int main(int argn, char *argc[])
{
//Program parameters : argc[1] : HostName or Host IP
// argc[2] : Server Program Number
// other arguments depend on test case
//run_mode can switch into stand alone program or program launch by shell script
//1 : stand alone, debug mode, more screen information
//0 : launch by shell script as test case, only one printf -> result status
int run_mode = 0;
int test_status = 1; //Default test result set to FAILED
int progNum = atoi(argc[2]);
AUTH *authDes = NULL;
struct sockaddr server_addr;
//Initialization
authDes = authdes_create(argc[1], 60, &server_addr, NULL);
//If we are here, macro call was successful
test_status = ((AUTH *) authDes != NULL) ? 0 : 1;
//This last printf gives the result status to the tests suite
//normally should be 0: test has passed or 1: test has failed
printf("%d\n", test_status);
return test_status;
}
/*
* Create a credential that we can send to the X server.
*/
static int
auth_ezencode(
char *servername,
int window,
char *cred_out,
int *len)
{
AUTH *a;
XDR xdr;
#if defined(SVR4) && defined(sun)
a = authdes_seccreate(servername, window, NULL, NULL);
#else
a = (AUTH *)authdes_create(servername, window, NULL, NULL);
#endif
if (a == (AUTH *)NULL) {
perror("auth_create");
return 0;
}
xdrmem_create(&xdr, cred_out, *len, XDR_ENCODE);
if (AUTH_MARSHALL(a, &xdr) == FALSE) {
perror("auth_marshall");
AUTH_DESTROY(a);
return 0;
}
*len = xdr_getpos(&xdr);
AUTH_DESTROY(a);
return 1;
}
int radd( char* host, int a, int b ) {
CLIENT *clnt;
struct sockaddr_in timehost;
int *result_1;
clnt = clnt_create(host, ADDER, V1, "tcp");
if (clnt == NULL) {
clnt_pcreateerror(host);
exit(1);
}
timehost.sin_family = AF_INET;
timehost.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
timehost.sin_port = htons(0);
clnt->cl_auth = authdes_create("unix.500@homenet",
60,
(struct sockaddr *) &timehost,
(des_block *)NULL);
/* Call the procedure twice to test nicknames */
result_1 = add_1(a, b, clnt);
if (result_1 == NULL) {
clnt_perror(clnt, "1st call failed:");
exit(1);
}
result_1 = add_1(a, b, clnt);
if (result_1 == NULL) {
clnt_perror(clnt, "2nd call failed:");
exit(1);
}
clnt_destroy( clnt );
return *result_1;
}
void _Tt_db_client::createAuth ()
{
#ifdef OPT_SECURE_RPC
if (dbAuthLevel == AUTH_DES) {
if (dbServer->cl_auth) {
auth_destroy(dbServer->cl_auth);
}
const int CRED_EXPIRE = 10;
#ifdef OPT_TLI
dbServer->cl_auth = authdes_seccreate((char *)dbServerNetName,
CRED_EXPIRE,
(char *)dbServerNetName,
0);
#else
dbServer->cl_auth = authdes_create((char *)dbServerNetName,
CRED_EXPIRE,
&dbSocket,
0);
#endif
}
#endif // OPT_SECURE_RPC
}
int
yp_update(char *domain, char *map, unsigned int ypop, char *key, int keylen,
char *data, int datalen)
{
char *master;
int rval;
unsigned int res;
struct ypupdate_args upargs;
struct ypdelete_args delargs;
CLIENT *clnt;
char netname[MAXNETNAMELEN+1];
des_block des_key;
struct timeval timeout;
/* Get the master server name for 'domain.' */
if ((rval = yp_master(domain, map, &master)))
return(rval);
/* Check that ypupdated is running there. */
if (getrpcport(master, YPU_PROG, YPU_VERS, ypop))
return(YPERR_DOMAIN);
/* Get a handle. */
if ((clnt = clnt_create(master, YPU_PROG, YPU_VERS, "tcp")) == NULL)
return(YPERR_RPC);
/*
* Assemble netname of server.
* NOTE: It's difficult to discern from the documentation, but
* when you make a Secure RPC call, the netname you pass should
* be the netname of the guy on the other side, not your own
* netname. This is how the client side knows what public key
* to use for the initial exchange. Passing your own netname
* only works if the server on the other side is running under
* your UID.
*/
if (!host2netname(netname, master, domain)) {
clnt_destroy(clnt);
return(YPERR_BADARGS);
}
/* Make up a DES session key. */
key_gendes(&des_key);
/* Set up DES authentication. */
if ((clnt->cl_auth = (AUTH *)authdes_create(netname, WINDOW, NULL,
&des_key)) == NULL) {
clnt_destroy(clnt);
return(YPERR_RESRC);
}
/* Set a timeout for clnt_call(). */
timeout.tv_usec = 0;
timeout.tv_sec = TIMEOUT;
/*
* Make the call. Note that we use clnt_call() here rather than
* the rpcgen-erated client stubs. We could use those stubs, but
* then we'd have to do some gymnastics to get at the error
* information to figure out what error code to send back to the
* caller. With clnt_call(), we get the error status returned to
* us right away, and we only have to exert a small amount of
* extra effort.
*/
switch (ypop) {
case YPOP_CHANGE:
upargs.mapname = map;
upargs.key.yp_buf_len = keylen;
upargs.key.yp_buf_val = key;
upargs.datum.yp_buf_len = datalen;
upargs.datum.yp_buf_val = data;
if ((rval = clnt_call(clnt, YPU_CHANGE,
(xdrproc_t)xdr_ypupdate_args, &upargs,
(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
if (rval == RPC_AUTHERROR)
res = YPERR_ACCESS;
else
res = YPERR_RPC;
}
break;
case YPOP_INSERT:
upargs.mapname = map;
upargs.key.yp_buf_len = keylen;
upargs.key.yp_buf_val = key;
upargs.datum.yp_buf_len = datalen;
upargs.datum.yp_buf_val = data;
if ((rval = clnt_call(clnt, YPU_INSERT,
(xdrproc_t)xdr_ypupdate_args, &upargs,
(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
if (rval == RPC_AUTHERROR)
res = YPERR_ACCESS;
else
res = YPERR_RPC;
}
break;
case YPOP_DELETE:
delargs.mapname = map;
delargs.key.yp_buf_len = keylen;
delargs.key.yp_buf_val = key;
if ((rval = clnt_call(clnt, YPU_DELETE,
(xdrproc_t)xdr_ypdelete_args, &delargs,
(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
if (rval == RPC_AUTHERROR)
res = YPERR_ACCESS;
else
res = YPERR_RPC;
}
break;
case YPOP_STORE:
upargs.mapname = map;
upargs.key.yp_buf_len = keylen;
upargs.key.yp_buf_val = key;
upargs.datum.yp_buf_len = datalen;
upargs.datum.yp_buf_val = data;
if ((rval = clnt_call(clnt, YPU_STORE,
(xdrproc_t)xdr_ypupdate_args, &upargs,
(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
if (rval == RPC_AUTHERROR)
res = YPERR_ACCESS;
else
res = YPERR_RPC;
}
break;
default:
res = YPERR_BADARGS;
break;
}
/* All done: tear down the connection. */
auth_destroy(clnt->cl_auth);
clnt_destroy(clnt);
free(master);
return(res);
}
/*
* Get an AUTH handle for a RPC client based on the given sec_data.
* If an AUTH handle exists for the same sec_data, use that AUTH handle,
* otherwise create a new one.
*/
int
sec_clnt_geth(CLIENT *client, struct sec_data *secdata, cred_t *cr, AUTH **ap)
{
int i;
struct desauthent *da;
int authflavor;
cred_t *savecred;
int stat; /* return (errno) status */
char gss_svc_name[MAX_GSS_NAME];
dh_k4_clntdata_t *desdata;
AUTH *auth;
gss_clntdata_t *gssdata;
zoneid_t zoneid = getzoneid();
if ((client == NULL) || (secdata == NULL) || (ap == NULL))
return (EINVAL);
*ap = (AUTH *)NULL;
authflavor = secdata->rpcflavor;
for (;;) {
int nlen;
char *netname;
switch (authflavor) {
case AUTH_NONE:
*ap = (AUTH *) authnone_create();
return ((*ap != NULL) ? 0 : EINTR);
case AUTH_UNIX:
*ap = (AUTH *) authkern_create();
return ((*ap != NULL) ? 0 : EINTR);
case AUTH_LOOPBACK:
*ap = (AUTH *) authloopback_create();
return ((*ap != NULL) ? 0 : EINTR);
case AUTH_DES:
mutex_enter(&desauthtab_lock);
if (desauthtab == NULL) {
desauthtab = kmem_zalloc(clnt_authdes_cachesz *
sizeof (struct desauthent), KM_SLEEP);
}
for (da = desauthtab;
da < &desauthtab[clnt_authdes_cachesz];
da++) {
if (da->da_data == secdata &&
da->da_uid == crgetuid(cr) &&
da->da_zoneid == zoneid &&
!da->da_inuse &&
da->da_auth != NULL) {
da->da_inuse = 1;
mutex_exit(&desauthtab_lock);
*ap = da->da_auth;
return (0);
}
}
mutex_exit(&desauthtab_lock);
/*
* A better way would be to have a cred paramater to
* authdes_create.
*/
savecred = curthread->t_cred;
curthread->t_cred = cr;
/*
* Note that authdes_create() expects a
* NUL-terminated string for netname, but
* dh_k4_clntdata_t gives us netname & netnamelen.
*
* We must create a string for authdes_create();
* the latter takes a copy of it, so we may
* immediately free it.
*/
desdata = (dh_k4_clntdata_t *)secdata->data;
nlen = desdata->netnamelen;
/* must be NUL-terminated */
netname = kmem_zalloc(nlen + 1, KM_SLEEP);
bcopy(desdata->netname, netname, nlen);
stat = authdes_create(netname, authdes_win,
&desdata->syncaddr, desdata->knconf,
(des_block *)NULL,
(secdata->flags & AUTH_F_RPCTIMESYNC) ? 1 : 0,
&auth);
kmem_free(netname, nlen + 1);
curthread->t_cred = savecred;
*ap = auth;
if (stat != 0) {
/*
* If AUTH_F_TRYNONE is on, try again
* with AUTH_NONE. See bug 1180236.
*/
if (secdata->flags & AUTH_F_TRYNONE) {
authflavor = AUTH_NONE;
continue;
} else
return (stat);
}
i = clnt_authdes_cachesz;
mutex_enter(&desauthtab_lock);
do {
da = &desauthtab[nextdesvictim++];
nextdesvictim %= clnt_authdes_cachesz;
} while (da->da_inuse && --i > 0);
if (da->da_inuse) {
mutex_exit(&desauthtab_lock);
/* overflow of des auths */
return (stat);
}
da->da_inuse = 1;
mutex_exit(&desauthtab_lock);
if (da->da_auth != NULL)
auth_destroy(da->da_auth);
da->da_auth = auth;
da->da_uid = crgetuid(cr);
da->da_zoneid = zoneid;
da->da_data = secdata;
return (stat);
case RPCSEC_GSS:
/*
* For RPCSEC_GSS, cache is done in rpc_gss_secget().
* For every rpc_gss_secget(), it should have
* a corresponding rpc_gss_secfree() call.
*/
gssdata = (gss_clntdata_t *)secdata->data;
(void) sprintf(gss_svc_name, "%s@%s", gssdata->uname,
gssdata->inst);
stat = rpc_gss_secget(client, gss_svc_name,
&gssdata->mechanism,
gssdata->service,
gssdata->qop,
NULL, NULL,
(caddr_t)secdata, cr, &auth);
*ap = auth;
/* success */
if (stat == 0)
return (stat);
/*
* let the caller retry if connection timedout
* or reset.
*/
if (stat == ETIMEDOUT || stat == ECONNRESET)
return (stat);
/*
* If AUTH_F_TRYNONE is on, try again
* with AUTH_NONE. See bug 1180236.
*/
if (secdata->flags & AUTH_F_TRYNONE) {
authflavor = AUTH_NONE;
continue;
}
RPCLOG(1, "sec_clnt_geth: rpc_gss_secget"
" failed with %d", stat);
return (stat);
default:
/*
* auth create must have failed, try AUTH_NONE
* (this relies on AUTH_NONE never failing)
*/
cmn_err(CE_NOTE, "sec_clnt_geth: unknown "
"authflavor %d, trying AUTH_NONE", authflavor);
authflavor = AUTH_NONE;
}
}
}
