The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/rpc/auth_unix.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: auth_unix.c,v 1.18 2000/07/06 03:03:30 christos Exp $  */
    2 
    3 /*
    4  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
    5  * unrestricted use provided that this legend is included on all tape
    6  * media and as a part of the software program in whole or part.  Users
    7  * may copy or modify Sun RPC without charge, but are not authorized
    8  * to license or distribute it to anyone else except as part of a product or
    9  * program developed by the user.
   10  *
   11  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
   12  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
   13  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
   14  *
   15  * Sun RPC is provided with no support and without any obligation on the
   16  * part of Sun Microsystems, Inc. to assist in its use, correction,
   17  * modification or enhancement.
   18  *
   19  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
   20  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
   21  * OR ANY PART THEREOF.
   22  *
   23  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
   24  * or profits or other special, indirect and consequential damages, even if
   25  * Sun has been advised of the possibility of such damages.
   26  *
   27  * Sun Microsystems, Inc.
   28  * 2550 Garcia Avenue
   29  * Mountain View, California  94043
   30  */
   31 
   32 #if defined(LIBC_SCCS) && !defined(lint)
   33 static char *sccsid2 = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro";
   34 static char *sccsid = "@(#)auth_unix.c  2.2 88/08/01 4.0 RPCSRC";
   35 #endif
   36 #include <sys/cdefs.h>
   37 __FBSDID("$FreeBSD: releng/8.1/sys/rpc/auth_unix.c 199583 2009-11-20 15:27:52Z jhb $");
   38 
   39 /*
   40  * auth_unix.c, Implements UNIX style authentication parameters.
   41  *
   42  * Copyright (C) 1984, Sun Microsystems, Inc.
   43  *
   44  * The system is very weak.  The client uses no encryption for it's
   45  * credentials and only sends null verifiers.  The server sends backs
   46  * null verifiers or optionally a verifier that suggests a new short hand
   47  * for the credentials.
   48  *
   49  */
   50 
   51 #include <sys/param.h>
   52 #include <sys/systm.h>
   53 #include <sys/hash.h>
   54 #include <sys/kernel.h>
   55 #include <sys/lock.h>
   56 #include <sys/malloc.h>
   57 #include <sys/pcpu.h>
   58 #include <sys/refcount.h>
   59 #include <sys/sx.h>
   60 #include <sys/ucred.h>
   61 
   62 #include <rpc/types.h>
   63 #include <rpc/xdr.h>
   64 #include <rpc/auth.h>
   65 #include <rpc/clnt.h>
   66 
   67 #include <rpc/rpc_com.h>
   68 
   69 /* auth_unix.c */
   70 static void authunix_nextverf (AUTH *);
   71 static bool_t authunix_marshal (AUTH *, uint32_t, XDR *, struct mbuf *);
   72 static bool_t authunix_validate (AUTH *, uint32_t, struct opaque_auth *,
   73     struct mbuf **);
   74 static bool_t authunix_refresh (AUTH *, void *);
   75 static void authunix_destroy (AUTH *);
   76 static void marshal_new_auth (AUTH *);
   77 
   78 static struct auth_ops authunix_ops = {
   79         .ah_nextverf =          authunix_nextverf,
   80         .ah_marshal =           authunix_marshal,
   81         .ah_validate =          authunix_validate,
   82         .ah_refresh =           authunix_refresh,
   83         .ah_destroy =           authunix_destroy,
   84 };
   85 
   86 /*
   87  * This struct is pointed to by the ah_private field of an auth_handle.
   88  */
   89 struct audata {
   90         TAILQ_ENTRY(audata)     au_link;
   91         TAILQ_ENTRY(audata)     au_alllink;
   92         volatile u_int          au_refs;
   93         struct xucred           au_xcred;
   94         struct opaque_auth      au_origcred;    /* original credentials */
   95         struct opaque_auth      au_shcred;      /* short hand cred */
   96         u_long                  au_shfaults;    /* short hand cache faults */
   97         char                    au_marshed[MAX_AUTH_BYTES];
   98         u_int                   au_mpos;        /* xdr pos at end of marshed */
   99         AUTH                    *au_auth;       /* link back to AUTH */
  100 };
  101 TAILQ_HEAD(audata_list, audata);
  102 #define AUTH_PRIVATE(auth)      ((struct audata *)auth->ah_private)
  103 
  104 #define AUTH_UNIX_HASH_SIZE     16
  105 #define AUTH_UNIX_MAX           256
  106 static struct audata_list auth_unix_cache[AUTH_UNIX_HASH_SIZE];
  107 static struct audata_list auth_unix_all;
  108 static struct sx auth_unix_lock;
  109 static int auth_unix_count;
  110 
  111 static void
  112 authunix_init(void *dummy)
  113 {
  114         int i;
  115 
  116         for (i = 0; i < AUTH_UNIX_HASH_SIZE; i++)
  117                 TAILQ_INIT(&auth_unix_cache[i]);
  118         TAILQ_INIT(&auth_unix_all);
  119         sx_init(&auth_unix_lock, "auth_unix_lock");
  120 }
  121 SYSINIT(authunix_init, SI_SUB_KMEM, SI_ORDER_ANY, authunix_init, NULL);
  122 
  123 /*
  124  * Create a unix style authenticator.
  125  * Returns an auth handle with the given stuff in it.
  126  */
  127 AUTH *
  128 authunix_create(struct ucred *cred)
  129 {
  130         uint32_t h, th;
  131         struct xucred xcr;
  132         char mymem[MAX_AUTH_BYTES];
  133         XDR xdrs;
  134         AUTH *auth;
  135         struct audata *au, *tau;
  136         struct timeval now;
  137         uint32_t time;
  138         int len;
  139 
  140         if (auth_unix_count > AUTH_UNIX_MAX) {
  141                 while (auth_unix_count > AUTH_UNIX_MAX) {
  142                         sx_xlock(&auth_unix_lock);
  143                         tau = TAILQ_FIRST(&auth_unix_all);
  144                         th = HASHSTEP(HASHINIT, tau->au_xcred.cr_uid)
  145                                 % AUTH_UNIX_HASH_SIZE;
  146                         TAILQ_REMOVE(&auth_unix_cache[th], tau, au_link);
  147                         TAILQ_REMOVE(&auth_unix_all, tau, au_alllink);
  148                         auth_unix_count--;
  149                         sx_xunlock(&auth_unix_lock);
  150                         AUTH_DESTROY(tau->au_auth);
  151                 }
  152         }
  153 
  154         /*
  155          * Hash the uid to see if we already have an AUTH with this cred.
  156          */
  157         h = HASHSTEP(HASHINIT, cred->cr_uid) % AUTH_UNIX_HASH_SIZE;
  158         cru2x(cred, &xcr);
  159 again:
  160         sx_slock(&auth_unix_lock);
  161         TAILQ_FOREACH(au, &auth_unix_cache[h], au_link) {
  162                 if (!memcmp(&xcr, &au->au_xcred, sizeof(xcr))) {
  163                         refcount_acquire(&au->au_refs);
  164                         if (sx_try_upgrade(&auth_unix_lock)) {
  165                                 /*
  166                                  * Keep auth_unix_all LRU sorted.
  167                                  */
  168                                 TAILQ_REMOVE(&auth_unix_all, au, au_alllink);
  169                                 TAILQ_INSERT_TAIL(&auth_unix_all, au,
  170                                     au_alllink);
  171                                 sx_xunlock(&auth_unix_lock);
  172                         } else {
  173                                 sx_sunlock(&auth_unix_lock);
  174                         }
  175                         return (au->au_auth);
  176                 }
  177         }
  178 
  179         sx_sunlock(&auth_unix_lock);
  180 
  181         /*
  182          * Allocate and set up auth handle
  183          */
  184         au = NULL;
  185         auth = mem_alloc(sizeof(*auth));
  186         au = mem_alloc(sizeof(*au));
  187         auth->ah_ops = &authunix_ops;
  188         auth->ah_private = (caddr_t)au;
  189         auth->ah_verf = au->au_shcred = _null_auth;
  190         refcount_init(&au->au_refs, 1);
  191         au->au_xcred = xcr;
  192         au->au_shfaults = 0;
  193         au->au_origcred.oa_base = NULL;
  194         au->au_auth = auth;
  195 
  196         getmicrotime(&now);
  197         time = now.tv_sec;
  198 
  199         /*
  200          * Serialize the parameters into origcred
  201          */
  202         xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
  203         cru2x(cred, &xcr);
  204         if (! xdr_authunix_parms(&xdrs, &time, &xcr)) 
  205                 panic("authunix_create: failed to encode creds");
  206         au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
  207         au->au_origcred.oa_flavor = AUTH_UNIX;
  208         au->au_origcred.oa_base = mem_alloc((u_int) len);
  209         memcpy(au->au_origcred.oa_base, mymem, (size_t)len);
  210 
  211         /*
  212          * set auth handle to reflect new cred.
  213          */
  214         auth->ah_cred = au->au_origcred;
  215         marshal_new_auth(auth);
  216 
  217         sx_xlock(&auth_unix_lock);
  218         TAILQ_FOREACH(tau, &auth_unix_cache[h], au_link) {
  219                 if (!memcmp(&xcr, &tau->au_xcred, sizeof(xcr))) {
  220                         /*
  221                          * We lost a race to create the AUTH that
  222                          * matches this cred.
  223                          */
  224                         sx_xunlock(&auth_unix_lock);
  225                         AUTH_DESTROY(auth);
  226                         goto again;
  227                 }
  228         }
  229 
  230         auth_unix_count++;
  231         TAILQ_INSERT_TAIL(&auth_unix_cache[h], au, au_link);
  232         TAILQ_INSERT_TAIL(&auth_unix_all, au, au_alllink);
  233         refcount_acquire(&au->au_refs); /* one for the cache, one for user */
  234         sx_xunlock(&auth_unix_lock);
  235 
  236         return (auth);
  237 }
  238 
  239 /*
  240  * authunix operations
  241  */
  242 
  243 /* ARGSUSED */
  244 static void
  245 authunix_nextverf(AUTH *auth)
  246 {
  247         /* no action necessary */
  248 }
  249 
  250 static bool_t
  251 authunix_marshal(AUTH *auth, uint32_t xid, XDR *xdrs, struct mbuf *args)
  252 {
  253         struct audata *au;
  254 
  255         au = AUTH_PRIVATE(auth);
  256         if (!XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos))
  257                 return (FALSE);
  258 
  259         xdrmbuf_append(xdrs, args);
  260 
  261         return (TRUE);
  262 }
  263 
  264 static bool_t
  265 authunix_validate(AUTH *auth, uint32_t xid, struct opaque_auth *verf,
  266     struct mbuf **mrepp)
  267 {
  268         struct audata *au;
  269         XDR txdrs;
  270 
  271         if (!verf)
  272                 return (TRUE);
  273 
  274         if (verf->oa_flavor == AUTH_SHORT) {
  275                 au = AUTH_PRIVATE(auth);
  276                 xdrmem_create(&txdrs, verf->oa_base, verf->oa_length,
  277                     XDR_DECODE);
  278 
  279                 if (au->au_shcred.oa_base != NULL) {
  280                         mem_free(au->au_shcred.oa_base,
  281                             au->au_shcred.oa_length);
  282                         au->au_shcred.oa_base = NULL;
  283                 }
  284                 if (xdr_opaque_auth(&txdrs, &au->au_shcred)) {
  285                         auth->ah_cred = au->au_shcred;
  286                 } else {
  287                         txdrs.x_op = XDR_FREE;
  288                         (void)xdr_opaque_auth(&txdrs, &au->au_shcred);
  289                         au->au_shcred.oa_base = NULL;
  290                         auth->ah_cred = au->au_origcred;
  291                 }
  292                 marshal_new_auth(auth);
  293         }
  294 
  295         return (TRUE);
  296 }
  297 
  298 static bool_t
  299 authunix_refresh(AUTH *auth, void *dummy)
  300 {
  301         struct audata *au = AUTH_PRIVATE(auth);
  302         struct xucred xcr;
  303         uint32_t time;
  304         struct timeval now;
  305         XDR xdrs;
  306         int stat;
  307 
  308         if (auth->ah_cred.oa_base == au->au_origcred.oa_base) {
  309                 /* there is no hope.  Punt */
  310                 return (FALSE);
  311         }
  312         au->au_shfaults ++;
  313 
  314         /* first deserialize the creds back into a struct ucred */
  315         xdrmem_create(&xdrs, au->au_origcred.oa_base,
  316             au->au_origcred.oa_length, XDR_DECODE);
  317         stat = xdr_authunix_parms(&xdrs, &time, &xcr);
  318         if (! stat)
  319                 goto done;
  320 
  321         /* update the time and serialize in place */
  322         getmicrotime(&now);
  323         time = now.tv_sec;
  324         xdrs.x_op = XDR_ENCODE;
  325         XDR_SETPOS(&xdrs, 0);
  326 
  327         stat = xdr_authunix_parms(&xdrs, &time, &xcr);
  328         if (! stat)
  329                 goto done;
  330         auth->ah_cred = au->au_origcred;
  331         marshal_new_auth(auth);
  332 done:
  333         XDR_DESTROY(&xdrs);
  334         return (stat);
  335 }
  336 
  337 static void
  338 authunix_destroy(AUTH *auth)
  339 {
  340         struct audata *au;
  341 
  342         au = AUTH_PRIVATE(auth);
  343 
  344         if (!refcount_release(&au->au_refs))
  345                 return;
  346 
  347         mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length);
  348 
  349         if (au->au_shcred.oa_base != NULL)
  350                 mem_free(au->au_shcred.oa_base, au->au_shcred.oa_length);
  351 
  352         mem_free(auth->ah_private, sizeof(struct audata));
  353 
  354         if (auth->ah_verf.oa_base != NULL)
  355                 mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length);
  356 
  357         mem_free(auth, sizeof(*auth));
  358 }
  359 
  360 /*
  361  * Marshals (pre-serializes) an auth struct.
  362  * sets private data, au_marshed and au_mpos
  363  */
  364 static void
  365 marshal_new_auth(AUTH *auth)
  366 {
  367         XDR     xdr_stream;
  368         XDR     *xdrs = &xdr_stream;
  369         struct audata *au;
  370 
  371         au = AUTH_PRIVATE(auth);
  372         xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
  373         if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
  374             (! xdr_opaque_auth(xdrs, &(auth->ah_verf))))
  375                 printf("auth_none.c - Fatal marshalling problem");
  376         else
  377                 au->au_mpos = XDR_GETPOS(xdrs);
  378         XDR_DESTROY(xdrs);
  379 }

Cache object: e8bfe609d0b6c50a77eebb12b5600f78


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.