,v 1.2 1996/07/20 06:12:14 deraadt Exp $ */
-
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
+++ /dev/null
-#
-# librpc.a
-# rpc library with rpcsec_gss
-#
-TOP = ../../
-LIBNAME = librpc.a
-SRCS = auth_gss.c authgss_prot.c svc.c svc_run.c svc_auth.c \
- svc_auth_none.c svc_auth_unix.c svc_auth_gss.c \
- svc_raw.c svc_simple.c svc_tcp.c svc_udp.c \
- rpc_commondata.c
-OBJS = $(SRCS:.c=.o)
-
-include $(TOP)rules.mk
-
-CFLAGS += -I$(TOP)support/rpc/include -DDEBUG
-
-install::
- @:
+++ /dev/null
-RPCSRC 4.0 7/11/89
-
-This distribution contains Sun Microsystem's implementation of the
-RPC and XDR protocols and is compatible with 4.2BSD and 4.3BSD. Also
-included is complete documentation, utilities, RPC service
-specification files, and demonstration services in the format used by
-the RPC protocol compiler (rpcgen). See WHAT'S NEW below for
-details.
-
-NOTE ABOUT SECURE RPC:
-
-This release of RPCSRC contains most of the code needed to implement
-Secure RPC (see "DES Authentication" in the RPC Protocol Specification,
-doc/rpc.rfc.ms). Due to legal considerations, we are unable to
-distribute an implementation of DES, the Data Encryption Standard, which
-Secure RPC requires. For this reason, all of the files, documentation, and
-programs associated with Secure RPC have been placed into a separate
-directory, secure_rpc. The RPC library contained in the main body of this
-release *DOES NOT* support Secure RPC. See secure_rpc/README for more
-details. (A DES library was posted in Volume 18 of comp.sources.unix.)
-
-If you wish to report bugs found in this release, send mail to:
-
-Portable ONC/NFS
-Sun Microsystems, Inc
-MS 12-33
-2550 Garcia Avenue
-Mountain View, CA 94043
-
-or send Email to nfsnet@sun.com (the Internet) or sun!nfsnet (Usenet).
-
-ROADMAP
-
-The directory hierarchy is as follows:
-
- demo/ Various demonstration services
- demo/dir Remote directory lister
- demo/msg Remote console message delivery service
- demo/sort Remote sort service
-
- doc/ Documentation for RPC, XDR and NFS in "-ms" format.
-
- etc/ Utilities (rpcinfo and portmap). portmap must be
- started by root before any other RPC network services are
- used. SEE BELOW FOR BUGFIX TO 4.3BSD COMPILER.
-
- man/ Manual pages for RPC library, rpcgen, and utilities.
-
- rpc/ The RPC and XDR library. SEE BELOW
- FOR BUGFIX TO 4.2BSD COMPILER.
-
- rpcgen/ The RPC Language compiler (for .x files)
-
- rpcsvc/ Service definition files for various services and the
- server and client code for the Remote Status service.
-
- secure_rpc/ The files in this directory are used to build a version of
- the RPC library with DES Authentication. See the README
- file in that directory for more details.
-
-BUILD INSTRUCTIONS
-
-Makefiles can be found in all directories except for man. The
-Makefile in the top directory will cause these others to be invoked
-(except for in the doc, man and demo directories), in turn building the
-entire release.
-
-WARNING! THE DEFAULT INSTALLATION PROCEDURES WILL INSTALL FILES
-IN /usr/include, /usr/lib, /usr/bin and /etc.
-
-The master RPC include file, rpc/rpc.h, is used by all programs and
-routines that use RPC. It includes other RPC and system include files
-needed by the RPC system. PLEASE NOTE: If your system has NFS, it
-may have been based on Sun's NFS Source. The include files installed
-by this package may duplicate include files you will find on your NFS
-system. The RPCSRC 4.0 include files are upwardly compatible to all
-NFS Source include files as of the date of this distribution (not
-including any new definitions or declarations added by your system
-vendor). HOWEVER: Please read the comments towards the end of
-rpc/rpc.h regarding rpc/netdb.h. You may need to uncomment the
-inclusion of that file if the structures it defines are already
-defined by your system's include files.
-
-After making any compiler fixes that are needed (see below), at
-the top directory, type:
-
- make install
-
-For all installations, the Makefile macro DESTDIR is prepended to the
-installation path. It is defined to be null in the Makefiles, so
-installations are relative to root. (You will probably need root
-privileges for installing the files under the default path.) To
-install the files under some other tree (e.g., /usr/local), use the
-command:
-
- make install DESTDIR=/usr/local
-
-This will place the include files in /usr/local/usr/include, the RPC
-library in /usr/local/usr/lib, rpcgen in /usr/local/usr/bin, and the
-utilities in /usr/local/etc. You'll have to edit the Makefiles or
-install the files by hand if you want to do anything other than this
-kind of relocation of the installation tree.
-
-The RPC library will be built and installed first. By default it is
-installed in /usr/lib as "librpclib.a". The directory
-/usr/include/rpc will also be created, and several header files will
-be installed there. ALL RPC SERVICES INCLUDE THESE HEADER FILES.
-
-The programs in etc/ link in routines from librpclib.a. If you change
-where it is installed, be sure to edit etc/'s Makefile to reflect this.
-These programs are installed in /etc. PORTMAP MUST BE RUNNING ON
-YOUR SYSTEM BEFORE YOU START ANY OTHER RPC SERVICE.
-
-rpcgen is installed in /usr/bin. This program is required to build
-the demonstration services in demo and the rstat client and server in
-rpcsvc/.
-
-The rpcsvc/ directory will install its files in the directory
-/usr/include/rpcsvc. The Remote Status service (rstat_svc) will be
-compiled and installed in /etc. If you wish to make this service
-available, you should either start this service when needed or have
-it started at boot time by invoking it in your /etc/rc.local script.
-(Be sure that portmap is started first!) Sun has modified its
-version of inetd to automatically start RPC services. (Use "make
-LIB=" when building rstat on a Sun Workstation.) The Remote Status
-client (rstat) will be installed in /usr/bin. This program queries
-the rstat_svc on a remote host and prints a system status summary
-similar to the one printed by "uptime".
-
-The documentation is not built during the "make install" command.
-Typing "make" in the doc directory will cause all of the manuals to
-be formatted using nroff into a single file. We have had a report
-that certain "troff" equivalents have trouble processing the full
-manual. If you have trouble, try building the manuals individually
-(see the Makefile).
-
-The demonstration services in the demo directory are not built by the
-top-level "make install" command. To build these, cd to the demo
-directory and enter "make". The three services will be built.
-RPCGEN MUST BE INSTALLED in a path that make can find. To run the
-services, start the portmap program as root and invoke the service
-(you probably will want to put it in the background). rpcinfo can be
-used to check that the service succeeded in getting registered with
-portmap, and to ping the service (see rpcinfo's man page). You can
-then use the corresponding client program to exercise the service.
-To build these services on a Sun workstation, you must prevent the
-Makefile from trying to link the RPC library (as these routines are
-already a part of Sun's libc). Use: "make LIB=".
-
-BUGFIX FOR 4.3BSD COMPILER
-
-The use of a 'void *' declaration for one of the arguments in
-the reply_proc() procedure in etc/rpcinfo.c will trigger a bug
-in the 4.3BSD compiler. The bug is fixed by the following change to
-the compiler file mip/manifest.h:
-
-*** manifest.h.r1.1 Thu Apr 30 13:52:25 1987
---- manifest.h.r1.2 Mon Nov 23 18:58:17 1987
-***************
-*** 21,27 ****
- /*
- * Bogus type values
- */
-! #define TNULL PTR /* pointer to UNDEF */
- #define TVOID FTN /* function returning UNDEF (for void) */
-
- /*
---- 21,27 ----
- /*
- * Bogus type values
- */
-! #define TNULL INCREF(MOETY) /* pointer to MOETY -- impossible type */
- #define TVOID FTN /* function returning UNDEF (for void) */
-
- /*
-
-If you cannot fix your compiler, change the declaration in reply_proc()
-from 'void *' to 'char *'.
-
-BUGFIX FOR 4.2BSD COMPILER
-
-Unpatched 4.2BSD compilers complain about valid C. You can make old
-compilers happy by changing some voids to ints. However, the fix to
-the 4.2 VAX compiler is as follows (to mip/trees.c):
-
-*** trees.c.r1.1 Mon May 11 13:47:58 1987
---- trees.c.r1.2 Wed Jul 2 18:28:52 1986
-***************
-*** 1247,1253 ****
- if(o==CAST && mt1==0)return(TYPL+TYMATCH);
- if( mt12 & MDBI ) return( TYPL+LVAL+TYMATCH );
- else if( (mt1&MENU)||(mt2&MENU) ) return( LVAL+NCVT+TYPL+PTMATCH+PUN );
-! else if( mt12 == 0 ) break;
- else if( mt1 & MPTR ) return( LVAL+PTMATCH+PUN );
- else if( mt12 & MPTI ) return( TYPL+LVAL+TYMATCH+PUN );
- break;
---- 1261,1269 ----
- if(o==CAST && mt1==0)return(TYPL+TYMATCH);
- if( mt12 & MDBI ) return( TYPL+LVAL+TYMATCH );
- else if( (mt1&MENU)||(mt2&MENU) ) return( LVAL+NCVT+TYPL+PTMATCH+PUN );
-! /* if right is TVOID and looks like a CALL, is not ok */
-! else if (mt2 == 0 && (p->in.right->in.op == CALL || p->in.right->in.op == UNARY CALL))
-! break;
- else if( mt1 & MPTR ) return( LVAL+PTMATCH+PUN );
- else if( mt12 & MPTI ) return( TYPL+LVAL+TYMATCH+PUN );
- break;
-
-WHAT'S NEW IN THIS RELEASE: RPCSRC 4.0
-
-The previous release was RPCSRC 3.9. As with all previous releases,
-this release is based directly on files from Sun Microsystem's
-implementation.
-
-Upgrade from RPCSRC 3.9
-
-1) RPCSRC 4.0 upgrades RPCSRC 3.9. Improvements from SunOS 4.0 have
- been integrated into this release.
-
-Secure RPC (in the secure_rpc/ directory)
-
-2) DES Authentication routines and programs are provided.
-3) A new manual, "Secure NFS" is provided, which describes Secure RPC
- and Secure NFS.
-4) Skeleton routines and manual pages are provided which describe the
- DES encryption procedures required by Secure RPC. HOWEVER, NO DES
- ROUTINE IS PROVIDED.
-
-New Functionality
-
-5) rpcinfo can now be used to de-register services from the portmapper
- which may have terminated abnormally.
-6) A new client, rstat, is provided which queries the rstat_svc and
- prints a status line similar to the one displayed by "uptime".
+++ /dev/null
-/*
- auth_gss.c
-
- RPCSEC_GSS client routines.
-
- Copyright (c) 2000 The Regents of the University of Michigan.
- All rights reserved.
-
- Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
- All rights reserved, all wrongs reversed.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- 3. Neither the name of the University nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-#include <rpc/types.h>
-#include <rpc/xdr.h>
-#include <rpc/auth.h>
-#include <rpc/auth_gss.h>
-#include <rpc/clnt.h>
-#include <netinet/in.h>
-#include <gssapi/gssapi.h>
-
-static void authgss_nextverf();
-static bool_t authgss_marshal();
-static bool_t authgss_refresh();
-static bool_t authgss_validate();
-static void authgss_destroy();
-static void authgss_destroy_context();
-static bool_t authgss_wrap();
-static bool_t authgss_unwrap();
-
-
-/*
- * from mit-krb5-1.2.1 mechglue/mglueP.h:
- * Array of context IDs typed by mechanism OID
- */
-typedef struct gss_union_ctx_id_t {
- gss_OID mech_type;
- gss_ctx_id_t internal_ctx_id;
-} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
-
-static struct auth_ops authgss_ops = {
- authgss_nextverf,
- authgss_marshal,
- authgss_validate,
- authgss_refresh,
- authgss_destroy,
- authgss_wrap,
- authgss_unwrap
-};
-
-#ifdef DEBUG
-
-/* useful as i add more mechanisms */
-void
-print_rpc_gss_sec(struct rpc_gss_sec *ptr)
-{
-int i;
-char *p;
-
- log_debug("rpc_gss_sec:");
- if(ptr->mech == NULL)
- log_debug("NULL gss_OID mech");
- else {
- fprintf(stderr, " mechanism_OID: {");
- p = (char *)ptr->mech->elements;
- for (i=0; i < ptr->mech->length; i++)
- /* First byte of OIDs encoded to save a byte */
- if (i == 0) {
- int first, second;
- if (*p < 40) {
- first = 0;
- second = *p;
- }
- else if (40 <= *p && *p < 80) {
- first = 1;
- second = *p - 40;
- }
- else if (80 <= *p && *p < 127) {
- first = 2;
- second = *p - 80;
- }
- else {
- /* Invalid value! */
- first = -1;
- second = -1;
- }
- fprintf(stderr, " %u %u", first, second);
- p++;
- }
- else {
- fprintf(stderr, " %u", (unsigned char)*p++);
- }
- fprintf(stderr, " }\n");
- }
- fprintf(stderr, " qop: %d\n", ptr->qop);
- fprintf(stderr, " service: %d\n", ptr->svc);
- fprintf(stderr, " cred: %p\n", ptr->cred);
-}
-#endif /*DEBUG*/
-
-struct rpc_gss_data {
- bool_t established; /* context established */
- gss_buffer_desc gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier
- * to process at end of context negotiation*/
- CLIENT *clnt; /* client handle */
- gss_name_t name; /* service name */
- struct rpc_gss_sec sec; /* security tuple */
- gss_ctx_id_t ctx; /* context id */
- struct rpc_gss_cred gc; /* client credentials */
- u_int win; /* sequence window */
-};
-
-#define AUTH_PRIVATE(auth) ((struct rpc_gss_data *)auth->ah_private)
-
-static struct timeval AUTH_TIMEOUT = { 25, 0 };
-
-AUTH *
-authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
-{
- AUTH *auth, *save_auth;
- struct rpc_gss_data *gd;
- OM_uint32 min_stat = 0;
-
- log_debug("in authgss_create()");
-
- memset(&rpc_createerr, 0, sizeof(rpc_createerr));
-
- if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
- rpc_createerr.cf_stat = RPC_SYSTEMERROR;
- rpc_createerr.cf_error.re_errno = ENOMEM;
- return (NULL);
- }
- if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
- rpc_createerr.cf_stat = RPC_SYSTEMERROR;
- rpc_createerr.cf_error.re_errno = ENOMEM;
- free(auth);
- return (NULL);
- }
-#ifdef DEBUG
- fprintf(stderr, "authgss_create: name is %p\n", name);
-#endif
- if (name != GSS_C_NO_NAME) {
- if (gss_duplicate_name(&min_stat, name, &gd->name)
- != GSS_S_COMPLETE) {
- rpc_createerr.cf_stat = RPC_SYSTEMERROR;
- rpc_createerr.cf_error.re_errno = ENOMEM;
- free(auth);
- return (NULL);
- }
- }
- else
- gd->name = name;
-
-#ifdef DEBUG
- fprintf(stderr, "authgss_create: gd->name is %p\n", gd->name);
-#endif
- gd->clnt = clnt;
- gd->ctx = GSS_C_NO_CONTEXT;
- gd->sec = *sec;
-
- gd->gc.gc_v = RPCSEC_GSS_VERSION;
- gd->gc.gc_proc = RPCSEC_GSS_INIT;
- gd->gc.gc_svc = gd->sec.svc;
-
- auth->ah_ops = &authgss_ops;
- auth->ah_private = (caddr_t)gd;
-
- save_auth = clnt->cl_auth;
- clnt->cl_auth = auth;
-
- if (!authgss_refresh(auth))
- auth = NULL;
-
- clnt->cl_auth = save_auth;
-
- return (auth);
-}
-
-AUTH *
-authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
-{
- AUTH *auth;
- OM_uint32 maj_stat = 0, min_stat = 0;
- gss_buffer_desc sname;
- gss_name_t name = GSS_C_NO_NAME;
-
- log_debug("in authgss_create_default()");
-
-
- sname.value = service;
- sname.length = strlen(service);
-
- maj_stat = gss_import_name(&min_stat, &sname,
- GSS_C_NT_HOSTBASED_SERVICE,
- &name);
-
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_import_name", maj_stat, min_stat);
- rpc_createerr.cf_stat = RPC_AUTHERROR;
- return (NULL);
- }
-
- auth = authgss_create(clnt, name, sec);
-
- if (name != GSS_C_NO_NAME) {
-#ifdef DEBUG
- fprintf(stderr, "authgss_create_default: freeing name %p\n", name);
-#endif
- gss_release_name(&min_stat, &name);
- }
-
- return (auth);
-}
-
-bool_t
-authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd)
-{
- struct rpc_gss_data *gd;
-
- log_debug("in authgss_get_private_data()");
-
- if (!auth || !pd)
- return (FALSE);
-
- gd = AUTH_PRIVATE(auth);
-
- if (!gd || !gd->established)
- return (FALSE);
-
- pd->pd_ctx = gd->ctx;
- pd->pd_ctx_hndl = gd->gc.gc_ctx;
- pd->pd_seq_win = gd->win;
-
- return (TRUE);
-}
-
-static void
-authgss_nextverf(AUTH *auth)
-{
- log_debug("in authgss_nextverf()");
- /* no action necessary */
-}
-
-static bool_t
-authgss_marshal(AUTH *auth, XDR *xdrs)
-{
- XDR tmpxdrs;
- char tmp[MAX_AUTH_BYTES];
- struct rpc_gss_data *gd;
- gss_buffer_desc rpcbuf, checksum;
- OM_uint32 maj_stat, min_stat;
- bool_t xdr_stat;
-
- log_debug("in authgss_marshal()");
-
- gd = AUTH_PRIVATE(auth);
-
- if (gd->established)
- gd->gc.gc_seq++;
-
- xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE);
-
- if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gc)) {
- XDR_DESTROY(&tmpxdrs);
- return (FALSE);
- }
- auth->ah_cred.oa_flavor = RPCSEC_GSS;
- auth->ah_cred.oa_base = tmp;
- auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs);
-
- XDR_DESTROY(&tmpxdrs);
-
- if (!xdr_opaque_auth(xdrs, &auth->ah_cred))
- return (FALSE);
-
- if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
- gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
- return (xdr_opaque_auth(xdrs, &_null_auth));
- }
- /* Checksum serialized RPC header, up to and including credential. */
- rpcbuf.length = XDR_GETPOS(xdrs);
- XDR_SETPOS(xdrs, 0);
- rpcbuf.value = XDR_INLINE(xdrs, rpcbuf.length);
-
- maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
- &rpcbuf, &checksum);
-
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_get_mic", maj_stat, min_stat);
- if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
- gd->established = FALSE;
- authgss_destroy_context(auth);
- }
- return (FALSE);
- }
- auth->ah_verf.oa_flavor = RPCSEC_GSS;
- auth->ah_verf.oa_base = checksum.value;
- auth->ah_verf.oa_length = checksum.length;
-
- xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf);
- gss_release_buffer(&min_stat, &checksum);
-
- return (xdr_stat);
-}
-
-static bool_t
-authgss_validate(AUTH *auth, struct opaque_auth *verf)
-{
- struct rpc_gss_data *gd;
- u_int num, qop_state;
- gss_buffer_desc signbuf, checksum;
- OM_uint32 maj_stat, min_stat;
-
- log_debug("in authgss_validate()");
-
- gd = AUTH_PRIVATE(auth);
-
- if (gd->established == FALSE) {
- /* would like to do this only on NULL rpc --
- * gc->established is good enough.
- * save the on the wire verifier to validate last
- * INIT phase packet after decode if the major
- * status is GSS_S_COMPLETE
- */
- if ((gd->gc_wire_verf.value =
- mem_alloc(verf->oa_length)) == NULL) {
- fprintf(stderr, "gss_validate: out of memory\n");
- return (FALSE);
- }
- memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
- gd->gc_wire_verf.length = verf->oa_length;
- return (TRUE);
- }
-
- if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
- gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
- num = htonl(gd->win);
- }
- else num = htonl(gd->gc.gc_seq);
-
- signbuf.value = #
- signbuf.length = sizeof(num);
-
- checksum.value = verf->oa_base;
- checksum.length = verf->oa_length;
-
- maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
- &checksum, &qop_state);
- if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
- log_status("gss_verify_mic", maj_stat, min_stat);
- if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
- gd->established = FALSE;
- authgss_destroy_context(auth);
- }
- return (FALSE);
- }
- return (TRUE);
-}
-
-static bool_t
-authgss_refresh(AUTH *auth)
-{
- struct rpc_gss_data *gd;
- struct rpc_gss_init_res gr;
- gss_buffer_desc *recv_tokenp, send_token;
- OM_uint32 maj_stat, min_stat, call_stat, ret_flags;
- OM_uint32 req_flags=0;
-
- log_debug("in authgss_refresh()");
-
- gd = AUTH_PRIVATE(auth);
-
- if (gd->established)
- return (TRUE);
-
- /* GSS context establishment loop. */
- memset(&gr, 0, sizeof(gr));
- recv_tokenp = GSS_C_NO_BUFFER;
-
-#ifdef DEBUG
- print_rpc_gss_sec(&gd->sec);
-#endif /*DEBUG*/
-
- for (;;) {
-#ifdef DEBUG
- /* print the token we just received */
- if (recv_tokenp != GSS_C_NO_BUFFER) {
- log_debug("The token we just received (length %d):",
- recv_tokenp->length);
- log_hexdump(recv_tokenp->value, recv_tokenp->length, 0);
- }
-#endif
- maj_stat = gss_init_sec_context(&min_stat,
- gd->sec.cred,
- &gd->ctx,
- gd->name,
- gd->sec.mech,
- gd->sec.req_flags,
- 0, /* time req */
- NULL, /* channel */
- recv_tokenp,
- NULL, /* used mech */
- &send_token,
- &ret_flags,
- NULL); /* time rec */
-
- if (recv_tokenp != GSS_C_NO_BUFFER) {
- gss_release_buffer(&min_stat, &gr.gr_token);
- recv_tokenp = GSS_C_NO_BUFFER;
- }
- if (maj_stat != GSS_S_COMPLETE &&
- maj_stat != GSS_S_CONTINUE_NEEDED) {
- log_status("gss_init_sec_context", maj_stat, min_stat);
- break;
- }
- if (send_token.length != 0) {
- memset(&gr, 0, sizeof(gr));
-
-#ifdef DEBUG
- /* print the token we are about to send */
- log_debug("The token being sent (length %d):",
- send_token.length);
- log_hexdump(send_token.value, send_token.length, 0);
-#endif
-
- call_stat = clnt_call(gd->clnt, NULLPROC,
- xdr_rpc_gss_init_args,
- &send_token,
- xdr_rpc_gss_init_res,
- (caddr_t)&gr, AUTH_TIMEOUT);
-
- gss_release_buffer(&min_stat, &send_token);
-
- if (call_stat != RPC_SUCCESS ||
- (gr.gr_major != GSS_S_COMPLETE &&
- gr.gr_major != GSS_S_CONTINUE_NEEDED))
- return FALSE;
-
- if (gr.gr_ctx.length != 0) {
- if (gd->gc.gc_ctx.value)
- gss_release_buffer(&min_stat,
- &gd->gc.gc_ctx);
- gd->gc.gc_ctx = gr.gr_ctx;
- }
- if (gr.gr_token.length != 0) {
- if (maj_stat != GSS_S_CONTINUE_NEEDED)
- break;
- recv_tokenp = &gr.gr_token;
- }
- gd->gc.gc_proc = RPCSEC_GSS_CONTINUE_INIT;
- }
-
- /* GSS_S_COMPLETE => check gss header verifier,
- * usually checked in gss_validate
- */
- if (maj_stat == GSS_S_COMPLETE) {
- gss_buffer_desc bufin;
- gss_buffer_desc bufout;
- u_int seq, qop_state = 0;
-
- seq = htonl(gr.gr_win);
- bufin.value = (unsigned char *)&seq;
- bufin.length = sizeof(seq);
- bufout.value = (unsigned char *)gd->gc_wire_verf.value;
- bufout.length = gd->gc_wire_verf.length;
-
- maj_stat = gss_verify_mic(&min_stat, gd->ctx,
- &bufin, &bufout, &qop_state);
-
- if (maj_stat != GSS_S_COMPLETE
- || qop_state != gd->sec.qop) {
- log_status("gss_verify_mic", maj_stat, min_stat);
- if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
- gd->established = FALSE;
- authgss_destroy_context(auth);
- }
- return (FALSE);
- }
- gd->established = TRUE;
- gd->gc.gc_proc = RPCSEC_GSS_DATA;
- gd->gc.gc_seq = 0;
- gd->win = gr.gr_win;
- break;
- }
- }
- /* End context negotiation loop. */
- if (gd->gc.gc_proc != RPCSEC_GSS_DATA) {
- if (gr.gr_token.length != 0)
- gss_release_buffer(&min_stat, &gr.gr_token);
-
- authgss_destroy(auth);
- auth = NULL;
- rpc_createerr.cf_stat = RPC_AUTHERROR;
-
- return (FALSE);
- }
- return (TRUE);
-}
-
-bool_t
-authgss_service(AUTH *auth, int svc)
-{
- struct rpc_gss_data *gd;
-
- log_debug("in authgss_service()");
-
- if (!auth)
- return(FALSE);
- gd = AUTH_PRIVATE(auth);
- if (!gd || !gd->established)
- return (FALSE);
- gd->sec.svc = svc;
- gd->gc.gc_svc = svc;
- return (TRUE);
-}
-
-static void
-authgss_destroy_context(AUTH *auth)
-{
- struct rpc_gss_data *gd;
- OM_uint32 min_stat;
-
- log_debug("in authgss_destroy_context()");
-
- gd = AUTH_PRIVATE(auth);
-
- if (gd->gc.gc_ctx.length != 0) {
- if (gd->established) {
- gd->gc.gc_proc = RPCSEC_GSS_DESTROY;
- clnt_call(gd->clnt, NULLPROC, xdr_void, NULL,
- xdr_void, NULL, AUTH_TIMEOUT);
- }
- gss_release_buffer(&min_stat, &gd->gc.gc_ctx);
- /* XXX ANDROS check size of context - should be 8 */
- memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx));
- }
- if (gd->ctx != GSS_C_NO_CONTEXT) {
- gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
- gd->ctx = GSS_C_NO_CONTEXT;
- }
- gd->established = FALSE;
-}
-
-static void
-authgss_destroy(AUTH *auth)
-{
- struct rpc_gss_data *gd;
- OM_uint32 min_stat;
-
- log_debug("in authgss_destroy()");
-
- gd = AUTH_PRIVATE(auth);
-
- authgss_destroy_context(auth);
-
-#ifdef DEBUG
- fprintf(stderr, "authgss_destroy: freeing name %p\n", gd->name);
-#endif
- if (gd->name != GSS_C_NO_NAME)
- gss_release_name(&min_stat, &gd->name);
-
- free(gd);
- free(auth);
-}
-
-bool_t
-authgss_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
-{
- struct rpc_gss_data *gd;
-
- log_debug("in authgss_wrap()");
-
- gd = AUTH_PRIVATE(auth);
-
- if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
- return ((*xdr_func)(xdrs, xdr_ptr));
- }
- return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
- gd->ctx, gd->sec.qop,
- gd->sec.svc, gd->gc.gc_seq));
-}
-
-bool_t
-authgss_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
-{
- struct rpc_gss_data *gd;
-
- log_debug("in authgss_unwrap()");
-
- gd = AUTH_PRIVATE(auth);
-
- if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
- return ((*xdr_func)(xdrs, xdr_ptr));
- }
- return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
- gd->ctx, gd->sec.qop,
- gd->sec.svc, gd->gc.gc_seq));
-}
+++ /dev/null
-/*
- authgss_prot.c
-
- Copyright (c) 2000 The Regents of the University of Michigan.
- All rights reserved.
-
- Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
- All rights reserved, all wrongs reversed.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- 3. Neither the name of the University nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <rpc/types.h>
-#include <rpc/xdr.h>
-#include <rpc/auth.h>
-#include <rpc/auth_gss.h>
-#include <rpc/rpc.h>
-#include <gssapi/gssapi.h>
-
-bool_t
-xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
-{
- bool_t xdr_stat;
-
- xdr_stat = (xdr_u_int(xdrs, &p->gc_v) &&
- xdr_enum(xdrs, (enum_t *)&p->gc_proc) &&
- xdr_u_int(xdrs, &p->gc_seq) &&
- xdr_enum(xdrs, (enum_t *)&p->gc_svc) &&
- xdr_bytes(xdrs, (char **)&p->gc_ctx.value,
- &p->gc_ctx.length, MAX_AUTH_BYTES));
-
- log_debug("xdr_rpc_gss_cred: %s %s "
- "(v %d, proc %d, seq %d, svc %d, ctx %p:%d)",
- (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
- (xdr_stat == TRUE) ? "success" : "failure",
- p->gc_v, p->gc_proc, p->gc_seq, p->gc_svc,
- p->gc_ctx.value, p->gc_ctx.length);
-
- return (xdr_stat);
-}
-
-bool_t
-xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
-{
- bool_t xdr_stat;
-
- xdr_stat = xdr_bytes(xdrs, (char **)&p->value,
- &p->length, MAX_NETOBJ_SZ);
-
- log_debug("xdr_rpc_gss_init_args: %s %s (token %p:%d)",
- (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
- (xdr_stat == TRUE) ? "success" : "failure",
- p->value, p->length);
-
- return (xdr_stat);
-}
-
-bool_t
-xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
-{
- bool_t xdr_stat;
-
- xdr_stat = (xdr_bytes(xdrs, (char **)&p->gr_ctx.value,
- &p->gr_ctx.length, MAX_NETOBJ_SZ) &&
- xdr_u_int(xdrs, &p->gr_major) &&
- xdr_u_int(xdrs, &p->gr_minor) &&
- xdr_u_int(xdrs, &p->gr_win) &&
- xdr_bytes(xdrs, (char **)&p->gr_token.value,
- &p->gr_token.length, MAX_NETOBJ_SZ));
-
- log_debug("xdr_rpc_gss_init_res %s %s "
- "(ctx %p:%d, maj %d, min %d, win %d, token %p:%d)",
- (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
- (xdr_stat == TRUE) ? "success" : "failure",
- p->gr_ctx.value, p->gr_ctx.length,
- p->gr_major, p->gr_minor, p->gr_win,
- p->gr_token.value, p->gr_token.length);
-
- return (xdr_stat);
-}
-
-bool_t
-xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
- gss_ctx_id_t ctx, gss_qop_t qop,
- rpc_gss_svc_t svc, u_int seq)
-{
- gss_buffer_desc databuf, wrapbuf;
- OM_uint32 maj_stat, min_stat;
- int start, end, conf_state;
- bool_t xdr_stat;
-
- /* Skip databody length. */
- start = XDR_GETPOS(xdrs);
- XDR_SETPOS(xdrs, start + 4);
-
- /* Marshal rpc_gss_data_t (sequence number + arguments). */
- if (!xdr_u_int(xdrs, &seq) || !(*xdr_func)(xdrs, xdr_ptr))
- return (FALSE);
- end = XDR_GETPOS(xdrs);
-
- /* Set databuf to marshalled rpc_gss_data_t. */
- databuf.length = end - start - 4;
- XDR_SETPOS(xdrs, start + 4);
- databuf.value = XDR_INLINE(xdrs, databuf.length);
-
- xdr_stat = FALSE;
-
- if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
- /* Marshal databody_integ length. */
- XDR_SETPOS(xdrs, start);
- if (!xdr_u_int(xdrs, &databuf.length))
- return (FALSE);
-
- /* Checksum rpc_gss_data_t. */
- maj_stat = gss_get_mic(&min_stat, ctx, qop,
- &databuf, &wrapbuf);
- if (maj_stat != GSS_S_COMPLETE) {
- log_debug("gss_get_mic failed");
- return (FALSE);
- }
- /* Marshal checksum. */
- XDR_SETPOS(xdrs, end);
- xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value,
- &wrapbuf.length, MAX_NETOBJ_SZ);
- gss_release_buffer(&min_stat, &wrapbuf);
- }
- else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
- /* Encrypt rpc_gss_data_t. */
- maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf,
- &conf_state, &wrapbuf);
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_wrap", maj_stat, min_stat);
- return (FALSE);
- }
- /* Marshal databody_priv. */
- XDR_SETPOS(xdrs, start);
- xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value,
- &wrapbuf.length, MAX_NETOBJ_SZ);
- gss_release_buffer(&min_stat, &wrapbuf);
- }
- return (xdr_stat);
-}
-
-bool_t
-xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
- gss_ctx_id_t ctx, gss_qop_t qop,
- rpc_gss_svc_t svc, u_int seq)
-{
- XDR tmpxdrs;
- gss_buffer_desc databuf, wrapbuf;
- OM_uint32 maj_stat, min_stat;
- u_int seq_num, conf_state, qop_state;
- bool_t xdr_stat;
-
- if (xdr_func == xdr_void || xdr_ptr == NULL)
- return (TRUE);
-
- memset(&databuf, 0, sizeof(databuf));
- memset(&wrapbuf, 0, sizeof(wrapbuf));
-
- if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
- /* Decode databody_integ. */
- if (!xdr_bytes(xdrs, (char **)&databuf.value, &databuf.length,
- MAX_NETOBJ_SZ)) {
- log_debug("xdr decode databody_integ failed");
- return (FALSE);
- }
- /* Decode checksum. */
- if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, &wrapbuf.length,
- MAX_NETOBJ_SZ)) {
- gss_release_buffer(&min_stat, &databuf);
- log_debug("xdr decode checksum failed");
- return (FALSE);
- }
- /* Verify checksum and QOP. */
- maj_stat = gss_verify_mic(&min_stat, ctx, &databuf,
- &wrapbuf, &qop_state);
- gss_release_buffer(&min_stat, &wrapbuf);
-
- if (maj_stat != GSS_S_COMPLETE || qop_state != qop) {
- gss_release_buffer(&min_stat, &databuf);
- log_status("gss_verify_mic", maj_stat, min_stat);
- return (FALSE);
- }
- }
- else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
- /* Decode databody_priv. */
- if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, &wrapbuf.length,
- MAX_NETOBJ_SZ)) {
- log_debug("xdr decode databody_priv failed");
- return (FALSE);
- }
- /* Decrypt databody. */
- maj_stat = gss_unwrap(&min_stat, ctx, &wrapbuf, &databuf,
- &conf_state, &qop_state);
-
- gss_release_buffer(&min_stat, &wrapbuf);
-
- /* Verify encryption and QOP. */
- if (maj_stat != GSS_S_COMPLETE || qop_state != qop ||
- conf_state != TRUE) {
- gss_release_buffer(&min_stat, &databuf);
- log_status("gss_unwrap", maj_stat, min_stat);
- return (FALSE);
- }
- }
- /* Decode rpc_gss_data_t (sequence number + arguments). */
- xdrmem_create(&tmpxdrs, databuf.value, databuf.length, XDR_DECODE);
- xdr_stat = (xdr_u_int(&tmpxdrs, &seq_num) &&
- (*xdr_func)(&tmpxdrs, xdr_ptr));
- XDR_DESTROY(&tmpxdrs);
- gss_release_buffer(&min_stat, &databuf);
-
- /* Verify sequence number. */
- if (xdr_stat == TRUE && seq_num != seq) {
- log_debug("wrong sequence number in databody");
- return (FALSE);
- }
- return (xdr_stat);
-}
-
-bool_t
-xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
- gss_ctx_id_t ctx, gss_qop_t qop,
- rpc_gss_svc_t svc, u_int seq)
-{
- switch (xdrs->x_op) {
-
- case XDR_ENCODE:
- return (xdr_rpc_gss_wrap_data(xdrs, xdr_func, xdr_ptr,
- ctx, qop, svc, seq));
- case XDR_DECODE:
- return (xdr_rpc_gss_unwrap_data(xdrs, xdr_func, xdr_ptr,
- ctx, qop,svc, seq));
- case XDR_FREE:
- return (TRUE);
- }
- return (FALSE);
-}
-
-#ifdef DEBUG
-#include <ctype.h>
-
-void
-log_debug(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- fprintf(stderr, "rpcsec_gss: ");
- vfprintf(stderr, fmt, ap);
- fprintf(stderr, "\n");
- va_end(ap);
-}
-
-void
-log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
-{
- OM_uint32 min;
- gss_buffer_desc msg;
- int msg_ctx = 0;
-
- fprintf(stderr, "rpcsec_gss: %s: ", m);
-
- gss_display_status(&min, maj_stat, GSS_C_GSS_CODE, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s - ", (char *)msg.value);
- gss_release_buffer(&min, &msg);
-
- gss_display_status(&min, min_stat, GSS_C_MECH_CODE, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s\n", (char *)msg.value);
- gss_release_buffer(&min, &msg);
-}
-
-void
-log_hexdump(const u_char *buf, int len, int offset)
-{
- u_int i, j, jm;
- int c;
-
- fprintf(stderr, "\n");
- for (i = 0; i < len; i += 0x10) {
- fprintf(stderr, " %04x: ", (u_int)(i + offset));
- jm = len - i;
- jm = jm > 16 ? 16 : jm;
-
- for (j = 0; j < jm; j++) {
- if ((j % 2) == 1)
- fprintf(stderr, "%02x ", (u_int) buf[i+j]);
- else
- fprintf(stderr, "%02x", (u_int) buf[i+j]);
- }
- for (; j < 16; j++) {
- if ((j % 2) == 1) printf(" ");
- else fprintf(stderr, " ");
- }
- fprintf(stderr, " ");
-
- for (j = 0; j < jm; j++) {
- c = buf[i+j];
- c = isprint(c) ? c : '.';
- fprintf(stderr, "%c", c);
- }
- fprintf(stderr, "\n");
- }
-}
-
-#else
-
-void
-log_debug(const char *fmt, ...)
-{
-}
-
-void
-log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
-{
-}
-
-void
-log_hexdump(const u_char *buf, int len, int offset)
-{
-}
-
-#endif
-
-
#ifndef _RPC_AUTH_GSS_H
#define _RPC_AUTH_GSS_H
-#include "config.h"
#include <rpc/clnt.h>
-#include "../../../include/gssapi/gssapi.h"
+#include <gssapi/gssapi.h>
/* RPCSEC_GSS control procedures. */
typedef enum {
+++ /dev/null
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: rpc_commondata.c,v 1.3 1996/08/19 08:31:47 tholo Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-#include <rpc/rpc.h>
-/*
- * This file should only contain common data (global data) that is exported
- * by public interfaces
- */
-struct opaque_auth _null_auth;
-fd_set svc_fdset;
-int svc_maxfd = -1;
-struct rpc_createerr rpc_createerr;
+++ /dev/null
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: svc.c,v 1.11 1998/02/25 12:21:18 deraadt Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * svc.c, Server-side remote procedure call interface.
- *
- * There are two sets of procedures here. The xprt routines are
- * for handling transport handles. The svc routines handle the
- * list of service routines.
- *
- * Copyright (C) 1984, Sun Microsystems, Inc.
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <rpc/rpc.h>
-#include <rpc/pmap_clnt.h>
-
-static SVCXPRT **xports;
-static int xportssize;
-
-#define NULL_SVC ((struct svc_callout *)0)
-#define RQCRED_SIZE 1024 /* this size is excessive */
-
-#define max(a, b) (a > b ? a : b)
-
-#if 0
-#ifdef __linux__
-#define fds_bits __fds_bits /* XXX - Linux sux */
-#endif
-#endif
-
-/*
- * The services list
- * Each entry represents a set of procedures (an rpc program).
- * The dispatch routine takes request structs and runs the
- * apropriate procedure.
- */
-static struct svc_callout {
- struct svc_callout *sc_next;
- u_long sc_prog;
- u_long sc_vers;
- void (*sc_dispatch)();
-} *svc_head;
-
-static struct svc_callout *svc_find();
-
-int __svc_fdsetsize;
-fd_set *__svc_fdset;
-
-/* *************** SVCXPRT related stuff **************** */
-
-/*
- * Activate a transport handle.
- */
-void
-xprt_register(xprt)
- SVCXPRT *xprt;
-{
- register int sock = xprt->xp_sock;
-
- if (sock+1 > __svc_fdsetsize) {
- int bytes = howmany(sock+1, NFDBITS) * sizeof(fd_mask);
- fd_set *fds;
-
- fds = (fd_set *)malloc(bytes);
- memset(fds, 0, bytes);
- if (__svc_fdset) {
- memcpy(fds, __svc_fdset, howmany(__svc_fdsetsize,
- NFDBITS) * sizeof(fd_mask));
- free(__svc_fdset);
- }
- __svc_fdset = fds;
- __svc_fdsetsize = sock+1;
- }
-
- if (sock < FD_SETSIZE)
- FD_SET(sock, &svc_fdset);
- FD_SET(sock, __svc_fdset);
-
- if (xports == NULL || sock+1 > xportssize) {
- SVCXPRT **xp;
- int size = FD_SETSIZE;
-
- if (sock+1 > size)
- size = sock+1;
- xp = (SVCXPRT **)mem_alloc(size * sizeof(SVCXPRT *));
- memset(xp, 0, size * sizeof(SVCXPRT *));
- if (xports) {
- memcpy(xp, xports, xportssize * sizeof(SVCXPRT *));
- free(xports);
- }
- xportssize = size;
- xports = xp;
- }
- xports[sock] = xprt;
- svc_maxfd = max(svc_maxfd, sock);
-}
-
-/*
- * De-activate a transport handle.
- */
-void
-xprt_unregister(xprt)
- SVCXPRT *xprt;
-{
- register int sock = xprt->xp_sock;
-
- if (xports[sock] == xprt) {
- xports[sock] = (SVCXPRT *)0;
- if (sock < FD_SETSIZE)
- FD_CLR(sock, &svc_fdset);
- FD_CLR(sock, __svc_fdset);
- if (sock == svc_maxfd) {
- for (svc_maxfd--; svc_maxfd>=0; svc_maxfd--)
- if (xports[svc_maxfd])
- break;
- }
- /*
- * XXX could use svc_maxfd as a hint to
- * decrease the size of __svc_fdset
- */
- }
-}
-
-
-/* ********************** CALLOUT list related stuff ************* */
-
-/*
- * Add a service program to the callout list.
- * The dispatch routine will be called when a rpc request for this
- * program number comes in.
- */
-bool_t
-svc_register(xprt, prog, vers, dispatch, protocol)
- SVCXPRT *xprt;
- u_long prog;
- u_long vers;
- void (*dispatch)();
- int protocol;
-{
- struct svc_callout *prev;
- register struct svc_callout *s;
-
- if ((s = svc_find(prog, vers, &prev)) != NULL_SVC) {
- if (s->sc_dispatch == dispatch)
- goto pmap_it; /* he is registering another xptr */
- return (FALSE);
- }
- s = (struct svc_callout *)mem_alloc(sizeof(struct svc_callout));
- if (s == (struct svc_callout *)0) {
- return (FALSE);
- }
- s->sc_prog = prog;
- s->sc_vers = vers;
- s->sc_dispatch = dispatch;
- s->sc_next = svc_head;
- svc_head = s;
-pmap_it:
- /* now register the information with the local binder service */
- if (protocol) {
- return (pmap_set(prog, vers, protocol, xprt->xp_port));
- }
- return (TRUE);
-}
-
-/*
- * Remove a service program from the callout list.
- */
-void
-svc_unregister(prog, vers)
- u_long prog;
- u_long vers;
-{
- struct svc_callout *prev;
- register struct svc_callout *s;
-
- if ((s = svc_find(prog, vers, &prev)) == NULL_SVC)
- return;
- if (prev == NULL_SVC) {
- svc_head = s->sc_next;
- } else {
- prev->sc_next = s->sc_next;
- }
- s->sc_next = NULL_SVC;
- mem_free((char *) s, (u_int) sizeof(struct svc_callout));
- /* now unregister the information with the local binder service */
- (void)pmap_unset(prog, vers);
-}
-
-/*
- * Search the callout list for a program number, return the callout
- * struct.
- */
-static struct svc_callout *
-svc_find(prog, vers, prev)
- u_long prog;
- u_long vers;
- struct svc_callout **prev;
-{
- register struct svc_callout *s, *p;
-
- p = NULL_SVC;
- for (s = svc_head; s != NULL_SVC; s = s->sc_next) {
- if ((s->sc_prog == prog) && (s->sc_vers == vers))
- goto done;
- p = s;
- }
-done:
- *prev = p;
- return (s);
-}
-
-/* ******************* REPLY GENERATION ROUTINES ************ */
-
-/*
- * Send a reply to an rpc request
- */
-bool_t
-svc_sendreply(xprt, xdr_results, xdr_location)
- register SVCXPRT *xprt;
- xdrproc_t xdr_results;
- caddr_t xdr_location;
-{
- struct rpc_msg rply;
-
- rply.rm_direction = REPLY;
- rply.rm_reply.rp_stat = MSG_ACCEPTED;
- rply.acpted_rply.ar_verf = xprt->xp_verf;
- rply.acpted_rply.ar_stat = SUCCESS;
- rply.acpted_rply.ar_results.where = xdr_location;
- rply.acpted_rply.ar_results.proc = xdr_results;
- return (SVC_REPLY(xprt, &rply));
-}
-
-/*
- * No procedure error reply
- */
-void
-svcerr_noproc(xprt)
- register SVCXPRT *xprt;
-{
- struct rpc_msg rply;
-
- rply.rm_direction = REPLY;
- rply.rm_reply.rp_stat = MSG_ACCEPTED;
- rply.acpted_rply.ar_verf = xprt->xp_verf;
- rply.acpted_rply.ar_stat = PROC_UNAVAIL;
- SVC_REPLY(xprt, &rply);
-}
-
-/*
- * Can't decode args error reply
- */
-void
-svcerr_decode(xprt)
- register SVCXPRT *xprt;
-{
- struct rpc_msg rply;
-
- rply.rm_direction = REPLY;
- rply.rm_reply.rp_stat = MSG_ACCEPTED;
- rply.acpted_rply.ar_verf = xprt->xp_verf;
- rply.acpted_rply.ar_stat = GARBAGE_ARGS;
- SVC_REPLY(xprt, &rply);
-}
-
-/*
- * Some system error
- */
-void
-svcerr_systemerr(xprt)
- register SVCXPRT *xprt;
-{
- struct rpc_msg rply;
-
- rply.rm_direction = REPLY;
- rply.rm_reply.rp_stat = MSG_ACCEPTED;
- rply.acpted_rply.ar_verf = xprt->xp_verf;
- rply.acpted_rply.ar_stat = SYSTEM_ERR;
- SVC_REPLY(xprt, &rply);
-}
-
-/*
- * Authentication error reply
- */
-void
-svcerr_auth(xprt, why)
- SVCXPRT *xprt;
- enum auth_stat why;
-{
- struct rpc_msg rply;
-
- rply.rm_direction = REPLY;
- rply.rm_reply.rp_stat = MSG_DENIED;
- rply.rjcted_rply.rj_stat = AUTH_ERROR;
- rply.rjcted_rply.rj_why = why;
- SVC_REPLY(xprt, &rply);
-}
-
-/*
- * Auth too weak error reply
- */
-void
-svcerr_weakauth(xprt)
- SVCXPRT *xprt;
-{
-
- svcerr_auth(xprt, AUTH_TOOWEAK);
-}
-
-/*
- * Program unavailable error reply
- */
-void
-svcerr_noprog(xprt)
- register SVCXPRT *xprt;
-{
- struct rpc_msg rply;
-
- rply.rm_direction = REPLY;
- rply.rm_reply.rp_stat = MSG_ACCEPTED;
- rply.acpted_rply.ar_verf = xprt->xp_verf;
- rply.acpted_rply.ar_stat = PROG_UNAVAIL;
- SVC_REPLY(xprt, &rply);
-}
-
-/*
- * Program version mismatch error reply
- */
-void
-svcerr_progvers(xprt, low_vers, high_vers)
- register SVCXPRT *xprt;
- u_long low_vers;
- u_long high_vers;
-{
- struct rpc_msg rply;
-
- rply.rm_direction = REPLY;
- rply.rm_reply.rp_stat = MSG_ACCEPTED;
- rply.acpted_rply.ar_verf = xprt->xp_verf;
- rply.acpted_rply.ar_stat = PROG_MISMATCH;
- rply.acpted_rply.ar_vers.low = low_vers;
- rply.acpted_rply.ar_vers.high = high_vers;
- SVC_REPLY(xprt, &rply);
-}
-
-/* ******************* SERVER INPUT STUFF ******************* */
-
-/*
- * Get server side input from some transport.
- *
- * Statement of authentication parameters management:
- * This function owns and manages all authentication parameters, specifically
- * the "raw" parameters (msg.rm_call.cb_cred and msg.rm_call.cb_verf) and
- * the "cooked" credentials (rqst->rq_clntcred).
- * However, this function does not know the structure of the cooked
- * credentials, so it make the following assumptions:
- * a) the structure is contiguous (no pointers), and
- * b) the cred structure size does not exceed RQCRED_SIZE bytes.
- * In all events, all three parameters are freed upon exit from this routine.
- * The storage is trivially management on the call stack in user land, but
- * is mallocated in kernel land.
- */
-
-void
-svc_getreq(rdfds)
- int rdfds;
-{
- fd_set readfds;
-
- FD_ZERO(&readfds);
- readfds.fds_bits[0] = rdfds;
- svc_getreqset(&readfds);
-}
-
-void svc_getreqset2 __P((fd_set *, int));
-
-void
-svc_getreqset(readfds)
- fd_set *readfds;
-{
- svc_getreqset2(readfds, FD_SETSIZE);
-}
-
-void
-svc_getreqset2(readfds, width)
- fd_set *readfds;
- int width;
-{
- enum xprt_stat stat;
- struct rpc_msg msg;
- int prog_found;
- u_long low_vers;
- u_long high_vers;
- struct svc_req r;
- register SVCXPRT *xprt;
- register int bit;
- register fd_mask mask, *maskp;
- register int sock;
- bool_t no_dispatch;
- char cred_area[2*MAX_AUTH_BYTES + RQCRED_SIZE];
- msg.rm_call.cb_cred.oa_base = cred_area;
- msg.rm_call.cb_verf.oa_base = &(cred_area[MAX_AUTH_BYTES]);
- r.rq_clntcred = &(cred_area[2*MAX_AUTH_BYTES]);
-
- maskp = readfds->fds_bits;
- for (sock = 0; sock < width; sock += NFDBITS) {
- for (mask = *maskp++; (bit = ffs(mask)); mask ^= (1 << (bit - 1))) {
- /* sock has input waiting */
- xprt = xports[sock + bit - 1];
- if (xprt == NULL)
- /* But do we control sock? */
- continue;
- /* now receive msgs from xprtprt (support batch calls) */
- do {
- if (SVC_RECV(xprt, &msg)) {
-
- /* now find the exported program and call it */
- register struct svc_callout *s;
- enum auth_stat why;
-
- r.rq_xprt = xprt;
- r.rq_prog = msg.rm_call.cb_prog;
- r.rq_vers = msg.rm_call.cb_vers;
- r.rq_proc = msg.rm_call.cb_proc;
- r.rq_cred = msg.rm_call.cb_cred;
-
- no_dispatch = FALSE;
-
- /* first authenticate the message */
- if ((why = _authenticate(&r, &msg, &no_dispatch)) != AUTH_OK) {
- svcerr_auth(xprt, why);
- goto call_done;
- }
- else if (no_dispatch) {
- goto call_done;
- }
- /* now match message with a registered service*/
- prog_found = FALSE;
- low_vers = (u_long) -1;
- high_vers = 0;
- for (s = svc_head; s != NULL_SVC; s = s->sc_next) {
- if (s->sc_prog == r.rq_prog) {
- if (s->sc_vers == r.rq_vers) {
- (*s->sc_dispatch)(&r, xprt);
- goto call_done;
- } /* found correct version */
- prog_found = TRUE;
- if (s->sc_vers < low_vers)
- low_vers = s->sc_vers;
- if (s->sc_vers > high_vers)
- high_vers = s->sc_vers;
- } /* found correct program */
- }
- /*
- * if we got here, the program or version
- * is not served ...
- */
- if (prog_found)
- svcerr_progvers(xprt,
- low_vers, high_vers);
- else
- svcerr_noprog(xprt);
- /* Fall through to ... */
- }
- call_done:
- if ((stat = SVC_STAT(xprt)) == XPRT_DIED) {
- SVC_DESTROY(xprt);
- break;
- }
- } while (stat == XPRT_MOREREQS);
- }
- }
-}
+++ /dev/null
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: svc_auth.c,v 1.4 1998/03/19 00:27:22 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * svc_auth_nodes.c, Server-side rpc authenticator interface,
- * *WITHOUT* DES authentication.
- *
- * Copyright (C) 1984, Sun Microsystems, Inc.
- */
-
-#include <rpc/rpc.h>
-
-/*
- * svcauthsw is the bdevsw of server side authentication.
- *
- * Server side authenticators are called from authenticate by
- * using the client auth struct flavor field to index into svcauthsw.
- * The server auth flavors must implement a routine that looks
- * like:
- *
- * enum auth_stat
- * flavorx_auth(rqst, msg)
- * register struct svc_req *rqst;
- * register struct rpc_msg *msg;
- *
- */
-
-enum auth_stat _svcauth_none(); /* no authentication */
-enum auth_stat _svcauth_unix(); /* unix style (uid, gids) */
-enum auth_stat _svcauth_short(); /* short hand unix style */
-enum auth_stat _svcauth_gss(); /* RPCSEC_GSS */
-
-static struct {
- enum auth_stat (*authenticator)();
-} svcauthsw[] = {
- { _svcauth_none }, /* AUTH_NONE */
- { _svcauth_unix }, /* AUTH_UNIX */
- { _svcauth_short }, /* AUTH_SHORT */
- { _svcauth_none }, /* AUTH_DES - does not exist */
- { _svcauth_none },
- { _svcauth_none },
- { _svcauth_gss } /* RPCSEC_GSS */
-};
-#define AUTH_MAX 6 /* HIGHEST AUTH NUMBER */
-
-/*
- * The call rpc message, msg has been obtained from the wire. The msg contains
- * the raw form of credentials and verifiers. authenticate returns AUTH_OK
- * if the msg is successfully authenticated. If AUTH_OK then the routine also
- * does the following things:
- * set rqst->rq_xprt->verf to the appropriate response verifier;
- * sets rqst->rq_clntcred to the "cooked" form of the credentials.
- *
- * NB: rqst->rq_xprt->verf must be pre-alloctaed;
- * its length is set appropriately.
- *
- * The caller still owns and is responsible for msg->u.cmb.cred and
- * msg->u.cmb.verf. The authentication system retains ownership of
- * rqst->rq_clntcred, the cooked credentials.
- *
- * There is an assumption that any flavour less than AUTH_NONE is
- * invalid.
- */
-enum auth_stat
-_authenticate(rqst, msg, no_dispatch)
- register struct svc_req *rqst;
- struct rpc_msg *msg;
- bool_t *no_dispatch;
-{
- register int cred_flavor;
-
- rqst->rq_cred = msg->rm_call.cb_cred;
- rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
- rqst->rq_xprt->xp_verf.oa_length = 0;
- cred_flavor = rqst->rq_cred.oa_flavor;
- *no_dispatch = FALSE;
-
- if ((cred_flavor <= AUTH_MAX) && (cred_flavor >= AUTH_NONE)) {
- return ((*(svcauthsw[cred_flavor].authenticator))(rqst, msg, no_dispatch));
- }
-
- return (AUTH_REJECTEDCRED);
-}
+++ /dev/null
-/*
- svc_auth_gss.c
-
- Copyright (c) 2000 The Regents of the University of Michigan.
- All rights reserved.
-
- Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
- All rights reserved, all wrongs reversed.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- 3. Neither the name of the University nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <rpc/rpc.h>
-#include <gssapi/gssapi.h>
-
-extern SVCAUTH svc_auth_none;
-
-/*
- * from mit-krb5-1.2.1 mechglue/mglueP.h:
- * Array of context IDs typed by mechanism OID
- */
-typedef struct gss_union_ctx_id_t {
- gss_OID mech_type;
- gss_ctx_id_t internal_ctx_id;
-} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
-
-
-
-static bool_t svcauth_gss_destroy();
-static bool_t svcauth_gss_wrap();
-static bool_t svcauth_gss_unwrap();
-
-struct svc_auth_ops svc_auth_gss_ops = {
- svcauth_gss_wrap,
- svcauth_gss_unwrap,
- svcauth_gss_destroy
-};
-
-struct svc_rpc_gss_data {
- bool_t established; /* context established */
- gss_ctx_id_t ctx; /* context id */
- struct rpc_gss_sec sec; /* security triple */
- gss_buffer_desc cname; /* GSS client name */
- u_int seq; /* sequence number */
- u_int win; /* sequence window */
- u_int seqlast; /* last sequence number */
- u_int32_t seqmask; /* bitmask of seqnums */
- gss_name_t client_name; /* unparsed name string */
-};
-
-#define SVCAUTH_PRIVATE(auth) \
- ((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
-
-/* Global server credentials. */
-gss_cred_id_t _svcauth_gss_creds;
-static gss_name_t _svcauth_gss_name = NULL;
-
-bool_t
-svcauth_gss_set_svc_name(gss_name_t name)
-{
- OM_uint32 maj_stat, min_stat;
-
- log_debug("in svcauth_gss_set_svc_name()");
-
- if (_svcauth_gss_name != NULL) {
- maj_stat = gss_release_name(&min_stat, &_svcauth_gss_name);
-
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_release_name", maj_stat, min_stat);
- return (FALSE);
- }
- _svcauth_gss_name = NULL;
- }
- maj_stat = gss_duplicate_name(&min_stat, name, &_svcauth_gss_name);
-
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_duplicate_name", maj_stat, min_stat);
- return (FALSE);
- }
-
- return (TRUE);
-}
-
-static bool_t
-svcauth_gss_import_name(char *service)
-{
- gss_name_t name;
- gss_buffer_desc namebuf;
- OM_uint32 maj_stat, min_stat;
-
- log_debug("in svcauth_gss_import_name()");
-
- namebuf.value = service;
- namebuf.length = strlen(service);
-
- maj_stat = gss_import_name(&min_stat, &namebuf,
- GSS_C_NT_HOSTBASED_SERVICE, &name);
-
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_import_name", maj_stat, min_stat);
- return (FALSE);
- }
- if (svcauth_gss_set_svc_name(name) != TRUE) {
- gss_release_name(&min_stat, &name);
- return (FALSE);
- }
- return (TRUE);
-}
-
-static bool_t
-svcauth_gss_acquire_cred(void)
-{
- OM_uint32 maj_stat, min_stat;
-
- log_debug("in svcauth_gss_acquire_cred()");
-
- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, 0,
- GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
- &_svcauth_gss_creds, NULL, NULL);
-
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_acquire_cred", maj_stat, min_stat);
- return (FALSE);
- }
- return (TRUE);
-}
-
-static bool_t
-svcauth_gss_release_cred(void)
-{
- OM_uint32 maj_stat, min_stat;
-
- log_debug("in svcauth_gss_release_cred()");
-
- maj_stat = gss_release_cred(&min_stat, &_svcauth_gss_creds);
-
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_release_cred", maj_stat, min_stat);
- return (FALSE);
- }
-
- _svcauth_gss_creds = NULL;
-
- return (TRUE);
-}
-
-static bool_t
-svcauth_gss_accept_sec_context(struct svc_req *rqst,
- struct rpc_gss_init_res *gr)
-{
- struct svc_rpc_gss_data *gd;
- struct rpc_gss_cred *gc;
- gss_buffer_desc recv_tok, seqbuf, checksum;
- gss_OID mech;
- OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq;
-
- log_debug("in svcauth_gss_accept_context()");
-
- gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
- gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
- memset(gr, 0, sizeof(*gr));
-
- /* Deserialize arguments. */
- memset(&recv_tok, 0, sizeof(recv_tok));
-
- if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args,
- (caddr_t)&recv_tok))
- return (FALSE);
-
- gr->gr_major = gss_accept_sec_context(&gr->gr_minor,
- &gd->ctx,
- _svcauth_gss_creds,
- &recv_tok,
- GSS_C_NO_CHANNEL_BINDINGS,
- &gd->client_name,
- &mech,
- &gr->gr_token,
- &ret_flags,
- NULL,
- NULL);
-
- if (gr->gr_major != GSS_S_COMPLETE &&
- gr->gr_major != GSS_S_CONTINUE_NEEDED) {
- log_status("accept_sec_context", gr->gr_major, gr->gr_minor);
- gd->ctx = GSS_C_NO_CONTEXT;
- gss_release_buffer(&min_stat, &gr->gr_token);
- return (FALSE);
- }
- /* ANDROS: krb5 mechglue returns ctx of size 8 - two pointers,
- * one to the mechanism oid, one to the internal_ctx_id */
- if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) {
- fprintf(stderr, "svcauth_gss_accept_context: out of memory\n");
- return (FALSE);
- }
- memcpy(gr->gr_ctx.value, gd->ctx, sizeof(gss_union_ctx_id_desc));
- gr->gr_ctx.length = sizeof(gss_union_ctx_id_desc);
-
- /* ANDROS: change for debugging linux kernel version...
- gr->gr_win = sizeof(gd->seqmask) * 8;
- */
- gr->gr_win = 0x00000005;
-
- /* Save client info. */
- gd->sec.mech = mech;
- gd->sec.qop = GSS_C_QOP_DEFAULT;
- gd->sec.svc = gc->gc_svc;
- gd->seq = gc->gc_seq;
- gd->win = gr->gr_win;
-
- if (gr->gr_major == GSS_S_COMPLETE) {
- maj_stat = gss_display_name(&min_stat, gd->client_name,
- &gd->cname, &gd->sec.mech);
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("display_name", maj_stat, min_stat);
- return (FALSE);
- }
-#ifdef DEBUG
-#ifdef HAVE_KRB5
- {
- gss_buffer_desc mechname;
-
- gss_oid_to_str(&min_stat, mech, &mechname);
-
- log_debug("accepted context for %.*s with "
- "<mech %.*s, qop %d, svc %d>",
- gd->cname.length, (char *)gd->cname.value,
- mechname.length, (char *)mechname.value,
- gd->sec.qop, gd->sec.svc);
-
- gss_release_buffer(&min_stat, &mechname);
- }
-#elif HAVE_HEIMDAL
- log_debug("accepted context for %.*s with "
- "<mech {}, qop %d, svc %d>",
- gd->cname.length, (char *)gd->cname.value,
- gd->sec.qop, gd->sec.svc);
-#endif
-#endif /* DEBUG */
- seq = htonl(gr->gr_win);
- seqbuf.value = &seq;
- seqbuf.length = sizeof(seq);
-
- maj_stat = gss_sign(&min_stat, gd->ctx, GSS_C_QOP_DEFAULT,
- &seqbuf, &checksum);
-
- if (maj_stat != GSS_S_COMPLETE)
- return (FALSE);
-
- rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
- rqst->rq_xprt->xp_verf.oa_base = checksum.value;
- rqst->rq_xprt->xp_verf.oa_length = checksum.length;
- }
- return (TRUE);
-}
-
-static bool_t
-svcauth_gss_validate(struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
-{
- struct opaque_auth *oa;
- gss_buffer_desc rpcbuf, checksum;
- OM_uint32 maj_stat, min_stat, qop_state;
- u_char rpchdr[128];
- int32_t *buf;
-
- log_debug("in svcauth_gss_validate()");
-
- memset(rpchdr, 0, sizeof(rpchdr));
-
- /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
- buf = (int32_t *)rpchdr;
- IXDR_PUT_LONG(buf, msg->rm_xid);
- IXDR_PUT_ENUM(buf, msg->rm_direction);
- IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers);
- IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
- IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
- IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
- oa = &msg->rm_call.cb_cred;
- IXDR_PUT_ENUM(buf, oa->oa_flavor);
- IXDR_PUT_LONG(buf, oa->oa_length);
- if (oa->oa_length) {
- memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
- buf += RNDUP(oa->oa_length) / sizeof(int32_t);
- }
- rpcbuf.value = rpchdr;
- rpcbuf.length = (u_char *)buf - rpchdr;
-
- checksum.value = msg->rm_call.cb_verf.oa_base;
- checksum.length = msg->rm_call.cb_verf.oa_length;
-
- maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum,
- &qop_state);
-
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_verify_mic", maj_stat, min_stat);
- return (FALSE);
- }
- return (TRUE);
-}
-
-bool_t
-svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
-{
- struct svc_rpc_gss_data *gd;
- gss_buffer_desc signbuf, checksum;
- OM_uint32 maj_stat, min_stat;
-
- log_debug("in svcauth_gss_nextverf()");
-
- if (rqst->rq_xprt->xp_auth == NULL)
- return (FALSE);
-
- gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
-
- signbuf.value = #
- signbuf.length = sizeof(num);
-
- maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
- &signbuf, &checksum);
-
- if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_get_mic", maj_stat, min_stat);
- return (FALSE);
- }
- rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
- rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
-
- return (TRUE);
-}
-
-enum auth_stat
-_svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
-{
- XDR xdrs;
- SVCAUTH *auth;
- struct svc_rpc_gss_data *gd;
- struct rpc_gss_cred *gc;
- struct rpc_gss_init_res gr;
- int call_stat, offset;
-
- log_debug("in svcauth_gss()");
-
- /* Initialize reply. */
- rqst->rq_xprt->xp_verf = _null_auth;
-
- /* Allocate and set up server auth handle. */
- if (rqst->rq_xprt->xp_auth == NULL ||
- rqst->rq_xprt->xp_auth == &svc_auth_none) {
- if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
- fprintf(stderr, "svcauth_gss: out_of_memory\n");
- return (AUTH_FAILED);
- }
- if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
- fprintf(stderr, "svcauth_gss: out_of_memory\n");
- return (AUTH_FAILED);
- }
- auth->svc_ah_ops = &svc_auth_gss_ops;
- auth->svc_ah_private = (caddr_t)gd;
- rqst->rq_xprt->xp_auth = auth;
- }
- else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
-
- /* Deserialize client credentials. */
- if (rqst->rq_cred.oa_length <= 0)
- return (AUTH_BADCRED);
-
- gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
- memset(gc, 0, sizeof(*gc));
-
- xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
- rqst->rq_cred.oa_length, XDR_DECODE);
-
- if (!xdr_rpc_gss_cred(&xdrs, gc)) {
- XDR_DESTROY(&xdrs);
- return (AUTH_BADCRED);
- }
- XDR_DESTROY(&xdrs);
-
- /* Check version. */
- if (gc->gc_v != RPCSEC_GSS_VERSION)
- return (AUTH_BADCRED);
-
- /* Check RPCSEC_GSS service. */
- if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
- gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
- return (AUTH_BADCRED);
-
- /* Check sequence number. */
- if (gd->established) {
- if (gc->gc_seq > MAXSEQ)
- return (RPCSEC_GSS_CTXPROBLEM);
-
- if ((offset = gd->seqlast - gc->gc_seq) < 0) {
- gd->seqlast = gc->gc_seq;
- offset = 0 - offset;
- gd->seqmask <<= offset;
- offset = 0;
- }
- else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
- *no_dispatch = 1;
- return (RPCSEC_GSS_CTXPROBLEM);
- }
- gd->seq = gc->gc_seq;
- gd->seqmask |= (1 << offset);
- }
-
- if (gd->established) {
- rqst->rq_clntname = (char *)gd->client_name;
- rqst->rq_svcname = (char *)gd->ctx;
- }
-
- /* Handle RPCSEC_GSS control procedure. */
- switch (gc->gc_proc) {
-
- case RPCSEC_GSS_INIT:
- case RPCSEC_GSS_CONTINUE_INIT:
- if (rqst->rq_proc != NULLPROC)
- return (AUTH_FAILED); /* XXX ? */
-
- if (_svcauth_gss_name == NULL) {
- if (!svcauth_gss_import_name("nfs"))
- return (AUTH_FAILED);
- }
-
- if (!svcauth_gss_acquire_cred())
- return (AUTH_FAILED);
-
- if (!svcauth_gss_accept_sec_context(rqst, &gr))
- return (AUTH_REJECTEDCRED);
-
- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
- return (AUTH_FAILED);
-
- *no_dispatch = TRUE;
-
- call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res,
- (caddr_t)&gr);
-
- if (!call_stat)
- return (AUTH_FAILED);
-
- if (gr.gr_major == GSS_S_COMPLETE)
- gd->established = TRUE;
-
- break;
-
- case RPCSEC_GSS_DATA:
- if (!svcauth_gss_validate(gd, msg))
- return (RPCSEC_GSS_CREDPROBLEM);
-
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
- return (AUTH_FAILED);
- break;
-
- case RPCSEC_GSS_DESTROY:
- if (rqst->rq_proc != NULLPROC)
- return (AUTH_FAILED); /* XXX ? */
-
- if (!svcauth_gss_validate(gd, msg))
- return (RPCSEC_GSS_CREDPROBLEM);
-
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
- return (AUTH_FAILED);
-
- if (!svcauth_gss_release_cred())
- return (AUTH_FAILED);
-
- SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
- rqst->rq_xprt->xp_auth = &svc_auth_none;
-
- break;
-
- default:
- return (AUTH_REJECTEDCRED);
- break;
- }
- return (AUTH_OK);
-}
-
-bool_t
-svcauth_gss_destroy(SVCAUTH *auth)
-{
- struct svc_rpc_gss_data *gd;
- OM_uint32 min_stat;
-
- log_debug("in svcauth_gss_destroy()");
-
- gd = SVCAUTH_PRIVATE(auth);
-
- gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER);
- gss_release_buffer(&min_stat, &gd->cname);
-
- if (gd->client_name)
- gss_release_name(&min_stat, &gd->client_name);
-
- mem_free(gd, sizeof(*gd));
- mem_free(auth, sizeof(*auth));
-
- return (TRUE);
-}
-
-bool_t
-svcauth_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
-{
- struct svc_rpc_gss_data *gd;
-
- log_debug("in svcauth_gss_wrap()");
-
- gd = SVCAUTH_PRIVATE(auth);
-
- if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
- return ((*xdr_func)(xdrs, xdr_ptr));
- }
- return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
- gd->ctx, gd->sec.qop,
- gd->sec.svc, gd->seq));
-}
-
-bool_t
-svcauth_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
-{
- struct svc_rpc_gss_data *gd;
-
- log_debug("in svcauth_gss_unwrap()");
-
- gd = SVCAUTH_PRIVATE(auth);
-
- if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
- return ((*xdr_func)(xdrs, xdr_ptr));
- }
- return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
- gd->ctx, gd->sec.qop,
- gd->sec.svc, gd->seq));
-}
-
-char *
-svcauth_gss_get_principal(SVCAUTH *auth)
-{
- struct svc_rpc_gss_data *gd;
- char *pname;
-
- gd = SVCAUTH_PRIVATE(auth);
-
- if (gd->cname.length == 0)
- return (NULL);
-
- if ((pname = malloc(gd->cname.length + 1)) == NULL)
- return (NULL);
-
- memcpy(pname, gd->cname.value, gd->cname.length);
- pname[gd->cname.length] = '\0';
-
- return (pname);
-}
+++ /dev/null
-/*
- svc_auth_none.c
-
- Copyright (c) 2000 The Regents of the University of Michigan.
- All rights reserved.
-
- Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
- All rights reserved, all wrongs reversed.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- 3. Neither the name of the University nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
- $Id: svc_auth_none.c,v 1.1 2004/10/19 00:23:05 neilbrown Exp $
- */
-
-#include <rpc/rpc.h>
-
-static bool_t svcauth_none_destroy();
-static bool_t svcauth_none_wrap();
-
-struct svc_auth_ops svc_auth_none_ops = {
- svcauth_none_wrap,
- svcauth_none_wrap,
- svcauth_none_destroy
-};
-
-SVCAUTH svc_auth_none = {
- &svc_auth_none_ops,
- NULL,
-};
-
-static bool_t
-svcauth_none_destroy(SVCAUTH *auth)
-{
- return (TRUE);
-}
-
-static bool_t
-svcauth_none_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func,
- caddr_t xdr_ptr)
-{
- return ((*xdr_func)(xdrs, xdr_ptr));
-}
-
-enum auth_stat
-_svcauth_none(struct svc_req *rqst, struct rpc_msg *msg)
-{
- rqst->rq_xprt->xp_auth = &svc_auth_none;
-
- return (AUTH_OK);
-}
+++ /dev/null
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: svc_auth_unix.c,v 1.6 1998/11/22 07:38:25 deraadt Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * svc_auth_unix.c
- * Handles UNIX flavor authentication parameters on the service side of rpc.
- * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT.
- * _svcauth_unix does full blown unix style uid,gid+gids auth,
- * _svcauth_short uses a shorthand auth to index into a cache of longhand auths.
- * Note: the shorthand has been gutted for efficiency.
- *
- * Copyright (C) 1984, Sun Microsystems, Inc.
- */
-
-#include <stdio.h>
-#include <rpc/rpc.h>
-#include <string.h>
-
-extern SVCAUTH svc_auth_none;
-
-/*
- * Unix longhand authenticator
- */
-enum auth_stat
-_svcauth_unix(rqst, msg)
- register struct svc_req *rqst;
- register struct rpc_msg *msg;
-{
- register enum auth_stat stat;
- XDR xdrs;
- register struct authunix_parms *aup;
- register int32_t *buf;
- struct area {
- struct authunix_parms area_aup;
- char area_machname[MAX_MACHINE_NAME+1];
- int area_gids[NGRPS];
- } *area;
- u_int auth_len;
- u_int str_len, gid_len;
- register u_int i;
-
- rqst->rq_xprt->xp_auth = &svc_auth_none;
-
- area = (struct area *) rqst->rq_clntcred;
- aup = &area->area_aup;
- aup->aup_machname = area->area_machname;
- aup->aup_gids = area->area_gids;
- auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
- xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
- buf = XDR_INLINE(&xdrs, auth_len);
- if (buf != NULL) {
- aup->aup_time = IXDR_GET_LONG(buf);
- str_len = IXDR_GET_U_LONG(buf);
- if (str_len > MAX_MACHINE_NAME) {
- stat = AUTH_BADCRED;
- goto done;
- }
- memcpy(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
- aup->aup_machname[str_len] = 0;
- str_len = RNDUP(str_len);
- buf += str_len / sizeof (int32_t);
- aup->aup_uid = IXDR_GET_LONG(buf);
- aup->aup_gid = IXDR_GET_LONG(buf);
- gid_len = IXDR_GET_U_LONG(buf);
- if (gid_len > NGRPS) {
- stat = AUTH_BADCRED;
- goto done;
- }
- aup->aup_len = gid_len;
- for (i = 0; i < gid_len; i++) {
- aup->aup_gids[i] = IXDR_GET_LONG(buf);
- }
- /*
- * five is the smallest unix credentials structure -
- * timestamp, hostname len (0), uid, gid, and gids len (0).
- */
- if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
- (void) printf("bad auth_len gid %u str %u auth %u\n",
- gid_len, str_len, auth_len);
- stat = AUTH_BADCRED;
- goto done;
- }
- } else if (! xdr_authunix_parms(&xdrs, aup)) {
- xdrs.x_op = XDR_FREE;
- (void)xdr_authunix_parms(&xdrs, aup);
- stat = AUTH_BADCRED;
- goto done;
- }
- rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
- rqst->rq_xprt->xp_verf.oa_length = 0;
- stat = AUTH_OK;
-done:
- XDR_DESTROY(&xdrs);
- return (stat);
-}
-
-
-/*
- * Shorthand unix authenticator
- * Looks up longhand in a cache.
- */
-enum auth_stat
-_svcauth_short(rqst, msg)
- struct svc_req *rqst;
- struct rpc_msg *msg;
-{
- rqst->rq_xprt->xp_auth = &svc_auth_none;
-
- return (AUTH_REJECTEDCRED);
-}
+++ /dev/null
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: svc_raw.c,v 1.4 1996/09/15 09:31:39 tholo Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * svc_raw.c, This a toy for simple testing and timing.
- * Interface to create an rpc client and server in the same UNIX process.
- * This lets us similate rpc and get rpc (round trip) overhead, without
- * any interference from the kernal.
- *
- * Copyright (C) 1984, Sun Microsystems, Inc.
- */
-
-#include <stdlib.h>
-#include <rpc/rpc.h>
-
-
-/*
- * This is the "network" that we will be moving data over
- */
-static struct svcraw_private {
- char _raw_buf[UDPMSGSIZE];
- SVCXPRT server;
- XDR xdr_stream;
- char verf_body[MAX_AUTH_BYTES];
-} *svcraw_private;
-
-static bool_t svcraw_recv();
-static enum xprt_stat svcraw_stat();
-static bool_t svcraw_getargs();
-static bool_t svcraw_reply();
-static bool_t svcraw_freeargs();
-static void svcraw_destroy();
-
-static struct xp_ops server_ops = {
- svcraw_recv,
- svcraw_stat,
- svcraw_getargs,
- svcraw_reply,
- svcraw_freeargs,
- svcraw_destroy
-};
-
-SVCXPRT *
-svcraw_create()
-{
- register struct svcraw_private *srp = svcraw_private;
-
- if (srp == 0) {
- srp = (struct svcraw_private *)calloc(1, sizeof (*srp));
- if (srp == 0)
- return (0);
- }
- srp->server.xp_sock = 0;
- srp->server.xp_port = 0;
- srp->server.xp_ops = &server_ops;
- srp->server.xp_verf.oa_base = srp->verf_body;
- xdrmem_create(&srp->xdr_stream, srp->_raw_buf, UDPMSGSIZE, XDR_FREE);
- return (&srp->server);
-}
-
-static enum xprt_stat
-svcraw_stat()
-{
-
- return (XPRT_IDLE);
-}
-
-/* ARGSUSED */
-static bool_t
-svcraw_recv(xprt, msg)
- SVCXPRT *xprt;
- struct rpc_msg *msg;
-{
- register struct svcraw_private *srp = svcraw_private;
- register XDR *xdrs;
-
- if (srp == 0)
- return (0);
- xdrs = &srp->xdr_stream;
- xdrs->x_op = XDR_DECODE;
- XDR_SETPOS(xdrs, 0);
- if (! xdr_callmsg(xdrs, msg))
- return (FALSE);
- return (TRUE);
-}
-
-/* ARGSUSED */
-static bool_t
-svcraw_reply(xprt, msg)
- SVCXPRT *xprt;
- struct rpc_msg *msg;
-{
- register struct svcraw_private *srp = svcraw_private;
- register XDR *xdrs;
-
- if (srp == 0)
- return (FALSE);
- xdrs = &srp->xdr_stream;
- xdrs->x_op = XDR_ENCODE;
- XDR_SETPOS(xdrs, 0);
- if (! xdr_replymsg(xdrs, msg))
- return (FALSE);
- (void)XDR_GETPOS(xdrs); /* called just for overhead */
- return (TRUE);
-}
-
-/* ARGSUSED */
-static bool_t
-svcraw_getargs(xprt, xdr_args, args_ptr)
- SVCXPRT *xprt;
- xdrproc_t xdr_args;
- caddr_t args_ptr;
-{
- register struct svcraw_private *srp = svcraw_private;
-
- if (srp == 0)
- return (FALSE);
- return ((*xdr_args)(&srp->xdr_stream, args_ptr));
-}
-
-/* ARGSUSED */
-static bool_t
-svcraw_freeargs(xprt, xdr_args, args_ptr)
- SVCXPRT *xprt;
- xdrproc_t xdr_args;
- caddr_t args_ptr;
-{
- register struct svcraw_private *srp = svcraw_private;
- register XDR *xdrs;
-
- if (srp == 0)
- return (FALSE);
- xdrs = &srp->xdr_stream;
- xdrs->x_op = XDR_FREE;
- return ((*xdr_args)(xdrs, args_ptr));
-}
-
-static void
-svcraw_destroy()
-{
-}
+++ /dev/null
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: svc_run.c,v 1.10 1998/03/19 00:27:24 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * This is the rpc server side idle loop
- * Wait for input, call server program.
- */
-#include <rpc/rpc.h>
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-extern int __svc_fdsetsize;
-extern fd_set *__svc_fdset;
-
-void svc_getreqset2 __P((fd_set *, int));
-
-void
-svc_run()
-{
- fd_set *fds;
-
- for (;;) {
- if (__svc_fdset) {
- int bytes = howmany(__svc_fdsetsize, NFDBITS) *
- sizeof(fd_mask);
- fds = (fd_set *)malloc(bytes);
- memcpy(fds, __svc_fdset, bytes);
- } else
- fds = NULL;
- switch (select(svc_maxfd+1, fds, 0, 0, (struct timeval *)0)) {
- case -1:
- if (errno == EINTR) {
- if (fds)
- free(fds);
- continue;
- }
- perror("svc_run: - select failed");
- if (fds)
- free(fds);
- return;
- case 0:
- if (fds)
- free(fds);
- continue;
- default:
- svc_getreqset2(fds, svc_maxfd+1);
- free(fds);
- }
- }
-}
+++ /dev/null
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: svc_simple.c,v 1.6 1998/11/22 07:38:25 deraadt Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * svc_simple.c
- * Simplified front end to rpc.
- *
- * Copyright (C) 1984, Sun Microsystems, Inc.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <rpc/rpc.h>
-#include <rpc/pmap_clnt.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-static struct proglst {
- char *(*p_progname)();
- int p_prognum;
- int p_procnum;
- xdrproc_t p_inproc, p_outproc;
- struct proglst *p_nxt;
-} *proglst;
-static void universal();
-static SVCXPRT *transp;
-struct proglst *pl;
-
-int
-registerrpc(prognum, versnum, procnum, progname, inproc, outproc)
- int prognum, versnum, procnum;
- char *(*progname)();
- xdrproc_t inproc, outproc;
-{
-
- if (procnum == NULLPROC) {
- (void) fprintf(stderr,
- "can't reassign procedure number %u\n", NULLPROC);
- return (-1);
- }
- if (transp == 0) {
- transp = svcudp_create(RPC_ANYSOCK);
- if (transp == NULL) {
- (void) fprintf(stderr, "couldn't create an rpc server\n");
- return (-1);
- }
- }
- (void) pmap_unset((u_long)prognum, (u_long)versnum);
- if (!svc_register(transp, (u_long)prognum, (u_long)versnum,
- universal, IPPROTO_UDP)) {
- (void) fprintf(stderr, "couldn't register prog %d vers %d\n",
- prognum, versnum);
- return (-1);
- }
- pl = (struct proglst *)malloc(sizeof(struct proglst));
- if (pl == NULL) {
- (void) fprintf(stderr, "registerrpc: out of memory\n");
- return (-1);
- }
- pl->p_progname = progname;
- pl->p_prognum = prognum;
- pl->p_procnum = procnum;
- pl->p_inproc = inproc;
- pl->p_outproc = outproc;
- pl->p_nxt = proglst;
- proglst = pl;
- return (0);
-}
-
-static void
-universal(rqstp, transp)
- struct svc_req *rqstp;
- SVCXPRT *transp;
-{
- int prog, proc;
- char *outdata;
- char xdrbuf[UDPMSGSIZE];
- struct proglst *pl;
-
- /*
- * enforce "procnum 0 is echo" convention
- */
- if (rqstp->rq_proc == NULLPROC) {
- if (svc_sendreply(transp, xdr_void, NULL) == FALSE) {
- (void) fprintf(stderr, "xxx\n");
- exit(1);
- }
- return;
- }
- prog = rqstp->rq_prog;
- proc = rqstp->rq_proc;
- for (pl = proglst; pl != NULL; pl = pl->p_nxt)
- if (pl->p_prognum == prog && pl->p_procnum == proc) {
- /* decode arguments into a CLEAN buffer */
- memset(xdrbuf, 0, sizeof(xdrbuf)); /* required ! */
- if (!svc_getargs(transp, pl->p_inproc, xdrbuf)) {
- svcerr_decode(transp);
- return;
- }
- outdata = (*(pl->p_progname))(xdrbuf);
- if (outdata == NULL &&
- pl->p_outproc != xdr_void)
- /* there was an error */
- return;
- if (!svc_sendreply(transp, pl->p_outproc, outdata)) {
- (void) fprintf(stderr,
- "trouble replying to prog %d\n",
- pl->p_prognum);
- exit(1);
- }
- /* free the decoded arguments */
- (void)svc_freeargs(transp, pl->p_inproc, xdrbuf);
- return;
- }
- (void) fprintf(stderr, "never registered prog %d\n", prog);
- exit(1);
-}
-
+++ /dev/null
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: svc_tcp.c,v 1.18 1998/05/22 04:23:01 deraadt Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * svc_tcp.c, Server side for TCP/IP based RPC.
- *
- * Copyright (C) 1984, Sun Microsystems, Inc.
- *
- * Actually implements two flavors of transporter -
- * a tcp rendezvouser (a listner and connection establisher)
- * and a record/tcp stream.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <rpc/rpc.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <errno.h>
-
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#ifndef __linux__
-#include <netinet/ip_var.h>
-#endif
-
-/*
- * Ops vector for TCP/IP based rpc service handle
- */
-static bool_t svctcp_recv();
-static enum xprt_stat svctcp_stat();
-static bool_t svctcp_getargs();
-static bool_t svctcp_reply();
-static bool_t svctcp_freeargs();
-static void svctcp_destroy();
-
-static struct xp_ops svctcp_op = {
- svctcp_recv,
- svctcp_stat,
- svctcp_getargs,
- svctcp_reply,
- svctcp_freeargs,
- svctcp_destroy
-};
-
-/*
- * Ops vector for TCP/IP rendezvous handler
- */
-static bool_t rendezvous_request();
-static enum xprt_stat rendezvous_stat();
-
-static struct xp_ops svctcp_rendezvous_op = {
- rendezvous_request,
- rendezvous_stat,
- (bool_t (*)())abort,
- (bool_t (*)())abort,
- (bool_t (*)())abort,
- svctcp_destroy
-};
-
-static int readtcp(), writetcp();
-static SVCXPRT *makefd_xprt();
-
-struct tcp_rendezvous { /* kept in xprt->xp_p1 */
- u_int sendsize;
- u_int recvsize;
-};
-
-struct tcp_conn { /* kept in xprt->xp_p1 */
- enum xprt_stat strm_stat;
- u_long x_id;
- XDR xdrs;
- char verf_body[MAX_AUTH_BYTES];
-};
-
-/*
- * Usage:
- * xprt = svctcp_create(sock, send_buf_size, recv_buf_size);
- *
- * Creates, registers, and returns a (rpc) tcp based transporter.
- * Once *xprt is initialized, it is registered as a transporter
- * see (svc.h, xprt_register). This routine returns
- * a NULL if a problem occurred.
- *
- * If sock<0 then a socket is created, else sock is used.
- * If the socket, sock is not bound to a port then svctcp_create
- * binds it to an arbitrary port. The routine then starts a tcp
- * listener on the socket's associated port. In any (successful) case,
- * xprt->xp_sock is the registered socket number and xprt->xp_port is the
- * associated port number.
- *
- * Since tcp streams do buffered io similar to stdio, the caller can specify
- * how big the send and receive buffers are via the second and third parms;
- * 0 => use the system default.
- */
-SVCXPRT *
-svctcp_create(sock, sendsize, recvsize)
- register int sock;
- u_int sendsize;
- u_int recvsize;
-{
- bool_t madesock = FALSE;
- register SVCXPRT *xprt;
- register struct tcp_rendezvous *r;
- struct sockaddr_in addr;
- int len = sizeof(struct sockaddr_in);
-
- if (sock == RPC_ANYSOCK) {
- if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
- perror("svctcp_.c - udp socket creation problem");
- return ((SVCXPRT *)NULL);
- }
- madesock = TRUE;
- }
- memset(&addr, 0, sizeof (addr));
-#ifndef __linux__
- addr.sin_len = sizeof(struct sockaddr_in);
-#endif
- addr.sin_family = AF_INET;
- if (bindresvport(sock, &addr)) {
- addr.sin_port = 0;
- (void)bind(sock, (struct sockaddr *)&addr, len);
- }
- if ((getsockname(sock, (struct sockaddr *)&addr, &len) != 0) ||
- (listen(sock, 2) != 0)) {
- perror("svctcp_.c - cannot getsockname or listen");
- if (madesock)
- (void)close(sock);
- return ((SVCXPRT *)NULL);
- }
- r = (struct tcp_rendezvous *)mem_alloc(sizeof(*r));
- if (r == NULL) {
- (void)fprintf(stderr, "svctcp_create: out of memory\n");
- if (madesock)
- (void)close(sock);
- return (NULL);
- }
- r->sendsize = sendsize;
- r->recvsize = recvsize;
- xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
- if (xprt == NULL) {
- (void)fprintf(stderr, "svctcp_create: out of memory\n");
- if (madesock)
- (void)close(sock);
- free(r);
- return (NULL);
- }
- xprt->xp_p2 = NULL;
- xprt->xp_p1 = (caddr_t)r;
- xprt->xp_auth = NULL;
- xprt->xp_verf = _null_auth;
- xprt->xp_ops = &svctcp_rendezvous_op;
- xprt->xp_port = ntohs(addr.sin_port);
- xprt->xp_sock = sock;
- xprt_register(xprt);
- return (xprt);
-}
-
-/*
- * Like svtcp_create(), except the routine takes any *open* UNIX file
- * descriptor as its first input.
- */
-SVCXPRT *
-svcfd_create(fd, sendsize, recvsize)
- int fd;
- u_int sendsize;
- u_int recvsize;
-{
-
- return (makefd_xprt(fd, sendsize, recvsize));
-}
-
-static SVCXPRT *
-makefd_xprt(fd, sendsize, recvsize)
- int fd;
- u_int sendsize;
- u_int recvsize;
-{
- register SVCXPRT *xprt;
- register struct tcp_conn *cd;
-
- xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
- if (xprt == (SVCXPRT *)NULL) {
- (void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
- goto done;
- }
- cd = (struct tcp_conn *)mem_alloc(sizeof(struct tcp_conn));
- if (cd == (struct tcp_conn *)NULL) {
- (void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
- mem_free((char *) xprt, sizeof(SVCXPRT));
- xprt = (SVCXPRT *)NULL;
- goto done;
- }
- cd->strm_stat = XPRT_IDLE;
- xdrrec_create(&(cd->xdrs), sendsize, recvsize,
- (caddr_t)xprt, readtcp, writetcp);
- xprt->xp_p2 = NULL;
- xprt->xp_p1 = (caddr_t)cd;
- xprt->xp_auth = NULL;
- xprt->xp_verf.oa_base = cd->verf_body;
- xprt->xp_addrlen = 0;
- xprt->xp_ops = &svctcp_op; /* truely deals with calls */
- xprt->xp_port = 0; /* this is a connection, not a rendezvouser */
- xprt->xp_sock = fd;
- xprt_register(xprt);
- done:
- return (xprt);
-}
-
-static bool_t
-rendezvous_request(xprt)
- register SVCXPRT *xprt;
-{
- int sock;
- struct tcp_rendezvous *r;
- struct sockaddr_in addr;
- int len;
-
- r = (struct tcp_rendezvous *)xprt->xp_p1;
- again:
- len = sizeof(struct sockaddr_in);
- if ((sock = accept(xprt->xp_sock, (struct sockaddr *)&addr,
- &len)) < 0) {
- if (errno == EINTR)
- goto again;
- return (FALSE);
- }
-
-#ifdef IP_OPTIONS
- {
-#ifdef __linux__
-#define ipopt_list ip_opts
- struct ip_opts opts;
-#else
- struct ipoption opts;
-#endif
- int optsize = sizeof(opts), i;
-
- if (!getsockopt(sock, IPPROTO_IP, IP_OPTIONS, (char *)&opts,
- &optsize) && optsize != 0) {
- for (i = 0; (char *)&opts.ipopt_list[i] - (char *)&opts <
- optsize; ) {
- u_char c = (u_char)opts.ipopt_list[i];
- if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
- close(sock);
- return (FALSE);
- }
- if (c == IPOPT_EOL)
- break;
- i += (c == IPOPT_NOP) ? 1 :
- (u_char)opts.ipopt_list[i+1];
- }
- }
- }
-#endif
-
- /*
- * XXX careful for ftp bounce attacks. If discovered, close the
- * socket and look for another connection.
- */
- if (addr.sin_port == htons(20)) {
- close(sock);
- return (FALSE);
- }
-
- /*
- * make a new transporter (re-uses xprt)
- */
- xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
- xprt->xp_raddr = addr;
- xprt->xp_addrlen = len;
- return (FALSE); /* there is never an rpc msg to be processed */
-}
-
-static enum xprt_stat
-rendezvous_stat()
-{
-
- return (XPRT_IDLE);
-}
-
-static void
-svctcp_destroy(xprt)
- register SVCXPRT *xprt;
-{
- register struct tcp_conn *cd = (struct tcp_conn *)xprt->xp_p1;
-
- xprt_unregister(xprt);
- if (xprt->xp_sock != -1)
- (void)close(xprt->xp_sock);
- xprt->xp_sock = -1;
- if (xprt->xp_port != 0) {
- /* a rendezvouser socket */
- xprt->xp_port = 0;
- } else {
- /* an actual connection socket */
- XDR_DESTROY(&(cd->xdrs));
- }
- if (xprt->xp_auth != NULL) {
- SVCAUTH_DESTROY(xprt->xp_auth);
- xprt->xp_auth = NULL;
- }
- mem_free((caddr_t)cd, sizeof(struct tcp_conn));
- mem_free((caddr_t)xprt, sizeof(SVCXPRT));
-}
-
-/*
- * All read operations timeout after 35 seconds.
- * A timeout is fatal for the connection.
- */
-static struct timeval wait_per_try = { 35, 0 };
-
-/*
- * reads data from the tcp conection.
- * any error is fatal and the connection is closed.
- * (And a read of zero bytes is a half closed stream => error.)
- */
-static int
-readtcp(xprt, buf, len)
- register SVCXPRT *xprt;
- caddr_t buf;
- register int len;
-{
- register int sock = xprt->xp_sock;
- struct timeval start, delta;
- struct timeval tmp1, tmp2;
- fd_set *fds = NULL;
- int prevbytes = 0, bytes;
- extern int __svc_fdsetsize;
- extern fd_set *__svc_fdset;
-
- delta = wait_per_try;
- gettimeofday(&start, NULL);
- do {
- bytes = howmany(__svc_fdsetsize, NFDBITS) * sizeof(fd_mask);
- if (bytes != prevbytes) {
- if (fds)
- free(fds);
- fds = (fd_set *)malloc(bytes);
- prevbytes = bytes;
- }
- if (fds == NULL)
- goto fatal_err;
- memcpy(fds, __svc_fdset, bytes);
-
- FD_SET(sock, fds);
- switch (select(svc_maxfd+1, fds, NULL, NULL, &delta)) {
- case -1:
- if (errno != EINTR)
- goto fatal_err;
- gettimeofday(&tmp1, NULL);
- timersub(&tmp1, &start, &tmp2);
- timersub(&wait_per_try, &tmp2, &tmp1);
- if (tmp1.tv_sec < 0 || !timerisset(&tmp1))
- goto fatal_err;
- delta = tmp1;
- continue;
- case 0:
- goto fatal_err;
- default:
- if (!FD_ISSET(sock, fds)) {
- svc_getreqset2(fds, svc_maxfd+1);
- gettimeofday(&tmp1, NULL);
- timersub(&tmp1, &start, &tmp2);
- timersub(&wait_per_try, &tmp2, &tmp1);
- if (tmp1.tv_sec < 0 || !timerisset(&tmp1))
- goto fatal_err;
- delta = tmp1;
- continue;
- }
- }
- } while (!FD_ISSET(sock, fds));
- if ((len = read(sock, buf, len)) > 0) {
- if (fds)
- free(fds);
- return (len);
- }
-fatal_err:
- ((struct tcp_conn *)(xprt->xp_p1))->strm_stat = XPRT_DIED;
- if (fds)
- free(fds);
- return (-1);
-}
-
-/*
- * writes data to the tcp connection.
- * Any error is fatal and the connection is closed.
- */
-static int
-writetcp(xprt, buf, len)
- register SVCXPRT *xprt;
- caddr_t buf;
- int len;
-{
- register int i, cnt;
-
- for (cnt = len; cnt > 0; cnt -= i, buf += i) {
- if ((i = write(xprt->xp_sock, buf, cnt)) < 0) {
- ((struct tcp_conn *)(xprt->xp_p1))->strm_stat =
- XPRT_DIED;
- return (-1);
- }
- }
- return (len);
-}
-
-static enum xprt_stat
-svctcp_stat(xprt)
- SVCXPRT *xprt;
-{
- register struct tcp_conn *cd =
- (struct tcp_conn *)(xprt->xp_p1);
-
- if (cd->strm_stat == XPRT_DIED)
- return (XPRT_DIED);
- if (! xdrrec_eof(&(cd->xdrs)))
- return (XPRT_MOREREQS);
- return (XPRT_IDLE);
-}
-
-static bool_t
-svctcp_recv(xprt, msg)
- SVCXPRT *xprt;
- register struct rpc_msg *msg;
-{
- register struct tcp_conn *cd =
- (struct tcp_conn *)(xprt->xp_p1);
- register XDR *xdrs = &(cd->xdrs);
-
- xdrs->x_op = XDR_DECODE;
- (void)xdrrec_skiprecord(xdrs);
- if (xdr_callmsg(xdrs, msg)) {
- cd->x_id = msg->rm_xid;
- return (TRUE);
- }
- cd->strm_stat = XPRT_DIED; /* XXX */
- return (FALSE);
-}
-
-static bool_t
-svctcp_getargs(xprt, xdr_args, args_ptr)
- SVCXPRT *xprt;
- xdrproc_t xdr_args;
- caddr_t args_ptr;
-{
- return (SVCAUTH_UNWRAP(xprt->xp_auth,
- &(((struct tcp_conn *)(xprt->xp_p1))->xdrs),
- xdr_args, args_ptr));
-}
-
-static bool_t
-svctcp_freeargs(xprt, xdr_args, args_ptr)
- SVCXPRT *xprt;
- xdrproc_t xdr_args;
- caddr_t args_ptr;
-{
- register XDR *xdrs =
- &(((struct tcp_conn *)(xprt->xp_p1))->xdrs);
-
- xdrs->x_op = XDR_FREE;
- return ((*xdr_args)(xdrs, args_ptr));
-}
-
-static bool_t
-svctcp_reply(xprt, msg)
- SVCXPRT *xprt;
- register struct rpc_msg *msg;
-{
- register struct tcp_conn *cd =
- (struct tcp_conn *)(xprt->xp_p1);
- register XDR *xdrs = &(cd->xdrs);
- xdrproc_t xdr_proc;
- caddr_t xdr_where;
-
- xdrs->x_op = XDR_ENCODE;
- msg->rm_xid = cd->x_id;
-
- if (msg->rm_reply.rp_stat == MSG_ACCEPTED &&
- msg->rm_reply.rp_acpt.ar_stat == SUCCESS) {
- xdr_proc = msg->acpted_rply.ar_results.proc;
- xdr_where = msg->acpted_rply.ar_results.where;
- msg->acpted_rply.ar_results.proc = xdr_void;
- msg->acpted_rply.ar_results.where = NULL;
-
- if (!xdr_replymsg(xdrs, msg) ||
- !SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_proc, xdr_where))
- return (FALSE);
- }
- else if (!xdr_replymsg(xdrs, msg)) {
- return (FALSE);
- }
- (void)xdrrec_endofrecord(xdrs, TRUE);
-
- return (TRUE);
-}
+++ /dev/null
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: svc_udp.c,v 1.8 1998/03/19 00:27:26 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * svc_udp.c,
- * Server side for UDP/IP based RPC. (Does some caching in the hopes of
- * achieving execute-at-most-once semantics.)
- *
- * Copyright (C) 1984, Sun Microsystems, Inc.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <rpc/rpc.h>
-#include <sys/socket.h>
-#include <errno.h>
-#include <unistd.h>
-
-
-#define rpc_buffer(xprt) ((xprt)->xp_p1)
-#ifndef MAX
-#define MAX(a, b) ((a > b) ? a : b)
-#endif
-
-static bool_t svcudp_recv();
-static bool_t svcudp_reply();
-static enum xprt_stat svcudp_stat();
-static bool_t svcudp_getargs();
-static bool_t svcudp_freeargs();
-static void svcudp_destroy();
-static void cache_set __P((SVCXPRT *, u_long));
-static int cache_get __P((SVCXPRT *, struct rpc_msg *, char **, u_long *));
-
-static struct xp_ops svcudp_op = {
- svcudp_recv,
- svcudp_stat,
- svcudp_getargs,
- svcudp_reply,
- svcudp_freeargs,
- svcudp_destroy
-};
-
-/*
- * kept in xprt->xp_p2
- */
-struct svcudp_data {
- u_int su_iosz; /* byte size of send.recv buffer */
- u_long su_xid; /* transaction id */
- XDR su_xdrs; /* XDR handle */
- char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */
- char * su_cache; /* cached data, NULL if no cache */
-};
-#define su_data(xprt) ((struct svcudp_data *)(xprt->xp_p2))
-
-/*
- * Usage:
- * xprt = svcudp_create(sock);
- *
- * If sock<0 then a socket is created, else sock is used.
- * If the socket, sock is not bound to a port then svcudp_create
- * binds it to an arbitrary port. In any (successful) case,
- * xprt->xp_sock is the registered socket number and xprt->xp_port is the
- * associated port number.
- * Once *xprt is initialized, it is registered as a transporter;
- * see (svc.h, xprt_register).
- * The routines returns NULL if a problem occurred.
- */
-SVCXPRT *
-svcudp_bufcreate(sock, sendsz, recvsz)
- register int sock;
- u_int sendsz, recvsz;
-{
- bool_t madesock = FALSE;
- register SVCXPRT *xprt;
- register struct svcudp_data *su;
- struct sockaddr_in addr;
- int len = sizeof(struct sockaddr_in);
-
- if (sock == RPC_ANYSOCK) {
- if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
- perror("svcudp_create: socket creation problem");
- return ((SVCXPRT *)NULL);
- }
- madesock = TRUE;
- }
- memset(&addr, 0, sizeof (addr));
-#ifndef __linux__
- addr.sin_len = sizeof(struct sockaddr_in);
-#endif
- addr.sin_family = AF_INET;
- if (bindresvport(sock, &addr)) {
- addr.sin_port = 0;
- (void)bind(sock, (struct sockaddr *)&addr, len);
- }
- if (getsockname(sock, (struct sockaddr *)&addr, &len) != 0) {
- perror("svcudp_create - cannot getsockname");
- if (madesock)
- (void)close(sock);
- return ((SVCXPRT *)NULL);
- }
- xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
- if (xprt == NULL) {
- (void)fprintf(stderr, "svcudp_create: out of memory\n");
- if (madesock)
- (void)close(sock);
- return (NULL);
- }
- su = (struct svcudp_data *)mem_alloc(sizeof(*su));
- if (su == NULL) {
- (void)fprintf(stderr, "svcudp_create: out of memory\n");
- if (madesock)
- (void)close(sock);
- free(xprt);
- return (NULL);
- }
- su->su_iosz = ((MAX(sendsz, recvsz) + 3) / 4) * 4;
- if ((rpc_buffer(xprt) = mem_alloc(su->su_iosz)) == NULL) {
- (void)fprintf(stderr, "svcudp_create: out of memory\n");
- if (madesock)
- (void)close(sock);
- free(xprt);
- free(su);
- return (NULL);
- }
- xdrmem_create(
- &(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_DECODE);
- su->su_cache = NULL;
- xprt->xp_p2 = (caddr_t)su;
- xprt->xp_auth = NULL;
- xprt->xp_verf.oa_base = su->su_verfbody;
- xprt->xp_ops = &svcudp_op;
- xprt->xp_port = ntohs(addr.sin_port);
- xprt->xp_sock = sock;
- xprt_register(xprt);
- return (xprt);
-}
-
-SVCXPRT *
-svcudp_create(sock)
- int sock;
-{
-
- return(svcudp_bufcreate(sock, UDPMSGSIZE, UDPMSGSIZE));
-}
-
-/* ARGSUSED */
-static enum xprt_stat
-svcudp_stat(xprt)
- SVCXPRT *xprt;
-{
-
- return (XPRT_IDLE);
-}
-
-static bool_t
-svcudp_recv(xprt, msg)
- register SVCXPRT *xprt;
- struct rpc_msg *msg;
-{
- register struct svcudp_data *su = su_data(xprt);
- register XDR *xdrs = &(su->su_xdrs);
- register int rlen;
- char *reply;
- u_long replylen;
-
- again:
- xprt->xp_addrlen = sizeof(struct sockaddr_in);
- rlen = recvfrom(xprt->xp_sock, rpc_buffer(xprt), (int) su->su_iosz,
- 0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen));
- if (rlen == -1 && errno == EINTR)
- goto again;
- if (rlen == -1 || rlen < 4*sizeof(u_int32_t))
- return (FALSE);
- xdrs->x_op = XDR_DECODE;
- XDR_SETPOS(xdrs, 0);
- if (! xdr_callmsg(xdrs, msg))
- return (FALSE);
- su->su_xid = msg->rm_xid;
- if (su->su_cache != NULL) {
- if (cache_get(xprt, msg, &reply, &replylen)) {
- (void) sendto(xprt->xp_sock, reply, (int) replylen, 0,
- (struct sockaddr *) &xprt->xp_raddr, xprt->xp_addrlen);
- return (TRUE);
- }
- }
- return (TRUE);
-}
-
-static bool_t
-svcudp_reply(xprt, msg)
- register SVCXPRT *xprt;
- struct rpc_msg *msg;
-{
- register struct svcudp_data *su = su_data(xprt);
- register XDR *xdrs = &(su->su_xdrs);
- register int slen;
- xdrproc_t xdr_proc;
- caddr_t xdr_where;
-
- xdrs->x_op = XDR_ENCODE;
- XDR_SETPOS(xdrs, 0);
- msg->rm_xid = su->su_xid;
-
- if (msg->rm_reply.rp_stat == MSG_ACCEPTED &&
- msg->rm_reply.rp_acpt.ar_stat == SUCCESS) {
- xdr_proc = msg->acpted_rply.ar_results.proc;
- xdr_where = msg->acpted_rply.ar_results.where;
- msg->acpted_rply.ar_results.proc = xdr_void;
- msg->acpted_rply.ar_results.where = NULL;
-
- if (!xdr_replymsg(xdrs, msg) ||
- !SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_proc, xdr_where))
- return (FALSE);
- }
- else if (!xdr_replymsg(xdrs, msg)) {
- return (FALSE);
- }
- slen = (int)XDR_GETPOS(xdrs);
-
- if (sendto(xprt->xp_sock, rpc_buffer(xprt), slen, 0,
- (struct sockaddr *)&(xprt->xp_raddr), xprt->xp_addrlen)
- != slen) {
- return (FALSE);
- }
- if (su->su_cache && slen >= 0)
- cache_set(xprt, (u_long) slen);
-
- return (TRUE);
-}
-
-static bool_t
-svcudp_getargs(xprt, xdr_args, args_ptr)
- SVCXPRT *xprt;
- xdrproc_t xdr_args;
- caddr_t args_ptr;
-{
- return (SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs),
- xdr_args, args_ptr));
-}
-
-static bool_t
-svcudp_freeargs(xprt, xdr_args, args_ptr)
- SVCXPRT *xprt;
- xdrproc_t xdr_args;
- caddr_t args_ptr;
-{
- register XDR *xdrs = &(su_data(xprt)->su_xdrs);
-
- xdrs->x_op = XDR_FREE;
- return ((*xdr_args)(xdrs, args_ptr));
-}
-
-static void
-svcudp_destroy(xprt)
- register SVCXPRT *xprt;
-{
- register struct svcudp_data *su = su_data(xprt);
-
- xprt_unregister(xprt);
- if (xprt->xp_sock != -1)
- (void)close(xprt->xp_sock);
- xprt->xp_sock = -1;
- if (xprt->xp_auth != NULL) {
- SVCAUTH_DESTROY(xprt->xp_auth);
- xprt->xp_auth = NULL;
- }
- XDR_DESTROY(&(su->su_xdrs));
- mem_free(rpc_buffer(xprt), su->su_iosz);
- mem_free((caddr_t)su, sizeof(struct svcudp_data));
- mem_free((caddr_t)xprt, sizeof(SVCXPRT));
-}
-
-
-/***********this could be a separate file*********************/
-
-/*
- * Fifo cache for udp server
- * Copies pointers to reply buffers into fifo cache
- * Buffers are sent again if retransmissions are detected.
- */
-
-#define SPARSENESS 4 /* 75% sparse */
-
-#define CACHE_PERROR(msg) \
- (void) fprintf(stderr,"%s\n", msg)
-
-#define ALLOC(type, size) \
- (type *) mem_alloc((unsigned) (sizeof(type) * (size)))
-
-#define BZERO(addr, type, size) \
- memset((char *) addr, 0, sizeof(type) * (int) (size))
-
-/*
- * An entry in the cache
- */
-typedef struct cache_node *cache_ptr;
-struct cache_node {
- /*
- * Index into cache is xid, proc, vers, prog and address
- */
- u_long cache_xid;
- u_long cache_proc;
- u_long cache_vers;
- u_long cache_prog;
- struct sockaddr_in cache_addr;
- /*
- * The cached reply and length
- */
- char * cache_reply;
- u_long cache_replylen;
- /*
- * Next node on the list, if there is a collision
- */
- cache_ptr cache_next;
-};
-
-
-
-/*
- * The entire cache
- */
-struct udp_cache {
- u_long uc_size; /* size of cache */
- cache_ptr *uc_entries; /* hash table of entries in cache */
- cache_ptr *uc_fifo; /* fifo list of entries in cache */
- u_long uc_nextvictim; /* points to next victim in fifo list */
- u_long uc_prog; /* saved program number */
- u_long uc_vers; /* saved version number */
- u_long uc_proc; /* saved procedure number */
- struct sockaddr_in uc_addr; /* saved caller's address */
-};
-
-
-/*
- * the hashing function
- */
-#define CACHE_LOC(transp, xid) \
- (xid % (SPARSENESS*((struct udp_cache *) su_data(transp)->su_cache)->uc_size))
-
-
-/*
- * Enable use of the cache.
- * Note: there is no disable.
- */
-int
-svcudp_enablecache(transp, size)
- SVCXPRT *transp;
- u_long size;
-{
- struct svcudp_data *su = su_data(transp);
- struct udp_cache *uc;
-
- if (su->su_cache != NULL) {
- CACHE_PERROR("enablecache: cache already enabled");
- return(0);
- }
- uc = ALLOC(struct udp_cache, 1);
- if (uc == NULL) {
- CACHE_PERROR("enablecache: could not allocate cache");
- return(0);
- }
- uc->uc_size = size;
- uc->uc_nextvictim = 0;
- uc->uc_entries = ALLOC(cache_ptr, size * SPARSENESS);
- if (uc->uc_entries == NULL) {
- CACHE_PERROR("enablecache: could not allocate cache data");
- return(0);
- }
- BZERO(uc->uc_entries, cache_ptr, size * SPARSENESS);
- uc->uc_fifo = ALLOC(cache_ptr, size);
- if (uc->uc_fifo == NULL) {
- CACHE_PERROR("enablecache: could not allocate cache fifo");
- return(0);
- }
- BZERO(uc->uc_fifo, cache_ptr, size);
- su->su_cache = (char *) uc;
- return(1);
-}
-
-
-/*
- * Set an entry in the cache
- */
-static void
-cache_set(xprt, replylen)
- SVCXPRT *xprt;
- u_long replylen;
-{
- register cache_ptr victim;
- register cache_ptr *vicp;
- register struct svcudp_data *su = su_data(xprt);
- struct udp_cache *uc = (struct udp_cache *) su->su_cache;
- u_int loc;
- char *newbuf;
-
- /*
- * Find space for the new entry, either by
- * reusing an old entry, or by mallocing a new one
- */
- victim = uc->uc_fifo[uc->uc_nextvictim];
- if (victim != NULL) {
- loc = CACHE_LOC(xprt, victim->cache_xid);
- for (vicp = &uc->uc_entries[loc];
- *vicp != NULL && *vicp != victim;
- vicp = &(*vicp)->cache_next)
- ;
- if (*vicp == NULL) {
- CACHE_PERROR("cache_set: victim not found");
- return;
- }
- *vicp = victim->cache_next; /* remote from cache */
- newbuf = victim->cache_reply;
- } else {
- victim = ALLOC(struct cache_node, 1);
- if (victim == NULL) {
- CACHE_PERROR("cache_set: victim alloc failed");
- return;
- }
- newbuf = mem_alloc(su->su_iosz);
- if (newbuf == NULL) {
- CACHE_PERROR("cache_set: could not allocate new rpc_buffer");
- return;
- }
- }
-
- /*
- * Store it away
- */
- victim->cache_replylen = replylen;
- victim->cache_reply = rpc_buffer(xprt);
- rpc_buffer(xprt) = newbuf;
- xdrmem_create(&(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_ENCODE);
- victim->cache_xid = su->su_xid;
- victim->cache_proc = uc->uc_proc;
- victim->cache_vers = uc->uc_vers;
- victim->cache_prog = uc->uc_prog;
- victim->cache_addr = uc->uc_addr;
- loc = CACHE_LOC(xprt, victim->cache_xid);
- victim->cache_next = uc->uc_entries[loc];
- uc->uc_entries[loc] = victim;
- uc->uc_fifo[uc->uc_nextvictim++] = victim;
- uc->uc_nextvictim %= uc->uc_size;
-}
-
-/*
- * Try to get an entry from the cache
- * return 1 if found, 0 if not found
- */
-static int
-cache_get(xprt, msg, replyp, replylenp)
- SVCXPRT *xprt;
- struct rpc_msg *msg;
- char **replyp;
- u_long *replylenp;
-{
- u_int loc;
- register cache_ptr ent;
- register struct svcudp_data *su = su_data(xprt);
- register struct udp_cache *uc = (struct udp_cache *) su->su_cache;
-
-# define EQADDR(a1, a2) (memcmp(&a1, &a2, sizeof(a1)) == 0)
-
- loc = CACHE_LOC(xprt, su->su_xid);
- for (ent = uc->uc_entries[loc]; ent != NULL; ent = ent->cache_next) {
- if (ent->cache_xid == su->su_xid &&
- ent->cache_proc == uc->uc_proc &&
- ent->cache_vers == uc->uc_vers &&
- ent->cache_prog == uc->uc_prog &&
- EQADDR(ent->cache_addr, uc->uc_addr)) {
- *replyp = ent->cache_reply;
- *replylenp = ent->cache_replylen;
- return(1);
- }
- }
- /*
- * Failed to find entry
- * Remember a few things so we can do a set later
- */
- uc->uc_proc = msg->rm_call.cb_proc;
- uc->uc_vers = msg->rm_call.cb_vers;
- uc->uc_prog = msg->rm_call.cb_prog;
- uc->uc_addr = xprt->xp_raddr;
- return(0);
-}
-
PREFIX = rpc.
OBJS = gssd.o gssd_main_loop.o gssd_proc.o err_util.o gss_util.o \
gss_oids.o context.o context_heimdal.o krb5_util.o
-LIBDEPS = $(TOP)support/lib/librpc.a
-LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpc -lgssapi -ldl $(KRBLIB)
+LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpcsecgss -lgssapi -ldl $(KRBLIB)
MAN8 = gssd
include $(TOP)rules.mk
PREFIX = rpc.
OBJS = svcgssd.o svcgssd_main_loop.o svcgssd_proc.o err_util.o gss_util.o \
gss_oids.o context.o context_heimdal.o cacheio.o svcgssd_mech2file.o
-LIBDEPS = $(TOP)support/lib/librpc.a
-LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpc -lgssapi -ldl $(KRBLIB) -lnfsidmap
+LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpcsecgss -lgssapi -ldl $(KRBLIB) -lnfsidmap
MAN8 = svcgssd
LINKED = err_util.c gss_util.c gss_oids.c context.c context_heimdal.c