The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/rpc/auth_unix.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: auth_unix.c,v 1.18 2000/07/06 03:03:30 christos Exp $  */
    2 
    3 /*-
    4  * SPDX-License-Identifier: BSD-3-Clause
    5  *
    6  * Copyright (c) 2009, Sun Microsystems, Inc.
    7  * All rights reserved.
    8  *
    9  * Redistribution and use in source and binary forms, with or without 
   10  * modification, are permitted provided that the following conditions are met:
   11  * - Redistributions of source code must retain the above copyright notice, 
   12  *   this list of conditions and the following disclaimer.
   13  * - Redistributions in binary form must reproduce the above copyright notice, 
   14  *   this list of conditions and the following disclaimer in the documentation 
   15  *   and/or other materials provided with the distribution.
   16  * - Neither the name of Sun Microsystems, Inc. nor the names of its 
   17  *   contributors may be used to endorse or promote products derived 
   18  *   from this software without specific prior written permission.
   19  * 
   20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
   21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
   23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
   24  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
   25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
   26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
   27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
   28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
   29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
   30  * POSSIBILITY OF SUCH DAMAGE.
   31  */
   32 
   33 #if defined(LIBC_SCCS) && !defined(lint)
   34 static char *sccsid2 = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro";
   35 static char *sccsid = "@(#)auth_unix.c  2.2 88/08/01 4.0 RPCSRC";
   36 #endif
   37 #include <sys/cdefs.h>
   38 __FBSDID("$FreeBSD: stable/12/sys/rpc/auth_unix.c 326023 2017-11-20 19:43:44Z pfg $");
   39 
   40 /*
   41  * auth_unix.c, Implements UNIX style authentication parameters.
   42  *
   43  * Copyright (C) 1984, Sun Microsystems, Inc.
   44  *
   45  * The system is very weak.  The client uses no encryption for it's
   46  * credentials and only sends null verifiers.  The server sends backs
   47  * null verifiers or optionally a verifier that suggests a new short hand
   48  * for the credentials.
   49  *
   50  */
   51 
   52 #include <sys/param.h>
   53 #include <sys/systm.h>
   54 #include <sys/hash.h>
   55 #include <sys/kernel.h>
   56 #include <sys/lock.h>
   57 #include <sys/malloc.h>
   58 #include <sys/pcpu.h>
   59 #include <sys/refcount.h>
   60 #include <sys/sx.h>
   61 #include <sys/ucred.h>
   62 
   63 #include <rpc/types.h>
   64 #include <rpc/xdr.h>
   65 #include <rpc/auth.h>
   66 #include <rpc/clnt.h>
   67 
   68 #include <rpc/rpc_com.h>
   69 
   70 /* auth_unix.c */
   71 static void authunix_nextverf (AUTH *);
   72 static bool_t authunix_marshal (AUTH *, uint32_t, XDR *, struct mbuf *);
   73 static bool_t authunix_validate (AUTH *, uint32_t, struct opaque_auth *,
   74     struct mbuf **);
   75 static bool_t authunix_refresh (AUTH *, void *);
   76 static void authunix_destroy (AUTH *);
   77 static void marshal_new_auth (AUTH *);
   78 
   79 static struct auth_ops authunix_ops = {
   80         .ah_nextverf =          authunix_nextverf,
   81         .ah_marshal =           authunix_marshal,
   82         .ah_validate =          authunix_validate,
   83         .ah_refresh =           authunix_refresh,
   84         .ah_destroy =           authunix_destroy,
   85 };
   86 
   87 /*
   88  * This struct is pointed to by the ah_private field of an auth_handle.
   89  */
   90 struct audata {
   91         TAILQ_ENTRY(audata)     au_link;
   92         TAILQ_ENTRY(audata)     au_alllink;
   93         volatile u_int          au_refs;
   94         struct xucred           au_xcred;
   95         struct opaque_auth      au_origcred;    /* original credentials */
   96         struct opaque_auth      au_shcred;      /* short hand cred */
   97         u_long                  au_shfaults;    /* short hand cache faults */
   98         char                    au_marshed[MAX_AUTH_BYTES];
   99         u_int                   au_mpos;        /* xdr pos at end of marshed */
  100         AUTH                    *au_auth;       /* link back to AUTH */
  101 };
  102 TAILQ_HEAD(audata_list, audata);
  103 #define AUTH_PRIVATE(auth)      ((struct audata *)auth->ah_private)
  104 
  105 #define AUTH_UNIX_HASH_SIZE     16
  106 #define AUTH_UNIX_MAX           256
  107 static struct audata_list auth_unix_cache[AUTH_UNIX_HASH_SIZE];
  108 static struct audata_list auth_unix_all;
  109 static struct sx auth_unix_lock;
  110 static int auth_unix_count;
  111 
  112 static void
  113 authunix_init(void *dummy)
  114 {
  115         int i;
  116 
  117         for (i = 0; i < AUTH_UNIX_HASH_SIZE; i++)
  118                 TAILQ_INIT(&auth_unix_cache[i]);
  119         TAILQ_INIT(&auth_unix_all);
  120         sx_init(&auth_unix_lock, "auth_unix_lock");
  121 }
  122 SYSINIT(authunix_init, SI_SUB_KMEM, SI_ORDER_ANY, authunix_init, NULL);
  123 
  124 /*
  125  * Create a unix style authenticator.
  126  * Returns an auth handle with the given stuff in it.
  127  */
  128 AUTH *
  129 authunix_create(struct ucred *cred)
  130 {
  131         uint32_t h, th;
  132         struct xucred xcr;
  133         char mymem[MAX_AUTH_BYTES];
  134         XDR xdrs;
  135         AUTH *auth;
  136         struct audata *au, *tau;
  137         struct timeval now;
  138         uint32_t time;
  139         int len;
  140 
  141         if (auth_unix_count > AUTH_UNIX_MAX) {
  142                 while (auth_unix_count > AUTH_UNIX_MAX) {
  143                         sx_xlock(&auth_unix_lock);
  144                         tau = TAILQ_FIRST(&auth_unix_all);
  145                         th = HASHSTEP(HASHINIT, tau->au_xcred.cr_uid)
  146                                 % AUTH_UNIX_HASH_SIZE;
  147                         TAILQ_REMOVE(&auth_unix_cache[th], tau, au_link);
  148                         TAILQ_REMOVE(&auth_unix_all, tau, au_alllink);
  149                         auth_unix_count--;
  150                         sx_xunlock(&auth_unix_lock);
  151                         AUTH_DESTROY(tau->au_auth);
  152                 }
  153         }
  154 
  155         /*
  156          * Hash the uid to see if we already have an AUTH with this cred.
  157          */
  158         h = HASHSTEP(HASHINIT, cred->cr_uid) % AUTH_UNIX_HASH_SIZE;
  159         cru2x(cred, &xcr);
  160 again:
  161         sx_slock(&auth_unix_lock);
  162         TAILQ_FOREACH(au, &auth_unix_cache[h], au_link) {
  163                 if (!memcmp(&xcr, &au->au_xcred, sizeof(xcr))) {
  164                         refcount_acquire(&au->au_refs);
  165                         if (sx_try_upgrade(&auth_unix_lock)) {
  166                                 /*
  167                                  * Keep auth_unix_all LRU sorted.
  168                                  */
  169                                 TAILQ_REMOVE(&auth_unix_all, au, au_alllink);
  170                                 TAILQ_INSERT_TAIL(&auth_unix_all, au,
  171                                     au_alllink);
  172                                 sx_xunlock(&auth_unix_lock);
  173                         } else {
  174                                 sx_sunlock(&auth_unix_lock);
  175                         }
  176                         return (au->au_auth);
  177                 }
  178         }
  179 
  180         sx_sunlock(&auth_unix_lock);
  181 
  182         /*
  183          * Allocate and set up auth handle
  184          */
  185         au = NULL;
  186         auth = mem_alloc(sizeof(*auth));
  187         au = mem_alloc(sizeof(*au));
  188         auth->ah_ops = &authunix_ops;
  189         auth->ah_private = (caddr_t)au;
  190         auth->ah_verf = au->au_shcred = _null_auth;
  191         refcount_init(&au->au_refs, 1);
  192         au->au_xcred = xcr;
  193         au->au_shfaults = 0;
  194         au->au_origcred.oa_base = NULL;
  195         au->au_auth = auth;
  196 
  197         getmicrotime(&now);
  198         time = now.tv_sec;
  199 
  200         /*
  201          * Serialize the parameters into origcred
  202          */
  203         xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
  204         cru2x(cred, &xcr);
  205         if (! xdr_authunix_parms(&xdrs, &time, &xcr)) 
  206                 panic("authunix_create: failed to encode creds");
  207         au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
  208         au->au_origcred.oa_flavor = AUTH_UNIX;
  209         au->au_origcred.oa_base = mem_alloc((u_int) len);
  210         memcpy(au->au_origcred.oa_base, mymem, (size_t)len);
  211 
  212         /*
  213          * set auth handle to reflect new cred.
  214          */
  215         auth->ah_cred = au->au_origcred;
  216         marshal_new_auth(auth);
  217 
  218         sx_xlock(&auth_unix_lock);
  219         TAILQ_FOREACH(tau, &auth_unix_cache[h], au_link) {
  220                 if (!memcmp(&xcr, &tau->au_xcred, sizeof(xcr))) {
  221                         /*
  222                          * We lost a race to create the AUTH that
  223                          * matches this cred.
  224                          */
  225                         sx_xunlock(&auth_unix_lock);
  226                         AUTH_DESTROY(auth);
  227                         goto again;
  228                 }
  229         }
  230 
  231         auth_unix_count++;
  232         TAILQ_INSERT_TAIL(&auth_unix_cache[h], au, au_link);
  233         TAILQ_INSERT_TAIL(&auth_unix_all, au, au_alllink);
  234         refcount_acquire(&au->au_refs); /* one for the cache, one for user */
  235         sx_xunlock(&auth_unix_lock);
  236 
  237         return (auth);
  238 }
  239 
  240 /*
  241  * authunix operations
  242  */
  243 
  244 /* ARGSUSED */
  245 static void
  246 authunix_nextverf(AUTH *auth)
  247 {
  248         /* no action necessary */
  249 }
  250 
  251 static bool_t
  252 authunix_marshal(AUTH *auth, uint32_t xid, XDR *xdrs, struct mbuf *args)
  253 {
  254         struct audata *au;
  255 
  256         au = AUTH_PRIVATE(auth);
  257         if (!XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos))
  258                 return (FALSE);
  259 
  260         xdrmbuf_append(xdrs, args);
  261 
  262         return (TRUE);
  263 }
  264 
  265 static bool_t
  266 authunix_validate(AUTH *auth, uint32_t xid, struct opaque_auth *verf,
  267     struct mbuf **mrepp)
  268 {
  269         struct audata *au;
  270         XDR txdrs;
  271 
  272         if (!verf)
  273                 return (TRUE);
  274 
  275         if (verf->oa_flavor == AUTH_SHORT) {
  276                 au = AUTH_PRIVATE(auth);
  277                 xdrmem_create(&txdrs, verf->oa_base, verf->oa_length,
  278                     XDR_DECODE);
  279 
  280                 if (au->au_shcred.oa_base != NULL) {
  281                         mem_free(au->au_shcred.oa_base,
  282                             au->au_shcred.oa_length);
  283                         au->au_shcred.oa_base = NULL;
  284                 }
  285                 if (xdr_opaque_auth(&txdrs, &au->au_shcred)) {
  286                         auth->ah_cred = au->au_shcred;
  287                 } else {
  288                         txdrs.x_op = XDR_FREE;
  289                         (void)xdr_opaque_auth(&txdrs, &au->au_shcred);
  290                         au->au_shcred.oa_base = NULL;
  291                         auth->ah_cred = au->au_origcred;
  292                 }
  293                 marshal_new_auth(auth);
  294         }
  295 
  296         return (TRUE);
  297 }
  298 
  299 static bool_t
  300 authunix_refresh(AUTH *auth, void *dummy)
  301 {
  302         struct audata *au = AUTH_PRIVATE(auth);
  303         struct xucred xcr;
  304         uint32_t time;
  305         struct timeval now;
  306         XDR xdrs;
  307         int stat;
  308 
  309         if (auth->ah_cred.oa_base == au->au_origcred.oa_base) {
  310                 /* there is no hope.  Punt */
  311                 return (FALSE);
  312         }
  313         au->au_shfaults ++;
  314 
  315         /* first deserialize the creds back into a struct ucred */
  316         xdrmem_create(&xdrs, au->au_origcred.oa_base,
  317             au->au_origcred.oa_length, XDR_DECODE);
  318         stat = xdr_authunix_parms(&xdrs, &time, &xcr);
  319         if (! stat)
  320                 goto done;
  321 
  322         /* update the time and serialize in place */
  323         getmicrotime(&now);
  324         time = now.tv_sec;
  325         xdrs.x_op = XDR_ENCODE;
  326         XDR_SETPOS(&xdrs, 0);
  327 
  328         stat = xdr_authunix_parms(&xdrs, &time, &xcr);
  329         if (! stat)
  330                 goto done;
  331         auth->ah_cred = au->au_origcred;
  332         marshal_new_auth(auth);
  333 done:
  334         XDR_DESTROY(&xdrs);
  335         return (stat);
  336 }
  337 
  338 static void
  339 authunix_destroy(AUTH *auth)
  340 {
  341         struct audata *au;
  342 
  343         au = AUTH_PRIVATE(auth);
  344 
  345         if (!refcount_release(&au->au_refs))
  346                 return;
  347 
  348         mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length);
  349 
  350         if (au->au_shcred.oa_base != NULL)
  351                 mem_free(au->au_shcred.oa_base, au->au_shcred.oa_length);
  352 
  353         mem_free(auth->ah_private, sizeof(struct audata));
  354 
  355         if (auth->ah_verf.oa_base != NULL)
  356                 mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length);
  357 
  358         mem_free(auth, sizeof(*auth));
  359 }
  360 
  361 /*
  362  * Marshals (pre-serializes) an auth struct.
  363  * sets private data, au_marshed and au_mpos
  364  */
  365 static void
  366 marshal_new_auth(AUTH *auth)
  367 {
  368         XDR     xdr_stream;
  369         XDR     *xdrs = &xdr_stream;
  370         struct audata *au;
  371 
  372         au = AUTH_PRIVATE(auth);
  373         xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
  374         if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
  375             (! xdr_opaque_auth(xdrs, &(auth->ah_verf))))
  376                 printf("auth_none.c - Fatal marshalling problem");
  377         else
  378                 au->au_mpos = XDR_GETPOS(xdrs);
  379         XDR_DESTROY(xdrs);
  380 }

Cache object: 8c7d27e75f91f268c7c0f53403b868a2


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.