+2004-06-15 Tom Yu <tlyu@mit.edu>
+
+ * kadmin.c (kadmin_startup): Add option to force old AUTH_GSSAPI
+ flavor.
+
2004-05-31 Ezra Peisach <epeisach@mit.edu>
* kadmin.h, keytab.c: Remove inclusion of k5-int.h.
exit(1);
}
- while ((optchar = getopt(argc, argv, "r:p:kq:w:d:s:mc:t:e:")) != EOF) {
+ while ((optchar = getopt(argc, argv, "r:p:kq:w:d:s:mc:t:e:O")) != EOF) {
switch (optchar) {
case 'r':
def_realm = optarg;
}
params.mask |= KADM5_CONFIG_ENCTYPES;
break;
+ case 'O':
+ params.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
+ break;
default:
usage();
}
+2004-06-15 Tom Yu <tlyu@mit.edu>
+
+ * kadm5_create.c (add_admin_princs): Create kadmin/fqdn
+ principal.
+
2003-04-23 Ken Raeburn <raeburn@mit.edu>
* kdb5_destroy.c, kdb5_stash.c: Don't declare errno.
static int add_admin_princs(void *handle, krb5_context context, char *realm)
{
krb5_error_code ret = 0;
-
+ char service_name[MAXHOSTNAMELEN + 8];
+ char localname[MAXHOSTNAMELEN];
+ struct hostent *hp;
+
+ if (gethostname(localname, MAXHOSTNAMELEN)) {
+ ret = errno;
+ perror("gethostname");
+ goto clean_and_exit;
+ }
+ hp = gethostbyname(localname);
+ if (hp == NULL) {
+ ret = errno;
+ perror("gethostbyname");
+ goto clean_and_exit;
+ }
+ sprintf(service_name, "kadmin/%s", hp->h_name);
+
+ if ((ret = add_admin_princ(handle, context,
+ service_name, realm,
+ KRB5_KDB_DISALLOW_TGT_BASED,
+ ADMIN_LIFETIME)))
+ goto clean_and_exit;
+
if ((ret = add_admin_princ(handle, context,
KADM5_ADMIN_SERVICE, realm,
KRB5_KDB_DISALLOW_TGT_BASED,
+2004-06-15 Tom Yu <tlyu@mit.edu>
+
+ * kadm_rpc_svc.c (check_rpcsec_auth, gss_to_krb5_name): New
+ functions to check service name for RPCSEC_GSS.
+ (kadm_1): Add service name check for RPCSEC_GSS.
+
+ * ovsec_kadmd.c (main): Setup logging calllbacks for RPCSEC_GSS.
+ Use GSS_C_N_NAME for acceptor name for RPCSEC_GSS.
+ (log_badverf): Handle null client and server names.
+
+ * server_stubs.c (rqst2name): New function to return appropriate
+ gss_name_t for a given auth flavor (RPCSEC_GSS and AUTH_GSSAPI use
+ different field names).
+
+2004-05-27 Tom Yu <tlyu@mit.edu>
+
+ * kadm_rpc_svc.c (kadm_1): Allow RPCSEC_GSS; remove
+ AUTH_GSSAPI_COMPAT.
+
+ * misc.h (kadm_1): Conditionalize prototype on SVC_GETARGS rather
+ than on an inclusion-protection macro.
+
+ * ovsec_kadmd.c (main): Add preliminary support for RPCSEC_GSS.
+ (do_schpw, kadm_svc_run): Update some names.
+
2004-03-20 Ken Raeburn <raeburn@mit.edu>
* ovsec_kadmd.c (main): Use any handy krb5 context to register
#include <stdio.h>
#include <gssrpc/rpc.h>
+#include <gssapi/gssapi_krb5.h> /* for gss_nt_krb5_name */
#include <syslog.h>
#ifdef HAVE_MEMORY_H
#include <memory.h>
#include <arpa/inet.h>
#endif
#include "misc.h"
+#include "kadm5/server_internal.h"
+extern void *global_server_handle;
+
+static int check_rpcsec_auth(struct svc_req *);
+static int gss_to_krb5_name(struct svc_req *, krb5_context, gss_name_t, krb5_principal *, gss_buffer_t);
+
+void log_badauth(OM_uint32 major, OM_uint32 minor,
+ struct sockaddr_in *addr, char *data);
/*
* Function: kadm_1
*
char *(*local)();
if (rqstp->rq_cred.oa_flavor != AUTH_GSSAPI &&
- rqstp->rq_cred.oa_flavor != AUTH_GSSAPI_COMPAT) {
- krb5_klog_syslog(LOG_ERR, "Authentication attempt failed: %s, invalid "
+ !check_rpcsec_auth(rqstp)) {
+ krb5_klog_syslog(LOG_ERR, "Authentication attempt failed: %s, "
"RPC authentication flavor %d",
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
rqstp->rq_cred.oa_flavor);
}
return;
}
+
+static int
+check_rpcsec_auth(struct svc_req *rqstp)
+{
+ gss_ctx_id_t ctx;
+ krb5_context kctx;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t name;
+ krb5_principal princ;
+ int ret, success;
+ krb5_data *c1, *c2, *realm;
+ gss_buffer_desc gss_str;
+ kadm5_server_handle_t handle;
+
+ success = 0;
+ handle = (kadm5_server_handle_t)global_server_handle;
+
+ if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS)
+ return 0;
+
+ ctx = rqstp->rq_svccred;
+
+ maj_stat = gss_inquire_context(&min_stat, ctx, NULL, &name,
+ NULL, NULL, NULL, NULL, NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ krb5_klog_syslog(LOG_ERR, "check_rpcsec_auth: "
+ "failed inquire_context, stat=%u", maj_stat);
+ log_badauth(maj_stat, min_stat,
+ &rqstp->rq_xprt->xp_raddr, NULL);
+ goto fail_name;
+ }
+
+ kctx = handle->context;
+ ret = gss_to_krb5_name(rqstp, kctx, name, &princ, &gss_str);
+ if (ret == 0)
+ goto fail_name;
+
+ /*
+ * Since we accept with GSS_C_NO_NAME, the client can authenticate
+ * against the entire kdb. Therefore, ensure that the service
+ * name is something reasonable.
+ */
+ if (krb5_princ_size(kctx, princ) != 2)
+ goto fail_princ;
+
+ c1 = krb5_princ_component(kctx, princ, 0);
+ c2 = krb5_princ_component(kctx, princ, 1);
+ realm = krb5_princ_realm(kctx, princ);
+ if (strncmp(handle->params.realm, realm->data, realm->length) == 0
+ && strncmp("kadmin", c1->data, c1->length) == 0) {
+
+ if (strncmp("history", c2->data, c2->length) == 0)
+ goto fail_princ;
+ else
+ success = 1;
+ }
+
+fail_princ:
+ if (!success) {
+ krb5_klog_syslog(LOG_ERR, "bad service principal %.*s",
+ gss_str.length, gss_str.value);
+ }
+ gss_release_buffer(&min_stat, &gss_str);
+ krb5_free_principal(kctx, princ);
+fail_name:
+ gss_release_name(&min_stat, &name);
+ return success;
+}
+
+static int
+gss_to_krb5_name(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name,
+ krb5_principal *princ, gss_buffer_t gss_str)
+{
+ OM_uint32 status, minor_stat;
+ gss_OID gss_type;
+ char *str;
+ int success;
+
+ status = gss_display_name(&minor_stat, gss_name, gss_str, &gss_type);
+ if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name)) {
+ krb5_klog_syslog(LOG_ERR,
+ "gss_to_krb5_name: "
+ "failed display_name status %d", status);
+ log_badauth(status, minor_stat,
+ &rqstp->rq_xprt->xp_raddr, NULL);
+ return 0;
+ }
+ str = malloc(gss_str->length +1);
+ if (str == NULL)
+ return 0;
+ *str = '\0';
+
+ strncat(str, gss_str->value, gss_str->length);
+ success = (krb5_parse_name(ctx, str, princ) == 0);
+ free(str);
+ return success;
+}
struct sockaddr_in *sockin,
krb5_data *req, krb5_data *rep);
-#ifdef __SVC_HEADER__
+#ifdef SVC_GETARGS
void kadm_1(struct svc_req *, SVCXPRT *);
#endif
#include <unistd.h>
#include <netinet/in.h>
#include <arpa/inet.h> /* inet_ntoa */
-#include <netdb.h>
#include <gssrpc/rpc.h>
#include <gssapi/gssapi.h>
#include "gssapiP_krb5.h" /* for kg_get_context */
#define TIMEOUT 15
gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL;
+gss_name_t gss_kadmin_name = NULL;
void *global_server_handle;
/*
gss_buffer_desc gssbuf;
gss_OID nt_krb5_name_oid;
kadm5_config_params params;
-
+
+ setvbuf(stderr, NULL, _IONBF, 0);
+
/* This is OID value the Krb5_Name NameType */
gssbuf.value = "{1 2 840 113554 1 2 2 1}";
gssbuf.length = strlen(gssbuf.value);
* Try to acquire creds for the old OV services as well as the
* new names, but if that fails just fall back on the new names.
*/
- if (_svcauth_gssapi_set_names(names, 4) == TRUE)
+ if (svcauth_gssapi_set_names(names, 4) == TRUE)
oldnames++;
- if (!oldnames && _svcauth_gssapi_set_names(names, 2) == FALSE) {
+ if (!oldnames && svcauth_gssapi_set_names(names, 2) == FALSE) {
krb5_klog_syslog(LOG_ERR,
"Cannot set GSS-API authentication names (keytab not present?), "
"failing.");
fprintf(stderr, "%s: Cannot set GSS-API authentication names.\n",
whoami);
- _svcauth_gssapi_unset_names();
+ svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
krb5_klog_close(context);
exit(1);
&gss_oldchangepw_name);
}
- _svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
- _svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
- _svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
+ svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
+ svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
+ svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
+
+ svcauth_gss_set_log_badauth_func(log_badauth, NULL);
+ svcauth_gss_set_log_badverf_func(log_badverf, NULL);
+ svcauth_gss_set_log_miscerr_func(log_miscerr, NULL);
+ if (svcauth_gss_set_svc_name(GSS_C_NO_NAME) != TRUE) {
+ fprintf(stderr, "%s: Cannot initialize RPCSEC_GSS service name.\n",
+ whoami);
+ exit(1);
+ }
+
if ((ret = acl_init(context, 0, params.acl_file))) {
krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s",
error_message(ret));
fprintf(stderr, "%s: Cannot initialize acl file: %s\n",
whoami, error_message(ret));
- _svcauth_gssapi_unset_names();
+ svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
krb5_klog_close(context);
exit(1);
krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", error_message(ret));
fprintf(stderr, "%s: Cannot detach from tty: %s\n",
whoami, error_message(ret));
- _svcauth_gssapi_unset_names();
+ svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
krb5_klog_close(context);
exit(1);
krb5_klog_syslog(LOG_INFO, "finished, exiting");
/* Clean up memory, etc */
- _svcauth_gssapi_unset_names();
+ svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
close(s);
acl_finish(context, 0);
kadm5_config_params *params;
{
fd_set rfd;
- int sz = _gssrpc_rpc_dtablesize();
+ int sz = gssrpc__rpc_dtablesize();
struct timeval timeout;
while(signal_request_exit == 0) {
(void) gss_display_name(&minor, client_name, &client, &gss_type);
(void) gss_display_name(&minor, server_name, &server, &gss_type);
+ if (client.value == NULL)
+ client.value = "(null)";
+ if (server.value == NULL)
+ server.value = "(null)";
a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
proc = msg->rm_call.cb_proc;
error_message(errno));
fprintf(stderr, "Cannot create connecting socket: %s",
error_message(errno));
- _svcauth_gssapi_unset_names();
+ svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
krb5_klog_close(context);
exit(1);
#include <krb5/adm_proto.h> /* krb5_klog_syslog */
#include "misc.h"
-#define xdr_free gssrpc_xdr_free /* XXX kludge */
-
#define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s"
#define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
static gss_name_t acceptor_name(gss_ctx_id_t context);
+static gss_name_t rqst2name(struct svc_req *rqstp);
+
static int cmp_gss_names(gss_name_t n1, gss_name_t n2)
{
OM_uint32 emaj, emin;
*handle = *(kadm5_server_handle_t)global_server_handle;
handle->api_version = api_version;
-
- if (! gss_to_krb5_name(handle, rqstp->rq_clntcred,
+
+ if (! gss_to_krb5_name(handle, rqst2name(rqstp),
&handle->current_caller)) {
free(handle);
return KADM5_FAILURE;
OM_uint32 maj_stat, min_stat;
gss_name_t server_gss_name;
- if (gss_name_to_string(rqstp->rq_clntcred, client_name) != 0)
+ if (gss_name_to_string(rqst2name(rqstp), client_name) != 0)
return -1;
maj_stat = gss_inquire_context(&min_stat, rqstp->rq_svccred, NULL,
&server_gss_name, NULL, NULL, NULL,
}
if (CHANGEPW_SERVICE(rqstp)
- || !acl_check(handle->context, rqstp->rq_clntcred, ACL_ADD,
+ || !acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
arg->rec.principal, &rp)
|| acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
}
if (CHANGEPW_SERVICE(rqstp)
- || !acl_check(handle->context, rqstp->rq_clntcred, ACL_ADD,
+ || !acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
arg->rec.principal, &rp)
|| acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
}
if (CHANGEPW_SERVICE(rqstp)
- || !acl_check(handle->context, rqstp->rq_clntcred, ACL_DELETE,
+ || !acl_check(handle->context, rqst2name(rqstp), ACL_DELETE,
arg->princ, NULL)) {
ret.code = KADM5_AUTH_DELETE;
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal",
}
if (CHANGEPW_SERVICE(rqstp)
- || !acl_check(handle->context, rqstp->rq_clntcred, ACL_MODIFY,
+ || !acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY,
arg->rec.principal, &rp)
|| acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
ret.code = KADM5_OK;
if (! CHANGEPW_SERVICE(rqstp)) {
- if (!acl_check(handle->context, rqstp->rq_clntcred,
+ if (!acl_check(handle->context, rqst2name(rqstp),
ACL_DELETE, arg->src, NULL))
ret.code = KADM5_AUTH_DELETE;
/* any restrictions at all on the ADD kills the RENAME */
- if (!acl_check(handle->context, rqstp->rq_clntcred,
+ if (!acl_check(handle->context, rqst2name(rqstp),
ACL_ADD, arg->dest, &rp) || rp) {
if (ret.code == KADM5_AUTH_DELETE)
ret.code = KADM5_AUTH_INSUFFICIENT;
return &ret;
}
- if (! cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ) &&
+ if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) &&
(CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- rqstp->rq_clntcred,
+ rqst2name(rqstp),
ACL_INQUIRE,
arg->princ,
NULL))) {
prime_arg = "*";
if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- rqstp->rq_clntcred,
+ rqst2name(rqstp),
ACL_LIST,
NULL,
NULL)) {
return &ret;
}
- if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) {
+ if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
FALSE, 0, NULL, arg->pass);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, rqstp->rq_clntcred,
+ acl_check(handle->context, rqst2name(rqstp),
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
arg->pass);
return &ret;
}
- if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) {
+ if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
arg->keepold,
arg->n_ks_tuple,
arg->ks_tuple,
arg->pass);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, rqstp->rq_clntcred,
+ acl_check(handle->context, rqst2name(rqstp),
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ,
arg->keepold,
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, rqstp->rq_clntcred,
+ acl_check(handle->context, rqst2name(rqstp),
ACL_SETKEY, arg->princ, NULL)) {
ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
arg->keyblock);
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, rqstp->rq_clntcred,
+ acl_check(handle->context, rqst2name(rqstp),
ACL_SETKEY, arg->princ, NULL)) {
ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
arg->keyblocks, arg->n_keys);
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, rqstp->rq_clntcred,
+ acl_check(handle->context, rqst2name(rqstp),
ACL_SETKEY, arg->princ, NULL)) {
ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ,
arg->keepold,
return &ret;
}
- if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) {
+ if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
FALSE, 0, NULL, &k, &nkeys);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, rqstp->rq_clntcred,
+ acl_check(handle->context, rqst2name(rqstp),
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
&k, &nkeys);
return &ret;
}
- if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) {
+ if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
arg->keepold,
arg->n_ks_tuple,
arg->ks_tuple,
&k, &nkeys);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, rqstp->rq_clntcred,
+ acl_check(handle->context, rqst2name(rqstp),
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ,
arg->keepold,
prime_arg = arg->rec.policy;
if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- rqstp->rq_clntcred,
+ rqst2name(rqstp),
ACL_ADD, NULL, NULL)) {
ret.code = KADM5_AUTH_ADD;
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy",
prime_arg = arg->name;
if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- rqstp->rq_clntcred,
+ rqst2name(rqstp),
ACL_DELETE, NULL, NULL)) {
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy",
prime_arg, client_name.value, service_name.value,
prime_arg = arg->rec.policy;
if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- rqstp->rq_clntcred,
+ rqst2name(rqstp),
ACL_MODIFY, NULL, NULL)) {
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy",
prime_arg, client_name.value, service_name.value,
ret.code = KADM5_AUTH_GET;
if (!CHANGEPW_SERVICE(rqstp) && acl_check(handle->context,
- rqstp->rq_clntcred,
+ rqst2name(rqstp),
ACL_INQUIRE, NULL, NULL))
ret.code = KADM5_OK;
else {
prime_arg = "*";
if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- rqstp->rq_clntcred,
+ rqst2name(rqstp),
ACL_LIST, NULL, NULL)) {
ret.code = KADM5_AUTH_LIST;
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies",
return &ret;
}
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE,
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d",
(ret.api_version == KADM5_API_VERSION_1 ?
"kadm5_init (V1)" : "kadm5_init"),
client_name.value,
(ret.code == 0) ? "success" : error_message(ret.code),
client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
+ rqstp->rq_cred.oa_flavor);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
return(&ret);
}
+
+static gss_name_t
+rqst2name(struct svc_req *rqstp)
+{
+
+ if (rqstp->rq_cred.oa_flavor == RPCSEC_GSS)
+ return rqstp->rq_clntname;
+ else
+ return rqstp->rq_clntcred;
+}
+2004-06-15 Tom Yu <tlyu@mit.edu>
+
+ * admin.h (kadm5_get_admin_service_name): Prototype for new function.
+ (KADM5_CONFIG_OLD_AUTH_GSSAPI): New flag to force old AUTH_GSSAPI
+ flavor.
+
+ * alt_prof.c (kadm5_get_admin_service_name): New function.
+
2004-02-12 Tom Yu <tlyu@mit.edu>
* configure.in: Invoke PRIOCNTL_HACK.
#define KADM5_CONFIG_DICT_FILE 0x020000
#define KADM5_CONFIG_MKEY_FROM_KBD 0x040000
#define KADM5_CONFIG_KPASSWD_PORT 0x080000
-
+#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000
+
/*
* permission bits
*/
krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
kadm5_config_params *params);
+
+krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
+ char *, size_t);
#endif
kadm5_ret_t kadm5_init(char *client_name, char *pass,
return(0);
}
+krb5_error_code
+kadm5_get_admin_service_name(krb5_context ctx,
+ char *realm_in,
+ char *admin_name,
+ size_t maxlen)
+{
+ krb5_error_code ret;
+ kadm5_config_params params_in, params_out;
+ struct hostent *hp;
+
+ memset(¶ms_in, 0, sizeof(params_in));
+ memset(¶ms_out, 0, sizeof(params_out));
+
+ params_in.mask |= KADM5_CONFIG_ADMIN_SERVER;
+ ret = kadm5_get_config_params(ctx, NULL, NULL, ¶ms_in, ¶ms_out);
+ if (ret)
+ return ret;
+
+ hp = gethostbyname(params_out.admin_server);
+ if (hp == NULL) {
+ ret = errno;
+ goto err_params;
+ }
+ if (strlen(hp->h_name) + sizeof("kadmin/") > maxlen) {
+ ret = ENOMEM;
+ goto err_params;
+ }
+ sprintf(admin_name, "kadmin/%s", hp->h_name);
+
+err_params:
+ free(params_out.admin_server);
+ return ret;
+}
+
/***********************************************************************
* This is the old krb5_realm_read_params, which I mutated into
* kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
+2004-06-15 Tom Yu <tlyu@mit.edu>
+
+ * client_principal.c (eret): Add some debugging messages for some
+ RPC errors.
+
+ * client_init.c (_kadm5_init_any): Add support for RPCSEC_GSS.
+ Default to using AUTH_GSSAPI for ovsec.
+
2004-06-04 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (LIBBASE): Renamed from LIB.
#define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX"
+static int old_auth_gssapi = 0;
enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS };
realm = params_local.realm = (char *) params_in;
if (params_in)
params_local.mask = KADM5_CONFIG_REALM;
+
+ /* Use old AUTH_GSSAPI for version 1 protocol. */
+ params_local.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
params_in = ¶ms_local;
} else {
if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
}
#ifndef INIT_TEST
- handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
- &gssstat,
- &minor_stat,
- gss_client_creds,
- gss_target,
- (gss_OID) gss_mech_krb5,
- GSS_C_MUTUAL_FLAG
- | GSS_C_REPLAY_FLAG,
- 0,
- NULL,
- NULL,
- NULL);
+ if (params_in != NULL &&
+ (params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) {
+ handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
+ &gssstat,
+ &minor_stat,
+ gss_client_creds,
+ gss_target,
+ (gss_OID) gss_mech_krb5,
+ GSS_C_MUTUAL_FLAG
+ | GSS_C_REPLAY_FLAG,
+ 0,
+ NULL,
+ NULL,
+ NULL);
+ } else {
+ struct rpc_gss_sec sec;
+ sec.mech = gss_mech_krb5;
+ sec.qop = GSS_C_QOP_DEFAULT;
+ sec.svc = RPCSEC_GSS_SVC_PRIVACY;
+ handle->clnt->cl_auth = authgss_create(handle->clnt,
+ gss_target, &sec);
+ }
(void) gss_release_name(&minor_stat, &gss_target);
#endif /* ! INIT_TEST */
r = init_1(&handle->api_version, handle->clnt);
if (r == NULL) {
code = KADM5_RPC_ERROR;
+#ifdef DEBUG
+ clnt_perror(handle->clnt, "init_1 null resp");
+#endif
goto error;
}
if (r->code) {
#endif
#include "client_internal.h"
+#ifdef DEBUG
+#define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0)
+#else
+#define eret() do { return KADM5_RPC_ERROR; } while (0)
+#endif
+
kadm5_ret_t
kadm5_create_principal(void *server_handle,
kadm5_principal_ent_t princ, long mask,
krb5_free_principal(handle->context, arg.rec.mod_name);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
krb5_free_principal(handle->context, arg.rec.mod_name);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
arg.api_version = handle->api_version;
r = delete_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
krb5_free_principal(handle->context, arg.rec.mod_name);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
arg.api_version = handle->api_version;
r = get_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
if (handle->api_version == KADM5_API_VERSION_1) {
kadm5_principal_ent_t_v1 *entp;
arg.api_version = handle->api_version;
r = get_princs_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
if(r->code == 0) {
*count = r->count;
*princs = r->princs;
return EINVAL;
r = rename_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
return EINVAL;
r = chpass_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
return EINVAL;
r = chpass_principal3_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
return EINVAL;
r = setv4key_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
return EINVAL;
r = setkey_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
return EINVAL;
r = setkey_principal3_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
return EINVAL;
r = chrand_principal3_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
if (handle->api_version == KADM5_API_VERSION_1) {
if (key)
krb5_copy_keyblock(handle->context, &r->key, key);
return EINVAL;
r = chrand_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
if (handle->api_version == KADM5_API_VERSION_1) {
if (key)
krb5_copy_keyblock(handle->context, &r->key, key);
+2004-06-15 Tom Yu <tlyu@mit.edu>
+
+ * auth_gss.c (print_rpc_gss_sec): Use gss_oid_to_str().
+ (rpc_gss_data): Add field "established" to indicate whether
+ context establishment is in progress; this prevents recursive
+ failures when auth_refresh() calls clnt_call(). If clnt_call()
+ called from auth_refresh() gets an error condition, the
+ clnt_call() logic will attempt a refresh, which can cause the
+ cl_auth to get destroyed multiple times, corrupting memory.
+ (authgss_validate, authgss_refresh): Use gd->established.
+ (authgss_refresh): Release gd->gc_wire_verf.
+ (authgss_destroy_context): Log clnt_call() failures.
+
+ * auth_gssapi.h: Add prototypes for svcauth_gss_set_log_*_func.
+
+ * authgss_prot.c (log_status): Correctly reset msg_ctx between
+ different types of calls to gss_display_status().
+
+ * svc.c: Don't reset xp_auth prior to authenticating message.
+
+ * svc.h (svc_req): Remove rq_svcname; application can get it from
+ rq_svccred anyway.
+
+ * svc_auth_gss.c: Include auth_gssapi.h to get typedefs for
+ logging callback functions. Enable logging callbacks. Replace
+ SVCAUTH_PRIVATE_LVALUE() kludge. Fix up namespace somewhat to not
+ use reserved names.
+ (svcauth_gss_accept_sec_context): Free rpc_gss_init_args to avoid
+ leak. Release gr->gr_token on error conditions.
+ (svcauth_gss_nextverf, svcauth_gss_accept_sec_context):
+ (gssrpc__svcauth_gss): Use gd->checksum.
+ (gssrpc__svcauth_gss): Use macro ret_freegc() to ensure freeing of
+ gc. On destroy, set *no_dispatch=TRUE and explicitly send reply
+ to avoid application sending a NULLPROC reply with an invalid
+ verifier.
+
+ * svc_auth_gssapi.c (gssrpc__svcauth_gssapi): Set xp_auth to NULL
+ upon destroy.
+ (svc_auth_gssapi_destroy): New function so SVCAUTH_DESTROY() will
+ work.
+
+ * svc_tcp.c (svctcp_create, makefd_xprt): Initialize xp_auth to
+ NULL.
+ (svctcp_destroy): Call SVCAUTH_DESTROY() if appropriate.
+
+ * svc_udp.c (svcudp_bufcreate, svcudp_destroy): Initialize xp_auth
+ to NULL.
+ (svcudp_destroy): Only close xp_sock if it's not -1. Call
+ SVCAUTH_DESTROY() if appropriate.
+
+ * xdr_rec.c (xdrrec_getpos): Add CITI's fix to return position for
+ non-flushed buffers.
+
2004-06-04 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (LIBBASE): Renamed from LIB.
* clnt_tcp.c: Include string.h.
+2004-05-27 Tom Yu <tlyu@mit.edu>
+
+ * auth_any.c, svc_auth_any.c: Removed.
+
+ * auth_gss.h: New file, was CITI's auth_ssapi.h.
+
+ * auth_gss.c, authgss_prot.c, svc_auth_gssapi.c, svc_auth_none.c:
+ New files.
+
+ * rename.h: New file containing renaming macros for external
+ names.
+
+ * Makefile.in (DEFINES): Add -DGSSRPC__IMPL for accessing
+ internals.
+ (LIBMAJOR): Bump due to ABI changes; this ABI is still subject to
+ change without future version bumps until released.
+ (SRCS, OBJS, STLIBOBJS, HDRS, SRC_HDRS): Adjust for new files
+
+ * types.hin: Check for 8-bit bytes, two's-complement integers.
+ Use configure-determined inclusions of various headers instead of
+ depending on HAVE_*. Rearrange logic of sys/select.h,
+ netinet/in.h, etc. inclusions. Include rename.h. Add typedefs
+ for rpcprog_t, rpcvers_t, rpcprot_t, rpcproc_t, rpcport_t,
+ rpc_inline_t.
+ (GSSRPC__BEGIN_DECLS, GSSRPC__END_DECLS): New macros for C++
+ compatibility.
+ [GSSRPC__FAKE_INT32]: Fake up a fixed-width 32-bit integer if the
+ system doesn't provide one in its headers.
+ [GSSRPC__BSD_TYPEALIASES]: Add typedefs for BSD-style type
+ aliases, e.g., u_char. Can be overridden at compile-time.
+
+ * auth.h, auth_gssapi.h, auth_unix.h, clnt.h, pmax_clnt.h:
+ * pmap_prot.h, pmap_rmt.h, rpc.h, rpc_msg.h, svc.h, svc_auth.h:
+ * xdr.h: Fix inclusion protection. Use GSSRPC__{BEGIN,END}_DECLS
+ for declarations. "unsigned int" -> "u_int", etc. "rpc_int32" ->
+ "int32_t", etc. Move renaming to rename.h. Move some external
+ names out of implementation namespace. Make struct tags identical
+ to typedef names, mostly. Use rpcprog_t and friends as
+ appropriate.
+
+ * auth.h: Add RPCSEC_GSS errors. Add RPCSEC_GSS flavor. Disable
+ AUTH_GSSAPI_COMPAT flavor. "AUTH_wrap" -> "auth_wrap",
+ "AUTH_unwrap" -> "auth_unwrap".
+
+ * svc_auth.h: Hide individual flavors of authenticators under
+ GSSRPC__IMPL. Adjust for "svc_auth_any" -> "svc_auth_none".
+ (SVCAUTH_DESTROY): New macro.
+
+ * rpc.h: Prototype gssrpc__rpc_dtablesize().
+
+ * svc.h (svc_req): Add rq_clntname, rq_svcname.
+
+ * xdr.h (MAX_NETOBJ_SZ): Adjust to 2048.
+
+ * auth_gssapi.c, auth_gssapi_misc.c, auth_none.c, auth_unix.c:
+ * bindresvport.c, clnt_generic.c, clnt_perror.c, clnt_raw.c:
+ * clnt_simple.c, clnt_tcp.c, clnt_udp.c, get_myaddress.c:
+ * getrpcent.c, getrpcport.c, pmax_clnt.c, pmap_getport.c:
+ * pmap_prot2.c, pmap_rmt.c, rpc_callmsg.c, rpc_commondata.c:
+ * rpc_dtablesize.c, rpc_port.c, svc.c, svc_auth.c:
+ * svc_auth_gssapi.c, svc_auth_unix.c, svc_run.c, svc_simple.c:
+ * svc_tcp.c, svc_udp.c, xdr.c, xdr_alloc.c, xdr_array.c:
+ * xdr_float.c, xdr_mem.c, xdr_rec.c, xdr_reference.c, xdr_stdio.c:
+ * xdr_stdio.c: Lots of type renaming, including BSD typealiases,
+ use of int32_t and uint32_t, rpc*_t for protocol constants. Fixed
+ namespace issues, moving renaming out of individual files. Moved
+ symbols out of implementation namespace.
+
+ * xdr.c: Add checks on integer values, in order to return errors
+ when an attempt is made to encode an integer that won't fit in 4
+ bytes, or to decode an integer that won't fit into its target
+ type.
+
+ * auth_none.c: Use authnone_wrap instead of authany_wrap.
+ (authnone_wrap): New function.
+
+ * auth_unix.c: Use authunix_wrap instead of authany_wrap.
+ (authunix_wrap): New function.
+
+ * xdr_mem.c, xdr_rec.c: Fix some sizeof vs BYTES_PER_XDR_UNIT
+ issues.
+
2004-04-22 Ken Raeburn <raeburn@mit.edu>
* libgssrpc.exports: New file.
myfulldir=lib/rpc
mydir=.
BUILDTOP=$(REL)..$(S)..
-DEFINES = -DGSSAPI_KRB5 -DDEBUG_GSSAPI=0
+DEFINES = -DGSSAPI_KRB5 -DDEBUG_GSSAPI=0 -DGSSRPC__IMPL
##DOSBUILDTOP = ..\..
##DOSLIBNAME=libgssrpc.lib
LIBBASE=gssrpc
-LIBMAJOR=3
+LIBMAJOR=4
LIBMINOR=0
STOBJLISTS=OBJS.ST
SHLIB_EXPDEPS= \
SRCS = $(srcdir)/auth_none.c \
$(srcdir)/auth_unix.c \
- $(srcdir)/auth_any.c \
+ $(srcdir)/authgss_prot.c \
$(srcdir)/authunix_prot.c \
+ $(srcdir)/auth_gss.c \
$(srcdir)/auth_gssapi.c \
$(srcdir)/auth_gssapi_misc.c \
$(srcdir)/bindresvport.c \
$(srcdir)/rpc_callmsg.c \
$(srcdir)/svc.c \
$(srcdir)/svc_auth.c \
+ $(srcdir)/svc_auth_gss.c \
+ $(srcdir)/svc_auth_none.c \
$(srcdir)/svc_auth_unix.c \
- $(srcdir)/svc_auth_any.c \
$(srcdir)/svc_auth_gssapi.c \
$(srcdir)/svc_raw.c \
$(srcdir)/svc_run.c \
OBJS = auth_none.$(OBJEXT) \
auth_unix.$(OBJEXT) \
- auth_any.$(OBJEXT) \
authunix_prot.$(OBJEXT) \
+ authgss_prot.$(OBJEXT) \
+ auth_gss.$(OBJEXT) \
auth_gssapi.$(OBJEXT) \
auth_gssapi_misc.$(OBJEXT) \
bindresvport.$(OBJEXT) \
rpc_callmsg.$(OBJEXT) \
svc.$(OBJEXT) \
svc_auth.$(OBJEXT) \
+ svc_auth_gss.$(OBJEXT) \
+ svc_auth_none.$(OBJEXT) \
svc_auth_unix.$(OBJEXT) \
- svc_auth_any.$(OBJEXT) \
svc_auth_gssapi.$(OBJEXT) \
svc_raw.$(OBJEXT) \
svc_run.$(OBJEXT) \
STLIBOBJS = \
auth_none.o \
auth_unix.o \
- auth_any.o \
+ authgss_prot.o \
authunix_prot.o \
+ auth_gss.o \
auth_gssapi.o \
auth_gssapi_misc.o \
bindresvport.o \
rpc_callmsg.o \
svc.o \
svc_auth.o \
- svc_auth_unix.o \
- svc_auth_any.o \
+ svc_auth_gss.o \
svc_auth_gssapi.o \
+ svc_auth_none.o \
+ svc_auth_unix.o \
svc_raw.o \
svc_run.o \
svc_simple.o \
HDRDIR=$(BUILDTOP)/include/gssrpc
HDRS= $(HDRDIR)/auth.h \
+ $(HDRDIR)/auth_gss.h \
$(HDRDIR)/auth_gssapi.h \
$(HDRDIR)/auth_unix.h \
$(HDRDIR)/clnt.h \
$(HDRDIR)/pmap_clnt.h \
$(HDRDIR)/pmap_prot.h \
$(HDRDIR)/pmap_rmt.h \
+ $(HDRDIR)/rename.h \
$(HDRDIR)/rpc.h \
$(HDRDIR)/rpc_msg.h \
$(HDRDIR)/svc.h \
install-unix:: install-libs
BUILD_HDRS = types.h
-SRC_HDRS = auth.h auth_gssapi.h auth_unix.h clnt.h netdb.h pmap_clnt.h \
- pmap_prot.h pmap_rmt.h rpc.h rpc_msg.h svc.h svc_auth.h \
- xdr.h
+SRC_HDRS = auth.h auth_gss.h auth_gssapi.h auth_unix.h clnt.h \
+ netdb.h pmap_clnt.h pmap_prot.h pmap_rmt.h rename.h \
+ rpc.h rpc_msg.h svc.h svc_auth.h xdr.h
includes:: $(SRC_HDRS) $(BUILD_HDRS)
if [ -d $(HDRDIR) ]; then :; else mkdir -p $(HDRDIR); fi
* is required to pass a AUTH * to routines that create rpc
* "sessions".
*/
-
+#ifndef GSSRPC_AUTH_H
+#define GSSRPC_AUTH_H
#include <gssrpc/xdr.h>
+GSSRPC__BEGIN_DECLS
+
#define MAX_AUTH_BYTES 400
#define MAXNETNAMELEN 255 /* maximum length of network user's name */
* failed locally
*/
AUTH_INVALIDRESP=6, /* bogus response verifier */
- AUTH_FAILED=7 /* some unknown reason */
+ AUTH_FAILED=7, /* some unknown reason */
+ /*
+ * RPCSEC_GSS errors
+ */
+ RPCSEC_GSS_CREDPROBLEM = 13,
+ RPCSEC_GSS_CTXPROBLEM = 14
};
union des_block {
#if 0 /* XXX nothing uses this, anyway */
struct {
- rpc_u_int32 high;
- rpc_u_int32 low;
+ uint32_t high;
+ uint32_t low;
} key;
#endif
char c[8];
};
typedef union des_block des_block;
-#define xdr_des_block gssrpc_xdr_des_block
-extern bool_t xdr_des_block(XDR *, des_block *);
+extern bool_t xdr_des_block(XDR *, des_block *);
/*
* Authentication info. Opaque to client.
struct opaque_auth {
enum_t oa_flavor; /* flavor of auth */
caddr_t oa_base; /* address of more auth stuff */
- unsigned int oa_length; /* not to exceed MAX_AUTH_BYTES */
+ u_int oa_length; /* not to exceed MAX_AUTH_BYTES */
};
*/
struct rpc_msg;
-typedef struct __rpc_auth {
+typedef struct AUTH {
struct opaque_auth ah_cred;
struct opaque_auth ah_verf;
union des_block ah_key;
struct auth_ops {
- void (*ah_nextverf)(struct __rpc_auth *);
+ void (*ah_nextverf)(struct AUTH *);
/* nextverf & serialize */
- int (*ah_marshal)(struct __rpc_auth *, XDR *);
+ int (*ah_marshal)(struct AUTH *, XDR *);
/* validate varifier */
- int (*ah_validate)(struct __rpc_auth *,
+ int (*ah_validate)(struct AUTH *,
struct opaque_auth *);
/* refresh credentials */
- int (*ah_refresh)(struct __rpc_auth *, struct rpc_msg *);
+ int (*ah_refresh)(struct AUTH *, struct rpc_msg *);
/* destroy this structure */
- void (*ah_destroy)(struct __rpc_auth *);
+ void (*ah_destroy)(struct AUTH *);
/* encode data for wire */
- int (*ah_wrap)(struct __rpc_auth *, XDR *,
+ int (*ah_wrap)(struct AUTH *, XDR *,
xdrproc_t, caddr_t);
/* decode data from wire */
- int (*ah_unwrap)(struct __rpc_auth *, XDR *,
+ int (*ah_unwrap)(struct AUTH *, XDR *,
xdrproc_t, caddr_t);
} *ah_ops;
void *ah_private;
#define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \
((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
xfunc, xwhere))
-#define AUTH_wrap(auth, xdrs, xfunc, xwhere) \
+#define auth_wrap(auth, xdrs, xfunc, xwhere) \
((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
xfunc, xwhere))
#define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \
((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
xfunc, xwhere))
-#define AUTH_unwrap(auth, xdrs, xfunc, xwhere) \
+#define auth_unwrap(auth, xdrs, xfunc, xwhere) \
((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
xfunc, xwhere))
((*((auth)->ah_ops->ah_destroy))(auth))
-#define _null_auth _gssrpc_null_auth
-extern struct opaque_auth _null_auth;
+/* RENAMED: should be _null_auth if we can use reserved namespace. */
+extern struct opaque_auth gssrpc__null_auth;
/*
* These are the various implementations of client side authenticators.
*/
-/*
- * Any style authentication. These routines can be used by any
- * authentication style that does not use the wrap/unwrap functions.
- */
-
-#define authany_wrap gssrpc_authany_wrap
-#define authany_unwrap gssrpc_authany_unwrap
-
-int authany_wrap(AUTH *, XDR *, xdrproc_t, caddr_t), authany_unwrap();
-
/*
* Unix style authentication
* AUTH *authunix_create(machname, uid, gid, len, aup_gids)
* int len;
* int *aup_gids;
*/
-#define authunix_create gssrpc_authunix_create
-#define authunix_create_default gssrpc_authunix_create_default
-#define authnone_create gssrpc_authnone_create
-#define authdes_create gssrpc_authdes_create
-
extern AUTH *authunix_create(char *machname, int uid, int gid, int len,
int *aup_gids);
extern AUTH *authunix_create_default(void); /* takes no parameters */
extern AUTH *authnone_create(void); /* takes no parameters */
extern AUTH *authdes_create();
-
-/*
- * GSS-API style authentication:
- * see <rpc/auth_gssapi.h>
- */
+extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
#define AUTH_NONE 0 /* no authentication */
#define AUTH_NULL 0 /* backward compatibility */
#define AUTH_SHORT 2 /* short hand unix style */
#define AUTH_DES 3 /* des style (encrypted timestamps) */
#define AUTH_GSSAPI 300001 /* GSS-API style */
+#define RPCSEC_GSS 6 /* RPCSEC_GSS */
+#if 0
/*
* BACKWARDS COMPATIBILIY! OpenV*Secure 1.0 had AUTH_GSSAPI == 4. We
* need to accept this value until 1.0 is dead.
*/
+/* This conflicts with AUTH_KERB (Solaris). */
#define AUTH_GSSAPI_COMPAT 4
+#endif
-/*
- * XDR an opaque authentication struct.
- */
-#define xdr_opaque_auth gssrpc_xdr_opaque_auth
+GSSRPC__END_DECLS
-extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *);
+#endif /* !defined(GSSRPC_AUTH_H) */
+++ /dev/null
-/*
- * auth_any.c
- * Provides default functions for authentication flavors that do not
- * use all the fields in structauth_ops.
- */
-
-#include <stdio.h>
-#include <gssrpc/types.h>
-#include <gssrpc/xdr.h>
-#include <gssrpc/auth.h>
-
-int authany_wrap(auth, xdrs, xfunc, xwhere)
- AUTH *auth;
- XDR *xdrs;
- xdrproc_t xfunc;
- caddr_t xwhere;
-{
- return (*xfunc)(xdrs, xwhere);
-}
--- /dev/null
+/*
+ auth_gss.c
+
+ RPCSEC_GSS client routines.
+
+ Copyright (c) 2000 The Regents of the University of Michigan.
+ All rights reserved.
+
+ Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+ All rights reserved, all wrongs reversed.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ Id: auth_gss.c,v 1.35 2002/10/15 21:25:25 kwc Exp
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <gssrpc/auth.h>
+#include <gssrpc/auth_gss.h>
+#include <gssrpc/clnt.h>
+#include <netinet/in.h>
+#ifdef HAVE_HEIMDAL
+#include <gssapi.h>
+#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
+#else
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#endif
+
+#ifdef DEBUG_GSSAPI
+int auth_debug_gss = DEBUG_GSSAPI;
+int misc_debug_gss = DEBUG_GSSAPI;
+#endif
+
+static void authgss_nextverf(AUTH *);
+static bool_t authgss_marshal(AUTH *, XDR *);
+static bool_t authgss_refresh(AUTH *, struct rpc_msg *);
+static bool_t authgss_validate(AUTH *, struct opaque_auth *);
+static void authgss_destroy(AUTH *);
+static void authgss_destroy_context(AUTH *);
+static bool_t authgss_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t authgss_unwrap(AUTH *, XDR *, xdrproc_t, caddr_t);
+
+
+/*
+ * from mit-krb5-1.2.1 mechglue/mglueP.h:
+ * Array of context IDs typed by mechanism OID
+ */
+typedef struct gss_union_ctx_id_t {
+ gss_OID mech_type;
+ gss_ctx_id_t internal_ctx_id;
+} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
+
+static struct auth_ops authgss_ops = {
+ authgss_nextverf,
+ authgss_marshal,
+ authgss_validate,
+ authgss_refresh,
+ authgss_destroy,
+ authgss_wrap,
+ authgss_unwrap
+};
+
+#ifdef DEBUG
+
+/* useful as i add more mechanisms */
+void
+print_rpc_gss_sec(struct rpc_gss_sec *ptr)
+{
+#if HAVE_HEIMDAL
+ int i;
+ char *p;
+
+ log_debug("rpc_gss_sec:\n");
+ if(ptr->mech == NULL)
+ log_debug("NULL gss_OID mech\n");
+ else {
+ log_debug(" gss_OID len: %d\n gss_OID elements:",
+ ptr->mech->length);
+ p = (char *)ptr->mech->elements;
+ log_debug(" ");
+ for(i=0;i<ptr->mech->length;i++)
+ log_debug("%u", (u_char)*p++);
+ log_debug("\n");
+ }
+ log_debug(" qop: %d\n",ptr->qop);
+ log_debug(" service: %d\n",ptr->svc);
+#else
+ OM_uint32 min_stat;
+ gss_buffer_desc msg;
+
+ if (ptr->mech == NULL)
+ log_debug("rpc_gss_sec: mech NULL, qop %d, svc %d",
+ ptr->qop, ptr->svc);
+ else {
+ gss_oid_to_str(&min_stat, ptr->mech, &msg);
+
+ log_debug("rpc_gss_sec: mech %.*s, qop %d, svc %d",
+ msg.length, (char *)msg.value,
+ ptr->qop, ptr->svc);
+
+ gss_release_buffer(&min_stat, &msg);
+ }
+#endif
+}
+#endif /*DEBUG*/
+
+/* Krb 5 default mechanism oid */
+#define KRB5OID "1.2.840.113554.1.2.2"
+
+#define g_OID_equal(o1,o2) \
+ (((o1)->length == (o2)->length) && \
+ ((o1)->elements != 0) && ((o2)->elements != 0) && \
+ (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0))
+
+extern const gss_OID_desc * const gss_mech_krb5;
+#ifdef SPKM
+extern const gss_OID_desc * const gss_mech_spkm3;
+#endif /*SPKM*/
+
+/* from kerberos source, gssapi_krb5.c */
+static gss_OID_desc krb5oid =
+ {9, "\052\206\110\206\367\022\001\002\002"};
+
+#if SPKM
+static gss_OID_desc spkm3oid =
+ {7, "\052\006\001\005\005\001\003"};
+#endif /*SPKM*/
+
+struct rpc_gss_data {
+ bool_t established; /* context established */
+ bool_t inprogress;
+ gss_buffer_desc gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier
+ * to process at end of context negotiation*/
+ CLIENT *clnt; /* client handle */
+ gss_name_t name; /* service name */
+ struct rpc_gss_sec sec; /* security tuple */
+ gss_ctx_id_t ctx; /* context id */
+ struct rpc_gss_cred gc; /* client credentials */
+ u_int win; /* sequence window */
+};
+
+#define AUTH_PRIVATE(auth) ((struct rpc_gss_data *)auth->ah_private)
+
+static struct timeval AUTH_TIMEOUT = { 25, 0 };
+
+AUTH *
+authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
+{
+ AUTH *auth, *save_auth;
+ struct rpc_gss_data *gd;
+
+ log_debug("in authgss_create()");
+
+ memset(&rpc_createerr, 0, sizeof(rpc_createerr));
+
+ if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
+ rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+ rpc_createerr.cf_error.re_errno = ENOMEM;
+ return (NULL);
+ }
+ if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
+ rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+ rpc_createerr.cf_error.re_errno = ENOMEM;
+ free(auth);
+ return (NULL);
+ }
+ gd->clnt = clnt;
+ gd->name = name;
+ gd->ctx = GSS_C_NO_CONTEXT;
+ gd->sec = *sec;
+
+ gd->gc.gc_v = RPCSEC_GSS_VERSION;
+ gd->gc.gc_proc = RPCSEC_GSS_INIT;
+ gd->gc.gc_svc = gd->sec.svc;
+
+ auth->ah_ops = &authgss_ops;
+ auth->ah_private = (caddr_t)gd;
+
+ save_auth = clnt->cl_auth;
+ clnt->cl_auth = auth;
+
+ if (!authgss_refresh(auth, NULL))
+ auth = NULL;
+
+ clnt->cl_auth = save_auth;
+
+ log_debug("authgss_create returning auth 0x%08x", auth);
+ return (auth);
+}
+
+AUTH *
+authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
+{
+ AUTH *auth;
+ OM_uint32 maj_stat = 0, min_stat = 0;
+ gss_buffer_desc sname;
+ gss_name_t name;
+
+ log_debug("in authgss_create_default()");
+
+
+ sname.value = service;
+ sname.length = strlen(service);
+
+ maj_stat = gss_import_name(&min_stat, &sname,
+ (gss_OID)gss_nt_service_name,
+ &name);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_import_name", maj_stat, min_stat);
+ rpc_createerr.cf_stat = RPC_AUTHERROR;
+ return (NULL);
+ }
+
+ auth = authgss_create(clnt, name, sec);
+
+ if(auth)
+ gss_release_name(&min_stat, &name);
+
+ log_debug("authgss_create_default returning auth 0x%08x", auth);
+ return (auth);
+}
+
+static void
+authgss_nextverf(AUTH *auth)
+{
+ log_debug("in authgss_nextverf()\n");
+ /* no action necessary */
+}
+
+static bool_t
+authgss_marshal(AUTH *auth, XDR *xdrs)
+{
+ XDR tmpxdrs;
+ char tmp[MAX_AUTH_BYTES];
+ struct rpc_gss_data *gd;
+ gss_buffer_desc rpcbuf, checksum;
+ OM_uint32 maj_stat, min_stat;
+ bool_t xdr_stat;
+
+ log_debug("in authgss_marshal()");
+
+ gd = AUTH_PRIVATE(auth);
+
+ if (gd->established)
+ gd->gc.gc_seq++;
+
+ xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE);
+
+ if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gc)) {
+ XDR_DESTROY(&tmpxdrs);
+ return (FALSE);
+ }
+ auth->ah_cred.oa_flavor = RPCSEC_GSS;
+ auth->ah_cred.oa_base = tmp;
+ auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs);
+
+ XDR_DESTROY(&tmpxdrs);
+
+ if (!xdr_opaque_auth(xdrs, &auth->ah_cred))
+ return (FALSE);
+
+ if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
+ gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
+ return (xdr_opaque_auth(xdrs, &gssrpc__null_auth));
+ }
+ /* Checksum serialized RPC header, up to and including credential. */
+ rpcbuf.length = XDR_GETPOS(xdrs);
+ XDR_SETPOS(xdrs, 0);
+ rpcbuf.value = XDR_INLINE(xdrs, rpcbuf.length);
+
+ maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
+ &rpcbuf, &checksum);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_get_mic", maj_stat, min_stat);
+ if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
+ gd->established = FALSE;
+ authgss_destroy_context(auth);
+ }
+ return (FALSE);
+ }
+ auth->ah_verf.oa_flavor = RPCSEC_GSS;
+ auth->ah_verf.oa_base = checksum.value;
+ auth->ah_verf.oa_length = checksum.length;
+
+ xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf);
+ gss_release_buffer(&min_stat, &checksum);
+
+ return (xdr_stat);
+}
+
+static bool_t
+authgss_validate(AUTH *auth, struct opaque_auth *verf)
+{
+ struct rpc_gss_data *gd;
+ u_int num, qop_state;
+ gss_buffer_desc signbuf, checksum;
+ OM_uint32 maj_stat, min_stat;
+
+ log_debug("in authgss_validate()");
+
+ gd = AUTH_PRIVATE(auth);
+
+ if (gd->established == FALSE) {
+ /* would like to do this only on NULL rpc - gc->established is good enough.
+ * save the on the wire verifier to validate last INIT phase packet
+ * after decode if the major status is GSS_S_COMPLETE
+ */
+ if ((gd->gc_wire_verf.value = mem_alloc(verf->oa_length)) == NULL) {
+ fprintf(stderr, "gss_validate: out of memory\n");
+ return (FALSE);
+ }
+ memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
+ gd->gc_wire_verf.length = verf->oa_length;
+ return (TRUE);
+ }
+
+ if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
+ gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
+ num = htonl(gd->win);
+ }
+ else num = htonl(gd->gc.gc_seq);
+
+ signbuf.value = #
+ signbuf.length = sizeof(num);
+
+ checksum.value = verf->oa_base;
+ checksum.length = verf->oa_length;
+
+ maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
+ &checksum, &qop_state);
+ if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
+ log_status("gss_verify_mic", maj_stat, min_stat);
+ if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
+ gd->established = FALSE;
+ authgss_destroy_context(auth);
+ }
+ return (FALSE);
+ }
+ return (TRUE);
+}
+
+static bool_t
+authgss_refresh(AUTH *auth, struct rpc_msg *msg)
+{
+ struct rpc_gss_data *gd;
+ struct rpc_gss_init_res gr;
+ gss_buffer_desc *recv_tokenp, send_token;
+ OM_uint32 maj_stat, min_stat, call_stat, ret_flags, req_flags=0;
+
+ log_debug("in authgss_refresh()");
+
+ gd = AUTH_PRIVATE(auth);
+
+ if (gd->established || gd->inprogress)
+ return (TRUE);
+
+ /* GSS context establishment loop. */
+ memset(&gr, 0, sizeof(gr));
+ recv_tokenp = GSS_C_NO_BUFFER;
+
+#ifdef DEBUG
+ print_rpc_gss_sec(&gd->sec);
+#endif /*DEBUG*/
+
+ if (g_OID_equal(gd->sec.mech, &krb5oid))
+ req_flags |= GSS_C_MUTUAL_FLAG;
+
+#ifdef SPKM
+ if (g_OID_equal(gd->sec.mech, gss_mech_spkm3))
+ req_flags |= GSS_C_ANON_FLAG;
+#endif /*SPKM*/
+
+ for (;;) {
+ gd->inprogress = TRUE;
+ maj_stat = gss_init_sec_context(&min_stat,
+ GSS_C_NO_CREDENTIAL,
+ &gd->ctx,
+ gd->name,
+ gd->sec.mech,
+ req_flags,
+ 0, /* time req */
+ NULL, /* channel */
+ recv_tokenp,
+ NULL, /* used mech */
+ &send_token,
+ &ret_flags,
+ NULL); /* time rec */
+
+ log_status("gss_init_sec_context", maj_stat, min_stat);
+ if (recv_tokenp != GSS_C_NO_BUFFER) {
+ gss_release_buffer(&min_stat, &gr.gr_token);
+ recv_tokenp = GSS_C_NO_BUFFER;
+ }
+ if (maj_stat != GSS_S_COMPLETE &&
+ maj_stat != GSS_S_CONTINUE_NEEDED) {
+ log_status("gss_init_sec_context (error)", maj_stat, min_stat);
+ break;
+ }
+ if (send_token.length != 0) {
+ memset(&gr, 0, sizeof(gr));
+
+ call_stat = clnt_call(gd->clnt, NULLPROC,
+ xdr_rpc_gss_init_args,
+ &send_token,
+ xdr_rpc_gss_init_res,
+ (caddr_t)&gr, AUTH_TIMEOUT);
+
+ gss_release_buffer(&min_stat, &send_token);
+
+ log_debug("authgss_refresh: call_stat=%d", call_stat);
+ log_debug("%s", clnt_sperror(gd->clnt, "authgss_refresh"));
+ if (call_stat != RPC_SUCCESS ||
+ (gr.gr_major != GSS_S_COMPLETE &&
+ gr.gr_major != GSS_S_CONTINUE_NEEDED))
+ break;
+
+ if (gr.gr_ctx.length != 0) {
+ if (gd->gc.gc_ctx.value)
+ gss_release_buffer(&min_stat,
+ &gd->gc.gc_ctx);
+ gd->gc.gc_ctx = gr.gr_ctx;
+ }
+ if (gr.gr_token.length != 0) {
+ if (maj_stat != GSS_S_CONTINUE_NEEDED)
+ break;
+ recv_tokenp = &gr.gr_token;
+ }
+ gd->gc.gc_proc = RPCSEC_GSS_CONTINUE_INIT;
+ }
+
+ /* GSS_S_COMPLETE => check gss header verifier, usually checked in
+ * gss_validate
+ */
+ if (maj_stat == GSS_S_COMPLETE) {
+ gss_buffer_desc bufin;
+ gss_buffer_desc bufout;
+ u_int seq, qop_state = 0;
+
+ seq = htonl(gr.gr_win);
+ bufin.value = (u_char *)&seq;
+ bufin.length = sizeof(seq);
+ bufout.value = (u_char *)gd->gc_wire_verf.value;
+ bufout.length = gd->gc_wire_verf.length;
+
+ log_debug("authgss_refresh: GSS_S_COMPLETE: calling verify_mic");
+ maj_stat = gss_verify_mic(&min_stat,gd->ctx,
+ &bufin, &bufout, &qop_state);
+
+ if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
+ log_status("gss_verify_mic", maj_stat, min_stat);
+ gss_release_buffer(&min_stat, &gd->gc_wire_verf);
+ if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
+ gd->established = FALSE;
+ authgss_destroy_context(auth);
+ }
+ return (FALSE);
+ }
+ gss_release_buffer(&min_stat, &gd->gc_wire_verf);
+ gd->established = TRUE;
+ gd->inprogress = FALSE;
+ gd->gc.gc_proc = RPCSEC_GSS_DATA;
+ gd->gc.gc_seq = 0;
+ gd->win = gr.gr_win;
+ break;
+ }
+ }
+ log_status("authgss_refresh: at end of context negotiation", maj_stat, min_stat);
+ /* End context negotiation loop. */
+ if (gd->gc.gc_proc != RPCSEC_GSS_DATA) {
+ log_debug("authgss_refresh: returning ERROR (gc_proc %d)", gd->gc.gc_proc);
+ if (gr.gr_token.length != 0)
+ gss_release_buffer(&min_stat, &gr.gr_token);
+
+ authgss_destroy(auth);
+ auth = NULL;
+ rpc_createerr.cf_stat = RPC_AUTHERROR;
+
+ return (FALSE);
+ }
+ log_debug("authgss_refresh: returning SUCCESS");
+ return (TRUE);
+}
+
+bool_t
+authgss_service(AUTH *auth, int svc)
+{
+ struct rpc_gss_data *gd;
+
+ log_debug("in authgss_service()");
+
+ if (!auth)
+ return(FALSE);
+ gd = AUTH_PRIVATE(auth);
+ if (!gd || !gd->established)
+ return (FALSE);
+ gd->sec.svc = svc;
+ gd->gc.gc_svc = svc;
+ return (TRUE);
+}
+
+static void
+authgss_destroy_context(AUTH *auth)
+{
+ struct rpc_gss_data *gd;
+ OM_uint32 min_stat;
+ enum clnt_stat callstat;
+
+ log_debug("in authgss_destroy_context()");
+
+ gd = AUTH_PRIVATE(auth);
+
+ if (gd->gc.gc_ctx.length != 0) {
+ if (gd->established) {
+ gd->gc.gc_proc = RPCSEC_GSS_DESTROY;
+ callstat = clnt_call(gd->clnt, NULLPROC,
+ xdr_void, NULL,
+ xdr_void, NULL,
+ AUTH_TIMEOUT);
+ log_debug("%s",
+ clnt_sperror(gd->clnt,
+ "authgss_destroy_context"));
+ }
+ gss_release_buffer(&min_stat, &gd->gc.gc_ctx);
+ /* XXX ANDROS check size of context - should be 8 */
+ memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx));
+ }
+ if (gd->ctx != GSS_C_NO_CONTEXT) {
+ gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
+ gd->ctx = GSS_C_NO_CONTEXT;
+ }
+ gd->established = FALSE;
+
+ log_debug("finished authgss_destroy_context()");
+}
+
+static void
+authgss_destroy(AUTH *auth)
+{
+ struct rpc_gss_data *gd;
+ OM_uint32 min_stat;
+
+ log_debug("in authgss_destroy()");
+
+ gd = AUTH_PRIVATE(auth);
+
+ authgss_destroy_context(auth);
+
+ if (gd->name != GSS_C_NO_NAME)
+ gss_release_name(&min_stat, &gd->name);
+#if 0
+#ifdef HAVE_HEIMDAL
+ gss_release_name(&min_stat, &gd->name);
+#else
+ gss_release_name(&min_stat, gd->name);
+#endif
+#endif
+ free(gd);
+ free(auth);
+}
+
+bool_t
+authgss_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
+{
+ struct rpc_gss_data *gd;
+
+ log_debug("in authgss_wrap()");
+
+ gd = AUTH_PRIVATE(auth);
+
+ if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
+ return ((*xdr_func)(xdrs, xdr_ptr));
+ }
+ return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
+ gd->ctx, gd->sec.qop,
+ gd->sec.svc, gd->gc.gc_seq));
+}
+
+bool_t
+authgss_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
+{
+ struct rpc_gss_data *gd;
+
+ log_debug("in authgss_unwrap()");
+
+ gd = AUTH_PRIVATE(auth);
+
+ if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
+ return ((*xdr_func)(xdrs, xdr_ptr));
+ }
+ return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
+ gd->ctx, gd->sec.qop,
+ gd->sec.svc, gd->gc.gc_seq));
+}
--- /dev/null
+/*
+ auth_gssapi.h
+
+ Copyright (c) 2000 The Regents of the University of Michigan.
+ All rights reserved.
+
+ Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+ All rights reserved, all wrongs reversed.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ Id: auth_gss.h,v 1.13 2002/05/08 16:54:33 andros Exp
+*/
+
+#ifndef GSSRPC_AUTH_GSS_H
+#define GSSRPC_AUTH_GSS_H
+
+#include <gssrpc/rpc.h>
+#include <gssrpc/clnt.h>
+#ifdef HAVE_HEIMDAL
+#include <gssapi.h>
+#else
+#include <gssapi/gssapi.h>
+#endif
+
+GSSRPC__BEGIN_DECLS
+
+/* RPCSEC_GSS control procedures. */
+typedef enum {
+ RPCSEC_GSS_DATA = 0,
+ RPCSEC_GSS_INIT = 1,
+ RPCSEC_GSS_CONTINUE_INIT = 2,
+ RPCSEC_GSS_DESTROY = 3
+} rpc_gss_proc_t;
+
+/* RPCSEC_GSS services. */
+typedef enum {
+ RPCSEC_GSS_SVC_NONE = 1,
+ RPCSEC_GSS_SVC_INTEGRITY = 2,
+ RPCSEC_GSS_SVC_PRIVACY = 3
+} rpc_gss_svc_t;
+
+#define RPCSEC_GSS_VERSION 1
+
+/* RPCSEC_GSS security triple. */
+struct rpc_gss_sec {
+ gss_OID mech; /* mechanism */
+ gss_qop_t qop; /* quality of protection */
+ rpc_gss_svc_t svc; /* service */
+};
+
+/* Krb 5 default mechanism
+#define KRB5OID "1.2.840.113554.1.2.2"
+
+gss_OID_desc krb5oid = {
+ 20, KRB5OID
+};
+ */
+
+/*
+struct rpc_gss_sec krb5mech = {
+ (gss_OID)&krb5oid,
+ GSS_QOP_DEFAULT,
+ RPCSEC_GSS_SVC_NONE
+};
+*/
+
+/* Credentials. */
+struct rpc_gss_cred {
+ u_int gc_v; /* version */
+ rpc_gss_proc_t gc_proc; /* control procedure */
+ uint32_t gc_seq; /* sequence number */
+ rpc_gss_svc_t gc_svc; /* service */
+ gss_buffer_desc gc_ctx; /* context handle */
+};
+
+/* Context creation response. */
+struct rpc_gss_init_res {
+ gss_buffer_desc gr_ctx; /* context handle */
+ uint32_t gr_major; /* major status */
+ uint32_t gr_minor; /* minor status */
+ uint32_t gr_win; /* sequence window */
+ gss_buffer_desc gr_token; /* token */
+};
+
+/* Maximum sequence number value. */
+#define MAXSEQ 0x80000000
+
+/* Prototypes. */
+bool_t xdr_rpc_gss_cred (XDR *xdrs, struct rpc_gss_cred *p);
+bool_t xdr_rpc_gss_init_args (XDR *xdrs, gss_buffer_desc *p);
+bool_t xdr_rpc_gss_init_res (XDR *xdrs, struct rpc_gss_init_res *p);
+bool_t xdr_rpc_gss_data (XDR *xdrs, xdrproc_t xdr_func,
+ caddr_t xdr_ptr, gss_ctx_id_t ctx,
+ gss_qop_t qop, rpc_gss_svc_t svc,
+ uint32_t seq);
+bool_t xdr_rpc_gss_wrap_data (XDR *xdrs, xdrproc_t xdr_func, caddr_t
+ xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop,
+ rpc_gss_svc_t svc, uint32_t seq);
+bool_t xdr_rpc_gss_unwrap_data (XDR *xdrs, xdrproc_t xdr_func, caddr_t
+ xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop,
+ rpc_gss_svc_t svc, uint32_t seq);
+
+AUTH *authgss_create (CLIENT *, gss_name_t, struct rpc_gss_sec *);
+AUTH *authgss_create_default (CLIENT *, char *, struct rpc_gss_sec *);
+bool_t authgss_service(AUTH *auth, int svc);
+
+
+void log_debug (const char *fmt, ...);
+void log_status (char *m, OM_uint32 major, OM_uint32 minor);
+void log_hexdump (const u_char *buf, int len, int offset);
+
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_AUTH_GSS_H) */
CLIENT *clnt;
gss_ctx_id_t context;
gss_buffer_desc client_handle;
- rpc_u_int32 seq_num;
+ uint32_t seq_num;
int def_cred;
/* pre-serialized ah_cred */
unsigned char cred_buf[MAX_AUTH_BYTES];
- rpc_u_int32 cred_len;
+ uint32_t cred_len;
};
#define AUTH_PRIVATE(auth) ((struct auth_gssapi_data *)auth->ah_private)
enum clnt_stat callstat;
struct timeval timeout;
int bindings_failed;
- rpc_u_int32 init_func;
+ rpcproc_t init_func;
auth_gssapi_init_arg call_arg;
auth_gssapi_init_res call_res;
goto cleanup;
} else {
PRINTF(("gssapi_create: got client_handle %d\n",
- *((rpc_u_int32 *)call_res.client_handle.value)));
+ *((uint32_t *)call_res.client_handle.value)));
GSS_DUP_BUFFER(AUTH_PRIVATE(auth)->client_handle,
call_res.client_handle);
AUTH_GSSAPI_DISPLAY_STATUS(("unsealing isn",
*gssstat, *minor_stat));
goto cleanup;
- } else if (isn_buf.length != sizeof(rpc_u_int32)) {
+ } else if (isn_buf.length != sizeof(uint32_t)) {
PRINTF(("gssapi_create: gss_unseal gave %d bytes\n",
(int) isn_buf.length));
goto cleanup;
}
- AUTH_PRIVATE(auth)->seq_num = (rpc_u_int32)
- ntohl(*((rpc_u_int32*)isn_buf.value));
+ AUTH_PRIVATE(auth)->seq_num = (uint32_t)
+ ntohl(*((uint32_t*)isn_buf.value));
*gssstat = gss_release_buffer(minor_stat, &isn_buf);
if (*gssstat != GSS_S_COMPLETE) {
AUTH_GSSAPI_DISPLAY_STATUS(("releasing unsealed isn",
AUTH_PRIVATE(auth)->seq_num));
/* we no longer need these results.. */
- gssrpc_xdr_free(xdr_authgssapi_init_res, &call_res);
+ xdr_free(xdr_authgssapi_init_res, &call_res);
}
} else if (call_res.signed_isn.length != 0) {
PRINTF(("gssapi_create: got signed isn, can't check yet\n"));
&AUTH_PRIVATE(auth)->client_handle);
PRINTF(("gssapi_create: done. client_handle %#x, isn %d\n\n",
- *((rpc_u_int32 *)AUTH_PRIVATE(auth)->client_handle.value),
+ *((uint32_t *)AUTH_PRIVATE(auth)->client_handle.value),
AUTH_PRIVATE(auth)->seq_num));
/* don't assume the caller will want to change clnt->cl_auth */
{
OM_uint32 minor_stat;
gss_buffer_desc out_buf;
- rpc_u_int32 seq_num;
+ uint32_t seq_num;
if (AUTH_PRIVATE(auth)->established == TRUE) {
PRINTF(("gssapi_marshall: starting\n"));
auth->ah_verf.oa_base = out_buf.value;
auth->ah_verf.oa_length = out_buf.length;
- if (! gssrpc_xdr_opaque_auth(xdrs, &auth->ah_cred) ||
- ! gssrpc_xdr_opaque_auth(xdrs, &auth->ah_verf)) {
+ if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||
+ ! xdr_opaque_auth(xdrs, &auth->ah_verf)) {
(void) gss_release_buffer(&minor_stat, &out_buf);
return FALSE;
}
auth->ah_verf.oa_base = NULL;
auth->ah_verf.oa_length = 0;
- if (! gssrpc_xdr_opaque_auth(xdrs, &auth->ah_cred) ||
- ! gssrpc_xdr_opaque_auth(xdrs, &auth->ah_verf)) {
+ if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||
+ ! xdr_opaque_auth(xdrs, &auth->ah_verf)) {
return FALSE;
}
}
struct opaque_auth *verf;
{
gss_buffer_desc in_buf;
- rpc_u_int32 seq_num;
+ uint32_t seq_num;
if (AUTH_PRIVATE(auth)->established == FALSE) {
PRINTF(("gssapi_validate: not established, noop\n"));
*
*/
+#ifndef GSSRPC_AUTH_GSSAPI_H
+#define GSSRPC_AUTH_GSSAPI_H
+
+GSSRPC__BEGIN_DECLS
+
#define AUTH_GSSAPI_EXIT 0
#define AUTH_GSSAPI_INIT 1
#define AUTH_GSSAPI_CONTINUE_INIT 2
} auth_gssapi_name;
typedef struct _auth_gssapi_creds {
- rpc_u_int32 version;
+ uint32_t version;
bool_t auth_msg;
gss_buffer_desc client_handle;
} auth_gssapi_creds;
typedef struct _auth_gssapi_init_arg {
- rpc_u_int32 version;
+ uint32_t version;
gss_buffer_desc token;
} auth_gssapi_init_arg;
typedef struct _auth_gssapi_init_res {
- rpc_u_int32 version;
+ uint32_t version;
gss_buffer_desc client_handle;
OM_uint32 gss_major, gss_minor;
gss_buffer_desc token;
bool_t auth_gssapi_wrap_data
(OM_uint32 *major, OM_uint32 *minor,
- gss_ctx_id_t context, rpc_u_int32 seq_num, XDR
+ gss_ctx_id_t context, uint32_t seq_num, XDR
*out_xdrs, bool_t (*xdr_func)(), caddr_t
xdr_ptr);
bool_t auth_gssapi_unwrap_data
(OM_uint32 *major, OM_uint32 *minor,
- gss_ctx_id_t context, rpc_u_int32 seq_num, XDR
+ gss_ctx_id_t context, uint32_t seq_num, XDR
*in_xdrs, bool_t (*xdr_func)(), caddr_t
xdr_ptr);
OM_uint32 minor);
bool_t auth_gssapi_seal_seq
-(gss_ctx_id_t context, rpc_u_int32 seq_num, gss_buffer_t out_buf);
+(gss_ctx_id_t context, uint32_t seq_num, gss_buffer_t out_buf);
bool_t auth_gssapi_unseal_seq
-(gss_ctx_id_t context, gss_buffer_t in_buf, rpc_u_int32 *seq_num);
+(gss_ctx_id_t context, gss_buffer_t in_buf, uint32_t *seq_num);
-bool_t _svcauth_gssapi_set_names
+bool_t svcauth_gssapi_set_names
(auth_gssapi_name *names, int num);
-void _svcauth_gssapi_unset_names
+void svcauth_gssapi_unset_names
(void);
-void _svcauth_gssapi_set_log_badauth_func
+void svcauth_gssapi_set_log_badauth_func
(auth_gssapi_log_badauth_func func,
caddr_t data);
-void _svcauth_gssapi_set_log_badverf_func
+void svcauth_gssapi_set_log_badverf_func
(auth_gssapi_log_badverf_func func,
caddr_t data);
-void _svcauth_gssapi_set_log_miscerr_func
+void svcauth_gssapi_set_log_miscerr_func
(auth_gssapi_log_miscerr_func func,
caddr_t data);
+void svcauth_gss_set_log_badauth_func(auth_gssapi_log_badauth_func,
+ caddr_t);
+void svcauth_gss_set_log_badverf_func(auth_gssapi_log_badverf_func,
+ caddr_t);
+void svcauth_gss_set_log_miscerr_func(auth_gssapi_log_miscerr_func,
+ caddr_t data);
+
#define GSS_COPY_BUFFER(dest, src) { \
(dest).length = (src).length; \
(dest).value = (src).value; }
#define GSS_BUFFERS_EQUAL(b1, b2) (((b1).length == (b2).length) && \
!memcmp((b1).value,(b2).value,(b1.length)))
+
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_AUTH_GSSAPI_H) */
bool_t auth_gssapi_seal_seq(context, seq_num, out_buf)
gss_ctx_id_t context;
- rpc_u_int32 seq_num;
+ uint32_t seq_num;
gss_buffer_t out_buf;
{
gss_buffer_desc in_buf;
OM_uint32 gssstat, minor_stat;
- rpc_u_int32 nl_seq_num;
+ uint32_t nl_seq_num;
nl_seq_num = htonl(seq_num);
- in_buf.length = sizeof(rpc_u_int32);
+ in_buf.length = sizeof(uint32_t);
in_buf.value = (char *) &nl_seq_num;
gssstat = gss_seal(&minor_stat, context, 0, GSS_C_QOP_DEFAULT,
&in_buf, NULL, out_buf);
bool_t auth_gssapi_unseal_seq(context, in_buf, seq_num)
gss_ctx_id_t context;
gss_buffer_t in_buf;
- rpc_u_int32 *seq_num;
+ uint32_t *seq_num;
{
gss_buffer_desc out_buf;
OM_uint32 gssstat, minor_stat;
- rpc_u_int32 nl_seq_num;
+ uint32_t nl_seq_num;
gssstat = gss_unseal(&minor_stat, context, in_buf, &out_buf,
NULL, NULL);
AUTH_GSSAPI_DISPLAY_STATUS(("unsealing sequence number",
gssstat, minor_stat));
return FALSE;
- } else if (out_buf.length != sizeof(rpc_u_int32)) {
+ } else if (out_buf.length != sizeof(uint32_t)) {
PRINTF(("gssapi_unseal_seq: unseal gave %d bytes\n",
(int) out_buf.length));
gss_release_buffer(&minor_stat, &out_buf);
return FALSE;
}
- nl_seq_num = *((rpc_u_int32 *) out_buf.value);
- *seq_num = (rpc_u_int32) ntohl(nl_seq_num);
+ nl_seq_num = *((uint32_t *) out_buf.value);
+ *seq_num = (uint32_t) ntohl(nl_seq_num);
gss_release_buffer(&minor_stat, &out_buf);
return TRUE;
xdr_func, xdr_ptr)
OM_uint32 *major, *minor;
gss_ctx_id_t context;
- rpc_u_int32 seq_num;
+ uint32_t seq_num;
XDR *out_xdrs;
bool_t (*xdr_func)();
caddr_t xdr_ptr;
in_xdrs, xdr_func, xdr_ptr)
OM_uint32 *major, *minor;
gss_ctx_id_t context;
- rpc_u_int32 seq_num;
+ uint32_t seq_num;
XDR *in_xdrs;
bool_t (*xdr_func)();
caddr_t xdr_ptr;
{
gss_buffer_desc in_buf, out_buf;
XDR temp_xdrs;
- rpc_u_int32 verf_seq_num;
+ uint32_t verf_seq_num;
int conf, qop;
unsigned int length;
if (! (*xdr_func)(&temp_xdrs, xdr_ptr)) {
PRINTF(("gssapi_unwrap_data: deserializing arguments failed\n"));
gss_release_buffer(minor, &out_buf);
- gssrpc_xdr_free(xdr_func, xdr_ptr);
+ xdr_free(xdr_func, xdr_ptr);
XDR_DESTROY(&temp_xdrs);
return FALSE;
}
static bool_t authnone_marshal(AUTH *, XDR *);
static bool_t authnone_validate(AUTH *, struct opaque_auth *);
static bool_t authnone_refresh(AUTH *, struct rpc_msg *);
+static bool_t authnone_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
static struct auth_ops ops = {
authnone_verf,
authnone_validate,
authnone_refresh,
authnone_destroy,
- authany_wrap,
- authany_wrap,
+ authnone_wrap,
+ authnone_wrap
};
static struct authnone_private {
AUTH no_client;
char marshalled_client[MAX_MARSHEL_SIZE];
- unsigned int mcnt;
+ u_int mcnt;
} *authnone_private;
AUTH *
authnone_private = ap;
}
if (!ap->mcnt) {
- ap->no_client.ah_cred = ap->no_client.ah_verf = _null_auth;
+ ap->no_client.ah_cred = ap->no_client.ah_verf = gssrpc__null_auth;
ap->no_client.ah_ops = &ops;
xdrs = &xdr_stream;
- xdrmem_create(xdrs, ap->marshalled_client, (unsigned int)MAX_MARSHEL_SIZE,
+ xdrmem_create(xdrs, ap->marshalled_client, (u_int)MAX_MARSHEL_SIZE,
XDR_ENCODE);
- (void)gssrpc_xdr_opaque_auth(xdrs, &ap->no_client.ah_cred);
- (void)gssrpc_xdr_opaque_auth(xdrs, &ap->no_client.ah_verf);
+ (void)xdr_opaque_auth(xdrs, &ap->no_client.ah_cred);
+ (void)xdr_opaque_auth(xdrs, &ap->no_client.ah_verf);
ap->mcnt = XDR_GETPOS(xdrs);
XDR_DESTROY(xdrs);
}
AUTH *auth;
{
}
+
+static bool_t
+authnone_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xfunc, caddr_t xwhere)
+{
+ return ((*xfunc)(xdrs, xwhere));
+}
static bool_t authunix_validate(AUTH *, struct opaque_auth *);
static bool_t authunix_refresh(AUTH *, struct rpc_msg *);
static void authunix_destroy(AUTH *);
+static bool_t authunix_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
static struct auth_ops auth_unix_ops = {
authunix_nextverf,
authunix_validate,
authunix_refresh,
authunix_destroy,
- authany_wrap,
- authany_wrap,
+ authunix_wrap,
+ authunix_wrap
};
/*
struct audata {
struct opaque_auth au_origcred; /* original credentials */
struct opaque_auth au_shcred; /* short hand cred */
- rpc_u_int32 au_shfaults; /* short hand cache faults */
+ uint32_t au_shfaults; /* short hand cache faults */
char au_marshed[MAX_AUTH_BYTES];
- unsigned int au_mpos; /* xdr pos at end of marshed */
+ u_int au_mpos; /* xdr pos at end of marshed */
};
#define AUTH_PRIVATE(auth) ((struct audata *)auth->ah_private)
#endif
auth->ah_ops = &auth_unix_ops;
auth->ah_private = (caddr_t)au;
- auth->ah_verf = au->au_shcred = _null_auth;
+ auth->ah_verf = au->au_shcred = gssrpc__null_auth;
au->au_shfaults = 0;
/*
aup.aup_machname = machname;
aup.aup_uid = uid;
aup.aup_gid = gid;
- aup.aup_len = (unsigned int)len;
+ aup.aup_len = (u_int)len;
aup.aup_gids = aup_gids;
/*
au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
au->au_origcred.oa_flavor = AUTH_UNIX;
#ifdef KERNEL
- au->au_origcred.oa_base = mem_alloc((unsigned int) len);
+ au->au_origcred.oa_base = mem_alloc((u_int) len);
#else
- if ((au->au_origcred.oa_base = mem_alloc((unsigned int) len)) == NULL) {
+ if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) {
(void)fprintf(stderr, "authunix_create: out of memory\n");
return (NULL);
}
#endif
- memmove(au->au_origcred.oa_base, mymem, (unsigned int)len);
+ memmove(au->au_origcred.oa_base, mymem, (u_int)len);
/*
* set auth handle to reflect new cred.
au->au_shcred.oa_length);
au->au_shcred.oa_base = NULL;
}
- if (gssrpc_xdr_opaque_auth(&xdrs, &au->au_shcred)) {
+ if (xdr_opaque_auth(&xdrs, &au->au_shcred)) {
auth->ah_cred = au->au_shcred;
} else {
xdrs.x_op = XDR_FREE;
- (void)gssrpc_xdr_opaque_auth(&xdrs, &au->au_shcred);
+ (void)xdr_opaque_auth(&xdrs, &au->au_shcred);
au->au_shcred.oa_base = NULL;
auth->ah_cred = au->au_origcred;
}
register struct audata *au = AUTH_PRIVATE(auth);
xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
- if ((! gssrpc_xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
- (! gssrpc_xdr_opaque_auth(xdrs, &(auth->ah_verf)))) {
+ if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
+ (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) {
perror("auth_none.c - Fatal marshalling problem");
} else {
au->au_mpos = XDR_GETPOS(xdrs);
}
XDR_DESTROY(xdrs);
}
+
+static bool_t
+authunix_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xfunc, caddr_t xwhere)
+{
+ return ((*xfunc)(xdrs, xwhere));
+}
* Copyright (C) 1984, Sun Microsystems, Inc.
*/
+#ifndef GSSRPC_AUTH_UNIX_H
+#define GSSRPC_AUTH_UNIX_H
+
+GSSRPC__BEGIN_DECLS
/*
* The system is very weak. The client uses no encryption for it
* credentials and only sends null verifiers. The server sends backs
* Unix style credentials.
*/
struct authunix_parms {
- rpc_u_int32 aup_time;
+ uint32_t aup_time;
char *aup_machname;
int aup_uid;
int aup_gid;
- unsigned int aup_len;
+ u_int aup_len;
int *aup_gids;
};
-#define xdr_authunix_parms gssrpc_xdr_authunix_parms
extern bool_t xdr_authunix_parms(XDR *, struct authunix_parms *);
/*
struct short_hand_verf {
struct opaque_auth new_cred;
};
+
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_AUTH_UNIX_H) */
--- /dev/null
+/*
+ authgss_prot.c
+
+ Copyright (c) 2000 The Regents of the University of Michigan.
+ All rights reserved.
+
+ Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+ All rights reserved, all wrongs reversed.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ Id: authgss_prot.c,v 1.18 2000/09/01 04:14:03 dugsong Exp
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <gssrpc/rpc.h>
+#ifdef HAVE_HEIMDAL
+#include <gssapi.h>
+#else
+#include <gssapi/gssapi.h>
+#endif
+
+bool_t
+xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
+{
+ bool_t xdr_stat;
+
+ xdr_stat = (xdr_u_int(xdrs, &p->gc_v) &&
+ xdr_enum(xdrs, (enum_t *)&p->gc_proc) &&
+ xdr_u_int32(xdrs, &p->gc_seq) &&
+ xdr_enum(xdrs, (enum_t *)&p->gc_svc) &&
+ xdr_bytes(xdrs, (char **)&p->gc_ctx.value,
+ &p->gc_ctx.length, MAX_AUTH_BYTES));
+
+ log_debug("xdr_rpc_gss_cred: %s %s "
+ "(v %d, proc %d, seq %d, svc %d, ctx %p:%d)",
+ (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
+ (xdr_stat == TRUE) ? "success" : "failure",
+ p->gc_v, p->gc_proc, p->gc_seq, p->gc_svc,
+ p->gc_ctx.value, p->gc_ctx.length);
+
+ return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
+{
+ bool_t xdr_stat;
+
+ xdr_stat = xdr_bytes(xdrs, (char **)&p->value,
+ &p->length, MAX_NETOBJ_SZ);
+
+ log_debug("xdr_rpc_gss_init_args: %s %s (token %p:%d)",
+ (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
+ (xdr_stat == TRUE) ? "success" : "failure",
+ p->value, p->length);
+
+ return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
+{
+ bool_t xdr_stat;
+
+ xdr_stat = (xdr_bytes(xdrs, (char **)&p->gr_ctx.value,
+ &p->gr_ctx.length, MAX_NETOBJ_SZ) &&
+ xdr_u_int32(xdrs, &p->gr_major) &&
+ xdr_u_int32(xdrs, &p->gr_minor) &&
+ xdr_u_int32(xdrs, &p->gr_win) &&
+ xdr_bytes(xdrs, (char **)&p->gr_token.value,
+ &p->gr_token.length, MAX_NETOBJ_SZ));
+
+ log_debug("xdr_rpc_gss_init_res %s %s "
+ "(ctx %p:%d, maj %d, min %d, win %d, token %p:%d)",
+ (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
+ (xdr_stat == TRUE) ? "success" : "failure",
+ p->gr_ctx.value, p->gr_ctx.length,
+ p->gr_major, p->gr_minor, p->gr_win,
+ p->gr_token.value, p->gr_token.length);
+
+ return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
+ gss_ctx_id_t ctx, gss_qop_t qop,
+ rpc_gss_svc_t svc, uint32_t seq)
+{
+ gss_buffer_desc databuf, wrapbuf;
+ OM_uint32 maj_stat, min_stat;
+ int start, end, conf_state;
+ bool_t xdr_stat;
+
+ /* Skip databody length. */
+ start = XDR_GETPOS(xdrs);
+ XDR_SETPOS(xdrs, start + 4);
+
+ /* Marshal rpc_gss_data_t (sequence number + arguments). */
+ if (!xdr_u_int32(xdrs, &seq) || !(*xdr_func)(xdrs, xdr_ptr))
+ return (FALSE);
+ end = XDR_GETPOS(xdrs);
+
+ /* Set databuf to marshalled rpc_gss_data_t. */
+ databuf.length = end - start - 4;
+ XDR_SETPOS(xdrs, start + 4);
+ databuf.value = XDR_INLINE(xdrs, databuf.length);
+
+ xdr_stat = FALSE;
+
+ if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
+ /* Marshal databody_integ length. */
+ XDR_SETPOS(xdrs, start);
+ if (!xdr_u_int(xdrs, &databuf.length))
+ return (FALSE);
+
+ /* Checksum rpc_gss_data_t. */
+ maj_stat = gss_get_mic(&min_stat, ctx, qop,
+ &databuf, &wrapbuf);
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_debug("gss_get_mic failed");
+ return (FALSE);
+ }
+ /* Marshal checksum. */
+ XDR_SETPOS(xdrs, end);
+ xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value,
+ &wrapbuf.length, MAX_NETOBJ_SZ);
+ gss_release_buffer(&min_stat, &wrapbuf);
+ }
+ else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
+ /* Encrypt rpc_gss_data_t. */
+ maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf,
+ &conf_state, &wrapbuf);
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_wrap", maj_stat, min_stat);
+ return (FALSE);
+ }
+ /* Marshal databody_priv. */
+ XDR_SETPOS(xdrs, start);
+ xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value,
+ &wrapbuf.length, MAX_NETOBJ_SZ);
+ gss_release_buffer(&min_stat, &wrapbuf);
+ }
+ return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
+ gss_ctx_id_t ctx, gss_qop_t qop,
+ rpc_gss_svc_t svc, uint32_t seq)
+{
+ XDR tmpxdrs;
+ gss_buffer_desc databuf, wrapbuf;
+ OM_uint32 maj_stat, min_stat;
+ u_int seq_num, conf_state, qop_state;
+ bool_t xdr_stat;
+
+ if (xdr_func == xdr_void || xdr_ptr == NULL)
+ return (TRUE);
+
+ memset(&databuf, 0, sizeof(databuf));
+ memset(&wrapbuf, 0, sizeof(wrapbuf));
+
+ if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
+ /* Decode databody_integ. */
+ if (!xdr_bytes(xdrs, (char **)&databuf.value, &databuf.length,
+ MAX_NETOBJ_SZ)) {
+ log_debug("xdr decode databody_integ failed");
+ return (FALSE);
+ }
+ /* Decode checksum. */
+ if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, &wrapbuf.length,
+ MAX_NETOBJ_SZ)) {
+ gss_release_buffer(&min_stat, &databuf);
+ log_debug("xdr decode checksum failed");
+ return (FALSE);
+ }
+ /* Verify checksum and QOP. */
+ maj_stat = gss_verify_mic(&min_stat, ctx, &databuf,
+ &wrapbuf, &qop_state);
+ gss_release_buffer(&min_stat, &wrapbuf);
+
+ if (maj_stat != GSS_S_COMPLETE || qop_state != qop) {
+ gss_release_buffer(&min_stat, &databuf);
+ log_status("gss_verify_mic", maj_stat, min_stat);
+ return (FALSE);
+ }
+ }
+ else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
+ /* Decode databody_priv. */
+ if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, &wrapbuf.length,
+ MAX_NETOBJ_SZ)) {
+ log_debug("xdr decode databody_priv failed");
+ return (FALSE);
+ }
+ /* Decrypt databody. */
+ maj_stat = gss_unwrap(&min_stat, ctx, &wrapbuf, &databuf,
+ &conf_state, &qop_state);
+
+ gss_release_buffer(&min_stat, &wrapbuf);
+
+ /* Verify encryption and QOP. */
+ if (maj_stat != GSS_S_COMPLETE || qop_state != qop ||
+ conf_state != TRUE) {
+ gss_release_buffer(&min_stat, &databuf);
+ log_status("gss_unwrap", maj_stat, min_stat);
+ return (FALSE);
+ }
+ }
+ /* Decode rpc_gss_data_t (sequence number + arguments). */
+ xdrmem_create(&tmpxdrs, databuf.value, databuf.length, XDR_DECODE);
+ xdr_stat = (xdr_u_int32(&tmpxdrs, &seq_num) &&
+ (*xdr_func)(&tmpxdrs, xdr_ptr));
+ XDR_DESTROY(&tmpxdrs);
+ gss_release_buffer(&min_stat, &databuf);
+
+ /* Verify sequence number. */
+ if (xdr_stat == TRUE && seq_num != seq) {
+ log_debug("wrong sequence number in databody");
+ return (FALSE);
+ }
+ return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
+ gss_ctx_id_t ctx, gss_qop_t qop,
+ rpc_gss_svc_t svc, uint32_t seq)
+{
+ switch (xdrs->x_op) {
+
+ case XDR_ENCODE:
+ return (xdr_rpc_gss_wrap_data(xdrs, xdr_func, xdr_ptr,
+ ctx, qop, svc, seq));
+ case XDR_DECODE:
+ return (xdr_rpc_gss_unwrap_data(xdrs, xdr_func, xdr_ptr,
+ ctx, qop,svc, seq));
+ case XDR_FREE:
+ return (TRUE);
+ }
+ return (FALSE);
+}
+
+#ifdef DEBUG
+#include <ctype.h>
+
+void
+log_debug(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ fprintf(stderr, "rpcsec_gss: ");
+ vfprintf(stderr, fmt, ap);
+ fprintf(stderr, "\n");
+ va_end(ap);
+}
+
+void
+log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
+{
+ OM_uint32 min, msg_ctx;
+ gss_buffer_desc msgg, msgm;
+
+ msg_ctx = 0;
+ gss_display_status(&min, maj_stat, GSS_C_GSS_CODE, GSS_C_NULL_OID,
+ &msg_ctx, &msgg);
+ msg_ctx = 0;
+ gss_display_status(&min, min_stat, GSS_C_MECH_CODE, GSS_C_NULL_OID,
+ &msg_ctx, &msgm);
+
+ log_debug("%s: %.*s - %.*s\n", m,
+ msgg.length, (char *)msgg.value,
+ msgm.length, (char *)msgm.value);
+
+ gss_release_buffer(&min, &msgg);
+ gss_release_buffer(&min, &msgm);
+}
+
+void
+log_hexdump(const u_char *buf, int len, int offset)
+{
+ u_int i, j, jm;
+ int c;
+
+ fprintf(stderr, "\n");
+ for (i = 0; i < len; i += 0x10) {
+ fprintf(stderr, " %04x: ", (u_int)(i + offset));
+ jm = len - i;
+ jm = jm > 16 ? 16 : jm;
+
+ for (j = 0; j < jm; j++) {
+ if ((j % 2) == 1)
+ fprintf(stderr, "%02x ", (u_int) buf[i+j]);
+ else
+ fprintf(stderr, "%02x", (u_int) buf[i+j]);
+ }
+ for (; j < 16; j++) {
+ if ((j % 2) == 1) printf(" ");
+ else fprintf(stderr, " ");
+ }
+ fprintf(stderr, " ");
+
+ for (j = 0; j < jm; j++) {
+ c = buf[i+j];
+ c = isprint(c) ? c : '.';
+ fprintf(stderr, "%c", c);
+ }
+ fprintf(stderr, "\n");
+ }
+}
+
+#else
+
+void
+log_debug(const char *fmt, ...)
+{
+}
+
+void
+log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
+{
+}
+
+void
+log_hexdump(const u_char *buf, int len, int offset)
+{
+}
+
+#endif
+
+
* Bind a socket to a privileged IP port
*/
int
-gssrpc_bindresvport(sd, sockin)
+bindresvport(sd, sockin)
int sd;
struct sockaddr_in *sockin;
{
* Copyright (C) 1984, Sun Microsystems, Inc.
*/
-#ifndef _CLNT_
-#define _CLNT_
+#ifndef GSSRPC_CLNT_H
+#define GSSRPC_CLNT_H
+GSSRPC__BEGIN_DECLS
/*
* Rpc calls return an enum clnt_stat. This should be looked at more,
* since each implementation is required to live with this (implementation
int RE_errno; /* realated system error */
enum auth_stat RE_why; /* why the auth error occurred */
struct {
- rpc_u_int32 low; /* lowest verion supported */
- rpc_u_int32 high; /* highest verion supported */
+ rpcvers_t low; /* lowest verion supported */
+ rpcvers_t high; /* highest verion supported */
} RE_vers;
struct { /* maybe meaningful if RPC_FAILED */
- rpc_int32 s1;
- rpc_int32 s2;
+ int32_t s1;
+ int32_t s2;
} RE_lb; /* life boot & debugging only */
} ru;
#define re_errno ru.RE_errno
* Created by individual implementations, see e.g. rpc_udp.c.
* Client is responsible for initializing auth, see e.g. auth_none.c.
*/
-typedef struct __rpc_client {
+typedef struct CLIENT {
AUTH *cl_auth; /* authenticator */
struct clnt_ops {
/* call remote procedure */
- enum clnt_stat (*cl_call)(struct __rpc_client *,
- rpc_u_int32, xdrproc_t, void *,
+ enum clnt_stat (*cl_call)(struct CLIENT *,
+ rpcproc_t, xdrproc_t, void *,
xdrproc_t, void *,
struct timeval);
/* abort a call */
- void (*cl_abort)(struct __rpc_client *);
+ void (*cl_abort)(struct CLIENT *);
/* get specific error code */
- void (*cl_geterr)(struct __rpc_client *,
+ void (*cl_geterr)(struct CLIENT *,
struct rpc_err *);
/* frees results */
- bool_t (*cl_freeres)(struct __rpc_client *,
+ bool_t (*cl_freeres)(struct CLIENT *,
xdrproc_t, void *);
/* destroy this structure */
- void (*cl_destroy)(struct __rpc_client *);
+ void (*cl_destroy)(struct CLIENT *);
/* the ioctl() of rpc */
- bool_t (*cl_control)(struct __rpc_client *, int,
+ /* XXX CITI makes 2nd arg take u_int */
+ bool_t (*cl_control)(struct CLIENT *, int,
void *);
} *cl_ops;
void *cl_private; /* private stuff */
* enum clnt_stat
* CLNT_CALL(rh, proc, xargs, argsp, xres, resp, timeout)
* CLIENT *rh;
- * rpc_u_int32 proc;
+ * rpcproc_t proc;
* xdrproc_t xargs;
* caddr_t argsp;
* xdrproc_t xres;
* bool_t
* CLNT_CONTROL(cl, request, info)
* CLIENT *cl;
- * unsigned int request;
+ * u_int request;
* char *info;
*/
#define CLNT_CONTROL(cl,rq,in) ((*(cl)->cl_ops->cl_control)(cl,rq,in))
* and network administration.
*/
-#define RPCTEST_PROGRAM ((rpc_u_int32)1)
-#define RPCTEST_VERSION ((rpc_u_int32)1)
-#define RPCTEST_NULL_PROC ((rpc_u_int32)2)
-#define RPCTEST_NULL_BATCH_PROC ((rpc_u_int32)3)
+#define RPCTEST_PROGRAM ((rpcprog_t)1)
+#define RPCTEST_VERSION ((rpcvers_t)1)
+#define RPCTEST_NULL_PROC ((rpcproc_t)2)
+#define RPCTEST_NULL_BATCH_PROC ((rpcproc_t)3)
/*
* By convention, procedure 0 takes null arguments and returns them
*/
-#define NULLPROC ((rpc_u_int32)0)
+#define NULLPROC ((rpcproc_t)0)
/*
* Below are the client handle creation routines for the various
* Memory based rpc (for speed check and testing)
* CLIENT *
* clntraw_create(prog, vers)
- * rpc_u_int32 prog;
- * rpc_u_int32 vers;
+ * rpcprog_t prog;
+ * rpcvers_t vers;
*/
-#define clntraw_create gssrpc_clntraw_create
-extern CLIENT *clntraw_create(rpc_u_int32, rpc_u_int32);
-
+extern CLIENT *clntraw_create(rpcprog_t, rpcvers_t);
/*
* Generic client creation routine. Supported protocols are "udp" and "tcp"
*/
-#define clnt_create gssrpc_clnt_create
-extern CLIENT *
-clnt_create(char *, rpc_u_int32, rpc_u_int32, char *);
-
+extern CLIENT *clnt_create(char *, rpcprog_t, rpcvers_t, char *);
/*
* CLIENT *
* clnttcp_create(raddr, prog, vers, sockp, sendsz, recvsz)
* struct sockaddr_in *raddr;
- * rpc_u_int32 prog;
- * rpc_u_int32 version;
+ * rpcprog_t prog;
+ * rpcvers_t version;
* register int *sockp;
- * unsigned int sendsz;
- * unsigned int recvsz;
+ * u_int sendsz;
+ * u_int recvsz;
*/
-#define clnttcp_create gssrpc_clnttcp_create
-extern CLIENT *clnttcp_create(struct sockaddr_in *, rpc_u_int32, rpc_u_int32,
- int *, unsigned int, unsigned int);
+extern CLIENT *clnttcp_create(struct sockaddr_in *, rpcprog_t, rpcvers_t,
+ int *, u_int, u_int);
/*
* UDP based rpc.
* CLIENT *
* clntudp_create(raddr, program, version, wait, sockp)
* struct sockaddr_in *raddr;
- * rpc_u_int32 program;
- * rpc_u_int32 version;
+ * rpcprog_t program;
+ * rpcvers_t version;
* struct timeval wait;
* int *sockp;
*
* CLIENT *
* clntudp_bufcreate(raddr, program, version, wait, sockp, sendsz, recvsz)
* struct sockaddr_in *raddr;
- * rpc_u_int32 program;
- * rpc_u_int32 version;
+ * rpcprog_t program;
+ * rpcvers_t version;
* struct timeval wait;
* int *sockp;
- * unsigned int sendsz;
- * unsigned int recvsz;
+ * u_int sendsz;
+ * u_int recvsz;
*/
-#define clntudp_create gssrpc_clntudp_create
-#define clntudp_bufcreate gssrpc_clntudp_bufcreate
-extern CLIENT *clntudp_create(struct sockaddr_in *, rpc_u_int32,
- rpc_u_int32, struct timeval, int *);
-extern CLIENT *clntudp_bufcreate(struct sockaddr_in *, rpc_u_int32,
- rpc_u_int32, struct timeval, int *,
- unsigned int, unsigned int);
-
-#define _rpc_dtablesize _gssrpc_rpc_dtablesize
-extern int _rpc_dtablesize(void);
+extern CLIENT *clntudp_create(struct sockaddr_in *, rpcprog_t,
+ rpcvers_t, struct timeval, int *);
+extern CLIENT *clntudp_bufcreate(struct sockaddr_in *, rpcprog_t,
+ rpcvers_t, struct timeval, int *,
+ u_int, u_int);
+
/*
* Print why creation failed
*/
-#define clnt_pcreateerror gssrpc_clnt_pcreateerror
-#define clnt_spcreateerror gssrpc_clnt_spcreateerror
void clnt_pcreateerror(char *); /* stderr */
char *clnt_spcreateerror(char *); /* string */
/*
* Like clnt_perror(), but is more verbose in its output
*/
-#define clnt_perrno gssrpc_clnt_perrno
-void clnt_perrno(enum clnt_stat num); /* stderr */
+void clnt_perrno(enum clnt_stat); /* stderr */
/*
* Print an English error message, given the client error code
*/
-#define clnt_perror gssrpc_clnt_perror
-#define clnt_sperror gssrpc_clnt_sperror
void clnt_perror(CLIENT *, char *); /* stderr */
char *clnt_sperror(CLIENT *, char *); /* string */
/*
* If a creation fails, the following allows the user to figure out why.
*/
-#define rpc_createerr gssrpc_rpc_createrr
struct rpc_createerr {
enum clnt_stat cf_stat;
struct rpc_err cf_error; /* useful when cf_stat == RPC_PMAPFAILURE */
/*
* Copy error message to buffer.
*/
-#define clnt_sperrno gssrpc_clnt_sperrno
char *clnt_sperrno(enum clnt_stat num); /* string */
#define UDPMSGSIZE 8800 /* rpc imposed limit on udp msg size */
#define RPCSMALLMSGSIZE 400 /* a more reasonable packet size */
-#endif /*!_CLNT_*/
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_CLNT_H) */
CLIENT *
clnt_create(hostname, prog, vers, proto)
char *hostname;
- unsigned prog;
- unsigned vers;
+ rpcprog_t prog;
+ rpcvers_t vers;
char *proto;
{
struct hostent *h;
static char *buf;
static char *
-_buf()
+get_buf()
{
if (buf == NULL)
buf = (char *)malloc(BUFSIZ);
struct rpc_err e;
void clnt_perrno();
char *err;
- char *bufstart = _buf();
+ char *bufstart = get_buf();
char *str = bufstart;
char *strstart = str;
if(str - bufstart + 33 + 22 < BUFSIZ)
(void) sprintf(str,
"; low version = %lu, high version = %lu",
- (unsigned long) e.re_vers.low,
- (unsigned long) e.re_vers.high);
+ (u_long) e.re_vers.low,
+ (u_long) e.re_vers.high);
str += strlen(str);
break;
if(str - bufstart + 33 + 22 < BUFSIZ)
(void) sprintf(str,
"; low version = %lu, high version = %lu",
- (unsigned long) e.re_vers.low,
- (unsigned long) e.re_vers.high);
+ (u_long) e.re_vers.low,
+ (u_long) e.re_vers.high);
str += strlen(str);
break;
if(str - bufstart + 14 + 22 < BUFSIZ)
(void) sprintf(str,
"; s1 = %lu, s2 = %lu",
- (unsigned long) e.re_lb.s1,
- (unsigned long) e.re_lb.s2);
+ (u_long) e.re_lb.s1,
+ (u_long) e.re_lb.s2);
str += strlen(str);
break;
}
clnt_spcreateerror(s)
char *s;
{
- char *str = _buf();
+ char *str = get_buf();
if (str == 0)
return(0);
struct rpc_msg mashl_rpcmsg;
char mashl_callmsg[MCALL_MSG_SIZE];
} u;
- unsigned int mcnt;
+ u_int mcnt;
} *clntraw_private;
-static enum clnt_stat clntraw_call(CLIENT *, rpc_u_int32, xdrproc_t,
+static enum clnt_stat clntraw_call(CLIENT *, rpcproc_t, xdrproc_t,
void *, xdrproc_t, void *,
struct timeval);
static void clntraw_abort(CLIENT *);
*/
CLIENT *
clntraw_create(prog, vers)
- rpc_u_int32 prog;
- rpc_u_int32 vers;
+ rpcprog_t prog;
+ rpcvers_t vers;
{
register struct clntraw_private *clp = clntraw_private;
struct rpc_msg call_msg;
static enum clnt_stat
clntraw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
CLIENT *h;
- rpc_u_int32 proc;
+ rpcproc_t proc;
xdrproc_t xargs;
void * argsp;
xdrproc_t xresults;
*/
xdrs->x_op = XDR_DECODE;
XDR_SETPOS(xdrs, 0);
- msg.acpted_rply.ar_verf = _null_auth;
+ msg.acpted_rply.ar_verf = gssrpc__null_auth;
msg.acpted_rply.ar_results.where = resultsp;
msg.acpted_rply.ar_results.proc = xresults;
if (! xdr_replymsg(xdrs, &msg)) {
xdrs->x_op = op;
return (RPC_CANTDECODERES);
}
- sunrpc_seterr_reply(&msg, &error);
+ gssrpc__seterr_reply(&msg, &error);
status = error.re_status;
if (status == RPC_SUCCESS) {
}
if (msg.acpted_rply.ar_verf.oa_base != NULL) {
xdrs->x_op = XDR_FREE;
- (void)gssrpc_xdr_opaque_auth(xdrs, &(msg.acpted_rply.ar_verf));
+ (void)xdr_opaque_auth(xdrs, &(msg.acpted_rply.ar_verf));
}
}
} *callrpc_private;
int
-gssrpc_callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out)
+callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out)
char *host;
xdrproc_t inproc, outproc;
- rpc_u_int32 prognum, versnum, procnum;
+ rpcprog_t prognum;
+ rpcvers_t versnum;
+ rpcproc_t procnum;
char *in, *out;
{
register struct callrpc_private *crp = callrpc_private;
sizeof(server_addr.sin_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_port = 0;
- if ((crp->client = clntudp_create(&server_addr, (rpc_u_int32)prognum,
- (rpc_u_int32)versnum, timeout, &crp->socket)) == NULL)
+ if ((crp->client = clntudp_create(&server_addr, prognum,
+ versnum, timeout, &crp->socket)) == NULL)
return ((int) rpc_createerr.cf_stat);
crp->valid = 1;
crp->oldprognum = prognum;
#include <sys/socket.h>
#include <netdb.h>
#include <errno.h>
+#include <string.h>
#include <gssrpc/pmap_clnt.h>
/* FD_ZERO may need memset declaration (e.g., Solaris 9) */
#include <string.h>
#define MCALL_MSG_SIZE 24
-static enum clnt_stat clnttcp_call(CLIENT *, rpc_u_int32, xdrproc_t, void *,
+static enum clnt_stat clnttcp_call(CLIENT *, rpcproc_t, xdrproc_t, void *,
xdrproc_t, void *, struct timeval);
static void clnttcp_abort(CLIENT *);
static void clnttcp_geterr(CLIENT *, struct rpc_err *);
struct rpc_err ct_error;
union {
char ct_mcall[MCALL_MSG_SIZE]; /* marshalled callmsg */
- rpc_u_int32 ct_mcalli;
+ uint32_t ct_mcalli;
} ct_u;
- unsigned int ct_mpos; /* pos after marshal */
+ u_int ct_mpos; /* pos after marshal */
XDR ct_xdrs;
};
CLIENT *
clnttcp_create(raddr, prog, vers, sockp, sendsz, recvsz)
struct sockaddr_in *raddr;
- rpc_u_int32 prog;
- rpc_u_int32 vers;
+ rpcprog_t prog;
+ rpcvers_t vers;
register int *sockp;
- unsigned int sendsz;
- unsigned int recvsz;
+ u_int sendsz;
+ u_int recvsz;
{
CLIENT *h;
register struct ct_data *ct = 0;
* If no port number given ask the pmap for one
*/
if (raddr->sin_port == 0) {
- unsigned short port;
+ u_short port;
if ((port = pmap_getport(raddr, prog, vers, IPPROTO_TCP)) == 0) {
mem_free((caddr_t)ct, sizeof(struct ct_data));
mem_free((caddr_t)h, sizeof(CLIENT));
*/
if (*sockp < 0) {
*sockp = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
- (void)gssrpc_bindresvport(*sockp, (struct sockaddr_in *)0);
+ (void)bindresvport(*sockp, (struct sockaddr_in *)0);
if ((*sockp < 0)
|| (connect(*sockp, (struct sockaddr *)raddr,
sizeof(*raddr)) < 0)) {
static enum clnt_stat
clnttcp_call(h, proc, xdr_args, args_ptr, xdr_results, results_ptr, timeout)
register CLIENT *h;
- rpc_u_int32 proc;
+ rpcproc_t proc;
xdrproc_t xdr_args;
void * args_ptr;
xdrproc_t xdr_results;
register struct ct_data *ct = (struct ct_data *) h->cl_private;
register XDR *xdrs = &(ct->ct_xdrs);
struct rpc_msg reply_msg;
- rpc_u_int32 x_id;
- rpc_u_int32 *msg_x_id = &ct->ct_u.ct_mcalli; /* yuk */
+ uint32_t x_id;
+ uint32_t *msg_x_id = &ct->ct_u.ct_mcalli; /* yuk */
register bool_t shipnow;
int refreshes = 2;
long procl = proc;
*/
xdrs->x_op = XDR_DECODE;
while (TRUE) {
- reply_msg.acpted_rply.ar_verf = _null_auth;
+ reply_msg.acpted_rply.ar_verf = gssrpc__null_auth;
reply_msg.acpted_rply.ar_results.where = NULL;
reply_msg.acpted_rply.ar_results.proc = xdr_void;
if (! xdrrec_skiprecord(xdrs))
/*
* process header
*/
- sunrpc_seterr_reply(&reply_msg, &(ct->ct_error));
+ gssrpc__seterr_reply(&reply_msg, &(ct->ct_error));
if (ct->ct_error.re_status == RPC_SUCCESS) {
if (! AUTH_VALIDATE(h->cl_auth, &reply_msg.acpted_rply.ar_verf)) {
ct->ct_error.re_status = RPC_AUTHERROR;
if ((reply_msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
(reply_msg.acpted_rply.ar_verf.oa_base != NULL)) {
xdrs->x_op = XDR_FREE;
- (void)gssrpc_xdr_opaque_auth(xdrs, &(reply_msg.acpted_rply.ar_verf));
+ (void)xdr_opaque_auth(xdrs, &(reply_msg.acpted_rply.ar_verf));
}
return (ct->ct_error.re_status);
}
while (TRUE) {
readfds = mask;
tout = ct->ct_wait;
- switch (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set*)NULL, (fd_set*)NULL,
+ switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set*)NULL, (fd_set*)NULL,
&tout)) {
case 0:
ct->ct_error.re_status = RPC_TIMEDOUT;
#endif
#include <netdb.h>
#include <errno.h>
+#include <string.h>
#include <gssrpc/pmap_clnt.h>
#include <errno.h>
/*
* UDP bases client side rpc operations
*/
-static enum clnt_stat clntudp_call(CLIENT *, rpc_u_int32, xdrproc_t, void *,
+static enum clnt_stat clntudp_call(CLIENT *, rpcproc_t, xdrproc_t, void *,
xdrproc_t, void *, struct timeval);
static void clntudp_abort(CLIENT *);
static void clntudp_geterr(CLIENT *, struct rpc_err *);
struct timeval cu_total;
struct rpc_err cu_error;
XDR cu_outxdrs;
- unsigned int cu_xdrpos;
- unsigned int cu_sendsz;
+ u_int cu_xdrpos;
+ u_int cu_sendsz;
char *cu_outbuf;
- unsigned int cu_recvsz;
+ u_int cu_recvsz;
char cu_inbuf[1];
};
CLIENT *
clntudp_bufcreate(raddr, program, version, wait, sockp, sendsz, recvsz)
struct sockaddr_in *raddr;
- rpc_u_int32 program;
- rpc_u_int32 version;
+ rpcprog_t program;
+ rpcvers_t version;
struct timeval wait;
register int *sockp;
- unsigned int sendsz;
- unsigned int recvsz;
+ u_int sendsz;
+ u_int recvsz;
{
CLIENT *cl;
register struct cu_data *cu = 0;
(void)gettimeofday(&now, (struct timezone *)0);
if (raddr->sin_port == 0) {
- unsigned short port;
+ u_short port;
if ((port =
pmap_getport(raddr, program, version, IPPROTO_UDP)) == 0) {
goto fooy;
goto fooy;
}
/* attempt to bind to prov port */
- (void)gssrpc_bindresvport(*sockp, (struct sockaddr_in *)0);
+ (void)bindresvport(*sockp, (struct sockaddr_in *)0);
/* the sockets rpc controls are non-blocking */
(void)ioctl(*sockp, FIONBIO, (char *) &dontblock);
cu->cu_closeit = TRUE;
CLIENT *
clntudp_create(raddr, program, version, wait, sockp)
struct sockaddr_in *raddr;
- rpc_u_int32 program;
- rpc_u_int32 version;
+ rpcprog_t program;
+ rpcvers_t version;
struct timeval wait;
register int *sockp;
{
static enum clnt_stat
clntudp_call(cl, proc, xargs, argsp, xresults, resultsp, utimeout)
register CLIENT *cl; /* client handle */
- rpc_u_int32 proc; /* procedure number */
+ rpcproc_t proc; /* procedure number */
xdrproc_t xargs; /* xdr routine for args */
void * argsp; /* pointer to args */
xdrproc_t xresults; /* xdr routine for results */
/*
* the transaction is the first thing in the out buffer
*/
- (*(rpc_u_int32 *)(void *)(cu->cu_outbuf))++;
+ (*(uint32_t *)(void *)(cu->cu_outbuf))++;
if ((! XDR_PUTLONG(xdrs, &procl)) ||
(! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
(! AUTH_WRAP(cl->cl_auth, xdrs, xargs, argsp)))
* some clock time to spare while the packets are in flight.
* (We assume that this is actually only executed once.)
*/
- reply_msg.acpted_rply.ar_verf = _null_auth;
+ reply_msg.acpted_rply.ar_verf = gssrpc__null_auth;
reply_msg.acpted_rply.ar_results.where = NULL;
reply_msg.acpted_rply.ar_results.proc = xdr_void;
#ifdef FD_SETSIZE
for (;;) {
readfds = mask;
seltimeout = cu->cu_wait;
- switch (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set *)NULL,
+ switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL,
(fd_set *)NULL, &seltimeout)) {
case 0:
cu->cu_error.re_errno = errno;
return (cu->cu_error.re_status = RPC_CANTRECV);
}
- if (inlen < sizeof(rpc_u_int32))
+ if (inlen < sizeof(uint32_t))
continue;
/* see if reply transaction id matches sent id */
- if (*((rpc_u_int32 *)(void *)(cu->cu_inbuf)) !=
- *((rpc_u_int32 *)(void *)(cu->cu_outbuf)))
+ if (*((uint32_t *)(void *)(cu->cu_inbuf)) !=
+ *((uint32_t *)(void *)(cu->cu_outbuf)))
continue;
/* we now assume we have the proper reply */
break;
/*
* now decode and validate the response
*/
- xdrmem_create(&reply_xdrs, cu->cu_inbuf, (unsigned int)inlen, XDR_DECODE);
+ xdrmem_create(&reply_xdrs, cu->cu_inbuf, (u_int)inlen, XDR_DECODE);
ok = xdr_replymsg(&reply_xdrs, &reply_msg);
/* XDR_DESTROY(&reply_xdrs); save a few cycles on noop destroy */
if (ok) {
- sunrpc_seterr_reply(&reply_msg, &(cu->cu_error));
+ gssrpc__seterr_reply(&reply_msg, &(cu->cu_error));
if (cu->cu_error.re_status == RPC_SUCCESS) {
if (! AUTH_VALIDATE(cl->cl_auth,
&reply_msg.acpted_rply.ar_verf)) {
if ((reply_msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
(reply_msg.acpted_rply.ar_verf.oa_base != NULL)) {
xdrs->x_op = XDR_FREE;
- (void)gssrpc_xdr_opaque_auth(xdrs,
+ (void)xdr_opaque_auth(xdrs,
&(reply_msg.acpted_rply.ar_verf));
}
} /* end of valid reply message */
AC_CONFIG_SUBDIRS(unit-test)
AC_CHECK_HEADERS(sys/uio.h)
AC_TYPE_GETGROUPS
-dnl Arrange for types.hin to include stdlib.h
-AC_CHECK_HEADER(stdlib.h, [
- STDLIB_INCLUDE="#include <stdlib.h>"],
- [STDLIB_INCLUDE=""])
-AC_SUBST(STDLIB_INCLUDE) dnl
### Check where struct rpcent is declared.
#
# This is necessary to determine:
rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'])
AC_SUBST(rpcent_define)
-AC_CHECK_SIZEOF(int)
-SIZEOF_INT=$ac_cv_sizeof_int
-AC_SUBST(SIZEOF_INT)
-AC_CHECK_SIZEOF(long)
-SIZEOF_LONG=$ac_cv_sizeof_long
-AC_SUBST(SIZEOF_LONG)
+AC_CHECK_HEADERS(sys/select.h sys/time.h unistd.h)
+if test $ac_cv_header_sys_select_h = yes; then
+ GSSRPC__SYS_SELECT_H='#include <sys/select.h>'
+else
+ GSSRPC__SYS_SELECT_H='/* #include <sys/select.h> */'
+fi
+AC_SUBST(GSSRPC__SYS_SELECT_H)
+if test $ac_cv_header_sys_time_h = yes; then
+ GSSRPC__SYS_TIME_H='#include <sys/time.h>'
+else
+ GSSRPC__SYS_TIME_H='/* #include <sys/time.h> */'
+fi
+AC_SUBST(GSSRPC__SYS_TIME_H)
+if test $ac_cv_header_unistd_h = yes; then
+ GSSRPC__UNISTD_H='#include <unistd.h>'
+else
+ GSSRPC__UNISTD_H='/* #include <unistd.h> */'
+fi
+AC_SUBST(GSSRPC__UNISTD_H)
+
+AC_CACHE_CHECK([for MAXHOSTNAMELEN in sys/param.h],
+ [krb5_cv_header_sys_param_h_maxhostnamelen],
+ [AC_TRY_COMPILE([#include <sys/param.h>],
+ [int i = MAXHOSTNAMELEN;],
+ [krb5_cv_headersys_param_h_maxhostnamelen=yes],
+ [krb5_cv_header_sys_param_h_maxhostnamelen=no])])
+AC_CACHE_CHECK([for MAXHOSTNAMELEN in netdb.h],
+ [krb5_cv_header_netdb_h_maxhostnamelen],
+ [AC_TRY_COMPILE([#include <netdb.h>],
+ [int i = MAXHOSTNAMELEN;],
+ [krb5_cv_header_netdb_h_maxhostnamelen=yes],
+ [krb5_cv_header_netdb_h_maxhostnamelen=no])])
+
+GSSRPC__SYS_PARAM_H='/* #include <sys/param.h> */'
+GSSRPC__NETDB_H='/* #include <netdb.h> */'
+if test $krb5_cv_header_sys_param_h_maxhostnamelen = yes; then
+ GSSRPC__SYS_PARAM_H='#include <sys/param.h>'
+else
+ if test $krb5_cv_header_netdb_h_maxhostnamelen = yes; then
+ GSSRPC__NETDB_H='#include <netdb.h>'
+ else
+ AC_MSG_WARN([can't find MAXHOSTNAMELEN definition; faking it])
+ fi
+fi
+AC_SUBST(GSSRPC__SYS_PARAM_H)
+AC_SUBST(GSSRPC__NETDB_H)
+
+AC_CACHE_CHECK([for int32_t in sys/types.h],
+ [krb5_cv_header_sys_types_h_int32_t],
+ [AC_TRY_COMPILE([#include <sys/types.h>],
+ [int32_t i = 0;],
+ [krb5_cv_header_sys_types_h_int32_t=yes],
+ [krb5_cv_header_sys_types_h_int32_t=no])])
+AC_CACHE_CHECK([for int32_t in stdint.h],
+ [krb5_cv_header_stdint_h_int32_t],
+ [AC_TRY_COMPILE([#include <stdint.h>],
+ [int32_t i = 0;],
+ [krb5_cv_header_stdint_h_int32_t=yes],
+ [krb5_cv_header_stdint_h_int32_t=no])])
+AC_CACHE_CHECK([for int32_t in inttypes.h],
+ [krb5_cv_header_inttypes_h_int32_t],
+ [AC_TRY_COMPILE([#include <inttypes.h>],
+ [int32_t i = 0;],
+ [krb5_cv_header_inttypes_h_int32_t=yes],
+ [krb5_cv_header_inttypes_h_int32_t=no])])
+GSSRPC__STDINT_H='/* #include <stdint.h> */'
+GSSRPC__INTTYPES_H='/* #include <inttypes.h> */'
+GSSRPC__FAKE_INT32='/* #undef GSSRPC__FAKE_INT32 */'
+if test $krb5_cv_header_sys_types_h_int32_t = yes; then
+ : # already included sys/types.h
+else
+ if test $krb5_cv_header_stdint_h_int32_t = yes; then
+ GSSRPC__STDINT_H='#include <stdint.h>'
+ else
+ if test $krb5_cv_header_inttypes_h_int_32_t = yes; then
+ GSSRPC__INTTYPES_H='#include <inttypes.h>'
+ else
+ AC_MSG_WARN([can't find a fixed-width 32-bit type anywhere; faking it])
+ GSSRPC__FAKE_INT32='#define GSSRPC__FAKE_INT32 1'
+ fi
+ fi
+fi
+AC_SUBST(GSSRPC__STDINT_H)
+AC_SUBST(GSSRPC__INTTYPES_H)
+AC_SUBST(GSSRPC__FAKE_INT32)
+
+AC_CACHE_CHECK([for BSD type aliases], [krb5_cv_type_bsdaliases],
+ [AC_TRY_COMPILE(
+ [#include <sys/types.h>
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif],
+ [u_char c;
+u_int i;
+u_long l;], [krb5_cv_type_bsdaliases=yes], [krb5_cv_type_bsdaliases=no])])
+if test $krb5_cv_type_bsdaliases = yes; then
+ GSSRPC__BSD_TYPEALIASES='/* #undef GSSRPC__BSD_TYPEALIASES */'
+else
+ GSSRPC__BSD_TYPEALIASES='#define GSSRPC__BSD_TYPEALIASES 1'
+fi
+AC_SUBST(GSSRPC__BSD_TYPEALIASES)
AC_CHECK_FUNCS(strerror)
* don't use gethostbyname, which would invoke yellow pages
*/
int
-gssrpc_get_myaddress(addr)
+get_myaddress(addr)
struct sockaddr_in *addr;
{
memset((void *) addr, 0, sizeof(*addr));
char line[BUFSIZ+1];
char *domain;
} *rpcdata;
-static struct rpcdata *_rpcdata();
+static struct rpcdata *get_rpcdata();
static struct rpcent *interpret();
struct hostent *gethostent();
static char RPCDB[] = "/etc/rpc";
static struct rpcdata *
-_rpcdata()
+get_rpcdata()
{
register struct rpcdata *d = rpcdata;
getrpcbynumber(number)
register int number;
{
- register struct rpcdata *d = _rpcdata();
+ register struct rpcdata *d = get_rpcdata();
register struct rpcent *p;
int reason;
char adrstr[16], *val = NULL;
int
gssrpc_getrpcport(host, prognum, versnum, proto)
char *host;
- rpc_u_int32 prognum, versnum, proto;
+ rpcprog_t prognum;
+ rpcvers_t versnum;
+ rpcprot_t proto;
{
struct sockaddr_in addr;
struct hostent *hp;
static struct timeval timeout = { 5, 0 };
static struct timeval tottimeout = { 60, 0 };
-#define clnt_perror gssrpc_clnt_perror
void clnt_perror();
-#define get_myaddress gssrpc_get_myaddress
-
/*
* Set a mapping between program,version and port.
* Calls the pmap service remotely to do the mapping.
*/
bool_t
pmap_set(program, version, protocol, port)
- rpc_u_int32 program;
- rpc_u_int32 version;
- int protocol;
- int port;
+ rpcprog_t program;
+ rpcvers_t version;
+ rpcprot_t protocol;
+ u_int port;
{
struct sockaddr_in myaddress;
int socket = -1;
*/
bool_t
pmap_unset(program, version)
- rpc_u_int32 program;
- rpc_u_int32 version;
+ rpcprog_t program;
+ rpcvers_t version;
{
struct sockaddr_in myaddress;
int socket = -1;
* Copyright (C) 1984, Sun Microsystems, Inc.
*/
+#ifndef GSSRPC_PMAP_CLNT_H
+#define GSSRPC_PMAP_CLNT_H
+
/*
* Usage:
* success = pmap_set(program, version, protocol, port);
* address if the responder to the broadcast.
*/
-#define pmap_set gssrpc_pmap_set
-#define pmap_unset gssrpc_pmap_unset
-#define pmap_getmaps gssrpc_pmap_getmaps
-#define pmap_rmtcall gssrpc_pmap_rmtcall
-#define clnt_broadcast gssrpc_clnt_broadcast
-#define pmap_getport gssrpc_pmap_getport
-
-extern bool_t pmap_set(rpc_u_int32, rpc_u_int32, int,
- int);
-extern bool_t pmap_unset(rpc_u_int32, rpc_u_int32);
+GSSRPC__BEGIN_DECLS
+extern bool_t pmap_set(rpcprog_t, rpcvers_t, rpcprot_t, u_int);
+extern bool_t pmap_unset(rpcprog_t, rpcvers_t);
extern struct pmaplist *pmap_getmaps(struct sockaddr_in *);
-enum clnt_stat pmap_rmtcall(struct sockaddr_in *, rpc_u_int32,
- rpc_u_int32, rpc_u_int32, xdrproc_t,
+enum clnt_stat pmap_rmtcall(struct sockaddr_in *, rpcprog_t,
+ rpcvers_t, rpcproc_t, xdrproc_t,
caddr_t, xdrproc_t, caddr_t,
- struct timeval, rpc_u_int32 *);
+ struct timeval, rpcport_t *);
typedef bool_t (*resultproc_t)(caddr_t, struct sockaddr_in *);
-enum clnt_stat clnt_broadcast(rpc_u_int32, rpc_u_int32, rpc_u_int32,
+enum clnt_stat clnt_broadcast(rpcprog_t, rpcvers_t, rpcproc_t,
xdrproc_t, caddr_t, xdrproc_t,
caddr_t, resultproc_t);
-extern unsigned short pmap_getport(struct sockaddr_in *,
- rpc_u_int32,
- rpc_u_int32, rpc_u_int32);
+extern u_short pmap_getport(struct sockaddr_in *,
+ rpcprog_t,
+ rpcvers_t, rpcprot_t);
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_PMAP_CLNT_H) */
* Calls the pmap service remotely to do the lookup.
* Returns 0 if no map exists.
*/
-unsigned short
+u_short
pmap_getport(address, program, version, protocol)
struct sockaddr_in *address;
- rpc_u_int32 program;
- rpc_u_int32 version;
- rpc_u_int32 protocol;
+ rpcprog_t program;
+ rpcvers_t version;
+ rpcprot_t protocol;
{
unsigned short port = 0;
int sock = -1;
* TRUE is success, FALSE is failure. Un-registers pair
* [prog, vers]. prot and port are ignored.
*
- * PMAPPROC_GETPORT(struct pmap) returns (rpc_int32 unsigned).
+ * PMAPPROC_GETPORT(struct pmap) returns (u_short).
* 0 is failure. Otherwise returns the port number where the pair
* [prog, vers] is registered. It may lie!
*
* PMAPPROC_DUMP() RETURNS (struct pmaplist *)
*
- * PMAPPROC_CALLIT(unsigned, unsigned, unsigned, string<>)
+ * PMAPPROC_CALLIT(rpcprog_t, rpcvers_t, rpcproc_t, string<>)
* RETURNS (port, string<>);
* usage: encapsulatedresults = PMAPPROC_CALLIT(prog, vers, proc, encapsulatedargs);
* Calls the procedure on the local machine. If it is not registered,
* The service supports remote procedure calls on udp/ip or tcp/ip socket 111.
*/
-#define PMAPPORT ((unsigned short)111)
-#define PMAPPROG ((rpc_u_int32)100000)
-#define PMAPVERS ((rpc_u_int32)2)
-#define PMAPVERS_PROTO ((rpc_u_int32)2)
-#define PMAPVERS_ORIG ((rpc_u_int32)1)
-#define PMAPPROC_NULL ((rpc_u_int32)0)
-#define PMAPPROC_SET ((rpc_u_int32)1)
-#define PMAPPROC_UNSET ((rpc_u_int32)2)
-#define PMAPPROC_GETPORT ((rpc_u_int32)3)
-#define PMAPPROC_DUMP ((rpc_u_int32)4)
-#define PMAPPROC_CALLIT ((rpc_u_int32)5)
+#ifndef GSSRPC_PMAP_PROT_H
+#define GSSRPC_PMAP_PROT_H
+GSSRPC__BEGIN_DECLS
+
+#define PMAPPORT ((u_short)111)
+#define PMAPPROG ((rpcprog_t)100000)
+#define PMAPVERS ((rpcvers_t)2)
+#define PMAPVERS_PROTO ((rpcprot_t)2)
+#define PMAPVERS_ORIG ((rpcvers_t)1)
+#define PMAPPROC_NULL ((rpcproc_t)0)
+#define PMAPPROC_SET ((rpcproc_t)1)
+#define PMAPPROC_UNSET ((rpcproc_t)2)
+#define PMAPPROC_GETPORT ((rpcproc_t)3)
+#define PMAPPROC_DUMP ((rpcproc_t)4)
+#define PMAPPROC_CALLIT ((rpcproc_t)5)
struct pmap {
- rpc_u_int32 pm_prog;
- rpc_u_int32 pm_vers;
- rpc_u_int32 pm_prot;
- rpc_u_int32 pm_port;
+ rpcprog_t pm_prog;
+ rpcvers_t pm_vers;
+ rpcprot_t pm_prot;
+ rpcport_t pm_port;
};
-#define xdr_pmap gssrpc_xdr_pmap
extern bool_t xdr_pmap(XDR *, struct pmap *);
struct pmaplist {
struct pmaplist *pml_next;
};
-#define xdr_pmaplist gssrpc_xdr_pmaplist
extern bool_t xdr_pmaplist(XDR *, struct pmaplist **);
+
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_PMAP_PROT_H) */
if (freeing)
next = &((*rp)->pml_next);
if (! xdr_reference(xdrs, (caddr_t *)rp,
- (unsigned int)sizeof(struct pmaplist), xdr_pmap))
+ (u_int)sizeof(struct pmaplist), xdr_pmap))
return (FALSE);
rp = (freeing) ? next : &((*rp)->pml_next);
}
enum clnt_stat
pmap_rmtcall(addr, prog, vers, proc, xdrargs, argsp, xdrres, resp, tout, port_ptr)
struct sockaddr_in *addr;
- rpc_u_int32 prog, vers, proc;
+ rpcprog_t prog;
+ rpcvers_t vers;
+ rpcproc_t proc;
xdrproc_t xdrargs, xdrres;
caddr_t argsp, resp;
struct timeval tout;
- rpc_u_int32 *port_ptr;
+ rpcport_t *port_ptr;
{
int sock = -1;
register CLIENT *client;
register XDR *xdrs;
register struct rmtcallargs *cap;
{
- unsigned int lenposition, argposition, position;
+ u_int lenposition, argposition, position;
if (xdr_u_int32(xdrs, &(cap->prog)) &&
xdr_u_int32(xdrs, &(cap->vers)) &&
if (! (*(cap->xdr_args))(xdrs, cap->args_ptr))
return (FALSE);
position = XDR_GETPOS(xdrs);
- cap->arglen = (rpc_u_int32)position - (rpc_u_int32)argposition;
+ cap->arglen = (uint32_t)position - (uint32_t)argposition;
XDR_SETPOS(xdrs, lenposition);
if (! xdr_u_int32(xdrs, &(cap->arglen)))
return (FALSE);
caddr_t port_ptr;
port_ptr = (caddr_t)(void *)crp->port_ptr;
- if (xdr_reference(xdrs, &port_ptr, sizeof (rpc_u_int32),
+ if (xdr_reference(xdrs, &port_ptr, sizeof (uint32_t),
xdr_u_int32) && xdr_u_int32(xdrs, &crp->resultslen)) {
- crp->port_ptr = (rpc_u_int32 *)(void *)port_ptr;
+ crp->port_ptr = (uint32_t *)(void *)port_ptr;
return ((*(crp->xdr_results))(xdrs, crp->results_ptr));
}
return (FALSE);
enum clnt_stat
clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult)
- rpc_u_int32 prog; /* program number */
- rpc_u_int32 vers; /* version number */
- rpc_u_int32 proc; /* procedure number */
+ rpcprog_t prog; /* program number */
+ rpcvers_t vers; /* version number */
+ rpcproc_t proc; /* procedure number */
xdrproc_t xargs; /* xdr routine for args */
caddr_t argsp; /* pointer to args */
xdrproc_t xresults; /* xdr routine for results */
#endif /* def FD_SETSIZE */
register int i;
bool_t done = FALSE;
- register rpc_u_int32 xid;
- rpc_u_int32 port;
+ register uint32_t xid;
+ rpcport_t port;
struct in_addr addrs[20];
struct sockaddr_in baddr, raddr; /* broadcast and response addresses */
struct rmtcallargs a;
goto done_broad;
}
recv_again:
- msg.acpted_rply.ar_verf = _null_auth;
+ msg.acpted_rply.ar_verf = gssrpc__null_auth;
msg.acpted_rply.ar_results.where = (caddr_t)&r;
msg.acpted_rply.ar_results.proc = xdr_rmtcallres;
readfds = mask;
t2 = t;
- switch (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set *)NULL,
+ switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL,
(fd_set *)NULL, &t2)) {
case 0: /* timed out */
stat = RPC_CANTRECV;
goto done_broad;
}
- if (inlen < sizeof(rpc_u_int32))
+ if (inlen < sizeof(uint32_t))
goto recv_again;
/*
* see if reply transaction id matches sent id.
* If so, decode the results.
*/
- xdrmem_create(xdrs, inbuf, (unsigned int)inlen, XDR_DECODE);
+ xdrmem_create(xdrs, inbuf, (u_int)inlen, XDR_DECODE);
if (xdr_replymsg(xdrs, &msg)) {
if ((msg.rm_xid == xid) &&
(msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
(msg.acpted_rply.ar_stat == SUCCESS)) {
- raddr.sin_port = htons((unsigned short)port);
+ raddr.sin_port = htons((u_short)port);
done = (*eachresult)(resultsp, &raddr);
}
/* otherwise, we just ignore the errors ... */
* Copyright (C) 1986, Sun Microsystems, Inc.
*/
+#ifndef GSSRPC_PMAP_RMT_H
+#define GSSRPC_PMAP_RMT_H
+GSSRPC__BEGIN_DECLS
+
struct rmtcallargs {
- rpc_u_int32 prog, vers, proc, arglen;
+ rpcprog_t prog;
+ rpcvers_t vers;
+ rpcproc_t proc;
+ uint32_t arglen;
caddr_t args_ptr;
xdrproc_t xdr_args;
};
-#define xdr_rmtcall_args gssrpc_xdr_rmtcall_args
bool_t xdr_rmtcall_args(XDR *, struct rmtcallargs *);
struct rmtcallres {
- rpc_u_int32 *port_ptr;
- rpc_u_int32 resultslen;
+ rpcport_t *port_ptr;
+ uint32_t resultslen;
caddr_t results_ptr;
xdrproc_t xdr_results;
};
-#define xdr_rmtcallres gssrpc_xdr_rmtcallres
bool_t xdr_rmtcallres(XDR *, struct rmtcallres *);
+
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_PMAP_RMT_H) */
--- /dev/null
+/*
+ * lib/rpc/rename.h
+ *
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Namespace mangling for various purposes.
+ *
+ * Symbols in the object code need to be renamed to not conflict with
+ * an OS-provided RPC implementation. Without renaming, the conflicts
+ * can cause problems with things like RPC-enabled NSS
+ * implementations.
+ *
+ * Symbols in headers should not conflict with implementation-reserved
+ * namespace (prefixes "_[A-Z_]" for any purpose; prefix "_"
+ * for file scope identifiers and tag names), or unnecessarily impinge
+ * on user namespace.
+ *
+ * The renaming of the header directory is done to avoid problems when
+ * the OS header files include <rpc/foo.h> and might get ours instead.
+ * OS vendors should replace all the <gssrpc/foo.h> inclusions with
+ * <rpc/foo.h> inclusions, as appropriate. Additionally, vendors
+ * should probably put some symbols into the implementation namespace.
+ *
+ * For example, inclusion protection should change from "GSSRPC_*_H"
+ * to "_RPC_*_H", struct tags should get "__" prefixes, etc.
+ *
+ * This implementation reserves the object code prefix "gssrpc_".
+ * External names in the RPC API not beginning with "_" get renamed
+ * with the prefix "gssrpc_" via #define, e.g., "foo" -> "gssrpc_foo".
+ * External names in the RPC API beginning with "_" get textually
+ * rewritten, with "#if 0"-disabled #defines mapping them back to
+ * their original forms, e.g., "_foo" is rewrittten to "gssrpc__foo"
+ * in the original files, with an unused "#define gssrpc__foo _foo"
+ * here.
+ */
+
+#ifndef GSSRPC_RENAME_H
+#define GSSRPC_RENAME_H
+
+/* auth.h */
+
+#define xdr_des_block gssrpc_xdr_des_block
+
+#define authany_wrap gssrpc_authany_wrap
+#define authany_unwrap gssrpc_authany_unwrap
+
+#define authunix_create gssrpc_authunix_create
+#define authunix_create_default gssrpc_authunix_create_default
+#define authnone_create gssrpc_authnone_create
+#define authdes_create gssrpc_authdes_create
+#define xdr_opaque_auth gssrpc_xdr_opaque_auth
+
+#if 0
+#define gssrpc__null_auth _null_auth
+#endif
+
+/* auth_gss.h */
+
+#define xdr_rpc_gss_cred gssrpc_xdr_rpc_gss_cred
+#define xdr_rpc_gss_init_args gssrpc_xdr_rpc_gss_init_args
+#define xdr_rpc_gss_init_res gssrpc_xdr_rpc_gss_init_res
+#define xdr_rpc_gss_data gssrpc_xdr_rpc_gss_data
+#define xdr_rpc_gss_wrap_data gssrpc_xdr_rpc_gss_wrap_data
+#define xdr_rpc_gss_unwrap_data gssrpc_xdr_rpc_gss_unwrap_data
+
+#define authgss_create gssrpc_authgss_create
+#define authgss_create_default gssrpc_authgss_create_default
+#define authgss_service gssrpc_authgss_service
+
+/* auth_gssapi.h */
+
+#define xdr_gss_buf gssrpc_xdr_gss_buf
+#define xdr_authgssapi_creds gssrpc_xdr_authgssapi_creds
+#define xdr_authgssapi_init_arg gssrpc_xdr_authgssapi_init_arg
+#define xdr_authgssapi_init_res gssrpc_xdr_authgssapi_init_res
+
+#define auth_gssapi_wrap_data gssrpc_auth_gssapi_wrap_data
+#define auth_gssapi_unwrap_data gssrpc_auth_gssapi_unwrap_data
+#define auth_gssapi_create gssrpc_auth_gssapi_create
+#define auth_gssapi_create_default gssrpc_auth_gssapi_create_default
+#define auth_gssapi_display_status gssrpc_auth_gssapi_display_status
+#define auth_gssapi_seal_seq gssrpc_auth_gssapi_seal_seq
+#define auth_gssapi_unseal_seq gssrpc_auth_gssapi_unseal_seq
+
+#define svcauth_gssapi_set_names gssrpc_svcauth_gssapi_set_names
+#define svcauth_gssapi_unset_names gssrpc_svcauth_gssapi_unset_names
+#define svcauth_gssapi_set_log_badauth_func gssrpc_svcauth_gssapi_set_log_badauth_func
+#define svcauth_gssapi_set_log_badverf_func gssrpc_svcauth_gssapi_set_log_badverf_func
+#define svcauth_gssapi_set_log_miscerr_func gssrpc_svcauth_gssapi_set_log_miscerr_func
+
+#if 0
+/* Unfortunately, code outside the library calls these... */
+#define gssrpc__svcauth_gssapi_set_names _svcauth_gssapi_set_names
+#define gssrpc__svcauth_gssapi_unset_names _svcauth_gssapi_unset_names
+#define gssrpc__svcauth_gssapi_set_log_badauth_func \
+ _svcauth_gssapi_set_log_badauth_func
+#define gssrpc__svcauth_gssapi_set_log_badverf_func \
+ _svcauth_gssapi_set_log_badverf_func
+#define gssrpc__svcauth_gssapi_set_log_miscerr_func \
+ _svcauth_gssapi_set_log_miscerr_func
+#endif
+
+/* auth_unix.h */
+
+#define xdr_authunix_parms gssrpc_xdr_authunix_parms
+
+/* clnt.h */
+
+#define clntraw_create gssrpc_clntraw_create
+#define clnt_create gssrpc_clnt_create
+#define clnttcp_create gssrpc_clnttcp_create
+#define clntudp_create gssrpc_clntudp_create
+#define clntudp_bufcreate gssrpc_clntudp_bufcreate
+#define clnt_pcreateerror gssrpc_clnt_pcreateerror
+#define clnt_spcreateerror gssrpc_clnt_spcreateerror
+#define clnt_perrno gssrpc_clnt_perrno
+#define clnt_perror gssrpc_clnt_perror
+#define clnt_sperror gssrpc_clnt_sperror
+/* XXX do we need to rename the struct? */
+#define rpc_createerr gssrpc_rpc_createrr
+#define clnt_sperrno gssrpc_clnt_sperrno
+
+/* pmap_clnt.h */
+
+#define pmap_set gssrpc_pmap_set
+#define pmap_unset gssrpc_pmap_unset
+#define pmap_getmaps gssrpc_pmap_getmaps
+#define pmap_rmtcall gssrpc_pmap_rmtcall
+#define clnt_broadcast gssrpc_clnt_broadcast
+#define pmap_getport gssrpc_pmap_getport
+
+/* pmap_prot.h */
+
+#define xdr_pmap gssrpc_xdr_pmap
+#define xdr_pmaplist gssrpc_xdr_pmaplist
+
+/* pmap_rmt.h */
+
+#define xdr_rmtcall_args gssrpc_xdr_rmtcall_args
+#define xdr_rmtcallres gssrpc_xdr_rmtcallres
+
+/* rpc.h */
+
+#define get_myaddress gssrpc_get_myaddress
+#define bindresvport gssrpc_bindresvport
+#define callrpc gssrpc_callrpc
+#define getrpcport gssrpc_getrpcport
+
+#if 0
+#define gssrpc__rpc_getdtablesize _rpc_getdtablesize
+#endif
+
+/* rpc_msg.h */
+
+#define xdr_callmsg gssrpc_xdr_callmsg
+#define xdr_callhdr gssrpc_xdr_callhdr
+#define xdr_replymsg gssrpc_xdr_replymsg
+#define xdr_accepted_reply gssrpc_xdr_accepted_reply
+#define xdr_rejected_reply gssrpc_xdr_rejected_reply
+
+#if 0
+#define gssrpc__seterr_reply _seterr_reply
+#endif
+
+/* svc.h */
+
+#define svc_register gssrpc_svc_register
+#define registerrpc gssrpc_registerrpc
+#define svc_unregister gssrpc_svc_unregister
+#define xprt_register gssrpc_xprt_register
+#define xprt_unregister gssrpc_xprt_unregister
+
+#define svc_sendreply gssrpc_svc_sendreply
+#define svcerr_decode gssrpc_svcerr_decode
+#define svcerr_weakauth gssrpc_svcerr_weakauth
+#define svcerr_noproc gssrpc_svcerr_noproc
+#define svcerr_progvers gssrpc_svcerr_progvers
+#define svcerr_auth gssrpc_svcerr_auth
+#define svcerr_noprog gssrpc_svcerr_noprog
+#define svcerr_systemerr gssrpc_svcerr_systemerr
+
+#define svc_maxfd gssrpc_svc_maxfd
+#define svc_fdset gssrpc_svc_fdset
+#define svc_fds gssrpc_svc_fds
+
+#define rpctest_service gssrpc_rpctest_service
+
+#define svc_getreq gssrpc_svc_getreq
+#define svc_getreqset gssrpc_svc_getreqset
+#define svc_getreqset2 gssrpc_svc_getreqset2
+#define svc_run gssrpc_svc_run
+
+#define svcraw_create gssrpc_svcraw_create
+
+#define svcudp_create gssrpc_svcudp_create
+#define svcudp_bufcreate gssrpc_svcudp_bufcreate
+#define svcudp_enablecache gssrpc_svcudp_enablecache
+
+#define svctcp_create gssrpc_svctcp_create
+
+#define svcfd_create gssrpc_svcfd_create
+
+/* svc_auth.h */
+
+#define svc_auth_none_ops gssrpc_svc_auth_none_ops
+#define svc_auth_gssapi_ops gssrpc_svc_auth_gssapi_ops
+#define svc_auth_gss_ops gssrpc_svc_auth_gss_ops
+
+#define svcauth_gss_set_svc_name gssrpc_svcauth_gss_set_svc_name
+#define svcauth_gss_get_principal gssrpc_svcauth_gss_get_principal
+
+#if 0
+#define gssrpc__authenticate _authenticate
+#define gssrpc__svcauth_none _svcauth_none
+#define gssrpc__svcauth_unix _svcauth_unix
+#define gssrpc__svcauth_short _svcauth_short
+#define gssrpc__svcauth_gssapi _svcauth_gssapi
+#define gssrpc__svcauth_gss _svcauth_gss
+#endif
+
+/* svc_auth_none.c */
+
+#define svc_auth_none gssrpc_svc_auth_none
+
+/* xdr.h */
+
+#define xdr_void gssrpc_xdr_void
+#define xdr_int gssrpc_xdr_int
+#define xdr_u_int gssrpc_xdr_u_int
+#define xdr_long gssrpc_xdr_long
+#define xdr_u_long gssrpc_xdr_u_long
+#define xdr_short gssrpc_xdr_short
+#define xdr_u_short gssrpc_xdr_u_short
+#define xdr_bool gssrpc_xdr_bool
+#define xdr_enum gssrpc_xdr_enum
+#define xdr_array gssrpc_xdr_array
+#define xdr_bytes gssrpc_xdr_bytes
+#define xdr_opaque gssrpc_xdr_opaque
+#define xdr_string gssrpc_xdr_string
+#define xdr_union gssrpc_xdr_union
+#define xdr_char gssrpc_xdr_char
+#define xdr_u_char gssrpc_xdr_u_char
+#define xdr_vector gssrpc_xdr_vector
+#define xdr_float gssrpc_xdr_float
+#define xdr_double gssrpc_xdr_double
+#define xdr_reference gssrpc_xdr_reference
+#define xdr_pointer gssrpc_xdr_pointer
+#define xdr_wrapstring gssrpc_xdr_wrapstring
+#define xdr_free gssrpc_xdr_free
+
+#define xdr_netobj gssrpc_xdr_netobj
+#define xdr_int32 gssrpc_xdr_int32
+#define xdr_u_int32 gssrpc_xdr_u_int32
+
+#define xdralloc_create gssrpc_xdralloc_create
+#define xdralloc_release gssrpc_xdralloc_release
+#define xdralloc_getdata gssrpc_xdralloc_getdata
+
+#define xdrmem_create gssrpc_xdrmem_create
+#define xdrstdio_create gssrpc_xdrstdio_create
+#define xdrrec_create gssrpc_xdrrec_create
+#define xdrrec_endofrecord gssrpc_xdrrec_endofrecord
+#define xdrrec_skiprecord gssrpc_xdrrec_skiprecord
+#define xdrrec_eof gssrpc_xdrrec_eof
+
+#endif /* !defined(GSSRPC_RENAME_H) */
*
* Copyright (C) 1984, Sun Microsystems, Inc.
*/
-#ifndef __RPC_HEADER__
-#define __RPC_HEADER__
+#ifndef GSSRPC_RPC_H
+#define GSSRPC_RPC_H
#include <gssrpc/types.h> /* some typedefs */
#include <netinet/in.h>
/* semi-private protocol headers */
#include <gssrpc/rpc_msg.h> /* protocol for rpc messages */
#include <gssrpc/auth_unix.h> /* protocol for unix style cred */
+#include <gssrpc/auth_gss.h> /* RPCSEC_GSS */
/*
* Uncomment-out the next line if you are building the rpc library with
* DES Authentication (see the README file in the secure_rpc/ directory).
*/
-/*#include <gssrpc/auth_des.h> protocol for des style cred */
+#if 0
+#include <gssrpc/auth_des.h> protocol for des style cred
+#endif
/* Server side only remote procedure callee */
#include <gssrpc/svc_auth.h> /* service side authenticator */
* get the local host's IP address without consulting
* name service library functions
*/
-#define get_myaddress gssrpc_get_myaddress
-extern int get_myaddress (struct sockaddr_in *);
-
-#define bindresvport gssrpc_bindresvport
+GSSRPC__BEGIN_DECLS
+extern int get_myaddress(struct sockaddr_in *);
extern int bindresvport(int, struct sockaddr_in *);
+extern int callrpc(char *, rpcprog_t, rpcvers_t, rpcproc_t, xdrproc_t,
+ char *, xdrproc_t , char *);
+extern int getrpcport(char *, rpcprog_t, rpcvers_t, rpcprot_t);
+extern int gssrpc__rpc_dtablesize(void);
+GSSRPC__END_DECLS
-#define callrpc gssrpc_callrpc
-extern int callrpc (char *, rpc_u_int32, rpc_u_int32, rpc_u_int32, xdrproc_t,
- char *, xdrproc_t , char *);
-
-#define getrpcport gssrpc_getrpcport
-extern int getrpcport (char *, rpc_u_int32, rpc_u_int32, rpc_u_int32);
-
-#endif /* ndef __RPC_HEADER__ */
+#endif /* !defined(GSSRPC_RPC_H) */
register XDR *xdrs;
register struct rpc_msg *cmsg;
{
- register rpc_int32 *buf;
+ register rpc_inline_t *buf;
register struct opaque_auth *oa;
if (xdrs->x_op == XDR_ENCODE) {
if (cmsg->rm_call.cb_verf.oa_length > MAX_AUTH_BYTES) {
return (FALSE);
}
- buf = (rpc_int32 *) XDR_INLINE(xdrs, (int) (
+ buf = (rpc_inline_t *) XDR_INLINE(xdrs, (int) (
8 * BYTES_PER_XDR_UNIT
+ RNDUP(cmsg->rm_call.cb_cred.oa_length)
+ 2 * BYTES_PER_XDR_UNIT
if (oa->oa_length) {
memmove((caddr_t)buf, oa->oa_base,
oa->oa_length);
- buf += RNDUP(oa->oa_length) / sizeof (rpc_int32);
+ buf += RNDUP(oa->oa_length) / BYTES_PER_XDR_UNIT;
}
oa = &cmsg->rm_call.cb_verf;
IXDR_PUT_ENUM(buf, oa->oa_flavor);
memmove((caddr_t)buf, oa->oa_base,
oa->oa_length);
/* no real need....
- buf += RNDUP(oa->oa_length) / sizeof (rpc_int32);
+ buf += RNDUP(oa->oa_length) / BYTES_PER_XDR_UNIT;
*/
}
return (TRUE);
}
}
if (xdrs->x_op == XDR_DECODE) {
- buf = (rpc_int32 *) XDR_INLINE(xdrs, 8 * BYTES_PER_XDR_UNIT);
+ buf = (rpc_inline_t *) XDR_INLINE(xdrs, 8 * BYTES_PER_XDR_UNIT);
if (buf != NULL) {
cmsg->rm_xid = IXDR_GET_LONG(buf);
cmsg->rm_direction = IXDR_GET_ENUM(buf, enum msg_type);
oa->oa_base = (caddr_t)
mem_alloc(oa->oa_length);
}
- buf = (rpc_int32 *)
+ buf = (rpc_inline_t *)
XDR_INLINE(xdrs, (int)RNDUP(oa->oa_length));
if (buf == NULL) {
if (xdr_opaque(xdrs, oa->oa_base,
oa->oa_length);
/* no real need....
buf += RNDUP(oa->oa_length) /
- sizeof (rpc_int32);
+ BYTES_PER_XDR_UNIT;
*/
}
}
oa = &cmsg->rm_call.cb_verf;
- buf = (rpc_int32 *)
+ buf = (rpc_inline_t *)
XDR_INLINE(xdrs, 2 * BYTES_PER_XDR_UNIT);
if (buf == NULL) {
if (xdr_enum(xdrs, &oa->oa_flavor) == FALSE ||
oa->oa_base = (caddr_t)
mem_alloc(oa->oa_length);
}
- buf = (rpc_int32 *)
+ buf = (rpc_inline_t *)
XDR_INLINE(xdrs, (int)RNDUP(oa->oa_length));
if (buf == NULL) {
if (xdr_opaque(xdrs, oa->oa_base,
oa->oa_length);
/* no real need...
buf += RNDUP(oa->oa_length) /
- sizeof (rpc_int32);
+ BYTES_PER_XDR_UNIT;
*/
}
}
xdr_u_int32(xdrs, &(cmsg->rm_call.cb_prog)) &&
xdr_u_int32(xdrs, &(cmsg->rm_call.cb_vers)) &&
xdr_u_int32(xdrs, &(cmsg->rm_call.cb_proc)) &&
- gssrpc_xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_cred)) )
- return (gssrpc_xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_verf)));
+ xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_cred)) )
+ return (xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_verf)));
return (FALSE);
}
* Actually initialized to prevent creation of common blocks, which
* can be problematic on some architectures.
*/
-struct opaque_auth _null_auth = {0};
+/* RENAMED: should be _null_auth */
+struct opaque_auth gssrpc__null_auth = {0};
#ifdef FD_SETSIZE
fd_set svc_fdset; /* Will be zeroed in data segment */
int gssrpc_svc_fdset_init = 0;
* expensive system call every time.
*/
int
-_gssrpc_rpc_dtablesize()
+gssrpc__rpc_dtablesize(void)
{
static int size;
* Copyright (C) 1984, Sun Microsystems, Inc.
*/
-#define RPC_MSG_VERSION ((rpc_u_int32) 2)
-#define RPC_SERVICE_PORT ((unsigned short) 2048)
+#ifndef GSSRPC_RPC_MSG_H
+#define GSSRPC_RPC_MSG_H
+
+GSSRPC__BEGIN_DECLS
+
+#define RPC_MSG_VERSION ((uint32_t) 2)
+#define RPC_SERVICE_PORT ((u_short) 2048)
/*
* Bottom up definition of an rpc message.
enum accept_stat ar_stat;
union {
struct {
- rpc_u_int32 low;
- rpc_u_int32 high;
+ rpcvers_t low;
+ rpcvers_t high;
} AR_versions;
struct {
caddr_t where;
enum reject_stat rj_stat;
union {
struct {
- rpc_u_int32 low;
- rpc_u_int32 high;
+ rpcvers_t low;
+ rpcvers_t high;
} RJ_versions;
enum auth_stat RJ_why; /* why authentication did not work */
} ru;
* Body of an rpc request call.
*/
struct call_body {
- rpc_u_int32 cb_rpcvers; /* must be equal to two */
- rpc_u_int32 cb_prog;
- rpc_u_int32 cb_vers;
- rpc_u_int32 cb_proc;
+ rpcvers_t cb_rpcvers; /* must be equal to two */
+ rpcprog_t cb_prog;
+ rpcvers_t cb_vers;
+ rpcproc_t cb_proc;
struct opaque_auth cb_cred;
struct opaque_auth cb_verf; /* protocol specific - provided by client */
};
* The rpc message
*/
struct rpc_msg {
- rpc_u_int32 rm_xid;
+ uint32_t rm_xid;
enum msg_type rm_direction;
union {
struct call_body RM_cmb;
* XDR *xdrs;
* struct rpc_msg *cmsg;
*/
-#define xdr_callmsg gssrpc_xdr_callmsg
extern bool_t xdr_callmsg(XDR *, struct rpc_msg *);
/*
* XDR *xdrs;
* struct rpc_msg *cmsg;
*/
-#define xdr_callhdr gssrpc_xdr_callhdr
extern bool_t xdr_callhdr(XDR *, struct rpc_msg *);
/*
* XDR *xdrs;
* struct rpc_msg *rmsg;
*/
-#define xdr_replymsg gssrpc_xdr_replymsg
extern bool_t xdr_replymsg(XDR *, struct rpc_msg *);
/*
* struct rpc_msg *msg;
* struct rpc_err *error;
*/
-#define _seterr_reply _gssrpc_seterr_reply
-#define sunrpc_seterr_reply _seterr_reply
-extern void _seterr_reply(struct rpc_msg *, struct rpc_err *);
+/*
+ * RENAMED: should be _seterr_reply or __seterr_reply if we can use
+ * reserved namespace.
+ */
+extern void gssrpc__seterr_reply(struct rpc_msg *, struct rpc_err *);
/* XDR the MSG_ACCEPTED part of a reply message union */
-#define xdr_accepted_reply gssrpc_xdr_accepted_reply
extern bool_t xdr_accepted_reply(XDR *, struct accepted_reply *);
/* XDR the MSG_DENIED part of a reply message union */
-#define xdr_rejected_reply gssrpc_xdr_rejected_reply
extern bool_t xdr_rejected_reply(XDR *, struct rejected_reply *);
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_RPC_MSG_H) */
* (see auth.h)
*/
bool_t
-gssrpc_xdr_opaque_auth(xdrs, ap)
+xdr_opaque_auth(xdrs, ap)
register XDR *xdrs;
register struct opaque_auth *ap;
{
* XDR the MSG_ACCEPTED part of a reply message union
*/
bool_t
-gssrpc_xdr_accepted_reply(xdrs, ar)
+xdr_accepted_reply(xdrs, ar)
register XDR *xdrs;
register struct accepted_reply *ar;
{
/* personalized union, rather than calling xdr_union */
- if (! gssrpc_xdr_opaque_auth(xdrs, &(ar->ar_verf)))
+ if (! xdr_opaque_auth(xdrs, &(ar->ar_verf)))
return (FALSE);
if (! xdr_enum(xdrs, (enum_t *)&(ar->ar_stat)))
return (FALSE);
* XDR the MSG_DENIED part of a reply message union
*/
bool_t
-gssrpc_xdr_rejected_reply(xdrs, rr)
+xdr_rejected_reply(xdrs, rr)
register XDR *xdrs;
register struct rejected_reply *rr;
{
}
static struct xdr_discrim reply_dscrm[3] = {
- { (int)MSG_ACCEPTED, gssrpc_xdr_accepted_reply },
- { (int)MSG_DENIED, gssrpc_xdr_rejected_reply },
+ { (int)MSG_ACCEPTED, xdr_accepted_reply },
+ { (int)MSG_DENIED, xdr_rejected_reply },
{ __dontcare__, NULL_xdrproc_t } };
/*
}
/* something's wrong, but we don't know what ... */
error->re_status = RPC_FAILED;
- error->re_lb.s1 = (rpc_int32)MSG_ACCEPTED;
- error->re_lb.s2 = (rpc_int32)acpt_stat;
+ error->re_lb.s1 = (int32_t)MSG_ACCEPTED;
+ error->re_lb.s2 = (int32_t)acpt_stat;
}
static void
}
/* something's wrong, but we don't know what ... */
error->re_status = RPC_FAILED;
- error->re_lb.s1 = (rpc_int32)MSG_DENIED;
- error->re_lb.s2 = (rpc_int32)rjct_stat;
+ error->re_lb.s1 = (int32_t)MSG_DENIED;
+ error->re_lb.s2 = (int32_t)rjct_stat;
}
/*
* given a reply message, fills in the error
*/
void
-sunrpc_seterr_reply(msg, error)
+gssrpc__seterr_reply(msg, error)
register struct rpc_msg *msg;
register struct rpc_err *error;
{
default:
error->re_status = RPC_FAILED;
- error->re_lb.s1 = (rpc_int32)(msg->rm_reply.rp_stat);
+ error->re_lb.s1 = (int32_t)(msg->rm_reply.rp_stat);
break;
}
switch (error->re_status) {
*/
static struct svc_callout {
struct svc_callout *sc_next;
- rpc_u_int32 sc_prog;
- rpc_u_int32 sc_vers;
+ rpcprog_t sc_prog;
+ rpcprog_t sc_vers;
void (*sc_dispatch)();
} *svc_head;
-static struct svc_callout *svc_find(rpc_u_int32, rpc_u_int32,
+static struct svc_callout *svc_find(rpcprog_t, rpcvers_t,
struct svc_callout **);
/* *************** SVCXPRT related stuff **************** */
mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *));
memset(xports, 0, FD_SETSIZE * sizeof(SVCXPRT *));
}
- if (sock < _gssrpc_rpc_dtablesize()) {
+ if (sock < gssrpc__rpc_dtablesize()) {
xports[sock] = xprt;
FD_SET(sock, &svc_fdset);
if (max_xport < sock)
register int sock = xprt->xp_sock;
#ifdef FD_SETSIZE
- if ((sock < _gssrpc_rpc_dtablesize()) && (xports[sock] == xprt)) {
+ if ((sock < gssrpc__rpc_dtablesize()) && (xports[sock] == xprt)) {
xports[sock] = (SVCXPRT *)0;
FD_CLR(sock, &svc_fdset);
if (max_xport <= sock) {
bool_t
svc_register(xprt, prog, vers, dispatch, protocol)
SVCXPRT *xprt;
- rpc_u_int32 prog;
- rpc_u_int32 vers;
+ rpcprog_t prog;
+ rpcvers_t vers;
void (*dispatch)();
int protocol;
{
*/
void
svc_unregister(prog, vers)
- rpc_u_int32 prog;
- rpc_u_int32 vers;
+ rpcprog_t prog;
+ rpcvers_t vers;
{
struct svc_callout *prev;
register struct svc_callout *s;
prev->sc_next = s->sc_next;
}
s->sc_next = NULL_SVC;
- mem_free((char *) s, (unsigned int) sizeof(struct svc_callout));
+ mem_free((char *) s, (u_int) sizeof(struct svc_callout));
/* now unregister the information with the local binder service */
(void)pmap_unset(prog, vers);
}
*/
static struct svc_callout *
svc_find(prog, vers, prev)
- rpc_u_int32 prog;
- rpc_u_int32 vers;
+ rpcprog_t prog;
+ rpcvers_t vers;
struct svc_callout **prev;
{
register struct svc_callout *s, *p;
void
svcerr_progvers(xprt, low_vers, high_vers)
register SVCXPRT *xprt;
- rpc_u_int32 low_vers;
- rpc_u_int32 high_vers;
+ rpcvers_t low_vers;
+ rpcvers_t high_vers;
{
struct rpc_msg rply;
enum xprt_stat stat;
struct rpc_msg msg;
int prog_found;
- rpc_u_int32 low_vers;
- rpc_u_int32 high_vers;
+ rpcvers_t low_vers;
+ rpcvers_t high_vers;
struct svc_req r;
register SVCXPRT *xprt;
register int sock;
r.rq_proc = msg.rm_call.cb_proc;
r.rq_cred = msg.rm_call.cb_cred;
- /* in case _authenticate has been replaced
- with an old-style version */
- r.rq_xprt->xp_auth = &svc_auth_any;
no_dispatch = FALSE;
/* first authenticate the message */
- why=_authenticate(&r, &msg, &no_dispatch);
+ why=gssrpc__authenticate(&r, &msg, &no_dispatch);
if (why != AUTH_OK) {
svcerr_auth(xprt, why);
goto call_done;
/* now match message with a registered service*/
prog_found = FALSE;
- low_vers = (rpc_u_int32) -1L;
+ low_vers = (rpcvers_t) -1L;
high_vers = 0;
for (s = svc_head; s != NULL_SVC; s = s->sc_next) {
if (s->sc_prog == r.rq_prog) {
* Copyright (C) 1984, Sun Microsystems, Inc.
*/
-#ifndef __SVC_HEADER__
-#define __SVC_HEADER__
+#ifndef GSSRPC_SVC_H
+#define GSSRPC_SVC_H
+#include <gssrpc/svc_auth.h>
+
+GSSRPC__BEGIN_DECLS
/*
* This interface must manage two items concerning remote procedure calling:
*
/*
* Server side transport handle
*/
-typedef struct __rpc_svcxprt {
+typedef struct SVCXPRT {
int xp_sock;
- unsigned short xp_port; /* associated port number */
+ u_short xp_port; /* associated port number */
struct xp_ops {
/* receive incomming requests */
- bool_t (*xp_recv)(struct __rpc_svcxprt *, struct rpc_msg *);
+ bool_t (*xp_recv)(struct SVCXPRT *, struct rpc_msg *);
/* get transport status */
- enum xprt_stat (*xp_stat)(struct __rpc_svcxprt *);
+ enum xprt_stat (*xp_stat)(struct SVCXPRT *);
/* get arguments */
- bool_t (*xp_getargs)(struct __rpc_svcxprt *, xdrproc_t,
+ bool_t (*xp_getargs)(struct SVCXPRT *, xdrproc_t,
void *);
/* send reply */
- bool_t (*xp_reply)(struct __rpc_svcxprt *,
+ bool_t (*xp_reply)(struct SVCXPRT *,
struct rpc_msg *);
/* free mem allocated for args */
- bool_t (*xp_freeargs)(struct __rpc_svcxprt *, xdrproc_t,
+ bool_t (*xp_freeargs)(struct SVCXPRT *, xdrproc_t,
void *);
/* destroy this struct */
- void (*xp_destroy)(struct __rpc_svcxprt *);
+ void (*xp_destroy)(struct SVCXPRT *);
} *xp_ops;
int xp_addrlen; /* length of remote address */
struct sockaddr_in xp_raddr; /* remote address */
* Service request
*/
struct svc_req {
- rpc_u_int32 rq_prog; /* service program number */
- rpc_u_int32 rq_vers; /* service protocol version */
- rpc_u_int32 rq_proc; /* the desired procedure */
+ rpcprog_t rq_prog; /* service program number */
+ rpcvers_t rq_vers; /* service protocol version */
+ rpcproc_t rq_proc; /* the desired procedure */
struct opaque_auth rq_cred; /* raw creds from the wire */
void * rq_clntcred; /* read only cooked client cred */
- void * rq_svccred; /* read only cooked svc cred */
+ void * rq_svccred; /* read only svc cred/context */
+ void * rq_clntname; /* read only client name */
SVCXPRT *rq_xprt; /* associated transport */
-
/* The request's auth flavor *should* be here, but the svc_req */
/* isn't passed around everywhere it is necessary. The */
/* transport *is* passed around, so the auth flavor it stored */
*
* svc_register(xprt, prog, vers, dispatch, protocol)
* SVCXPRT *xprt;
- * rpc_u_int32 prog;
- * rpc_u_int32 vers;
+ * rpcprog_t prog;
+ * rpcvers_t vers;
* void (*dispatch)();
* int protocol; like TCP or UDP, zero means do not register
*
* registerrpc(prog, vers, proc, routine, inproc, outproc)
* returns 0 upon success, -1 if error.
*/
-#define svc_register gssrpc_svc_register
-extern bool_t svc_register(SVCXPRT *, rpc_u_int32, rpc_u_int32,
+extern bool_t svc_register(SVCXPRT *, rpcprog_t, rpcvers_t,
void (*)(struct svc_req *, SVCXPRT *), int);
-#define registerrpc gssrpc_registerrpc
-extern int registerrpc(rpc_u_int32, rpc_u_int32, rpc_u_int32,
+extern int registerrpc(rpcprog_t, rpcvers_t, rpcproc_t,
char *(*)(void *),
xdrproc_t, xdrproc_t);
* Service un-registration
*
* svc_unregister(prog, vers)
- * rpc_u_int32 prog;
- * rpc_u_int32 vers;
+ * rpcprog_t prog;
+ * rpcvers_t vers;
*/
-#define svc_unregister gssrpc_svc_unregister
-extern void svc_unregister(rpc_u_int32, rpc_u_int32);
+extern void svc_unregister(rpcprog_t, rpcvers_t);
/*
* Transport registration.
* xprt_register(xprt)
* SVCXPRT *xprt;
*/
-#define xprt_register gssrpc_xprt_register
extern void xprt_register(SVCXPRT *);
/*
* xprt_unregister(xprt)
* SVCXPRT *xprt;
*/
-#define xprt_unregister gssrpc_xprt_unregister
extern void xprt_unregister(SVCXPRT *);
-
-
/*
* When the service routine is called, it must first check to see if
* it knows about the procedure; if not, it should call svcerr_noproc
* deadlock the caller and server processes!
*/
-#define svc_sendreply gssrpc_svc_sendreply
-#define svcerr_decode gssrpc_svcerr_decode
-#define svcerr_weakauth gssrpc_svcerr_weakauth
-#define svcerr_noproc gssrpc_svcerr_noproc
-#define svcerr_progvers gssrpc_svcerr_progvers
-#define svcerr_auth gssrpc_svcerr_auth
-#define svcerr_noprog gssrpc_svcerr_noprog
-#define svcerr_systemerr gssrpc_svcerr_systemerr
-
extern bool_t svc_sendreply(SVCXPRT *, xdrproc_t, caddr_t);
extern void svcerr_decode(SVCXPRT *);
extern void svcerr_weakauth(SVCXPRT *);
extern void svcerr_noproc(SVCXPRT *);
-extern void svcerr_progvers(SVCXPRT *, rpc_u_int32, rpc_u_int32);
+extern void svcerr_progvers(SVCXPRT *, rpcvers_t, rpcvers_t);
extern void svcerr_auth(SVCXPRT *, enum auth_stat);
extern void svcerr_noprog(SVCXPRT *);
extern void svcerr_systemerr(SVCXPRT *);
-
+
/*
* Lowest level dispatching -OR- who owns this process anyway.
* Somebody has to wait for incoming requests and then call the correct
* Global keeper of rpc service descriptors in use
* dynamic; must be inspected before each call to select
*/
-#define svc_fdset gssrpc_svc_fdset
-#define svc_fds gssrpc_svc_fds
+extern int svc_maxfd;
#ifdef FD_SETSIZE
-extern fd_set gssrpc_svc_fdset;
+extern fd_set svc_fdset;
+/* RENAMED */
#define gssrpc_svc_fds gsssrpc_svc_fdset.fds_bits[0] /* compatibility */
#else
-extern int gssrpc_svc_fds;
+extern int svc_fds;
#endif /* def FD_SETSIZE */
/*
* a small program implemented by the svc_rpc implementation itself;
* also see clnt.h for protocol numbers.
*/
-#define rpctest_service gssrpc_rpctest_service
extern void rpctest_service();
-#define svc_getreq gssrpc_svc_getreq
-#define svc_getreqset gssrpc_svc_getreqset
-#define svc_run gssrpc_svc_run
-
extern void svc_getreq(int);
#ifdef FD_SETSIZE
extern void svc_getreqset(fd_set *);/* takes fdset instead of int */
+extern void svc_getreqset2(fd_set *, int);
#else
extern void svc_getreqset(int *);
#endif
/*
* Memory based rpc for testing and timing.
*/
-#define svcraw_create gssrpc_svcraw_create
extern SVCXPRT *svcraw_create(void);
/*
* Udp based rpc.
*/
-#define svcudp_create gssrpc_svcudp_create
-#define svcudp_bufcreate gssrpc_svcudp_bufcreate
-#define svcudp_enablecache gssrpc_svcudp_enablecache
extern SVCXPRT *svcudp_create(int);
-extern SVCXPRT *svcudp_bufcreate(int, unsigned int, unsigned int);
-extern int svcudp_enablecache(SVCXPRT *, rpc_u_int32);
+extern SVCXPRT *svcudp_bufcreate(int, u_int, u_int);
+extern int svcudp_enablecache(SVCXPRT *, uint32_t);
/*
* Tcp based rpc.
*/
-#define svctcp_create gssrpc_svctcp_create
-extern SVCXPRT *svctcp_create(int, unsigned int, unsigned int);
+extern SVCXPRT *svctcp_create(int, u_int, u_int);
/*
* Like svtcp_create(), except the routine takes any *open* UNIX file
* descriptor as its first input.
*/
-#define svcfd_create gssrpc_svcfd_create
extern SVCXPRT *svcfd_create(int, u_int, u_int);
-#endif /* !__SVC_HEADER__ */
+/* XXX add auth_gsapi_log_*? */
+
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_SVC_H) */
*/
static struct svcauthsw_type {
- unsigned int flavor;
+ u_int flavor;
enum auth_stat (*authenticator)(struct svc_req *, struct rpc_msg *,
bool_t *);
} svcauthsw[] = {
- {AUTH_GSSAPI, _svcauth_gssapi}, /* AUTH_GSSAPI */
- {AUTH_NONE, _svcauth_null}, /* AUTH_NULL */
- {AUTH_GSSAPI_COMPAT, _svcauth_gssapi}, /* AUTH_GSSAPI_COMPAT */
- {AUTH_UNIX, _svcauth_unix}, /* AUTH_UNIX */
- {AUTH_SHORT, _svcauth_short}, /* AUTH_SHORT */
+ {AUTH_GSSAPI, gssrpc__svcauth_gssapi}, /* AUTH_GSSAPI */
+ {AUTH_NONE, gssrpc__svcauth_none}, /* AUTH_NONE */
+#if 0
+ {AUTH_GSSAPI_COMPAT, gssrpc__svcauth_gssapi}, /* AUTH_GSSAPI_COMPAT */
+#endif
+ {AUTH_UNIX, gssrpc__svcauth_unix}, /* AUTH_UNIX */
+ {AUTH_SHORT, gssrpc__svcauth_short}, /* AUTH_SHORT */
+ {RPCSEC_GSS, gssrpc__svcauth_gss} /* RPCSEC_GSS */
};
static int svcauthnum = sizeof(svcauthsw) / sizeof(struct svcauthsw_type);
* rqst->rq_client_cred, the cooked credentials.
*/
enum auth_stat
-_authenticate(rqst, msg, no_dispatch)
+gssrpc__authenticate(rqst, msg, no_dispatch)
register struct svc_req *rqst;
struct rpc_msg *msg;
bool_t *no_dispatch;
register int cred_flavor, i;
rqst->rq_cred = msg->rm_call.cb_cred;
- rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
+ rqst->rq_xprt->xp_verf.oa_flavor = gssrpc__null_auth.oa_flavor;
rqst->rq_xprt->xp_verf.oa_length = 0;
cred_flavor = rqst->rq_cred.oa_flavor;
*no_dispatch = FALSE;
return (AUTH_REJECTEDCRED);
}
-
-enum auth_stat
-_svcauth_null(rqst, msg, no_dispatch)
- struct svc_req *rqst;
- struct rpc_msg *msg;
- bool_t *no_dispatch;
-{
- rqst->rq_xprt->xp_auth = &svc_auth_any;
- return (AUTH_OK);
-}
* Interface to server-side authentication flavors.
*/
-typedef struct __rpc_svc_auth {
- struct svc_auth_ops {
- int (*svc_ah_wrap)(struct __rpc_svc_auth *, XDR *, xdrproc_t,
- caddr_t);
- int (*svc_ah_unwrap)(struct __rpc_svc_auth *, XDR *, xdrproc_t,
- caddr_t);
- } *svc_ah_ops;
- void * svc_ah_private;
+#ifndef GSSRPC_SVC_AUTH_H
+#define GSSRPC_SVC_AUTH_H
+
+#include <gssapi/gssapi.h>
+
+GSSRPC__BEGIN_DECLS
+
+struct svc_req;
+
+typedef struct SVCAUTH {
+ struct svc_auth_ops {
+ int (*svc_ah_wrap)(struct SVCAUTH *, XDR *, xdrproc_t,
+ caddr_t);
+ int (*svc_ah_unwrap)(struct SVCAUTH *, XDR *, xdrproc_t,
+ caddr_t);
+ int (*svc_ah_destroy)(struct SVCAUTH *);
+ } *svc_ah_ops;
+ void * svc_ah_private;
} SVCAUTH;
-extern SVCAUTH svc_auth_any;
+extern SVCAUTH svc_auth_none;
-#include <gssrpc/svc.h>
+extern struct svc_auth_ops svc_auth_none_ops;
+extern struct svc_auth_ops svc_auth_gssapi_ops;
+extern struct svc_auth_ops svc_auth_gss_ops;
/*
* Server side authenticator
*/
-#define _authenticate _gssrpc_authenticate
-extern enum auth_stat _authenticate(struct svc_req *rqst, struct rpc_msg *msg,
- bool_t *no_dispatch);
+/* RENAMED: should be _authenticate. */
+extern enum auth_stat gssrpc__authenticate(struct svc_req *rqst,
+ struct rpc_msg *msg, bool_t *no_dispatch);
#define SVCAUTH_WRAP(auth, xdrs, xfunc, xwhere) \
((*((auth)->svc_ah_ops->svc_ah_wrap))(auth, xdrs, xfunc, xwhere))
#define SVCAUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \
((*((auth)->svc_ah_ops->svc_ah_unwrap))(auth, xdrs, xfunc, xwhere))
-
+#define SVCAUTH_DESTROY(auth) \
+ ((*((auth)->svc_ah_ops->svc_ah_destroy))(auth))
-#define _svcauth_null _gssrpc_svcauth_null
-#define _svcauth_unix _gssrpc_svcauth_unix
-#define _svcauth_short _gssrpc_svcauth_short
-#define _svcauth_gssapi _gssrpc_svcauth_gssapi
+/*
+ * Approved way of getting principal of caller
+ */
+char *svcauth_gss_get_principal(SVCAUTH *auth);
+/*
+ * Approved way of setting server principal
+ */
+bool_t svcauth_gss_set_svc_name(gss_name_t name);
+
+#ifdef GSSRPC__IMPL
+
/* no authentication */
-enum auth_stat _svcauth_null(struct svc_req *, struct rpc_msg *, bool_t *);
+/* RENAMED: should be _svcauth_none. */
+enum auth_stat gssrpc__svcauth_none(struct svc_req *,
+ struct rpc_msg *, bool_t *);
/* unix style (uid, gids) */
-enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *, bool_t *);
+/* RENAMED: shoudl be _svcauth_unix. */
+enum auth_stat gssrpc__svcauth_unix(struct svc_req *,
+ struct rpc_msg *, bool_t *);
/* short hand unix style */
-enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *, bool_t *);
+/* RENAMED: should be _svcauth_short. */
+enum auth_stat gssrpc__svcauth_short(struct svc_req *,
+ struct rpc_msg *, bool_t *);
/* GSS-API style */
-enum auth_stat _svcauth_gssapi(struct svc_req *, struct rpc_msg *, bool_t *);
+/* RENAMED: should be _svcauth_gssapi. */
+enum auth_stat gssrpc__svcauth_gssapi(struct svc_req *,
+ struct rpc_msg *, bool_t *);
+/* RPCSEC_GSS */
+enum auth_stat gssrpc__svcauth_gss(struct svc_req *,
+ struct rpc_msg *, bool_t *);
+
+#endif /* defined(GSSRPC__IMPL) */
+
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_SVC_AUTH_H) */
+++ /dev/null
-/*
- * svc_auth_any.c
- * Provides default service-side functions for authentication flavors
- * that do not use all the fields in struct svc_auth_ops.
- *
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
- */
-
-#include <stdio.h>
-#include <gssrpc/rpc.h>
-
-static int svc_authany_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
-
-struct svc_auth_ops svc_auth_any_ops = {
- svc_authany_wrap,
- svc_authany_wrap,
-};
-
-SVCAUTH svc_auth_any = {
- &svc_auth_any_ops,
- NULL,
-};
-
-static int
-svc_authany_wrap(auth, xdrs, xfunc, xwhere)
- SVCAUTH *auth;
- XDR *xdrs;
- xdrproc_t xfunc;
- caddr_t xwhere;
-{
- return (*xfunc)(xdrs, xwhere);
-}
-
-
-
--- /dev/null
+/*
+ svc_auth_gss.c
+
+ Copyright (c) 2000 The Regents of the University of Michigan.
+ All rights reserved.
+
+ Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+ All rights reserved, all wrongs reversed.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ Id: svc_auth_gss.c,v 1.28 2002/10/15 21:29:36 kwc Exp
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <gssrpc/rpc.h>
+#include <gssrpc/auth_gssapi.h>
+#ifdef HAVE_HEIMDAL
+#include <gssapi.h>
+#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
+#else
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#endif
+
+#ifdef DEBUG_GSSAPI
+int svc_debug_gss = DEBUG_GSSAPI;
+#endif
+
+#ifdef SPKM
+
+#ifndef OID_EQ
+#define g_OID_equal(o1,o2) \
+ (((o1)->length == (o2)->length) && \
+ ((o1)->elements != 0) && ((o2)->elements != 0) && \
+ (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0))
+#define OID_EQ 1
+#endif /* OID_EQ */
+
+extern const gss_OID_desc * const gss_mech_spkm3;
+
+#endif /* SPKM */
+
+extern SVCAUTH svc_auth_none;
+
+/*
+ * from mit-krb5-1.2.1 mechglue/mglueP.h:
+ * Array of context IDs typed by mechanism OID
+ */
+typedef struct gss_union_ctx_id_t {
+ gss_OID mech_type;
+ gss_ctx_id_t internal_ctx_id;
+} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
+
+
+static auth_gssapi_log_badauth_func log_badauth = NULL;
+static caddr_t log_badauth_data = NULL;
+static auth_gssapi_log_badverf_func log_badverf = NULL;
+static caddr_t log_badverf_data = NULL;
+static auth_gssapi_log_miscerr_func log_miscerr = NULL;
+static caddr_t log_miscerr_data = NULL;
+
+#define LOG_MISCERR(arg) if (log_miscerr) \
+ (*log_miscerr)(rqst, msg, arg, log_miscerr_data)
+
+static bool_t svcauth_gss_destroy(SVCAUTH *);
+static bool_t svcauth_gss_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t svcauth_gss_unwrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
+
+static bool_t svcauth_gss_nextverf(struct svc_req *, u_int);
+
+struct svc_auth_ops svc_auth_gss_ops = {
+ svcauth_gss_wrap,
+ svcauth_gss_unwrap,
+ svcauth_gss_destroy
+};
+
+struct svc_rpc_gss_data {
+ bool_t established; /* context established */
+ gss_ctx_id_t ctx; /* context id */
+ struct rpc_gss_sec sec; /* security triple */
+ gss_buffer_desc cname; /* GSS client name */
+ u_int seq; /* sequence number */
+ u_int win; /* sequence window */
+ u_int seqlast; /* last sequence number */
+ uint32_t seqmask; /* bitmask of seqnums */
+ gss_name_t client_name; /* unparsed name string */
+ gss_buffer_desc checksum; /* so we can free it */
+};
+
+#define SVCAUTH_PRIVATE(auth) \
+ (*(struct svc_rpc_gss_data **)&(auth)->svc_ah_private)
+
+/* Global server credentials. */
+gss_cred_id_t svcauth_gss_creds;
+static gss_name_t svcauth_gss_name = NULL;
+
+bool_t
+svcauth_gss_set_svc_name(gss_name_t name)
+{
+ OM_uint32 maj_stat, min_stat;
+
+ log_debug("in svcauth_gss_set_svc_name()");
+
+ if (svcauth_gss_name != NULL) {
+ maj_stat = gss_release_name(&min_stat, &svcauth_gss_name);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_release_name", maj_stat, min_stat);
+ return (FALSE);
+ }
+ svcauth_gss_name = NULL;
+ }
+ if (svcauth_gss_name == GSS_C_NO_NAME)
+ return (TRUE);
+
+ maj_stat = gss_duplicate_name(&min_stat, name, &svcauth_gss_name);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_duplicate_name", maj_stat, min_stat);
+ return (FALSE);
+ }
+
+ return (TRUE);
+}
+
+static bool_t
+svcauth_gss_import_name(char *service)
+{
+ gss_name_t name;
+ gss_buffer_desc namebuf;
+ OM_uint32 maj_stat, min_stat;
+
+ log_debug("in svcauth_gss_import_name()");
+
+ namebuf.value = service;
+ namebuf.length = strlen(service);
+
+ maj_stat = gss_import_name(&min_stat, &namebuf,
+ (gss_OID)gss_nt_service_name, &name);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_import_name", maj_stat, min_stat);
+ return (FALSE);
+ }
+ if (svcauth_gss_set_svc_name(name) != TRUE) {
+ gss_release_name(&min_stat, &name);
+ return (FALSE);
+ }
+ return (TRUE);
+}
+
+static bool_t
+svcauth_gss_acquire_cred(void)
+{
+ OM_uint32 maj_stat, min_stat;
+
+ log_debug("in svcauth_gss_acquire_cred()");
+
+ maj_stat = gss_acquire_cred(&min_stat, svcauth_gss_name, 0,
+ GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
+ &svcauth_gss_creds, NULL, NULL);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_acquire_cred", maj_stat, min_stat);
+ return (FALSE);
+ }
+ return (TRUE);
+}
+
+static bool_t
+svcauth_gss_release_cred(void)
+{
+ OM_uint32 maj_stat, min_stat;
+
+ log_debug("in svcauth_gss_release_cred()");
+
+ maj_stat = gss_release_cred(&min_stat, &svcauth_gss_creds);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_release_cred", maj_stat, min_stat);
+ return (FALSE);
+ }
+
+ svcauth_gss_creds = NULL;
+
+ return (TRUE);
+}
+
+static bool_t
+svcauth_gss_accept_sec_context(struct svc_req *rqst,
+ struct rpc_gss_init_res *gr)
+{
+ struct svc_rpc_gss_data *gd;
+ struct rpc_gss_cred *gc;
+ gss_buffer_desc recv_tok, seqbuf;
+ gss_OID mech;
+ OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq;
+
+ log_debug("in svcauth_gss_accept_context()");
+
+ gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
+ gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
+ memset(gr, 0, sizeof(*gr));
+
+ /* Deserialize arguments. */
+ memset(&recv_tok, 0, sizeof(recv_tok));
+
+ if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args,
+ (caddr_t)&recv_tok))
+ return (FALSE);
+
+ gr->gr_major = gss_accept_sec_context(&gr->gr_minor,
+ &gd->ctx,
+ svcauth_gss_creds,
+ &recv_tok,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &gd->client_name,
+ &mech,
+ &gr->gr_token,
+ &ret_flags,
+ NULL,
+ NULL);
+
+ svc_freeargs(rqst->rq_xprt, xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
+
+ log_status("accept_sec_context", gr->gr_major, gr->gr_minor);
+ if (gr->gr_major != GSS_S_COMPLETE &&
+ gr->gr_major != GSS_S_CONTINUE_NEEDED) {
+ if (log_badauth != NULL) {
+ (*log_badauth)(gr->gr_major,
+ gr->gr_minor,
+ &rqst->rq_xprt->xp_raddr,
+ log_badauth_data);
+ }
+ gd->ctx = GSS_C_NO_CONTEXT;
+ goto errout;
+ }
+ /*
+ * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers,
+ * one to the mechanism oid, one to the internal_ctx_id
+ */
+ if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) {
+ fprintf(stderr, "svcauth_gss_accept_context: out of memory\n");
+ goto errout;
+ }
+ memcpy(gr->gr_ctx.value, gd->ctx, sizeof(gss_union_ctx_id_desc));
+ gr->gr_ctx.length = sizeof(gss_union_ctx_id_desc);
+
+ /* gr->gr_win = 0x00000005; ANDROS: for debugging linux kernel version... */
+ gr->gr_win = sizeof(gd->seqmask) * 8;
+
+ /* Save client info. */
+ gd->sec.mech = mech;
+ gd->sec.qop = GSS_C_QOP_DEFAULT;
+ gd->sec.svc = gc->gc_svc;
+ gd->seq = gc->gc_seq;
+ gd->win = gr->gr_win;
+
+ if (gr->gr_major == GSS_S_COMPLETE) {
+#ifdef SPKM
+ /* spkm3: no src_name (anonymous) */
+ if(!g_OID_equal(gss_mech_spkm3, mech)) {
+#endif
+ maj_stat = gss_display_name(&min_stat, gd->client_name,
+ &gd->cname, &gd->sec.mech);
+#ifdef SPKM
+ }
+#endif
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("display_name", maj_stat, min_stat);
+ goto errout;
+ }
+#ifdef DEBUG
+#ifdef HAVE_HEIMDAL
+ log_debug("accepted context for %.*s with "
+ "<mech {}, qop %d, svc %d>",
+ gd->cname.length, (char *)gd->cname.value,
+ gd->sec.qop, gd->sec.svc);
+#else
+ {
+ gss_buffer_desc mechname;
+
+ gss_oid_to_str(&min_stat, mech, &mechname);
+
+ log_debug("accepted context for %.*s with "
+ "<mech %.*s, qop %d, svc %d>",
+ gd->cname.length, (char *)gd->cname.value,
+ mechname.length, (char *)mechname.value,
+ gd->sec.qop, gd->sec.svc);
+
+ gss_release_buffer(&min_stat, &mechname);
+ }
+#endif
+#endif /* DEBUG */
+ seq = htonl(gr->gr_win);
+ seqbuf.value = &seq;
+ seqbuf.length = sizeof(seq);
+
+ gss_release_buffer(&min_stat, &gd->checksum);
+ maj_stat = gss_sign(&min_stat, gd->ctx, GSS_C_QOP_DEFAULT,
+ &seqbuf, &gd->checksum);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ goto errout;
+ }
+
+
+ rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
+ rqst->rq_xprt->xp_verf.oa_base = gd->checksum.value;
+ rqst->rq_xprt->xp_verf.oa_length = gd->checksum.length;
+ }
+ return (TRUE);
+errout:
+ gss_release_buffer(&min_stat, &gr->gr_token);
+ return (FALSE);
+}
+
+static bool_t
+svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
+{
+ struct opaque_auth *oa;
+ gss_buffer_desc rpcbuf, checksum;
+ OM_uint32 maj_stat, min_stat, qop_state;
+ u_char rpchdr[128];
+ int32_t *buf;
+
+ log_debug("in svcauth_gss_validate()");
+
+ memset(rpchdr, 0, sizeof(rpchdr));
+
+ /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
+ buf = (int32_t *)(void *)rpchdr;
+ IXDR_PUT_LONG(buf, msg->rm_xid);
+ IXDR_PUT_ENUM(buf, msg->rm_direction);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
+ oa = &msg->rm_call.cb_cred;
+ IXDR_PUT_ENUM(buf, oa->oa_flavor);
+ IXDR_PUT_LONG(buf, oa->oa_length);
+ if (oa->oa_length) {
+ memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
+ buf += RNDUP(oa->oa_length) / sizeof(int32_t);
+ }
+ rpcbuf.value = rpchdr;
+ rpcbuf.length = (u_char *)buf - rpchdr;
+
+ checksum.value = msg->rm_call.cb_verf.oa_base;
+ checksum.length = msg->rm_call.cb_verf.oa_length;
+
+ maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum,
+ &qop_state);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_verify_mic", maj_stat, min_stat);
+ if (log_badverf != NULL)
+ (*log_badverf)(gd->client_name,
+ svcauth_gss_name,
+ rqst, msg, log_badverf_data);
+ return (FALSE);
+ }
+ return (TRUE);
+}
+
+static bool_t
+svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
+{
+ struct svc_rpc_gss_data *gd;
+ gss_buffer_desc signbuf;
+ OM_uint32 maj_stat, min_stat;
+
+ log_debug("in svcauth_gss_nextverf()");
+
+ if (rqst->rq_xprt->xp_auth == NULL)
+ return (FALSE);
+
+ gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
+
+ gss_release_buffer(&min_stat, &gd->checksum);
+
+ signbuf.value = #
+ signbuf.length = sizeof(num);
+
+ maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
+ &signbuf, &gd->checksum);
+
+ if (maj_stat != GSS_S_COMPLETE) {
+ log_status("gss_get_mic", maj_stat, min_stat);
+ return (FALSE);
+ }
+ rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
+ rqst->rq_xprt->xp_verf.oa_base = (caddr_t)gd->checksum.value;
+ rqst->rq_xprt->xp_verf.oa_length = (u_int)gd->checksum.length;
+
+ return (TRUE);
+}
+
+enum auth_stat
+gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
+ bool_t *no_dispatch)
+{
+ enum auth_stat retstat;
+ XDR xdrs;
+ SVCAUTH *auth;
+ struct svc_rpc_gss_data *gd;
+ struct rpc_gss_cred *gc;
+ struct rpc_gss_init_res gr;
+ int call_stat, offset;
+ OM_uint32 min_stat;
+
+ log_debug("in svcauth_gss()");
+
+ /* Initialize reply. */
+ rqst->rq_xprt->xp_verf = gssrpc__null_auth;
+
+ /* Allocate and set up server auth handle. */
+ if (rqst->rq_xprt->xp_auth == NULL ||
+ rqst->rq_xprt->xp_auth == &svc_auth_none) {
+ if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
+ fprintf(stderr, "svcauth_gss: out_of_memory\n");
+ return (AUTH_FAILED);
+ }
+ if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
+ fprintf(stderr, "svcauth_gss: out_of_memory\n");
+ return (AUTH_FAILED);
+ }
+ auth->svc_ah_ops = &svc_auth_gss_ops;
+ SVCAUTH_PRIVATE(auth) = gd;
+ rqst->rq_xprt->xp_auth = auth;
+ }
+ else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
+
+ log_debug("xp_auth=%p, gd=%p", rqst->rq_xprt->xp_auth, gd);
+
+ /* Deserialize client credentials. */
+ if (rqst->rq_cred.oa_length <= 0)
+ return (AUTH_BADCRED);
+
+ gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
+ memset(gc, 0, sizeof(*gc));
+
+ xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
+ rqst->rq_cred.oa_length, XDR_DECODE);
+
+ if (!xdr_rpc_gss_cred(&xdrs, gc)) {
+ XDR_DESTROY(&xdrs);
+ return (AUTH_BADCRED);
+ }
+ XDR_DESTROY(&xdrs);
+
+ retstat = AUTH_FAILED;
+
+#define ret_freegc(code) do { retstat = code; goto freegc; } while (0)
+
+ /* Check version. */
+ if (gc->gc_v != RPCSEC_GSS_VERSION)
+ ret_freegc (AUTH_BADCRED);
+
+ /* Check RPCSEC_GSS service. */
+ if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
+ gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
+ ret_freegc (AUTH_BADCRED);
+
+ /* Check sequence number. */
+ if (gd->established) {
+ if (gc->gc_seq > MAXSEQ)
+ ret_freegc (RPCSEC_GSS_CTXPROBLEM);
+
+ if ((offset = gd->seqlast - gc->gc_seq) < 0) {
+ gd->seqlast = gc->gc_seq;
+ offset = 0 - offset;
+ gd->seqmask <<= offset;
+ offset = 0;
+ }
+ else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
+ *no_dispatch = 1;
+ ret_freegc (RPCSEC_GSS_CTXPROBLEM);
+ }
+ gd->seq = gc->gc_seq;
+ gd->seqmask |= (1 << offset);
+ }
+
+ if (gd->established) {
+ rqst->rq_clntname = (char *)gd->client_name;
+ rqst->rq_svccred = (char *)gd->ctx;
+ }
+
+ /* Handle RPCSEC_GSS control procedure. */
+ switch (gc->gc_proc) {
+
+ case RPCSEC_GSS_INIT:
+ case RPCSEC_GSS_CONTINUE_INIT:
+ if (rqst->rq_proc != NULLPROC)
+ ret_freegc (AUTH_FAILED); /* XXX ? */
+
+ if (!svcauth_gss_acquire_cred())
+ ret_freegc (AUTH_FAILED);
+
+ if (!svcauth_gss_accept_sec_context(rqst, &gr))
+ ret_freegc (AUTH_REJECTEDCRED);
+
+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
+ gss_release_buffer(&min_stat, &gr.gr_token);
+ mem_free(gr.gr_ctx.value,
+ sizeof(gss_union_ctx_id_desc));
+ ret_freegc (AUTH_FAILED);
+ }
+ *no_dispatch = TRUE;
+
+ call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res,
+ (caddr_t)&gr);
+
+ gss_release_buffer(&min_stat, &gr.gr_token);
+ gss_release_buffer(&min_stat, &gd->checksum);
+ mem_free(gr.gr_ctx.value, sizeof(gss_union_ctx_id_desc));
+ if (!call_stat)
+ ret_freegc (AUTH_FAILED);
+
+ if (gr.gr_major == GSS_S_COMPLETE)
+ gd->established = TRUE;
+
+ break;
+
+ case RPCSEC_GSS_DATA:
+ if (!svcauth_gss_validate(rqst, gd, msg))
+ ret_freegc (RPCSEC_GSS_CREDPROBLEM);
+
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
+ ret_freegc (AUTH_FAILED);
+ break;
+
+ case RPCSEC_GSS_DESTROY:
+ if (rqst->rq_proc != NULLPROC)
+ ret_freegc (AUTH_FAILED); /* XXX ? */
+
+ if (!svcauth_gss_validate(rqst, gd, msg))
+ ret_freegc (RPCSEC_GSS_CREDPROBLEM);
+
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
+ ret_freegc (AUTH_FAILED);
+
+ *no_dispatch = TRUE;
+
+ call_stat = svc_sendreply(rqst->rq_xprt,
+ xdr_void, (caddr_t)NULL);
+
+ log_debug("sendreply in destroy: %d", call_stat);
+
+ if (!svcauth_gss_release_cred())
+ ret_freegc (AUTH_FAILED);
+
+ SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
+ rqst->rq_xprt->xp_auth = &svc_auth_none;
+
+ break;
+
+ default:
+ ret_freegc (AUTH_REJECTEDCRED);
+ break;
+ }
+ retstat = AUTH_OK;
+freegc:
+ xdr_free(xdr_rpc_gss_cred, gc);
+ return (retstat);
+}
+
+static bool_t
+svcauth_gss_destroy(SVCAUTH *auth)
+{
+ struct svc_rpc_gss_data *gd;
+ OM_uint32 min_stat;
+
+ log_debug("in svcauth_gss_destroy()");
+
+ gd = SVCAUTH_PRIVATE(auth);
+
+ gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER);
+ gss_release_buffer(&min_stat, &gd->cname);
+ gss_release_buffer(&min_stat, &gd->checksum);
+
+ if (gd->client_name)
+ gss_release_name(&min_stat, &gd->client_name);
+
+ mem_free(gd, sizeof(*gd));
+ mem_free(auth, sizeof(*auth));
+
+ return (TRUE);
+}
+
+static bool_t
+svcauth_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
+{
+ struct svc_rpc_gss_data *gd;
+
+ log_debug("in svcauth_gss_wrap()");
+
+ gd = SVCAUTH_PRIVATE(auth);
+
+ if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
+ return ((*xdr_func)(xdrs, xdr_ptr));
+ }
+ return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
+ gd->ctx, gd->sec.qop,
+ gd->sec.svc, gd->seq));
+}
+
+static bool_t
+svcauth_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
+{
+ struct svc_rpc_gss_data *gd;
+
+ log_debug("in svcauth_gss_unwrap()");
+
+ gd = SVCAUTH_PRIVATE(auth);
+
+ if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
+ return ((*xdr_func)(xdrs, xdr_ptr));
+ }
+ return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
+ gd->ctx, gd->sec.qop,
+ gd->sec.svc, gd->seq));
+}
+
+char *
+svcauth_gss_get_principal(SVCAUTH *auth)
+{
+ struct svc_rpc_gss_data *gd;
+ char *pname;
+
+ gd = SVCAUTH_PRIVATE(auth);
+
+ if (gd->cname.length == 0)
+ return (NULL);
+
+ if ((pname = malloc(gd->cname.length + 1)) == NULL)
+ return (NULL);
+
+ memcpy(pname, gd->cname.value, gd->cname.length);
+ pname[gd->cname.length] = '\0';
+
+ return (pname);
+}
+
+/*
+ * Function: svcauth_gss_set_log_badauth_func
+ *
+ * Purpose: sets the logging function called when an invalid RPC call
+ * arrives
+ *
+ * See functional specifications.
+ */
+void svcauth_gss_set_log_badauth_func
+ (func, data)
+ auth_gssapi_log_badauth_func func;
+ caddr_t data;
+{
+ log_badauth = func;
+ log_badauth_data = data;
+}
+
+/*
+ * Function: svcauth_gss_set_log_badverf_func
+ *
+ * Purpose: sets the logging function called when an invalid RPC call
+ * arrives
+ *
+ * See functional specifications.
+ */
+void svcauth_gss_set_log_badverf_func
+ (func, data)
+ auth_gssapi_log_badverf_func func;
+ caddr_t data;
+{
+ log_badverf = func;
+ log_badverf_data = data;
+}
+
+/*
+ * Function: svcauth_gss_set_log_miscerr_func
+ *
+ * Purpose: sets the logging function called when a miscellaneous
+ * AUTH_GSSAPI error occurs
+ *
+ * See functional specifications.
+ */
+void svcauth_gss_set_log_miscerr_func
+ (func, data)
+ auth_gssapi_log_miscerr_func func;
+ caddr_t data;
+{
+ log_miscerr = func;
+ log_miscerr_data = data;
+}
gss_name_t client_name, server_name;
gss_cred_id_t server_creds;
- rpc_u_int32 expiration;
- rpc_u_int32 seq_num;
- rpc_u_int32 key;
+ uint32_t expiration;
+ uint32_t seq_num;
+ uint32_t key;
SVCAUTH svcauth;
static bool_t svc_auth_gssapi_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
static bool_t svc_auth_gssapi_unwrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t svc_auth_gssapi_destroy(SVCAUTH *);
+
static svc_auth_gssapi_data *create_client(void);
static svc_auth_gssapi_data *get_client
(gss_buffer_t client_handle);
(svc_auth_gssapi_data *client_data);
static void clean_client(void), cleanup(void);
static void client_expire
- (svc_auth_gssapi_data *client_data, rpc_u_int32 exp);
+ (svc_auth_gssapi_data *client_data, uint32_t exp);
static void dump_db (char *msg);
struct svc_auth_ops svc_auth_gssapi_ops = {
svc_auth_gssapi_wrap,
svc_auth_gssapi_unwrap,
+ svc_auth_gssapi_destroy
};
/*
static client_list *clients = NULL;
-enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch)
+enum auth_stat gssrpc__svcauth_gssapi(rqst, msg, no_dispatch)
register struct svc_req *rqst;
register struct rpc_msg *msg;
bool_t *no_dispatch;
int i;
enum auth_stat ret;
OM_uint32 ret_flags;
- rpc_u_int32 seq_num;
+ uint32_t seq_num;
PRINTF(("svcauth_gssapi: starting\n"));
clean_client();
/* use AUTH_NONE until there is a client_handle */
- rqst->rq_xprt->xp_auth = &svc_auth_any;
+ rqst->rq_xprt->xp_auth = &svc_auth_none;
memset((char *) &call_res, 0, sizeof(call_res));
if (! xdr_authgssapi_creds(&xdrs, &creds)) {
PRINTF(("svcauth_gssapi: failed decoding creds\n"));
LOG_MISCERR("protocol error in client credentials");
- gssrpc_xdr_free(xdr_authgssapi_creds, &creds);
+ xdr_free(xdr_authgssapi_creds, &creds);
XDR_DESTROY(&xdrs);
ret = AUTH_BADCRED;
goto error;
if (creds.auth_msg && rqst->rq_proc == AUTH_GSSAPI_EXIT) {
PRINTF(("svcauth_gssapi: GSSAPI_EXIT, cleaning up\n"));
svc_sendreply(rqst->rq_xprt, xdr_void, NULL);
- gssrpc_xdr_free(xdr_authgssapi_creds, &creds);
+ xdr_free(xdr_authgssapi_creds, &creds);
cleanup();
exit(0);
}
}
PRINTF(("svcauth_gssapi: incoming client_handle %d, len %d\n",
- *((rpc_u_int32 *) creds.client_handle.value),
+ *((uint32_t *) creds.client_handle.value),
(int) creds.client_handle.length));
client_data = get_client(&creds.client_handle);
minor_stat = call_res.gss_minor;
/* done with call args */
- gssrpc_xdr_free(xdr_authgssapi_init_arg, &call_arg);
+ xdr_free(xdr_authgssapi_init_arg, &call_arg);
PRINTF(("svcauth_gssapi: accept_sec_context returned %#x\n",
call_res.gss_major));
&call_arg)) {
PRINTF(("svcauth_gssapi: cannot decode args\n"));
LOG_MISCERR("protocol error in call arguments");
- gssrpc_xdr_free(xdr_authgssapi_init_arg, &call_arg);
+ xdr_free(xdr_authgssapi_init_arg, &call_arg);
ret = AUTH_BADCRED;
goto error;
}
&call_arg.token);
/* done with call args */
- gssrpc_xdr_free(xdr_authgssapi_init_arg, &call_arg);
+ xdr_free(xdr_authgssapi_init_arg, &call_arg);
if (gssstat != GSS_S_COMPLETE) {
AUTH_GSSAPI_DISPLAY_STATUS(("processing token",
*no_dispatch = TRUE;
destroy_client(client_data);
+ rqst->rq_xprt->xp_auth = NULL;
break;
default:
if (creds.client_handle.length != 0) {
PRINTF(("svcauth_gssapi: freeing client_handle len %d\n",
(int) creds.client_handle.length));
- gssrpc_xdr_free(xdr_authgssapi_creds, &creds);
+ xdr_free(xdr_authgssapi_creds, &creds);
}
PRINTF(("\n"));
if (creds.client_handle.length != 0) {
PRINTF(("svcauth_gssapi: freeing client_handle len %d\n",
(int) creds.client_handle.length));
- gssrpc_xdr_free(xdr_authgssapi_creds, &creds);
+ xdr_free(xdr_authgssapi_creds, &creds);
}
PRINTF(("\n"));
*/
static void client_expire(client_data, exp)
svc_auth_gssapi_data *client_data;
- rpc_u_int32 exp;
+ uint32_t exp;
{
client_data->expiration = exp;
}
gss_buffer_t client_handle;
{
client_list *c;
- rpc_u_int32 handle;
+ uint32_t handle;
memcpy(&handle, client_handle->value, 4);
}
/*
- * Function: _svcauth_gssapi_set_names
+ * Function: svcauth_gssapi_set_names
*
* Purpose: Sets the list of service names for which incoming
* authentication requests should be honored.
*
* See functional specifications.
*/
-bool_t _svcauth_gssapi_set_names(names, num)
+bool_t svcauth_gssapi_set_names(names, num)
auth_gssapi_name *names;
int num;
{
for (i = 0; i < num; i++) {
in_buf.value = names[i].name;
in_buf.length = strlen(in_buf.value) + 1;
-
+
+ PRINTF(("svcauth_gssapi_set_names: importing %s\n", in_buf.value));
+
gssstat = gss_import_name(&minor_stat, &in_buf, names[i].type,
&server_name_list[i]);
return TRUE;
fail:
- _svcauth_gssapi_unset_names();
+ svcauth_gssapi_unset_names();
return FALSE;
}
-/* Function: _svcauth_gssapi_unset_names
+/* Function: svcauth_gssapi_unset_names
*
* Purpose: releases the names and credentials allocated by
- * _svcauth_gssapi_set_names
+ * svcauth_gssapi_set_names
*/
-void _svcauth_gssapi_unset_names()
+void svcauth_gssapi_unset_names()
{
int i;
OM_uint32 minor_stat;
/*
- * Function: _svcauth_gssapi_set_log_badauth_func
+ * Function: svcauth_gssapi_set_log_badauth_func
*
* Purpose: sets the logging function called when an invalid RPC call
* arrives
*
* See functional specifications.
*/
-void _svcauth_gssapi_set_log_badauth_func
+void svcauth_gssapi_set_log_badauth_func
(func, data)
auth_gssapi_log_badauth_func func;
caddr_t data;
}
/*
- * Function: _svcauth_gssapi_set_log_badverf_func
+ * Function: svcauth_gssapi_set_log_badverf_func
*
* Purpose: sets the logging function called when an invalid RPC call
* arrives
*
* See functional specifications.
*/
-void _svcauth_gssapi_set_log_badverf_func
+void svcauth_gssapi_set_log_badverf_func
(func, data)
auth_gssapi_log_badverf_func func;
caddr_t data;
}
/*
- * Function: _svcauth_gssapi_set_log_miscerr_func
+ * Function: svcauth_gssapi_set_log_miscerr_func
*
* Purpose: sets the logging function called when a miscellaneous
* AUTH_GSSAPI error occurs
*
* See functional specifications.
*/
-void _svcauth_gssapi_set_log_miscerr_func
+void svcauth_gssapi_set_log_miscerr_func
(func, data)
auth_gssapi_log_miscerr_func func;
caddr_t data;
} else
return TRUE;
}
+
+static bool_t svc_auth_gssapi_destroy(auth)
+ SVCAUTH *auth;
+{
+ svc_auth_gssapi_data *client_data = SVCAUTH_PRIVATE(auth);
+
+ destroy_client(client_data);
+ return TRUE;
+}
--- /dev/null
+/*
+ svc_auth_none.c
+
+ Copyright (c) 2000 The Regents of the University of Michigan.
+ All rights reserved.
+
+ Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+ All rights reserved, all wrongs reversed.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ Id: svc_auth_none.c,v 1.1 2000/08/24 20:51:34 dugsong Exp
+ */
+
+#include <gssrpc/rpc.h>
+
+static bool_t svcauth_none_destroy(SVCAUTH *);
+static bool_t svcauth_none_wrap(SVCAUTH *, XDR *, xdrproc_t,
+ caddr_t);
+
+struct svc_auth_ops svc_auth_none_ops = {
+ svcauth_none_wrap,
+ svcauth_none_wrap,
+ svcauth_none_destroy
+};
+
+SVCAUTH svc_auth_none = {
+ &svc_auth_none_ops,
+ NULL,
+};
+
+static bool_t
+svcauth_none_destroy(SVCAUTH *auth)
+{
+ return (TRUE);
+}
+
+static bool_t
+svcauth_none_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func,
+ caddr_t xdr_ptr)
+{
+ return ((*xdr_func)(xdrs, xdr_ptr));
+}
+
+enum auth_stat
+gssrpc__svcauth_none(struct svc_req *rqst, struct rpc_msg *msg,
+ bool_t *no_dispatch)
+{
+ rqst->rq_xprt->xp_auth = &svc_auth_none;
+
+ return (AUTH_OK);
+}
* Unix longhand authenticator
*/
enum auth_stat
-_gssrpc_svcauth_unix(rqst, msg, dispatch)
+gssrpc__svcauth_unix(rqst, msg, dispatch)
register struct svc_req *rqst;
register struct rpc_msg *msg;
bool_t *dispatch;
register enum auth_stat stat;
XDR xdrs;
register struct authunix_parms *aup;
- register rpc_int32 *buf;
+ register rpc_inline_t *buf;
struct area {
struct authunix_parms area_aup;
char area_machname[MAX_MACHINE_NAME+1];
int area_gids[NGRPS];
} *area;
- unsigned int auth_len;
+ u_int auth_len;
int str_len, gid_len;
register int i;
- rqst->rq_xprt->xp_auth = &svc_auth_any;
+ rqst->rq_xprt->xp_auth = &svc_auth_none;
area = (struct area *) rqst->rq_clntcred;
aup = &area->area_aup;
aup->aup_machname = area->area_machname;
aup->aup_gids = area->area_gids;
- auth_len = (unsigned int)msg->rm_call.cb_cred.oa_length;
+ auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
- buf = (rpc_int32 *) XDR_INLINE(&xdrs, auth_len);
+ buf = XDR_INLINE(&xdrs, auth_len);
if (buf != NULL) {
aup->aup_time = IXDR_GET_LONG(buf);
str_len = IXDR_GET_U_LONG(buf);
stat = AUTH_BADCRED;
goto done;
}
- memmove(aup->aup_machname, (caddr_t)buf, (unsigned int)str_len);
+ memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
aup->aup_machname[str_len] = 0;
str_len = RNDUP(str_len);
- buf += str_len / sizeof (rpc_int32);
+ buf += str_len / BYTES_PER_XDR_UNIT;
aup->aup_uid = IXDR_GET_LONG(buf);
aup->aup_gid = IXDR_GET_LONG(buf);
gid_len = IXDR_GET_U_LONG(buf);
*/
/*ARGSUSED*/
enum auth_stat
-_gssrpc_svcauth_short(rqst, msg, dispatch)
+gssrpc__svcauth_short(rqst, msg, dispatch)
struct svc_req *rqst;
struct rpc_msg *msg;
bool_t *dispatch;
{
- rqst->rq_xprt->xp_auth = &svc_auth_any;
+ rqst->rq_xprt->xp_auth = &svc_auth_none;
return (AUTH_REJECTEDCRED);
}
#else
readfds = svc_fds;
#endif /* def FD_SETSIZE */
- switch (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set *)0,
+ switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)0,
(fd_set *)0, (struct timeval *)0)) {
case -1:
if (errno == EINTR) {
static SVCXPRT *transp;
int
-gssrpc_registerrpc(prognum, versnum, procnum, progname, inproc, outproc)
+registerrpc(prognum, versnum, procnum, progname, inproc, outproc)
char *(*progname)();
xdrproc_t inproc, outproc;
- rpc_u_int32 prognum, versnum, procnum;
+ rpcprog_t prognum;
+ rpcvers_t versnum;
+ rpcproc_t procnum;
{
struct proglst *pl;
return (-1);
}
}
- (void) pmap_unset((rpc_u_int32)prognum, (rpc_u_int32)versnum);
- if (!svc_register(transp, (rpc_u_int32)prognum, (rpc_u_int32)versnum,
- universal, IPPROTO_UDP)) {
+ (void) pmap_unset(prognum, versnum);
+ if (!svc_register(transp, prognum, versnum, universal, IPPROTO_UDP)) {
(void) fprintf(stderr, "couldn't register prog %d vers %d\n",
prognum, versnum);
return (-1);
};
static int readtcp(char *, caddr_t, int), writetcp(char *, caddr_t, int);
-static SVCXPRT *makefd_xprt(int, unsigned int, unsigned int);
+static SVCXPRT *makefd_xprt(int, u_int, u_int);
struct tcp_rendezvous { /* kept in xprt->xp_p1 */
- unsigned int sendsize;
- unsigned int recvsize;
+ u_int sendsize;
+ u_int recvsize;
};
struct tcp_conn { /* kept in xprt->xp_p1 */
enum xprt_stat strm_stat;
- rpc_u_int32 x_id;
+ uint32_t x_id;
XDR xdrs;
char verf_body[MAX_AUTH_BYTES];
};
SVCXPRT *
svctcp_create(sock, sendsize, recvsize)
register int sock;
- unsigned int sendsize;
- unsigned int recvsize;
+ u_int sendsize;
+ u_int recvsize;
{
bool_t madesock = FALSE;
register SVCXPRT *xprt;
}
memset((char *)&addr, 0, sizeof (addr));
addr.sin_family = AF_INET;
- if (gssrpc_bindresvport(sock, &addr)) {
+ if (bindresvport(sock, &addr)) {
addr.sin_port = 0;
(void)bind(sock, (struct sockaddr *)&addr, len);
}
}
xprt->xp_p2 = NULL;
xprt->xp_p1 = (caddr_t)r;
- xprt->xp_verf = _null_auth;
+ xprt->xp_auth = NULL;
+ xprt->xp_verf = gssrpc__null_auth;
xprt->xp_ops = &svctcp_rendezvous_op;
xprt->xp_port = ntohs(addr.sin_port);
xprt->xp_sock = sock;
* descriptor as its first input.
*/
SVCXPRT *
-gssrpc_svcfd_create(fd, sendsize, recvsize)
+svcfd_create(fd, sendsize, recvsize)
int fd;
- unsigned int sendsize;
- unsigned int recvsize;
+ u_int sendsize;
+ u_int recvsize;
{
return (makefd_xprt(fd, sendsize, recvsize));
static SVCXPRT *
makefd_xprt(fd, sendsize, recvsize)
int fd;
- unsigned int sendsize;
- unsigned int recvsize;
+ u_int sendsize;
+ u_int recvsize;
{
register SVCXPRT *xprt;
register struct tcp_conn *cd;
(caddr_t)xprt, readtcp, writetcp);
xprt->xp_p2 = NULL;
xprt->xp_p1 = (caddr_t)cd;
+ xprt->xp_auth = NULL;
xprt->xp_verf.oa_base = cd->verf_body;
xprt->xp_addrlen = 0;
xprt->xp_laddrlen = 0;
/* an actual connection socket */
XDR_DESTROY(&(cd->xdrs));
}
+ if (xprt->xp_auth != NULL) {
+ SVCAUTH_DESTROY(xprt->xp_auth);
+ xprt->xp_auth = NULL;
+ }
mem_free((caddr_t)cd, sizeof(struct tcp_conn));
mem_free((caddr_t)xprt, sizeof(SVCXPRT));
}
do {
readfds = mask;
tout = wait_per_try;
- if (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set*)NULL,
+ if (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set*)NULL,
(fd_set*)NULL, &tout) <= 0) {
if (errno == EINTR) {
continue;
static bool_t svcudp_freeargs(SVCXPRT *, xdrproc_t, void *);
static void svcudp_destroy(SVCXPRT *);
-static void cache_set(SVCXPRT *, rpc_u_int32);
-static int cache_get(SVCXPRT *, struct rpc_msg *, char **, rpc_u_int32 *);
+static void cache_set(SVCXPRT *, uint32_t);
+static int cache_get(SVCXPRT *, struct rpc_msg *, char **, uint32_t *);
static struct xp_ops svcudp_op = {
svcudp_recv,
* kept in xprt->xp_p2
*/
struct svcudp_data {
- unsigned int su_iosz; /* byte size of send.recv buffer */
- rpc_u_int32 su_xid; /* transaction id */
+ u_int su_iosz; /* byte size of send.recv buffer */
+ uint32_t su_xid; /* transaction id */
XDR su_xdrs; /* XDR handle */
char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */
void * su_cache; /* cached data, NULL if no cache */
SVCXPRT *
svcudp_bufcreate(sock, sendsz, recvsz)
register int sock;
- unsigned int sendsz, recvsz;
+ u_int sendsz, recvsz;
{
bool_t madesock = FALSE;
register SVCXPRT *xprt;
}
memset((char *)&addr, 0, sizeof (addr));
addr.sin_family = AF_INET;
- if (gssrpc_bindresvport(sock, &addr)) {
+ if (bindresvport(sock, &addr)) {
addr.sin_port = 0;
(void)bind(sock, (struct sockaddr *)&addr, len);
}
&(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_DECODE);
su->su_cache = NULL;
xprt->xp_p2 = (caddr_t)su;
+ xprt->xp_auth = NULL;
xprt->xp_verf.oa_base = su->su_verfbody;
xprt->xp_ops = &svcudp_op;
xprt->xp_port = ntohs(addr.sin_port);
register XDR *xdrs = &(su->su_xdrs);
register int rlen;
char *reply;
- rpc_u_int32 replylen;
+ uint32_t replylen;
again:
memset((char *) &dummy, 0, sizeof(dummy));
0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen));
if (rlen == -1 && errno == EINTR)
goto again;
- if (rlen < (int) 4*sizeof(rpc_u_int32))
+ if (rlen < (int) 4*sizeof(uint32_t))
return (FALSE);
xdrs->x_op = XDR_DECODE;
XDR_SETPOS(xdrs, 0);
== slen) {
stat = TRUE;
if (su->su_cache && slen >= 0) {
- cache_set(xprt, (rpc_u_int32) slen);
+ cache_set(xprt, (uint32_t) slen);
}
}
}
register struct svcudp_data *su = su_data(xprt);
xprt_unregister(xprt);
- (void)close(xprt->xp_sock);
+ if (xprt->xp_sock != -1)
+ (void)close(xprt->xp_sock);
+ xprt->xp_sock = -1;
+ if (xprt->xp_auth != NULL) {
+ SVCAUTH_DESTROY(xprt->xp_auth);
+ xprt->xp_auth = NULL;
+ }
XDR_DESTROY(&(su->su_xdrs));
mem_free(rpc_buffer(xprt), su->su_iosz);
mem_free((caddr_t)su, sizeof(struct svcudp_data));
/*
* Index into cache is xid, proc, vers, prog and address
*/
- rpc_u_int32 cache_xid;
- rpc_u_int32 cache_proc;
- rpc_u_int32 cache_vers;
- rpc_u_int32 cache_prog;
+ uint32_t cache_xid;
+ rpcproc_t cache_proc;
+ rpcvers_t cache_vers;
+ rpcprog_t cache_prog;
struct sockaddr_in cache_addr;
/*
* The cached reply and length
*/
char * cache_reply;
- rpc_u_int32 cache_replylen;
+ uint32_t cache_replylen;
/*
* Next node on the list, if there is a collision
*/
* The entire cache
*/
struct udp_cache {
- rpc_u_int32 uc_size; /* size of cache */
+ uint32_t uc_size; /* size of cache */
cache_ptr *uc_entries; /* hash table of entries in cache */
cache_ptr *uc_fifo; /* fifo list of entries in cache */
- rpc_u_int32 uc_nextvictim; /* points to next victim in fifo list */
- rpc_u_int32 uc_prog; /* saved program number */
- rpc_u_int32 uc_vers; /* saved version number */
- rpc_u_int32 uc_proc; /* saved procedure number */
+ uint32_t uc_nextvictim; /* points to next victim in fifo list */
+ rpcprog_t uc_prog; /* saved program number */
+ rpcvers_t uc_vers; /* saved version number */
+ rpcproc_t uc_proc; /* saved procedure number */
struct sockaddr_in uc_addr; /* saved caller's address */
};
* Note: there is no disable.
*/
int
-gssrpc_svcudp_enablecache(transp, size)
+svcudp_enablecache(transp, size)
SVCXPRT *transp;
- rpc_u_int32 size;
+ uint32_t size;
{
struct svcudp_data *su = su_data(transp);
struct udp_cache *uc;
static void
cache_set(xprt, replylen)
SVCXPRT *xprt;
- rpc_u_int32 replylen;
+ uint32_t replylen;
{
register cache_ptr victim;
register cache_ptr *vicp;
register struct svcudp_data *su = su_data(xprt);
struct udp_cache *uc = (struct udp_cache *) su->su_cache;
- unsigned int loc;
+ u_int loc;
char *newbuf;
/*
SVCXPRT *xprt;
struct rpc_msg *msg;
char **replyp;
- rpc_u_int32 *replylenp;
+ uint32_t *replylenp;
{
- unsigned int loc;
+ u_int loc;
register cache_ptr ent;
register struct svcudp_data *su = su_data(xprt);
register struct udp_cache *uc = (struct udp_cache *) su->su_cache;
/*
* Rpc additions to <sys/types.h>
*/
-#ifndef __TYPES_RPC_HEADER__
-#define __TYPES_RPC_HEADER__
+#ifndef GSSRPC_TYPES_H
+#define GSSRPC_TYPES_H
#include <sys/types.h>
+
+@GSSRPC__SYS_SELECT_H@
+@GSSRPC__SYS_TIME_H@
+@GSSRPC__UNISTD_H@
+
+/*
+ * Try to get MAXHOSTNAMELEN from somewhere.
+ */
+@GSSRPC__SYS_PARAM_H@
+@GSSRPC__NETDB_H@
+
+/* Get htonl(), ntohl(), etc. */
+#include <netinet/in.h>
+
+#include <stdlib.h>
+
+/*
+ * Pull in typedefs for fixed-width integers somehow, if they weren't
+ * in sys/types.h.
+ */
+@GSSRPC__STDINT_H@
+@GSSRPC__INTTYPES_H@
+/* Define if there is no int32_t in system headers. */
+@GSSRPC__FAKE_INT32@
+
+#include <limits.h>
+
+#ifndef GSSRPC__BEGIN_DECLS
+#ifdef __cplusplus
+#define GSSRPC__BEGIN_DECLS extern "C" {
+#define GSSRPC__END_DECLS }
+#else
+#define GSSRPC__BEGIN_DECLS
+#define GSSRPC__END_DECLS
+#endif
+#endif
+
+GSSRPC__BEGIN_DECLS
+
+#if defined(CHAR_BIT) && CHAR_BIT != 8
+#error "Bytes must be exactly 8 bits."
+#endif
+
+/*
+ * If no int32_t in system headers, fake it by looking for a 32-bit
+ * two's-complement type. Yes, this stomps on POSIX namespace, but if
+ * we get here, we're on a system that's far from being
+ * POSIX-compliant anyway.
+ */
+#if GSSRPC__FAKE_INT32
+#if (UINT_MAX == 0xffffffffUL) && (INT_MAX == 0x7fffffffL) \
+ && (INT_MIN == -INT_MAX-1)
+typedef int int32_t;
+typedef unsigned int uint32_t;
+#else
+#if (ULONG_MAX == 0xffffffffUL) && (LONG_MAX == 0x7fffffffL) \
+ && (LONG_MIN == -LONG_MAX-1)
+typedef long int32_t;
+typedef unsigned long uint32_t;
+#else
+#if (USHRT_MAX == 0xffffffffUL) && (SHRT_MAX == 0x7fffffffL) \
+ && (SHRT_MIN == -SHRT_MAX-1)
+typedef short int32_t;
+typedef unsigned short uint32_t;
+#else
+#error "Can't fake up int32_t."
+#endif
+#endif
+#endif
+#endif /* GSSRPC__FAKE_INT32 */
+
+#if (LONG_MIN != -LONG_MAX-1) || (INT_MIN != -INT_MAX-1) \
+ || (SHRT_MIN != -SHRT_MAX-1)
+#error "Integer types must be two's-complement."
+#endif
+
+/* Define if we need to fake up some BSD type aliases. */
+#ifndef GSSRPC__BSD_TYPEALIASES /* Allow application to override. */
+@GSSRPC__BSD_TYPEALIASES@
+#endif
+#if GSSRPC__BSD_TYPEALIASES
+typedef unsigned char u_char;
+typedef unsigned short u_short;
+typedef unsigned int u_int;
+typedef unsigned long u_long;
+#endif
+
+typedef uint32_t rpcprog_t;
+typedef uint32_t rpcvers_t;
+typedef uint32_t rpcprot_t;
+typedef uint32_t rpcproc_t;
+typedef uint32_t rpcport_t;
+typedef int32_t rpc_inline_t;
+
+typedef int32_t rpc_int32;
+typedef uint32_t rpc_u_int32;
+
/* This is for rpc/netdb.h */
@rpcent_define@
-/* this is a 32-bit int type */
-
-#if @SIZEOF_INT@ == 4
-typedef int rpc_int32;
-typedef unsigned int rpc_u_int32;
-#elif @SIZEOF_LONG@ == 4
-typedef long rpc_int32;
-typedef unsigned long rpc_u_int32;
-#endif
#define bool_t int
#define enum_t int
#ifndef TRUE
# define TRUE (1)
#endif
+/* XXX namespace */
#define __dontcare__ -1
#ifndef NULL
# define NULL 0
#endif
-@STDLIB_INCLUDE@
+/*
+ * The below should probably be internal-only, but seem to be
+ * traditionally exported in RPC implementations.
+ */
#define mem_alloc(bsize) malloc(bsize)
#define mem_free(ptr, bsize) free(ptr)
-#ifndef makedev /* ie, we haven't already included it */
-#include <sys/types.h>
-#endif
-#ifdef _AIX
-#include <sys/select.h>
-#endif
-#include <sys/time.h>
-#include <netinet/in.h>
-#include <sys/param.h>
#if 0
#include <netdb.h> /* XXX This should not have to be here.
* I got sick of seeing the warnings for MAXHOSTNAMELEN
#endif
#ifndef INADDR_LOOPBACK
-#define INADDR_LOOPBACK (rpc_u_int32)0x7F000001
+#define INADDR_LOOPBACK (uint32_t)0x7F000001
#endif
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 64
#endif
-#endif /* ndef __TYPES_RPC_HEADER__ */
+GSSRPC__END_DECLS
+
+#include <gssrpc/rename.h>
+#endif /* !defined(GSSRPC_TYPES_H) */
+2004-05-27 Tom Yu <tlyu@mit.edu>
+
+ * client.c: rpcint_32 -> int32_t.
+
+ * server.c: Update names of AUTH_GSSAPI functions.
+
2004-04-02 Ken Raeburn <raeburn@mit.edu>
* lib/helpers.exp (expect_kadm_ok): Check for "ERROR" messages and
/* pre-serialized ah_cred */
u_char cred_buf[MAX_AUTH_BYTES];
- rpc_int32 cred_len;
+ int32_t cred_len;
};
#define AUTH_PRIVATE(auth) ((struct auth_gssapi_data *)auth->ah_private)
exit(1);
}
- if (_svcauth_gssapi_set_names(names, 0) == FALSE) {
+ if (svcauth_gssapi_set_names(names, 0) == FALSE) {
fprintf(stderr, "unable to set gssapi names\n");
exit(1);
}
- _svcauth_gssapi_set_log_badauth_func(rpc_test_badauth, NULL);
- _svcauth_gssapi_set_log_badverf_func(rpc_test_badverf, NULL);
- _svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
+ svcauth_gssapi_set_log_badauth_func(rpc_test_badauth, NULL);
+ svcauth_gssapi_set_log_badverf_func(rpc_test_badverf, NULL);
+ svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
#ifdef POSIX_SIGNALS
(void) sigemptyset(&sa.sa_mask);
/*
* constants specific to the xdr "protocol"
*/
-#define XDR_FALSE ((rpc_int32) 0)
-#define XDR_TRUE ((rpc_int32) 1)
-#define LASTUNSIGNED ((unsigned int) 0-1)
+#define XDR_FALSE ((long) 0)
+#define XDR_TRUE ((long) 1)
+#define LASTUNSIGNED ((u_int) 0-1)
/*
* for unit alignment
* Not a filter, but a convenient utility nonetheless
*/
void
-gssrpc_xdr_free(proc, objp)
+xdr_free(proc, objp)
xdrproc_t proc;
void *objp;
{
XDR *xdrs;
int *ip;
{
+ long l;
-#ifdef lint
- (void) (xdr_short(xdrs, (short *)ip));
- return (xdr_long(xdrs, (rpc_int32 *)ip));
-#else
- if (sizeof (int) >= 4) {
- long l;
- switch (xdrs->x_op) {
- case XDR_ENCODE:
- l = *ip;
- return (xdr_long(xdrs, &l));
-
- case XDR_DECODE:
- if (!xdr_long(xdrs, &l)) {
- return (FALSE);
- }
- *ip = l;
- return (TRUE);
-
- case XDR_FREE:
- return (TRUE);
- }
- } else {
- return (xdr_short(xdrs, (short *)ip));
+ switch (xdrs->x_op) {
+
+ case XDR_ENCODE:
+ if (*ip > 0x7fffffffL)
+ return (FALSE);
+
+ l = (long) *ip;
+ return (XDR_PUTLONG(xdrs, &l));
+
+ case XDR_DECODE:
+ if (!XDR_GETLONG(xdrs, &l))
+ return (FALSE);
+
+ if ((u_long)l > UINT_MAX || l < INT_MIN)
+ return (FALSE);
+
+ *ip = (int) l;
+
+ case XDR_FREE:
+ return (TRUE);
}
/*NOTREACHED*/
return(FALSE);
-#endif
}
/*
bool_t
xdr_u_int(xdrs, up)
XDR *xdrs;
- unsigned int *up;
+ u_int *up;
{
-#ifdef lint
- (void) (xdr_short(xdrs, (short *)up));
- return (xdr_u_long(xdrs, (rpc_u_int32 *)up));
-#else
- if (sizeof (unsigned int) >= 4) {
- unsigned long l;
- switch (xdrs->x_op) {
- case XDR_ENCODE:
- l = *up;
- return (xdr_u_long(xdrs, &l));
-
- case XDR_DECODE:
- if (!xdr_u_long(xdrs, &l)) {
- return (FALSE);
- }
- *up = l;
- return (TRUE);
-
- case XDR_FREE:
- return (TRUE);
- }
- } else {
- return (xdr_short(xdrs, (short *)up));
+ u_long l;
+
+ switch (xdrs->x_op) {
+
+ case XDR_ENCODE:
+ if (*up > 0xffffffffUL)
+ return (FALSE);
+
+ l = (u_long)*up;
+ return (XDR_PUTLONG(xdrs, (long *) &l));
+
+ case XDR_DECODE:
+ if (!XDR_GETLONG(xdrs, (long *) &l))
+ return (FALSE);
+
+ if (l > UINT_MAX)
+ return (FALSE);
+
+ *up = (u_int) l;
+ return (TRUE);
+
+ case XDR_FREE:
+ return (TRUE);
}
/*NOTREACHED*/
return(FALSE);
-#endif
}
/*
* XDR long integers
- * same as xdr_u_long - open coded to save a proc call!
*/
bool_t
xdr_long(xdrs, lp)
register XDR *xdrs;
long *lp;
{
- if (xdrs->x_op == XDR_ENCODE) {
- if (sizeof (long) > 4) {
- /* See if the dereferenced value fits in 4 bytes. If not, return FALSE.
- * Check by loading value into a rpc_int32, then loading back and comparing
- * results.
- */
- rpc_int32 i = (int) *lp;
- long l = i;
- if (l != *lp) {
- return (FALSE);
- }
- }
- return (XDR_PUTLONG(xdrs, lp));
- }
- if (xdrs->x_op == XDR_DECODE)
- return (XDR_GETLONG(xdrs, lp));
- if (xdrs->x_op == XDR_FREE)
- return (TRUE);
+ switch (xdrs->x_op) {
+ case XDR_ENCODE:
+ if (*lp > 0x7fffffffL)
+ return (FALSE);
+
+ return (XDR_PUTLONG(xdrs, lp));
- return (FALSE);
+ case XDR_DECODE:
+ return (XDR_GETLONG(xdrs, lp));
+
+ case XDR_FREE:
+ return (TRUE);
+ }
+ return (FALSE);
}
/*
* XDR unsigned long integers
- * same as xdr_long - open coded to save a proc call!
*/
bool_t
xdr_u_long(xdrs, ulp)
register XDR *xdrs;
- unsigned long *ulp;
+ u_long *ulp;
{
- if (xdrs->x_op == XDR_ENCODE) {
- if (sizeof (unsigned long) > 4) {
- /* See if the dereferenced value fits in 4 bytes. If not, return FALSE.
- * Check by loading value into a rpc_int32, then loading back and comparing
- * results.
- */
- unsigned int ui = *ulp;
- unsigned long ul = ui;
- if (ul != *ulp) {
+
+ switch (xdrs->x_op) {
+ case XDR_ENCODE:
+ if (*ulp > 0xffffffffUL)
+ return (FALSE);
+
+ return (XDR_PUTLONG(xdrs, (long *) ulp));
+
+ case XDR_DECODE:
+ return (XDR_GETLONG(xdrs, (long *) ulp));
+
+ case XDR_FREE:
+ return (TRUE);
+ }
return (FALSE);
- }
- }
- return (XDR_PUTLONG(xdrs, (long *)ulp));
- }
- if (xdrs->x_op == XDR_DECODE) {
- return (XDR_GETLONG(xdrs, (long *)ulp));
- }
- if (xdrs->x_op == XDR_FREE)
- return (TRUE);
- return (FALSE);
}
/*
bool_t
xdr_u_short(xdrs, usp)
register XDR *xdrs;
- unsigned short *usp;
+ u_short *usp;
{
- unsigned long l;
+ u_long l;
switch (xdrs->x_op) {
case XDR_ENCODE:
- l = (unsigned long) *usp;
+ l = (u_long) *usp;
return (XDR_PUTLONG(xdrs, (long *) &l));
case XDR_DECODE:
if (!XDR_GETLONG(xdrs, (long *) &l)) {
return (FALSE);
}
- *usp = (unsigned short) l;
+ *usp = (u_short) l;
return (TRUE);
case XDR_FREE:
bool_t
xdr_u_char(xdrs, cp)
XDR *xdrs;
- unsigned char *cp;
+ u_char *cp;
{
- unsigned int u;
+ u_int u;
u = (*cp);
if (!xdr_u_int(xdrs, &u)) {
/*
* enums are treated as ints
*/
- if (sizeof (enum sizecheck) == sizeof (rpc_int32)) {
- return (xdr_int32(xdrs, (rpc_int32 *)ep));
+ if (sizeof (enum sizecheck) == sizeof (long)) {
+ return (xdr_long(xdrs, (long *)ep));
} else if (sizeof (enum sizecheck) == sizeof (short)) {
return (xdr_short(xdrs, (short *)ep));
} else {
xdr_opaque(xdrs, cp, cnt)
register XDR *xdrs;
caddr_t cp;
- register unsigned int cnt;
+ register u_int cnt;
{
- register unsigned int rndup;
+ register u_int rndup;
static int crud[BYTES_PER_XDR_UNIT];
/*
xdr_bytes(xdrs, cpp, sizep, maxsize)
register XDR *xdrs;
char **cpp;
- register unsigned int *sizep;
- unsigned int maxsize;
+ register u_int *sizep;
+ u_int maxsize;
{
register char *sp = *cpp; /* sp is the actual string pointer */
- register unsigned int nodesize;
+ register u_int nodesize;
/*
* first deal with the length since xdr bytes are counted
bool_t
xdr_int32(xdrs, ip)
XDR *xdrs;
- rpc_int32 *ip;
+ int32_t *ip;
{
- long l;
- switch (xdrs->x_op) {
- case XDR_ENCODE:
- l = *ip;
- return (xdr_long(xdrs, &l));
-
- case XDR_DECODE:
- if (!xdr_long(xdrs, &l)) {
- return (FALSE);
- }
- *ip = l;
- return (TRUE);
-
- case XDR_FREE:
- return (TRUE);
- }
- return(FALSE);
+ long l;
+
+ switch (xdrs->x_op) {
+
+ case XDR_ENCODE:
+ l = *ip;
+ return (xdr_long(xdrs, &l));
+
+ case XDR_DECODE:
+ if (!xdr_long(xdrs, &l)) {
+ return (FALSE);
+ }
+ *ip = l;
+ return (TRUE);
+
+ case XDR_FREE:
+ return (TRUE);
+ }
+ return (FALSE);
}
bool_t
xdr_u_int32(xdrs, up)
XDR *xdrs;
- rpc_u_int32 *up;
+ uint32_t *up;
{
- unsigned long ul;
- switch (xdrs->x_op) {
- case XDR_ENCODE:
- ul = *up;
- return (xdr_u_long(xdrs, &ul));
-
- case XDR_DECODE:
- if (!xdr_u_long(xdrs, &ul)) {
- return (FALSE);
- }
- *up = ul;
- return (TRUE);
-
- case XDR_FREE:
- return (TRUE);
- }
- return(FALSE);
+ u_long ul;
+
+ switch (xdrs->x_op) {
+
+ case XDR_ENCODE:
+ ul = *up;
+ return (xdr_u_long(xdrs, &ul));
+
+ case XDR_DECODE:
+ if (!xdr_u_long(xdrs, &ul)) {
+ return (FALSE);
+ }
+ *up = ul;
+ return (TRUE);
+
+ case XDR_FREE:
+ return (TRUE);
+ }
+ return (FALSE);
}
/*
xdr_string(xdrs, cpp, maxsize)
register XDR *xdrs;
char **cpp;
- unsigned int maxsize;
+ u_int maxsize;
{
register char *sp = *cpp; /* sp is the actual string pointer */
- unsigned int size;
- unsigned int nodesize;
+ u_int size;
+ u_int nodesize;
/*
* first deal with the length since xdr strings are counted-strings
* Copyright (C) 1984, Sun Microsystems, Inc.
*/
-#ifndef __XDR_HEADER__
-#define __XDR_HEADER__
+#ifndef GSSRPC_XDR_H
+#define GSSRPC_XDR_H
-/* We need FILE. */
-#include <stdio.h>
+#include <stdio.h> /* for FILE */
+GSSRPC__BEGIN_DECLS
/*
* XDR provides a conventional way for converting between C data
* types and an external bit-string representation. Library supplied
* an operations vector for the paticular implementation (e.g. see xdr_mem.c),
* and two private fields for the use of the particular impelementation.
*/
-typedef struct __xdr_s {
+typedef struct XDR {
enum xdr_op x_op; /* operation; fast additional param */
struct xdr_ops {
- /* get a long from underlying stream */
- bool_t (*x_getlong)(struct __xdr_s *, long *);
+ /* get a long from underlying stream */
+ bool_t (*x_getlong)(struct XDR *, long *);
- /* put a long to underlying stream */
- bool_t (*x_putlong)(struct __xdr_s *, long *);
+ /* put a long to underlying stream */
+ bool_t (*x_putlong)(struct XDR *, long *);
- /* get some bytes from underlying stream */
- bool_t (*x_getbytes)(struct __xdr_s *, caddr_t, unsigned int);
+ /* get some bytes from underlying stream */
+ bool_t (*x_getbytes)(struct XDR *, caddr_t, u_int);
- /* put some bytes to underlying stream */
- bool_t (*x_putbytes)(struct __xdr_s *, caddr_t, unsigned int);
+ /* put some bytes to underlying stream */
+ bool_t (*x_putbytes)(struct XDR *, caddr_t, u_int);
- /* returns bytes off from beginning */
- unsigned int (*x_getpostn)(struct __xdr_s *);
+ /* returns bytes off from beginning */
+ u_int (*x_getpostn)(struct XDR *);
- /* lets you reposition the stream */
- bool_t (*x_setpostn)(struct __xdr_s *, unsigned int);
+ /* lets you reposition the stream */
+ bool_t (*x_setpostn)(struct XDR *, u_int);
- /* buf quick ptr to buffered data */
- rpc_int32 * (*x_inline)(struct __xdr_s *, int);
+ /* buf quick ptr to buffered data */
+ rpc_inline_t *(*x_inline)(struct XDR *, int);
- /* free privates of this xdr_stream */
- void (*x_destroy)(struct __xdr_s *);
+ /* free privates of this xdr_stream */
+ void (*x_destroy)(struct XDR *);
} *x_ops;
caddr_t x_public; /* users' data */
void * x_private; /* pointer to private data */
* Operations defined on a XDR handle
*
* XDR *xdrs;
- * rpc_int32 *longp;
+ * int32_t *longp;
* caddr_t addr;
- * unsigned int len;
- * unsigned int pos;
+ * u_int len;
+ * u_int pos;
*/
#define XDR_GETLONG(xdrs, longp) \
(*(xdrs)->x_ops->x_getlong)(xdrs, longp)
* N.B. and frozen for all time: each data type here uses 4 bytes
* of external representation.
*/
-#define IXDR_GET_LONG(buf) ((long)ntohl((rpc_u_int32)*(buf)++))
-#define IXDR_PUT_LONG(buf, v) (*(buf)++ = (rpc_int32)htonl((rpc_u_int32)v))
+#define IXDR_GET_INT32(buf) ((int32_t)ntohl((uint32_t)*(buf)++))
+#define IXDR_PUT_INT32(buf, v) (*(buf)++ = (int32_t)htonl((uint32_t)(v)))
+#define IXDR_GET_U_INT32(buf) ((uint32_t)IXDR_GET_INT32(buf))
+#define IXDR_PUT_U_INT32(buf, v) IXDR_PUT_INT32(buf, (int32_t)(v))
+
+#define IXDR_GET_LONG(buf) ((long)ntohl((uint32_t)*(buf)++))
+#define IXDR_PUT_LONG(buf, v) (*(buf)++ = (int32_t)htonl((uint32_t)(v)))
#define IXDR_GET_BOOL(buf) ((bool_t)IXDR_GET_LONG(buf))
#define IXDR_GET_ENUM(buf, t) ((t)IXDR_GET_LONG(buf))
-#define IXDR_GET_U_LONG(buf) ((rpc_u_int32)IXDR_GET_LONG(buf))
+#define IXDR_GET_U_LONG(buf) ((u_long)IXDR_GET_LONG(buf))
#define IXDR_GET_SHORT(buf) ((short)IXDR_GET_LONG(buf))
-#define IXDR_GET_U_SHORT(buf) ((unsigned short)IXDR_GET_LONG(buf))
+#define IXDR_GET_U_SHORT(buf) ((u_short)IXDR_GET_LONG(buf))
-#define IXDR_PUT_BOOL(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v)))
-#define IXDR_PUT_ENUM(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v)))
-#define IXDR_PUT_U_LONG(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v)))
-#define IXDR_PUT_SHORT(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v)))
-#define IXDR_PUT_U_SHORT(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v)))
+#define IXDR_PUT_BOOL(buf, v) IXDR_PUT_LONG((buf), ((long)(v)))
+#define IXDR_PUT_ENUM(buf, v) IXDR_PUT_LONG((buf), ((long)(v)))
+#define IXDR_PUT_U_LONG(buf, v) IXDR_PUT_LONG((buf), ((long)(v)))
+#define IXDR_PUT_SHORT(buf, v) IXDR_PUT_LONG((buf), ((long)(v)))
+#define IXDR_PUT_U_SHORT(buf, v) IXDR_PUT_LONG((buf), ((long)(v)))
/*
* These are the "generic" xdr routines.
*/
-#define xdr_void gssrpc_xdr_void
-#define xdr_int gssrpc_xdr_int
-#define xdr_u_int gssrpc_xdr_u_int
-#define xdr_long gssrpc_xdr_long
-#define xdr_u_long gssrpc_xdr_u_long
-#define xdr_short gssrpc_xdr_short
-#define xdr_u_short gssrpc_xdr_u_short
-#define xdr_bool gssrpc_xdr_bool
-#define xdr_enum gssrpc_xdr_enum
-#define xdr_array gssrpc_xdr_array
-#define xdr_bytes gssrpc_xdr_bytes
-#define xdr_opaque gssrpc_xdr_opaque
-#define xdr_string gssrpc_xdr_string
-#define xdr_union gssrpc_xdr_union
-#define xdr_char gssrpc_xdr_char
-#define xdr_u_char gssrpc_xdr_u_char
-#define xdr_vector gssrpc_xdr_vector
-#define xdr_float gssrpc_xdr_float
-#define xdr_double gssrpc_xdr_double
-#define xdr_reference gssrpc_xdr_reference
-#define xdr_pointer gssrpc_xdr_pointer
-#define xdr_wrapstring gssrpc_xdr_wrapstring
-
extern bool_t xdr_void(XDR *, void *);
-extern bool_t xdr_int
-(XDR *, int *);
-extern bool_t xdr_u_int
-(XDR *, unsigned int *);
-extern bool_t xdr_long
-(XDR *, long *);
-extern bool_t xdr_u_long
-(XDR *, unsigned long *);
-extern bool_t xdr_short
-(XDR *, short *);
-extern bool_t xdr_u_short
-(XDR *, unsigned short *);
-extern bool_t xdr_bool
-(XDR *, bool_t *);
-extern bool_t xdr_enum
-(XDR *, enum_t *);
-extern bool_t xdr_array
-(XDR *, caddr_t *, unsigned int*, unsigned int, unsigned int, xdrproc_t);
-extern bool_t xdr_bytes
-(XDR *, char **, unsigned int *, unsigned int);
-extern bool_t xdr_opaque
-(XDR *, caddr_t, unsigned int);
-extern bool_t xdr_string
-(XDR *, char **, unsigned int);
-extern bool_t xdr_union
-(XDR *, enum_t *, char *, struct xdr_discrim *, xdrproc_t);
-extern bool_t xdr_char
-(XDR *, char *);
-extern bool_t xdr_u_char
-(XDR *, unsigned char *);
-extern bool_t xdr_vector
-(XDR *, char *, unsigned int, unsigned int, xdrproc_t);
-extern bool_t xdr_float
-(XDR *, float *);
-extern bool_t xdr_double
-(XDR *, double *);
-extern bool_t xdr_reference
-(XDR *, caddr_t *, unsigned int, xdrproc_t);
-extern bool_t xdr_pointer
-(XDR *, char **, unsigned int, xdrproc_t);
-extern bool_t xdr_wrapstring
-(XDR *, char **);
+extern bool_t xdr_int(XDR *, int *);
+extern bool_t xdr_u_int(XDR *, u_int *);
+extern bool_t xdr_long(XDR *, long *);
+extern bool_t xdr_u_long(XDR *, u_long *);
+extern bool_t xdr_short(XDR *, short *);
+extern bool_t xdr_u_short(XDR *, u_short *);
+extern bool_t xdr_bool(XDR *, bool_t *);
+extern bool_t xdr_enum(XDR *, enum_t *);
+extern bool_t xdr_array(XDR *, caddr_t *, u_int *,
+ u_int, u_int, xdrproc_t);
+extern bool_t xdr_bytes(XDR *, char **, u_int *, u_int);
+extern bool_t xdr_opaque(XDR *, caddr_t, u_int);
+extern bool_t xdr_string(XDR *, char **, u_int);
+extern bool_t xdr_union(XDR *, enum_t *, char *, struct xdr_discrim *,
+ xdrproc_t);
+extern bool_t xdr_char(XDR *, char *);
+extern bool_t xdr_u_char(XDR *, u_char *);
+extern bool_t xdr_vector(XDR *, char *, u_int, u_int, xdrproc_t);
+extern bool_t xdr_float(XDR *, float *);
+extern bool_t xdr_double(XDR *, double *);
+extern bool_t xdr_reference(XDR *, caddr_t *, u_int, xdrproc_t);
+extern bool_t xdr_pointer(XDR *, char **, u_int, xdrproc_t);
+extern bool_t xdr_wrapstring(XDR *, char **);
/*
* Common opaque bytes objects used by many rpc protocols;
* declared here due to commonality.
*/
-#define xdr_netobj gssrpc_xdr_netobj
-#define xdr_int32 gssrpc_xdr_int32
-#define xdr_u_int32 gssrpc_xdr_u_int32
-
-#define MAX_NETOBJ_SZ 1024
+#define MAX_NETOBJ_SZ 2048
struct netobj {
- unsigned int n_len;
+ u_int n_len;
char *n_bytes;
};
typedef struct netobj netobj;
-extern bool_t xdr_netobj
-(XDR *, struct netobj *);
-extern bool_t xdr_int32
-(XDR *, rpc_int32 *);
-extern bool_t xdr_u_int32
-(XDR *, rpc_u_int32 *);
+extern bool_t xdr_netobj(XDR *, struct netobj *);
+
+extern bool_t xdr_int32(XDR *, int32_t *);
+extern bool_t xdr_u_int32(XDR *, uint32_t *);
/*
* These are the public routines for the various implementations of
* xdr streams.
*/
-#define xdrmem_create gssrpc_xdrmem_create
-#define xdrstdio_create gssrpc_xdrstdio_create
-#define xdrrec_create gssrpc_xdrrec_create
-#define xdralloc_create gssrpc_xdralloc_create
-#define xdralloc_release gssrpc_xdralloc_release
-#define xdrrec_endofrecord gssrpc_xdrrec_endofrecord
-#define xdrrec_skiprecord gssrpc_xdrrec_skiprecord
-#define xdrrec_eof gssrpc_xdrrec_eof
-#define xdralloc_getdata gssrpc_xdralloc_getdata
/* XDR allocating memory buffer */
-extern void xdralloc_create (XDR *xdrs, enum xdr_op op);
+extern void xdralloc_create(XDR *, enum xdr_op);
/* destroy xdralloc, save buf */
-extern void xdralloc_release (XDR *xdrs);
+extern void xdralloc_release(XDR *);
/* get buffer from xdralloc */
-extern caddr_t xdralloc_getdata (XDR *xdrs);
+extern caddr_t xdralloc_getdata(XDR *);
/* XDR using memory buffers */
-extern void xdrmem_create (XDR *xdrs, caddr_t addr,
- unsigned int size, enum xdr_op xop);
+extern void xdrmem_create(XDR *, caddr_t, u_int, enum xdr_op);
/* XDR using stdio library */
-extern void xdrstdio_create (XDR *xdrs, FILE *file,
- enum xdr_op op);
+extern void xdrstdio_create(XDR *, FILE *, enum xdr_op);
/* XDR pseudo records for tcp */
-extern void xdrrec_create (XDR *xdrs, unsigned int sendsize,
- unsigned int recvsize, caddr_t tcp_handle,
- int (*readit) (caddr_t, caddr_t, int),
- int (*writeit) (caddr_t, caddr_t, int));
+extern void xdrrec_create(XDR *xdrs, u_int, u_int, caddr_t,
+ int (*) (caddr_t, caddr_t, int),
+ int (*) (caddr_t, caddr_t, int));
/* make end of xdr record */
-extern bool_t xdrrec_endofrecord (XDR *xdrs, bool_t sendnow);
+extern bool_t xdrrec_endofrecord(XDR *, bool_t);
/* move to beginning of next record */
-extern bool_t xdrrec_skiprecord (XDR *xdrs);
+extern bool_t xdrrec_skiprecord (XDR *xdrs);
/* true if no more input */
-extern bool_t xdrrec_eof (XDR *xdrs);
+extern bool_t xdrrec_eof (XDR *xdrs);
/* free memory buffers for xdr */
-extern void gssrpc_xdr_free (xdrproc_t proc, void *__objp);
-#endif /* !__XDR_HEADER__ */
+extern void xdr_free (xdrproc_t, void *);
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_XDR_H) */
static bool_t xdralloc_putlong(XDR *, long *);
static bool_t xdralloc_putbytes(XDR *, caddr_t, unsigned int);
static unsigned int xdralloc_getpos(XDR *);
-static rpc_int32 * xdralloc_inline(XDR *, int);
+static rpc_inline_t * xdralloc_inline(XDR *, int);
static void xdralloc_destroy(XDR *);
static bool_t xdralloc_notsup_getlong(XDR *, long *);
static bool_t xdralloc_notsup_getbytes(XDR *, caddr_t, unsigned int);
register XDR *xdrs;
long *lp;
{
- int l = htonl((rpc_u_int32) *lp); /* XXX need bounds checking */
+ int l = htonl((uint32_t) *lp); /* XXX need bounds checking */
/* XXX assumes sizeof(int)==4 */
if (DynInsert((DynObject) xdrs->x_private,
-static rpc_int32 *xdralloc_inline(xdrs, len)
+static rpc_inline_t *xdralloc_inline(xdrs, len)
register XDR *xdrs;
int len;
{
- return (rpc_int32 *) 0;
+ return (rpc_inline_t *) 0;
}
#include <gssrpc/types.h>
#include <gssrpc/xdr.h>
-#define LASTUNSIGNED ((unsigned int)0-1)
+#define LASTUNSIGNED ((u_int)0-1)
/*
xdr_array(xdrs, addrp, sizep, maxsize, elsize, elproc)
register XDR *xdrs;
caddr_t *addrp; /* array pointer */
- unsigned int *sizep; /* number of elements */
- unsigned int maxsize; /* max numberof elements */
- unsigned int elsize; /* size in bytes of each element */
+ u_int *sizep; /* number of elements */
+ u_int maxsize; /* max numberof elements */
+ u_int elsize; /* size in bytes of each element */
xdrproc_t elproc; /* xdr routine to handle each element */
{
- register unsigned int i;
+ register u_int i;
register caddr_t target = *addrp;
- register unsigned int c; /* the actual element count */
+ register u_int c; /* the actual element count */
register bool_t stat = TRUE;
- register unsigned int nodesize;
+ register u_int nodesize;
/* like strings, arrays are really counted arrays */
if (! xdr_u_int(xdrs, sizep)) {
xdr_vector(xdrs, basep, nelem, elemsize, xdr_elem)
register XDR *xdrs;
register char *basep;
- register unsigned int nelem;
- register unsigned int elemsize;
+ register u_int nelem;
+ register u_int elemsize;
register xdrproc_t xdr_elem;
{
- register unsigned int i;
+ register u_int i;
register char *elptr;
elptr = basep;
is.mantissa = (vs.mantissa1 << 16) | vs.mantissa2;
shipit:
is.sign = vs.sign;
- return (XDR_PUTLONG(xdrs, (rpc_int32 *)&is));
+ return (XDR_PUTLONG(xdrs, (int32_t *)&is));
#endif
case XDR_DECODE:
return (TRUE);
#else
vsp = (struct vax_single *)fp;
- if (!XDR_GETLONG(xdrs, (rpc_int32 *)&is))
+ if (!XDR_GETLONG(xdrs, (int32_t *)&is))
return (FALSE);
for (i = 0, lim = sgl_limits;
i < sizeof(sgl_limits)/sizeof(struct sgl_limits);
register XDR *xdrs;
double *dp;
{
- register rpc_int32 *lp;
+ register int32_t *lp;
#if defined(vax)
struct ieee_double id;
struct vax_double vd;
case XDR_ENCODE:
#if !defined(vax)
- lp = (rpc_int32 *)dp;
- if (sizeof(rpc_int32) == sizeof(long)) {
+ lp = (int32_t *)dp;
+ if (sizeof(int32_t) == sizeof(long)) {
return (XDR_PUTLONG(xdrs, lp++) && XDR_PUTLONG(xdrs, lp));
} else {
long lg1 = *lp++;;
((vd.mantissa4 >> 3) & MASK(13));
shipit:
id.sign = vd.sign;
- lp = (rpc_int32 *)&id;
+ lp = (int32_t *)&id;
return (XDR_PUTLONG(xdrs, lp++) && XDR_PUTLONG(xdrs, lp));
#endif
case XDR_DECODE:
#if !defined(vax)
- lp = (rpc_int32 *)dp;
- if (sizeof(rpc_int32) == sizeof(long)) {
+ lp = (int32_t *)dp;
+ if (sizeof(int32_t) == sizeof(long)) {
return (XDR_GETLONG(xdrs, lp++) && XDR_GETLONG(xdrs, lp));
} else {
long lg1, lg2;
return flag;
}
#else
- lp = (rpc_int32 *)&id;
+ lp = (int32_t *)&id;
if (!XDR_GETLONG(xdrs, lp++) || !XDR_GETLONG(xdrs, lp))
return (FALSE);
for (i = 0, lim = dbl_limits;
static bool_t xdrmem_getlong(XDR *, long *);
static bool_t xdrmem_putlong(XDR *, long *);
-static bool_t xdrmem_getbytes(XDR *, caddr_t, unsigned int);
-static bool_t xdrmem_putbytes(XDR *, caddr_t, unsigned int);
-static unsigned int xdrmem_getpos(XDR *);
-static bool_t xdrmem_setpos(XDR *, unsigned int);
-static rpc_int32 * xdrmem_inline(XDR *, int);
+static bool_t xdrmem_getbytes(XDR *, caddr_t, u_int);
+static bool_t xdrmem_putbytes(XDR *, caddr_t, u_int);
+static u_int xdrmem_getpos(XDR *);
+static bool_t xdrmem_setpos(XDR *, u_int);
+static rpc_inline_t * xdrmem_inline(XDR *, int);
static void xdrmem_destroy(XDR *);
static struct xdr_ops xdrmem_ops = {
xdrmem_create(xdrs, addr, size, op)
register XDR *xdrs;
caddr_t addr;
- unsigned int size;
+ u_int size;
enum xdr_op op;
{
long *lp;
{
- if (xdrs->x_handy < sizeof(rpc_int32))
+ if (xdrs->x_handy < BYTES_PER_XDR_UNIT)
return (FALSE);
else
- xdrs->x_handy -= sizeof(rpc_int32);
- *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private)));
- xdrs->x_private = (char *)xdrs->x_private + sizeof(rpc_int32);
+ xdrs->x_handy -= BYTES_PER_XDR_UNIT;
+ *lp = (long)ntohl(*((uint32_t *)(xdrs->x_private)));
+ xdrs->x_private = (char *)xdrs->x_private + BYTES_PER_XDR_UNIT;
return (TRUE);
}
long *lp;
{
- if (xdrs->x_handy < sizeof(rpc_int32))
+ if (xdrs->x_handy < BYTES_PER_XDR_UNIT)
return (FALSE);
else
- xdrs->x_handy -= sizeof(rpc_int32);
- *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp));
- xdrs->x_private = (char *)xdrs->x_private + sizeof(rpc_int32);
+ xdrs->x_handy -= BYTES_PER_XDR_UNIT;
+ *(int32_t *)xdrs->x_private = (int32_t)htonl((uint32_t)(*lp));
+ xdrs->x_private = (char *)xdrs->x_private + BYTES_PER_XDR_UNIT;
return (TRUE);
}
xdrmem_getbytes(xdrs, addr, len)
register XDR *xdrs;
caddr_t addr;
- register unsigned int len;
+ register u_int len;
{
if (xdrs->x_handy < len)
xdrmem_putbytes(xdrs, addr, len)
register XDR *xdrs;
caddr_t addr;
- register unsigned int len;
+ register u_int len;
{
if (xdrs->x_handy < len)
return (TRUE);
}
-static unsigned int
+static u_int
xdrmem_getpos(xdrs)
register XDR *xdrs;
{
* 11/3/95 - JRG - Rather than recast everything for 64 bit, just convert
* pointers to longs, then cast to int.
*/
- return (unsigned int)((unsigned long)xdrs->x_private - (unsigned long)xdrs->x_base);
+ return (u_int)((u_long)xdrs->x_private - (u_long)xdrs->x_base);
}
static bool_t
xdrmem_setpos(xdrs, pos)
register XDR *xdrs;
- unsigned int pos;
+ u_int pos;
{
register caddr_t newaddr = xdrs->x_base + pos;
register caddr_t lastaddr = (char *) xdrs->x_private + xdrs->x_handy;
return (TRUE);
}
-static rpc_int32 *
+static rpc_inline_t *
xdrmem_inline(xdrs, len)
register XDR *xdrs;
int len;
{
- rpc_int32 *buf = 0;
+ rpc_inline_t *buf = 0;
if (len >= 0 && xdrs->x_handy >= len) {
xdrs->x_handy -= len;
- buf = (rpc_int32 *) xdrs->x_private;
+ buf = (rpc_inline_t *) xdrs->x_private;
xdrs->x_private = (char *)xdrs->x_private + len;
}
return (buf);
* and the tcp transport level. A record is composed on one or more
* record fragments. A record fragment is a thirty-two bit header followed
* by n bytes of data, where n is contained in the header. The header
- * is represented as a htonl(rpc_u_int32). Thegh order bit encodes
+ * is represented as a htonl(uint32_t). Thegh order bit encodes
* whether or not the fragment is the last fragment of the record
* (1 => fragment is last, 0 => more fragments to follow.
* The other 31 bits encode the byte length of the fragment.
static bool_t xdrrec_getlong(XDR *, long *);
static bool_t xdrrec_putlong(XDR *, long *);
-static bool_t xdrrec_getbytes(XDR *, caddr_t, unsigned int);
-static bool_t xdrrec_putbytes(XDR *, caddr_t, unsigned int);
-static unsigned int xdrrec_getpos(XDR *);
-static bool_t xdrrec_setpos(XDR *, unsigned int);
-static rpc_int32 * xdrrec_inline(XDR *, int);
+static bool_t xdrrec_getbytes(XDR *, caddr_t, u_int);
+static bool_t xdrrec_putbytes(XDR *, caddr_t, u_int);
+static u_int xdrrec_getpos(XDR *);
+static bool_t xdrrec_setpos(XDR *, u_int);
+static rpc_inline_t * xdrrec_inline(XDR *, int);
static void xdrrec_destroy(XDR *);
static struct xdr_ops xdrrec_ops = {
/*
* A record is composed of one or more record fragments.
- * A record fragment is a two-byte header followed by zero to
- * 2**32-1 bytes. The header is treated as an unsigned 32 bit integer and is
+ * A record fragment is a four-byte header followed by zero to
+ * 2**31-1 bytes. The header is treated as an unsigned 32 bit integer and is
* encode/decoded to the network via htonl/ntohl. The low order 31 bits
* are a byte count of the fragment. The highest order bit is a boolean:
* 1 => this fragment is the last fragment of the record,
* meet the needs of xdr and rpc based on tcp.
*/
-#define LAST_FRAG ((rpc_u_int32)(1 << 31))
+#define LAST_FRAG ((uint32_t)(1 << 31))
typedef struct rec_strm {
caddr_t tcp_handle;
caddr_t out_base; /* output buffer (points to frag header) */
caddr_t out_finger; /* next output position */
caddr_t out_boundry; /* data cannot up to this address */
- rpc_u_int32 *frag_header; /* beginning of curren fragment */
+ uint32_t *frag_header; /* beginning of curren fragment */
bool_t frag_sent; /* true if buffer sent in middle of record */
/*
* in-coming bits
*/
int (*readit)();
- rpc_u_int32 in_size; /* fixed size of the input buffer */
+ uint32_t in_size; /* fixed size of the input buffer */
caddr_t in_base;
caddr_t in_finger; /* location of next byte to be had */
caddr_t in_boundry; /* can read up to this location */
- rpc_int32 fbtbc; /* fragment bytes to be consumed */
+ int32_t fbtbc; /* fragment bytes to be consumed */
bool_t last_frag;
- unsigned int sendsize;
- unsigned int recvsize;
+ u_int sendsize;
+ u_int recvsize;
} RECSTREAM;
-static unsigned int fix_buf_size(unsigned int);
+static u_int fix_buf_size(u_int);
static bool_t flush_out(RECSTREAM *, bool_t);
static bool_t get_input_bytes(RECSTREAM *, caddr_t, int);
static bool_t set_input_fragment(RECSTREAM *);
-static bool_t skip_input_bytes(RECSTREAM *, rpc_int32);
+static bool_t skip_input_bytes(RECSTREAM *, int32_t);
/*
* Create an xdr handle for xdrrec
void
xdrrec_create(xdrs, sendsize, recvsize, tcp_handle, readit, writeit)
register XDR *xdrs;
- register unsigned int sendsize;
- register unsigned int recvsize;
+ register u_int sendsize;
+ register u_int recvsize;
caddr_t tcp_handle;
int (*readit)(); /* like read, but pass it a tcp_handle, not sock */
int (*writeit)(); /* like write, but pass it a tcp_handle, not sock */
}
for (rstrm->out_base = rstrm->the_buffer;
/* Pointer arithmetic - long cast allowed... */
- (unsigned long)rstrm->out_base % BYTES_PER_XDR_UNIT != 0;
+ (u_long)rstrm->out_base % BYTES_PER_XDR_UNIT != 0;
rstrm->out_base++);
rstrm->in_base = rstrm->out_base + sendsize;
/*
rstrm->readit = readit;
rstrm->writeit = writeit;
rstrm->out_finger = rstrm->out_boundry = rstrm->out_base;
- rstrm->frag_header = (rpc_u_int32 *)(void *)rstrm->out_base;
- rstrm->out_finger += sizeof(rpc_u_int32);
+ rstrm->frag_header = (uint32_t *)(void *)rstrm->out_base;
+ rstrm->out_finger += BYTES_PER_XDR_UNIT;
rstrm->out_boundry += sendsize;
rstrm->frag_sent = FALSE;
rstrm->in_size = recvsize;
long *lp;
{
register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
- register rpc_int32 *buflp = (rpc_int32 *)(void *)(rstrm->in_finger);
- int mylong;
+ register int32_t *buflp = (int32_t *)(void *)(rstrm->in_finger);
+ uint32_t mylong;
/* first try the inline, fast case */
- if ((rstrm->fbtbc >= sizeof(rpc_int32)) &&
- (((long)rstrm->in_boundry - (long)buflp) >= sizeof(rpc_int32))) {
- *lp = (long)ntohl((rpc_u_int32)(*buflp));
- rstrm->fbtbc -= sizeof(rpc_int32);
- rstrm->in_finger += sizeof(rpc_int32);
+ if ((rstrm->fbtbc >= BYTES_PER_XDR_UNIT) &&
+ (((long)rstrm->in_boundry - (long)buflp) >=
+ BYTES_PER_XDR_UNIT)) {
+ *lp = (long)ntohl((uint32_t)(*buflp));
+ rstrm->fbtbc -= BYTES_PER_XDR_UNIT;
+ rstrm->in_finger += BYTES_PER_XDR_UNIT;
} else {
- if (! xdrrec_getbytes(xdrs, (caddr_t)&mylong, sizeof(rpc_int32)))
+ if (! xdrrec_getbytes(xdrs, (caddr_t)&mylong,
+ BYTES_PER_XDR_UNIT))
return (FALSE);
- *lp = (long)ntohl((unsigned int)mylong);
+ *lp = (long)ntohl(mylong);
}
return (TRUE);
}
long *lp;
{
register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
- register rpc_int32 *dest_lp = ((rpc_int32 *)(void *)(rstrm->out_finger));
+ register int32_t *dest_lp = ((int32_t *)(void *)(rstrm->out_finger));
- if ((rstrm->out_finger += sizeof(rpc_int32)) > rstrm->out_boundry) {
+ if ((rstrm->out_finger += BYTES_PER_XDR_UNIT) > rstrm->out_boundry) {
/*
* this case should almost never happen so the code is
* inefficient
*/
- rstrm->out_finger -= sizeof(rpc_int32);
+ rstrm->out_finger -= BYTES_PER_XDR_UNIT;
rstrm->frag_sent = TRUE;
if (! flush_out(rstrm, FALSE))
return (FALSE);
- dest_lp = ((rpc_int32 *)(void *)(rstrm->out_finger));
- rstrm->out_finger += sizeof(rpc_int32);
+ dest_lp = ((int32_t *)(void *)(rstrm->out_finger));
+ rstrm->out_finger += BYTES_PER_XDR_UNIT;
}
- *dest_lp = (rpc_int32)htonl((rpc_u_int32)(*lp));
+ *dest_lp = (int32_t)htonl((uint32_t)(*lp));
return (TRUE);
}
xdrrec_getbytes(xdrs, addr, len)
XDR *xdrs;
register caddr_t addr;
- register unsigned int len;
+ register u_int len;
{
register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
register int current;
xdrrec_putbytes(xdrs, addr, len)
XDR *xdrs;
register caddr_t addr;
- register unsigned int len;
+ register u_int len;
{
register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
register size_t current;
return (TRUE);
}
-static unsigned int
+static u_int
xdrrec_getpos(xdrs)
register XDR *xdrs;
{
register RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
register int pos;
-/* 11/5/95 JRG HELP! lseek() can't take a pointer as the first arg
- * This code must have always failed, and the failure let the arithmetic
- * calculations proceed
- */
-#ifdef __osf__
- pos = -1;
-#else
- pos = lseek((int)rstrm->tcp_handle, (off_t) 0, 1);
-#endif
- if (pos != -1)
- switch (xdrs->x_op) {
+ switch (xdrs->x_op) {
- case XDR_ENCODE:
- pos += rstrm->out_finger - rstrm->out_base;
- break;
+ case XDR_ENCODE:
+ pos = rstrm->out_finger - rstrm->out_base
+ - BYTES_PER_XDR_UNIT;
+ break;
- case XDR_DECODE:
- pos -= rstrm->in_boundry - rstrm->in_finger;
- break;
+ case XDR_DECODE:
+ pos = rstrm->in_boundry - rstrm->in_finger
+ - BYTES_PER_XDR_UNIT;
+ break;
- default:
- pos = (unsigned int) -1;
- break;
- }
- return ((unsigned int) pos);
+ default:
+ pos = -1;
+ break;
+ }
+ return ((u_int) pos);
}
static bool_t
xdrrec_setpos(xdrs, pos)
register XDR *xdrs;
- unsigned int pos;
+ u_int pos;
{
register RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
- unsigned int currpos = xdrrec_getpos(xdrs);
+ u_int currpos = xdrrec_getpos(xdrs);
int delta = currpos - pos;
caddr_t newpos;
return (FALSE);
}
-static rpc_int32 *
+static rpc_inline_t *
xdrrec_inline(xdrs, len)
register XDR *xdrs;
int len;
{
register RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
- rpc_int32 * buf = NULL;
+ rpc_inline_t * buf = NULL;
switch (xdrs->x_op) {
case XDR_ENCODE:
if ((rstrm->out_finger + len) <= rstrm->out_boundry) {
- buf = (rpc_int32 *)(void *) rstrm->out_finger;
+ buf = (rpc_inline_t *)(void *) rstrm->out_finger;
rstrm->out_finger += len;
}
break;
case XDR_DECODE:
if ((len <= rstrm->fbtbc) &&
((rstrm->in_finger + len) <= rstrm->in_boundry)) {
- buf = (rpc_int32 *)(void *) rstrm->in_finger;
+ buf = (rpc_inline_t *)(void *) rstrm->in_finger;
rstrm->fbtbc -= len;
rstrm->in_finger += len;
}
bool_t sendnow;
{
register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
- register rpc_u_int32 len; /* fragment length */
+ register uint32_t len; /* fragment length */
if (sendnow || rstrm->frag_sent ||
- ((long)rstrm->out_finger + sizeof(unsigned int) >=
+ ((long)rstrm->out_finger + BYTES_PER_XDR_UNIT >=
(long)rstrm->out_boundry)) {
rstrm->frag_sent = FALSE;
return (flush_out(rstrm, TRUE));
}
len = (long)(rstrm->out_finger) - (long)(rstrm->frag_header) -
- sizeof(unsigned int);
- *(rstrm->frag_header) = htonl((unsigned int)len | LAST_FRAG);
- rstrm->frag_header = (rpc_u_int32 *)(void *)rstrm->out_finger;
- rstrm->out_finger += sizeof(unsigned int);
+ BYTES_PER_XDR_UNIT;
+ *(rstrm->frag_header) = htonl((uint32_t)len | LAST_FRAG);
+ rstrm->frag_header = (uint32_t *)(void *)rstrm->out_finger;
+ rstrm->out_finger += BYTES_PER_XDR_UNIT;
return (TRUE);
}
register RECSTREAM *rstrm;
bool_t eor;
{
- register rpc_u_int32 eormask = (eor == TRUE) ? LAST_FRAG : 0;
- register rpc_u_int32 len = (unsigned long)(rstrm->out_finger) -
- (unsigned long)(rstrm->frag_header) - sizeof(rpc_u_int32);
+ register uint32_t eormask = (eor == TRUE) ? LAST_FRAG : 0;
+ register uint32_t len = (u_long)(rstrm->out_finger) -
+ (u_long)(rstrm->frag_header) - BYTES_PER_XDR_UNIT;
*(rstrm->frag_header) = htonl(len | eormask);
- len = (unsigned long)(rstrm->out_finger) - (unsigned long)(rstrm->out_base);
+ len = (u_long)(rstrm->out_finger) - (u_long)(rstrm->out_base);
if ((*(rstrm->writeit))(rstrm->tcp_handle, rstrm->out_base, (int)len)
!= (int)len)
return (FALSE);
- rstrm->frag_header = (rpc_u_int32 *)(void *)rstrm->out_base;
- rstrm->out_finger = (caddr_t)rstrm->out_base + sizeof(rpc_u_int32);
+ rstrm->frag_header = (uint32_t *)(void *)rstrm->out_base;
+ rstrm->out_finger = (caddr_t)rstrm->out_base + BYTES_PER_XDR_UNIT;
return (TRUE);
}
register RECSTREAM *rstrm;
{
register caddr_t where;
- unsigned int i;
+ u_int i;
register int len;
where = rstrm->in_base;
- i = (unsigned int)((unsigned long)rstrm->in_boundry % BYTES_PER_XDR_UNIT);
+ i = (u_int)((u_long)rstrm->in_boundry % BYTES_PER_XDR_UNIT);
where += i;
len = rstrm->in_size - i;
if ((len = (*(rstrm->readit))(rstrm->tcp_handle, where, len)) == -1)
return (TRUE);
}
-static bool_t /* next two bytes of the input stream are treated as a header */
+static bool_t /* next four bytes of input stream are treated as a header */
set_input_fragment(rstrm)
register RECSTREAM *rstrm;
{
- rpc_u_int32 header;
+ uint32_t header;
if (! get_input_bytes(rstrm, (caddr_t)&header, sizeof(header)))
return (FALSE);
static bool_t /* consumes input bytes; knows nothing about records! */
skip_input_bytes(rstrm, cnt)
register RECSTREAM *rstrm;
- rpc_int32 cnt;
+ int32_t cnt;
{
register int current;
return (TRUE);
}
-static unsigned int
+static u_int
fix_buf_size(s)
- register unsigned int s;
+ register u_int s;
{
if (s < 100)
#include <gssrpc/types.h>
#include <gssrpc/xdr.h>
-#define LASTUNSIGNED ((unsigned int)0-1)
+#define LASTUNSIGNED ((u_int)0-1)
/*
* XDR an indirect pointer
xdr_reference(xdrs, pp, size, proc)
register XDR *xdrs;
caddr_t *pp; /* the pointer to work on */
- unsigned int size; /* size of the object pointed to */
+ u_int size; /* size of the object pointed to */
xdrproc_t proc; /* xdr routine to handle the object */
{
register caddr_t loc = *pp;
xdr_pointer(xdrs,objpp,obj_size,xdr_obj)
register XDR *xdrs;
char **objpp;
- unsigned int obj_size;
+ u_int obj_size;
xdrproc_t xdr_obj;
{
static bool_t xdrstdio_getlong(XDR *, long *);
static bool_t xdrstdio_putlong(XDR *, long *);
-static bool_t xdrstdio_getbytes(XDR *, caddr_t, unsigned int);
-static bool_t xdrstdio_putbytes(XDR *, caddr_t, unsigned int);
-static unsigned int xdrstdio_getpos(XDR *);
-static bool_t xdrstdio_setpos(XDR *, unsigned int);
-static rpc_int32 * xdrstdio_inline(XDR *, int);
+static bool_t xdrstdio_getbytes(XDR *, caddr_t, u_int);
+static bool_t xdrstdio_putbytes(XDR *, caddr_t, u_int);
+static u_int xdrstdio_getpos(XDR *);
+static bool_t xdrstdio_setpos(XDR *, u_int);
+static rpc_inline_t * xdrstdio_inline(XDR *, int);
static void xdrstdio_destroy(XDR *);
/*
XDR *xdrs;
register long *lp;
{
- rpc_int32 tmp;
+ uint32_t tmp;
if (fread((caddr_t)&tmp,
- sizeof(rpc_int32), 1, (FILE *)xdrs->x_private) != 1)
+ sizeof(uint32_t), 1, (FILE *)xdrs->x_private) != 1)
return (FALSE);
- *lp = ntohl(tmp);
+ *lp = (long)ntohl(tmp);
return (TRUE);
}
XDR *xdrs;
long *lp;
{
- rpc_int32 mycopy = htonl((rpc_int32)*lp);
+ uint32_t mycopy = htonl((uint32_t)*lp);
- if (fwrite((caddr_t)&mycopy, sizeof(rpc_int32), 1, (FILE *)xdrs->x_private) != 1)
+ if (fwrite((caddr_t)&mycopy, sizeof(uint32_t), 1, (FILE *)xdrs->x_private) != 1)
return (FALSE);
return (TRUE);
}
xdrstdio_getbytes(xdrs, addr, len)
XDR *xdrs;
caddr_t addr;
- unsigned int len;
+ u_int len;
{
if ((len != 0) && (fread(addr, (size_t)len, 1,
xdrstdio_putbytes(xdrs, addr, len)
XDR *xdrs;
caddr_t addr;
- unsigned int len;
+ u_int len;
{
if ((len != 0) && (fwrite(addr, (size_t)len, 1,
return (TRUE);
}
-static unsigned int
+static u_int
xdrstdio_getpos(xdrs)
XDR *xdrs;
{
- return ((unsigned int) ftell((FILE *)xdrs->x_private));
+ return ((u_int) ftell((FILE *)xdrs->x_private));
}
static bool_t
xdrstdio_setpos(xdrs, pos)
XDR *xdrs;
- unsigned int pos;
+ u_int pos;
{
return ((fseek((FILE *)xdrs->x_private, (long)pos, 0) < 0) ?
FALSE : TRUE);
}
-static rpc_int32 *
+static rpc_inline_t *
xdrstdio_inline(xdrs, len)
XDR *xdrs;
int len;