From: neilbrown Date: Fri, 26 Aug 2005 02:02:15 +0000 (+0000) Subject: Remove the rpcsec_gss code and rely on an external library instead. X-Git-Tag: nfs-utils-1-0-7-post2^0 X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=commitdiff_plain;h=a1b7c0da9e73a607f4bc70ffe3b44b00f5d39938 Remove the rpcsec_gss code and rely on an external library instead. --- diff --git a/ChangeLog b/ChangeLog index 4a2a933..7f98cdf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2005-08-26 Kevin Coffman + Remove the rpcsec_gss code and rely on an external library instead. + 2005-08-26 Kevin Coffman *utils/mountd/mountd.c: mountd currently always returns AUTH_NULL and AUTH_SYS as the diff --git a/configure.in b/configure.in index 8cd00df..8e239ab 100644 --- a/configure.in +++ b/configure.in @@ -223,6 +223,12 @@ if test "$enable_gss" = yes; then AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!) fi + dnl This is not done until here because we need to have KRBLIB set + dnl "librpcsecgss=1" is so that it doesn't get added to LIBS + AC_CHECK_LIB(rpcsecgss, authgss_create_default, [librpcsecgss=1], [AC_MSG_ERROR(librpcsecgss needed for nfsv4 support)], $KRBLIB) + AC_CHECK_LIB(rpcsecgss, authgss_set_debug_level, + AC_DEFINE(HAVE_AUTHGSS_SET_DEBUG_LEVEL, 1, [Define this if the rpcsec_gss library has the function authgss_set_debug_level]),, $KRBLIB) + AC_SUBST([KRBDIR]) AC_SUBST([KRBLIB]) AC_SUBST([KRBINC]) diff --git a/support/include/config.h.in b/support/include/config.h.in index efda975..73db5a2 100644 --- a/support/include/config.h.in +++ b/support/include/config.h.in @@ -50,6 +50,10 @@ * gss_krb5_cache_name */ #undef HAVE_GSS_KRB5_CCACHE_NAME +/* Define this if the rpcsec_gss library has the function + * authgss_set_debug_level */ +#undef HAVE_AUTHGSS_SET_DEBUG_LEVEL + /* Define this if we want to use the private Kerberos * gssapi library function, gss_krb5_cache_name, to * specify the credentials cache file to be used by diff --git a/support/rpc/DISCLAIMER b/support/rpc/DISCLAIMER deleted file mode 100644 index e5871a2..0000000 --- a/support/rpc/DISCLAIMER +++ /dev/null @@ -1,30 +0,0 @@ -/* $OpenBSD: DISCLAIMER,v 1.2 1996/07/20 06:12:14 deraadt Exp $ */ - -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ diff --git a/support/rpc/Makefile b/support/rpc/Makefile deleted file mode 100644 index 41a4e66..0000000 --- a/support/rpc/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# -# librpc.a -# rpc library with rpcsec_gss -# -TOP = ../../ -LIBNAME = librpc.a -SRCS = auth_gss.c authgss_prot.c svc.c svc_run.c svc_auth.c \ - svc_auth_none.c svc_auth_unix.c svc_auth_gss.c \ - svc_raw.c svc_simple.c svc_tcp.c svc_udp.c \ - rpc_commondata.c -OBJS = $(SRCS:.c=.o) - -include $(TOP)rules.mk - -CFLAGS += -I$(TOP)support/rpc/include -DDEBUG - -install:: - @: diff --git a/support/rpc/README b/support/rpc/README deleted file mode 100644 index eb960e6..0000000 --- a/support/rpc/README +++ /dev/null @@ -1,233 +0,0 @@ -RPCSRC 4.0 7/11/89 - -This distribution contains Sun Microsystem's implementation of the -RPC and XDR protocols and is compatible with 4.2BSD and 4.3BSD. Also -included is complete documentation, utilities, RPC service -specification files, and demonstration services in the format used by -the RPC protocol compiler (rpcgen). See WHAT'S NEW below for -details. - -NOTE ABOUT SECURE RPC: - -This release of RPCSRC contains most of the code needed to implement -Secure RPC (see "DES Authentication" in the RPC Protocol Specification, -doc/rpc.rfc.ms). Due to legal considerations, we are unable to -distribute an implementation of DES, the Data Encryption Standard, which -Secure RPC requires. For this reason, all of the files, documentation, and -programs associated with Secure RPC have been placed into a separate -directory, secure_rpc. The RPC library contained in the main body of this -release *DOES NOT* support Secure RPC. See secure_rpc/README for more -details. (A DES library was posted in Volume 18 of comp.sources.unix.) - -If you wish to report bugs found in this release, send mail to: - -Portable ONC/NFS -Sun Microsystems, Inc -MS 12-33 -2550 Garcia Avenue -Mountain View, CA 94043 - -or send Email to nfsnet@sun.com (the Internet) or sun!nfsnet (Usenet). - -ROADMAP - -The directory hierarchy is as follows: - - demo/ Various demonstration services - demo/dir Remote directory lister - demo/msg Remote console message delivery service - demo/sort Remote sort service - - doc/ Documentation for RPC, XDR and NFS in "-ms" format. - - etc/ Utilities (rpcinfo and portmap). portmap must be - started by root before any other RPC network services are - used. SEE BELOW FOR BUGFIX TO 4.3BSD COMPILER. - - man/ Manual pages for RPC library, rpcgen, and utilities. - - rpc/ The RPC and XDR library. SEE BELOW - FOR BUGFIX TO 4.2BSD COMPILER. - - rpcgen/ The RPC Language compiler (for .x files) - - rpcsvc/ Service definition files for various services and the - server and client code for the Remote Status service. - - secure_rpc/ The files in this directory are used to build a version of - the RPC library with DES Authentication. See the README - file in that directory for more details. - -BUILD INSTRUCTIONS - -Makefiles can be found in all directories except for man. The -Makefile in the top directory will cause these others to be invoked -(except for in the doc, man and demo directories), in turn building the -entire release. - -WARNING! THE DEFAULT INSTALLATION PROCEDURES WILL INSTALL FILES -IN /usr/include, /usr/lib, /usr/bin and /etc. - -The master RPC include file, rpc/rpc.h, is used by all programs and -routines that use RPC. It includes other RPC and system include files -needed by the RPC system. PLEASE NOTE: If your system has NFS, it -may have been based on Sun's NFS Source. The include files installed -by this package may duplicate include files you will find on your NFS -system. The RPCSRC 4.0 include files are upwardly compatible to all -NFS Source include files as of the date of this distribution (not -including any new definitions or declarations added by your system -vendor). HOWEVER: Please read the comments towards the end of -rpc/rpc.h regarding rpc/netdb.h. You may need to uncomment the -inclusion of that file if the structures it defines are already -defined by your system's include files. - -After making any compiler fixes that are needed (see below), at -the top directory, type: - - make install - -For all installations, the Makefile macro DESTDIR is prepended to the -installation path. It is defined to be null in the Makefiles, so -installations are relative to root. (You will probably need root -privileges for installing the files under the default path.) To -install the files under some other tree (e.g., /usr/local), use the -command: - - make install DESTDIR=/usr/local - -This will place the include files in /usr/local/usr/include, the RPC -library in /usr/local/usr/lib, rpcgen in /usr/local/usr/bin, and the -utilities in /usr/local/etc. You'll have to edit the Makefiles or -install the files by hand if you want to do anything other than this -kind of relocation of the installation tree. - -The RPC library will be built and installed first. By default it is -installed in /usr/lib as "librpclib.a". The directory -/usr/include/rpc will also be created, and several header files will -be installed there. ALL RPC SERVICES INCLUDE THESE HEADER FILES. - -The programs in etc/ link in routines from librpclib.a. If you change -where it is installed, be sure to edit etc/'s Makefile to reflect this. -These programs are installed in /etc. PORTMAP MUST BE RUNNING ON -YOUR SYSTEM BEFORE YOU START ANY OTHER RPC SERVICE. - -rpcgen is installed in /usr/bin. This program is required to build -the demonstration services in demo and the rstat client and server in -rpcsvc/. - -The rpcsvc/ directory will install its files in the directory -/usr/include/rpcsvc. The Remote Status service (rstat_svc) will be -compiled and installed in /etc. If you wish to make this service -available, you should either start this service when needed or have -it started at boot time by invoking it in your /etc/rc.local script. -(Be sure that portmap is started first!) Sun has modified its -version of inetd to automatically start RPC services. (Use "make -LIB=" when building rstat on a Sun Workstation.) The Remote Status -client (rstat) will be installed in /usr/bin. This program queries -the rstat_svc on a remote host and prints a system status summary -similar to the one printed by "uptime". - -The documentation is not built during the "make install" command. -Typing "make" in the doc directory will cause all of the manuals to -be formatted using nroff into a single file. We have had a report -that certain "troff" equivalents have trouble processing the full -manual. If you have trouble, try building the manuals individually -(see the Makefile). - -The demonstration services in the demo directory are not built by the -top-level "make install" command. To build these, cd to the demo -directory and enter "make". The three services will be built. -RPCGEN MUST BE INSTALLED in a path that make can find. To run the -services, start the portmap program as root and invoke the service -(you probably will want to put it in the background). rpcinfo can be -used to check that the service succeeded in getting registered with -portmap, and to ping the service (see rpcinfo's man page). You can -then use the corresponding client program to exercise the service. -To build these services on a Sun workstation, you must prevent the -Makefile from trying to link the RPC library (as these routines are -already a part of Sun's libc). Use: "make LIB=". - -BUGFIX FOR 4.3BSD COMPILER - -The use of a 'void *' declaration for one of the arguments in -the reply_proc() procedure in etc/rpcinfo.c will trigger a bug -in the 4.3BSD compiler. The bug is fixed by the following change to -the compiler file mip/manifest.h: - -*** manifest.h.r1.1 Thu Apr 30 13:52:25 1987 ---- manifest.h.r1.2 Mon Nov 23 18:58:17 1987 -*************** -*** 21,27 **** - /* - * Bogus type values - */ -! #define TNULL PTR /* pointer to UNDEF */ - #define TVOID FTN /* function returning UNDEF (for void) */ - - /* ---- 21,27 ---- - /* - * Bogus type values - */ -! #define TNULL INCREF(MOETY) /* pointer to MOETY -- impossible type */ - #define TVOID FTN /* function returning UNDEF (for void) */ - - /* - -If you cannot fix your compiler, change the declaration in reply_proc() -from 'void *' to 'char *'. - -BUGFIX FOR 4.2BSD COMPILER - -Unpatched 4.2BSD compilers complain about valid C. You can make old -compilers happy by changing some voids to ints. However, the fix to -the 4.2 VAX compiler is as follows (to mip/trees.c): - -*** trees.c.r1.1 Mon May 11 13:47:58 1987 ---- trees.c.r1.2 Wed Jul 2 18:28:52 1986 -*************** -*** 1247,1253 **** - if(o==CAST && mt1==0)return(TYPL+TYMATCH); - if( mt12 & MDBI ) return( TYPL+LVAL+TYMATCH ); - else if( (mt1&MENU)||(mt2&MENU) ) return( LVAL+NCVT+TYPL+PTMATCH+PUN ); -! else if( mt12 == 0 ) break; - else if( mt1 & MPTR ) return( LVAL+PTMATCH+PUN ); - else if( mt12 & MPTI ) return( TYPL+LVAL+TYMATCH+PUN ); - break; ---- 1261,1269 ---- - if(o==CAST && mt1==0)return(TYPL+TYMATCH); - if( mt12 & MDBI ) return( TYPL+LVAL+TYMATCH ); - else if( (mt1&MENU)||(mt2&MENU) ) return( LVAL+NCVT+TYPL+PTMATCH+PUN ); -! /* if right is TVOID and looks like a CALL, is not ok */ -! else if (mt2 == 0 && (p->in.right->in.op == CALL || p->in.right->in.op == UNARY CALL)) -! break; - else if( mt1 & MPTR ) return( LVAL+PTMATCH+PUN ); - else if( mt12 & MPTI ) return( TYPL+LVAL+TYMATCH+PUN ); - break; - -WHAT'S NEW IN THIS RELEASE: RPCSRC 4.0 - -The previous release was RPCSRC 3.9. As with all previous releases, -this release is based directly on files from Sun Microsystem's -implementation. - -Upgrade from RPCSRC 3.9 - -1) RPCSRC 4.0 upgrades RPCSRC 3.9. Improvements from SunOS 4.0 have - been integrated into this release. - -Secure RPC (in the secure_rpc/ directory) - -2) DES Authentication routines and programs are provided. -3) A new manual, "Secure NFS" is provided, which describes Secure RPC - and Secure NFS. -4) Skeleton routines and manual pages are provided which describe the - DES encryption procedures required by Secure RPC. HOWEVER, NO DES - ROUTINE IS PROVIDED. - -New Functionality - -5) rpcinfo can now be used to de-register services from the portmapper - which may have terminated abnormally. -6) A new client, rstat, is provided which queries the rstat_svc and - prints a status line similar to the one displayed by "uptime". diff --git a/support/rpc/auth_gss.c b/support/rpc/auth_gss.c deleted file mode 100644 index f41d678..0000000 --- a/support/rpc/auth_gss.c +++ /dev/null @@ -1,628 +0,0 @@ -/* - auth_gss.c - - RPCSEC_GSS client routines. - - Copyright (c) 2000 The Regents of the University of Michigan. - All rights reserved. - - Copyright (c) 2000 Dug Song . - All rights reserved, all wrongs reversed. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static void authgss_nextverf(); -static bool_t authgss_marshal(); -static bool_t authgss_refresh(); -static bool_t authgss_validate(); -static void authgss_destroy(); -static void authgss_destroy_context(); -static bool_t authgss_wrap(); -static bool_t authgss_unwrap(); - - -/* - * from mit-krb5-1.2.1 mechglue/mglueP.h: - * Array of context IDs typed by mechanism OID - */ -typedef struct gss_union_ctx_id_t { - gss_OID mech_type; - gss_ctx_id_t internal_ctx_id; -} gss_union_ctx_id_desc, *gss_union_ctx_id_t; - -static struct auth_ops authgss_ops = { - authgss_nextverf, - authgss_marshal, - authgss_validate, - authgss_refresh, - authgss_destroy, - authgss_wrap, - authgss_unwrap -}; - -#ifdef DEBUG - -/* useful as i add more mechanisms */ -void -print_rpc_gss_sec(struct rpc_gss_sec *ptr) -{ -int i; -char *p; - - log_debug("rpc_gss_sec:"); - if(ptr->mech == NULL) - log_debug("NULL gss_OID mech"); - else { - fprintf(stderr, " mechanism_OID: {"); - p = (char *)ptr->mech->elements; - for (i=0; i < ptr->mech->length; i++) - /* First byte of OIDs encoded to save a byte */ - if (i == 0) { - int first, second; - if (*p < 40) { - first = 0; - second = *p; - } - else if (40 <= *p && *p < 80) { - first = 1; - second = *p - 40; - } - else if (80 <= *p && *p < 127) { - first = 2; - second = *p - 80; - } - else { - /* Invalid value! */ - first = -1; - second = -1; - } - fprintf(stderr, " %u %u", first, second); - p++; - } - else { - fprintf(stderr, " %u", (unsigned char)*p++); - } - fprintf(stderr, " }\n"); - } - fprintf(stderr, " qop: %d\n", ptr->qop); - fprintf(stderr, " service: %d\n", ptr->svc); - fprintf(stderr, " cred: %p\n", ptr->cred); -} -#endif /*DEBUG*/ - -struct rpc_gss_data { - bool_t established; /* context established */ - gss_buffer_desc gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier - * to process at end of context negotiation*/ - CLIENT *clnt; /* client handle */ - gss_name_t name; /* service name */ - struct rpc_gss_sec sec; /* security tuple */ - gss_ctx_id_t ctx; /* context id */ - struct rpc_gss_cred gc; /* client credentials */ - u_int win; /* sequence window */ -}; - -#define AUTH_PRIVATE(auth) ((struct rpc_gss_data *)auth->ah_private) - -static struct timeval AUTH_TIMEOUT = { 25, 0 }; - -AUTH * -authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec) -{ - AUTH *auth, *save_auth; - struct rpc_gss_data *gd; - OM_uint32 min_stat = 0; - - log_debug("in authgss_create()"); - - memset(&rpc_createerr, 0, sizeof(rpc_createerr)); - - if ((auth = calloc(sizeof(*auth), 1)) == NULL) { - rpc_createerr.cf_stat = RPC_SYSTEMERROR; - rpc_createerr.cf_error.re_errno = ENOMEM; - return (NULL); - } - if ((gd = calloc(sizeof(*gd), 1)) == NULL) { - rpc_createerr.cf_stat = RPC_SYSTEMERROR; - rpc_createerr.cf_error.re_errno = ENOMEM; - free(auth); - return (NULL); - } -#ifdef DEBUG - fprintf(stderr, "authgss_create: name is %p\n", name); -#endif - if (name != GSS_C_NO_NAME) { - if (gss_duplicate_name(&min_stat, name, &gd->name) - != GSS_S_COMPLETE) { - rpc_createerr.cf_stat = RPC_SYSTEMERROR; - rpc_createerr.cf_error.re_errno = ENOMEM; - free(auth); - return (NULL); - } - } - else - gd->name = name; - -#ifdef DEBUG - fprintf(stderr, "authgss_create: gd->name is %p\n", gd->name); -#endif - gd->clnt = clnt; - gd->ctx = GSS_C_NO_CONTEXT; - gd->sec = *sec; - - gd->gc.gc_v = RPCSEC_GSS_VERSION; - gd->gc.gc_proc = RPCSEC_GSS_INIT; - gd->gc.gc_svc = gd->sec.svc; - - auth->ah_ops = &authgss_ops; - auth->ah_private = (caddr_t)gd; - - save_auth = clnt->cl_auth; - clnt->cl_auth = auth; - - if (!authgss_refresh(auth)) - auth = NULL; - - clnt->cl_auth = save_auth; - - return (auth); -} - -AUTH * -authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec) -{ - AUTH *auth; - OM_uint32 maj_stat = 0, min_stat = 0; - gss_buffer_desc sname; - gss_name_t name = GSS_C_NO_NAME; - - log_debug("in authgss_create_default()"); - - - sname.value = service; - sname.length = strlen(service); - - maj_stat = gss_import_name(&min_stat, &sname, - GSS_C_NT_HOSTBASED_SERVICE, - &name); - - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_import_name", maj_stat, min_stat); - rpc_createerr.cf_stat = RPC_AUTHERROR; - return (NULL); - } - - auth = authgss_create(clnt, name, sec); - - if (name != GSS_C_NO_NAME) { -#ifdef DEBUG - fprintf(stderr, "authgss_create_default: freeing name %p\n", name); -#endif - gss_release_name(&min_stat, &name); - } - - return (auth); -} - -bool_t -authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd) -{ - struct rpc_gss_data *gd; - - log_debug("in authgss_get_private_data()"); - - if (!auth || !pd) - return (FALSE); - - gd = AUTH_PRIVATE(auth); - - if (!gd || !gd->established) - return (FALSE); - - pd->pd_ctx = gd->ctx; - pd->pd_ctx_hndl = gd->gc.gc_ctx; - pd->pd_seq_win = gd->win; - - return (TRUE); -} - -static void -authgss_nextverf(AUTH *auth) -{ - log_debug("in authgss_nextverf()"); - /* no action necessary */ -} - -static bool_t -authgss_marshal(AUTH *auth, XDR *xdrs) -{ - XDR tmpxdrs; - char tmp[MAX_AUTH_BYTES]; - struct rpc_gss_data *gd; - gss_buffer_desc rpcbuf, checksum; - OM_uint32 maj_stat, min_stat; - bool_t xdr_stat; - - log_debug("in authgss_marshal()"); - - gd = AUTH_PRIVATE(auth); - - if (gd->established) - gd->gc.gc_seq++; - - xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE); - - if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gc)) { - XDR_DESTROY(&tmpxdrs); - return (FALSE); - } - auth->ah_cred.oa_flavor = RPCSEC_GSS; - auth->ah_cred.oa_base = tmp; - auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs); - - XDR_DESTROY(&tmpxdrs); - - if (!xdr_opaque_auth(xdrs, &auth->ah_cred)) - return (FALSE); - - if (gd->gc.gc_proc == RPCSEC_GSS_INIT || - gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) { - return (xdr_opaque_auth(xdrs, &_null_auth)); - } - /* Checksum serialized RPC header, up to and including credential. */ - rpcbuf.length = XDR_GETPOS(xdrs); - XDR_SETPOS(xdrs, 0); - rpcbuf.value = XDR_INLINE(xdrs, rpcbuf.length); - - maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop, - &rpcbuf, &checksum); - - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_get_mic", maj_stat, min_stat); - if (maj_stat == GSS_S_CONTEXT_EXPIRED) { - gd->established = FALSE; - authgss_destroy_context(auth); - } - return (FALSE); - } - auth->ah_verf.oa_flavor = RPCSEC_GSS; - auth->ah_verf.oa_base = checksum.value; - auth->ah_verf.oa_length = checksum.length; - - xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf); - gss_release_buffer(&min_stat, &checksum); - - return (xdr_stat); -} - -static bool_t -authgss_validate(AUTH *auth, struct opaque_auth *verf) -{ - struct rpc_gss_data *gd; - u_int num, qop_state; - gss_buffer_desc signbuf, checksum; - OM_uint32 maj_stat, min_stat; - - log_debug("in authgss_validate()"); - - gd = AUTH_PRIVATE(auth); - - if (gd->established == FALSE) { - /* would like to do this only on NULL rpc -- - * gc->established is good enough. - * save the on the wire verifier to validate last - * INIT phase packet after decode if the major - * status is GSS_S_COMPLETE - */ - if ((gd->gc_wire_verf.value = - mem_alloc(verf->oa_length)) == NULL) { - fprintf(stderr, "gss_validate: out of memory\n"); - return (FALSE); - } - memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length); - gd->gc_wire_verf.length = verf->oa_length; - return (TRUE); - } - - if (gd->gc.gc_proc == RPCSEC_GSS_INIT || - gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) { - num = htonl(gd->win); - } - else num = htonl(gd->gc.gc_seq); - - signbuf.value = # - signbuf.length = sizeof(num); - - checksum.value = verf->oa_base; - checksum.length = verf->oa_length; - - maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf, - &checksum, &qop_state); - if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) { - log_status("gss_verify_mic", maj_stat, min_stat); - if (maj_stat == GSS_S_CONTEXT_EXPIRED) { - gd->established = FALSE; - authgss_destroy_context(auth); - } - return (FALSE); - } - return (TRUE); -} - -static bool_t -authgss_refresh(AUTH *auth) -{ - struct rpc_gss_data *gd; - struct rpc_gss_init_res gr; - gss_buffer_desc *recv_tokenp, send_token; - OM_uint32 maj_stat, min_stat, call_stat, ret_flags; - OM_uint32 req_flags=0; - - log_debug("in authgss_refresh()"); - - gd = AUTH_PRIVATE(auth); - - if (gd->established) - return (TRUE); - - /* GSS context establishment loop. */ - memset(&gr, 0, sizeof(gr)); - recv_tokenp = GSS_C_NO_BUFFER; - -#ifdef DEBUG - print_rpc_gss_sec(&gd->sec); -#endif /*DEBUG*/ - - for (;;) { -#ifdef DEBUG - /* print the token we just received */ - if (recv_tokenp != GSS_C_NO_BUFFER) { - log_debug("The token we just received (length %d):", - recv_tokenp->length); - log_hexdump(recv_tokenp->value, recv_tokenp->length, 0); - } -#endif - maj_stat = gss_init_sec_context(&min_stat, - gd->sec.cred, - &gd->ctx, - gd->name, - gd->sec.mech, - gd->sec.req_flags, - 0, /* time req */ - NULL, /* channel */ - recv_tokenp, - NULL, /* used mech */ - &send_token, - &ret_flags, - NULL); /* time rec */ - - if (recv_tokenp != GSS_C_NO_BUFFER) { - gss_release_buffer(&min_stat, &gr.gr_token); - recv_tokenp = GSS_C_NO_BUFFER; - } - if (maj_stat != GSS_S_COMPLETE && - maj_stat != GSS_S_CONTINUE_NEEDED) { - log_status("gss_init_sec_context", maj_stat, min_stat); - break; - } - if (send_token.length != 0) { - memset(&gr, 0, sizeof(gr)); - -#ifdef DEBUG - /* print the token we are about to send */ - log_debug("The token being sent (length %d):", - send_token.length); - log_hexdump(send_token.value, send_token.length, 0); -#endif - - call_stat = clnt_call(gd->clnt, NULLPROC, - xdr_rpc_gss_init_args, - &send_token, - xdr_rpc_gss_init_res, - (caddr_t)&gr, AUTH_TIMEOUT); - - gss_release_buffer(&min_stat, &send_token); - - if (call_stat != RPC_SUCCESS || - (gr.gr_major != GSS_S_COMPLETE && - gr.gr_major != GSS_S_CONTINUE_NEEDED)) - return FALSE; - - if (gr.gr_ctx.length != 0) { - if (gd->gc.gc_ctx.value) - gss_release_buffer(&min_stat, - &gd->gc.gc_ctx); - gd->gc.gc_ctx = gr.gr_ctx; - } - if (gr.gr_token.length != 0) { - if (maj_stat != GSS_S_CONTINUE_NEEDED) - break; - recv_tokenp = &gr.gr_token; - } - gd->gc.gc_proc = RPCSEC_GSS_CONTINUE_INIT; - } - - /* GSS_S_COMPLETE => check gss header verifier, - * usually checked in gss_validate - */ - if (maj_stat == GSS_S_COMPLETE) { - gss_buffer_desc bufin; - gss_buffer_desc bufout; - u_int seq, qop_state = 0; - - seq = htonl(gr.gr_win); - bufin.value = (unsigned char *)&seq; - bufin.length = sizeof(seq); - bufout.value = (unsigned char *)gd->gc_wire_verf.value; - bufout.length = gd->gc_wire_verf.length; - - maj_stat = gss_verify_mic(&min_stat, gd->ctx, - &bufin, &bufout, &qop_state); - - if (maj_stat != GSS_S_COMPLETE - || qop_state != gd->sec.qop) { - log_status("gss_verify_mic", maj_stat, min_stat); - if (maj_stat == GSS_S_CONTEXT_EXPIRED) { - gd->established = FALSE; - authgss_destroy_context(auth); - } - return (FALSE); - } - gd->established = TRUE; - gd->gc.gc_proc = RPCSEC_GSS_DATA; - gd->gc.gc_seq = 0; - gd->win = gr.gr_win; - break; - } - } - /* End context negotiation loop. */ - if (gd->gc.gc_proc != RPCSEC_GSS_DATA) { - if (gr.gr_token.length != 0) - gss_release_buffer(&min_stat, &gr.gr_token); - - authgss_destroy(auth); - auth = NULL; - rpc_createerr.cf_stat = RPC_AUTHERROR; - - return (FALSE); - } - return (TRUE); -} - -bool_t -authgss_service(AUTH *auth, int svc) -{ - struct rpc_gss_data *gd; - - log_debug("in authgss_service()"); - - if (!auth) - return(FALSE); - gd = AUTH_PRIVATE(auth); - if (!gd || !gd->established) - return (FALSE); - gd->sec.svc = svc; - gd->gc.gc_svc = svc; - return (TRUE); -} - -static void -authgss_destroy_context(AUTH *auth) -{ - struct rpc_gss_data *gd; - OM_uint32 min_stat; - - log_debug("in authgss_destroy_context()"); - - gd = AUTH_PRIVATE(auth); - - if (gd->gc.gc_ctx.length != 0) { - if (gd->established) { - gd->gc.gc_proc = RPCSEC_GSS_DESTROY; - clnt_call(gd->clnt, NULLPROC, xdr_void, NULL, - xdr_void, NULL, AUTH_TIMEOUT); - } - gss_release_buffer(&min_stat, &gd->gc.gc_ctx); - /* XXX ANDROS check size of context - should be 8 */ - memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx)); - } - if (gd->ctx != GSS_C_NO_CONTEXT) { - gss_delete_sec_context(&min_stat, &gd->ctx, NULL); - gd->ctx = GSS_C_NO_CONTEXT; - } - gd->established = FALSE; -} - -static void -authgss_destroy(AUTH *auth) -{ - struct rpc_gss_data *gd; - OM_uint32 min_stat; - - log_debug("in authgss_destroy()"); - - gd = AUTH_PRIVATE(auth); - - authgss_destroy_context(auth); - -#ifdef DEBUG - fprintf(stderr, "authgss_destroy: freeing name %p\n", gd->name); -#endif - if (gd->name != GSS_C_NO_NAME) - gss_release_name(&min_stat, &gd->name); - - free(gd); - free(auth); -} - -bool_t -authgss_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) -{ - struct rpc_gss_data *gd; - - log_debug("in authgss_wrap()"); - - gd = AUTH_PRIVATE(auth); - - if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { - return ((*xdr_func)(xdrs, xdr_ptr)); - } - return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr, - gd->ctx, gd->sec.qop, - gd->sec.svc, gd->gc.gc_seq)); -} - -bool_t -authgss_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) -{ - struct rpc_gss_data *gd; - - log_debug("in authgss_unwrap()"); - - gd = AUTH_PRIVATE(auth); - - if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { - return ((*xdr_func)(xdrs, xdr_ptr)); - } - return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr, - gd->ctx, gd->sec.qop, - gd->sec.svc, gd->gc.gc_seq)); -} diff --git a/support/rpc/authgss_prot.c b/support/rpc/authgss_prot.c deleted file mode 100644 index 97724f1..0000000 --- a/support/rpc/authgss_prot.c +++ /dev/null @@ -1,355 +0,0 @@ -/* - authgss_prot.c - - Copyright (c) 2000 The Regents of the University of Michigan. - All rights reserved. - - Copyright (c) 2000 Dug Song . - All rights reserved, all wrongs reversed. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -bool_t -xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p) -{ - bool_t xdr_stat; - - xdr_stat = (xdr_u_int(xdrs, &p->gc_v) && - xdr_enum(xdrs, (enum_t *)&p->gc_proc) && - xdr_u_int(xdrs, &p->gc_seq) && - xdr_enum(xdrs, (enum_t *)&p->gc_svc) && - xdr_bytes(xdrs, (char **)&p->gc_ctx.value, - &p->gc_ctx.length, MAX_AUTH_BYTES)); - - log_debug("xdr_rpc_gss_cred: %s %s " - "(v %d, proc %d, seq %d, svc %d, ctx %p:%d)", - (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode", - (xdr_stat == TRUE) ? "success" : "failure", - p->gc_v, p->gc_proc, p->gc_seq, p->gc_svc, - p->gc_ctx.value, p->gc_ctx.length); - - return (xdr_stat); -} - -bool_t -xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p) -{ - bool_t xdr_stat; - - xdr_stat = xdr_bytes(xdrs, (char **)&p->value, - &p->length, MAX_NETOBJ_SZ); - - log_debug("xdr_rpc_gss_init_args: %s %s (token %p:%d)", - (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode", - (xdr_stat == TRUE) ? "success" : "failure", - p->value, p->length); - - return (xdr_stat); -} - -bool_t -xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p) -{ - bool_t xdr_stat; - - xdr_stat = (xdr_bytes(xdrs, (char **)&p->gr_ctx.value, - &p->gr_ctx.length, MAX_NETOBJ_SZ) && - xdr_u_int(xdrs, &p->gr_major) && - xdr_u_int(xdrs, &p->gr_minor) && - xdr_u_int(xdrs, &p->gr_win) && - xdr_bytes(xdrs, (char **)&p->gr_token.value, - &p->gr_token.length, MAX_NETOBJ_SZ)); - - log_debug("xdr_rpc_gss_init_res %s %s " - "(ctx %p:%d, maj %d, min %d, win %d, token %p:%d)", - (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode", - (xdr_stat == TRUE) ? "success" : "failure", - p->gr_ctx.value, p->gr_ctx.length, - p->gr_major, p->gr_minor, p->gr_win, - p->gr_token.value, p->gr_token.length); - - return (xdr_stat); -} - -bool_t -xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, - gss_ctx_id_t ctx, gss_qop_t qop, - rpc_gss_svc_t svc, u_int seq) -{ - gss_buffer_desc databuf, wrapbuf; - OM_uint32 maj_stat, min_stat; - int start, end, conf_state; - bool_t xdr_stat; - - /* Skip databody length. */ - start = XDR_GETPOS(xdrs); - XDR_SETPOS(xdrs, start + 4); - - /* Marshal rpc_gss_data_t (sequence number + arguments). */ - if (!xdr_u_int(xdrs, &seq) || !(*xdr_func)(xdrs, xdr_ptr)) - return (FALSE); - end = XDR_GETPOS(xdrs); - - /* Set databuf to marshalled rpc_gss_data_t. */ - databuf.length = end - start - 4; - XDR_SETPOS(xdrs, start + 4); - databuf.value = XDR_INLINE(xdrs, databuf.length); - - xdr_stat = FALSE; - - if (svc == RPCSEC_GSS_SVC_INTEGRITY) { - /* Marshal databody_integ length. */ - XDR_SETPOS(xdrs, start); - if (!xdr_u_int(xdrs, &databuf.length)) - return (FALSE); - - /* Checksum rpc_gss_data_t. */ - maj_stat = gss_get_mic(&min_stat, ctx, qop, - &databuf, &wrapbuf); - if (maj_stat != GSS_S_COMPLETE) { - log_debug("gss_get_mic failed"); - return (FALSE); - } - /* Marshal checksum. */ - XDR_SETPOS(xdrs, end); - xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value, - &wrapbuf.length, MAX_NETOBJ_SZ); - gss_release_buffer(&min_stat, &wrapbuf); - } - else if (svc == RPCSEC_GSS_SVC_PRIVACY) { - /* Encrypt rpc_gss_data_t. */ - maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf, - &conf_state, &wrapbuf); - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_wrap", maj_stat, min_stat); - return (FALSE); - } - /* Marshal databody_priv. */ - XDR_SETPOS(xdrs, start); - xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value, - &wrapbuf.length, MAX_NETOBJ_SZ); - gss_release_buffer(&min_stat, &wrapbuf); - } - return (xdr_stat); -} - -bool_t -xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, - gss_ctx_id_t ctx, gss_qop_t qop, - rpc_gss_svc_t svc, u_int seq) -{ - XDR tmpxdrs; - gss_buffer_desc databuf, wrapbuf; - OM_uint32 maj_stat, min_stat; - u_int seq_num, conf_state, qop_state; - bool_t xdr_stat; - - if (xdr_func == xdr_void || xdr_ptr == NULL) - return (TRUE); - - memset(&databuf, 0, sizeof(databuf)); - memset(&wrapbuf, 0, sizeof(wrapbuf)); - - if (svc == RPCSEC_GSS_SVC_INTEGRITY) { - /* Decode databody_integ. */ - if (!xdr_bytes(xdrs, (char **)&databuf.value, &databuf.length, - MAX_NETOBJ_SZ)) { - log_debug("xdr decode databody_integ failed"); - return (FALSE); - } - /* Decode checksum. */ - if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, &wrapbuf.length, - MAX_NETOBJ_SZ)) { - gss_release_buffer(&min_stat, &databuf); - log_debug("xdr decode checksum failed"); - return (FALSE); - } - /* Verify checksum and QOP. */ - maj_stat = gss_verify_mic(&min_stat, ctx, &databuf, - &wrapbuf, &qop_state); - gss_release_buffer(&min_stat, &wrapbuf); - - if (maj_stat != GSS_S_COMPLETE || qop_state != qop) { - gss_release_buffer(&min_stat, &databuf); - log_status("gss_verify_mic", maj_stat, min_stat); - return (FALSE); - } - } - else if (svc == RPCSEC_GSS_SVC_PRIVACY) { - /* Decode databody_priv. */ - if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, &wrapbuf.length, - MAX_NETOBJ_SZ)) { - log_debug("xdr decode databody_priv failed"); - return (FALSE); - } - /* Decrypt databody. */ - maj_stat = gss_unwrap(&min_stat, ctx, &wrapbuf, &databuf, - &conf_state, &qop_state); - - gss_release_buffer(&min_stat, &wrapbuf); - - /* Verify encryption and QOP. */ - if (maj_stat != GSS_S_COMPLETE || qop_state != qop || - conf_state != TRUE) { - gss_release_buffer(&min_stat, &databuf); - log_status("gss_unwrap", maj_stat, min_stat); - return (FALSE); - } - } - /* Decode rpc_gss_data_t (sequence number + arguments). */ - xdrmem_create(&tmpxdrs, databuf.value, databuf.length, XDR_DECODE); - xdr_stat = (xdr_u_int(&tmpxdrs, &seq_num) && - (*xdr_func)(&tmpxdrs, xdr_ptr)); - XDR_DESTROY(&tmpxdrs); - gss_release_buffer(&min_stat, &databuf); - - /* Verify sequence number. */ - if (xdr_stat == TRUE && seq_num != seq) { - log_debug("wrong sequence number in databody"); - return (FALSE); - } - return (xdr_stat); -} - -bool_t -xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, - gss_ctx_id_t ctx, gss_qop_t qop, - rpc_gss_svc_t svc, u_int seq) -{ - switch (xdrs->x_op) { - - case XDR_ENCODE: - return (xdr_rpc_gss_wrap_data(xdrs, xdr_func, xdr_ptr, - ctx, qop, svc, seq)); - case XDR_DECODE: - return (xdr_rpc_gss_unwrap_data(xdrs, xdr_func, xdr_ptr, - ctx, qop,svc, seq)); - case XDR_FREE: - return (TRUE); - } - return (FALSE); -} - -#ifdef DEBUG -#include - -void -log_debug(const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - fprintf(stderr, "rpcsec_gss: "); - vfprintf(stderr, fmt, ap); - fprintf(stderr, "\n"); - va_end(ap); -} - -void -log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat) -{ - OM_uint32 min; - gss_buffer_desc msg; - int msg_ctx = 0; - - fprintf(stderr, "rpcsec_gss: %s: ", m); - - gss_display_status(&min, maj_stat, GSS_C_GSS_CODE, GSS_C_NULL_OID, - &msg_ctx, &msg); - fprintf(stderr, "%s - ", (char *)msg.value); - gss_release_buffer(&min, &msg); - - gss_display_status(&min, min_stat, GSS_C_MECH_CODE, GSS_C_NULL_OID, - &msg_ctx, &msg); - fprintf(stderr, "%s\n", (char *)msg.value); - gss_release_buffer(&min, &msg); -} - -void -log_hexdump(const u_char *buf, int len, int offset) -{ - u_int i, j, jm; - int c; - - fprintf(stderr, "\n"); - for (i = 0; i < len; i += 0x10) { - fprintf(stderr, " %04x: ", (u_int)(i + offset)); - jm = len - i; - jm = jm > 16 ? 16 : jm; - - for (j = 0; j < jm; j++) { - if ((j % 2) == 1) - fprintf(stderr, "%02x ", (u_int) buf[i+j]); - else - fprintf(stderr, "%02x", (u_int) buf[i+j]); - } - for (; j < 16; j++) { - if ((j % 2) == 1) printf(" "); - else fprintf(stderr, " "); - } - fprintf(stderr, " "); - - for (j = 0; j < jm; j++) { - c = buf[i+j]; - c = isprint(c) ? c : '.'; - fprintf(stderr, "%c", c); - } - fprintf(stderr, "\n"); - } -} - -#else - -void -log_debug(const char *fmt, ...) -{ -} - -void -log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat) -{ -} - -void -log_hexdump(const u_char *buf, int len, int offset) -{ -} - -#endif - - diff --git a/support/rpc/include/rpc/auth_gss.h b/support/rpc/include/rpc/auth_gss.h index dc206b0..4258c58 100644 --- a/support/rpc/include/rpc/auth_gss.h +++ b/support/rpc/include/rpc/auth_gss.h @@ -37,9 +37,8 @@ #ifndef _RPC_AUTH_GSS_H #define _RPC_AUTH_GSS_H -#include "config.h" #include -#include "../../../include/gssapi/gssapi.h" +#include /* RPCSEC_GSS control procedures. */ typedef enum { diff --git a/support/rpc/rpc_commondata.c b/support/rpc/rpc_commondata.c deleted file mode 100644 index 24e7611..0000000 --- a/support/rpc/rpc_commondata.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rpc_commondata.c,v 1.3 1996/08/19 08:31:47 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -/* - * This file should only contain common data (global data) that is exported - * by public interfaces - */ -struct opaque_auth _null_auth; -fd_set svc_fdset; -int svc_maxfd = -1; -struct rpc_createerr rpc_createerr; diff --git a/support/rpc/svc.c b/support/rpc/svc.c deleted file mode 100644 index 8e47d67..0000000 --- a/support/rpc/svc.c +++ /dev/null @@ -1,508 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: svc.c,v 1.11 1998/02/25 12:21:18 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -/* - * svc.c, Server-side remote procedure call interface. - * - * There are two sets of procedures here. The xprt routines are - * for handling transport handles. The svc routines handle the - * list of service routines. - * - * Copyright (C) 1984, Sun Microsystems, Inc. - */ - -#include -#include - -#include -#include -#include -#include - -static SVCXPRT **xports; -static int xportssize; - -#define NULL_SVC ((struct svc_callout *)0) -#define RQCRED_SIZE 1024 /* this size is excessive */ - -#define max(a, b) (a > b ? a : b) - -#if 0 -#ifdef __linux__ -#define fds_bits __fds_bits /* XXX - Linux sux */ -#endif -#endif - -/* - * The services list - * Each entry represents a set of procedures (an rpc program). - * The dispatch routine takes request structs and runs the - * apropriate procedure. - */ -static struct svc_callout { - struct svc_callout *sc_next; - u_long sc_prog; - u_long sc_vers; - void (*sc_dispatch)(); -} *svc_head; - -static struct svc_callout *svc_find(); - -int __svc_fdsetsize; -fd_set *__svc_fdset; - -/* *************** SVCXPRT related stuff **************** */ - -/* - * Activate a transport handle. - */ -void -xprt_register(xprt) - SVCXPRT *xprt; -{ - register int sock = xprt->xp_sock; - - if (sock+1 > __svc_fdsetsize) { - int bytes = howmany(sock+1, NFDBITS) * sizeof(fd_mask); - fd_set *fds; - - fds = (fd_set *)malloc(bytes); - memset(fds, 0, bytes); - if (__svc_fdset) { - memcpy(fds, __svc_fdset, howmany(__svc_fdsetsize, - NFDBITS) * sizeof(fd_mask)); - free(__svc_fdset); - } - __svc_fdset = fds; - __svc_fdsetsize = sock+1; - } - - if (sock < FD_SETSIZE) - FD_SET(sock, &svc_fdset); - FD_SET(sock, __svc_fdset); - - if (xports == NULL || sock+1 > xportssize) { - SVCXPRT **xp; - int size = FD_SETSIZE; - - if (sock+1 > size) - size = sock+1; - xp = (SVCXPRT **)mem_alloc(size * sizeof(SVCXPRT *)); - memset(xp, 0, size * sizeof(SVCXPRT *)); - if (xports) { - memcpy(xp, xports, xportssize * sizeof(SVCXPRT *)); - free(xports); - } - xportssize = size; - xports = xp; - } - xports[sock] = xprt; - svc_maxfd = max(svc_maxfd, sock); -} - -/* - * De-activate a transport handle. - */ -void -xprt_unregister(xprt) - SVCXPRT *xprt; -{ - register int sock = xprt->xp_sock; - - if (xports[sock] == xprt) { - xports[sock] = (SVCXPRT *)0; - if (sock < FD_SETSIZE) - FD_CLR(sock, &svc_fdset); - FD_CLR(sock, __svc_fdset); - if (sock == svc_maxfd) { - for (svc_maxfd--; svc_maxfd>=0; svc_maxfd--) - if (xports[svc_maxfd]) - break; - } - /* - * XXX could use svc_maxfd as a hint to - * decrease the size of __svc_fdset - */ - } -} - - -/* ********************** CALLOUT list related stuff ************* */ - -/* - * Add a service program to the callout list. - * The dispatch routine will be called when a rpc request for this - * program number comes in. - */ -bool_t -svc_register(xprt, prog, vers, dispatch, protocol) - SVCXPRT *xprt; - u_long prog; - u_long vers; - void (*dispatch)(); - int protocol; -{ - struct svc_callout *prev; - register struct svc_callout *s; - - if ((s = svc_find(prog, vers, &prev)) != NULL_SVC) { - if (s->sc_dispatch == dispatch) - goto pmap_it; /* he is registering another xptr */ - return (FALSE); - } - s = (struct svc_callout *)mem_alloc(sizeof(struct svc_callout)); - if (s == (struct svc_callout *)0) { - return (FALSE); - } - s->sc_prog = prog; - s->sc_vers = vers; - s->sc_dispatch = dispatch; - s->sc_next = svc_head; - svc_head = s; -pmap_it: - /* now register the information with the local binder service */ - if (protocol) { - return (pmap_set(prog, vers, protocol, xprt->xp_port)); - } - return (TRUE); -} - -/* - * Remove a service program from the callout list. - */ -void -svc_unregister(prog, vers) - u_long prog; - u_long vers; -{ - struct svc_callout *prev; - register struct svc_callout *s; - - if ((s = svc_find(prog, vers, &prev)) == NULL_SVC) - return; - if (prev == NULL_SVC) { - svc_head = s->sc_next; - } else { - prev->sc_next = s->sc_next; - } - s->sc_next = NULL_SVC; - mem_free((char *) s, (u_int) sizeof(struct svc_callout)); - /* now unregister the information with the local binder service */ - (void)pmap_unset(prog, vers); -} - -/* - * Search the callout list for a program number, return the callout - * struct. - */ -static struct svc_callout * -svc_find(prog, vers, prev) - u_long prog; - u_long vers; - struct svc_callout **prev; -{ - register struct svc_callout *s, *p; - - p = NULL_SVC; - for (s = svc_head; s != NULL_SVC; s = s->sc_next) { - if ((s->sc_prog == prog) && (s->sc_vers == vers)) - goto done; - p = s; - } -done: - *prev = p; - return (s); -} - -/* ******************* REPLY GENERATION ROUTINES ************ */ - -/* - * Send a reply to an rpc request - */ -bool_t -svc_sendreply(xprt, xdr_results, xdr_location) - register SVCXPRT *xprt; - xdrproc_t xdr_results; - caddr_t xdr_location; -{ - struct rpc_msg rply; - - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; - rply.acpted_rply.ar_verf = xprt->xp_verf; - rply.acpted_rply.ar_stat = SUCCESS; - rply.acpted_rply.ar_results.where = xdr_location; - rply.acpted_rply.ar_results.proc = xdr_results; - return (SVC_REPLY(xprt, &rply)); -} - -/* - * No procedure error reply - */ -void -svcerr_noproc(xprt) - register SVCXPRT *xprt; -{ - struct rpc_msg rply; - - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; - rply.acpted_rply.ar_verf = xprt->xp_verf; - rply.acpted_rply.ar_stat = PROC_UNAVAIL; - SVC_REPLY(xprt, &rply); -} - -/* - * Can't decode args error reply - */ -void -svcerr_decode(xprt) - register SVCXPRT *xprt; -{ - struct rpc_msg rply; - - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; - rply.acpted_rply.ar_verf = xprt->xp_verf; - rply.acpted_rply.ar_stat = GARBAGE_ARGS; - SVC_REPLY(xprt, &rply); -} - -/* - * Some system error - */ -void -svcerr_systemerr(xprt) - register SVCXPRT *xprt; -{ - struct rpc_msg rply; - - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; - rply.acpted_rply.ar_verf = xprt->xp_verf; - rply.acpted_rply.ar_stat = SYSTEM_ERR; - SVC_REPLY(xprt, &rply); -} - -/* - * Authentication error reply - */ -void -svcerr_auth(xprt, why) - SVCXPRT *xprt; - enum auth_stat why; -{ - struct rpc_msg rply; - - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_DENIED; - rply.rjcted_rply.rj_stat = AUTH_ERROR; - rply.rjcted_rply.rj_why = why; - SVC_REPLY(xprt, &rply); -} - -/* - * Auth too weak error reply - */ -void -svcerr_weakauth(xprt) - SVCXPRT *xprt; -{ - - svcerr_auth(xprt, AUTH_TOOWEAK); -} - -/* - * Program unavailable error reply - */ -void -svcerr_noprog(xprt) - register SVCXPRT *xprt; -{ - struct rpc_msg rply; - - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; - rply.acpted_rply.ar_verf = xprt->xp_verf; - rply.acpted_rply.ar_stat = PROG_UNAVAIL; - SVC_REPLY(xprt, &rply); -} - -/* - * Program version mismatch error reply - */ -void -svcerr_progvers(xprt, low_vers, high_vers) - register SVCXPRT *xprt; - u_long low_vers; - u_long high_vers; -{ - struct rpc_msg rply; - - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; - rply.acpted_rply.ar_verf = xprt->xp_verf; - rply.acpted_rply.ar_stat = PROG_MISMATCH; - rply.acpted_rply.ar_vers.low = low_vers; - rply.acpted_rply.ar_vers.high = high_vers; - SVC_REPLY(xprt, &rply); -} - -/* ******************* SERVER INPUT STUFF ******************* */ - -/* - * Get server side input from some transport. - * - * Statement of authentication parameters management: - * This function owns and manages all authentication parameters, specifically - * the "raw" parameters (msg.rm_call.cb_cred and msg.rm_call.cb_verf) and - * the "cooked" credentials (rqst->rq_clntcred). - * However, this function does not know the structure of the cooked - * credentials, so it make the following assumptions: - * a) the structure is contiguous (no pointers), and - * b) the cred structure size does not exceed RQCRED_SIZE bytes. - * In all events, all three parameters are freed upon exit from this routine. - * The storage is trivially management on the call stack in user land, but - * is mallocated in kernel land. - */ - -void -svc_getreq(rdfds) - int rdfds; -{ - fd_set readfds; - - FD_ZERO(&readfds); - readfds.fds_bits[0] = rdfds; - svc_getreqset(&readfds); -} - -void svc_getreqset2 __P((fd_set *, int)); - -void -svc_getreqset(readfds) - fd_set *readfds; -{ - svc_getreqset2(readfds, FD_SETSIZE); -} - -void -svc_getreqset2(readfds, width) - fd_set *readfds; - int width; -{ - enum xprt_stat stat; - struct rpc_msg msg; - int prog_found; - u_long low_vers; - u_long high_vers; - struct svc_req r; - register SVCXPRT *xprt; - register int bit; - register fd_mask mask, *maskp; - register int sock; - bool_t no_dispatch; - char cred_area[2*MAX_AUTH_BYTES + RQCRED_SIZE]; - msg.rm_call.cb_cred.oa_base = cred_area; - msg.rm_call.cb_verf.oa_base = &(cred_area[MAX_AUTH_BYTES]); - r.rq_clntcred = &(cred_area[2*MAX_AUTH_BYTES]); - - maskp = readfds->fds_bits; - for (sock = 0; sock < width; sock += NFDBITS) { - for (mask = *maskp++; (bit = ffs(mask)); mask ^= (1 << (bit - 1))) { - /* sock has input waiting */ - xprt = xports[sock + bit - 1]; - if (xprt == NULL) - /* But do we control sock? */ - continue; - /* now receive msgs from xprtprt (support batch calls) */ - do { - if (SVC_RECV(xprt, &msg)) { - - /* now find the exported program and call it */ - register struct svc_callout *s; - enum auth_stat why; - - r.rq_xprt = xprt; - r.rq_prog = msg.rm_call.cb_prog; - r.rq_vers = msg.rm_call.cb_vers; - r.rq_proc = msg.rm_call.cb_proc; - r.rq_cred = msg.rm_call.cb_cred; - - no_dispatch = FALSE; - - /* first authenticate the message */ - if ((why = _authenticate(&r, &msg, &no_dispatch)) != AUTH_OK) { - svcerr_auth(xprt, why); - goto call_done; - } - else if (no_dispatch) { - goto call_done; - } - /* now match message with a registered service*/ - prog_found = FALSE; - low_vers = (u_long) -1; - high_vers = 0; - for (s = svc_head; s != NULL_SVC; s = s->sc_next) { - if (s->sc_prog == r.rq_prog) { - if (s->sc_vers == r.rq_vers) { - (*s->sc_dispatch)(&r, xprt); - goto call_done; - } /* found correct version */ - prog_found = TRUE; - if (s->sc_vers < low_vers) - low_vers = s->sc_vers; - if (s->sc_vers > high_vers) - high_vers = s->sc_vers; - } /* found correct program */ - } - /* - * if we got here, the program or version - * is not served ... - */ - if (prog_found) - svcerr_progvers(xprt, - low_vers, high_vers); - else - svcerr_noprog(xprt); - /* Fall through to ... */ - } - call_done: - if ((stat = SVC_STAT(xprt)) == XPRT_DIED) { - SVC_DESTROY(xprt); - break; - } - } while (stat == XPRT_MOREREQS); - } - } -} diff --git a/support/rpc/svc_auth.c b/support/rpc/svc_auth.c deleted file mode 100644 index 4a11be3..0000000 --- a/support/rpc/svc_auth.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: svc_auth.c,v 1.4 1998/03/19 00:27:22 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -/* - * svc_auth_nodes.c, Server-side rpc authenticator interface, - * *WITHOUT* DES authentication. - * - * Copyright (C) 1984, Sun Microsystems, Inc. - */ - -#include - -/* - * svcauthsw is the bdevsw of server side authentication. - * - * Server side authenticators are called from authenticate by - * using the client auth struct flavor field to index into svcauthsw. - * The server auth flavors must implement a routine that looks - * like: - * - * enum auth_stat - * flavorx_auth(rqst, msg) - * register struct svc_req *rqst; - * register struct rpc_msg *msg; - * - */ - -enum auth_stat _svcauth_none(); /* no authentication */ -enum auth_stat _svcauth_unix(); /* unix style (uid, gids) */ -enum auth_stat _svcauth_short(); /* short hand unix style */ -enum auth_stat _svcauth_gss(); /* RPCSEC_GSS */ - -static struct { - enum auth_stat (*authenticator)(); -} svcauthsw[] = { - { _svcauth_none }, /* AUTH_NONE */ - { _svcauth_unix }, /* AUTH_UNIX */ - { _svcauth_short }, /* AUTH_SHORT */ - { _svcauth_none }, /* AUTH_DES - does not exist */ - { _svcauth_none }, - { _svcauth_none }, - { _svcauth_gss } /* RPCSEC_GSS */ -}; -#define AUTH_MAX 6 /* HIGHEST AUTH NUMBER */ - -/* - * The call rpc message, msg has been obtained from the wire. The msg contains - * the raw form of credentials and verifiers. authenticate returns AUTH_OK - * if the msg is successfully authenticated. If AUTH_OK then the routine also - * does the following things: - * set rqst->rq_xprt->verf to the appropriate response verifier; - * sets rqst->rq_clntcred to the "cooked" form of the credentials. - * - * NB: rqst->rq_xprt->verf must be pre-alloctaed; - * its length is set appropriately. - * - * The caller still owns and is responsible for msg->u.cmb.cred and - * msg->u.cmb.verf. The authentication system retains ownership of - * rqst->rq_clntcred, the cooked credentials. - * - * There is an assumption that any flavour less than AUTH_NONE is - * invalid. - */ -enum auth_stat -_authenticate(rqst, msg, no_dispatch) - register struct svc_req *rqst; - struct rpc_msg *msg; - bool_t *no_dispatch; -{ - register int cred_flavor; - - rqst->rq_cred = msg->rm_call.cb_cred; - rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor; - rqst->rq_xprt->xp_verf.oa_length = 0; - cred_flavor = rqst->rq_cred.oa_flavor; - *no_dispatch = FALSE; - - if ((cred_flavor <= AUTH_MAX) && (cred_flavor >= AUTH_NONE)) { - return ((*(svcauthsw[cred_flavor].authenticator))(rqst, msg, no_dispatch)); - } - - return (AUTH_REJECTEDCRED); -} diff --git a/support/rpc/svc_auth_gss.c b/support/rpc/svc_auth_gss.c deleted file mode 100644 index 82b8d01..0000000 --- a/support/rpc/svc_auth_gss.c +++ /dev/null @@ -1,582 +0,0 @@ -/* - svc_auth_gss.c - - Copyright (c) 2000 The Regents of the University of Michigan. - All rights reserved. - - Copyright (c) 2000 Dug Song . - All rights reserved, all wrongs reversed. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - */ - -#include -#include -#include -#include -#include - -extern SVCAUTH svc_auth_none; - -/* - * from mit-krb5-1.2.1 mechglue/mglueP.h: - * Array of context IDs typed by mechanism OID - */ -typedef struct gss_union_ctx_id_t { - gss_OID mech_type; - gss_ctx_id_t internal_ctx_id; -} gss_union_ctx_id_desc, *gss_union_ctx_id_t; - - - -static bool_t svcauth_gss_destroy(); -static bool_t svcauth_gss_wrap(); -static bool_t svcauth_gss_unwrap(); - -struct svc_auth_ops svc_auth_gss_ops = { - svcauth_gss_wrap, - svcauth_gss_unwrap, - svcauth_gss_destroy -}; - -struct svc_rpc_gss_data { - bool_t established; /* context established */ - gss_ctx_id_t ctx; /* context id */ - struct rpc_gss_sec sec; /* security triple */ - gss_buffer_desc cname; /* GSS client name */ - u_int seq; /* sequence number */ - u_int win; /* sequence window */ - u_int seqlast; /* last sequence number */ - u_int32_t seqmask; /* bitmask of seqnums */ - gss_name_t client_name; /* unparsed name string */ -}; - -#define SVCAUTH_PRIVATE(auth) \ - ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) - -/* Global server credentials. */ -gss_cred_id_t _svcauth_gss_creds; -static gss_name_t _svcauth_gss_name = NULL; - -bool_t -svcauth_gss_set_svc_name(gss_name_t name) -{ - OM_uint32 maj_stat, min_stat; - - log_debug("in svcauth_gss_set_svc_name()"); - - if (_svcauth_gss_name != NULL) { - maj_stat = gss_release_name(&min_stat, &_svcauth_gss_name); - - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_release_name", maj_stat, min_stat); - return (FALSE); - } - _svcauth_gss_name = NULL; - } - maj_stat = gss_duplicate_name(&min_stat, name, &_svcauth_gss_name); - - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_duplicate_name", maj_stat, min_stat); - return (FALSE); - } - - return (TRUE); -} - -static bool_t -svcauth_gss_import_name(char *service) -{ - gss_name_t name; - gss_buffer_desc namebuf; - OM_uint32 maj_stat, min_stat; - - log_debug("in svcauth_gss_import_name()"); - - namebuf.value = service; - namebuf.length = strlen(service); - - maj_stat = gss_import_name(&min_stat, &namebuf, - GSS_C_NT_HOSTBASED_SERVICE, &name); - - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_import_name", maj_stat, min_stat); - return (FALSE); - } - if (svcauth_gss_set_svc_name(name) != TRUE) { - gss_release_name(&min_stat, &name); - return (FALSE); - } - return (TRUE); -} - -static bool_t -svcauth_gss_acquire_cred(void) -{ - OM_uint32 maj_stat, min_stat; - - log_debug("in svcauth_gss_acquire_cred()"); - - maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, 0, - GSS_C_NULL_OID_SET, GSS_C_ACCEPT, - &_svcauth_gss_creds, NULL, NULL); - - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_acquire_cred", maj_stat, min_stat); - return (FALSE); - } - return (TRUE); -} - -static bool_t -svcauth_gss_release_cred(void) -{ - OM_uint32 maj_stat, min_stat; - - log_debug("in svcauth_gss_release_cred()"); - - maj_stat = gss_release_cred(&min_stat, &_svcauth_gss_creds); - - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_release_cred", maj_stat, min_stat); - return (FALSE); - } - - _svcauth_gss_creds = NULL; - - return (TRUE); -} - -static bool_t -svcauth_gss_accept_sec_context(struct svc_req *rqst, - struct rpc_gss_init_res *gr) -{ - struct svc_rpc_gss_data *gd; - struct rpc_gss_cred *gc; - gss_buffer_desc recv_tok, seqbuf, checksum; - gss_OID mech; - OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq; - - log_debug("in svcauth_gss_accept_context()"); - - gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); - gc = (struct rpc_gss_cred *)rqst->rq_clntcred; - memset(gr, 0, sizeof(*gr)); - - /* Deserialize arguments. */ - memset(&recv_tok, 0, sizeof(recv_tok)); - - if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args, - (caddr_t)&recv_tok)) - return (FALSE); - - gr->gr_major = gss_accept_sec_context(&gr->gr_minor, - &gd->ctx, - _svcauth_gss_creds, - &recv_tok, - GSS_C_NO_CHANNEL_BINDINGS, - &gd->client_name, - &mech, - &gr->gr_token, - &ret_flags, - NULL, - NULL); - - if (gr->gr_major != GSS_S_COMPLETE && - gr->gr_major != GSS_S_CONTINUE_NEEDED) { - log_status("accept_sec_context", gr->gr_major, gr->gr_minor); - gd->ctx = GSS_C_NO_CONTEXT; - gss_release_buffer(&min_stat, &gr->gr_token); - return (FALSE); - } - /* ANDROS: krb5 mechglue returns ctx of size 8 - two pointers, - * one to the mechanism oid, one to the internal_ctx_id */ - if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) { - fprintf(stderr, "svcauth_gss_accept_context: out of memory\n"); - return (FALSE); - } - memcpy(gr->gr_ctx.value, gd->ctx, sizeof(gss_union_ctx_id_desc)); - gr->gr_ctx.length = sizeof(gss_union_ctx_id_desc); - - /* ANDROS: change for debugging linux kernel version... - gr->gr_win = sizeof(gd->seqmask) * 8; - */ - gr->gr_win = 0x00000005; - - /* Save client info. */ - gd->sec.mech = mech; - gd->sec.qop = GSS_C_QOP_DEFAULT; - gd->sec.svc = gc->gc_svc; - gd->seq = gc->gc_seq; - gd->win = gr->gr_win; - - if (gr->gr_major == GSS_S_COMPLETE) { - maj_stat = gss_display_name(&min_stat, gd->client_name, - &gd->cname, &gd->sec.mech); - if (maj_stat != GSS_S_COMPLETE) { - log_status("display_name", maj_stat, min_stat); - return (FALSE); - } -#ifdef DEBUG -#ifdef HAVE_KRB5 - { - gss_buffer_desc mechname; - - gss_oid_to_str(&min_stat, mech, &mechname); - - log_debug("accepted context for %.*s with " - "", - gd->cname.length, (char *)gd->cname.value, - mechname.length, (char *)mechname.value, - gd->sec.qop, gd->sec.svc); - - gss_release_buffer(&min_stat, &mechname); - } -#elif HAVE_HEIMDAL - log_debug("accepted context for %.*s with " - "", - gd->cname.length, (char *)gd->cname.value, - gd->sec.qop, gd->sec.svc); -#endif -#endif /* DEBUG */ - seq = htonl(gr->gr_win); - seqbuf.value = &seq; - seqbuf.length = sizeof(seq); - - maj_stat = gss_sign(&min_stat, gd->ctx, GSS_C_QOP_DEFAULT, - &seqbuf, &checksum); - - if (maj_stat != GSS_S_COMPLETE) - return (FALSE); - - rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; - rqst->rq_xprt->xp_verf.oa_base = checksum.value; - rqst->rq_xprt->xp_verf.oa_length = checksum.length; - } - return (TRUE); -} - -static bool_t -svcauth_gss_validate(struct svc_rpc_gss_data *gd, struct rpc_msg *msg) -{ - struct opaque_auth *oa; - gss_buffer_desc rpcbuf, checksum; - OM_uint32 maj_stat, min_stat, qop_state; - u_char rpchdr[128]; - int32_t *buf; - - log_debug("in svcauth_gss_validate()"); - - memset(rpchdr, 0, sizeof(rpchdr)); - - /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */ - buf = (int32_t *)rpchdr; - IXDR_PUT_LONG(buf, msg->rm_xid); - IXDR_PUT_ENUM(buf, msg->rm_direction); - IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers); - IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); - IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); - IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; - IXDR_PUT_ENUM(buf, oa->oa_flavor); - IXDR_PUT_LONG(buf, oa->oa_length); - if (oa->oa_length) { - memcpy((caddr_t)buf, oa->oa_base, oa->oa_length); - buf += RNDUP(oa->oa_length) / sizeof(int32_t); - } - rpcbuf.value = rpchdr; - rpcbuf.length = (u_char *)buf - rpchdr; - - checksum.value = msg->rm_call.cb_verf.oa_base; - checksum.length = msg->rm_call.cb_verf.oa_length; - - maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum, - &qop_state); - - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_verify_mic", maj_stat, min_stat); - return (FALSE); - } - return (TRUE); -} - -bool_t -svcauth_gss_nextverf(struct svc_req *rqst, u_int num) -{ - struct svc_rpc_gss_data *gd; - gss_buffer_desc signbuf, checksum; - OM_uint32 maj_stat, min_stat; - - log_debug("in svcauth_gss_nextverf()"); - - if (rqst->rq_xprt->xp_auth == NULL) - return (FALSE); - - gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); - - signbuf.value = # - signbuf.length = sizeof(num); - - maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop, - &signbuf, &checksum); - - if (maj_stat != GSS_S_COMPLETE) { - log_status("gss_get_mic", maj_stat, min_stat); - return (FALSE); - } - rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; - rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value; - rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length; - - return (TRUE); -} - -enum auth_stat -_svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) -{ - XDR xdrs; - SVCAUTH *auth; - struct svc_rpc_gss_data *gd; - struct rpc_gss_cred *gc; - struct rpc_gss_init_res gr; - int call_stat, offset; - - log_debug("in svcauth_gss()"); - - /* Initialize reply. */ - rqst->rq_xprt->xp_verf = _null_auth; - - /* Allocate and set up server auth handle. */ - if (rqst->rq_xprt->xp_auth == NULL || - rqst->rq_xprt->xp_auth == &svc_auth_none) { - if ((auth = calloc(sizeof(*auth), 1)) == NULL) { - fprintf(stderr, "svcauth_gss: out_of_memory\n"); - return (AUTH_FAILED); - } - if ((gd = calloc(sizeof(*gd), 1)) == NULL) { - fprintf(stderr, "svcauth_gss: out_of_memory\n"); - return (AUTH_FAILED); - } - auth->svc_ah_ops = &svc_auth_gss_ops; - auth->svc_ah_private = (caddr_t)gd; - rqst->rq_xprt->xp_auth = auth; - } - else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); - - /* Deserialize client credentials. */ - if (rqst->rq_cred.oa_length <= 0) - return (AUTH_BADCRED); - - gc = (struct rpc_gss_cred *)rqst->rq_clntcred; - memset(gc, 0, sizeof(*gc)); - - xdrmem_create(&xdrs, rqst->rq_cred.oa_base, - rqst->rq_cred.oa_length, XDR_DECODE); - - if (!xdr_rpc_gss_cred(&xdrs, gc)) { - XDR_DESTROY(&xdrs); - return (AUTH_BADCRED); - } - XDR_DESTROY(&xdrs); - - /* Check version. */ - if (gc->gc_v != RPCSEC_GSS_VERSION) - return (AUTH_BADCRED); - - /* Check RPCSEC_GSS service. */ - if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && - gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && - gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) - return (AUTH_BADCRED); - - /* Check sequence number. */ - if (gd->established) { - if (gc->gc_seq > MAXSEQ) - return (RPCSEC_GSS_CTXPROBLEM); - - if ((offset = gd->seqlast - gc->gc_seq) < 0) { - gd->seqlast = gc->gc_seq; - offset = 0 - offset; - gd->seqmask <<= offset; - offset = 0; - } - else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { - *no_dispatch = 1; - return (RPCSEC_GSS_CTXPROBLEM); - } - gd->seq = gc->gc_seq; - gd->seqmask |= (1 << offset); - } - - if (gd->established) { - rqst->rq_clntname = (char *)gd->client_name; - rqst->rq_svcname = (char *)gd->ctx; - } - - /* Handle RPCSEC_GSS control procedure. */ - switch (gc->gc_proc) { - - case RPCSEC_GSS_INIT: - case RPCSEC_GSS_CONTINUE_INIT: - if (rqst->rq_proc != NULLPROC) - return (AUTH_FAILED); /* XXX ? */ - - if (_svcauth_gss_name == NULL) { - if (!svcauth_gss_import_name("nfs")) - return (AUTH_FAILED); - } - - if (!svcauth_gss_acquire_cred()) - return (AUTH_FAILED); - - if (!svcauth_gss_accept_sec_context(rqst, &gr)) - return (AUTH_REJECTEDCRED); - - if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) - return (AUTH_FAILED); - - *no_dispatch = TRUE; - - call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res, - (caddr_t)&gr); - - if (!call_stat) - return (AUTH_FAILED); - - if (gr.gr_major == GSS_S_COMPLETE) - gd->established = TRUE; - - break; - - case RPCSEC_GSS_DATA: - if (!svcauth_gss_validate(gd, msg)) - return (RPCSEC_GSS_CREDPROBLEM); - - if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) - return (AUTH_FAILED); - break; - - case RPCSEC_GSS_DESTROY: - if (rqst->rq_proc != NULLPROC) - return (AUTH_FAILED); /* XXX ? */ - - if (!svcauth_gss_validate(gd, msg)) - return (RPCSEC_GSS_CREDPROBLEM); - - if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) - return (AUTH_FAILED); - - if (!svcauth_gss_release_cred()) - return (AUTH_FAILED); - - SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth); - rqst->rq_xprt->xp_auth = &svc_auth_none; - - break; - - default: - return (AUTH_REJECTEDCRED); - break; - } - return (AUTH_OK); -} - -bool_t -svcauth_gss_destroy(SVCAUTH *auth) -{ - struct svc_rpc_gss_data *gd; - OM_uint32 min_stat; - - log_debug("in svcauth_gss_destroy()"); - - gd = SVCAUTH_PRIVATE(auth); - - gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER); - gss_release_buffer(&min_stat, &gd->cname); - - if (gd->client_name) - gss_release_name(&min_stat, &gd->client_name); - - mem_free(gd, sizeof(*gd)); - mem_free(auth, sizeof(*auth)); - - return (TRUE); -} - -bool_t -svcauth_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) -{ - struct svc_rpc_gss_data *gd; - - log_debug("in svcauth_gss_wrap()"); - - gd = SVCAUTH_PRIVATE(auth); - - if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { - return ((*xdr_func)(xdrs, xdr_ptr)); - } - return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr, - gd->ctx, gd->sec.qop, - gd->sec.svc, gd->seq)); -} - -bool_t -svcauth_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) -{ - struct svc_rpc_gss_data *gd; - - log_debug("in svcauth_gss_unwrap()"); - - gd = SVCAUTH_PRIVATE(auth); - - if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { - return ((*xdr_func)(xdrs, xdr_ptr)); - } - return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr, - gd->ctx, gd->sec.qop, - gd->sec.svc, gd->seq)); -} - -char * -svcauth_gss_get_principal(SVCAUTH *auth) -{ - struct svc_rpc_gss_data *gd; - char *pname; - - gd = SVCAUTH_PRIVATE(auth); - - if (gd->cname.length == 0) - return (NULL); - - if ((pname = malloc(gd->cname.length + 1)) == NULL) - return (NULL); - - memcpy(pname, gd->cname.value, gd->cname.length); - pname[gd->cname.length] = '\0'; - - return (pname); -} diff --git a/support/rpc/svc_auth_none.c b/support/rpc/svc_auth_none.c deleted file mode 100644 index f1c6aa7..0000000 --- a/support/rpc/svc_auth_none.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - svc_auth_none.c - - Copyright (c) 2000 The Regents of the University of Michigan. - All rights reserved. - - Copyright (c) 2000 Dug Song . - All rights reserved, all wrongs reversed. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $Id: svc_auth_none.c,v 1.1 2004/10/19 00:23:05 neilbrown Exp $ - */ - -#include - -static bool_t svcauth_none_destroy(); -static bool_t svcauth_none_wrap(); - -struct svc_auth_ops svc_auth_none_ops = { - svcauth_none_wrap, - svcauth_none_wrap, - svcauth_none_destroy -}; - -SVCAUTH svc_auth_none = { - &svc_auth_none_ops, - NULL, -}; - -static bool_t -svcauth_none_destroy(SVCAUTH *auth) -{ - return (TRUE); -} - -static bool_t -svcauth_none_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, - caddr_t xdr_ptr) -{ - return ((*xdr_func)(xdrs, xdr_ptr)); -} - -enum auth_stat -_svcauth_none(struct svc_req *rqst, struct rpc_msg *msg) -{ - rqst->rq_xprt->xp_auth = &svc_auth_none; - - return (AUTH_OK); -} diff --git a/support/rpc/svc_auth_unix.c b/support/rpc/svc_auth_unix.c deleted file mode 100644 index 4ff6b26..0000000 --- a/support/rpc/svc_auth_unix.c +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: svc_auth_unix.c,v 1.6 1998/11/22 07:38:25 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -/* - * svc_auth_unix.c - * Handles UNIX flavor authentication parameters on the service side of rpc. - * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT. - * _svcauth_unix does full blown unix style uid,gid+gids auth, - * _svcauth_short uses a shorthand auth to index into a cache of longhand auths. - * Note: the shorthand has been gutted for efficiency. - * - * Copyright (C) 1984, Sun Microsystems, Inc. - */ - -#include -#include -#include - -extern SVCAUTH svc_auth_none; - -/* - * Unix longhand authenticator - */ -enum auth_stat -_svcauth_unix(rqst, msg) - register struct svc_req *rqst; - register struct rpc_msg *msg; -{ - register enum auth_stat stat; - XDR xdrs; - register struct authunix_parms *aup; - register int32_t *buf; - struct area { - struct authunix_parms area_aup; - char area_machname[MAX_MACHINE_NAME+1]; - int area_gids[NGRPS]; - } *area; - u_int auth_len; - u_int str_len, gid_len; - register u_int i; - - rqst->rq_xprt->xp_auth = &svc_auth_none; - - area = (struct area *) rqst->rq_clntcred; - aup = &area->area_aup; - aup->aup_machname = area->area_machname; - aup->aup_gids = area->area_gids; - auth_len = (u_int)msg->rm_call.cb_cred.oa_length; - xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); - buf = XDR_INLINE(&xdrs, auth_len); - if (buf != NULL) { - aup->aup_time = IXDR_GET_LONG(buf); - str_len = IXDR_GET_U_LONG(buf); - if (str_len > MAX_MACHINE_NAME) { - stat = AUTH_BADCRED; - goto done; - } - memcpy(aup->aup_machname, (caddr_t)buf, (u_int)str_len); - aup->aup_machname[str_len] = 0; - str_len = RNDUP(str_len); - buf += str_len / sizeof (int32_t); - aup->aup_uid = IXDR_GET_LONG(buf); - aup->aup_gid = IXDR_GET_LONG(buf); - gid_len = IXDR_GET_U_LONG(buf); - if (gid_len > NGRPS) { - stat = AUTH_BADCRED; - goto done; - } - aup->aup_len = gid_len; - for (i = 0; i < gid_len; i++) { - aup->aup_gids[i] = IXDR_GET_LONG(buf); - } - /* - * five is the smallest unix credentials structure - - * timestamp, hostname len (0), uid, gid, and gids len (0). - */ - if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { - (void) printf("bad auth_len gid %u str %u auth %u\n", - gid_len, str_len, auth_len); - stat = AUTH_BADCRED; - goto done; - } - } else if (! xdr_authunix_parms(&xdrs, aup)) { - xdrs.x_op = XDR_FREE; - (void)xdr_authunix_parms(&xdrs, aup); - stat = AUTH_BADCRED; - goto done; - } - rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL; - rqst->rq_xprt->xp_verf.oa_length = 0; - stat = AUTH_OK; -done: - XDR_DESTROY(&xdrs); - return (stat); -} - - -/* - * Shorthand unix authenticator - * Looks up longhand in a cache. - */ -enum auth_stat -_svcauth_short(rqst, msg) - struct svc_req *rqst; - struct rpc_msg *msg; -{ - rqst->rq_xprt->xp_auth = &svc_auth_none; - - return (AUTH_REJECTEDCRED); -} diff --git a/support/rpc/svc_raw.c b/support/rpc/svc_raw.c deleted file mode 100644 index f210abd..0000000 --- a/support/rpc/svc_raw.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: svc_raw.c,v 1.4 1996/09/15 09:31:39 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -/* - * svc_raw.c, This a toy for simple testing and timing. - * Interface to create an rpc client and server in the same UNIX process. - * This lets us similate rpc and get rpc (round trip) overhead, without - * any interference from the kernal. - * - * Copyright (C) 1984, Sun Microsystems, Inc. - */ - -#include -#include - - -/* - * This is the "network" that we will be moving data over - */ -static struct svcraw_private { - char _raw_buf[UDPMSGSIZE]; - SVCXPRT server; - XDR xdr_stream; - char verf_body[MAX_AUTH_BYTES]; -} *svcraw_private; - -static bool_t svcraw_recv(); -static enum xprt_stat svcraw_stat(); -static bool_t svcraw_getargs(); -static bool_t svcraw_reply(); -static bool_t svcraw_freeargs(); -static void svcraw_destroy(); - -static struct xp_ops server_ops = { - svcraw_recv, - svcraw_stat, - svcraw_getargs, - svcraw_reply, - svcraw_freeargs, - svcraw_destroy -}; - -SVCXPRT * -svcraw_create() -{ - register struct svcraw_private *srp = svcraw_private; - - if (srp == 0) { - srp = (struct svcraw_private *)calloc(1, sizeof (*srp)); - if (srp == 0) - return (0); - } - srp->server.xp_sock = 0; - srp->server.xp_port = 0; - srp->server.xp_ops = &server_ops; - srp->server.xp_verf.oa_base = srp->verf_body; - xdrmem_create(&srp->xdr_stream, srp->_raw_buf, UDPMSGSIZE, XDR_FREE); - return (&srp->server); -} - -static enum xprt_stat -svcraw_stat() -{ - - return (XPRT_IDLE); -} - -/* ARGSUSED */ -static bool_t -svcraw_recv(xprt, msg) - SVCXPRT *xprt; - struct rpc_msg *msg; -{ - register struct svcraw_private *srp = svcraw_private; - register XDR *xdrs; - - if (srp == 0) - return (0); - xdrs = &srp->xdr_stream; - xdrs->x_op = XDR_DECODE; - XDR_SETPOS(xdrs, 0); - if (! xdr_callmsg(xdrs, msg)) - return (FALSE); - return (TRUE); -} - -/* ARGSUSED */ -static bool_t -svcraw_reply(xprt, msg) - SVCXPRT *xprt; - struct rpc_msg *msg; -{ - register struct svcraw_private *srp = svcraw_private; - register XDR *xdrs; - - if (srp == 0) - return (FALSE); - xdrs = &srp->xdr_stream; - xdrs->x_op = XDR_ENCODE; - XDR_SETPOS(xdrs, 0); - if (! xdr_replymsg(xdrs, msg)) - return (FALSE); - (void)XDR_GETPOS(xdrs); /* called just for overhead */ - return (TRUE); -} - -/* ARGSUSED */ -static bool_t -svcraw_getargs(xprt, xdr_args, args_ptr) - SVCXPRT *xprt; - xdrproc_t xdr_args; - caddr_t args_ptr; -{ - register struct svcraw_private *srp = svcraw_private; - - if (srp == 0) - return (FALSE); - return ((*xdr_args)(&srp->xdr_stream, args_ptr)); -} - -/* ARGSUSED */ -static bool_t -svcraw_freeargs(xprt, xdr_args, args_ptr) - SVCXPRT *xprt; - xdrproc_t xdr_args; - caddr_t args_ptr; -{ - register struct svcraw_private *srp = svcraw_private; - register XDR *xdrs; - - if (srp == 0) - return (FALSE); - xdrs = &srp->xdr_stream; - xdrs->x_op = XDR_FREE; - return ((*xdr_args)(xdrs, args_ptr)); -} - -static void -svcraw_destroy() -{ -} diff --git a/support/rpc/svc_run.c b/support/rpc/svc_run.c deleted file mode 100644 index 5f5c046..0000000 --- a/support/rpc/svc_run.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: svc_run.c,v 1.10 1998/03/19 00:27:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -/* - * This is the rpc server side idle loop - * Wait for input, call server program. - */ -#include -#include -#include -#include -#include -#include -#include - -extern int __svc_fdsetsize; -extern fd_set *__svc_fdset; - -void svc_getreqset2 __P((fd_set *, int)); - -void -svc_run() -{ - fd_set *fds; - - for (;;) { - if (__svc_fdset) { - int bytes = howmany(__svc_fdsetsize, NFDBITS) * - sizeof(fd_mask); - fds = (fd_set *)malloc(bytes); - memcpy(fds, __svc_fdset, bytes); - } else - fds = NULL; - switch (select(svc_maxfd+1, fds, 0, 0, (struct timeval *)0)) { - case -1: - if (errno == EINTR) { - if (fds) - free(fds); - continue; - } - perror("svc_run: - select failed"); - if (fds) - free(fds); - return; - case 0: - if (fds) - free(fds); - continue; - default: - svc_getreqset2(fds, svc_maxfd+1); - free(fds); - } - } -} diff --git a/support/rpc/svc_simple.c b/support/rpc/svc_simple.c deleted file mode 100644 index b697c61..0000000 --- a/support/rpc/svc_simple.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: svc_simple.c,v 1.6 1998/11/22 07:38:25 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -/* - * svc_simple.c - * Simplified front end to rpc. - * - * Copyright (C) 1984, Sun Microsystems, Inc. - */ - -#include -#include -#include -#include -#include -#include -#include - -static struct proglst { - char *(*p_progname)(); - int p_prognum; - int p_procnum; - xdrproc_t p_inproc, p_outproc; - struct proglst *p_nxt; -} *proglst; -static void universal(); -static SVCXPRT *transp; -struct proglst *pl; - -int -registerrpc(prognum, versnum, procnum, progname, inproc, outproc) - int prognum, versnum, procnum; - char *(*progname)(); - xdrproc_t inproc, outproc; -{ - - if (procnum == NULLPROC) { - (void) fprintf(stderr, - "can't reassign procedure number %u\n", NULLPROC); - return (-1); - } - if (transp == 0) { - transp = svcudp_create(RPC_ANYSOCK); - if (transp == NULL) { - (void) fprintf(stderr, "couldn't create an rpc server\n"); - return (-1); - } - } - (void) pmap_unset((u_long)prognum, (u_long)versnum); - if (!svc_register(transp, (u_long)prognum, (u_long)versnum, - universal, IPPROTO_UDP)) { - (void) fprintf(stderr, "couldn't register prog %d vers %d\n", - prognum, versnum); - return (-1); - } - pl = (struct proglst *)malloc(sizeof(struct proglst)); - if (pl == NULL) { - (void) fprintf(stderr, "registerrpc: out of memory\n"); - return (-1); - } - pl->p_progname = progname; - pl->p_prognum = prognum; - pl->p_procnum = procnum; - pl->p_inproc = inproc; - pl->p_outproc = outproc; - pl->p_nxt = proglst; - proglst = pl; - return (0); -} - -static void -universal(rqstp, transp) - struct svc_req *rqstp; - SVCXPRT *transp; -{ - int prog, proc; - char *outdata; - char xdrbuf[UDPMSGSIZE]; - struct proglst *pl; - - /* - * enforce "procnum 0 is echo" convention - */ - if (rqstp->rq_proc == NULLPROC) { - if (svc_sendreply(transp, xdr_void, NULL) == FALSE) { - (void) fprintf(stderr, "xxx\n"); - exit(1); - } - return; - } - prog = rqstp->rq_prog; - proc = rqstp->rq_proc; - for (pl = proglst; pl != NULL; pl = pl->p_nxt) - if (pl->p_prognum == prog && pl->p_procnum == proc) { - /* decode arguments into a CLEAN buffer */ - memset(xdrbuf, 0, sizeof(xdrbuf)); /* required ! */ - if (!svc_getargs(transp, pl->p_inproc, xdrbuf)) { - svcerr_decode(transp); - return; - } - outdata = (*(pl->p_progname))(xdrbuf); - if (outdata == NULL && - pl->p_outproc != xdr_void) - /* there was an error */ - return; - if (!svc_sendreply(transp, pl->p_outproc, outdata)) { - (void) fprintf(stderr, - "trouble replying to prog %d\n", - pl->p_prognum); - exit(1); - } - /* free the decoded arguments */ - (void)svc_freeargs(transp, pl->p_inproc, xdrbuf); - return; - } - (void) fprintf(stderr, "never registered prog %d\n", prog); - exit(1); -} - diff --git a/support/rpc/svc_tcp.c b/support/rpc/svc_tcp.c deleted file mode 100644 index 6e6f785..0000000 --- a/support/rpc/svc_tcp.c +++ /dev/null @@ -1,528 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: svc_tcp.c,v 1.18 1998/05/22 04:23:01 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -/* - * svc_tcp.c, Server side for TCP/IP based RPC. - * - * Copyright (C) 1984, Sun Microsystems, Inc. - * - * Actually implements two flavors of transporter - - * a tcp rendezvouser (a listner and connection establisher) - * and a record/tcp stream. - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#ifndef __linux__ -#include -#endif - -/* - * Ops vector for TCP/IP based rpc service handle - */ -static bool_t svctcp_recv(); -static enum xprt_stat svctcp_stat(); -static bool_t svctcp_getargs(); -static bool_t svctcp_reply(); -static bool_t svctcp_freeargs(); -static void svctcp_destroy(); - -static struct xp_ops svctcp_op = { - svctcp_recv, - svctcp_stat, - svctcp_getargs, - svctcp_reply, - svctcp_freeargs, - svctcp_destroy -}; - -/* - * Ops vector for TCP/IP rendezvous handler - */ -static bool_t rendezvous_request(); -static enum xprt_stat rendezvous_stat(); - -static struct xp_ops svctcp_rendezvous_op = { - rendezvous_request, - rendezvous_stat, - (bool_t (*)())abort, - (bool_t (*)())abort, - (bool_t (*)())abort, - svctcp_destroy -}; - -static int readtcp(), writetcp(); -static SVCXPRT *makefd_xprt(); - -struct tcp_rendezvous { /* kept in xprt->xp_p1 */ - u_int sendsize; - u_int recvsize; -}; - -struct tcp_conn { /* kept in xprt->xp_p1 */ - enum xprt_stat strm_stat; - u_long x_id; - XDR xdrs; - char verf_body[MAX_AUTH_BYTES]; -}; - -/* - * Usage: - * xprt = svctcp_create(sock, send_buf_size, recv_buf_size); - * - * Creates, registers, and returns a (rpc) tcp based transporter. - * Once *xprt is initialized, it is registered as a transporter - * see (svc.h, xprt_register). This routine returns - * a NULL if a problem occurred. - * - * If sock<0 then a socket is created, else sock is used. - * If the socket, sock is not bound to a port then svctcp_create - * binds it to an arbitrary port. The routine then starts a tcp - * listener on the socket's associated port. In any (successful) case, - * xprt->xp_sock is the registered socket number and xprt->xp_port is the - * associated port number. - * - * Since tcp streams do buffered io similar to stdio, the caller can specify - * how big the send and receive buffers are via the second and third parms; - * 0 => use the system default. - */ -SVCXPRT * -svctcp_create(sock, sendsize, recvsize) - register int sock; - u_int sendsize; - u_int recvsize; -{ - bool_t madesock = FALSE; - register SVCXPRT *xprt; - register struct tcp_rendezvous *r; - struct sockaddr_in addr; - int len = sizeof(struct sockaddr_in); - - if (sock == RPC_ANYSOCK) { - if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { - perror("svctcp_.c - udp socket creation problem"); - return ((SVCXPRT *)NULL); - } - madesock = TRUE; - } - memset(&addr, 0, sizeof (addr)); -#ifndef __linux__ - addr.sin_len = sizeof(struct sockaddr_in); -#endif - addr.sin_family = AF_INET; - if (bindresvport(sock, &addr)) { - addr.sin_port = 0; - (void)bind(sock, (struct sockaddr *)&addr, len); - } - if ((getsockname(sock, (struct sockaddr *)&addr, &len) != 0) || - (listen(sock, 2) != 0)) { - perror("svctcp_.c - cannot getsockname or listen"); - if (madesock) - (void)close(sock); - return ((SVCXPRT *)NULL); - } - r = (struct tcp_rendezvous *)mem_alloc(sizeof(*r)); - if (r == NULL) { - (void)fprintf(stderr, "svctcp_create: out of memory\n"); - if (madesock) - (void)close(sock); - return (NULL); - } - r->sendsize = sendsize; - r->recvsize = recvsize; - xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT)); - if (xprt == NULL) { - (void)fprintf(stderr, "svctcp_create: out of memory\n"); - if (madesock) - (void)close(sock); - free(r); - return (NULL); - } - xprt->xp_p2 = NULL; - xprt->xp_p1 = (caddr_t)r; - xprt->xp_auth = NULL; - xprt->xp_verf = _null_auth; - xprt->xp_ops = &svctcp_rendezvous_op; - xprt->xp_port = ntohs(addr.sin_port); - xprt->xp_sock = sock; - xprt_register(xprt); - return (xprt); -} - -/* - * Like svtcp_create(), except the routine takes any *open* UNIX file - * descriptor as its first input. - */ -SVCXPRT * -svcfd_create(fd, sendsize, recvsize) - int fd; - u_int sendsize; - u_int recvsize; -{ - - return (makefd_xprt(fd, sendsize, recvsize)); -} - -static SVCXPRT * -makefd_xprt(fd, sendsize, recvsize) - int fd; - u_int sendsize; - u_int recvsize; -{ - register SVCXPRT *xprt; - register struct tcp_conn *cd; - - xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT)); - if (xprt == (SVCXPRT *)NULL) { - (void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n"); - goto done; - } - cd = (struct tcp_conn *)mem_alloc(sizeof(struct tcp_conn)); - if (cd == (struct tcp_conn *)NULL) { - (void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n"); - mem_free((char *) xprt, sizeof(SVCXPRT)); - xprt = (SVCXPRT *)NULL; - goto done; - } - cd->strm_stat = XPRT_IDLE; - xdrrec_create(&(cd->xdrs), sendsize, recvsize, - (caddr_t)xprt, readtcp, writetcp); - xprt->xp_p2 = NULL; - xprt->xp_p1 = (caddr_t)cd; - xprt->xp_auth = NULL; - xprt->xp_verf.oa_base = cd->verf_body; - xprt->xp_addrlen = 0; - xprt->xp_ops = &svctcp_op; /* truely deals with calls */ - xprt->xp_port = 0; /* this is a connection, not a rendezvouser */ - xprt->xp_sock = fd; - xprt_register(xprt); - done: - return (xprt); -} - -static bool_t -rendezvous_request(xprt) - register SVCXPRT *xprt; -{ - int sock; - struct tcp_rendezvous *r; - struct sockaddr_in addr; - int len; - - r = (struct tcp_rendezvous *)xprt->xp_p1; - again: - len = sizeof(struct sockaddr_in); - if ((sock = accept(xprt->xp_sock, (struct sockaddr *)&addr, - &len)) < 0) { - if (errno == EINTR) - goto again; - return (FALSE); - } - -#ifdef IP_OPTIONS - { -#ifdef __linux__ -#define ipopt_list ip_opts - struct ip_opts opts; -#else - struct ipoption opts; -#endif - int optsize = sizeof(opts), i; - - if (!getsockopt(sock, IPPROTO_IP, IP_OPTIONS, (char *)&opts, - &optsize) && optsize != 0) { - for (i = 0; (char *)&opts.ipopt_list[i] - (char *)&opts < - optsize; ) { - u_char c = (u_char)opts.ipopt_list[i]; - if (c == IPOPT_LSRR || c == IPOPT_SSRR) { - close(sock); - return (FALSE); - } - if (c == IPOPT_EOL) - break; - i += (c == IPOPT_NOP) ? 1 : - (u_char)opts.ipopt_list[i+1]; - } - } - } -#endif - - /* - * XXX careful for ftp bounce attacks. If discovered, close the - * socket and look for another connection. - */ - if (addr.sin_port == htons(20)) { - close(sock); - return (FALSE); - } - - /* - * make a new transporter (re-uses xprt) - */ - xprt = makefd_xprt(sock, r->sendsize, r->recvsize); - xprt->xp_raddr = addr; - xprt->xp_addrlen = len; - return (FALSE); /* there is never an rpc msg to be processed */ -} - -static enum xprt_stat -rendezvous_stat() -{ - - return (XPRT_IDLE); -} - -static void -svctcp_destroy(xprt) - register SVCXPRT *xprt; -{ - register struct tcp_conn *cd = (struct tcp_conn *)xprt->xp_p1; - - xprt_unregister(xprt); - if (xprt->xp_sock != -1) - (void)close(xprt->xp_sock); - xprt->xp_sock = -1; - if (xprt->xp_port != 0) { - /* a rendezvouser socket */ - xprt->xp_port = 0; - } else { - /* an actual connection socket */ - XDR_DESTROY(&(cd->xdrs)); - } - if (xprt->xp_auth != NULL) { - SVCAUTH_DESTROY(xprt->xp_auth); - xprt->xp_auth = NULL; - } - mem_free((caddr_t)cd, sizeof(struct tcp_conn)); - mem_free((caddr_t)xprt, sizeof(SVCXPRT)); -} - -/* - * All read operations timeout after 35 seconds. - * A timeout is fatal for the connection. - */ -static struct timeval wait_per_try = { 35, 0 }; - -/* - * reads data from the tcp conection. - * any error is fatal and the connection is closed. - * (And a read of zero bytes is a half closed stream => error.) - */ -static int -readtcp(xprt, buf, len) - register SVCXPRT *xprt; - caddr_t buf; - register int len; -{ - register int sock = xprt->xp_sock; - struct timeval start, delta; - struct timeval tmp1, tmp2; - fd_set *fds = NULL; - int prevbytes = 0, bytes; - extern int __svc_fdsetsize; - extern fd_set *__svc_fdset; - - delta = wait_per_try; - gettimeofday(&start, NULL); - do { - bytes = howmany(__svc_fdsetsize, NFDBITS) * sizeof(fd_mask); - if (bytes != prevbytes) { - if (fds) - free(fds); - fds = (fd_set *)malloc(bytes); - prevbytes = bytes; - } - if (fds == NULL) - goto fatal_err; - memcpy(fds, __svc_fdset, bytes); - - FD_SET(sock, fds); - switch (select(svc_maxfd+1, fds, NULL, NULL, &delta)) { - case -1: - if (errno != EINTR) - goto fatal_err; - gettimeofday(&tmp1, NULL); - timersub(&tmp1, &start, &tmp2); - timersub(&wait_per_try, &tmp2, &tmp1); - if (tmp1.tv_sec < 0 || !timerisset(&tmp1)) - goto fatal_err; - delta = tmp1; - continue; - case 0: - goto fatal_err; - default: - if (!FD_ISSET(sock, fds)) { - svc_getreqset2(fds, svc_maxfd+1); - gettimeofday(&tmp1, NULL); - timersub(&tmp1, &start, &tmp2); - timersub(&wait_per_try, &tmp2, &tmp1); - if (tmp1.tv_sec < 0 || !timerisset(&tmp1)) - goto fatal_err; - delta = tmp1; - continue; - } - } - } while (!FD_ISSET(sock, fds)); - if ((len = read(sock, buf, len)) > 0) { - if (fds) - free(fds); - return (len); - } -fatal_err: - ((struct tcp_conn *)(xprt->xp_p1))->strm_stat = XPRT_DIED; - if (fds) - free(fds); - return (-1); -} - -/* - * writes data to the tcp connection. - * Any error is fatal and the connection is closed. - */ -static int -writetcp(xprt, buf, len) - register SVCXPRT *xprt; - caddr_t buf; - int len; -{ - register int i, cnt; - - for (cnt = len; cnt > 0; cnt -= i, buf += i) { - if ((i = write(xprt->xp_sock, buf, cnt)) < 0) { - ((struct tcp_conn *)(xprt->xp_p1))->strm_stat = - XPRT_DIED; - return (-1); - } - } - return (len); -} - -static enum xprt_stat -svctcp_stat(xprt) - SVCXPRT *xprt; -{ - register struct tcp_conn *cd = - (struct tcp_conn *)(xprt->xp_p1); - - if (cd->strm_stat == XPRT_DIED) - return (XPRT_DIED); - if (! xdrrec_eof(&(cd->xdrs))) - return (XPRT_MOREREQS); - return (XPRT_IDLE); -} - -static bool_t -svctcp_recv(xprt, msg) - SVCXPRT *xprt; - register struct rpc_msg *msg; -{ - register struct tcp_conn *cd = - (struct tcp_conn *)(xprt->xp_p1); - register XDR *xdrs = &(cd->xdrs); - - xdrs->x_op = XDR_DECODE; - (void)xdrrec_skiprecord(xdrs); - if (xdr_callmsg(xdrs, msg)) { - cd->x_id = msg->rm_xid; - return (TRUE); - } - cd->strm_stat = XPRT_DIED; /* XXX */ - return (FALSE); -} - -static bool_t -svctcp_getargs(xprt, xdr_args, args_ptr) - SVCXPRT *xprt; - xdrproc_t xdr_args; - caddr_t args_ptr; -{ - return (SVCAUTH_UNWRAP(xprt->xp_auth, - &(((struct tcp_conn *)(xprt->xp_p1))->xdrs), - xdr_args, args_ptr)); -} - -static bool_t -svctcp_freeargs(xprt, xdr_args, args_ptr) - SVCXPRT *xprt; - xdrproc_t xdr_args; - caddr_t args_ptr; -{ - register XDR *xdrs = - &(((struct tcp_conn *)(xprt->xp_p1))->xdrs); - - xdrs->x_op = XDR_FREE; - return ((*xdr_args)(xdrs, args_ptr)); -} - -static bool_t -svctcp_reply(xprt, msg) - SVCXPRT *xprt; - register struct rpc_msg *msg; -{ - register struct tcp_conn *cd = - (struct tcp_conn *)(xprt->xp_p1); - register XDR *xdrs = &(cd->xdrs); - xdrproc_t xdr_proc; - caddr_t xdr_where; - - xdrs->x_op = XDR_ENCODE; - msg->rm_xid = cd->x_id; - - if (msg->rm_reply.rp_stat == MSG_ACCEPTED && - msg->rm_reply.rp_acpt.ar_stat == SUCCESS) { - xdr_proc = msg->acpted_rply.ar_results.proc; - xdr_where = msg->acpted_rply.ar_results.where; - msg->acpted_rply.ar_results.proc = xdr_void; - msg->acpted_rply.ar_results.where = NULL; - - if (!xdr_replymsg(xdrs, msg) || - !SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_proc, xdr_where)) - return (FALSE); - } - else if (!xdr_replymsg(xdrs, msg)) { - return (FALSE); - } - (void)xdrrec_endofrecord(xdrs, TRUE); - - return (TRUE); -} diff --git a/support/rpc/svc_udp.c b/support/rpc/svc_udp.c deleted file mode 100644 index 70a5217..0000000 --- a/support/rpc/svc_udp.c +++ /dev/null @@ -1,516 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: svc_udp.c,v 1.8 1998/03/19 00:27:26 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -/* - * svc_udp.c, - * Server side for UDP/IP based RPC. (Does some caching in the hopes of - * achieving execute-at-most-once semantics.) - * - * Copyright (C) 1984, Sun Microsystems, Inc. - */ - -#include -#include -#include -#include -#include -#include -#include - - -#define rpc_buffer(xprt) ((xprt)->xp_p1) -#ifndef MAX -#define MAX(a, b) ((a > b) ? a : b) -#endif - -static bool_t svcudp_recv(); -static bool_t svcudp_reply(); -static enum xprt_stat svcudp_stat(); -static bool_t svcudp_getargs(); -static bool_t svcudp_freeargs(); -static void svcudp_destroy(); -static void cache_set __P((SVCXPRT *, u_long)); -static int cache_get __P((SVCXPRT *, struct rpc_msg *, char **, u_long *)); - -static struct xp_ops svcudp_op = { - svcudp_recv, - svcudp_stat, - svcudp_getargs, - svcudp_reply, - svcudp_freeargs, - svcudp_destroy -}; - -/* - * kept in xprt->xp_p2 - */ -struct svcudp_data { - u_int su_iosz; /* byte size of send.recv buffer */ - u_long su_xid; /* transaction id */ - XDR su_xdrs; /* XDR handle */ - char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */ - char * su_cache; /* cached data, NULL if no cache */ -}; -#define su_data(xprt) ((struct svcudp_data *)(xprt->xp_p2)) - -/* - * Usage: - * xprt = svcudp_create(sock); - * - * If sock<0 then a socket is created, else sock is used. - * If the socket, sock is not bound to a port then svcudp_create - * binds it to an arbitrary port. In any (successful) case, - * xprt->xp_sock is the registered socket number and xprt->xp_port is the - * associated port number. - * Once *xprt is initialized, it is registered as a transporter; - * see (svc.h, xprt_register). - * The routines returns NULL if a problem occurred. - */ -SVCXPRT * -svcudp_bufcreate(sock, sendsz, recvsz) - register int sock; - u_int sendsz, recvsz; -{ - bool_t madesock = FALSE; - register SVCXPRT *xprt; - register struct svcudp_data *su; - struct sockaddr_in addr; - int len = sizeof(struct sockaddr_in); - - if (sock == RPC_ANYSOCK) { - if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { - perror("svcudp_create: socket creation problem"); - return ((SVCXPRT *)NULL); - } - madesock = TRUE; - } - memset(&addr, 0, sizeof (addr)); -#ifndef __linux__ - addr.sin_len = sizeof(struct sockaddr_in); -#endif - addr.sin_family = AF_INET; - if (bindresvport(sock, &addr)) { - addr.sin_port = 0; - (void)bind(sock, (struct sockaddr *)&addr, len); - } - if (getsockname(sock, (struct sockaddr *)&addr, &len) != 0) { - perror("svcudp_create - cannot getsockname"); - if (madesock) - (void)close(sock); - return ((SVCXPRT *)NULL); - } - xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT)); - if (xprt == NULL) { - (void)fprintf(stderr, "svcudp_create: out of memory\n"); - if (madesock) - (void)close(sock); - return (NULL); - } - su = (struct svcudp_data *)mem_alloc(sizeof(*su)); - if (su == NULL) { - (void)fprintf(stderr, "svcudp_create: out of memory\n"); - if (madesock) - (void)close(sock); - free(xprt); - return (NULL); - } - su->su_iosz = ((MAX(sendsz, recvsz) + 3) / 4) * 4; - if ((rpc_buffer(xprt) = mem_alloc(su->su_iosz)) == NULL) { - (void)fprintf(stderr, "svcudp_create: out of memory\n"); - if (madesock) - (void)close(sock); - free(xprt); - free(su); - return (NULL); - } - xdrmem_create( - &(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_DECODE); - su->su_cache = NULL; - xprt->xp_p2 = (caddr_t)su; - xprt->xp_auth = NULL; - xprt->xp_verf.oa_base = su->su_verfbody; - xprt->xp_ops = &svcudp_op; - xprt->xp_port = ntohs(addr.sin_port); - xprt->xp_sock = sock; - xprt_register(xprt); - return (xprt); -} - -SVCXPRT * -svcudp_create(sock) - int sock; -{ - - return(svcudp_bufcreate(sock, UDPMSGSIZE, UDPMSGSIZE)); -} - -/* ARGSUSED */ -static enum xprt_stat -svcudp_stat(xprt) - SVCXPRT *xprt; -{ - - return (XPRT_IDLE); -} - -static bool_t -svcudp_recv(xprt, msg) - register SVCXPRT *xprt; - struct rpc_msg *msg; -{ - register struct svcudp_data *su = su_data(xprt); - register XDR *xdrs = &(su->su_xdrs); - register int rlen; - char *reply; - u_long replylen; - - again: - xprt->xp_addrlen = sizeof(struct sockaddr_in); - rlen = recvfrom(xprt->xp_sock, rpc_buffer(xprt), (int) su->su_iosz, - 0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen)); - if (rlen == -1 && errno == EINTR) - goto again; - if (rlen == -1 || rlen < 4*sizeof(u_int32_t)) - return (FALSE); - xdrs->x_op = XDR_DECODE; - XDR_SETPOS(xdrs, 0); - if (! xdr_callmsg(xdrs, msg)) - return (FALSE); - su->su_xid = msg->rm_xid; - if (su->su_cache != NULL) { - if (cache_get(xprt, msg, &reply, &replylen)) { - (void) sendto(xprt->xp_sock, reply, (int) replylen, 0, - (struct sockaddr *) &xprt->xp_raddr, xprt->xp_addrlen); - return (TRUE); - } - } - return (TRUE); -} - -static bool_t -svcudp_reply(xprt, msg) - register SVCXPRT *xprt; - struct rpc_msg *msg; -{ - register struct svcudp_data *su = su_data(xprt); - register XDR *xdrs = &(su->su_xdrs); - register int slen; - xdrproc_t xdr_proc; - caddr_t xdr_where; - - xdrs->x_op = XDR_ENCODE; - XDR_SETPOS(xdrs, 0); - msg->rm_xid = su->su_xid; - - if (msg->rm_reply.rp_stat == MSG_ACCEPTED && - msg->rm_reply.rp_acpt.ar_stat == SUCCESS) { - xdr_proc = msg->acpted_rply.ar_results.proc; - xdr_where = msg->acpted_rply.ar_results.where; - msg->acpted_rply.ar_results.proc = xdr_void; - msg->acpted_rply.ar_results.where = NULL; - - if (!xdr_replymsg(xdrs, msg) || - !SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_proc, xdr_where)) - return (FALSE); - } - else if (!xdr_replymsg(xdrs, msg)) { - return (FALSE); - } - slen = (int)XDR_GETPOS(xdrs); - - if (sendto(xprt->xp_sock, rpc_buffer(xprt), slen, 0, - (struct sockaddr *)&(xprt->xp_raddr), xprt->xp_addrlen) - != slen) { - return (FALSE); - } - if (su->su_cache && slen >= 0) - cache_set(xprt, (u_long) slen); - - return (TRUE); -} - -static bool_t -svcudp_getargs(xprt, xdr_args, args_ptr) - SVCXPRT *xprt; - xdrproc_t xdr_args; - caddr_t args_ptr; -{ - return (SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs), - xdr_args, args_ptr)); -} - -static bool_t -svcudp_freeargs(xprt, xdr_args, args_ptr) - SVCXPRT *xprt; - xdrproc_t xdr_args; - caddr_t args_ptr; -{ - register XDR *xdrs = &(su_data(xprt)->su_xdrs); - - xdrs->x_op = XDR_FREE; - return ((*xdr_args)(xdrs, args_ptr)); -} - -static void -svcudp_destroy(xprt) - register SVCXPRT *xprt; -{ - register struct svcudp_data *su = su_data(xprt); - - xprt_unregister(xprt); - if (xprt->xp_sock != -1) - (void)close(xprt->xp_sock); - xprt->xp_sock = -1; - if (xprt->xp_auth != NULL) { - SVCAUTH_DESTROY(xprt->xp_auth); - xprt->xp_auth = NULL; - } - XDR_DESTROY(&(su->su_xdrs)); - mem_free(rpc_buffer(xprt), su->su_iosz); - mem_free((caddr_t)su, sizeof(struct svcudp_data)); - mem_free((caddr_t)xprt, sizeof(SVCXPRT)); -} - - -/***********this could be a separate file*********************/ - -/* - * Fifo cache for udp server - * Copies pointers to reply buffers into fifo cache - * Buffers are sent again if retransmissions are detected. - */ - -#define SPARSENESS 4 /* 75% sparse */ - -#define CACHE_PERROR(msg) \ - (void) fprintf(stderr,"%s\n", msg) - -#define ALLOC(type, size) \ - (type *) mem_alloc((unsigned) (sizeof(type) * (size))) - -#define BZERO(addr, type, size) \ - memset((char *) addr, 0, sizeof(type) * (int) (size)) - -/* - * An entry in the cache - */ -typedef struct cache_node *cache_ptr; -struct cache_node { - /* - * Index into cache is xid, proc, vers, prog and address - */ - u_long cache_xid; - u_long cache_proc; - u_long cache_vers; - u_long cache_prog; - struct sockaddr_in cache_addr; - /* - * The cached reply and length - */ - char * cache_reply; - u_long cache_replylen; - /* - * Next node on the list, if there is a collision - */ - cache_ptr cache_next; -}; - - - -/* - * The entire cache - */ -struct udp_cache { - u_long uc_size; /* size of cache */ - cache_ptr *uc_entries; /* hash table of entries in cache */ - cache_ptr *uc_fifo; /* fifo list of entries in cache */ - u_long uc_nextvictim; /* points to next victim in fifo list */ - u_long uc_prog; /* saved program number */ - u_long uc_vers; /* saved version number */ - u_long uc_proc; /* saved procedure number */ - struct sockaddr_in uc_addr; /* saved caller's address */ -}; - - -/* - * the hashing function - */ -#define CACHE_LOC(transp, xid) \ - (xid % (SPARSENESS*((struct udp_cache *) su_data(transp)->su_cache)->uc_size)) - - -/* - * Enable use of the cache. - * Note: there is no disable. - */ -int -svcudp_enablecache(transp, size) - SVCXPRT *transp; - u_long size; -{ - struct svcudp_data *su = su_data(transp); - struct udp_cache *uc; - - if (su->su_cache != NULL) { - CACHE_PERROR("enablecache: cache already enabled"); - return(0); - } - uc = ALLOC(struct udp_cache, 1); - if (uc == NULL) { - CACHE_PERROR("enablecache: could not allocate cache"); - return(0); - } - uc->uc_size = size; - uc->uc_nextvictim = 0; - uc->uc_entries = ALLOC(cache_ptr, size * SPARSENESS); - if (uc->uc_entries == NULL) { - CACHE_PERROR("enablecache: could not allocate cache data"); - return(0); - } - BZERO(uc->uc_entries, cache_ptr, size * SPARSENESS); - uc->uc_fifo = ALLOC(cache_ptr, size); - if (uc->uc_fifo == NULL) { - CACHE_PERROR("enablecache: could not allocate cache fifo"); - return(0); - } - BZERO(uc->uc_fifo, cache_ptr, size); - su->su_cache = (char *) uc; - return(1); -} - - -/* - * Set an entry in the cache - */ -static void -cache_set(xprt, replylen) - SVCXPRT *xprt; - u_long replylen; -{ - register cache_ptr victim; - register cache_ptr *vicp; - register struct svcudp_data *su = su_data(xprt); - struct udp_cache *uc = (struct udp_cache *) su->su_cache; - u_int loc; - char *newbuf; - - /* - * Find space for the new entry, either by - * reusing an old entry, or by mallocing a new one - */ - victim = uc->uc_fifo[uc->uc_nextvictim]; - if (victim != NULL) { - loc = CACHE_LOC(xprt, victim->cache_xid); - for (vicp = &uc->uc_entries[loc]; - *vicp != NULL && *vicp != victim; - vicp = &(*vicp)->cache_next) - ; - if (*vicp == NULL) { - CACHE_PERROR("cache_set: victim not found"); - return; - } - *vicp = victim->cache_next; /* remote from cache */ - newbuf = victim->cache_reply; - } else { - victim = ALLOC(struct cache_node, 1); - if (victim == NULL) { - CACHE_PERROR("cache_set: victim alloc failed"); - return; - } - newbuf = mem_alloc(su->su_iosz); - if (newbuf == NULL) { - CACHE_PERROR("cache_set: could not allocate new rpc_buffer"); - return; - } - } - - /* - * Store it away - */ - victim->cache_replylen = replylen; - victim->cache_reply = rpc_buffer(xprt); - rpc_buffer(xprt) = newbuf; - xdrmem_create(&(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_ENCODE); - victim->cache_xid = su->su_xid; - victim->cache_proc = uc->uc_proc; - victim->cache_vers = uc->uc_vers; - victim->cache_prog = uc->uc_prog; - victim->cache_addr = uc->uc_addr; - loc = CACHE_LOC(xprt, victim->cache_xid); - victim->cache_next = uc->uc_entries[loc]; - uc->uc_entries[loc] = victim; - uc->uc_fifo[uc->uc_nextvictim++] = victim; - uc->uc_nextvictim %= uc->uc_size; -} - -/* - * Try to get an entry from the cache - * return 1 if found, 0 if not found - */ -static int -cache_get(xprt, msg, replyp, replylenp) - SVCXPRT *xprt; - struct rpc_msg *msg; - char **replyp; - u_long *replylenp; -{ - u_int loc; - register cache_ptr ent; - register struct svcudp_data *su = su_data(xprt); - register struct udp_cache *uc = (struct udp_cache *) su->su_cache; - -# define EQADDR(a1, a2) (memcmp(&a1, &a2, sizeof(a1)) == 0) - - loc = CACHE_LOC(xprt, su->su_xid); - for (ent = uc->uc_entries[loc]; ent != NULL; ent = ent->cache_next) { - if (ent->cache_xid == su->su_xid && - ent->cache_proc == uc->uc_proc && - ent->cache_vers == uc->uc_vers && - ent->cache_prog == uc->uc_prog && - EQADDR(ent->cache_addr, uc->uc_addr)) { - *replyp = ent->cache_reply; - *replylenp = ent->cache_replylen; - return(1); - } - } - /* - * Failed to find entry - * Remember a few things so we can do a set later - */ - uc->uc_proc = msg->rm_call.cb_proc; - uc->uc_vers = msg->rm_call.cb_vers; - uc->uc_prog = msg->rm_call.cb_prog; - uc->uc_addr = xprt->xp_raddr; - return(0); -} - diff --git a/utils/gssd/Makefile b/utils/gssd/Makefile index a8ff867..e3f2360 100644 --- a/utils/gssd/Makefile +++ b/utils/gssd/Makefile @@ -7,8 +7,7 @@ PROGRAM = gssd PREFIX = rpc. OBJS = gssd.o gssd_main_loop.o gssd_proc.o err_util.o gss_util.o \ gss_oids.o context.o context_heimdal.o krb5_util.o -LIBDEPS = $(TOP)support/lib/librpc.a -LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpc -lgssapi -ldl $(KRBLIB) +LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpcsecgss -lgssapi -ldl $(KRBLIB) MAN8 = gssd include $(TOP)rules.mk diff --git a/utils/svcgssd/Makefile b/utils/svcgssd/Makefile index b09e194..0c46af9 100644 --- a/utils/svcgssd/Makefile +++ b/utils/svcgssd/Makefile @@ -7,8 +7,7 @@ PROGRAM = svcgssd PREFIX = rpc. OBJS = svcgssd.o svcgssd_main_loop.o svcgssd_proc.o err_util.o gss_util.o \ gss_oids.o context.o context_heimdal.o cacheio.o svcgssd_mech2file.o -LIBDEPS = $(TOP)support/lib/librpc.a -LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpc -lgssapi -ldl $(KRBLIB) -lnfsidmap +LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpcsecgss -lgssapi -ldl $(KRBLIB) -lnfsidmap MAN8 = svcgssd LINKED = err_util.c gss_util.c gss_oids.c context.c context_heimdal.c