/*!
* Check whether the user authenticated on a given RX call is a super
* user or not. If they are, return a pointer to the identity of that
* user.
*
* @param[in] adir
* The configuration directory currently in use
* @param[in] acall
* The RX call whose authenticated identity is being checked
* @param[out] identity
* The RX identity of the user. Caller must free this structure.
* @returns
* True if the user is a super user, or if the server is running
* in noauth mode. Otherwise, false.
*/
afs_int32
afsconf_SuperIdentity(struct afsconf_dir *adir, struct rx_call *acall,
struct rx_identity **identity)
{
struct rx_connection *tconn;
afs_int32 code;
int flag;
LOCK_GLOBAL_MUTEX;
if (!adir) {
UNLOCK_GLOBAL_MUTEX;
return 0;
}
if (afsconf_GetNoAuthFlag(adir)) {
if (identity)
*identity = rx_identity_new(RX_ID_KRB4, AFS_NOAUTH_NAME,
AFS_NOAUTH_NAME, AFS_NOAUTH_LEN);
UNLOCK_GLOBAL_MUTEX;
return 1;
}
tconn = rx_ConnectionOf(acall);
code = rx_SecurityClassOf(tconn);
if (code == RX_SECIDX_NULL) {
UNLOCK_GLOBAL_MUTEX;
return 0; /* not authenticated at all, answer is no */
} else if (code == RX_SECIDX_VAB) {
/* bcrypt tokens */
UNLOCK_GLOBAL_MUTEX;
return 0; /* not supported any longer */
} else if (code == RX_SECIDX_KAD) {
flag = rxkadSuperUser(adir, acall, identity);
UNLOCK_GLOBAL_MUTEX;
return flag;
} else { /* some other auth type */
UNLOCK_GLOBAL_MUTEX;
return 0; /* mysterious, just say no */
}
}
/* make sure user authenticated on rx call acall is in list of valid
users. Copy the "real name" of the authenticated user into namep
if a pointer is passed.
*/
afs_int32
afsconf_SuperUser(struct afsconf_dir *adir, struct rx_call *acall, char *namep)
{
struct rx_connection *tconn;
afs_int32 code;
int flag;
LOCK_GLOBAL_MUTEX;
if (!adir) {
UNLOCK_GLOBAL_MUTEX;
return 0;
}
if (afsconf_GetNoAuthFlag(adir)) {
if (namep)
strcpy(namep, "<NoAuth>");
UNLOCK_GLOBAL_MUTEX;
return 1;
}
tconn = rx_ConnectionOf(acall);
code = rx_SecurityClassOf(tconn);
if (code == 0) {
UNLOCK_GLOBAL_MUTEX;
return 0; /* not authenticated at all, answer is no */
} else if (code == 1) {
/* bcrypt tokens */
UNLOCK_GLOBAL_MUTEX;
return 0; /* not supported any longer */
} else if (code == 2) {
flag = rxkadSuperUser(adir, acall, namep);
UNLOCK_GLOBAL_MUTEX;
return flag;
} else { /* some other auth type */
UNLOCK_GLOBAL_MUTEX;
return 0; /* mysterious, just say no */
}
}
/*!
* \brief So that intermittent failures that cause connections to die
* don't kill whole ubik connection, refresh them when the connection is in
* error.
*/
struct rx_connection *
ubik_RefreshConn(struct rx_connection *tc)
{
afs_uint32 host;
u_short port;
u_short service;
struct rx_securityClass *sc;
int si;
struct rx_connection *newTc;
host = rx_HostOf(rx_PeerOf(tc));
port = rx_PortOf(rx_PeerOf(tc));
service = rx_ServiceIdOf(tc);
sc = rx_SecurityObjectOf(tc);
si = rx_SecurityClassOf(tc);
/*
* destroy old one after creating new one so that refCount on security
* object cannot reach zero.
*/
newTc = rx_NewConnection(host, port, service, sc, si);
rx_DestroyConnection(tc);
return newTc;
}
/* make sure user authenticated on rx call acall is in list of valid
users. Copy the "real name" of the authenticated user into namep
if a pointer is passed.
*/
afs_int32
afsconf_SuperUser(struct afsconf_dir *adir, struct rx_call *acall, char *namep)
{
register struct rx_connection *tconn;
register afs_int32 code;
int flag;
LOCK_GLOBAL_MUTEX;
if (!adir) {
UNLOCK_GLOBAL_MUTEX;
return 0;
}
if (afsconf_GetNoAuthFlag(adir)) {
if (namep)
strcpy(namep, "<NoAuth>");
UNLOCK_GLOBAL_MUTEX;
return 1;
}
tconn = rx_ConnectionOf(acall);
code = rx_SecurityClassOf(tconn);
if (code == 0) {
UNLOCK_GLOBAL_MUTEX;
return 0; /* not authenticated at all, answer is no */
} else if (code == 1) {
/* bcrypt tokens */
UNLOCK_GLOBAL_MUTEX;
return 0; /* not supported any longer */
} else if (code == 2) {
char tname[MAXKTCNAMELEN]; /* authentication from ticket */
char tinst[MAXKTCNAMELEN];
char tcell[MAXKTCREALMLEN];
char tcell_l[MAXKTCREALMLEN];
char *tmp;
/* keep track of which one actually authorized request */
char uname[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3];
afs_uint32 exp;
static char lcell[MAXCELLCHARS] = "";
static char lrealms[AFS_NUM_LREALMS][AFS_REALM_SZ];
static int num_lrealms = -1;
int lrealm_match = 0, i;
/* get auth details from server connection */
code =
rxkad_GetServerInfo(acall->conn, NULL, &exp, tname, tinst, tcell,
NULL);
if (code) {
UNLOCK_GLOBAL_MUTEX;
return 0; /* bogus connection/other error */
}
/* don't bother checking anything else if tix have expired */
#ifdef AFS_PTHREAD_ENV
if (exp < clock_Sec()) {
#else
if (exp < FT_ApproxTime()) {
#endif
UNLOCK_GLOBAL_MUTEX;
return 0; /* expired tix */
}
/* generate lowercased version of cell name */
strcpy(tcell_l, tcell);
tmp = tcell_l;
while (*tmp) {
*tmp = tolower(*tmp);
tmp++;
}
/* determine local cell name. It's static, so will only get
* calculated the first time through */
if (!lcell[0])
afsconf_GetLocalCell(adir, lcell, sizeof(lcell));
/* if running a krb environment, also get the local realm */
/* note - this assumes AFS_REALM_SZ <= MAXCELLCHARS */
/* just set it to lcell if it fails */
if (num_lrealms == -1) {
for (i=0; i<AFS_NUM_LREALMS; i++) {
if (afs_krb_get_lrealm(lrealms[i], i) != 0 /*KSUCCESS*/)
break;
}
if (i == 0) {
strncpy(lrealms[0], lcell, AFS_REALM_SZ);
num_lrealms = 1;
} else {
num_lrealms = i;
}
}
/* See if the ticket cell matches one of the local realms */
lrealm_match = 0;
for ( i=0;i<num_lrealms;i++ ) {
if (!strcasecmp(lrealms[i], tcell)) {
lrealm_match = 1;
break;
}
}
/* If yes, then make sure that the name is not present in
* an exclusion list */
if (lrealm_match) {
if (tinst[0])
snprintf(uname,sizeof(uname),"%s.%s@%s",tname,tinst,tcell);
else
snprintf(uname,sizeof(uname),"%s@%s",tname,tcell);
if (afs_krb_exclusion(uname))
lrealm_match = 0;
}
/* start with no uname and no authorization */
strcpy(uname, "");
flag = 0;
/* localauth special case */
if (strlen(tinst) == 0 && strlen(tcell) == 0
&& !strcmp(tname, AUTH_SUPERUSER)) {
strcpy(uname, "<LocalAuth>");
flag = 1;
/* cell of connection matches local cell or one of the realms */
} else if (!strcasecmp(tcell, lcell) || lrealm_match) {
if ((tmp = CompFindUser(adir, tname, ".", tinst, NULL))) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ((tmp = CompFindUser(adir, tname, "/", tinst, NULL))) {
strcpy(uname, tmp);
flag = 1;
#endif
}
/* cell of conn doesn't match local cell or realm */
} else {
if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell))) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell))) {
strcpy(uname, tmp);
flag = 1;
#endif
} else if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell_l))) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell_l))) {
strcpy(uname, tmp);
flag = 1;
#endif
}
}
if (namep)
strcpy(namep, uname);
UNLOCK_GLOBAL_MUTEX;
return flag;
} else { /* some other auth type */
UNLOCK_GLOBAL_MUTEX;
return 0; /* mysterious, just say no */
}
}
/**
* Connects to a server by it's server address.
*
* @param sap Server address.
* @param aport Server port.
* @param acell
* @param tu Connect as this user.
* @param force_if_down
* @param create
* @param locktype Specifies type of lock to be used for this function.
*
* @return The new connection.
*/
struct afs_conn *
afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
struct unixuser *tu, int force_if_down, afs_int32 create,
afs_int32 locktype, struct rx_connection **rxconn)
{
int glocked, foundvec;
struct afs_conn *tc = NULL;
struct sa_conn_vector *tcv = NULL;
struct rx_securityClass *csec; /*Security class object */
int isec; /*Security index */
int service;
*rxconn = NULL;
/* find cached connection */
ObtainSharedLock(&afs_xconn, 15);
foundvec = 0;
for (tcv = sap->conns; tcv; tcv = tcv->next) {
if (tcv->user == tu && tcv->port == aport) {
/* return most eligible conn */
if (!foundvec)
foundvec = 1;
UpgradeSToWLock(&afs_xconn, 37);
tc = find_preferred_connection(tcv, create);
ConvertWToSLock(&afs_xconn);
break;
}
}
if (!tc && !create) {
/* Not found and can't create a new one. */
ReleaseSharedLock(&afs_xconn);
return NULL;
}
if (AFS_IS_DISCONNECTED && !AFS_IN_SYNC) {
afs_warnuser("afs_ConnBySA: disconnected\n");
ReleaseSharedLock(&afs_xconn);
return NULL;
}
if (!foundvec && create) {
/* No such connection vector exists. Create one and splice it in.
* Make sure the server record has been marked as used (for the purposes
* of calculating up & down times, it's now considered to be an
* ``active'' server). Also make sure the server's lastUpdateEvalTime
* gets set, marking the time of its ``birth''.
*/
UpgradeSToWLock(&afs_xconn, 37);
new_conn_vector(tcv);
tcv->user = tu;
tcv->port = aport;
tcv->srvr = sap;
tcv->next = sap->conns;
sap->conns = tcv;
/* all struct afs_conn ptrs come from here */
tc = find_preferred_connection(tcv, create);
afs_ActivateServer(sap);
ConvertWToSLock(&afs_xconn);
} /* end of if (!tcv) */
if (!tc) {
/* Not found and no alternatives. */
ReleaseSharedLock(&afs_xconn);
return NULL;
}
if (tu->states & UTokensBad) {
/* we may still have an authenticated RPC connection here,
* we'll have to create a new, unauthenticated, connection.
* Perhaps a better way to do this would be to set
* conn->forceConnectFS on all conns when the token first goes
* bad, but that's somewhat trickier, due to locking
* constraints (though not impossible).
*/
if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) {
tc->forceConnectFS = 1; /* force recreation of connection */
}
tu->states &= ~UHasTokens; /* remove the authentication info */
}
glocked = ISAFS_GLOCK();
if (tc->forceConnectFS) {
UpgradeSToWLock(&afs_xconn, 38);
csec = (struct rx_securityClass *)0;
if (tc->id) {
if (glocked)
AFS_GUNLOCK();
rx_SetConnSecondsUntilNatPing(tc->id, 0);
rx_DestroyConnection(tc->id);
if (glocked)
AFS_GLOCK();
}
/*
* Stupid hack to determine if using vldb service or file system
* service.
*/
if (aport == sap->server->cell->vlport)
service = 52;
else
service = 1;
isec = 0;
csec = afs_pickSecurityObject(tc, &isec);
if (glocked)
AFS_GUNLOCK();
tc->id = rx_NewConnection(sap->sa_ip, aport, service, csec, isec);
if (glocked)
AFS_GLOCK();
if (service == 52) {
rx_SetConnHardDeadTime(tc->id, afs_rx_harddead);
}
/* set to a RX_CALL_TIMEOUT error to allow MTU retry to trigger */
rx_SetServerConnIdleDeadErr(tc->id, RX_CALL_DEAD);
rx_SetConnIdleDeadTime(tc->id, afs_rx_idledead);
/*
* Only do this for the base connection, not per-user.
* Will need to be revisited if/when CB gets security.
*/
if ((isec == 0) && (service != 52) && !(tu->states & UTokensBad) &&
(tu->viceId == UNDEFVID)
#ifndef UKERNEL /* ukernel runs as just one uid anyway */
&& (tu->uid == 0)
#endif
)
rx_SetConnSecondsUntilNatPing(tc->id, 20);
tc->forceConnectFS = 0; /* apparently we're appropriately connected now */
if (csec)
rxs_Release(csec);
ConvertWToSLock(&afs_xconn);
} /* end of if (tc->forceConnectFS)*/
*rxconn = tc->id;
rx_GetConnection(*rxconn);
ReleaseSharedLock(&afs_xconn);
return tc;
}
/**
* Connects to a server by it's server address.
*
* @param sap Server address.
* @param aport Server port.
* @param acell
* @param tu Connect as this user.
* @param force_if_down
* @param create
* @param locktype Specifies type of lock to be used for this function.
*
* @return The new connection.
*/
struct afs_conn *
afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
struct unixuser *tu, int force_if_down, afs_int32 create,
afs_int32 locktype)
{
struct afs_conn *tc = 0;
struct rx_securityClass *csec; /*Security class object */
int isec; /*Security index */
int service;
if (!sap || ((sap->sa_flags & SRVR_ISDOWN) && !force_if_down)) {
/* sa is known down, and we don't want to force it. */
return NULL;
}
ObtainSharedLock(&afs_xconn, 15);
/* Get conn by port and user. */
for (tc = sap->conns; tc; tc = tc->next) {
if (tc->user == tu && tc->port == aport) {
break;
}
}
if (!tc && !create) {
/* Not found and can't create a new one. */
ReleaseSharedLock(&afs_xconn);
return NULL;
}
if (AFS_IS_DISCONNECTED && !AFS_IN_SYNC) {
afs_warnuser("afs_ConnBySA: disconnected\n");
ReleaseSharedLock(&afs_xconn);
return NULL;
}
if (!tc) {
/* No such connection structure exists. Create one and splice it in.
* Make sure the server record has been marked as used (for the purposes
* of calculating up & down times, it's now considered to be an
* ``active'' server). Also make sure the server's lastUpdateEvalTime
* gets set, marking the time of its ``birth''.
*/
UpgradeSToWLock(&afs_xconn, 37);
tc = (struct afs_conn *)afs_osi_Alloc(sizeof(struct afs_conn));
memset(tc, 0, sizeof(struct afs_conn));
tc->user = tu;
tc->port = aport;
tc->srvr = sap;
tc->refCount = 0; /* bumped below */
tc->forceConnectFS = 1;
tc->id = (struct rx_connection *)0;
tc->next = sap->conns;
sap->conns = tc;
afs_ActivateServer(sap);
ConvertWToSLock(&afs_xconn);
} /* end of if (!tc) */
tc->refCount++;
if (tu->states & UTokensBad) {
/* we may still have an authenticated RPC connection here,
* we'll have to create a new, unauthenticated, connection.
* Perhaps a better way to do this would be to set
* conn->forceConnectFS on all conns when the token first goes
* bad, but that's somewhat trickier, due to locking
* constraints (though not impossible).
*/
if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) {
tc->forceConnectFS = 1; /* force recreation of connection */
}
tu->vid = UNDEFVID; /* forcibly disconnect the authentication info */
}
if (tc->forceConnectFS) {
UpgradeSToWLock(&afs_xconn, 38);
csec = (struct rx_securityClass *)0;
if (tc->id) {
AFS_GUNLOCK();
rx_DestroyConnection(tc->id);
AFS_GLOCK();
}
/*
* Stupid hack to determine if using vldb service or file system
* service.
*/
if (aport == sap->server->cell->vlport)
service = 52;
else
service = 1;
isec = 0;
csec = afs_pickSecurityObject(tc, &isec);
AFS_GUNLOCK();
tc->id = rx_NewConnection(sap->sa_ip, aport, service, csec, isec);
AFS_GLOCK();
if (service == 52) {
rx_SetConnHardDeadTime(tc->id, afs_rx_harddead);
}
/* set to a RX_CALL_TIMEOUT error to allow MTU retry to trigger */
rx_SetServerConnIdleDeadErr(tc->id, RX_CALL_DEAD);
rx_SetConnIdleDeadTime(tc->id, afs_rx_idledead);
rx_SetMsgsizeRetryErr(tc->id, RX_MSGSIZE);
/*
* Only do this for the base connection, not per-user.
* Will need to be revisited if/when CB gets security.
*/
if ((isec == 0) && (service != 52) && !(tu->states & UTokensBad) &&
(tu->vid == UNDEFVID))
rx_SetConnSecondsUntilNatPing(tc->id, 20);
tc->forceConnectFS = 0; /* apparently we're appropriately connected now */
if (csec)
rxs_Release(csec);
ConvertWToSLock(&afs_xconn);
} /* end of if (tc->forceConnectFS)*/
ReleaseSharedLock(&afs_xconn);
return tc;
}
