int main(int argn, char *argc[])
{
	//Program parameters : argc[1] : HostName or Host IP
	//                                         argc[2] : Server Program Number
	//                                         other arguments depend on test case

	//run_mode can switch into stand alone program or program launch by shell script
	//1 : stand alone, debug mode, more screen information
	//0 : launch by shell script as test case, only one printf -> result status
	int run_mode = 0;
	int test_status = 1;	//Default test result set to FAILED
	int progNum = atoi(argc[2]);
	AUTH *authDes = NULL;
	struct sockaddr server_addr;

	//Initialization

	authDes = authdes_create(argc[1], 60, &server_addr, NULL);

	//If we are here, macro call was successful
	test_status = ((AUTH *) authDes != NULL) ? 0 : 1;

	//This last printf gives the result status to the tests suite
	//normally should be 0: test has passed or 1: test has failed
	printf("%d\n", test_status);

	return test_status;
}
Пример #2
0
/*
 * Create a credential that we can send to the X server.
 */
static int
auth_ezencode(
    char           *servername,
    int             window,
    char	   *cred_out,
    int            *len)
{
        AUTH           *a;
        XDR             xdr;

#if defined(SVR4) && defined(sun)
        a = authdes_seccreate(servername, window, NULL, NULL);
#else
        a = (AUTH *)authdes_create(servername, window, NULL, NULL);
#endif
        if (a == (AUTH *)NULL) {
                perror("auth_create");
                return 0;
        }
        xdrmem_create(&xdr, cred_out, *len, XDR_ENCODE);
        if (AUTH_MARSHALL(a, &xdr) == FALSE) {
                perror("auth_marshall");
                AUTH_DESTROY(a);
                return 0;
        }
        *len = xdr_getpos(&xdr);
        AUTH_DESTROY(a);
	return 1;
}
Пример #3
0
int radd( char* host, int a, int b ) {
	CLIENT *clnt;
	struct sockaddr_in timehost;
	int  *result_1;
	clnt = clnt_create(host, ADDER, V1, "tcp");
	if (clnt == NULL) {
		clnt_pcreateerror(host);
		exit(1);
	}
	timehost.sin_family = AF_INET;
	timehost.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
	timehost.sin_port = htons(0);
	clnt->cl_auth = authdes_create("unix.500@homenet", 
				       60, 
				       (struct sockaddr *) &timehost,
				       (des_block *)NULL);

	/* Call the procedure twice to test nicknames */
	result_1 = add_1(a, b, clnt);
	if (result_1 == NULL) {
		clnt_perror(clnt, "1st call failed:");
		exit(1);
	}
	result_1 = add_1(a, b, clnt);
	if (result_1 == NULL) {
		clnt_perror(clnt, "2nd call failed:");
		exit(1);
	}
	clnt_destroy( clnt );
	return *result_1;
}
Пример #4
0
void _Tt_db_client::createAuth ()
{
#ifdef OPT_SECURE_RPC
	if (dbAuthLevel == AUTH_DES) {
		if (dbServer->cl_auth) {
			auth_destroy(dbServer->cl_auth);
		}
		const int CRED_EXPIRE = 10;
#ifdef OPT_TLI
		dbServer->cl_auth = authdes_seccreate((char *)dbServerNetName,
						      CRED_EXPIRE,
						      (char *)dbServerNetName,
						      0);
#else
		dbServer->cl_auth = authdes_create((char *)dbServerNetName,
						   CRED_EXPIRE,
						   &dbSocket,
						   0);
#endif
	}
#endif				// OPT_SECURE_RPC
}
Пример #5
0
int
yp_update(char *domain, char *map, unsigned int ypop, char *key, int keylen,
	  char *data, int datalen)
{
	char *master;
	int rval;
	unsigned int res;
	struct ypupdate_args upargs;
	struct ypdelete_args delargs;
	CLIENT *clnt;
	char netname[MAXNETNAMELEN+1];
	des_block des_key;
	struct timeval timeout;

	/* Get the master server name for 'domain.' */
	if ((rval = yp_master(domain, map, &master)))
		return(rval);

	/* Check that ypupdated is running there. */
	if (getrpcport(master, YPU_PROG, YPU_VERS, ypop))
		return(YPERR_DOMAIN);

	/* Get a handle. */
	if ((clnt = clnt_create(master, YPU_PROG, YPU_VERS, "tcp")) == NULL)
		return(YPERR_RPC);

	/*
	 * Assemble netname of server.
	 * NOTE: It's difficult to discern from the documentation, but
	 * when you make a Secure RPC call, the netname you pass should
	 * be the netname of the guy on the other side, not your own
	 * netname. This is how the client side knows what public key
	 * to use for the initial exchange. Passing your own netname
	 * only works if the server on the other side is running under
	 * your UID.
	 */
	if (!host2netname(netname, master, domain)) {
		clnt_destroy(clnt);
		return(YPERR_BADARGS);
	}

	/* Make up a DES session key. */
	key_gendes(&des_key);

	/* Set up DES authentication. */
	if ((clnt->cl_auth = (AUTH *)authdes_create(netname, WINDOW, NULL,
			&des_key)) == NULL) {
		clnt_destroy(clnt);
		return(YPERR_RESRC);
	}

	/* Set a timeout for clnt_call(). */
	timeout.tv_usec = 0;
	timeout.tv_sec = TIMEOUT;

	/*
	 * Make the call. Note that we use clnt_call() here rather than
	 * the rpcgen-erated client stubs. We could use those stubs, but
	 * then we'd have to do some gymnastics to get at the error
	 * information to figure out what error code to send back to the
	 * caller. With clnt_call(), we get the error status returned to
	 * us right away, and we only have to exert a small amount of
	 * extra effort.
	 */
	switch (ypop) {
	case YPOP_CHANGE:
		upargs.mapname = map;
		upargs.key.yp_buf_len = keylen;
		upargs.key.yp_buf_val = key;
		upargs.datum.yp_buf_len = datalen;
		upargs.datum.yp_buf_val = data;

		if ((rval = clnt_call(clnt, YPU_CHANGE,
			(xdrproc_t)xdr_ypupdate_args, &upargs,
			(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
			if (rval == RPC_AUTHERROR)
				res = YPERR_ACCESS;
			else
				res = YPERR_RPC;
		}

		break;
	case YPOP_INSERT:
		upargs.mapname = map;
		upargs.key.yp_buf_len = keylen;
		upargs.key.yp_buf_val = key;
		upargs.datum.yp_buf_len = datalen;
		upargs.datum.yp_buf_val = data;

		if ((rval = clnt_call(clnt, YPU_INSERT,
			(xdrproc_t)xdr_ypupdate_args, &upargs,
			(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
			if (rval == RPC_AUTHERROR)
				res = YPERR_ACCESS;
			else
				res = YPERR_RPC;
		}

		break;
	case YPOP_DELETE:
		delargs.mapname = map;
		delargs.key.yp_buf_len = keylen;
		delargs.key.yp_buf_val = key;

		if ((rval = clnt_call(clnt, YPU_DELETE,
			(xdrproc_t)xdr_ypdelete_args, &delargs,
			(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
			if (rval == RPC_AUTHERROR)
				res = YPERR_ACCESS;
			else
				res = YPERR_RPC;
		}

		break;
	case YPOP_STORE:
		upargs.mapname = map;
		upargs.key.yp_buf_len = keylen;
		upargs.key.yp_buf_val = key;
		upargs.datum.yp_buf_len = datalen;
		upargs.datum.yp_buf_val = data;

		if ((rval = clnt_call(clnt, YPU_STORE,
			(xdrproc_t)xdr_ypupdate_args, &upargs,
			(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
			if (rval == RPC_AUTHERROR)
				res = YPERR_ACCESS;
			else
				res = YPERR_RPC;
		}

		break;
	default:
		res = YPERR_BADARGS;
		break;
	}

	/* All done: tear down the connection. */
	auth_destroy(clnt->cl_auth);
	clnt_destroy(clnt);
	free(master);

	return(res);
}
Пример #6
0
/*
 *  Get an AUTH handle for a RPC client based on the given sec_data.
 *  If an AUTH handle exists for the same sec_data, use that AUTH handle,
 *  otherwise create a new one.
 */
int
sec_clnt_geth(CLIENT *client, struct sec_data *secdata, cred_t *cr, AUTH **ap)
{
	int i;
	struct desauthent *da;
	int authflavor;
	cred_t *savecred;
	int stat;			/* return (errno) status */
	char gss_svc_name[MAX_GSS_NAME];
	dh_k4_clntdata_t	*desdata;
	AUTH *auth;
	gss_clntdata_t *gssdata;
	zoneid_t zoneid = getzoneid();

	if ((client == NULL) || (secdata == NULL) || (ap == NULL))
		return (EINVAL);
	*ap = (AUTH *)NULL;

	authflavor = secdata->rpcflavor;
	for (;;) {
		int nlen;
		char *netname;

		switch (authflavor) {
		case AUTH_NONE:
			*ap = (AUTH *) authnone_create();
			return ((*ap != NULL) ? 0 : EINTR);

		case AUTH_UNIX:
			*ap = (AUTH *) authkern_create();
			return ((*ap != NULL) ? 0 : EINTR);

		case AUTH_LOOPBACK:
			*ap = (AUTH *) authloopback_create();
			return ((*ap != NULL) ? 0 : EINTR);

		case AUTH_DES:
			mutex_enter(&desauthtab_lock);
			if (desauthtab == NULL) {
				desauthtab = kmem_zalloc(clnt_authdes_cachesz *
				    sizeof (struct desauthent), KM_SLEEP);
			}
			for (da = desauthtab;
			    da < &desauthtab[clnt_authdes_cachesz];
			    da++) {
				if (da->da_data == secdata &&
				    da->da_uid == crgetuid(cr) &&
				    da->da_zoneid == zoneid &&
				    !da->da_inuse &&
				    da->da_auth != NULL) {
					da->da_inuse = 1;
					mutex_exit(&desauthtab_lock);
					*ap = da->da_auth;
					return (0);
				}
			}
			mutex_exit(&desauthtab_lock);

			/*
			 *  A better way would be to have a cred paramater to
			 *  authdes_create.
			 */
			savecred = curthread->t_cred;
			curthread->t_cred = cr;

			/*
			 * Note that authdes_create() expects a
			 * NUL-terminated string for netname, but
			 * dh_k4_clntdata_t gives us netname & netnamelen.
			 *
			 * We must create a string for authdes_create();
			 * the latter takes a copy of it, so we may
			 * immediately free it.
			 */
			desdata = (dh_k4_clntdata_t *)secdata->data;
			nlen = desdata->netnamelen;
			/* must be NUL-terminated */
			netname = kmem_zalloc(nlen + 1, KM_SLEEP);
			bcopy(desdata->netname, netname, nlen);
			stat = authdes_create(netname, authdes_win,
			    &desdata->syncaddr, desdata->knconf,
			    (des_block *)NULL,
			    (secdata->flags & AUTH_F_RPCTIMESYNC) ? 1 : 0,
			    &auth);
			kmem_free(netname, nlen + 1);

			curthread->t_cred = savecred;
			*ap = auth;

			if (stat != 0) {
				/*
				 *  If AUTH_F_TRYNONE is on, try again
				 *  with AUTH_NONE.  See bug 1180236.
				 */
				if (secdata->flags & AUTH_F_TRYNONE) {
					authflavor = AUTH_NONE;
					continue;
				} else
					return (stat);
			}

			i = clnt_authdes_cachesz;
			mutex_enter(&desauthtab_lock);
			do {
				da = &desauthtab[nextdesvictim++];
				nextdesvictim %= clnt_authdes_cachesz;
			} while (da->da_inuse && --i > 0);

			if (da->da_inuse) {
				mutex_exit(&desauthtab_lock);
				/* overflow of des auths */
				return (stat);
			}
			da->da_inuse = 1;
			mutex_exit(&desauthtab_lock);

			if (da->da_auth != NULL)
				auth_destroy(da->da_auth);

			da->da_auth = auth;
			da->da_uid = crgetuid(cr);
			da->da_zoneid = zoneid;
			da->da_data = secdata;
			return (stat);

		case RPCSEC_GSS:
			/*
			 *  For RPCSEC_GSS, cache is done in rpc_gss_secget().
			 *  For every rpc_gss_secget(),  it should have
			 *  a corresponding rpc_gss_secfree() call.
			 */
			gssdata = (gss_clntdata_t *)secdata->data;
			(void) sprintf(gss_svc_name, "%s@%s", gssdata->uname,
			    gssdata->inst);

			stat = rpc_gss_secget(client, gss_svc_name,
			    &gssdata->mechanism,
			    gssdata->service,
			    gssdata->qop,
			    NULL, NULL,
			    (caddr_t)secdata, cr, &auth);
			*ap = auth;

			/* success */
			if (stat == 0)
				return (stat);

			/*
			 * let the caller retry if connection timedout
			 * or reset.
			 */
			if (stat == ETIMEDOUT || stat == ECONNRESET)
				return (stat);

			/*
			 *  If AUTH_F_TRYNONE is on, try again
			 *  with AUTH_NONE.  See bug 1180236.
			 */
			if (secdata->flags & AUTH_F_TRYNONE) {
				authflavor = AUTH_NONE;
				continue;
			}

			RPCLOG(1, "sec_clnt_geth: rpc_gss_secget"
			    " failed with %d", stat);
			return (stat);

		default:
			/*
			 * auth create must have failed, try AUTH_NONE
			 * (this relies on AUTH_NONE never failing)
			 */
			cmn_err(CE_NOTE, "sec_clnt_geth: unknown "
			    "authflavor %d, trying AUTH_NONE", authflavor);
			authflavor = AUTH_NONE;
		}
	}
}