int
xdr_to_auth_unix_cred (char *msgbuf, int msglen, struct authunix_parms *au,
char *machname, gid_t *gids)
{
XDR xdr;
int ret = -1;
GF_VALIDATE_OR_GOTO ("rpc", msgbuf, out);
GF_VALIDATE_OR_GOTO ("rpc", machname, out);
GF_VALIDATE_OR_GOTO ("rpc", gids, out);
GF_VALIDATE_OR_GOTO ("rpc", au, out);
au->aup_machname = machname;
#ifdef GF_DARWIN_HOST_OS
au->aup_gids = (int *)gids;
#else
au->aup_gids = gids;
#endif
xdrmem_create (&xdr, msgbuf, msglen, XDR_DECODE);
if (!xdr_authunix_parms (&xdr, au)) {
gf_log ("rpc", GF_LOG_WARNING, "failed to decode auth unix parms");
goto out;
}
ret = 0;
out:
return ret;
}
int
auth_unix_cred_to_xdr(struct authunix_parms *au, char *dest, size_t len,
struct iovec *iov)
{
XDR xdr;
int ret = -1;
GF_VALIDATE_OR_GOTO("rpc", au, out);
GF_VALIDATE_OR_GOTO("rpc", dest, out);
GF_VALIDATE_OR_GOTO("rpc", iov, out);
xdrmem_create(&xdr, dest, len, XDR_DECODE);
if (!xdr_authunix_parms(&xdr, au)) {
gf_log("rpc", GF_LOG_WARNING, "failed to decode authunix parms");
goto out;
}
iov->iov_base = dest;
iov->iov_len = xdr_encoded_length(xdr);
ret = 0;
out:
return ret;
}
static bool
authunix_refresh(AUTH *auth, void *dummy)
{
struct audata *au = AUTH_PRIVATE(auth);
struct authunix_parms aup;
struct timespec now;
XDR xdrs;
int stat;
assert(auth != NULL);
if (memcmp(&auth->ah_cred, &au->au_origcred, sizeof(struct opaque_auth))
== 0) {
/* there is no hope. Punt */
return (false);
}
au->au_shfaults++;
/* first deserialize the creds back into a struct authunix_parms */
aup.aup_machname = NULL;
aup.aup_gids = NULL;
xdrmem_create(&xdrs, au->au_origcred.oa_body, au->au_origcred.oa_length,
XDR_DECODE);
stat = xdr_authunix_parms(&xdrs, &aup);
if (!stat)
goto done;
/* update the time and serialize in place */
(void)clock_gettime(CLOCK_MONOTONIC_FAST, &now);
aup.aup_time = now.tv_sec;
xdrs.x_op = XDR_ENCODE;
XDR_SETPOS(&xdrs, 0);
stat = xdr_authunix_parms(&xdrs, &aup);
if (!stat)
goto done;
auth->ah_cred = au->au_origcred;
marshal_new_auth(auth);
done:
/* free the struct authunix_parms created by deserializing */
xdrs.x_op = XDR_FREE;
(void)xdr_authunix_parms(&xdrs, &aup);
XDR_DESTROY(&xdrs);
return (stat);
}
static bool_t
authunix_refresh(AUTH *auth)
{
struct audata *au = AUTH_PRIVATE(auth);
struct authunix_parms aup;
struct timeval now;
XDR xdrs;
int stat;
_DIAGASSERT(auth != NULL);
if (auth->ah_cred.oa_base == au->au_origcred.oa_base) {
/* there is no hope. Punt */
return (FALSE);
}
au->au_shfaults++;
/* first deserialize the creds back into a struct authunix_parms */
aup.aup_machname = NULL;
aup.aup_gids = NULL;
xdrmem_create(&xdrs, au->au_origcred.oa_base,
au->au_origcred.oa_length, XDR_DECODE);
stat = xdr_authunix_parms(&xdrs, &aup);
if (! stat)
goto done;
/* update the time and serialize in place */
(void)gettimeofday(&now, NULL);
aup.aup_time = (u_long)now.tv_sec; /* XXX: truncate on 32 bit */
xdrs.x_op = XDR_ENCODE;
XDR_SETPOS(&xdrs, 0);
stat = xdr_authunix_parms(&xdrs, &aup);
if (! stat)
goto done;
auth->ah_cred = au->au_origcred;
marshal_new_auth(auth);
done:
/* free the struct authunix_parms created by deserializing */
xdrs.x_op = XDR_FREE;
(void)xdr_authunix_parms(&xdrs, &aup);
XDR_DESTROY(&xdrs);
return (stat);
}
/*
* Create a unix style authenticator.
* Returns an auth handle with the given stuff in it.
*/
AUTH *
authunix_ncreate(char *machname, uid_t uid, gid_t gid, int len,
gid_t *aup_gids)
{
struct audata *au = mem_alloc(sizeof(*au));
AUTH *auth = &au->au_auth;
struct authunix_parms aup;
struct timespec now;
XDR xdrs;
/*
* Allocate and set up auth handle
*/
auth->ah_ops = authunix_ops();
auth->ah_private = NULL;
auth->ah_error.re_status = RPC_SUCCESS;
auth->ah_verf = au->au_shcred = _null_auth;
auth->ah_refcnt = 1;
au->au_shfaults = 0;
/*
* fill in param struct from the given params
*/
(void)clock_gettime(CLOCK_MONOTONIC_FAST, &now);
aup.aup_time = now.tv_sec;
aup.aup_machname = machname;
aup.aup_uid = uid;
aup.aup_gid = gid;
aup.aup_len = (u_int) len;
aup.aup_gids = aup_gids;
/*
* Serialize the parameters into origcred
*/
xdrmem_create(&xdrs, au->au_origcred.oa_body, MAX_AUTH_BYTES,
XDR_ENCODE);
if (!xdr_authunix_parms(&xdrs, &aup)) {
__warnx(TIRPC_DEBUG_FLAG_AUTH, "%s: %s",
__func__, clnt_sperrno(RPC_CANTENCODEARGS));
auth->ah_error.re_status = RPC_CANTENCODEARGS;
return (auth);
}
au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
au->au_origcred.oa_flavor = AUTH_UNIX;
/*
* set auth handle to reflect new cred.
*/
auth->ah_cred = au->au_origcred;
/* auth_get not needed: ah_refcnt == 1, as desired */
marshal_new_auth(auth);
/* */
return (auth);
}
const authunix_parms *
svccb::getaup () const
{
if (aup || msg.rm_call.cb_cred.oa_flavor != AUTH_UNIX)
return aup;
xdrmem x (msg.rm_call.cb_cred.oa_base,
msg.rm_call.cb_cred.oa_length, XDR_DECODE);
aup = New authunix_parms;
bzero (aup, sizeof (*aup));
if (xdr_authunix_parms (x.xdrp (), aup))
return aup;
xdr_free (reinterpret_cast<sfs::xdrproc_t> (xdr_authunix_parms), aup);
delete aup;
// msg.rm_call.cb_cred.oa_flavor = AUTH_NONE;
return aup = NULL;
}
/*
* Create a unix style authenticator.
* Returns an auth handle with the given stuff in it.
*/
AUTH *
authunix_create(char *machname, int uid, int gid, int len, int *aup_gids)
{
struct authunix_parms aup;
char mymem[MAX_AUTH_BYTES];
struct timeval now;
XDR xdrs;
AUTH *auth;
struct audata *au;
/*
* Allocate and set up auth handle
*/
au = NULL;
auth = mem_alloc(sizeof(*auth));
#ifndef KERNEL
if (auth == NULL) {
warnx("authunix_create: out of memory");
goto cleanup_authunix_create;
}
#endif
au = mem_alloc(sizeof(*au));
#ifndef KERNEL
if (au == NULL) {
warnx("authunix_create: out of memory");
goto cleanup_authunix_create;
}
#endif
auth->ah_ops = authunix_ops();
auth->ah_private = au;
auth->ah_verf = au->au_shcred = _null_auth;
au->au_shfaults = 0;
au->au_origcred.oa_base = NULL;
/*
* fill in param struct from the given params
*/
(void)gettimeofday(&now, NULL);
aup.aup_time = (u_long)now.tv_sec; /* XXX: truncate on 32 bit */
aup.aup_machname = machname;
aup.aup_uid = uid;
aup.aup_gid = gid;
aup.aup_len = (u_int)len;
aup.aup_gids = aup_gids;
/*
* Serialize the parameters into origcred
*/
xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
if (! xdr_authunix_parms(&xdrs, &aup))
abort();
au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
au->au_origcred.oa_flavor = AUTH_UNIX;
#ifdef KERNEL
au->au_origcred.oa_base = mem_alloc((size_t)len);
#else
if ((au->au_origcred.oa_base = mem_alloc((size_t)len)) == NULL) {
warnx("authunix_create: out of memory");
goto cleanup_authunix_create;
}
#endif
memmove(au->au_origcred.oa_base, mymem, (size_t)len);
/*
* set auth handle to reflect new cred.
*/
auth->ah_cred = au->au_origcred;
marshal_new_auth(auth);
return (auth);
#ifndef KERNEL
cleanup_authunix_create:
if (auth)
mem_free(auth, sizeof(*auth));
if (au) {
if (au->au_origcred.oa_base)
mem_free(au->au_origcred.oa_base, (u_int)len);
mem_free(au, sizeof(*au));
}
return (NULL);
#endif
}
enum auth_stat
svcbyz_auth_unix(struct svc_req *rqst, struct rpc_msg *msg) {
register enum auth_stat stat;
XDR xdrs;
register struct authunix_parms *aup;
register int *buf;
struct area {
struct authunix_parms area_aup;
char area_machname[MAX_MACHINE_NAME+1];
unsigned int area_gids[NGRPS]; // JC: changed to unsigned
} *area;
u_int auth_len;
int str_len, gid_len;
register int i;
area = (struct area *) rqst->rq_clntcred;
aup = &area->area_aup;
aup->aup_machname = area->area_machname;
aup->aup_gids = area->area_gids;
auth_len = (unsigned int)msg->rm_call.cb_cred.oa_length;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
buf = XDR_INLINE(&xdrs, auth_len);
if (buf != NULL) {
aup->aup_time = IXDR_GET_LONG(buf);
str_len = IXDR_GET_U_LONG(buf);
if (str_len > MAX_MACHINE_NAME) {
stat = AUTH_BADCRED;
goto done;
}
bcopy((caddr_t)buf, aup->aup_machname, (u_int)str_len);
aup->aup_machname[str_len] = 0;
str_len = RNDUP(str_len);
buf += str_len / sizeof(int);
aup->aup_uid = IXDR_GET_LONG(buf);
aup->aup_gid = IXDR_GET_LONG(buf);
gid_len = IXDR_GET_U_LONG(buf);
if (gid_len > NGRPS) {
stat = AUTH_BADCRED;
goto done;
}
aup->aup_len = gid_len;
for (i = 0; i < gid_len; i++) {
aup->aup_gids[i] = IXDR_GET_LONG(buf);
}
/*
* five is the smallest unix credentials structure -
* timestamp, hostname len (0), uid, gid, and gids len (0).
*/
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
(void) printf("bad auth_len gid %d str %d auth %d\n",
gid_len, str_len, auth_len);
stat = AUTH_BADCRED;
goto done;
}
} else if (! xdr_authunix_parms(&xdrs, aup)) {
xdrs.x_op = XDR_FREE;
(void)xdr_authunix_parms(&xdrs, aup);
stat = AUTH_BADCRED;
goto done;
}
rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
rqst->rq_xprt->xp_verf.oa_length = 0;
stat = AUTH_OK;
done:
XDR_DESTROY(&xdrs);
return (stat);
}
/*
* Unix longhand authenticator
*/
enum auth_stat
_svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg)
{
enum auth_stat stat;
XDR xdrs;
int32_t *buf;
uint32_t time;
struct xucred *xcr;
u_int auth_len;
size_t str_len, gid_len;
u_int i;
xcr = rqst->rq_clntcred;
auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,
XDR_DECODE);
buf = XDR_INLINE(&xdrs, auth_len);
if (buf != NULL) {
time = IXDR_GET_UINT32(buf);
str_len = (size_t)IXDR_GET_UINT32(buf);
if (str_len > MAX_MACHINE_NAME) {
stat = AUTH_BADCRED;
goto done;
}
str_len = RNDUP(str_len);
buf += str_len / sizeof (int32_t);
xcr->cr_uid = IXDR_GET_UINT32(buf);
xcr->cr_groups[0] = IXDR_GET_UINT32(buf);
gid_len = (size_t)IXDR_GET_UINT32(buf);
if (gid_len > NGRPS) {
stat = AUTH_BADCRED;
goto done;
}
for (i = 0; i < gid_len; i++) {
if (i + 1 < XU_NGROUPS)
xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf);
else
buf++;
}
if (gid_len + 1 > XU_NGROUPS)
xcr->cr_ngroups = XU_NGROUPS;
else
xcr->cr_ngroups = gid_len + 1;
/*
* five is the smallest unix credentials structure -
* timestamp, hostname len (0), uid, gid, and gids len (0).
*/
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
(void) printf("bad auth_len gid %ld str %ld auth %u\n",
(long)gid_len, (long)str_len, auth_len);
stat = AUTH_BADCRED;
goto done;
}
} else if (! xdr_authunix_parms(&xdrs, &time, xcr)) {
stat = AUTH_BADCRED;
goto done;
}
rqst->rq_verf = _null_auth;
stat = AUTH_OK;
done:
XDR_DESTROY(&xdrs);
return (stat);
}
/*
* Unix longhand authenticator
*/
enum auth_stat
_svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg)
{
enum auth_stat stat;
XDR xdrs;
struct authunix_parms *aup;
int32_t *buf;
struct area {
struct authunix_parms area_aup;
char area_machname[MAX_MACHINE_NAME+1];
int area_gids[NGRPS];
} *area;
u_int auth_len;
size_t str_len, gid_len;
u_int i;
assert(rqst != NULL);
assert(msg != NULL);
area = (struct area *) rqst->rq_clntcred;
aup = &area->area_aup;
aup->aup_machname = area->area_machname;
aup->aup_gids = area->area_gids;
auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
buf = XDR_INLINE(&xdrs, auth_len);
if (buf != NULL) {
aup->aup_time = IXDR_GET_INT32(buf);
str_len = (size_t)IXDR_GET_U_INT32(buf);
if (str_len > MAX_MACHINE_NAME) {
stat = AUTH_BADCRED;
goto done;
}
memmove(aup->aup_machname, buf, str_len);
aup->aup_machname[str_len] = 0;
str_len = RNDUP(str_len);
buf += str_len / sizeof (int32_t);
aup->aup_uid = (int)IXDR_GET_INT32(buf);
aup->aup_gid = (int)IXDR_GET_INT32(buf);
gid_len = (size_t)IXDR_GET_U_INT32(buf);
if (gid_len > NGRPS) {
stat = AUTH_BADCRED;
goto done;
}
aup->aup_len = gid_len;
for (i = 0; i < gid_len; i++) {
aup->aup_gids[i] = (int)IXDR_GET_INT32(buf);
}
/*
* five is the smallest unix credentials structure -
* timestamp, hostname len (0), uid, gid, and gids len (0).
*/
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
printf("bad auth_len gid %ld str %ld auth %u\n",
(long)gid_len, (long)str_len, auth_len);
stat = AUTH_BADCRED;
goto done;
}
} else if (! xdr_authunix_parms(&xdrs, aup)) {
xdrs.x_op = XDR_FREE;
xdr_authunix_parms(&xdrs, aup);
stat = AUTH_BADCRED;
goto done;
}
/* get the verifier */
if ((u_int)msg->rm_call.cb_verf.oa_length) {
rqst->rq_xprt->xp_verf.oa_flavor =
msg->rm_call.cb_verf.oa_flavor;
rqst->rq_xprt->xp_verf.oa_base =
msg->rm_call.cb_verf.oa_base;
rqst->rq_xprt->xp_verf.oa_length =
msg->rm_call.cb_verf.oa_length;
} else {
rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
rqst->rq_xprt->xp_verf.oa_length = 0;
}
stat = AUTH_OK;
done:
XDR_DESTROY(&xdrs);
return (stat);
}
/*
* Create a unix style authenticator.
* Returns an auth handle with the given stuff in it.
*/
AUTH *
authunix_create(char *machname, int uid, int gid, int len, int *aup_gids)
{
struct authunix_parms aup;
char mymem[MAX_AUTH_BYTES];
struct timeval now;
XDR xdrs;
AUTH *auth;
struct audata *au;
/*
* Allocate and set up auth handle
*/
auth = (AUTH *)mem_alloc(sizeof(*auth));
#ifndef KERNEL
if (auth == NULL) {
(void)fprintf(stderr, "authunix_create: out of memory\n");
return (NULL);
}
#endif
au = (struct audata *)mem_alloc(sizeof(*au));
#ifndef KERNEL
if (au == NULL) {
(void)fprintf(stderr, "authunix_create: out of memory\n");
free(auth);
return (NULL);
}
#endif
auth->ah_ops = &auth_unix_ops;
auth->ah_private = (caddr_t)au;
auth->ah_verf = au->au_shcred = _null_auth;
au->au_shfaults = 0;
/*
* fill in param struct from the given params
*/
(void)gettimeofday(&now, NULL);
aup.aup_time = now.tv_sec;
aup.aup_machname = machname;
aup.aup_uid = uid;
aup.aup_gid = gid;
aup.aup_len = (u_int)len;
aup.aup_gids = aup_gids;
/*
* Serialize the parameters into origcred
*/
xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
if (!xdr_authunix_parms(&xdrs, &aup))
goto authfail;
au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
au->au_origcred.oa_flavor = AUTH_UNIX;
#ifdef KERNEL
au->au_origcred.oa_base = mem_alloc((u_int) len);
#else
if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) {
(void)fprintf(stderr, "authunix_create: out of memory\n");
goto authfail;
}
#endif
memcpy(au->au_origcred.oa_base, mymem, (u_int)len);
/*
* set auth handle to reflect new cred.
*/
auth->ah_cred = au->au_origcred;
marshal_new_auth(auth);
return (auth);
authfail:
XDR_DESTROY(&xdrs);
free(au);
free(auth);
return (NULL);
}
