int xdr_to_auth_unix_cred (char *msgbuf, int msglen, struct authunix_parms *au, char *machname, gid_t *gids) { XDR xdr; int ret = -1; GF_VALIDATE_OR_GOTO ("rpc", msgbuf, out); GF_VALIDATE_OR_GOTO ("rpc", machname, out); GF_VALIDATE_OR_GOTO ("rpc", gids, out); GF_VALIDATE_OR_GOTO ("rpc", au, out); au->aup_machname = machname; #ifdef GF_DARWIN_HOST_OS au->aup_gids = (int *)gids; #else au->aup_gids = gids; #endif xdrmem_create (&xdr, msgbuf, msglen, XDR_DECODE); if (!xdr_authunix_parms (&xdr, au)) { gf_log ("rpc", GF_LOG_WARNING, "failed to decode auth unix parms"); goto out; } ret = 0; out: return ret; }
int auth_unix_cred_to_xdr(struct authunix_parms *au, char *dest, size_t len, struct iovec *iov) { XDR xdr; int ret = -1; GF_VALIDATE_OR_GOTO("rpc", au, out); GF_VALIDATE_OR_GOTO("rpc", dest, out); GF_VALIDATE_OR_GOTO("rpc", iov, out); xdrmem_create(&xdr, dest, len, XDR_DECODE); if (!xdr_authunix_parms(&xdr, au)) { gf_log("rpc", GF_LOG_WARNING, "failed to decode authunix parms"); goto out; } iov->iov_base = dest; iov->iov_len = xdr_encoded_length(xdr); ret = 0; out: return ret; }
static bool authunix_refresh(AUTH *auth, void *dummy) { struct audata *au = AUTH_PRIVATE(auth); struct authunix_parms aup; struct timespec now; XDR xdrs; int stat; assert(auth != NULL); if (memcmp(&auth->ah_cred, &au->au_origcred, sizeof(struct opaque_auth)) == 0) { /* there is no hope. Punt */ return (false); } au->au_shfaults++; /* first deserialize the creds back into a struct authunix_parms */ aup.aup_machname = NULL; aup.aup_gids = NULL; xdrmem_create(&xdrs, au->au_origcred.oa_body, au->au_origcred.oa_length, XDR_DECODE); stat = xdr_authunix_parms(&xdrs, &aup); if (!stat) goto done; /* update the time and serialize in place */ (void)clock_gettime(CLOCK_MONOTONIC_FAST, &now); aup.aup_time = now.tv_sec; xdrs.x_op = XDR_ENCODE; XDR_SETPOS(&xdrs, 0); stat = xdr_authunix_parms(&xdrs, &aup); if (!stat) goto done; auth->ah_cred = au->au_origcred; marshal_new_auth(auth); done: /* free the struct authunix_parms created by deserializing */ xdrs.x_op = XDR_FREE; (void)xdr_authunix_parms(&xdrs, &aup); XDR_DESTROY(&xdrs); return (stat); }
static bool_t authunix_refresh(AUTH *auth) { struct audata *au = AUTH_PRIVATE(auth); struct authunix_parms aup; struct timeval now; XDR xdrs; int stat; _DIAGASSERT(auth != NULL); if (auth->ah_cred.oa_base == au->au_origcred.oa_base) { /* there is no hope. Punt */ return (FALSE); } au->au_shfaults++; /* first deserialize the creds back into a struct authunix_parms */ aup.aup_machname = NULL; aup.aup_gids = NULL; xdrmem_create(&xdrs, au->au_origcred.oa_base, au->au_origcred.oa_length, XDR_DECODE); stat = xdr_authunix_parms(&xdrs, &aup); if (! stat) goto done; /* update the time and serialize in place */ (void)gettimeofday(&now, NULL); aup.aup_time = (u_long)now.tv_sec; /* XXX: truncate on 32 bit */ xdrs.x_op = XDR_ENCODE; XDR_SETPOS(&xdrs, 0); stat = xdr_authunix_parms(&xdrs, &aup); if (! stat) goto done; auth->ah_cred = au->au_origcred; marshal_new_auth(auth); done: /* free the struct authunix_parms created by deserializing */ xdrs.x_op = XDR_FREE; (void)xdr_authunix_parms(&xdrs, &aup); XDR_DESTROY(&xdrs); return (stat); }
/* * Create a unix style authenticator. * Returns an auth handle with the given stuff in it. */ AUTH * authunix_ncreate(char *machname, uid_t uid, gid_t gid, int len, gid_t *aup_gids) { struct audata *au = mem_alloc(sizeof(*au)); AUTH *auth = &au->au_auth; struct authunix_parms aup; struct timespec now; XDR xdrs; /* * Allocate and set up auth handle */ auth->ah_ops = authunix_ops(); auth->ah_private = NULL; auth->ah_error.re_status = RPC_SUCCESS; auth->ah_verf = au->au_shcred = _null_auth; auth->ah_refcnt = 1; au->au_shfaults = 0; /* * fill in param struct from the given params */ (void)clock_gettime(CLOCK_MONOTONIC_FAST, &now); aup.aup_time = now.tv_sec; aup.aup_machname = machname; aup.aup_uid = uid; aup.aup_gid = gid; aup.aup_len = (u_int) len; aup.aup_gids = aup_gids; /* * Serialize the parameters into origcred */ xdrmem_create(&xdrs, au->au_origcred.oa_body, MAX_AUTH_BYTES, XDR_ENCODE); if (!xdr_authunix_parms(&xdrs, &aup)) { __warnx(TIRPC_DEBUG_FLAG_AUTH, "%s: %s", __func__, clnt_sperrno(RPC_CANTENCODEARGS)); auth->ah_error.re_status = RPC_CANTENCODEARGS; return (auth); } au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs); au->au_origcred.oa_flavor = AUTH_UNIX; /* * set auth handle to reflect new cred. */ auth->ah_cred = au->au_origcred; /* auth_get not needed: ah_refcnt == 1, as desired */ marshal_new_auth(auth); /* */ return (auth); }
const authunix_parms * svccb::getaup () const { if (aup || msg.rm_call.cb_cred.oa_flavor != AUTH_UNIX) return aup; xdrmem x (msg.rm_call.cb_cred.oa_base, msg.rm_call.cb_cred.oa_length, XDR_DECODE); aup = New authunix_parms; bzero (aup, sizeof (*aup)); if (xdr_authunix_parms (x.xdrp (), aup)) return aup; xdr_free (reinterpret_cast<sfs::xdrproc_t> (xdr_authunix_parms), aup); delete aup; // msg.rm_call.cb_cred.oa_flavor = AUTH_NONE; return aup = NULL; }
/* * Create a unix style authenticator. * Returns an auth handle with the given stuff in it. */ AUTH * authunix_create(char *machname, int uid, int gid, int len, int *aup_gids) { struct authunix_parms aup; char mymem[MAX_AUTH_BYTES]; struct timeval now; XDR xdrs; AUTH *auth; struct audata *au; /* * Allocate and set up auth handle */ au = NULL; auth = mem_alloc(sizeof(*auth)); #ifndef KERNEL if (auth == NULL) { warnx("authunix_create: out of memory"); goto cleanup_authunix_create; } #endif au = mem_alloc(sizeof(*au)); #ifndef KERNEL if (au == NULL) { warnx("authunix_create: out of memory"); goto cleanup_authunix_create; } #endif auth->ah_ops = authunix_ops(); auth->ah_private = au; auth->ah_verf = au->au_shcred = _null_auth; au->au_shfaults = 0; au->au_origcred.oa_base = NULL; /* * fill in param struct from the given params */ (void)gettimeofday(&now, NULL); aup.aup_time = (u_long)now.tv_sec; /* XXX: truncate on 32 bit */ aup.aup_machname = machname; aup.aup_uid = uid; aup.aup_gid = gid; aup.aup_len = (u_int)len; aup.aup_gids = aup_gids; /* * Serialize the parameters into origcred */ xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE); if (! xdr_authunix_parms(&xdrs, &aup)) abort(); au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs); au->au_origcred.oa_flavor = AUTH_UNIX; #ifdef KERNEL au->au_origcred.oa_base = mem_alloc((size_t)len); #else if ((au->au_origcred.oa_base = mem_alloc((size_t)len)) == NULL) { warnx("authunix_create: out of memory"); goto cleanup_authunix_create; } #endif memmove(au->au_origcred.oa_base, mymem, (size_t)len); /* * set auth handle to reflect new cred. */ auth->ah_cred = au->au_origcred; marshal_new_auth(auth); return (auth); #ifndef KERNEL cleanup_authunix_create: if (auth) mem_free(auth, sizeof(*auth)); if (au) { if (au->au_origcred.oa_base) mem_free(au->au_origcred.oa_base, (u_int)len); mem_free(au, sizeof(*au)); } return (NULL); #endif }
enum auth_stat svcbyz_auth_unix(struct svc_req *rqst, struct rpc_msg *msg) { register enum auth_stat stat; XDR xdrs; register struct authunix_parms *aup; register int *buf; struct area { struct authunix_parms area_aup; char area_machname[MAX_MACHINE_NAME+1]; unsigned int area_gids[NGRPS]; // JC: changed to unsigned } *area; u_int auth_len; int str_len, gid_len; register int i; area = (struct area *) rqst->rq_clntcred; aup = &area->area_aup; aup->aup_machname = area->area_machname; aup->aup_gids = area->area_gids; auth_len = (unsigned int)msg->rm_call.cb_cred.oa_length; xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); buf = XDR_INLINE(&xdrs, auth_len); if (buf != NULL) { aup->aup_time = IXDR_GET_LONG(buf); str_len = IXDR_GET_U_LONG(buf); if (str_len > MAX_MACHINE_NAME) { stat = AUTH_BADCRED; goto done; } bcopy((caddr_t)buf, aup->aup_machname, (u_int)str_len); aup->aup_machname[str_len] = 0; str_len = RNDUP(str_len); buf += str_len / sizeof(int); aup->aup_uid = IXDR_GET_LONG(buf); aup->aup_gid = IXDR_GET_LONG(buf); gid_len = IXDR_GET_U_LONG(buf); if (gid_len > NGRPS) { stat = AUTH_BADCRED; goto done; } aup->aup_len = gid_len; for (i = 0; i < gid_len; i++) { aup->aup_gids[i] = IXDR_GET_LONG(buf); } /* * five is the smallest unix credentials structure - * timestamp, hostname len (0), uid, gid, and gids len (0). */ if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { (void) printf("bad auth_len gid %d str %d auth %d\n", gid_len, str_len, auth_len); stat = AUTH_BADCRED; goto done; } } else if (! xdr_authunix_parms(&xdrs, aup)) { xdrs.x_op = XDR_FREE; (void)xdr_authunix_parms(&xdrs, aup); stat = AUTH_BADCRED; goto done; } rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL; rqst->rq_xprt->xp_verf.oa_length = 0; stat = AUTH_OK; done: XDR_DESTROY(&xdrs); return (stat); }
/* * Unix longhand authenticator */ enum auth_stat _svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg) { enum auth_stat stat; XDR xdrs; int32_t *buf; uint32_t time; struct xucred *xcr; u_int auth_len; size_t str_len, gid_len; u_int i; xcr = rqst->rq_clntcred; auth_len = (u_int)msg->rm_call.cb_cred.oa_length; xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len, XDR_DECODE); buf = XDR_INLINE(&xdrs, auth_len); if (buf != NULL) { time = IXDR_GET_UINT32(buf); str_len = (size_t)IXDR_GET_UINT32(buf); if (str_len > MAX_MACHINE_NAME) { stat = AUTH_BADCRED; goto done; } str_len = RNDUP(str_len); buf += str_len / sizeof (int32_t); xcr->cr_uid = IXDR_GET_UINT32(buf); xcr->cr_groups[0] = IXDR_GET_UINT32(buf); gid_len = (size_t)IXDR_GET_UINT32(buf); if (gid_len > NGRPS) { stat = AUTH_BADCRED; goto done; } for (i = 0; i < gid_len; i++) { if (i + 1 < XU_NGROUPS) xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf); else buf++; } if (gid_len + 1 > XU_NGROUPS) xcr->cr_ngroups = XU_NGROUPS; else xcr->cr_ngroups = gid_len + 1; /* * five is the smallest unix credentials structure - * timestamp, hostname len (0), uid, gid, and gids len (0). */ if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { (void) printf("bad auth_len gid %ld str %ld auth %u\n", (long)gid_len, (long)str_len, auth_len); stat = AUTH_BADCRED; goto done; } } else if (! xdr_authunix_parms(&xdrs, &time, xcr)) { stat = AUTH_BADCRED; goto done; } rqst->rq_verf = _null_auth; stat = AUTH_OK; done: XDR_DESTROY(&xdrs); return (stat); }
/* * Unix longhand authenticator */ enum auth_stat _svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg) { enum auth_stat stat; XDR xdrs; struct authunix_parms *aup; int32_t *buf; struct area { struct authunix_parms area_aup; char area_machname[MAX_MACHINE_NAME+1]; int area_gids[NGRPS]; } *area; u_int auth_len; size_t str_len, gid_len; u_int i; assert(rqst != NULL); assert(msg != NULL); area = (struct area *) rqst->rq_clntcred; aup = &area->area_aup; aup->aup_machname = area->area_machname; aup->aup_gids = area->area_gids; auth_len = (u_int)msg->rm_call.cb_cred.oa_length; xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); buf = XDR_INLINE(&xdrs, auth_len); if (buf != NULL) { aup->aup_time = IXDR_GET_INT32(buf); str_len = (size_t)IXDR_GET_U_INT32(buf); if (str_len > MAX_MACHINE_NAME) { stat = AUTH_BADCRED; goto done; } memmove(aup->aup_machname, buf, str_len); aup->aup_machname[str_len] = 0; str_len = RNDUP(str_len); buf += str_len / sizeof (int32_t); aup->aup_uid = (int)IXDR_GET_INT32(buf); aup->aup_gid = (int)IXDR_GET_INT32(buf); gid_len = (size_t)IXDR_GET_U_INT32(buf); if (gid_len > NGRPS) { stat = AUTH_BADCRED; goto done; } aup->aup_len = gid_len; for (i = 0; i < gid_len; i++) { aup->aup_gids[i] = (int)IXDR_GET_INT32(buf); } /* * five is the smallest unix credentials structure - * timestamp, hostname len (0), uid, gid, and gids len (0). */ if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { printf("bad auth_len gid %ld str %ld auth %u\n", (long)gid_len, (long)str_len, auth_len); stat = AUTH_BADCRED; goto done; } } else if (! xdr_authunix_parms(&xdrs, aup)) { xdrs.x_op = XDR_FREE; xdr_authunix_parms(&xdrs, aup); stat = AUTH_BADCRED; goto done; } /* get the verifier */ if ((u_int)msg->rm_call.cb_verf.oa_length) { rqst->rq_xprt->xp_verf.oa_flavor = msg->rm_call.cb_verf.oa_flavor; rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base; rqst->rq_xprt->xp_verf.oa_length = msg->rm_call.cb_verf.oa_length; } else { rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL; rqst->rq_xprt->xp_verf.oa_length = 0; } stat = AUTH_OK; done: XDR_DESTROY(&xdrs); return (stat); }
/* * Create a unix style authenticator. * Returns an auth handle with the given stuff in it. */ AUTH * authunix_create(char *machname, int uid, int gid, int len, int *aup_gids) { struct authunix_parms aup; char mymem[MAX_AUTH_BYTES]; struct timeval now; XDR xdrs; AUTH *auth; struct audata *au; /* * Allocate and set up auth handle */ auth = (AUTH *)mem_alloc(sizeof(*auth)); #ifndef KERNEL if (auth == NULL) { (void)fprintf(stderr, "authunix_create: out of memory\n"); return (NULL); } #endif au = (struct audata *)mem_alloc(sizeof(*au)); #ifndef KERNEL if (au == NULL) { (void)fprintf(stderr, "authunix_create: out of memory\n"); free(auth); return (NULL); } #endif auth->ah_ops = &auth_unix_ops; auth->ah_private = (caddr_t)au; auth->ah_verf = au->au_shcred = _null_auth; au->au_shfaults = 0; /* * fill in param struct from the given params */ (void)gettimeofday(&now, NULL); aup.aup_time = now.tv_sec; aup.aup_machname = machname; aup.aup_uid = uid; aup.aup_gid = gid; aup.aup_len = (u_int)len; aup.aup_gids = aup_gids; /* * Serialize the parameters into origcred */ xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE); if (!xdr_authunix_parms(&xdrs, &aup)) goto authfail; au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs); au->au_origcred.oa_flavor = AUTH_UNIX; #ifdef KERNEL au->au_origcred.oa_base = mem_alloc((u_int) len); #else if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) { (void)fprintf(stderr, "authunix_create: out of memory\n"); goto authfail; } #endif memcpy(au->au_origcred.oa_base, mymem, (u_int)len); /* * set auth handle to reflect new cred. */ auth->ah_cred = au->au_origcred; marshal_new_auth(auth); return (auth); authfail: XDR_DESTROY(&xdrs); free(au); free(auth); return (NULL); }