From: Tom Yu Date: Wed, 16 Jun 2004 03:11:54 +0000 (+0000) Subject: This commit merges the RPCSEC_GSS integration branch onto the trunk. X-Git-Tag: krb5-1.4-beta1~319 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=02c51b4f59b6c86c2112cd10a209322ad1cbb0c6;p=krb5.git This commit merges the RPCSEC_GSS integration branch onto the trunk. Remaining work includes: * Default to using kadmin/fqdn for SEAM compatibility * Namespace cleanups and other API tweaks -- this API is not stable yet * Fix lib/rpc/unit-test testsuite to test RPCSEC_GSS in addition to AUTH_GSSAPI Additional work will be tracked in separate tickets. This merge is bracketed between the tags "tlyu-umich-rpc-merge-pre" and "tlyu-umich-rpc-merge-post". ticket: 2578 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16467 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog index 8de05c350..4bfa42652 100644 --- a/src/kadmin/cli/ChangeLog +++ b/src/kadmin/cli/ChangeLog @@ -1,3 +1,8 @@ +2004-06-15 Tom Yu + + * kadmin.c (kadmin_startup): Add option to force old AUTH_GSSAPI + flavor. + 2004-05-31 Ezra Peisach * kadmin.h, keytab.c: Remove inclusion of k5-int.h. diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 7ca0898d8..3eef8529b 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -192,7 +192,7 @@ char *kadmin_startup(argc, argv) exit(1); } - while ((optchar = getopt(argc, argv, "r:p:kq:w:d:s:mc:t:e:")) != EOF) { + while ((optchar = getopt(argc, argv, "r:p:kq:w:d:s:mc:t:e:O")) != EOF) { switch (optchar) { case 'r': def_realm = optarg; @@ -240,6 +240,9 @@ char *kadmin_startup(argc, argv) } params.mask |= KADM5_CONFIG_ENCTYPES; break; + case 'O': + params.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI; + break; default: usage(); } diff --git a/src/kadmin/dbutil/ChangeLog b/src/kadmin/dbutil/ChangeLog index 711302500..6dee87865 100644 --- a/src/kadmin/dbutil/ChangeLog +++ b/src/kadmin/dbutil/ChangeLog @@ -1,3 +1,8 @@ +2004-06-15 Tom Yu + + * kadm5_create.c (add_admin_princs): Create kadmin/fqdn + principal. + 2003-04-23 Ken Raeburn * kdb5_destroy.c, kdb5_stash.c: Don't declare errno. diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c index d9aa60d68..9ed6459e0 100644 --- a/src/kadmin/dbutil/kadm5_create.c +++ b/src/kadmin/dbutil/kadm5_create.c @@ -173,7 +173,29 @@ static char *build_name_with_realm(char *name, char *realm) static int add_admin_princs(void *handle, krb5_context context, char *realm) { krb5_error_code ret = 0; - + char service_name[MAXHOSTNAMELEN + 8]; + char localname[MAXHOSTNAMELEN]; + struct hostent *hp; + + if (gethostname(localname, MAXHOSTNAMELEN)) { + ret = errno; + perror("gethostname"); + goto clean_and_exit; + } + hp = gethostbyname(localname); + if (hp == NULL) { + ret = errno; + perror("gethostbyname"); + goto clean_and_exit; + } + sprintf(service_name, "kadmin/%s", hp->h_name); + + if ((ret = add_admin_princ(handle, context, + service_name, realm, + KRB5_KDB_DISALLOW_TGT_BASED, + ADMIN_LIFETIME))) + goto clean_and_exit; + if ((ret = add_admin_princ(handle, context, KADM5_ADMIN_SERVICE, realm, KRB5_KDB_DISALLOW_TGT_BASED, diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 223548ad2..9b70eecf9 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,28 @@ +2004-06-15 Tom Yu + + * kadm_rpc_svc.c (check_rpcsec_auth, gss_to_krb5_name): New + functions to check service name for RPCSEC_GSS. + (kadm_1): Add service name check for RPCSEC_GSS. + + * ovsec_kadmd.c (main): Setup logging calllbacks for RPCSEC_GSS. + Use GSS_C_N_NAME for acceptor name for RPCSEC_GSS. + (log_badverf): Handle null client and server names. + + * server_stubs.c (rqst2name): New function to return appropriate + gss_name_t for a given auth flavor (RPCSEC_GSS and AUTH_GSSAPI use + different field names). + +2004-05-27 Tom Yu + + * kadm_rpc_svc.c (kadm_1): Allow RPCSEC_GSS; remove + AUTH_GSSAPI_COMPAT. + + * misc.h (kadm_1): Conditionalize prototype on SVC_GETARGS rather + than on an inclusion-protection macro. + + * ovsec_kadmd.c (main): Add preliminary support for RPCSEC_GSS. + (do_schpw, kadm_svc_run): Update some names. + 2004-03-20 Ken Raeburn * ovsec_kadmd.c (main): Use any handy krb5 context to register diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c index 54048df81..d2139a69c 100644 --- a/src/kadmin/server/kadm_rpc_svc.c +++ b/src/kadmin/server/kadm_rpc_svc.c @@ -5,6 +5,7 @@ #include #include +#include /* for gss_nt_krb5_name */ #include #ifdef HAVE_MEMORY_H #include @@ -17,7 +18,15 @@ #include #endif #include "misc.h" +#include "kadm5/server_internal.h" +extern void *global_server_handle; + +static int check_rpcsec_auth(struct svc_req *); +static int gss_to_krb5_name(struct svc_req *, krb5_context, gss_name_t, krb5_principal *, gss_buffer_t); + +void log_badauth(OM_uint32 major, OM_uint32 minor, + struct sockaddr_in *addr, char *data); /* * Function: kadm_1 * @@ -63,8 +72,8 @@ void kadm_1(rqstp, transp) char *(*local)(); if (rqstp->rq_cred.oa_flavor != AUTH_GSSAPI && - rqstp->rq_cred.oa_flavor != AUTH_GSSAPI_COMPAT) { - krb5_klog_syslog(LOG_ERR, "Authentication attempt failed: %s, invalid " + !check_rpcsec_auth(rqstp)) { + krb5_klog_syslog(LOG_ERR, "Authentication attempt failed: %s, " "RPC authentication flavor %d", inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), rqstp->rq_cred.oa_flavor); @@ -227,3 +236,100 @@ void kadm_1(rqstp, transp) } return; } + +static int +check_rpcsec_auth(struct svc_req *rqstp) +{ + gss_ctx_id_t ctx; + krb5_context kctx; + OM_uint32 maj_stat, min_stat; + gss_name_t name; + krb5_principal princ; + int ret, success; + krb5_data *c1, *c2, *realm; + gss_buffer_desc gss_str; + kadm5_server_handle_t handle; + + success = 0; + handle = (kadm5_server_handle_t)global_server_handle; + + if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS) + return 0; + + ctx = rqstp->rq_svccred; + + maj_stat = gss_inquire_context(&min_stat, ctx, NULL, &name, + NULL, NULL, NULL, NULL, NULL); + if (maj_stat != GSS_S_COMPLETE) { + krb5_klog_syslog(LOG_ERR, "check_rpcsec_auth: " + "failed inquire_context, stat=%u", maj_stat); + log_badauth(maj_stat, min_stat, + &rqstp->rq_xprt->xp_raddr, NULL); + goto fail_name; + } + + kctx = handle->context; + ret = gss_to_krb5_name(rqstp, kctx, name, &princ, &gss_str); + if (ret == 0) + goto fail_name; + + /* + * Since we accept with GSS_C_NO_NAME, the client can authenticate + * against the entire kdb. Therefore, ensure that the service + * name is something reasonable. + */ + if (krb5_princ_size(kctx, princ) != 2) + goto fail_princ; + + c1 = krb5_princ_component(kctx, princ, 0); + c2 = krb5_princ_component(kctx, princ, 1); + realm = krb5_princ_realm(kctx, princ); + if (strncmp(handle->params.realm, realm->data, realm->length) == 0 + && strncmp("kadmin", c1->data, c1->length) == 0) { + + if (strncmp("history", c2->data, c2->length) == 0) + goto fail_princ; + else + success = 1; + } + +fail_princ: + if (!success) { + krb5_klog_syslog(LOG_ERR, "bad service principal %.*s", + gss_str.length, gss_str.value); + } + gss_release_buffer(&min_stat, &gss_str); + krb5_free_principal(kctx, princ); +fail_name: + gss_release_name(&min_stat, &name); + return success; +} + +static int +gss_to_krb5_name(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name, + krb5_principal *princ, gss_buffer_t gss_str) +{ + OM_uint32 status, minor_stat; + gss_OID gss_type; + char *str; + int success; + + status = gss_display_name(&minor_stat, gss_name, gss_str, &gss_type); + if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name)) { + krb5_klog_syslog(LOG_ERR, + "gss_to_krb5_name: " + "failed display_name status %d", status); + log_badauth(status, minor_stat, + &rqstp->rq_xprt->xp_raddr, NULL); + return 0; + } + str = malloc(gss_str->length +1); + if (str == NULL) + return 0; + *str = '\0'; + + strncat(str, gss_str->value, gss_str->length); + success = (krb5_parse_name(ctx, str, princ) == 0); + free(str); + return success; +} diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h index a57a7b1d9..e50725593 100644 --- a/src/kadmin/server/misc.h +++ b/src/kadmin/server/misc.h @@ -34,6 +34,6 @@ krb5_error_code process_chpw_request(krb5_context context, struct sockaddr_in *sockin, krb5_data *req, krb5_data *rep); -#ifdef __SVC_HEADER__ +#ifdef SVC_GETARGS void kadm_1(struct svc_req *, SVCXPRT *); #endif diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index b642c8927..e7e995d18 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -41,7 +41,6 @@ #include #include #include /* inet_ntoa */ -#include #include #include #include "gssapiP_krb5.h" /* for kg_get_context */ @@ -86,6 +85,7 @@ static struct sigaction s_action; #define TIMEOUT 15 gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL; +gss_name_t gss_kadmin_name = NULL; void *global_server_handle; /* @@ -210,7 +210,9 @@ int main(int argc, char *argv[]) gss_buffer_desc gssbuf; gss_OID nt_krb5_name_oid; kadm5_config_params params; - + + setvbuf(stderr, NULL, _IONBF, 0); + /* This is OID value the Krb5_Name NameType */ gssbuf.value = "{1 2 840 113554 1 2 2 1}"; gssbuf.length = strlen(gssbuf.value); @@ -538,15 +540,15 @@ kterr: * Try to acquire creds for the old OV services as well as the * new names, but if that fails just fall back on the new names. */ - if (_svcauth_gssapi_set_names(names, 4) == TRUE) + if (svcauth_gssapi_set_names(names, 4) == TRUE) oldnames++; - if (!oldnames && _svcauth_gssapi_set_names(names, 2) == FALSE) { + if (!oldnames && svcauth_gssapi_set_names(names, 2) == FALSE) { krb5_klog_syslog(LOG_ERR, "Cannot set GSS-API authentication names (keytab not present?), " "failing."); fprintf(stderr, "%s: Cannot set GSS-API authentication names.\n", whoami); - _svcauth_gssapi_unset_names(); + svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); @@ -564,16 +566,26 @@ kterr: &gss_oldchangepw_name); } - _svcauth_gssapi_set_log_badauth_func(log_badauth, NULL); - _svcauth_gssapi_set_log_badverf_func(log_badverf, NULL); - _svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL); + svcauth_gssapi_set_log_badauth_func(log_badauth, NULL); + svcauth_gssapi_set_log_badverf_func(log_badverf, NULL); + svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL); + + svcauth_gss_set_log_badauth_func(log_badauth, NULL); + svcauth_gss_set_log_badverf_func(log_badverf, NULL); + svcauth_gss_set_log_miscerr_func(log_miscerr, NULL); + if (svcauth_gss_set_svc_name(GSS_C_NO_NAME) != TRUE) { + fprintf(stderr, "%s: Cannot initialize RPCSEC_GSS service name.\n", + whoami); + exit(1); + } + if ((ret = acl_init(context, 0, params.acl_file))) { krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s", error_message(ret)); fprintf(stderr, "%s: Cannot initialize acl file: %s\n", whoami, error_message(ret)); - _svcauth_gssapi_unset_names(); + svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); @@ -584,7 +596,7 @@ kterr: krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", error_message(ret)); fprintf(stderr, "%s: Cannot detach from tty: %s\n", whoami, error_message(ret)); - _svcauth_gssapi_unset_names(); + svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); @@ -596,7 +608,7 @@ kterr: krb5_klog_syslog(LOG_INFO, "finished, exiting"); /* Clean up memory, etc */ - _svcauth_gssapi_unset_names(); + svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); close(s); acl_finish(context, 0); @@ -670,7 +682,7 @@ void kadm_svc_run(params) kadm5_config_params *params; { fd_set rfd; - int sz = _gssrpc_rpc_dtablesize(); + int sz = gssrpc__rpc_dtablesize(); struct timeval timeout; while(signal_request_exit == 0) { @@ -942,6 +954,10 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name, (void) gss_display_name(&minor, client_name, &client, &gss_type); (void) gss_display_name(&minor, server_name, &server, &gss_type); + if (client.value == NULL) + client.value = "(null)"; + if (server.value == NULL) + server.value = "(null)"; a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); proc = msg->rm_call.cb_proc; @@ -1114,7 +1130,7 @@ void do_schpw(int s1, kadm5_config_params *params) error_message(errno)); fprintf(stderr, "Cannot create connecting socket: %s", error_message(errno)); - _svcauth_gssapi_unset_names(); + svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index d087e0d3d..62e5daac7 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -15,8 +15,6 @@ #include /* krb5_klog_syslog */ #include "misc.h" -#define xdr_free gssrpc_xdr_free /* XXX kludge */ - #define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s" #define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" @@ -38,6 +36,8 @@ static int gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str); static gss_name_t acceptor_name(gss_ctx_id_t context); +static gss_name_t rqst2name(struct svc_req *rqstp); + static int cmp_gss_names(gss_name_t n1, gss_name_t n2) { OM_uint32 emaj, emin; @@ -115,8 +115,8 @@ static kadm5_ret_t new_server_handle(krb5_ui_4 api_version, *handle = *(kadm5_server_handle_t)global_server_handle; handle->api_version = api_version; - - if (! gss_to_krb5_name(handle, rqstp->rq_clntcred, + + if (! gss_to_krb5_name(handle, rqst2name(rqstp), &handle->current_caller)) { free(handle); return KADM5_FAILURE; @@ -165,7 +165,7 @@ int setup_gss_names(struct svc_req *rqstp, OM_uint32 maj_stat, min_stat; gss_name_t server_gss_name; - if (gss_name_to_string(rqstp->rq_clntcred, client_name) != 0) + if (gss_name_to_string(rqst2name(rqstp), client_name) != 0) return -1; maj_stat = gss_inquire_context(&min_stat, rqstp->rq_svccred, NULL, &server_gss_name, NULL, NULL, NULL, @@ -269,7 +269,7 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp) } if (CHANGEPW_SERVICE(rqstp) - || !acl_check(handle->context, rqstp->rq_clntcred, ACL_ADD, + || !acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->rec.principal, &rp) || acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { @@ -326,7 +326,7 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp) } if (CHANGEPW_SERVICE(rqstp) - || !acl_check(handle->context, rqstp->rq_clntcred, ACL_ADD, + || !acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->rec.principal, &rp) || acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { @@ -385,7 +385,7 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp) } if (CHANGEPW_SERVICE(rqstp) - || !acl_check(handle->context, rqstp->rq_clntcred, ACL_DELETE, + || !acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->princ, NULL)) { ret.code = KADM5_AUTH_DELETE; krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal", @@ -436,7 +436,7 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp) } if (CHANGEPW_SERVICE(rqstp) - || !acl_check(handle->context, rqstp->rq_clntcred, ACL_MODIFY, + || !acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, arg->rec.principal, &rp) || acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { @@ -496,11 +496,11 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp) ret.code = KADM5_OK; if (! CHANGEPW_SERVICE(rqstp)) { - if (!acl_check(handle->context, rqstp->rq_clntcred, + if (!acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->src, NULL)) ret.code = KADM5_AUTH_DELETE; /* any restrictions at all on the ADD kills the RENAME */ - if (!acl_check(handle->context, rqstp->rq_clntcred, + if (!acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->dest, &rp) || rp) { if (ret.code == KADM5_AUTH_DELETE) ret.code = KADM5_AUTH_INSUFFICIENT; @@ -565,9 +565,9 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp) return &ret; } - if (! cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ) && + if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, - rqstp->rq_clntcred, + rqst2name(rqstp), ACL_INQUIRE, arg->princ, NULL))) { @@ -633,7 +633,7 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp) prime_arg = "*"; if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, - rqstp->rq_clntcred, + rqst2name(rqstp), ACL_LIST, NULL, NULL)) { @@ -688,11 +688,11 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp) return &ret; } - if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) { + if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, FALSE, 0, NULL, arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqstp->rq_clntcred, + acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { ret.code = kadm5_chpass_principal((void *)handle, arg->princ, arg->pass); @@ -749,14 +749,14 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp) return &ret; } - if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) { + if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, arg->keepold, arg->n_ks_tuple, arg->ks_tuple, arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqstp->rq_clntcred, + acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ, arg->keepold, @@ -817,7 +817,7 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp) } if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqstp->rq_clntcred, + acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, arg->keyblock); @@ -875,7 +875,7 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp) } if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqstp->rq_clntcred, + acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { ret.code = kadm5_setkey_principal((void *)handle, arg->princ, arg->keyblocks, arg->n_keys); @@ -933,7 +933,7 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp) } if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqstp->rq_clntcred, + acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ, arg->keepold, @@ -999,11 +999,11 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp) return &ret; } - if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) { + if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, FALSE, 0, NULL, &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqstp->rq_clntcred, + acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { ret.code = kadm5_randkey_principal((void *)handle, arg->princ, &k, &nkeys); @@ -1075,14 +1075,14 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp) return &ret; } - if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) { + if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, arg->keepold, arg->n_ks_tuple, arg->ks_tuple, &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqstp->rq_clntcred, + acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ, arg->keepold, @@ -1149,7 +1149,7 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp) prime_arg = arg->rec.policy; if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, - rqstp->rq_clntcred, + rqst2name(rqstp), ACL_ADD, NULL, NULL)) { ret.code = KADM5_AUTH_ADD; krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy", @@ -1200,7 +1200,7 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp) prime_arg = arg->name; if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, - rqstp->rq_clntcred, + rqst2name(rqstp), ACL_DELETE, NULL, NULL)) { krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy", prime_arg, client_name.value, service_name.value, @@ -1249,7 +1249,7 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp) prime_arg = arg->rec.policy; if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, - rqstp->rq_clntcred, + rqst2name(rqstp), ACL_MODIFY, NULL, NULL)) { krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy", prime_arg, client_name.value, service_name.value, @@ -1306,7 +1306,7 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) ret.code = KADM5_AUTH_GET; if (!CHANGEPW_SERVICE(rqstp) && acl_check(handle->context, - rqstp->rq_clntcred, + rqst2name(rqstp), ACL_INQUIRE, NULL, NULL)) ret.code = KADM5_OK; else { @@ -1385,7 +1385,7 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp) prime_arg = "*"; if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, - rqstp->rq_clntcred, + rqst2name(rqstp), ACL_LIST, NULL, NULL)) { ret.code = KADM5_AUTH_LIST; krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies", @@ -1466,15 +1466,26 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp) return &ret; } - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, + krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", (ret.api_version == KADM5_API_VERSION_1 ? "kadm5_init (V1)" : "kadm5_init"), client_name.value, (ret.code == 0) ? "success" : error_message(ret.code), client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), + rqstp->rq_cred.oa_flavor); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); return(&ret); } + +static gss_name_t +rqst2name(struct svc_req *rqstp) +{ + + if (rqstp->rq_cred.oa_flavor == RPCSEC_GSS) + return rqstp->rq_clntname; + else + return rqstp->rq_clntcred; +} diff --git a/src/lib/kadm5/ChangeLog b/src/lib/kadm5/ChangeLog index 0eb995f0c..24bc4077f 100644 --- a/src/lib/kadm5/ChangeLog +++ b/src/lib/kadm5/ChangeLog @@ -1,3 +1,11 @@ +2004-06-15 Tom Yu + + * admin.h (kadm5_get_admin_service_name): Prototype for new function. + (KADM5_CONFIG_OLD_AUTH_GSSAPI): New flag to force old AUTH_GSSAPI + flavor. + + * alt_prof.c (kadm5_get_admin_service_name): New function. + 2004-02-12 Tom Yu * configure.in: Invoke PRIOCNTL_HACK. diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index c2236ae51..b64b80756 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -121,7 +121,8 @@ typedef long kadm5_ret_t; #define KADM5_CONFIG_DICT_FILE 0x020000 #define KADM5_CONFIG_MKEY_FROM_KBD 0x040000 #define KADM5_CONFIG_KPASSWD_PORT 0x080000 - +#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000 + /* * permission bits */ @@ -287,6 +288,9 @@ krb5_error_code kadm5_free_config_params(krb5_context context, krb5_error_code kadm5_free_realm_params(krb5_context kcontext, kadm5_config_params *params); + +krb5_error_code kadm5_get_admin_service_name(krb5_context, char *, + char *, size_t); #endif kadm5_ret_t kadm5_init(char *client_name, char *pass, diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index 659068bad..23258c9a9 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -768,6 +768,40 @@ kadm5_free_config_params(context, params) return(0); } +krb5_error_code +kadm5_get_admin_service_name(krb5_context ctx, + char *realm_in, + char *admin_name, + size_t maxlen) +{ + krb5_error_code ret; + kadm5_config_params params_in, params_out; + struct hostent *hp; + + memset(¶ms_in, 0, sizeof(params_in)); + memset(¶ms_out, 0, sizeof(params_out)); + + params_in.mask |= KADM5_CONFIG_ADMIN_SERVER; + ret = kadm5_get_config_params(ctx, NULL, NULL, ¶ms_in, ¶ms_out); + if (ret) + return ret; + + hp = gethostbyname(params_out.admin_server); + if (hp == NULL) { + ret = errno; + goto err_params; + } + if (strlen(hp->h_name) + sizeof("kadmin/") > maxlen) { + ret = ENOMEM; + goto err_params; + } + sprintf(admin_name, "kadmin/%s", hp->h_name); + +err_params: + free(params_out.admin_server); + return ret; +} + /*********************************************************************** * This is the old krb5_realm_read_params, which I mutated into * kadm5_get_config_params but which old code (kdb5_* and krb5kdc) diff --git a/src/lib/kadm5/clnt/ChangeLog b/src/lib/kadm5/clnt/ChangeLog index eb947834f..ef1846c0f 100644 --- a/src/lib/kadm5/clnt/ChangeLog +++ b/src/lib/kadm5/clnt/ChangeLog @@ -1,3 +1,11 @@ +2004-06-15 Tom Yu + + * client_principal.c (eret): Add some debugging messages for some + RPC errors. + + * client_init.c (_kadm5_init_any): Add support for RPCSEC_GSS. + Default to using AUTH_GSSAPI for ovsec. + 2004-06-04 Ken Raeburn * Makefile.in (LIBBASE): Renamed from LIB. diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index cfe1381d9..93768eafc 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -55,6 +55,7 @@ #define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX" +static int old_auth_gssapi = 0; enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS }; @@ -221,6 +222,9 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, realm = params_local.realm = (char *) params_in; if (params_in) params_local.mask = KADM5_CONFIG_REALM; + + /* Use old AUTH_GSSAPI for version 1 protocol. */ + params_local.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI; params_in = ¶ms_local; } else { if (params_in && (params_in->mask & KADM5_CONFIG_REALM)) @@ -485,19 +489,29 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, } #ifndef INIT_TEST - handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, - &gssstat, - &minor_stat, - gss_client_creds, - gss_target, - (gss_OID) gss_mech_krb5, - GSS_C_MUTUAL_FLAG - | GSS_C_REPLAY_FLAG, - 0, - NULL, - NULL, - NULL); + if (params_in != NULL && + (params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) { + handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, + &gssstat, + &minor_stat, + gss_client_creds, + gss_target, + (gss_OID) gss_mech_krb5, + GSS_C_MUTUAL_FLAG + | GSS_C_REPLAY_FLAG, + 0, + NULL, + NULL, + NULL); + } else { + struct rpc_gss_sec sec; + sec.mech = gss_mech_krb5; + sec.qop = GSS_C_QOP_DEFAULT; + sec.svc = RPCSEC_GSS_SVC_PRIVACY; + handle->clnt->cl_auth = authgss_create(handle->clnt, + gss_target, &sec); + } (void) gss_release_name(&minor_stat, &gss_target); #endif /* ! INIT_TEST */ @@ -524,6 +538,9 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, r = init_1(&handle->api_version, handle->clnt); if (r == NULL) { code = KADM5_RPC_ERROR; +#ifdef DEBUG + clnt_perror(handle->clnt, "init_1 null resp"); +#endif goto error; } if (r->code) { diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c index e364d2df4..972a7b321 100644 --- a/src/lib/kadm5/clnt/client_principal.c +++ b/src/lib/kadm5/clnt/client_principal.c @@ -16,6 +16,12 @@ static char *rcsid = "$Header$"; #endif #include "client_internal.h" +#ifdef DEBUG +#define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0) +#else +#define eret() do { return KADM5_RPC_ERROR; } while (0) +#endif + kadm5_ret_t kadm5_create_principal(void *server_handle, kadm5_principal_ent_t princ, long mask, @@ -69,7 +75,7 @@ kadm5_create_principal(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -130,7 +136,7 @@ kadm5_create_principal_3(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -149,7 +155,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) arg.api_version = handle->api_version; r = delete_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -202,7 +208,7 @@ kadm5_modify_principal(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -227,7 +233,7 @@ kadm5_get_principal(void *server_handle, arg.api_version = handle->api_version; r = get_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { kadm5_principal_ent_t_v1 *entp; @@ -267,7 +273,7 @@ kadm5_get_principals(void *server_handle, arg.api_version = handle->api_version; r = get_princs_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if(r->code == 0) { *count = r->count; *princs = r->princs; @@ -296,7 +302,7 @@ kadm5_rename_principal(void *server_handle, return EINVAL; r = rename_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -318,7 +324,7 @@ kadm5_chpass_principal(void *server_handle, return EINVAL; r = chpass_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -345,7 +351,7 @@ kadm5_chpass_principal_3(void *server_handle, return EINVAL; r = chpass_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -368,7 +374,7 @@ kadm5_setv4key_principal(void *server_handle, return EINVAL; r = setv4key_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -393,7 +399,7 @@ kadm5_setkey_principal(void *server_handle, return EINVAL; r = setkey_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -423,7 +429,7 @@ kadm5_setkey_principal_3(void *server_handle, return EINVAL; r = setkey_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -451,7 +457,7 @@ kadm5_randkey_principal_3(void *server_handle, return EINVAL; r = chrand_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { if (key) krb5_copy_keyblock(handle->context, &r->key, key); @@ -499,7 +505,7 @@ kadm5_randkey_principal(void *server_handle, return EINVAL; r = chrand_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { if (key) krb5_copy_keyblock(handle->context, &r->key, key); diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog index 655a83376..e7716a9bd 100644 --- a/src/lib/rpc/ChangeLog +++ b/src/lib/rpc/ChangeLog @@ -1,3 +1,56 @@ +2004-06-15 Tom Yu + + * auth_gss.c (print_rpc_gss_sec): Use gss_oid_to_str(). + (rpc_gss_data): Add field "established" to indicate whether + context establishment is in progress; this prevents recursive + failures when auth_refresh() calls clnt_call(). If clnt_call() + called from auth_refresh() gets an error condition, the + clnt_call() logic will attempt a refresh, which can cause the + cl_auth to get destroyed multiple times, corrupting memory. + (authgss_validate, authgss_refresh): Use gd->established. + (authgss_refresh): Release gd->gc_wire_verf. + (authgss_destroy_context): Log clnt_call() failures. + + * auth_gssapi.h: Add prototypes for svcauth_gss_set_log_*_func. + + * authgss_prot.c (log_status): Correctly reset msg_ctx between + different types of calls to gss_display_status(). + + * svc.c: Don't reset xp_auth prior to authenticating message. + + * svc.h (svc_req): Remove rq_svcname; application can get it from + rq_svccred anyway. + + * svc_auth_gss.c: Include auth_gssapi.h to get typedefs for + logging callback functions. Enable logging callbacks. Replace + SVCAUTH_PRIVATE_LVALUE() kludge. Fix up namespace somewhat to not + use reserved names. + (svcauth_gss_accept_sec_context): Free rpc_gss_init_args to avoid + leak. Release gr->gr_token on error conditions. + (svcauth_gss_nextverf, svcauth_gss_accept_sec_context): + (gssrpc__svcauth_gss): Use gd->checksum. + (gssrpc__svcauth_gss): Use macro ret_freegc() to ensure freeing of + gc. On destroy, set *no_dispatch=TRUE and explicitly send reply + to avoid application sending a NULLPROC reply with an invalid + verifier. + + * svc_auth_gssapi.c (gssrpc__svcauth_gssapi): Set xp_auth to NULL + upon destroy. + (svc_auth_gssapi_destroy): New function so SVCAUTH_DESTROY() will + work. + + * svc_tcp.c (svctcp_create, makefd_xprt): Initialize xp_auth to + NULL. + (svctcp_destroy): Call SVCAUTH_DESTROY() if appropriate. + + * svc_udp.c (svcudp_bufcreate, svcudp_destroy): Initialize xp_auth + to NULL. + (svcudp_destroy): Only close xp_sock if it's not -1. Call + SVCAUTH_DESTROY() if appropriate. + + * xdr_rec.c (xdrrec_getpos): Add CITI's fix to return position for + non-flushed buffers. + 2004-06-04 Ken Raeburn * Makefile.in (LIBBASE): Renamed from LIB. @@ -6,6 +59,88 @@ * clnt_tcp.c: Include string.h. +2004-05-27 Tom Yu + + * auth_any.c, svc_auth_any.c: Removed. + + * auth_gss.h: New file, was CITI's auth_ssapi.h. + + * auth_gss.c, authgss_prot.c, svc_auth_gssapi.c, svc_auth_none.c: + New files. + + * rename.h: New file containing renaming macros for external + names. + + * Makefile.in (DEFINES): Add -DGSSRPC__IMPL for accessing + internals. + (LIBMAJOR): Bump due to ABI changes; this ABI is still subject to + change without future version bumps until released. + (SRCS, OBJS, STLIBOBJS, HDRS, SRC_HDRS): Adjust for new files + + * types.hin: Check for 8-bit bytes, two's-complement integers. + Use configure-determined inclusions of various headers instead of + depending on HAVE_*. Rearrange logic of sys/select.h, + netinet/in.h, etc. inclusions. Include rename.h. Add typedefs + for rpcprog_t, rpcvers_t, rpcprot_t, rpcproc_t, rpcport_t, + rpc_inline_t. + (GSSRPC__BEGIN_DECLS, GSSRPC__END_DECLS): New macros for C++ + compatibility. + [GSSRPC__FAKE_INT32]: Fake up a fixed-width 32-bit integer if the + system doesn't provide one in its headers. + [GSSRPC__BSD_TYPEALIASES]: Add typedefs for BSD-style type + aliases, e.g., u_char. Can be overridden at compile-time. + + * auth.h, auth_gssapi.h, auth_unix.h, clnt.h, pmax_clnt.h: + * pmap_prot.h, pmap_rmt.h, rpc.h, rpc_msg.h, svc.h, svc_auth.h: + * xdr.h: Fix inclusion protection. Use GSSRPC__{BEGIN,END}_DECLS + for declarations. "unsigned int" -> "u_int", etc. "rpc_int32" -> + "int32_t", etc. Move renaming to rename.h. Move some external + names out of implementation namespace. Make struct tags identical + to typedef names, mostly. Use rpcprog_t and friends as + appropriate. + + * auth.h: Add RPCSEC_GSS errors. Add RPCSEC_GSS flavor. Disable + AUTH_GSSAPI_COMPAT flavor. "AUTH_wrap" -> "auth_wrap", + "AUTH_unwrap" -> "auth_unwrap". + + * svc_auth.h: Hide individual flavors of authenticators under + GSSRPC__IMPL. Adjust for "svc_auth_any" -> "svc_auth_none". + (SVCAUTH_DESTROY): New macro. + + * rpc.h: Prototype gssrpc__rpc_dtablesize(). + + * svc.h (svc_req): Add rq_clntname, rq_svcname. + + * xdr.h (MAX_NETOBJ_SZ): Adjust to 2048. + + * auth_gssapi.c, auth_gssapi_misc.c, auth_none.c, auth_unix.c: + * bindresvport.c, clnt_generic.c, clnt_perror.c, clnt_raw.c: + * clnt_simple.c, clnt_tcp.c, clnt_udp.c, get_myaddress.c: + * getrpcent.c, getrpcport.c, pmax_clnt.c, pmap_getport.c: + * pmap_prot2.c, pmap_rmt.c, rpc_callmsg.c, rpc_commondata.c: + * rpc_dtablesize.c, rpc_port.c, svc.c, svc_auth.c: + * svc_auth_gssapi.c, svc_auth_unix.c, svc_run.c, svc_simple.c: + * svc_tcp.c, svc_udp.c, xdr.c, xdr_alloc.c, xdr_array.c: + * xdr_float.c, xdr_mem.c, xdr_rec.c, xdr_reference.c, xdr_stdio.c: + * xdr_stdio.c: Lots of type renaming, including BSD typealiases, + use of int32_t and uint32_t, rpc*_t for protocol constants. Fixed + namespace issues, moving renaming out of individual files. Moved + symbols out of implementation namespace. + + * xdr.c: Add checks on integer values, in order to return errors + when an attempt is made to encode an integer that won't fit in 4 + bytes, or to decode an integer that won't fit into its target + type. + + * auth_none.c: Use authnone_wrap instead of authany_wrap. + (authnone_wrap): New function. + + * auth_unix.c: Use authunix_wrap instead of authany_wrap. + (authunix_wrap): New function. + + * xdr_mem.c, xdr_rec.c: Fix some sizeof vs BYTES_PER_XDR_UNIT + issues. + 2004-04-22 Ken Raeburn * libgssrpc.exports: New file. diff --git a/src/lib/rpc/Makefile.in b/src/lib/rpc/Makefile.in index 9554b4602..45b46b707 100644 --- a/src/lib/rpc/Makefile.in +++ b/src/lib/rpc/Makefile.in @@ -2,13 +2,13 @@ thisconfigdir=. myfulldir=lib/rpc mydir=. BUILDTOP=$(REL)..$(S).. -DEFINES = -DGSSAPI_KRB5 -DDEBUG_GSSAPI=0 +DEFINES = -DGSSAPI_KRB5 -DDEBUG_GSSAPI=0 -DGSSRPC__IMPL ##DOSBUILDTOP = ..\.. ##DOSLIBNAME=libgssrpc.lib LIBBASE=gssrpc -LIBMAJOR=3 +LIBMAJOR=4 LIBMINOR=0 STOBJLISTS=OBJS.ST SHLIB_EXPDEPS= \ @@ -23,8 +23,9 @@ RELDIR=rpc SRCS = $(srcdir)/auth_none.c \ $(srcdir)/auth_unix.c \ - $(srcdir)/auth_any.c \ + $(srcdir)/authgss_prot.c \ $(srcdir)/authunix_prot.c \ + $(srcdir)/auth_gss.c \ $(srcdir)/auth_gssapi.c \ $(srcdir)/auth_gssapi_misc.c \ $(srcdir)/bindresvport.c \ @@ -49,8 +50,9 @@ SRCS = $(srcdir)/auth_none.c \ $(srcdir)/rpc_callmsg.c \ $(srcdir)/svc.c \ $(srcdir)/svc_auth.c \ + $(srcdir)/svc_auth_gss.c \ + $(srcdir)/svc_auth_none.c \ $(srcdir)/svc_auth_unix.c \ - $(srcdir)/svc_auth_any.c \ $(srcdir)/svc_auth_gssapi.c \ $(srcdir)/svc_raw.c \ $(srcdir)/svc_run.c \ @@ -68,8 +70,9 @@ SRCS = $(srcdir)/auth_none.c \ OBJS = auth_none.$(OBJEXT) \ auth_unix.$(OBJEXT) \ - auth_any.$(OBJEXT) \ authunix_prot.$(OBJEXT) \ + authgss_prot.$(OBJEXT) \ + auth_gss.$(OBJEXT) \ auth_gssapi.$(OBJEXT) \ auth_gssapi_misc.$(OBJEXT) \ bindresvport.$(OBJEXT) \ @@ -94,8 +97,9 @@ OBJS = auth_none.$(OBJEXT) \ rpc_callmsg.$(OBJEXT) \ svc.$(OBJEXT) \ svc_auth.$(OBJEXT) \ + svc_auth_gss.$(OBJEXT) \ + svc_auth_none.$(OBJEXT) \ svc_auth_unix.$(OBJEXT) \ - svc_auth_any.$(OBJEXT) \ svc_auth_gssapi.$(OBJEXT) \ svc_raw.$(OBJEXT) \ svc_run.$(OBJEXT) \ @@ -114,8 +118,9 @@ OBJS = auth_none.$(OBJEXT) \ STLIBOBJS = \ auth_none.o \ auth_unix.o \ - auth_any.o \ + authgss_prot.o \ authunix_prot.o \ + auth_gss.o \ auth_gssapi.o \ auth_gssapi_misc.o \ bindresvport.o \ @@ -140,9 +145,10 @@ STLIBOBJS = \ rpc_callmsg.o \ svc.o \ svc_auth.o \ - svc_auth_unix.o \ - svc_auth_any.o \ + svc_auth_gss.o \ svc_auth_gssapi.o \ + svc_auth_none.o \ + svc_auth_unix.o \ svc_raw.o \ svc_run.o \ svc_simple.o \ @@ -160,6 +166,7 @@ STLIBOBJS = \ HDRDIR=$(BUILDTOP)/include/gssrpc HDRS= $(HDRDIR)/auth.h \ + $(HDRDIR)/auth_gss.h \ $(HDRDIR)/auth_gssapi.h \ $(HDRDIR)/auth_unix.h \ $(HDRDIR)/clnt.h \ @@ -167,6 +174,7 @@ HDRS= $(HDRDIR)/auth.h \ $(HDRDIR)/pmap_clnt.h \ $(HDRDIR)/pmap_prot.h \ $(HDRDIR)/pmap_rmt.h \ + $(HDRDIR)/rename.h \ $(HDRDIR)/rpc.h \ $(HDRDIR)/rpc_msg.h \ $(HDRDIR)/svc.h \ @@ -182,9 +190,9 @@ all-windows:: $(OBJS) install-unix:: install-libs BUILD_HDRS = types.h -SRC_HDRS = auth.h auth_gssapi.h auth_unix.h clnt.h netdb.h pmap_clnt.h \ - pmap_prot.h pmap_rmt.h rpc.h rpc_msg.h svc.h svc_auth.h \ - xdr.h +SRC_HDRS = auth.h auth_gss.h auth_gssapi.h auth_unix.h clnt.h \ + netdb.h pmap_clnt.h pmap_prot.h pmap_rmt.h rename.h \ + rpc.h rpc_msg.h svc.h svc_auth.h xdr.h includes:: $(SRC_HDRS) $(BUILD_HDRS) if [ -d $(HDRDIR) ]; then :; else mkdir -p $(HDRDIR); fi diff --git a/src/lib/rpc/auth.h b/src/lib/rpc/auth.h index 4055e04fd..41cd95510 100644 --- a/src/lib/rpc/auth.h +++ b/src/lib/rpc/auth.h @@ -37,10 +37,13 @@ * is required to pass a AUTH * to routines that create rpc * "sessions". */ - +#ifndef GSSRPC_AUTH_H +#define GSSRPC_AUTH_H #include +GSSRPC__BEGIN_DECLS + #define MAX_AUTH_BYTES 400 #define MAXNETNAMELEN 255 /* maximum length of network user's name */ @@ -61,21 +64,25 @@ enum auth_stat { * failed locally */ AUTH_INVALIDRESP=6, /* bogus response verifier */ - AUTH_FAILED=7 /* some unknown reason */ + AUTH_FAILED=7, /* some unknown reason */ + /* + * RPCSEC_GSS errors + */ + RPCSEC_GSS_CREDPROBLEM = 13, + RPCSEC_GSS_CTXPROBLEM = 14 }; union des_block { #if 0 /* XXX nothing uses this, anyway */ struct { - rpc_u_int32 high; - rpc_u_int32 low; + uint32_t high; + uint32_t low; } key; #endif char c[8]; }; typedef union des_block des_block; -#define xdr_des_block gssrpc_xdr_des_block -extern bool_t xdr_des_block(XDR *, des_block *); +extern bool_t xdr_des_block(XDR *, des_block *); /* * Authentication info. Opaque to client. @@ -83,7 +90,7 @@ extern bool_t xdr_des_block(XDR *, des_block *); struct opaque_auth { enum_t oa_flavor; /* flavor of auth */ caddr_t oa_base; /* address of more auth stuff */ - unsigned int oa_length; /* not to exceed MAX_AUTH_BYTES */ + u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ }; @@ -92,26 +99,26 @@ struct opaque_auth { */ struct rpc_msg; -typedef struct __rpc_auth { +typedef struct AUTH { struct opaque_auth ah_cred; struct opaque_auth ah_verf; union des_block ah_key; struct auth_ops { - void (*ah_nextverf)(struct __rpc_auth *); + void (*ah_nextverf)(struct AUTH *); /* nextverf & serialize */ - int (*ah_marshal)(struct __rpc_auth *, XDR *); + int (*ah_marshal)(struct AUTH *, XDR *); /* validate varifier */ - int (*ah_validate)(struct __rpc_auth *, + int (*ah_validate)(struct AUTH *, struct opaque_auth *); /* refresh credentials */ - int (*ah_refresh)(struct __rpc_auth *, struct rpc_msg *); + int (*ah_refresh)(struct AUTH *, struct rpc_msg *); /* destroy this structure */ - void (*ah_destroy)(struct __rpc_auth *); + void (*ah_destroy)(struct AUTH *); /* encode data for wire */ - int (*ah_wrap)(struct __rpc_auth *, XDR *, + int (*ah_wrap)(struct AUTH *, XDR *, xdrproc_t, caddr_t); /* decode data from wire */ - int (*ah_unwrap)(struct __rpc_auth *, XDR *, + int (*ah_unwrap)(struct AUTH *, XDR *, xdrproc_t, caddr_t); } *ah_ops; void *ah_private; @@ -149,13 +156,13 @@ typedef struct __rpc_auth { #define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \ ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \ xfunc, xwhere)) -#define AUTH_wrap(auth, xdrs, xfunc, xwhere) \ +#define auth_wrap(auth, xdrs, xfunc, xwhere) \ ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \ xfunc, xwhere)) #define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \ ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \ xfunc, xwhere)) -#define AUTH_unwrap(auth, xdrs, xfunc, xwhere) \ +#define auth_unwrap(auth, xdrs, xfunc, xwhere) \ ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \ xfunc, xwhere)) @@ -165,24 +172,14 @@ typedef struct __rpc_auth { ((*((auth)->ah_ops->ah_destroy))(auth)) -#define _null_auth _gssrpc_null_auth -extern struct opaque_auth _null_auth; +/* RENAMED: should be _null_auth if we can use reserved namespace. */ +extern struct opaque_auth gssrpc__null_auth; /* * These are the various implementations of client side authenticators. */ -/* - * Any style authentication. These routines can be used by any - * authentication style that does not use the wrap/unwrap functions. - */ - -#define authany_wrap gssrpc_authany_wrap -#define authany_unwrap gssrpc_authany_unwrap - -int authany_wrap(AUTH *, XDR *, xdrproc_t, caddr_t), authany_unwrap(); - /* * Unix style authentication * AUTH *authunix_create(machname, uid, gid, len, aup_gids) @@ -192,21 +189,12 @@ int authany_wrap(AUTH *, XDR *, xdrproc_t, caddr_t), authany_unwrap(); * int len; * int *aup_gids; */ -#define authunix_create gssrpc_authunix_create -#define authunix_create_default gssrpc_authunix_create_default -#define authnone_create gssrpc_authnone_create -#define authdes_create gssrpc_authdes_create - extern AUTH *authunix_create(char *machname, int uid, int gid, int len, int *aup_gids); extern AUTH *authunix_create_default(void); /* takes no parameters */ extern AUTH *authnone_create(void); /* takes no parameters */ extern AUTH *authdes_create(); - -/* - * GSS-API style authentication: - * see - */ +extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *); #define AUTH_NONE 0 /* no authentication */ #define AUTH_NULL 0 /* backward compatibility */ @@ -214,16 +202,17 @@ extern AUTH *authdes_create(); #define AUTH_SHORT 2 /* short hand unix style */ #define AUTH_DES 3 /* des style (encrypted timestamps) */ #define AUTH_GSSAPI 300001 /* GSS-API style */ +#define RPCSEC_GSS 6 /* RPCSEC_GSS */ +#if 0 /* * BACKWARDS COMPATIBILIY! OpenV*Secure 1.0 had AUTH_GSSAPI == 4. We * need to accept this value until 1.0 is dead. */ +/* This conflicts with AUTH_KERB (Solaris). */ #define AUTH_GSSAPI_COMPAT 4 +#endif -/* - * XDR an opaque authentication struct. - */ -#define xdr_opaque_auth gssrpc_xdr_opaque_auth +GSSRPC__END_DECLS -extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *); +#endif /* !defined(GSSRPC_AUTH_H) */ diff --git a/src/lib/rpc/auth_any.c b/src/lib/rpc/auth_any.c deleted file mode 100644 index 37731e0fa..000000000 --- a/src/lib/rpc/auth_any.c +++ /dev/null @@ -1,19 +0,0 @@ -/* - * auth_any.c - * Provides default functions for authentication flavors that do not - * use all the fields in structauth_ops. - */ - -#include -#include -#include -#include - -int authany_wrap(auth, xdrs, xfunc, xwhere) - AUTH *auth; - XDR *xdrs; - xdrproc_t xfunc; - caddr_t xwhere; -{ - return (*xfunc)(xdrs, xwhere); -} diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c new file mode 100644 index 000000000..846cf36fc --- /dev/null +++ b/src/lib/rpc/auth_gss.c @@ -0,0 +1,625 @@ +/* + auth_gss.c + + RPCSEC_GSS client routines. + + Copyright (c) 2000 The Regents of the University of Michigan. + All rights reserved. + + Copyright (c) 2000 Dug Song . + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Id: auth_gss.c,v 1.35 2002/10/15 21:25:25 kwc Exp +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_HEIMDAL +#include +#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE +#else +#include +#include +#endif + +#ifdef DEBUG_GSSAPI +int auth_debug_gss = DEBUG_GSSAPI; +int misc_debug_gss = DEBUG_GSSAPI; +#endif + +static void authgss_nextverf(AUTH *); +static bool_t authgss_marshal(AUTH *, XDR *); +static bool_t authgss_refresh(AUTH *, struct rpc_msg *); +static bool_t authgss_validate(AUTH *, struct opaque_auth *); +static void authgss_destroy(AUTH *); +static void authgss_destroy_context(AUTH *); +static bool_t authgss_wrap(AUTH *, XDR *, xdrproc_t, caddr_t); +static bool_t authgss_unwrap(AUTH *, XDR *, xdrproc_t, caddr_t); + + +/* + * from mit-krb5-1.2.1 mechglue/mglueP.h: + * Array of context IDs typed by mechanism OID + */ +typedef struct gss_union_ctx_id_t { + gss_OID mech_type; + gss_ctx_id_t internal_ctx_id; +} gss_union_ctx_id_desc, *gss_union_ctx_id_t; + +static struct auth_ops authgss_ops = { + authgss_nextverf, + authgss_marshal, + authgss_validate, + authgss_refresh, + authgss_destroy, + authgss_wrap, + authgss_unwrap +}; + +#ifdef DEBUG + +/* useful as i add more mechanisms */ +void +print_rpc_gss_sec(struct rpc_gss_sec *ptr) +{ +#if HAVE_HEIMDAL + int i; + char *p; + + log_debug("rpc_gss_sec:\n"); + if(ptr->mech == NULL) + log_debug("NULL gss_OID mech\n"); + else { + log_debug(" gss_OID len: %d\n gss_OID elements:", + ptr->mech->length); + p = (char *)ptr->mech->elements; + log_debug(" "); + for(i=0;imech->length;i++) + log_debug("%u", (u_char)*p++); + log_debug("\n"); + } + log_debug(" qop: %d\n",ptr->qop); + log_debug(" service: %d\n",ptr->svc); +#else + OM_uint32 min_stat; + gss_buffer_desc msg; + + if (ptr->mech == NULL) + log_debug("rpc_gss_sec: mech NULL, qop %d, svc %d", + ptr->qop, ptr->svc); + else { + gss_oid_to_str(&min_stat, ptr->mech, &msg); + + log_debug("rpc_gss_sec: mech %.*s, qop %d, svc %d", + msg.length, (char *)msg.value, + ptr->qop, ptr->svc); + + gss_release_buffer(&min_stat, &msg); + } +#endif +} +#endif /*DEBUG*/ + +/* Krb 5 default mechanism oid */ +#define KRB5OID "1.2.840.113554.1.2.2" + +#define g_OID_equal(o1,o2) \ + (((o1)->length == (o2)->length) && \ + ((o1)->elements != 0) && ((o2)->elements != 0) && \ + (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)) + +extern const gss_OID_desc * const gss_mech_krb5; +#ifdef SPKM +extern const gss_OID_desc * const gss_mech_spkm3; +#endif /*SPKM*/ + +/* from kerberos source, gssapi_krb5.c */ +static gss_OID_desc krb5oid = + {9, "\052\206\110\206\367\022\001\002\002"}; + +#if SPKM +static gss_OID_desc spkm3oid = + {7, "\052\006\001\005\005\001\003"}; +#endif /*SPKM*/ + +struct rpc_gss_data { + bool_t established; /* context established */ + bool_t inprogress; + gss_buffer_desc gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier + * to process at end of context negotiation*/ + CLIENT *clnt; /* client handle */ + gss_name_t name; /* service name */ + struct rpc_gss_sec sec; /* security tuple */ + gss_ctx_id_t ctx; /* context id */ + struct rpc_gss_cred gc; /* client credentials */ + u_int win; /* sequence window */ +}; + +#define AUTH_PRIVATE(auth) ((struct rpc_gss_data *)auth->ah_private) + +static struct timeval AUTH_TIMEOUT = { 25, 0 }; + +AUTH * +authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec) +{ + AUTH *auth, *save_auth; + struct rpc_gss_data *gd; + + log_debug("in authgss_create()"); + + memset(&rpc_createerr, 0, sizeof(rpc_createerr)); + + if ((auth = calloc(sizeof(*auth), 1)) == NULL) { + rpc_createerr.cf_stat = RPC_SYSTEMERROR; + rpc_createerr.cf_error.re_errno = ENOMEM; + return (NULL); + } + if ((gd = calloc(sizeof(*gd), 1)) == NULL) { + rpc_createerr.cf_stat = RPC_SYSTEMERROR; + rpc_createerr.cf_error.re_errno = ENOMEM; + free(auth); + return (NULL); + } + gd->clnt = clnt; + gd->name = name; + gd->ctx = GSS_C_NO_CONTEXT; + gd->sec = *sec; + + gd->gc.gc_v = RPCSEC_GSS_VERSION; + gd->gc.gc_proc = RPCSEC_GSS_INIT; + gd->gc.gc_svc = gd->sec.svc; + + auth->ah_ops = &authgss_ops; + auth->ah_private = (caddr_t)gd; + + save_auth = clnt->cl_auth; + clnt->cl_auth = auth; + + if (!authgss_refresh(auth, NULL)) + auth = NULL; + + clnt->cl_auth = save_auth; + + log_debug("authgss_create returning auth 0x%08x", auth); + return (auth); +} + +AUTH * +authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec) +{ + AUTH *auth; + OM_uint32 maj_stat = 0, min_stat = 0; + gss_buffer_desc sname; + gss_name_t name; + + log_debug("in authgss_create_default()"); + + + sname.value = service; + sname.length = strlen(service); + + maj_stat = gss_import_name(&min_stat, &sname, + (gss_OID)gss_nt_service_name, + &name); + + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_import_name", maj_stat, min_stat); + rpc_createerr.cf_stat = RPC_AUTHERROR; + return (NULL); + } + + auth = authgss_create(clnt, name, sec); + + if(auth) + gss_release_name(&min_stat, &name); + + log_debug("authgss_create_default returning auth 0x%08x", auth); + return (auth); +} + +static void +authgss_nextverf(AUTH *auth) +{ + log_debug("in authgss_nextverf()\n"); + /* no action necessary */ +} + +static bool_t +authgss_marshal(AUTH *auth, XDR *xdrs) +{ + XDR tmpxdrs; + char tmp[MAX_AUTH_BYTES]; + struct rpc_gss_data *gd; + gss_buffer_desc rpcbuf, checksum; + OM_uint32 maj_stat, min_stat; + bool_t xdr_stat; + + log_debug("in authgss_marshal()"); + + gd = AUTH_PRIVATE(auth); + + if (gd->established) + gd->gc.gc_seq++; + + xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE); + + if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gc)) { + XDR_DESTROY(&tmpxdrs); + return (FALSE); + } + auth->ah_cred.oa_flavor = RPCSEC_GSS; + auth->ah_cred.oa_base = tmp; + auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs); + + XDR_DESTROY(&tmpxdrs); + + if (!xdr_opaque_auth(xdrs, &auth->ah_cred)) + return (FALSE); + + if (gd->gc.gc_proc == RPCSEC_GSS_INIT || + gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) { + return (xdr_opaque_auth(xdrs, &gssrpc__null_auth)); + } + /* Checksum serialized RPC header, up to and including credential. */ + rpcbuf.length = XDR_GETPOS(xdrs); + XDR_SETPOS(xdrs, 0); + rpcbuf.value = XDR_INLINE(xdrs, rpcbuf.length); + + maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop, + &rpcbuf, &checksum); + + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_get_mic", maj_stat, min_stat); + if (maj_stat == GSS_S_CONTEXT_EXPIRED) { + gd->established = FALSE; + authgss_destroy_context(auth); + } + return (FALSE); + } + auth->ah_verf.oa_flavor = RPCSEC_GSS; + auth->ah_verf.oa_base = checksum.value; + auth->ah_verf.oa_length = checksum.length; + + xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf); + gss_release_buffer(&min_stat, &checksum); + + return (xdr_stat); +} + +static bool_t +authgss_validate(AUTH *auth, struct opaque_auth *verf) +{ + struct rpc_gss_data *gd; + u_int num, qop_state; + gss_buffer_desc signbuf, checksum; + OM_uint32 maj_stat, min_stat; + + log_debug("in authgss_validate()"); + + gd = AUTH_PRIVATE(auth); + + if (gd->established == FALSE) { + /* would like to do this only on NULL rpc - gc->established is good enough. + * save the on the wire verifier to validate last INIT phase packet + * after decode if the major status is GSS_S_COMPLETE + */ + if ((gd->gc_wire_verf.value = mem_alloc(verf->oa_length)) == NULL) { + fprintf(stderr, "gss_validate: out of memory\n"); + return (FALSE); + } + memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length); + gd->gc_wire_verf.length = verf->oa_length; + return (TRUE); + } + + if (gd->gc.gc_proc == RPCSEC_GSS_INIT || + gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) { + num = htonl(gd->win); + } + else num = htonl(gd->gc.gc_seq); + + signbuf.value = # + signbuf.length = sizeof(num); + + checksum.value = verf->oa_base; + checksum.length = verf->oa_length; + + maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf, + &checksum, &qop_state); + if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) { + log_status("gss_verify_mic", maj_stat, min_stat); + if (maj_stat == GSS_S_CONTEXT_EXPIRED) { + gd->established = FALSE; + authgss_destroy_context(auth); + } + return (FALSE); + } + return (TRUE); +} + +static bool_t +authgss_refresh(AUTH *auth, struct rpc_msg *msg) +{ + struct rpc_gss_data *gd; + struct rpc_gss_init_res gr; + gss_buffer_desc *recv_tokenp, send_token; + OM_uint32 maj_stat, min_stat, call_stat, ret_flags, req_flags=0; + + log_debug("in authgss_refresh()"); + + gd = AUTH_PRIVATE(auth); + + if (gd->established || gd->inprogress) + return (TRUE); + + /* GSS context establishment loop. */ + memset(&gr, 0, sizeof(gr)); + recv_tokenp = GSS_C_NO_BUFFER; + +#ifdef DEBUG + print_rpc_gss_sec(&gd->sec); +#endif /*DEBUG*/ + + if (g_OID_equal(gd->sec.mech, &krb5oid)) + req_flags |= GSS_C_MUTUAL_FLAG; + +#ifdef SPKM + if (g_OID_equal(gd->sec.mech, gss_mech_spkm3)) + req_flags |= GSS_C_ANON_FLAG; +#endif /*SPKM*/ + + for (;;) { + gd->inprogress = TRUE; + maj_stat = gss_init_sec_context(&min_stat, + GSS_C_NO_CREDENTIAL, + &gd->ctx, + gd->name, + gd->sec.mech, + req_flags, + 0, /* time req */ + NULL, /* channel */ + recv_tokenp, + NULL, /* used mech */ + &send_token, + &ret_flags, + NULL); /* time rec */ + + log_status("gss_init_sec_context", maj_stat, min_stat); + if (recv_tokenp != GSS_C_NO_BUFFER) { + gss_release_buffer(&min_stat, &gr.gr_token); + recv_tokenp = GSS_C_NO_BUFFER; + } + if (maj_stat != GSS_S_COMPLETE && + maj_stat != GSS_S_CONTINUE_NEEDED) { + log_status("gss_init_sec_context (error)", maj_stat, min_stat); + break; + } + if (send_token.length != 0) { + memset(&gr, 0, sizeof(gr)); + + call_stat = clnt_call(gd->clnt, NULLPROC, + xdr_rpc_gss_init_args, + &send_token, + xdr_rpc_gss_init_res, + (caddr_t)&gr, AUTH_TIMEOUT); + + gss_release_buffer(&min_stat, &send_token); + + log_debug("authgss_refresh: call_stat=%d", call_stat); + log_debug("%s", clnt_sperror(gd->clnt, "authgss_refresh")); + if (call_stat != RPC_SUCCESS || + (gr.gr_major != GSS_S_COMPLETE && + gr.gr_major != GSS_S_CONTINUE_NEEDED)) + break; + + if (gr.gr_ctx.length != 0) { + if (gd->gc.gc_ctx.value) + gss_release_buffer(&min_stat, + &gd->gc.gc_ctx); + gd->gc.gc_ctx = gr.gr_ctx; + } + if (gr.gr_token.length != 0) { + if (maj_stat != GSS_S_CONTINUE_NEEDED) + break; + recv_tokenp = &gr.gr_token; + } + gd->gc.gc_proc = RPCSEC_GSS_CONTINUE_INIT; + } + + /* GSS_S_COMPLETE => check gss header verifier, usually checked in + * gss_validate + */ + if (maj_stat == GSS_S_COMPLETE) { + gss_buffer_desc bufin; + gss_buffer_desc bufout; + u_int seq, qop_state = 0; + + seq = htonl(gr.gr_win); + bufin.value = (u_char *)&seq; + bufin.length = sizeof(seq); + bufout.value = (u_char *)gd->gc_wire_verf.value; + bufout.length = gd->gc_wire_verf.length; + + log_debug("authgss_refresh: GSS_S_COMPLETE: calling verify_mic"); + maj_stat = gss_verify_mic(&min_stat,gd->ctx, + &bufin, &bufout, &qop_state); + + if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) { + log_status("gss_verify_mic", maj_stat, min_stat); + gss_release_buffer(&min_stat, &gd->gc_wire_verf); + if (maj_stat == GSS_S_CONTEXT_EXPIRED) { + gd->established = FALSE; + authgss_destroy_context(auth); + } + return (FALSE); + } + gss_release_buffer(&min_stat, &gd->gc_wire_verf); + gd->established = TRUE; + gd->inprogress = FALSE; + gd->gc.gc_proc = RPCSEC_GSS_DATA; + gd->gc.gc_seq = 0; + gd->win = gr.gr_win; + break; + } + } + log_status("authgss_refresh: at end of context negotiation", maj_stat, min_stat); + /* End context negotiation loop. */ + if (gd->gc.gc_proc != RPCSEC_GSS_DATA) { + log_debug("authgss_refresh: returning ERROR (gc_proc %d)", gd->gc.gc_proc); + if (gr.gr_token.length != 0) + gss_release_buffer(&min_stat, &gr.gr_token); + + authgss_destroy(auth); + auth = NULL; + rpc_createerr.cf_stat = RPC_AUTHERROR; + + return (FALSE); + } + log_debug("authgss_refresh: returning SUCCESS"); + return (TRUE); +} + +bool_t +authgss_service(AUTH *auth, int svc) +{ + struct rpc_gss_data *gd; + + log_debug("in authgss_service()"); + + if (!auth) + return(FALSE); + gd = AUTH_PRIVATE(auth); + if (!gd || !gd->established) + return (FALSE); + gd->sec.svc = svc; + gd->gc.gc_svc = svc; + return (TRUE); +} + +static void +authgss_destroy_context(AUTH *auth) +{ + struct rpc_gss_data *gd; + OM_uint32 min_stat; + enum clnt_stat callstat; + + log_debug("in authgss_destroy_context()"); + + gd = AUTH_PRIVATE(auth); + + if (gd->gc.gc_ctx.length != 0) { + if (gd->established) { + gd->gc.gc_proc = RPCSEC_GSS_DESTROY; + callstat = clnt_call(gd->clnt, NULLPROC, + xdr_void, NULL, + xdr_void, NULL, + AUTH_TIMEOUT); + log_debug("%s", + clnt_sperror(gd->clnt, + "authgss_destroy_context")); + } + gss_release_buffer(&min_stat, &gd->gc.gc_ctx); + /* XXX ANDROS check size of context - should be 8 */ + memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx)); + } + if (gd->ctx != GSS_C_NO_CONTEXT) { + gss_delete_sec_context(&min_stat, &gd->ctx, NULL); + gd->ctx = GSS_C_NO_CONTEXT; + } + gd->established = FALSE; + + log_debug("finished authgss_destroy_context()"); +} + +static void +authgss_destroy(AUTH *auth) +{ + struct rpc_gss_data *gd; + OM_uint32 min_stat; + + log_debug("in authgss_destroy()"); + + gd = AUTH_PRIVATE(auth); + + authgss_destroy_context(auth); + + if (gd->name != GSS_C_NO_NAME) + gss_release_name(&min_stat, &gd->name); +#if 0 +#ifdef HAVE_HEIMDAL + gss_release_name(&min_stat, &gd->name); +#else + gss_release_name(&min_stat, gd->name); +#endif +#endif + free(gd); + free(auth); +} + +bool_t +authgss_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) +{ + struct rpc_gss_data *gd; + + log_debug("in authgss_wrap()"); + + gd = AUTH_PRIVATE(auth); + + if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { + return ((*xdr_func)(xdrs, xdr_ptr)); + } + return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr, + gd->ctx, gd->sec.qop, + gd->sec.svc, gd->gc.gc_seq)); +} + +bool_t +authgss_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) +{ + struct rpc_gss_data *gd; + + log_debug("in authgss_unwrap()"); + + gd = AUTH_PRIVATE(auth); + + if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { + return ((*xdr_func)(xdrs, xdr_ptr)); + } + return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr, + gd->ctx, gd->sec.qop, + gd->sec.svc, gd->gc.gc_seq)); +} diff --git a/src/lib/rpc/auth_gss.h b/src/lib/rpc/auth_gss.h new file mode 100644 index 000000000..3692c548d --- /dev/null +++ b/src/lib/rpc/auth_gss.h @@ -0,0 +1,137 @@ +/* + auth_gssapi.h + + Copyright (c) 2000 The Regents of the University of Michigan. + All rights reserved. + + Copyright (c) 2000 Dug Song . + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Id: auth_gss.h,v 1.13 2002/05/08 16:54:33 andros Exp +*/ + +#ifndef GSSRPC_AUTH_GSS_H +#define GSSRPC_AUTH_GSS_H + +#include +#include +#ifdef HAVE_HEIMDAL +#include +#else +#include +#endif + +GSSRPC__BEGIN_DECLS + +/* RPCSEC_GSS control procedures. */ +typedef enum { + RPCSEC_GSS_DATA = 0, + RPCSEC_GSS_INIT = 1, + RPCSEC_GSS_CONTINUE_INIT = 2, + RPCSEC_GSS_DESTROY = 3 +} rpc_gss_proc_t; + +/* RPCSEC_GSS services. */ +typedef enum { + RPCSEC_GSS_SVC_NONE = 1, + RPCSEC_GSS_SVC_INTEGRITY = 2, + RPCSEC_GSS_SVC_PRIVACY = 3 +} rpc_gss_svc_t; + +#define RPCSEC_GSS_VERSION 1 + +/* RPCSEC_GSS security triple. */ +struct rpc_gss_sec { + gss_OID mech; /* mechanism */ + gss_qop_t qop; /* quality of protection */ + rpc_gss_svc_t svc; /* service */ +}; + +/* Krb 5 default mechanism +#define KRB5OID "1.2.840.113554.1.2.2" + +gss_OID_desc krb5oid = { + 20, KRB5OID +}; + */ + +/* +struct rpc_gss_sec krb5mech = { + (gss_OID)&krb5oid, + GSS_QOP_DEFAULT, + RPCSEC_GSS_SVC_NONE +}; +*/ + +/* Credentials. */ +struct rpc_gss_cred { + u_int gc_v; /* version */ + rpc_gss_proc_t gc_proc; /* control procedure */ + uint32_t gc_seq; /* sequence number */ + rpc_gss_svc_t gc_svc; /* service */ + gss_buffer_desc gc_ctx; /* context handle */ +}; + +/* Context creation response. */ +struct rpc_gss_init_res { + gss_buffer_desc gr_ctx; /* context handle */ + uint32_t gr_major; /* major status */ + uint32_t gr_minor; /* minor status */ + uint32_t gr_win; /* sequence window */ + gss_buffer_desc gr_token; /* token */ +}; + +/* Maximum sequence number value. */ +#define MAXSEQ 0x80000000 + +/* Prototypes. */ +bool_t xdr_rpc_gss_cred (XDR *xdrs, struct rpc_gss_cred *p); +bool_t xdr_rpc_gss_init_args (XDR *xdrs, gss_buffer_desc *p); +bool_t xdr_rpc_gss_init_res (XDR *xdrs, struct rpc_gss_init_res *p); +bool_t xdr_rpc_gss_data (XDR *xdrs, xdrproc_t xdr_func, + caddr_t xdr_ptr, gss_ctx_id_t ctx, + gss_qop_t qop, rpc_gss_svc_t svc, + uint32_t seq); +bool_t xdr_rpc_gss_wrap_data (XDR *xdrs, xdrproc_t xdr_func, caddr_t + xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, + rpc_gss_svc_t svc, uint32_t seq); +bool_t xdr_rpc_gss_unwrap_data (XDR *xdrs, xdrproc_t xdr_func, caddr_t + xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, + rpc_gss_svc_t svc, uint32_t seq); + +AUTH *authgss_create (CLIENT *, gss_name_t, struct rpc_gss_sec *); +AUTH *authgss_create_default (CLIENT *, char *, struct rpc_gss_sec *); +bool_t authgss_service(AUTH *auth, int svc); + + +void log_debug (const char *fmt, ...); +void log_status (char *m, OM_uint32 major, OM_uint32 minor); +void log_hexdump (const u_char *buf, int len, int offset); + +GSSRPC__END_DECLS +#endif /* !defined(GSSRPC_AUTH_GSS_H) */ diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c index a18939ae6..0efc793fb 100644 --- a/src/lib/rpc/auth_gssapi.c +++ b/src/lib/rpc/auth_gssapi.c @@ -60,12 +60,12 @@ struct auth_gssapi_data { CLIENT *clnt; gss_ctx_id_t context; gss_buffer_desc client_handle; - rpc_u_int32 seq_num; + uint32_t seq_num; int def_cred; /* pre-serialized ah_cred */ unsigned char cred_buf[MAX_AUTH_BYTES]; - rpc_u_int32 cred_len; + uint32_t cred_len; }; #define AUTH_PRIVATE(auth) ((struct auth_gssapi_data *)auth->ah_private) @@ -151,7 +151,7 @@ AUTH *auth_gssapi_create(clnt, gssstat, minor_stat, enum clnt_stat callstat; struct timeval timeout; int bindings_failed; - rpc_u_int32 init_func; + rpcproc_t init_func; auth_gssapi_init_arg call_arg; auth_gssapi_init_res call_res; @@ -344,7 +344,7 @@ next_token: goto cleanup; } else { PRINTF(("gssapi_create: got client_handle %d\n", - *((rpc_u_int32 *)call_res.client_handle.value))); + *((uint32_t *)call_res.client_handle.value))); GSS_DUP_BUFFER(AUTH_PRIVATE(auth)->client_handle, call_res.client_handle); @@ -393,14 +393,14 @@ next_token: AUTH_GSSAPI_DISPLAY_STATUS(("unsealing isn", *gssstat, *minor_stat)); goto cleanup; - } else if (isn_buf.length != sizeof(rpc_u_int32)) { + } else if (isn_buf.length != sizeof(uint32_t)) { PRINTF(("gssapi_create: gss_unseal gave %d bytes\n", (int) isn_buf.length)); goto cleanup; } - AUTH_PRIVATE(auth)->seq_num = (rpc_u_int32) - ntohl(*((rpc_u_int32*)isn_buf.value)); + AUTH_PRIVATE(auth)->seq_num = (uint32_t) + ntohl(*((uint32_t*)isn_buf.value)); *gssstat = gss_release_buffer(minor_stat, &isn_buf); if (*gssstat != GSS_S_COMPLETE) { AUTH_GSSAPI_DISPLAY_STATUS(("releasing unsealed isn", @@ -412,7 +412,7 @@ next_token: AUTH_PRIVATE(auth)->seq_num)); /* we no longer need these results.. */ - gssrpc_xdr_free(xdr_authgssapi_init_res, &call_res); + xdr_free(xdr_authgssapi_init_res, &call_res); } } else if (call_res.signed_isn.length != 0) { PRINTF(("gssapi_create: got signed isn, can't check yet\n")); @@ -433,7 +433,7 @@ next_token: &AUTH_PRIVATE(auth)->client_handle); PRINTF(("gssapi_create: done. client_handle %#x, isn %d\n\n", - *((rpc_u_int32 *)AUTH_PRIVATE(auth)->client_handle.value), + *((uint32_t *)AUTH_PRIVATE(auth)->client_handle.value), AUTH_PRIVATE(auth)->seq_num)); /* don't assume the caller will want to change clnt->cl_auth */ @@ -572,7 +572,7 @@ static bool_t auth_gssapi_marshall(auth, xdrs) { OM_uint32 minor_stat; gss_buffer_desc out_buf; - rpc_u_int32 seq_num; + uint32_t seq_num; if (AUTH_PRIVATE(auth)->established == TRUE) { PRINTF(("gssapi_marshall: starting\n")); @@ -589,8 +589,8 @@ static bool_t auth_gssapi_marshall(auth, xdrs) auth->ah_verf.oa_base = out_buf.value; auth->ah_verf.oa_length = out_buf.length; - if (! gssrpc_xdr_opaque_auth(xdrs, &auth->ah_cred) || - ! gssrpc_xdr_opaque_auth(xdrs, &auth->ah_verf)) { + if (! xdr_opaque_auth(xdrs, &auth->ah_cred) || + ! xdr_opaque_auth(xdrs, &auth->ah_verf)) { (void) gss_release_buffer(&minor_stat, &out_buf); return FALSE; } @@ -601,8 +601,8 @@ static bool_t auth_gssapi_marshall(auth, xdrs) auth->ah_verf.oa_base = NULL; auth->ah_verf.oa_length = 0; - if (! gssrpc_xdr_opaque_auth(xdrs, &auth->ah_cred) || - ! gssrpc_xdr_opaque_auth(xdrs, &auth->ah_verf)) { + if (! xdr_opaque_auth(xdrs, &auth->ah_cred) || + ! xdr_opaque_auth(xdrs, &auth->ah_verf)) { return FALSE; } } @@ -622,7 +622,7 @@ static bool_t auth_gssapi_validate(auth, verf) struct opaque_auth *verf; { gss_buffer_desc in_buf; - rpc_u_int32 seq_num; + uint32_t seq_num; if (AUTH_PRIVATE(auth)->established == FALSE) { PRINTF(("gssapi_validate: not established, noop\n")); diff --git a/src/lib/rpc/auth_gssapi.h b/src/lib/rpc/auth_gssapi.h index b3d4dc49e..73a2f0b16 100644 --- a/src/lib/rpc/auth_gssapi.h +++ b/src/lib/rpc/auth_gssapi.h @@ -7,6 +7,11 @@ * */ +#ifndef GSSRPC_AUTH_GSSAPI_H +#define GSSRPC_AUTH_GSSAPI_H + +GSSRPC__BEGIN_DECLS + #define AUTH_GSSAPI_EXIT 0 #define AUTH_GSSAPI_INIT 1 #define AUTH_GSSAPI_CONTINUE_INIT 2 @@ -29,18 +34,18 @@ typedef struct _auth_gssapi_name { } auth_gssapi_name; typedef struct _auth_gssapi_creds { - rpc_u_int32 version; + uint32_t version; bool_t auth_msg; gss_buffer_desc client_handle; } auth_gssapi_creds; typedef struct _auth_gssapi_init_arg { - rpc_u_int32 version; + uint32_t version; gss_buffer_desc token; } auth_gssapi_init_arg; typedef struct _auth_gssapi_init_res { - rpc_u_int32 version; + uint32_t version; gss_buffer_desc client_handle; OM_uint32 gss_major, gss_minor; gss_buffer_desc token; @@ -73,12 +78,12 @@ bool_t xdr_authgssapi_init_res(XDR *, auth_gssapi_init_res *); bool_t auth_gssapi_wrap_data (OM_uint32 *major, OM_uint32 *minor, - gss_ctx_id_t context, rpc_u_int32 seq_num, XDR + gss_ctx_id_t context, uint32_t seq_num, XDR *out_xdrs, bool_t (*xdr_func)(), caddr_t xdr_ptr); bool_t auth_gssapi_unwrap_data (OM_uint32 *major, OM_uint32 *minor, - gss_ctx_id_t context, rpc_u_int32 seq_num, XDR + gss_ctx_id_t context, uint32_t seq_num, XDR *in_xdrs, bool_t (*xdr_func)(), caddr_t xdr_ptr); @@ -103,26 +108,33 @@ void auth_gssapi_display_status OM_uint32 minor); bool_t auth_gssapi_seal_seq -(gss_ctx_id_t context, rpc_u_int32 seq_num, gss_buffer_t out_buf); +(gss_ctx_id_t context, uint32_t seq_num, gss_buffer_t out_buf); bool_t auth_gssapi_unseal_seq -(gss_ctx_id_t context, gss_buffer_t in_buf, rpc_u_int32 *seq_num); +(gss_ctx_id_t context, gss_buffer_t in_buf, uint32_t *seq_num); -bool_t _svcauth_gssapi_set_names +bool_t svcauth_gssapi_set_names (auth_gssapi_name *names, int num); -void _svcauth_gssapi_unset_names +void svcauth_gssapi_unset_names (void); -void _svcauth_gssapi_set_log_badauth_func +void svcauth_gssapi_set_log_badauth_func (auth_gssapi_log_badauth_func func, caddr_t data); -void _svcauth_gssapi_set_log_badverf_func +void svcauth_gssapi_set_log_badverf_func (auth_gssapi_log_badverf_func func, caddr_t data); -void _svcauth_gssapi_set_log_miscerr_func +void svcauth_gssapi_set_log_miscerr_func (auth_gssapi_log_miscerr_func func, caddr_t data); +void svcauth_gss_set_log_badauth_func(auth_gssapi_log_badauth_func, + caddr_t); +void svcauth_gss_set_log_badverf_func(auth_gssapi_log_badverf_func, + caddr_t); +void svcauth_gss_set_log_miscerr_func(auth_gssapi_log_miscerr_func, + caddr_t data); + #define GSS_COPY_BUFFER(dest, src) { \ (dest).length = (src).length; \ (dest).value = (src).value; } @@ -135,3 +147,7 @@ void _svcauth_gssapi_set_log_miscerr_func #define GSS_BUFFERS_EQUAL(b1, b2) (((b1).length == (b2).length) && \ !memcmp((b1).value,(b2).value,(b1.length))) + +GSSRPC__END_DECLS + +#endif /* !defined(GSSRPC_AUTH_GSSAPI_H) */ diff --git a/src/lib/rpc/auth_gssapi_misc.c b/src/lib/rpc/auth_gssapi_misc.c index ab9b0bcbc..8c417aaa6 100644 --- a/src/lib/rpc/auth_gssapi_misc.c +++ b/src/lib/rpc/auth_gssapi_misc.c @@ -86,16 +86,16 @@ bool_t xdr_authgssapi_init_res(xdrs, init_res) bool_t auth_gssapi_seal_seq(context, seq_num, out_buf) gss_ctx_id_t context; - rpc_u_int32 seq_num; + uint32_t seq_num; gss_buffer_t out_buf; { gss_buffer_desc in_buf; OM_uint32 gssstat, minor_stat; - rpc_u_int32 nl_seq_num; + uint32_t nl_seq_num; nl_seq_num = htonl(seq_num); - in_buf.length = sizeof(rpc_u_int32); + in_buf.length = sizeof(uint32_t); in_buf.value = (char *) &nl_seq_num; gssstat = gss_seal(&minor_stat, context, 0, GSS_C_QOP_DEFAULT, &in_buf, NULL, out_buf); @@ -111,11 +111,11 @@ bool_t auth_gssapi_seal_seq(context, seq_num, out_buf) bool_t auth_gssapi_unseal_seq(context, in_buf, seq_num) gss_ctx_id_t context; gss_buffer_t in_buf; - rpc_u_int32 *seq_num; + uint32_t *seq_num; { gss_buffer_desc out_buf; OM_uint32 gssstat, minor_stat; - rpc_u_int32 nl_seq_num; + uint32_t nl_seq_num; gssstat = gss_unseal(&minor_stat, context, in_buf, &out_buf, NULL, NULL); @@ -124,15 +124,15 @@ bool_t auth_gssapi_unseal_seq(context, in_buf, seq_num) AUTH_GSSAPI_DISPLAY_STATUS(("unsealing sequence number", gssstat, minor_stat)); return FALSE; - } else if (out_buf.length != sizeof(rpc_u_int32)) { + } else if (out_buf.length != sizeof(uint32_t)) { PRINTF(("gssapi_unseal_seq: unseal gave %d bytes\n", (int) out_buf.length)); gss_release_buffer(&minor_stat, &out_buf); return FALSE; } - nl_seq_num = *((rpc_u_int32 *) out_buf.value); - *seq_num = (rpc_u_int32) ntohl(nl_seq_num); + nl_seq_num = *((uint32_t *) out_buf.value); + *seq_num = (uint32_t) ntohl(nl_seq_num); gss_release_buffer(&minor_stat, &out_buf); return TRUE; @@ -189,7 +189,7 @@ bool_t auth_gssapi_wrap_data(major, minor, context, seq_num, out_xdrs, xdr_func, xdr_ptr) OM_uint32 *major, *minor; gss_ctx_id_t context; - rpc_u_int32 seq_num; + uint32_t seq_num; XDR *out_xdrs; bool_t (*xdr_func)(); caddr_t xdr_ptr; @@ -256,14 +256,14 @@ bool_t auth_gssapi_unwrap_data(major, minor, context, seq_num, in_xdrs, xdr_func, xdr_ptr) OM_uint32 *major, *minor; gss_ctx_id_t context; - rpc_u_int32 seq_num; + uint32_t seq_num; XDR *in_xdrs; bool_t (*xdr_func)(); caddr_t xdr_ptr; { gss_buffer_desc in_buf, out_buf; XDR temp_xdrs; - rpc_u_int32 verf_seq_num; + uint32_t verf_seq_num; int conf, qop; unsigned int length; @@ -315,7 +315,7 @@ bool_t auth_gssapi_unwrap_data(major, minor, context, seq_num, if (! (*xdr_func)(&temp_xdrs, xdr_ptr)) { PRINTF(("gssapi_unwrap_data: deserializing arguments failed\n")); gss_release_buffer(minor, &out_buf); - gssrpc_xdr_free(xdr_func, xdr_ptr); + xdr_free(xdr_func, xdr_ptr); XDR_DESTROY(&temp_xdrs); return FALSE; } diff --git a/src/lib/rpc/auth_none.c b/src/lib/rpc/auth_none.c index 115286865..0cc6d890e 100644 --- a/src/lib/rpc/auth_none.c +++ b/src/lib/rpc/auth_none.c @@ -53,6 +53,7 @@ static void authnone_destroy(AUTH *); static bool_t authnone_marshal(AUTH *, XDR *); static bool_t authnone_validate(AUTH *, struct opaque_auth *); static bool_t authnone_refresh(AUTH *, struct rpc_msg *); +static bool_t authnone_wrap(AUTH *, XDR *, xdrproc_t, caddr_t); static struct auth_ops ops = { authnone_verf, @@ -60,14 +61,14 @@ static struct auth_ops ops = { authnone_validate, authnone_refresh, authnone_destroy, - authany_wrap, - authany_wrap, + authnone_wrap, + authnone_wrap }; static struct authnone_private { AUTH no_client; char marshalled_client[MAX_MARSHEL_SIZE]; - unsigned int mcnt; + u_int mcnt; } *authnone_private; AUTH * @@ -84,13 +85,13 @@ authnone_create() authnone_private = ap; } if (!ap->mcnt) { - ap->no_client.ah_cred = ap->no_client.ah_verf = _null_auth; + ap->no_client.ah_cred = ap->no_client.ah_verf = gssrpc__null_auth; ap->no_client.ah_ops = &ops; xdrs = &xdr_stream; - xdrmem_create(xdrs, ap->marshalled_client, (unsigned int)MAX_MARSHEL_SIZE, + xdrmem_create(xdrs, ap->marshalled_client, (u_int)MAX_MARSHEL_SIZE, XDR_ENCODE); - (void)gssrpc_xdr_opaque_auth(xdrs, &ap->no_client.ah_cred); - (void)gssrpc_xdr_opaque_auth(xdrs, &ap->no_client.ah_verf); + (void)xdr_opaque_auth(xdrs, &ap->no_client.ah_cred); + (void)xdr_opaque_auth(xdrs, &ap->no_client.ah_verf); ap->mcnt = XDR_GETPOS(xdrs); XDR_DESTROY(xdrs); } @@ -144,3 +145,9 @@ authnone_destroy(auth) AUTH *auth; { } + +static bool_t +authnone_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xfunc, caddr_t xwhere) +{ + return ((*xfunc)(xdrs, xwhere)); +} diff --git a/src/lib/rpc/auth_unix.c b/src/lib/rpc/auth_unix.c index 9dbde0da0..12d4f5e63 100644 --- a/src/lib/rpc/auth_unix.c +++ b/src/lib/rpc/auth_unix.c @@ -64,6 +64,7 @@ static bool_t authunix_marshal(AUTH *, XDR *); static bool_t authunix_validate(AUTH *, struct opaque_auth *); static bool_t authunix_refresh(AUTH *, struct rpc_msg *); static void authunix_destroy(AUTH *); +static bool_t authunix_wrap(AUTH *, XDR *, xdrproc_t, caddr_t); static struct auth_ops auth_unix_ops = { authunix_nextverf, @@ -71,8 +72,8 @@ static struct auth_ops auth_unix_ops = { authunix_validate, authunix_refresh, authunix_destroy, - authany_wrap, - authany_wrap, + authunix_wrap, + authunix_wrap }; /* @@ -81,9 +82,9 @@ static struct auth_ops auth_unix_ops = { struct audata { struct opaque_auth au_origcred; /* original credentials */ struct opaque_auth au_shcred; /* short hand cred */ - rpc_u_int32 au_shfaults; /* short hand cache faults */ + uint32_t au_shfaults; /* short hand cache faults */ char au_marshed[MAX_AUTH_BYTES]; - unsigned int au_mpos; /* xdr pos at end of marshed */ + u_int au_mpos; /* xdr pos at end of marshed */ }; #define AUTH_PRIVATE(auth) ((struct audata *)auth->ah_private) @@ -128,7 +129,7 @@ authunix_create(machname, uid, gid, len, aup_gids) #endif auth->ah_ops = &auth_unix_ops; auth->ah_private = (caddr_t)au; - auth->ah_verf = au->au_shcred = _null_auth; + auth->ah_verf = au->au_shcred = gssrpc__null_auth; au->au_shfaults = 0; /* @@ -139,7 +140,7 @@ authunix_create(machname, uid, gid, len, aup_gids) aup.aup_machname = machname; aup.aup_uid = uid; aup.aup_gid = gid; - aup.aup_len = (unsigned int)len; + aup.aup_len = (u_int)len; aup.aup_gids = aup_gids; /* @@ -151,14 +152,14 @@ authunix_create(machname, uid, gid, len, aup_gids) au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs); au->au_origcred.oa_flavor = AUTH_UNIX; #ifdef KERNEL - au->au_origcred.oa_base = mem_alloc((unsigned int) len); + au->au_origcred.oa_base = mem_alloc((u_int) len); #else - if ((au->au_origcred.oa_base = mem_alloc((unsigned int) len)) == NULL) { + if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) { (void)fprintf(stderr, "authunix_create: out of memory\n"); return (NULL); } #endif - memmove(au->au_origcred.oa_base, mymem, (unsigned int)len); + memmove(au->au_origcred.oa_base, mymem, (u_int)len); /* * set auth handle to reflect new cred. @@ -233,11 +234,11 @@ authunix_validate(auth, verf) au->au_shcred.oa_length); au->au_shcred.oa_base = NULL; } - if (gssrpc_xdr_opaque_auth(&xdrs, &au->au_shcred)) { + if (xdr_opaque_auth(&xdrs, &au->au_shcred)) { auth->ah_cred = au->au_shcred; } else { xdrs.x_op = XDR_FREE; - (void)gssrpc_xdr_opaque_auth(&xdrs, &au->au_shcred); + (void)xdr_opaque_auth(&xdrs, &au->au_shcred); au->au_shcred.oa_base = NULL; auth->ah_cred = au->au_origcred; } @@ -322,11 +323,17 @@ marshal_new_auth(auth) register struct audata *au = AUTH_PRIVATE(auth); xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE); - if ((! gssrpc_xdr_opaque_auth(xdrs, &(auth->ah_cred))) || - (! gssrpc_xdr_opaque_auth(xdrs, &(auth->ah_verf)))) { + if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) || + (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) { perror("auth_none.c - Fatal marshalling problem"); } else { au->au_mpos = XDR_GETPOS(xdrs); } XDR_DESTROY(xdrs); } + +static bool_t +authunix_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xfunc, caddr_t xwhere) +{ + return ((*xfunc)(xdrs, xwhere)); +} diff --git a/src/lib/rpc/auth_unix.h b/src/lib/rpc/auth_unix.h index e4e58a22a..9be442278 100644 --- a/src/lib/rpc/auth_unix.h +++ b/src/lib/rpc/auth_unix.h @@ -35,6 +35,10 @@ * Copyright (C) 1984, Sun Microsystems, Inc. */ +#ifndef GSSRPC_AUTH_UNIX_H +#define GSSRPC_AUTH_UNIX_H + +GSSRPC__BEGIN_DECLS /* * The system is very weak. The client uses no encryption for it * credentials and only sends null verifiers. The server sends backs @@ -52,15 +56,14 @@ * Unix style credentials. */ struct authunix_parms { - rpc_u_int32 aup_time; + uint32_t aup_time; char *aup_machname; int aup_uid; int aup_gid; - unsigned int aup_len; + u_int aup_len; int *aup_gids; }; -#define xdr_authunix_parms gssrpc_xdr_authunix_parms extern bool_t xdr_authunix_parms(XDR *, struct authunix_parms *); /* @@ -71,3 +74,7 @@ extern bool_t xdr_authunix_parms(XDR *, struct authunix_parms *); struct short_hand_verf { struct opaque_auth new_cred; }; + +GSSRPC__END_DECLS + +#endif /* !defined(GSSRPC_AUTH_UNIX_H) */ diff --git a/src/lib/rpc/authgss_prot.c b/src/lib/rpc/authgss_prot.c new file mode 100644 index 000000000..6d91b8be7 --- /dev/null +++ b/src/lib/rpc/authgss_prot.c @@ -0,0 +1,358 @@ +/* + authgss_prot.c + + Copyright (c) 2000 The Regents of the University of Michigan. + All rights reserved. + + Copyright (c) 2000 Dug Song . + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Id: authgss_prot.c,v 1.18 2000/09/01 04:14:03 dugsong Exp +*/ + +#include +#include +#include +#include +#include +#ifdef HAVE_HEIMDAL +#include +#else +#include +#endif + +bool_t +xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p) +{ + bool_t xdr_stat; + + xdr_stat = (xdr_u_int(xdrs, &p->gc_v) && + xdr_enum(xdrs, (enum_t *)&p->gc_proc) && + xdr_u_int32(xdrs, &p->gc_seq) && + xdr_enum(xdrs, (enum_t *)&p->gc_svc) && + xdr_bytes(xdrs, (char **)&p->gc_ctx.value, + &p->gc_ctx.length, MAX_AUTH_BYTES)); + + log_debug("xdr_rpc_gss_cred: %s %s " + "(v %d, proc %d, seq %d, svc %d, ctx %p:%d)", + (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode", + (xdr_stat == TRUE) ? "success" : "failure", + p->gc_v, p->gc_proc, p->gc_seq, p->gc_svc, + p->gc_ctx.value, p->gc_ctx.length); + + return (xdr_stat); +} + +bool_t +xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p) +{ + bool_t xdr_stat; + + xdr_stat = xdr_bytes(xdrs, (char **)&p->value, + &p->length, MAX_NETOBJ_SZ); + + log_debug("xdr_rpc_gss_init_args: %s %s (token %p:%d)", + (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode", + (xdr_stat == TRUE) ? "success" : "failure", + p->value, p->length); + + return (xdr_stat); +} + +bool_t +xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p) +{ + bool_t xdr_stat; + + xdr_stat = (xdr_bytes(xdrs, (char **)&p->gr_ctx.value, + &p->gr_ctx.length, MAX_NETOBJ_SZ) && + xdr_u_int32(xdrs, &p->gr_major) && + xdr_u_int32(xdrs, &p->gr_minor) && + xdr_u_int32(xdrs, &p->gr_win) && + xdr_bytes(xdrs, (char **)&p->gr_token.value, + &p->gr_token.length, MAX_NETOBJ_SZ)); + + log_debug("xdr_rpc_gss_init_res %s %s " + "(ctx %p:%d, maj %d, min %d, win %d, token %p:%d)", + (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode", + (xdr_stat == TRUE) ? "success" : "failure", + p->gr_ctx.value, p->gr_ctx.length, + p->gr_major, p->gr_minor, p->gr_win, + p->gr_token.value, p->gr_token.length); + + return (xdr_stat); +} + +bool_t +xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, + gss_ctx_id_t ctx, gss_qop_t qop, + rpc_gss_svc_t svc, uint32_t seq) +{ + gss_buffer_desc databuf, wrapbuf; + OM_uint32 maj_stat, min_stat; + int start, end, conf_state; + bool_t xdr_stat; + + /* Skip databody length. */ + start = XDR_GETPOS(xdrs); + XDR_SETPOS(xdrs, start + 4); + + /* Marshal rpc_gss_data_t (sequence number + arguments). */ + if (!xdr_u_int32(xdrs, &seq) || !(*xdr_func)(xdrs, xdr_ptr)) + return (FALSE); + end = XDR_GETPOS(xdrs); + + /* Set databuf to marshalled rpc_gss_data_t. */ + databuf.length = end - start - 4; + XDR_SETPOS(xdrs, start + 4); + databuf.value = XDR_INLINE(xdrs, databuf.length); + + xdr_stat = FALSE; + + if (svc == RPCSEC_GSS_SVC_INTEGRITY) { + /* Marshal databody_integ length. */ + XDR_SETPOS(xdrs, start); + if (!xdr_u_int(xdrs, &databuf.length)) + return (FALSE); + + /* Checksum rpc_gss_data_t. */ + maj_stat = gss_get_mic(&min_stat, ctx, qop, + &databuf, &wrapbuf); + if (maj_stat != GSS_S_COMPLETE) { + log_debug("gss_get_mic failed"); + return (FALSE); + } + /* Marshal checksum. */ + XDR_SETPOS(xdrs, end); + xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value, + &wrapbuf.length, MAX_NETOBJ_SZ); + gss_release_buffer(&min_stat, &wrapbuf); + } + else if (svc == RPCSEC_GSS_SVC_PRIVACY) { + /* Encrypt rpc_gss_data_t. */ + maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf, + &conf_state, &wrapbuf); + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_wrap", maj_stat, min_stat); + return (FALSE); + } + /* Marshal databody_priv. */ + XDR_SETPOS(xdrs, start); + xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value, + &wrapbuf.length, MAX_NETOBJ_SZ); + gss_release_buffer(&min_stat, &wrapbuf); + } + return (xdr_stat); +} + +bool_t +xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, + gss_ctx_id_t ctx, gss_qop_t qop, + rpc_gss_svc_t svc, uint32_t seq) +{ + XDR tmpxdrs; + gss_buffer_desc databuf, wrapbuf; + OM_uint32 maj_stat, min_stat; + u_int seq_num, conf_state, qop_state; + bool_t xdr_stat; + + if (xdr_func == xdr_void || xdr_ptr == NULL) + return (TRUE); + + memset(&databuf, 0, sizeof(databuf)); + memset(&wrapbuf, 0, sizeof(wrapbuf)); + + if (svc == RPCSEC_GSS_SVC_INTEGRITY) { + /* Decode databody_integ. */ + if (!xdr_bytes(xdrs, (char **)&databuf.value, &databuf.length, + MAX_NETOBJ_SZ)) { + log_debug("xdr decode databody_integ failed"); + return (FALSE); + } + /* Decode checksum. */ + if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, &wrapbuf.length, + MAX_NETOBJ_SZ)) { + gss_release_buffer(&min_stat, &databuf); + log_debug("xdr decode checksum failed"); + return (FALSE); + } + /* Verify checksum and QOP. */ + maj_stat = gss_verify_mic(&min_stat, ctx, &databuf, + &wrapbuf, &qop_state); + gss_release_buffer(&min_stat, &wrapbuf); + + if (maj_stat != GSS_S_COMPLETE || qop_state != qop) { + gss_release_buffer(&min_stat, &databuf); + log_status("gss_verify_mic", maj_stat, min_stat); + return (FALSE); + } + } + else if (svc == RPCSEC_GSS_SVC_PRIVACY) { + /* Decode databody_priv. */ + if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, &wrapbuf.length, + MAX_NETOBJ_SZ)) { + log_debug("xdr decode databody_priv failed"); + return (FALSE); + } + /* Decrypt databody. */ + maj_stat = gss_unwrap(&min_stat, ctx, &wrapbuf, &databuf, + &conf_state, &qop_state); + + gss_release_buffer(&min_stat, &wrapbuf); + + /* Verify encryption and QOP. */ + if (maj_stat != GSS_S_COMPLETE || qop_state != qop || + conf_state != TRUE) { + gss_release_buffer(&min_stat, &databuf); + log_status("gss_unwrap", maj_stat, min_stat); + return (FALSE); + } + } + /* Decode rpc_gss_data_t (sequence number + arguments). */ + xdrmem_create(&tmpxdrs, databuf.value, databuf.length, XDR_DECODE); + xdr_stat = (xdr_u_int32(&tmpxdrs, &seq_num) && + (*xdr_func)(&tmpxdrs, xdr_ptr)); + XDR_DESTROY(&tmpxdrs); + gss_release_buffer(&min_stat, &databuf); + + /* Verify sequence number. */ + if (xdr_stat == TRUE && seq_num != seq) { + log_debug("wrong sequence number in databody"); + return (FALSE); + } + return (xdr_stat); +} + +bool_t +xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, + gss_ctx_id_t ctx, gss_qop_t qop, + rpc_gss_svc_t svc, uint32_t seq) +{ + switch (xdrs->x_op) { + + case XDR_ENCODE: + return (xdr_rpc_gss_wrap_data(xdrs, xdr_func, xdr_ptr, + ctx, qop, svc, seq)); + case XDR_DECODE: + return (xdr_rpc_gss_unwrap_data(xdrs, xdr_func, xdr_ptr, + ctx, qop,svc, seq)); + case XDR_FREE: + return (TRUE); + } + return (FALSE); +} + +#ifdef DEBUG +#include + +void +log_debug(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + fprintf(stderr, "rpcsec_gss: "); + vfprintf(stderr, fmt, ap); + fprintf(stderr, "\n"); + va_end(ap); +} + +void +log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat) +{ + OM_uint32 min, msg_ctx; + gss_buffer_desc msgg, msgm; + + msg_ctx = 0; + gss_display_status(&min, maj_stat, GSS_C_GSS_CODE, GSS_C_NULL_OID, + &msg_ctx, &msgg); + msg_ctx = 0; + gss_display_status(&min, min_stat, GSS_C_MECH_CODE, GSS_C_NULL_OID, + &msg_ctx, &msgm); + + log_debug("%s: %.*s - %.*s\n", m, + msgg.length, (char *)msgg.value, + msgm.length, (char *)msgm.value); + + gss_release_buffer(&min, &msgg); + gss_release_buffer(&min, &msgm); +} + +void +log_hexdump(const u_char *buf, int len, int offset) +{ + u_int i, j, jm; + int c; + + fprintf(stderr, "\n"); + for (i = 0; i < len; i += 0x10) { + fprintf(stderr, " %04x: ", (u_int)(i + offset)); + jm = len - i; + jm = jm > 16 ? 16 : jm; + + for (j = 0; j < jm; j++) { + if ((j % 2) == 1) + fprintf(stderr, "%02x ", (u_int) buf[i+j]); + else + fprintf(stderr, "%02x", (u_int) buf[i+j]); + } + for (; j < 16; j++) { + if ((j % 2) == 1) printf(" "); + else fprintf(stderr, " "); + } + fprintf(stderr, " "); + + for (j = 0; j < jm; j++) { + c = buf[i+j]; + c = isprint(c) ? c : '.'; + fprintf(stderr, "%c", c); + } + fprintf(stderr, "\n"); + } +} + +#else + +void +log_debug(const char *fmt, ...) +{ +} + +void +log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat) +{ +} + +void +log_hexdump(const u_char *buf, int len, int offset) +{ +} + +#endif + + diff --git a/src/lib/rpc/bindresvport.c b/src/lib/rpc/bindresvport.c index 28017d6cf..da1f357bc 100644 --- a/src/lib/rpc/bindresvport.c +++ b/src/lib/rpc/bindresvport.c @@ -47,7 +47,7 @@ static char sccsid[] = "@(#)bindresvport.c 2.2 88/07/29 4.0 RPCSRC 1.8 88/02/08 * Bind a socket to a privileged IP port */ int -gssrpc_bindresvport(sd, sockin) +bindresvport(sd, sockin) int sd; struct sockaddr_in *sockin; { diff --git a/src/lib/rpc/clnt.h b/src/lib/rpc/clnt.h index 93acdd6f6..95450a241 100644 --- a/src/lib/rpc/clnt.h +++ b/src/lib/rpc/clnt.h @@ -34,9 +34,10 @@ * Copyright (C) 1984, Sun Microsystems, Inc. */ -#ifndef _CLNT_ -#define _CLNT_ +#ifndef GSSRPC_CLNT_H +#define GSSRPC_CLNT_H +GSSRPC__BEGIN_DECLS /* * Rpc calls return an enum clnt_stat. This should be looked at more, * since each implementation is required to live with this (implementation @@ -90,12 +91,12 @@ struct rpc_err { int RE_errno; /* realated system error */ enum auth_stat RE_why; /* why the auth error occurred */ struct { - rpc_u_int32 low; /* lowest verion supported */ - rpc_u_int32 high; /* highest verion supported */ + rpcvers_t low; /* lowest verion supported */ + rpcvers_t high; /* highest verion supported */ } RE_vers; struct { /* maybe meaningful if RPC_FAILED */ - rpc_int32 s1; - rpc_int32 s2; + int32_t s1; + int32_t s2; } RE_lb; /* life boot & debugging only */ } ru; #define re_errno ru.RE_errno @@ -110,26 +111,27 @@ struct rpc_err { * Created by individual implementations, see e.g. rpc_udp.c. * Client is responsible for initializing auth, see e.g. auth_none.c. */ -typedef struct __rpc_client { +typedef struct CLIENT { AUTH *cl_auth; /* authenticator */ struct clnt_ops { /* call remote procedure */ - enum clnt_stat (*cl_call)(struct __rpc_client *, - rpc_u_int32, xdrproc_t, void *, + enum clnt_stat (*cl_call)(struct CLIENT *, + rpcproc_t, xdrproc_t, void *, xdrproc_t, void *, struct timeval); /* abort a call */ - void (*cl_abort)(struct __rpc_client *); + void (*cl_abort)(struct CLIENT *); /* get specific error code */ - void (*cl_geterr)(struct __rpc_client *, + void (*cl_geterr)(struct CLIENT *, struct rpc_err *); /* frees results */ - bool_t (*cl_freeres)(struct __rpc_client *, + bool_t (*cl_freeres)(struct CLIENT *, xdrproc_t, void *); /* destroy this structure */ - void (*cl_destroy)(struct __rpc_client *); + void (*cl_destroy)(struct CLIENT *); /* the ioctl() of rpc */ - bool_t (*cl_control)(struct __rpc_client *, int, + /* XXX CITI makes 2nd arg take u_int */ + bool_t (*cl_control)(struct CLIENT *, int, void *); } *cl_ops; void *cl_private; /* private stuff */ @@ -147,7 +149,7 @@ typedef struct __rpc_client { * enum clnt_stat * CLNT_CALL(rh, proc, xargs, argsp, xres, resp, timeout) * CLIENT *rh; - * rpc_u_int32 proc; + * rpcproc_t proc; * xdrproc_t xargs; * caddr_t argsp; * xdrproc_t xres; @@ -190,7 +192,7 @@ typedef struct __rpc_client { * bool_t * CLNT_CONTROL(cl, request, info) * CLIENT *cl; - * unsigned int request; + * u_int request; * char *info; */ #define CLNT_CONTROL(cl,rq,in) ((*(cl)->cl_ops->cl_control)(cl,rq,in)) @@ -227,16 +229,16 @@ typedef struct __rpc_client { * and network administration. */ -#define RPCTEST_PROGRAM ((rpc_u_int32)1) -#define RPCTEST_VERSION ((rpc_u_int32)1) -#define RPCTEST_NULL_PROC ((rpc_u_int32)2) -#define RPCTEST_NULL_BATCH_PROC ((rpc_u_int32)3) +#define RPCTEST_PROGRAM ((rpcprog_t)1) +#define RPCTEST_VERSION ((rpcvers_t)1) +#define RPCTEST_NULL_PROC ((rpcproc_t)2) +#define RPCTEST_NULL_BATCH_PROC ((rpcproc_t)3) /* * By convention, procedure 0 takes null arguments and returns them */ -#define NULLPROC ((rpc_u_int32)0) +#define NULLPROC ((rpcproc_t)0) /* * Below are the client handle creation routines for the various @@ -248,20 +250,15 @@ typedef struct __rpc_client { * Memory based rpc (for speed check and testing) * CLIENT * * clntraw_create(prog, vers) - * rpc_u_int32 prog; - * rpc_u_int32 vers; + * rpcprog_t prog; + * rpcvers_t vers; */ -#define clntraw_create gssrpc_clntraw_create -extern CLIENT *clntraw_create(rpc_u_int32, rpc_u_int32); - +extern CLIENT *clntraw_create(rpcprog_t, rpcvers_t); /* * Generic client creation routine. Supported protocols are "udp" and "tcp" */ -#define clnt_create gssrpc_clnt_create -extern CLIENT * -clnt_create(char *, rpc_u_int32, rpc_u_int32, char *); - +extern CLIENT *clnt_create(char *, rpcprog_t, rpcvers_t, char *); /* @@ -269,23 +266,22 @@ clnt_create(char *, rpc_u_int32, rpc_u_int32, char *); * CLIENT * * clnttcp_create(raddr, prog, vers, sockp, sendsz, recvsz) * struct sockaddr_in *raddr; - * rpc_u_int32 prog; - * rpc_u_int32 version; + * rpcprog_t prog; + * rpcvers_t version; * register int *sockp; - * unsigned int sendsz; - * unsigned int recvsz; + * u_int sendsz; + * u_int recvsz; */ -#define clnttcp_create gssrpc_clnttcp_create -extern CLIENT *clnttcp_create(struct sockaddr_in *, rpc_u_int32, rpc_u_int32, - int *, unsigned int, unsigned int); +extern CLIENT *clnttcp_create(struct sockaddr_in *, rpcprog_t, rpcvers_t, + int *, u_int, u_int); /* * UDP based rpc. * CLIENT * * clntudp_create(raddr, program, version, wait, sockp) * struct sockaddr_in *raddr; - * rpc_u_int32 program; - * rpc_u_int32 version; + * rpcprog_t program; + * rpcvers_t version; * struct timeval wait; * int *sockp; * @@ -293,49 +289,39 @@ extern CLIENT *clnttcp_create(struct sockaddr_in *, rpc_u_int32, rpc_u_int32, * CLIENT * * clntudp_bufcreate(raddr, program, version, wait, sockp, sendsz, recvsz) * struct sockaddr_in *raddr; - * rpc_u_int32 program; - * rpc_u_int32 version; + * rpcprog_t program; + * rpcvers_t version; * struct timeval wait; * int *sockp; - * unsigned int sendsz; - * unsigned int recvsz; + * u_int sendsz; + * u_int recvsz; */ -#define clntudp_create gssrpc_clntudp_create -#define clntudp_bufcreate gssrpc_clntudp_bufcreate -extern CLIENT *clntudp_create(struct sockaddr_in *, rpc_u_int32, - rpc_u_int32, struct timeval, int *); -extern CLIENT *clntudp_bufcreate(struct sockaddr_in *, rpc_u_int32, - rpc_u_int32, struct timeval, int *, - unsigned int, unsigned int); - -#define _rpc_dtablesize _gssrpc_rpc_dtablesize -extern int _rpc_dtablesize(void); +extern CLIENT *clntudp_create(struct sockaddr_in *, rpcprog_t, + rpcvers_t, struct timeval, int *); +extern CLIENT *clntudp_bufcreate(struct sockaddr_in *, rpcprog_t, + rpcvers_t, struct timeval, int *, + u_int, u_int); + /* * Print why creation failed */ -#define clnt_pcreateerror gssrpc_clnt_pcreateerror -#define clnt_spcreateerror gssrpc_clnt_spcreateerror void clnt_pcreateerror(char *); /* stderr */ char *clnt_spcreateerror(char *); /* string */ /* * Like clnt_perror(), but is more verbose in its output */ -#define clnt_perrno gssrpc_clnt_perrno -void clnt_perrno(enum clnt_stat num); /* stderr */ +void clnt_perrno(enum clnt_stat); /* stderr */ /* * Print an English error message, given the client error code */ -#define clnt_perror gssrpc_clnt_perror -#define clnt_sperror gssrpc_clnt_sperror void clnt_perror(CLIENT *, char *); /* stderr */ char *clnt_sperror(CLIENT *, char *); /* string */ /* * If a creation fails, the following allows the user to figure out why. */ -#define rpc_createerr gssrpc_rpc_createrr struct rpc_createerr { enum clnt_stat cf_stat; struct rpc_err cf_error; /* useful when cf_stat == RPC_PMAPFAILURE */ @@ -348,10 +334,11 @@ extern struct rpc_createerr rpc_createerr; /* * Copy error message to buffer. */ -#define clnt_sperrno gssrpc_clnt_sperrno char *clnt_sperrno(enum clnt_stat num); /* string */ #define UDPMSGSIZE 8800 /* rpc imposed limit on udp msg size */ #define RPCSMALLMSGSIZE 400 /* a more reasonable packet size */ -#endif /*!_CLNT_*/ +GSSRPC__END_DECLS + +#endif /* !defined(GSSRPC_CLNT_H) */ diff --git a/src/lib/rpc/clnt_generic.c b/src/lib/rpc/clnt_generic.c index c7cc24e49..d960c69dc 100644 --- a/src/lib/rpc/clnt_generic.c +++ b/src/lib/rpc/clnt_generic.c @@ -47,8 +47,8 @@ static char sccsid[] = "@(#)clnt_generic.c 1.4 87/08/11 (C) 1987 SMI"; CLIENT * clnt_create(hostname, prog, vers, proto) char *hostname; - unsigned prog; - unsigned vers; + rpcprog_t prog; + rpcvers_t vers; char *proto; { struct hostent *h; diff --git a/src/lib/rpc/clnt_perror.c b/src/lib/rpc/clnt_perror.c index 26aa97883..3fa788ffa 100644 --- a/src/lib/rpc/clnt_perror.c +++ b/src/lib/rpc/clnt_perror.c @@ -60,7 +60,7 @@ static char *auth_errmsg(enum auth_stat); static char *buf; static char * -_buf() +get_buf() { if (buf == NULL) buf = (char *)malloc(BUFSIZ); @@ -78,7 +78,7 @@ clnt_sperror(rpch, s) struct rpc_err e; void clnt_perrno(); char *err; - char *bufstart = _buf(); + char *bufstart = get_buf(); char *str = bufstart; char *strstart = str; @@ -124,8 +124,8 @@ clnt_sperror(rpch, s) if(str - bufstart + 33 + 22 < BUFSIZ) (void) sprintf(str, "; low version = %lu, high version = %lu", - (unsigned long) e.re_vers.low, - (unsigned long) e.re_vers.high); + (u_long) e.re_vers.low, + (u_long) e.re_vers.high); str += strlen(str); break; @@ -153,8 +153,8 @@ clnt_sperror(rpch, s) if(str - bufstart + 33 + 22 < BUFSIZ) (void) sprintf(str, "; low version = %lu, high version = %lu", - (unsigned long) e.re_vers.low, - (unsigned long) e.re_vers.high); + (u_long) e.re_vers.low, + (u_long) e.re_vers.high); str += strlen(str); break; @@ -163,8 +163,8 @@ clnt_sperror(rpch, s) if(str - bufstart + 14 + 22 < BUFSIZ) (void) sprintf(str, "; s1 = %lu, s2 = %lu", - (unsigned long) e.re_lb.s1, - (unsigned long) e.re_lb.s2); + (u_long) e.re_lb.s1, + (u_long) e.re_lb.s2); str += strlen(str); break; } @@ -256,7 +256,7 @@ char * clnt_spcreateerror(s) char *s; { - char *str = _buf(); + char *str = get_buf(); if (str == 0) return(0); diff --git a/src/lib/rpc/clnt_raw.c b/src/lib/rpc/clnt_raw.c index f3f2ff15d..5e02d891b 100644 --- a/src/lib/rpc/clnt_raw.c +++ b/src/lib/rpc/clnt_raw.c @@ -57,10 +57,10 @@ static struct clntraw_private { struct rpc_msg mashl_rpcmsg; char mashl_callmsg[MCALL_MSG_SIZE]; } u; - unsigned int mcnt; + u_int mcnt; } *clntraw_private; -static enum clnt_stat clntraw_call(CLIENT *, rpc_u_int32, xdrproc_t, +static enum clnt_stat clntraw_call(CLIENT *, rpcproc_t, xdrproc_t, void *, xdrproc_t, void *, struct timeval); static void clntraw_abort(CLIENT *); @@ -85,8 +85,8 @@ void svc_getreq(); */ CLIENT * clntraw_create(prog, vers) - rpc_u_int32 prog; - rpc_u_int32 vers; + rpcprog_t prog; + rpcvers_t vers; { register struct clntraw_private *clp = clntraw_private; struct rpc_msg call_msg; @@ -129,7 +129,7 @@ clntraw_create(prog, vers) static enum clnt_stat clntraw_call(h, proc, xargs, argsp, xresults, resultsp, timeout) CLIENT *h; - rpc_u_int32 proc; + rpcproc_t proc; xdrproc_t xargs; void * argsp; xdrproc_t xresults; @@ -171,7 +171,7 @@ call_again: */ xdrs->x_op = XDR_DECODE; XDR_SETPOS(xdrs, 0); - msg.acpted_rply.ar_verf = _null_auth; + msg.acpted_rply.ar_verf = gssrpc__null_auth; msg.acpted_rply.ar_results.where = resultsp; msg.acpted_rply.ar_results.proc = xresults; if (! xdr_replymsg(xdrs, &msg)) { @@ -191,7 +191,7 @@ call_again: xdrs->x_op = op; return (RPC_CANTDECODERES); } - sunrpc_seterr_reply(&msg, &error); + gssrpc__seterr_reply(&msg, &error); status = error.re_status; if (status == RPC_SUCCESS) { @@ -210,7 +210,7 @@ call_again: } if (msg.acpted_rply.ar_verf.oa_base != NULL) { xdrs->x_op = XDR_FREE; - (void)gssrpc_xdr_opaque_auth(xdrs, &(msg.acpted_rply.ar_verf)); + (void)xdr_opaque_auth(xdrs, &(msg.acpted_rply.ar_verf)); } } diff --git a/src/lib/rpc/clnt_simple.c b/src/lib/rpc/clnt_simple.c index d3fe2d0e4..bb8454634 100644 --- a/src/lib/rpc/clnt_simple.c +++ b/src/lib/rpc/clnt_simple.c @@ -54,10 +54,12 @@ static struct callrpc_private { } *callrpc_private; int -gssrpc_callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out) +callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out) char *host; xdrproc_t inproc, outproc; - rpc_u_int32 prognum, versnum, procnum; + rpcprog_t prognum; + rpcvers_t versnum; + rpcproc_t procnum; char *in, *out; { register struct callrpc_private *crp = callrpc_private; @@ -98,8 +100,8 @@ gssrpc_callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out) sizeof(server_addr.sin_addr)); server_addr.sin_family = AF_INET; server_addr.sin_port = 0; - if ((crp->client = clntudp_create(&server_addr, (rpc_u_int32)prognum, - (rpc_u_int32)versnum, timeout, &crp->socket)) == NULL) + if ((crp->client = clntudp_create(&server_addr, prognum, + versnum, timeout, &crp->socket)) == NULL) return ((int) rpc_createerr.cf_stat); crp->valid = 1; crp->oldprognum = prognum; diff --git a/src/lib/rpc/clnt_tcp.c b/src/lib/rpc/clnt_tcp.c index 58324529f..fec7533e9 100644 --- a/src/lib/rpc/clnt_tcp.c +++ b/src/lib/rpc/clnt_tcp.c @@ -56,13 +56,14 @@ static char sccsid[] = "@(#)clnt_tcp.c 1.37 87/10/05 Copyr 1984 Sun Micro"; #include #include #include +#include #include /* FD_ZERO may need memset declaration (e.g., Solaris 9) */ #include #define MCALL_MSG_SIZE 24 -static enum clnt_stat clnttcp_call(CLIENT *, rpc_u_int32, xdrproc_t, void *, +static enum clnt_stat clnttcp_call(CLIENT *, rpcproc_t, xdrproc_t, void *, xdrproc_t, void *, struct timeval); static void clnttcp_abort(CLIENT *); static void clnttcp_geterr(CLIENT *, struct rpc_err *); @@ -88,9 +89,9 @@ struct ct_data { struct rpc_err ct_error; union { char ct_mcall[MCALL_MSG_SIZE]; /* marshalled callmsg */ - rpc_u_int32 ct_mcalli; + uint32_t ct_mcalli; } ct_u; - unsigned int ct_mpos; /* pos after marshal */ + u_int ct_mpos; /* pos after marshal */ XDR ct_xdrs; }; @@ -115,11 +116,11 @@ static int writetcp(char *, caddr_t, int); CLIENT * clnttcp_create(raddr, prog, vers, sockp, sendsz, recvsz) struct sockaddr_in *raddr; - rpc_u_int32 prog; - rpc_u_int32 vers; + rpcprog_t prog; + rpcvers_t vers; register int *sockp; - unsigned int sendsz; - unsigned int recvsz; + u_int sendsz; + u_int recvsz; { CLIENT *h; register struct ct_data *ct = 0; @@ -145,7 +146,7 @@ clnttcp_create(raddr, prog, vers, sockp, sendsz, recvsz) * If no port number given ask the pmap for one */ if (raddr->sin_port == 0) { - unsigned short port; + u_short port; if ((port = pmap_getport(raddr, prog, vers, IPPROTO_TCP)) == 0) { mem_free((caddr_t)ct, sizeof(struct ct_data)); mem_free((caddr_t)h, sizeof(CLIENT)); @@ -159,7 +160,7 @@ clnttcp_create(raddr, prog, vers, sockp, sendsz, recvsz) */ if (*sockp < 0) { *sockp = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - (void)gssrpc_bindresvport(*sockp, (struct sockaddr_in *)0); + (void)bindresvport(*sockp, (struct sockaddr_in *)0); if ((*sockp < 0) || (connect(*sockp, (struct sockaddr *)raddr, sizeof(*raddr)) < 0)) { @@ -228,7 +229,7 @@ fooy: static enum clnt_stat clnttcp_call(h, proc, xdr_args, args_ptr, xdr_results, results_ptr, timeout) register CLIENT *h; - rpc_u_int32 proc; + rpcproc_t proc; xdrproc_t xdr_args; void * args_ptr; xdrproc_t xdr_results; @@ -238,8 +239,8 @@ clnttcp_call(h, proc, xdr_args, args_ptr, xdr_results, results_ptr, timeout) register struct ct_data *ct = (struct ct_data *) h->cl_private; register XDR *xdrs = &(ct->ct_xdrs); struct rpc_msg reply_msg; - rpc_u_int32 x_id; - rpc_u_int32 *msg_x_id = &ct->ct_u.ct_mcalli; /* yuk */ + uint32_t x_id; + uint32_t *msg_x_id = &ct->ct_u.ct_mcalli; /* yuk */ register bool_t shipnow; int refreshes = 2; long procl = proc; @@ -282,7 +283,7 @@ call_again: */ xdrs->x_op = XDR_DECODE; while (TRUE) { - reply_msg.acpted_rply.ar_verf = _null_auth; + reply_msg.acpted_rply.ar_verf = gssrpc__null_auth; reply_msg.acpted_rply.ar_results.where = NULL; reply_msg.acpted_rply.ar_results.proc = xdr_void; if (! xdrrec_skiprecord(xdrs)) @@ -309,7 +310,7 @@ call_again: /* * process header */ - sunrpc_seterr_reply(&reply_msg, &(ct->ct_error)); + gssrpc__seterr_reply(&reply_msg, &(ct->ct_error)); if (ct->ct_error.re_status == RPC_SUCCESS) { if (! AUTH_VALIDATE(h->cl_auth, &reply_msg.acpted_rply.ar_verf)) { ct->ct_error.re_status = RPC_AUTHERROR; @@ -329,7 +330,7 @@ call_again: if ((reply_msg.rm_reply.rp_stat == MSG_ACCEPTED) && (reply_msg.acpted_rply.ar_verf.oa_base != NULL)) { xdrs->x_op = XDR_FREE; - (void)gssrpc_xdr_opaque_auth(xdrs, &(reply_msg.acpted_rply.ar_verf)); + (void)xdr_opaque_auth(xdrs, &(reply_msg.acpted_rply.ar_verf)); } return (ct->ct_error.re_status); } @@ -445,7 +446,7 @@ readtcp(ctptr, buf, len) while (TRUE) { readfds = mask; tout = ct->ct_wait; - switch (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set*)NULL, (fd_set*)NULL, + switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set*)NULL, (fd_set*)NULL, &tout)) { case 0: ct->ct_error.re_status = RPC_TIMEDOUT; diff --git a/src/lib/rpc/clnt_udp.c b/src/lib/rpc/clnt_udp.c index 6e20e5799..d245cb9be 100644 --- a/src/lib/rpc/clnt_udp.c +++ b/src/lib/rpc/clnt_udp.c @@ -47,6 +47,7 @@ static char sccsid[] = "@(#)clnt_udp.c 1.39 87/08/11 Copyr 1984 Sun Micro"; #endif #include #include +#include #include #include @@ -54,7 +55,7 @@ static char sccsid[] = "@(#)clnt_udp.c 1.39 87/08/11 Copyr 1984 Sun Micro"; /* * UDP bases client side rpc operations */ -static enum clnt_stat clntudp_call(CLIENT *, rpc_u_int32, xdrproc_t, void *, +static enum clnt_stat clntudp_call(CLIENT *, rpcproc_t, xdrproc_t, void *, xdrproc_t, void *, struct timeval); static void clntudp_abort(CLIENT *); static void clntudp_geterr(CLIENT *, struct rpc_err *); @@ -85,10 +86,10 @@ struct cu_data { struct timeval cu_total; struct rpc_err cu_error; XDR cu_outxdrs; - unsigned int cu_xdrpos; - unsigned int cu_sendsz; + u_int cu_xdrpos; + u_int cu_sendsz; char *cu_outbuf; - unsigned int cu_recvsz; + u_int cu_recvsz; char cu_inbuf[1]; }; @@ -111,12 +112,12 @@ struct cu_data { CLIENT * clntudp_bufcreate(raddr, program, version, wait, sockp, sendsz, recvsz) struct sockaddr_in *raddr; - rpc_u_int32 program; - rpc_u_int32 version; + rpcprog_t program; + rpcvers_t version; struct timeval wait; register int *sockp; - unsigned int sendsz; - unsigned int recvsz; + u_int sendsz; + u_int recvsz; { CLIENT *cl; register struct cu_data *cu = 0; @@ -143,7 +144,7 @@ clntudp_bufcreate(raddr, program, version, wait, sockp, sendsz, recvsz) (void)gettimeofday(&now, (struct timezone *)0); if (raddr->sin_port == 0) { - unsigned short port; + u_short port; if ((port = pmap_getport(raddr, program, version, IPPROTO_UDP)) == 0) { goto fooy; @@ -180,7 +181,7 @@ clntudp_bufcreate(raddr, program, version, wait, sockp, sendsz, recvsz) goto fooy; } /* attempt to bind to prov port */ - (void)gssrpc_bindresvport(*sockp, (struct sockaddr_in *)0); + (void)bindresvport(*sockp, (struct sockaddr_in *)0); /* the sockets rpc controls are non-blocking */ (void)ioctl(*sockp, FIONBIO, (char *) &dontblock); cu->cu_closeit = TRUE; @@ -207,8 +208,8 @@ fooy: CLIENT * clntudp_create(raddr, program, version, wait, sockp) struct sockaddr_in *raddr; - rpc_u_int32 program; - rpc_u_int32 version; + rpcprog_t program; + rpcvers_t version; struct timeval wait; register int *sockp; { @@ -220,7 +221,7 @@ clntudp_create(raddr, program, version, wait, sockp) static enum clnt_stat clntudp_call(cl, proc, xargs, argsp, xresults, resultsp, utimeout) register CLIENT *cl; /* client handle */ - rpc_u_int32 proc; /* procedure number */ + rpcproc_t proc; /* procedure number */ xdrproc_t xargs; /* xdr routine for args */ void * argsp; /* pointer to args */ xdrproc_t xresults; /* xdr routine for results */ @@ -263,7 +264,7 @@ call_again: /* * the transaction is the first thing in the out buffer */ - (*(rpc_u_int32 *)(void *)(cu->cu_outbuf))++; + (*(uint32_t *)(void *)(cu->cu_outbuf))++; if ((! XDR_PUTLONG(xdrs, &procl)) || (! AUTH_MARSHALL(cl->cl_auth, xdrs)) || (! AUTH_WRAP(cl->cl_auth, xdrs, xargs, argsp))) @@ -287,7 +288,7 @@ send_again: * some clock time to spare while the packets are in flight. * (We assume that this is actually only executed once.) */ - reply_msg.acpted_rply.ar_verf = _null_auth; + reply_msg.acpted_rply.ar_verf = gssrpc__null_auth; reply_msg.acpted_rply.ar_results.where = NULL; reply_msg.acpted_rply.ar_results.proc = xdr_void; #ifdef FD_SETSIZE @@ -299,7 +300,7 @@ send_again: for (;;) { readfds = mask; seltimeout = cu->cu_wait; - switch (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set *)NULL, + switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL, (fd_set *)NULL, &seltimeout)) { case 0: @@ -337,11 +338,11 @@ send_again: cu->cu_error.re_errno = errno; return (cu->cu_error.re_status = RPC_CANTRECV); } - if (inlen < sizeof(rpc_u_int32)) + if (inlen < sizeof(uint32_t)) continue; /* see if reply transaction id matches sent id */ - if (*((rpc_u_int32 *)(void *)(cu->cu_inbuf)) != - *((rpc_u_int32 *)(void *)(cu->cu_outbuf))) + if (*((uint32_t *)(void *)(cu->cu_inbuf)) != + *((uint32_t *)(void *)(cu->cu_outbuf))) continue; /* we now assume we have the proper reply */ break; @@ -350,11 +351,11 @@ send_again: /* * now decode and validate the response */ - xdrmem_create(&reply_xdrs, cu->cu_inbuf, (unsigned int)inlen, XDR_DECODE); + xdrmem_create(&reply_xdrs, cu->cu_inbuf, (u_int)inlen, XDR_DECODE); ok = xdr_replymsg(&reply_xdrs, &reply_msg); /* XDR_DESTROY(&reply_xdrs); save a few cycles on noop destroy */ if (ok) { - sunrpc_seterr_reply(&reply_msg, &(cu->cu_error)); + gssrpc__seterr_reply(&reply_msg, &(cu->cu_error)); if (cu->cu_error.re_status == RPC_SUCCESS) { if (! AUTH_VALIDATE(cl->cl_auth, &reply_msg.acpted_rply.ar_verf)) { @@ -378,7 +379,7 @@ send_again: if ((reply_msg.rm_reply.rp_stat == MSG_ACCEPTED) && (reply_msg.acpted_rply.ar_verf.oa_base != NULL)) { xdrs->x_op = XDR_FREE; - (void)gssrpc_xdr_opaque_auth(xdrs, + (void)xdr_opaque_auth(xdrs, &(reply_msg.acpted_rply.ar_verf)); } } /* end of valid reply message */ diff --git a/src/lib/rpc/configure.in b/src/lib/rpc/configure.in index 1ac761036..43108975d 100644 --- a/src/lib/rpc/configure.in +++ b/src/lib/rpc/configure.in @@ -3,11 +3,6 @@ CONFIG_RULES AC_CONFIG_SUBDIRS(unit-test) AC_CHECK_HEADERS(sys/uio.h) AC_TYPE_GETGROUPS -dnl Arrange for types.hin to include stdlib.h -AC_CHECK_HEADER(stdlib.h, [ - STDLIB_INCLUDE="#include "], - [STDLIB_INCLUDE=""]) -AC_SUBST(STDLIB_INCLUDE) dnl ### Check where struct rpcent is declared. # # This is necessary to determine: @@ -39,12 +34,107 @@ rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'], rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H']) AC_SUBST(rpcent_define) -AC_CHECK_SIZEOF(int) -SIZEOF_INT=$ac_cv_sizeof_int -AC_SUBST(SIZEOF_INT) -AC_CHECK_SIZEOF(long) -SIZEOF_LONG=$ac_cv_sizeof_long -AC_SUBST(SIZEOF_LONG) +AC_CHECK_HEADERS(sys/select.h sys/time.h unistd.h) +if test $ac_cv_header_sys_select_h = yes; then + GSSRPC__SYS_SELECT_H='#include ' +else + GSSRPC__SYS_SELECT_H='/* #include */' +fi +AC_SUBST(GSSRPC__SYS_SELECT_H) +if test $ac_cv_header_sys_time_h = yes; then + GSSRPC__SYS_TIME_H='#include ' +else + GSSRPC__SYS_TIME_H='/* #include */' +fi +AC_SUBST(GSSRPC__SYS_TIME_H) +if test $ac_cv_header_unistd_h = yes; then + GSSRPC__UNISTD_H='#include ' +else + GSSRPC__UNISTD_H='/* #include */' +fi +AC_SUBST(GSSRPC__UNISTD_H) + +AC_CACHE_CHECK([for MAXHOSTNAMELEN in sys/param.h], + [krb5_cv_header_sys_param_h_maxhostnamelen], + [AC_TRY_COMPILE([#include ], + [int i = MAXHOSTNAMELEN;], + [krb5_cv_headersys_param_h_maxhostnamelen=yes], + [krb5_cv_header_sys_param_h_maxhostnamelen=no])]) +AC_CACHE_CHECK([for MAXHOSTNAMELEN in netdb.h], + [krb5_cv_header_netdb_h_maxhostnamelen], + [AC_TRY_COMPILE([#include ], + [int i = MAXHOSTNAMELEN;], + [krb5_cv_header_netdb_h_maxhostnamelen=yes], + [krb5_cv_header_netdb_h_maxhostnamelen=no])]) + +GSSRPC__SYS_PARAM_H='/* #include */' +GSSRPC__NETDB_H='/* #include */' +if test $krb5_cv_header_sys_param_h_maxhostnamelen = yes; then + GSSRPC__SYS_PARAM_H='#include ' +else + if test $krb5_cv_header_netdb_h_maxhostnamelen = yes; then + GSSRPC__NETDB_H='#include ' + else + AC_MSG_WARN([can't find MAXHOSTNAMELEN definition; faking it]) + fi +fi +AC_SUBST(GSSRPC__SYS_PARAM_H) +AC_SUBST(GSSRPC__NETDB_H) + +AC_CACHE_CHECK([for int32_t in sys/types.h], + [krb5_cv_header_sys_types_h_int32_t], + [AC_TRY_COMPILE([#include ], + [int32_t i = 0;], + [krb5_cv_header_sys_types_h_int32_t=yes], + [krb5_cv_header_sys_types_h_int32_t=no])]) +AC_CACHE_CHECK([for int32_t in stdint.h], + [krb5_cv_header_stdint_h_int32_t], + [AC_TRY_COMPILE([#include ], + [int32_t i = 0;], + [krb5_cv_header_stdint_h_int32_t=yes], + [krb5_cv_header_stdint_h_int32_t=no])]) +AC_CACHE_CHECK([for int32_t in inttypes.h], + [krb5_cv_header_inttypes_h_int32_t], + [AC_TRY_COMPILE([#include ], + [int32_t i = 0;], + [krb5_cv_header_inttypes_h_int32_t=yes], + [krb5_cv_header_inttypes_h_int32_t=no])]) +GSSRPC__STDINT_H='/* #include */' +GSSRPC__INTTYPES_H='/* #include */' +GSSRPC__FAKE_INT32='/* #undef GSSRPC__FAKE_INT32 */' +if test $krb5_cv_header_sys_types_h_int32_t = yes; then + : # already included sys/types.h +else + if test $krb5_cv_header_stdint_h_int32_t = yes; then + GSSRPC__STDINT_H='#include ' + else + if test $krb5_cv_header_inttypes_h_int_32_t = yes; then + GSSRPC__INTTYPES_H='#include ' + else + AC_MSG_WARN([can't find a fixed-width 32-bit type anywhere; faking it]) + GSSRPC__FAKE_INT32='#define GSSRPC__FAKE_INT32 1' + fi + fi +fi +AC_SUBST(GSSRPC__STDINT_H) +AC_SUBST(GSSRPC__INTTYPES_H) +AC_SUBST(GSSRPC__FAKE_INT32) + +AC_CACHE_CHECK([for BSD type aliases], [krb5_cv_type_bsdaliases], + [AC_TRY_COMPILE( + [#include +#if HAVE_UNISTD_H +#include +#endif], + [u_char c; +u_int i; +u_long l;], [krb5_cv_type_bsdaliases=yes], [krb5_cv_type_bsdaliases=no])]) +if test $krb5_cv_type_bsdaliases = yes; then + GSSRPC__BSD_TYPEALIASES='/* #undef GSSRPC__BSD_TYPEALIASES */' +else + GSSRPC__BSD_TYPEALIASES='#define GSSRPC__BSD_TYPEALIASES 1' +fi +AC_SUBST(GSSRPC__BSD_TYPEALIASES) AC_CHECK_FUNCS(strerror) diff --git a/src/lib/rpc/get_myaddress.c b/src/lib/rpc/get_myaddress.c index 1f4f4eec5..8c6aa12fd 100644 --- a/src/lib/rpc/get_myaddress.c +++ b/src/lib/rpc/get_myaddress.c @@ -50,7 +50,7 @@ static char sccsid[] = "@(#)get_myaddress.c 1.4 87/08/11 Copyr 1984 Sun Micro"; * don't use gethostbyname, which would invoke yellow pages */ int -gssrpc_get_myaddress(addr) +get_myaddress(addr) struct sockaddr_in *addr; { memset((void *) addr, 0, sizeof(*addr)); diff --git a/src/lib/rpc/getrpcent.c b/src/lib/rpc/getrpcent.c index 08ad02db9..b1d380b2b 100644 --- a/src/lib/rpc/getrpcent.c +++ b/src/lib/rpc/getrpcent.c @@ -60,7 +60,7 @@ struct rpcdata { char line[BUFSIZ+1]; char *domain; } *rpcdata; -static struct rpcdata *_rpcdata(); +static struct rpcdata *get_rpcdata(); static struct rpcent *interpret(); struct hostent *gethostent(); @@ -69,7 +69,7 @@ char *inet_ntoa(); static char RPCDB[] = "/etc/rpc"; static struct rpcdata * -_rpcdata() +get_rpcdata() { register struct rpcdata *d = rpcdata; @@ -84,7 +84,7 @@ struct rpcent * getrpcbynumber(number) register int number; { - register struct rpcdata *d = _rpcdata(); + register struct rpcdata *d = get_rpcdata(); register struct rpcent *p; int reason; char adrstr[16], *val = NULL; diff --git a/src/lib/rpc/getrpcport.c b/src/lib/rpc/getrpcport.c index 8c07bc7cc..66bcb6f99 100644 --- a/src/lib/rpc/getrpcport.c +++ b/src/lib/rpc/getrpcport.c @@ -45,7 +45,9 @@ static char sccsid[] = "@(#)getrpcport.c 1.3 87/08/11 SMI"; int gssrpc_getrpcport(host, prognum, versnum, proto) char *host; - rpc_u_int32 prognum, versnum, proto; + rpcprog_t prognum; + rpcvers_t versnum; + rpcprot_t proto; { struct sockaddr_in addr; struct hostent *hp; diff --git a/src/lib/rpc/pmap_clnt.c b/src/lib/rpc/pmap_clnt.c index 7c9de2f6c..39e8d90bd 100644 --- a/src/lib/rpc/pmap_clnt.c +++ b/src/lib/rpc/pmap_clnt.c @@ -46,21 +46,18 @@ static char sccsid[] = "@(#)pmap_clnt.c 1.37 87/08/11 Copyr 1984 Sun Micro"; static struct timeval timeout = { 5, 0 }; static struct timeval tottimeout = { 60, 0 }; -#define clnt_perror gssrpc_clnt_perror void clnt_perror(); -#define get_myaddress gssrpc_get_myaddress - /* * Set a mapping between program,version and port. * Calls the pmap service remotely to do the mapping. */ bool_t pmap_set(program, version, protocol, port) - rpc_u_int32 program; - rpc_u_int32 version; - int protocol; - int port; + rpcprog_t program; + rpcvers_t version; + rpcprot_t protocol; + u_int port; { struct sockaddr_in myaddress; int socket = -1; @@ -93,8 +90,8 @@ pmap_set(program, version, protocol, port) */ bool_t pmap_unset(program, version) - rpc_u_int32 program; - rpc_u_int32 version; + rpcprog_t program; + rpcvers_t version; { struct sockaddr_in myaddress; int socket = -1; diff --git a/src/lib/rpc/pmap_clnt.h b/src/lib/rpc/pmap_clnt.h index 976b15ec9..808306865 100644 --- a/src/lib/rpc/pmap_clnt.h +++ b/src/lib/rpc/pmap_clnt.h @@ -35,6 +35,9 @@ * Copyright (C) 1984, Sun Microsystems, Inc. */ +#ifndef GSSRPC_PMAP_CLNT_H +#define GSSRPC_PMAP_CLNT_H + /* * Usage: * success = pmap_set(program, version, protocol, port); @@ -57,27 +60,22 @@ * address if the responder to the broadcast. */ -#define pmap_set gssrpc_pmap_set -#define pmap_unset gssrpc_pmap_unset -#define pmap_getmaps gssrpc_pmap_getmaps -#define pmap_rmtcall gssrpc_pmap_rmtcall -#define clnt_broadcast gssrpc_clnt_broadcast -#define pmap_getport gssrpc_pmap_getport - -extern bool_t pmap_set(rpc_u_int32, rpc_u_int32, int, - int); -extern bool_t pmap_unset(rpc_u_int32, rpc_u_int32); +GSSRPC__BEGIN_DECLS +extern bool_t pmap_set(rpcprog_t, rpcvers_t, rpcprot_t, u_int); +extern bool_t pmap_unset(rpcprog_t, rpcvers_t); extern struct pmaplist *pmap_getmaps(struct sockaddr_in *); -enum clnt_stat pmap_rmtcall(struct sockaddr_in *, rpc_u_int32, - rpc_u_int32, rpc_u_int32, xdrproc_t, +enum clnt_stat pmap_rmtcall(struct sockaddr_in *, rpcprog_t, + rpcvers_t, rpcproc_t, xdrproc_t, caddr_t, xdrproc_t, caddr_t, - struct timeval, rpc_u_int32 *); + struct timeval, rpcport_t *); typedef bool_t (*resultproc_t)(caddr_t, struct sockaddr_in *); -enum clnt_stat clnt_broadcast(rpc_u_int32, rpc_u_int32, rpc_u_int32, +enum clnt_stat clnt_broadcast(rpcprog_t, rpcvers_t, rpcproc_t, xdrproc_t, caddr_t, xdrproc_t, caddr_t, resultproc_t); -extern unsigned short pmap_getport(struct sockaddr_in *, - rpc_u_int32, - rpc_u_int32, rpc_u_int32); +extern u_short pmap_getport(struct sockaddr_in *, + rpcprog_t, + rpcvers_t, rpcprot_t); +GSSRPC__END_DECLS +#endif /* !defined(GSSRPC_PMAP_CLNT_H) */ diff --git a/src/lib/rpc/pmap_getport.c b/src/lib/rpc/pmap_getport.c index 0757a67cc..35be08774 100644 --- a/src/lib/rpc/pmap_getport.c +++ b/src/lib/rpc/pmap_getport.c @@ -57,12 +57,12 @@ static struct timeval tottimeout = { 60, 0 }; * Calls the pmap service remotely to do the lookup. * Returns 0 if no map exists. */ -unsigned short +u_short pmap_getport(address, program, version, protocol) struct sockaddr_in *address; - rpc_u_int32 program; - rpc_u_int32 version; - rpc_u_int32 protocol; + rpcprog_t program; + rpcvers_t version; + rpcprot_t protocol; { unsigned short port = 0; int sock = -1; diff --git a/src/lib/rpc/pmap_prot.h b/src/lib/rpc/pmap_prot.h index 24f45274b..8a8802b05 100644 --- a/src/lib/rpc/pmap_prot.h +++ b/src/lib/rpc/pmap_prot.h @@ -47,13 +47,13 @@ * TRUE is success, FALSE is failure. Un-registers pair * [prog, vers]. prot and port are ignored. * - * PMAPPROC_GETPORT(struct pmap) returns (rpc_int32 unsigned). + * PMAPPROC_GETPORT(struct pmap) returns (u_short). * 0 is failure. Otherwise returns the port number where the pair * [prog, vers] is registered. It may lie! * * PMAPPROC_DUMP() RETURNS (struct pmaplist *) * - * PMAPPROC_CALLIT(unsigned, unsigned, unsigned, string<>) + * PMAPPROC_CALLIT(rpcprog_t, rpcvers_t, rpcproc_t, string<>) * RETURNS (port, string<>); * usage: encapsulatedresults = PMAPPROC_CALLIT(prog, vers, proc, encapsulatedargs); * Calls the procedure on the local machine. If it is not registered, @@ -65,26 +65,29 @@ * The service supports remote procedure calls on udp/ip or tcp/ip socket 111. */ -#define PMAPPORT ((unsigned short)111) -#define PMAPPROG ((rpc_u_int32)100000) -#define PMAPVERS ((rpc_u_int32)2) -#define PMAPVERS_PROTO ((rpc_u_int32)2) -#define PMAPVERS_ORIG ((rpc_u_int32)1) -#define PMAPPROC_NULL ((rpc_u_int32)0) -#define PMAPPROC_SET ((rpc_u_int32)1) -#define PMAPPROC_UNSET ((rpc_u_int32)2) -#define PMAPPROC_GETPORT ((rpc_u_int32)3) -#define PMAPPROC_DUMP ((rpc_u_int32)4) -#define PMAPPROC_CALLIT ((rpc_u_int32)5) +#ifndef GSSRPC_PMAP_PROT_H +#define GSSRPC_PMAP_PROT_H +GSSRPC__BEGIN_DECLS + +#define PMAPPORT ((u_short)111) +#define PMAPPROG ((rpcprog_t)100000) +#define PMAPVERS ((rpcvers_t)2) +#define PMAPVERS_PROTO ((rpcprot_t)2) +#define PMAPVERS_ORIG ((rpcvers_t)1) +#define PMAPPROC_NULL ((rpcproc_t)0) +#define PMAPPROC_SET ((rpcproc_t)1) +#define PMAPPROC_UNSET ((rpcproc_t)2) +#define PMAPPROC_GETPORT ((rpcproc_t)3) +#define PMAPPROC_DUMP ((rpcproc_t)4) +#define PMAPPROC_CALLIT ((rpcproc_t)5) struct pmap { - rpc_u_int32 pm_prog; - rpc_u_int32 pm_vers; - rpc_u_int32 pm_prot; - rpc_u_int32 pm_port; + rpcprog_t pm_prog; + rpcvers_t pm_vers; + rpcprot_t pm_prot; + rpcport_t pm_port; }; -#define xdr_pmap gssrpc_xdr_pmap extern bool_t xdr_pmap(XDR *, struct pmap *); struct pmaplist { @@ -92,5 +95,7 @@ struct pmaplist { struct pmaplist *pml_next; }; -#define xdr_pmaplist gssrpc_xdr_pmaplist extern bool_t xdr_pmaplist(XDR *, struct pmaplist **); + +GSSRPC__END_DECLS +#endif /* !defined(GSSRPC_PMAP_PROT_H) */ diff --git a/src/lib/rpc/pmap_prot2.c b/src/lib/rpc/pmap_prot2.c index 8c9722b21..4743ede83 100644 --- a/src/lib/rpc/pmap_prot2.c +++ b/src/lib/rpc/pmap_prot2.c @@ -109,7 +109,7 @@ xdr_pmaplist(xdrs, rp) if (freeing) next = &((*rp)->pml_next); if (! xdr_reference(xdrs, (caddr_t *)rp, - (unsigned int)sizeof(struct pmaplist), xdr_pmap)) + (u_int)sizeof(struct pmaplist), xdr_pmap)) return (FALSE); rp = (freeing) ? next : &((*rp)->pml_next); } diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c index 3e82cea91..a1c3b63b3 100644 --- a/src/lib/rpc/pmap_rmt.c +++ b/src/lib/rpc/pmap_rmt.c @@ -73,11 +73,13 @@ static struct timeval timeout = { 3, 0 }; enum clnt_stat pmap_rmtcall(addr, prog, vers, proc, xdrargs, argsp, xdrres, resp, tout, port_ptr) struct sockaddr_in *addr; - rpc_u_int32 prog, vers, proc; + rpcprog_t prog; + rpcvers_t vers; + rpcproc_t proc; xdrproc_t xdrargs, xdrres; caddr_t argsp, resp; struct timeval tout; - rpc_u_int32 *port_ptr; + rpcport_t *port_ptr; { int sock = -1; register CLIENT *client; @@ -117,7 +119,7 @@ xdr_rmtcall_args(xdrs, cap) register XDR *xdrs; register struct rmtcallargs *cap; { - unsigned int lenposition, argposition, position; + u_int lenposition, argposition, position; if (xdr_u_int32(xdrs, &(cap->prog)) && xdr_u_int32(xdrs, &(cap->vers)) && @@ -129,7 +131,7 @@ xdr_rmtcall_args(xdrs, cap) if (! (*(cap->xdr_args))(xdrs, cap->args_ptr)) return (FALSE); position = XDR_GETPOS(xdrs); - cap->arglen = (rpc_u_int32)position - (rpc_u_int32)argposition; + cap->arglen = (uint32_t)position - (uint32_t)argposition; XDR_SETPOS(xdrs, lenposition); if (! xdr_u_int32(xdrs, &(cap->arglen))) return (FALSE); @@ -151,9 +153,9 @@ xdr_rmtcallres(xdrs, crp) caddr_t port_ptr; port_ptr = (caddr_t)(void *)crp->port_ptr; - if (xdr_reference(xdrs, &port_ptr, sizeof (rpc_u_int32), + if (xdr_reference(xdrs, &port_ptr, sizeof (uint32_t), xdr_u_int32) && xdr_u_int32(xdrs, &crp->resultslen)) { - crp->port_ptr = (rpc_u_int32 *)(void *)port_ptr; + crp->port_ptr = (uint32_t *)(void *)port_ptr; return ((*(crp->xdr_results))(xdrs, crp->results_ptr)); } return (FALSE); @@ -224,9 +226,9 @@ getbroadcastnets(addrs, sock, buf) enum clnt_stat clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult) - rpc_u_int32 prog; /* program number */ - rpc_u_int32 vers; /* version number */ - rpc_u_int32 proc; /* procedure number */ + rpcprog_t prog; /* program number */ + rpcvers_t vers; /* version number */ + rpcproc_t proc; /* procedure number */ xdrproc_t xargs; /* xdr routine for args */ caddr_t argsp; /* pointer to args */ xdrproc_t xresults; /* xdr routine for results */ @@ -249,8 +251,8 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult) #endif /* def FD_SETSIZE */ register int i; bool_t done = FALSE; - register rpc_u_int32 xid; - rpc_u_int32 port; + register uint32_t xid; + rpcport_t port; struct in_addr addrs[20]; struct sockaddr_in baddr, raddr; /* broadcast and response addresses */ struct rmtcallargs a; @@ -337,12 +339,12 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult) goto done_broad; } recv_again: - msg.acpted_rply.ar_verf = _null_auth; + msg.acpted_rply.ar_verf = gssrpc__null_auth; msg.acpted_rply.ar_results.where = (caddr_t)&r; msg.acpted_rply.ar_results.proc = xdr_rmtcallres; readfds = mask; t2 = t; - switch (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set *)NULL, + switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL, (fd_set *)NULL, &t2)) { case 0: /* timed out */ @@ -368,18 +370,18 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult) stat = RPC_CANTRECV; goto done_broad; } - if (inlen < sizeof(rpc_u_int32)) + if (inlen < sizeof(uint32_t)) goto recv_again; /* * see if reply transaction id matches sent id. * If so, decode the results. */ - xdrmem_create(xdrs, inbuf, (unsigned int)inlen, XDR_DECODE); + xdrmem_create(xdrs, inbuf, (u_int)inlen, XDR_DECODE); if (xdr_replymsg(xdrs, &msg)) { if ((msg.rm_xid == xid) && (msg.rm_reply.rp_stat == MSG_ACCEPTED) && (msg.acpted_rply.ar_stat == SUCCESS)) { - raddr.sin_port = htons((unsigned short)port); + raddr.sin_port = htons((u_short)port); done = (*eachresult)(resultsp, &raddr); } /* otherwise, we just ignore the errors ... */ diff --git a/src/lib/rpc/pmap_rmt.h b/src/lib/rpc/pmap_rmt.h index 0771a7440..48789b453 100644 --- a/src/lib/rpc/pmap_rmt.h +++ b/src/lib/rpc/pmap_rmt.h @@ -35,21 +35,29 @@ * Copyright (C) 1986, Sun Microsystems, Inc. */ +#ifndef GSSRPC_PMAP_RMT_H +#define GSSRPC_PMAP_RMT_H +GSSRPC__BEGIN_DECLS + struct rmtcallargs { - rpc_u_int32 prog, vers, proc, arglen; + rpcprog_t prog; + rpcvers_t vers; + rpcproc_t proc; + uint32_t arglen; caddr_t args_ptr; xdrproc_t xdr_args; }; -#define xdr_rmtcall_args gssrpc_xdr_rmtcall_args bool_t xdr_rmtcall_args(XDR *, struct rmtcallargs *); struct rmtcallres { - rpc_u_int32 *port_ptr; - rpc_u_int32 resultslen; + rpcport_t *port_ptr; + uint32_t resultslen; caddr_t results_ptr; xdrproc_t xdr_results; }; -#define xdr_rmtcallres gssrpc_xdr_rmtcallres bool_t xdr_rmtcallres(XDR *, struct rmtcallres *); + +GSSRPC__END_DECLS +#endif /* !defined(GSSRPC_PMAP_RMT_H) */ diff --git a/src/lib/rpc/rename.h b/src/lib/rpc/rename.h new file mode 100644 index 000000000..a0444e209 --- /dev/null +++ b/src/lib/rpc/rename.h @@ -0,0 +1,287 @@ +/* + * lib/rpc/rename.h + * + * Copyright (C) 2004 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Namespace mangling for various purposes. + * + * Symbols in the object code need to be renamed to not conflict with + * an OS-provided RPC implementation. Without renaming, the conflicts + * can cause problems with things like RPC-enabled NSS + * implementations. + * + * Symbols in headers should not conflict with implementation-reserved + * namespace (prefixes "_[A-Z_]" for any purpose; prefix "_" + * for file scope identifiers and tag names), or unnecessarily impinge + * on user namespace. + * + * The renaming of the header directory is done to avoid problems when + * the OS header files include and might get ours instead. + * OS vendors should replace all the inclusions with + * inclusions, as appropriate. Additionally, vendors + * should probably put some symbols into the implementation namespace. + * + * For example, inclusion protection should change from "GSSRPC_*_H" + * to "_RPC_*_H", struct tags should get "__" prefixes, etc. + * + * This implementation reserves the object code prefix "gssrpc_". + * External names in the RPC API not beginning with "_" get renamed + * with the prefix "gssrpc_" via #define, e.g., "foo" -> "gssrpc_foo". + * External names in the RPC API beginning with "_" get textually + * rewritten, with "#if 0"-disabled #defines mapping them back to + * their original forms, e.g., "_foo" is rewrittten to "gssrpc__foo" + * in the original files, with an unused "#define gssrpc__foo _foo" + * here. + */ + +#ifndef GSSRPC_RENAME_H +#define GSSRPC_RENAME_H + +/* auth.h */ + +#define xdr_des_block gssrpc_xdr_des_block + +#define authany_wrap gssrpc_authany_wrap +#define authany_unwrap gssrpc_authany_unwrap + +#define authunix_create gssrpc_authunix_create +#define authunix_create_default gssrpc_authunix_create_default +#define authnone_create gssrpc_authnone_create +#define authdes_create gssrpc_authdes_create +#define xdr_opaque_auth gssrpc_xdr_opaque_auth + +#if 0 +#define gssrpc__null_auth _null_auth +#endif + +/* auth_gss.h */ + +#define xdr_rpc_gss_cred gssrpc_xdr_rpc_gss_cred +#define xdr_rpc_gss_init_args gssrpc_xdr_rpc_gss_init_args +#define xdr_rpc_gss_init_res gssrpc_xdr_rpc_gss_init_res +#define xdr_rpc_gss_data gssrpc_xdr_rpc_gss_data +#define xdr_rpc_gss_wrap_data gssrpc_xdr_rpc_gss_wrap_data +#define xdr_rpc_gss_unwrap_data gssrpc_xdr_rpc_gss_unwrap_data + +#define authgss_create gssrpc_authgss_create +#define authgss_create_default gssrpc_authgss_create_default +#define authgss_service gssrpc_authgss_service + +/* auth_gssapi.h */ + +#define xdr_gss_buf gssrpc_xdr_gss_buf +#define xdr_authgssapi_creds gssrpc_xdr_authgssapi_creds +#define xdr_authgssapi_init_arg gssrpc_xdr_authgssapi_init_arg +#define xdr_authgssapi_init_res gssrpc_xdr_authgssapi_init_res + +#define auth_gssapi_wrap_data gssrpc_auth_gssapi_wrap_data +#define auth_gssapi_unwrap_data gssrpc_auth_gssapi_unwrap_data +#define auth_gssapi_create gssrpc_auth_gssapi_create +#define auth_gssapi_create_default gssrpc_auth_gssapi_create_default +#define auth_gssapi_display_status gssrpc_auth_gssapi_display_status +#define auth_gssapi_seal_seq gssrpc_auth_gssapi_seal_seq +#define auth_gssapi_unseal_seq gssrpc_auth_gssapi_unseal_seq + +#define svcauth_gssapi_set_names gssrpc_svcauth_gssapi_set_names +#define svcauth_gssapi_unset_names gssrpc_svcauth_gssapi_unset_names +#define svcauth_gssapi_set_log_badauth_func gssrpc_svcauth_gssapi_set_log_badauth_func +#define svcauth_gssapi_set_log_badverf_func gssrpc_svcauth_gssapi_set_log_badverf_func +#define svcauth_gssapi_set_log_miscerr_func gssrpc_svcauth_gssapi_set_log_miscerr_func + +#if 0 +/* Unfortunately, code outside the library calls these... */ +#define gssrpc__svcauth_gssapi_set_names _svcauth_gssapi_set_names +#define gssrpc__svcauth_gssapi_unset_names _svcauth_gssapi_unset_names +#define gssrpc__svcauth_gssapi_set_log_badauth_func \ + _svcauth_gssapi_set_log_badauth_func +#define gssrpc__svcauth_gssapi_set_log_badverf_func \ + _svcauth_gssapi_set_log_badverf_func +#define gssrpc__svcauth_gssapi_set_log_miscerr_func \ + _svcauth_gssapi_set_log_miscerr_func +#endif + +/* auth_unix.h */ + +#define xdr_authunix_parms gssrpc_xdr_authunix_parms + +/* clnt.h */ + +#define clntraw_create gssrpc_clntraw_create +#define clnt_create gssrpc_clnt_create +#define clnttcp_create gssrpc_clnttcp_create +#define clntudp_create gssrpc_clntudp_create +#define clntudp_bufcreate gssrpc_clntudp_bufcreate +#define clnt_pcreateerror gssrpc_clnt_pcreateerror +#define clnt_spcreateerror gssrpc_clnt_spcreateerror +#define clnt_perrno gssrpc_clnt_perrno +#define clnt_perror gssrpc_clnt_perror +#define clnt_sperror gssrpc_clnt_sperror +/* XXX do we need to rename the struct? */ +#define rpc_createerr gssrpc_rpc_createrr +#define clnt_sperrno gssrpc_clnt_sperrno + +/* pmap_clnt.h */ + +#define pmap_set gssrpc_pmap_set +#define pmap_unset gssrpc_pmap_unset +#define pmap_getmaps gssrpc_pmap_getmaps +#define pmap_rmtcall gssrpc_pmap_rmtcall +#define clnt_broadcast gssrpc_clnt_broadcast +#define pmap_getport gssrpc_pmap_getport + +/* pmap_prot.h */ + +#define xdr_pmap gssrpc_xdr_pmap +#define xdr_pmaplist gssrpc_xdr_pmaplist + +/* pmap_rmt.h */ + +#define xdr_rmtcall_args gssrpc_xdr_rmtcall_args +#define xdr_rmtcallres gssrpc_xdr_rmtcallres + +/* rpc.h */ + +#define get_myaddress gssrpc_get_myaddress +#define bindresvport gssrpc_bindresvport +#define callrpc gssrpc_callrpc +#define getrpcport gssrpc_getrpcport + +#if 0 +#define gssrpc__rpc_getdtablesize _rpc_getdtablesize +#endif + +/* rpc_msg.h */ + +#define xdr_callmsg gssrpc_xdr_callmsg +#define xdr_callhdr gssrpc_xdr_callhdr +#define xdr_replymsg gssrpc_xdr_replymsg +#define xdr_accepted_reply gssrpc_xdr_accepted_reply +#define xdr_rejected_reply gssrpc_xdr_rejected_reply + +#if 0 +#define gssrpc__seterr_reply _seterr_reply +#endif + +/* svc.h */ + +#define svc_register gssrpc_svc_register +#define registerrpc gssrpc_registerrpc +#define svc_unregister gssrpc_svc_unregister +#define xprt_register gssrpc_xprt_register +#define xprt_unregister gssrpc_xprt_unregister + +#define svc_sendreply gssrpc_svc_sendreply +#define svcerr_decode gssrpc_svcerr_decode +#define svcerr_weakauth gssrpc_svcerr_weakauth +#define svcerr_noproc gssrpc_svcerr_noproc +#define svcerr_progvers gssrpc_svcerr_progvers +#define svcerr_auth gssrpc_svcerr_auth +#define svcerr_noprog gssrpc_svcerr_noprog +#define svcerr_systemerr gssrpc_svcerr_systemerr + +#define svc_maxfd gssrpc_svc_maxfd +#define svc_fdset gssrpc_svc_fdset +#define svc_fds gssrpc_svc_fds + +#define rpctest_service gssrpc_rpctest_service + +#define svc_getreq gssrpc_svc_getreq +#define svc_getreqset gssrpc_svc_getreqset +#define svc_getreqset2 gssrpc_svc_getreqset2 +#define svc_run gssrpc_svc_run + +#define svcraw_create gssrpc_svcraw_create + +#define svcudp_create gssrpc_svcudp_create +#define svcudp_bufcreate gssrpc_svcudp_bufcreate +#define svcudp_enablecache gssrpc_svcudp_enablecache + +#define svctcp_create gssrpc_svctcp_create + +#define svcfd_create gssrpc_svcfd_create + +/* svc_auth.h */ + +#define svc_auth_none_ops gssrpc_svc_auth_none_ops +#define svc_auth_gssapi_ops gssrpc_svc_auth_gssapi_ops +#define svc_auth_gss_ops gssrpc_svc_auth_gss_ops + +#define svcauth_gss_set_svc_name gssrpc_svcauth_gss_set_svc_name +#define svcauth_gss_get_principal gssrpc_svcauth_gss_get_principal + +#if 0 +#define gssrpc__authenticate _authenticate +#define gssrpc__svcauth_none _svcauth_none +#define gssrpc__svcauth_unix _svcauth_unix +#define gssrpc__svcauth_short _svcauth_short +#define gssrpc__svcauth_gssapi _svcauth_gssapi +#define gssrpc__svcauth_gss _svcauth_gss +#endif + +/* svc_auth_none.c */ + +#define svc_auth_none gssrpc_svc_auth_none + +/* xdr.h */ + +#define xdr_void gssrpc_xdr_void +#define xdr_int gssrpc_xdr_int +#define xdr_u_int gssrpc_xdr_u_int +#define xdr_long gssrpc_xdr_long +#define xdr_u_long gssrpc_xdr_u_long +#define xdr_short gssrpc_xdr_short +#define xdr_u_short gssrpc_xdr_u_short +#define xdr_bool gssrpc_xdr_bool +#define xdr_enum gssrpc_xdr_enum +#define xdr_array gssrpc_xdr_array +#define xdr_bytes gssrpc_xdr_bytes +#define xdr_opaque gssrpc_xdr_opaque +#define xdr_string gssrpc_xdr_string +#define xdr_union gssrpc_xdr_union +#define xdr_char gssrpc_xdr_char +#define xdr_u_char gssrpc_xdr_u_char +#define xdr_vector gssrpc_xdr_vector +#define xdr_float gssrpc_xdr_float +#define xdr_double gssrpc_xdr_double +#define xdr_reference gssrpc_xdr_reference +#define xdr_pointer gssrpc_xdr_pointer +#define xdr_wrapstring gssrpc_xdr_wrapstring +#define xdr_free gssrpc_xdr_free + +#define xdr_netobj gssrpc_xdr_netobj +#define xdr_int32 gssrpc_xdr_int32 +#define xdr_u_int32 gssrpc_xdr_u_int32 + +#define xdralloc_create gssrpc_xdralloc_create +#define xdralloc_release gssrpc_xdralloc_release +#define xdralloc_getdata gssrpc_xdralloc_getdata + +#define xdrmem_create gssrpc_xdrmem_create +#define xdrstdio_create gssrpc_xdrstdio_create +#define xdrrec_create gssrpc_xdrrec_create +#define xdrrec_endofrecord gssrpc_xdrrec_endofrecord +#define xdrrec_skiprecord gssrpc_xdrrec_skiprecord +#define xdrrec_eof gssrpc_xdrrec_eof + +#endif /* !defined(GSSRPC_RENAME_H) */ diff --git a/src/lib/rpc/rpc.h b/src/lib/rpc/rpc.h index 484cd9d5c..0f1730d18 100644 --- a/src/lib/rpc/rpc.h +++ b/src/lib/rpc/rpc.h @@ -34,8 +34,8 @@ * * Copyright (C) 1984, Sun Microsystems, Inc. */ -#ifndef __RPC_HEADER__ -#define __RPC_HEADER__ +#ifndef GSSRPC_RPC_H +#define GSSRPC_RPC_H #include /* some typedefs */ #include @@ -52,11 +52,14 @@ /* semi-private protocol headers */ #include /* protocol for rpc messages */ #include /* protocol for unix style cred */ +#include /* RPCSEC_GSS */ /* * Uncomment-out the next line if you are building the rpc library with * DES Authentication (see the README file in the secure_rpc/ directory). */ -/*#include protocol for des style cred */ +#if 0 +#include protocol for des style cred +#endif /* Server side only remote procedure callee */ #include /* service side authenticator */ @@ -84,17 +87,13 @@ * get the local host's IP address without consulting * name service library functions */ -#define get_myaddress gssrpc_get_myaddress -extern int get_myaddress (struct sockaddr_in *); - -#define bindresvport gssrpc_bindresvport +GSSRPC__BEGIN_DECLS +extern int get_myaddress(struct sockaddr_in *); extern int bindresvport(int, struct sockaddr_in *); +extern int callrpc(char *, rpcprog_t, rpcvers_t, rpcproc_t, xdrproc_t, + char *, xdrproc_t , char *); +extern int getrpcport(char *, rpcprog_t, rpcvers_t, rpcprot_t); +extern int gssrpc__rpc_dtablesize(void); +GSSRPC__END_DECLS -#define callrpc gssrpc_callrpc -extern int callrpc (char *, rpc_u_int32, rpc_u_int32, rpc_u_int32, xdrproc_t, - char *, xdrproc_t , char *); - -#define getrpcport gssrpc_getrpcport -extern int getrpcport (char *, rpc_u_int32, rpc_u_int32, rpc_u_int32); - -#endif /* ndef __RPC_HEADER__ */ +#endif /* !defined(GSSRPC_RPC_H) */ diff --git a/src/lib/rpc/rpc_callmsg.c b/src/lib/rpc/rpc_callmsg.c index 831f2fd2d..7765f1f22 100644 --- a/src/lib/rpc/rpc_callmsg.c +++ b/src/lib/rpc/rpc_callmsg.c @@ -50,7 +50,7 @@ xdr_callmsg(xdrs, cmsg) register XDR *xdrs; register struct rpc_msg *cmsg; { - register rpc_int32 *buf; + register rpc_inline_t *buf; register struct opaque_auth *oa; if (xdrs->x_op == XDR_ENCODE) { @@ -60,7 +60,7 @@ xdr_callmsg(xdrs, cmsg) if (cmsg->rm_call.cb_verf.oa_length > MAX_AUTH_BYTES) { return (FALSE); } - buf = (rpc_int32 *) XDR_INLINE(xdrs, (int) ( + buf = (rpc_inline_t *) XDR_INLINE(xdrs, (int) ( 8 * BYTES_PER_XDR_UNIT + RNDUP(cmsg->rm_call.cb_cred.oa_length) + 2 * BYTES_PER_XDR_UNIT @@ -84,7 +84,7 @@ xdr_callmsg(xdrs, cmsg) if (oa->oa_length) { memmove((caddr_t)buf, oa->oa_base, oa->oa_length); - buf += RNDUP(oa->oa_length) / sizeof (rpc_int32); + buf += RNDUP(oa->oa_length) / BYTES_PER_XDR_UNIT; } oa = &cmsg->rm_call.cb_verf; IXDR_PUT_ENUM(buf, oa->oa_flavor); @@ -93,14 +93,14 @@ xdr_callmsg(xdrs, cmsg) memmove((caddr_t)buf, oa->oa_base, oa->oa_length); /* no real need.... - buf += RNDUP(oa->oa_length) / sizeof (rpc_int32); + buf += RNDUP(oa->oa_length) / BYTES_PER_XDR_UNIT; */ } return (TRUE); } } if (xdrs->x_op == XDR_DECODE) { - buf = (rpc_int32 *) XDR_INLINE(xdrs, 8 * BYTES_PER_XDR_UNIT); + buf = (rpc_inline_t *) XDR_INLINE(xdrs, 8 * BYTES_PER_XDR_UNIT); if (buf != NULL) { cmsg->rm_xid = IXDR_GET_LONG(buf); cmsg->rm_direction = IXDR_GET_ENUM(buf, enum msg_type); @@ -125,7 +125,7 @@ xdr_callmsg(xdrs, cmsg) oa->oa_base = (caddr_t) mem_alloc(oa->oa_length); } - buf = (rpc_int32 *) + buf = (rpc_inline_t *) XDR_INLINE(xdrs, (int)RNDUP(oa->oa_length)); if (buf == NULL) { if (xdr_opaque(xdrs, oa->oa_base, @@ -137,12 +137,12 @@ xdr_callmsg(xdrs, cmsg) oa->oa_length); /* no real need.... buf += RNDUP(oa->oa_length) / - sizeof (rpc_int32); + BYTES_PER_XDR_UNIT; */ } } oa = &cmsg->rm_call.cb_verf; - buf = (rpc_int32 *) + buf = (rpc_inline_t *) XDR_INLINE(xdrs, 2 * BYTES_PER_XDR_UNIT); if (buf == NULL) { if (xdr_enum(xdrs, &oa->oa_flavor) == FALSE || @@ -161,7 +161,7 @@ xdr_callmsg(xdrs, cmsg) oa->oa_base = (caddr_t) mem_alloc(oa->oa_length); } - buf = (rpc_int32 *) + buf = (rpc_inline_t *) XDR_INLINE(xdrs, (int)RNDUP(oa->oa_length)); if (buf == NULL) { if (xdr_opaque(xdrs, oa->oa_base, @@ -173,7 +173,7 @@ xdr_callmsg(xdrs, cmsg) oa->oa_length); /* no real need... buf += RNDUP(oa->oa_length) / - sizeof (rpc_int32); + BYTES_PER_XDR_UNIT; */ } } @@ -189,8 +189,8 @@ xdr_callmsg(xdrs, cmsg) xdr_u_int32(xdrs, &(cmsg->rm_call.cb_prog)) && xdr_u_int32(xdrs, &(cmsg->rm_call.cb_vers)) && xdr_u_int32(xdrs, &(cmsg->rm_call.cb_proc)) && - gssrpc_xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_cred)) ) - return (gssrpc_xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_verf))); + xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_cred)) ) + return (xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_verf))); return (FALSE); } diff --git a/src/lib/rpc/rpc_commondata.c b/src/lib/rpc/rpc_commondata.c index 530b181e8..dc3df925c 100644 --- a/src/lib/rpc/rpc_commondata.c +++ b/src/lib/rpc/rpc_commondata.c @@ -35,7 +35,8 @@ * Actually initialized to prevent creation of common blocks, which * can be problematic on some architectures. */ -struct opaque_auth _null_auth = {0}; +/* RENAMED: should be _null_auth */ +struct opaque_auth gssrpc__null_auth = {0}; #ifdef FD_SETSIZE fd_set svc_fdset; /* Will be zeroed in data segment */ int gssrpc_svc_fdset_init = 0; diff --git a/src/lib/rpc/rpc_dtablesize.c b/src/lib/rpc/rpc_dtablesize.c index 0a00bfe03..c7d23296f 100644 --- a/src/lib/rpc/rpc_dtablesize.c +++ b/src/lib/rpc/rpc_dtablesize.c @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)rpc_dtablesize.c 1.2 87/08/11 Copyr 1987 Sun Micro"; * expensive system call every time. */ int -_gssrpc_rpc_dtablesize() +gssrpc__rpc_dtablesize(void) { static int size; diff --git a/src/lib/rpc/rpc_msg.h b/src/lib/rpc/rpc_msg.h index 37632848f..62d632967 100644 --- a/src/lib/rpc/rpc_msg.h +++ b/src/lib/rpc/rpc_msg.h @@ -36,8 +36,13 @@ * Copyright (C) 1984, Sun Microsystems, Inc. */ -#define RPC_MSG_VERSION ((rpc_u_int32) 2) -#define RPC_SERVICE_PORT ((unsigned short) 2048) +#ifndef GSSRPC_RPC_MSG_H +#define GSSRPC_RPC_MSG_H + +GSSRPC__BEGIN_DECLS + +#define RPC_MSG_VERSION ((uint32_t) 2) +#define RPC_SERVICE_PORT ((u_short) 2048) /* * Bottom up definition of an rpc message. @@ -83,8 +88,8 @@ struct accepted_reply { enum accept_stat ar_stat; union { struct { - rpc_u_int32 low; - rpc_u_int32 high; + rpcvers_t low; + rpcvers_t high; } AR_versions; struct { caddr_t where; @@ -103,8 +108,8 @@ struct rejected_reply { enum reject_stat rj_stat; union { struct { - rpc_u_int32 low; - rpc_u_int32 high; + rpcvers_t low; + rpcvers_t high; } RJ_versions; enum auth_stat RJ_why; /* why authentication did not work */ } ru; @@ -129,10 +134,10 @@ struct reply_body { * Body of an rpc request call. */ struct call_body { - rpc_u_int32 cb_rpcvers; /* must be equal to two */ - rpc_u_int32 cb_prog; - rpc_u_int32 cb_vers; - rpc_u_int32 cb_proc; + rpcvers_t cb_rpcvers; /* must be equal to two */ + rpcprog_t cb_prog; + rpcvers_t cb_vers; + rpcproc_t cb_proc; struct opaque_auth cb_cred; struct opaque_auth cb_verf; /* protocol specific - provided by client */ }; @@ -141,7 +146,7 @@ struct call_body { * The rpc message */ struct rpc_msg { - rpc_u_int32 rm_xid; + uint32_t rm_xid; enum msg_type rm_direction; union { struct call_body RM_cmb; @@ -160,7 +165,6 @@ struct rpc_msg { * XDR *xdrs; * struct rpc_msg *cmsg; */ -#define xdr_callmsg gssrpc_xdr_callmsg extern bool_t xdr_callmsg(XDR *, struct rpc_msg *); /* @@ -169,7 +173,6 @@ extern bool_t xdr_callmsg(XDR *, struct rpc_msg *); * XDR *xdrs; * struct rpc_msg *cmsg; */ -#define xdr_callhdr gssrpc_xdr_callhdr extern bool_t xdr_callhdr(XDR *, struct rpc_msg *); /* @@ -178,7 +181,6 @@ extern bool_t xdr_callhdr(XDR *, struct rpc_msg *); * XDR *xdrs; * struct rpc_msg *rmsg; */ -#define xdr_replymsg gssrpc_xdr_replymsg extern bool_t xdr_replymsg(XDR *, struct rpc_msg *); /* @@ -187,15 +189,17 @@ extern bool_t xdr_replymsg(XDR *, struct rpc_msg *); * struct rpc_msg *msg; * struct rpc_err *error; */ -#define _seterr_reply _gssrpc_seterr_reply -#define sunrpc_seterr_reply _seterr_reply -extern void _seterr_reply(struct rpc_msg *, struct rpc_err *); +/* + * RENAMED: should be _seterr_reply or __seterr_reply if we can use + * reserved namespace. + */ +extern void gssrpc__seterr_reply(struct rpc_msg *, struct rpc_err *); /* XDR the MSG_ACCEPTED part of a reply message union */ -#define xdr_accepted_reply gssrpc_xdr_accepted_reply extern bool_t xdr_accepted_reply(XDR *, struct accepted_reply *); /* XDR the MSG_DENIED part of a reply message union */ -#define xdr_rejected_reply gssrpc_xdr_rejected_reply extern bool_t xdr_rejected_reply(XDR *, struct rejected_reply *); +GSSRPC__END_DECLS +#endif /* !defined(GSSRPC_RPC_MSG_H) */ diff --git a/src/lib/rpc/rpc_prot.c b/src/lib/rpc/rpc_prot.c index 92391118a..26e0088ed 100644 --- a/src/lib/rpc/rpc_prot.c +++ b/src/lib/rpc/rpc_prot.c @@ -55,7 +55,7 @@ static char sccsid[] = "@(#)rpc_prot.c 1.36 87/08/11 Copyr 1984 Sun Micro"; * (see auth.h) */ bool_t -gssrpc_xdr_opaque_auth(xdrs, ap) +xdr_opaque_auth(xdrs, ap) register XDR *xdrs; register struct opaque_auth *ap; { @@ -83,13 +83,13 @@ xdr_des_block(xdrs, blkp) * XDR the MSG_ACCEPTED part of a reply message union */ bool_t -gssrpc_xdr_accepted_reply(xdrs, ar) +xdr_accepted_reply(xdrs, ar) register XDR *xdrs; register struct accepted_reply *ar; { /* personalized union, rather than calling xdr_union */ - if (! gssrpc_xdr_opaque_auth(xdrs, &(ar->ar_verf))) + if (! xdr_opaque_auth(xdrs, &(ar->ar_verf))) return (FALSE); if (! xdr_enum(xdrs, (enum_t *)&(ar->ar_stat))) return (FALSE); @@ -116,7 +116,7 @@ gssrpc_xdr_accepted_reply(xdrs, ar) * XDR the MSG_DENIED part of a reply message union */ bool_t -gssrpc_xdr_rejected_reply(xdrs, rr) +xdr_rejected_reply(xdrs, rr) register XDR *xdrs; register struct rejected_reply *rr; { @@ -138,8 +138,8 @@ gssrpc_xdr_rejected_reply(xdrs, rr) } static struct xdr_discrim reply_dscrm[3] = { - { (int)MSG_ACCEPTED, gssrpc_xdr_accepted_reply }, - { (int)MSG_DENIED, gssrpc_xdr_rejected_reply }, + { (int)MSG_ACCEPTED, xdr_accepted_reply }, + { (int)MSG_DENIED, xdr_rejected_reply }, { __dontcare__, NULL_xdrproc_t } }; /* @@ -219,8 +219,8 @@ accepted(acpt_stat, error) } /* something's wrong, but we don't know what ... */ error->re_status = RPC_FAILED; - error->re_lb.s1 = (rpc_int32)MSG_ACCEPTED; - error->re_lb.s2 = (rpc_int32)acpt_stat; + error->re_lb.s1 = (int32_t)MSG_ACCEPTED; + error->re_lb.s2 = (int32_t)acpt_stat; } static void @@ -241,15 +241,15 @@ rejected(rjct_stat, error) } /* something's wrong, but we don't know what ... */ error->re_status = RPC_FAILED; - error->re_lb.s1 = (rpc_int32)MSG_DENIED; - error->re_lb.s2 = (rpc_int32)rjct_stat; + error->re_lb.s1 = (int32_t)MSG_DENIED; + error->re_lb.s2 = (int32_t)rjct_stat; } /* * given a reply message, fills in the error */ void -sunrpc_seterr_reply(msg, error) +gssrpc__seterr_reply(msg, error) register struct rpc_msg *msg; register struct rpc_err *error; { @@ -271,7 +271,7 @@ sunrpc_seterr_reply(msg, error) default: error->re_status = RPC_FAILED; - error->re_lb.s1 = (rpc_int32)(msg->rm_reply.rp_stat); + error->re_lb.s1 = (int32_t)(msg->rm_reply.rp_stat); break; } switch (error->re_status) { diff --git a/src/lib/rpc/svc.c b/src/lib/rpc/svc.c index 902681541..e35c80c03 100644 --- a/src/lib/rpc/svc.c +++ b/src/lib/rpc/svc.c @@ -69,12 +69,12 @@ static SVCXPRT *xports[NOFILE]; */ static struct svc_callout { struct svc_callout *sc_next; - rpc_u_int32 sc_prog; - rpc_u_int32 sc_vers; + rpcprog_t sc_prog; + rpcprog_t sc_vers; void (*sc_dispatch)(); } *svc_head; -static struct svc_callout *svc_find(rpc_u_int32, rpc_u_int32, +static struct svc_callout *svc_find(rpcprog_t, rpcvers_t, struct svc_callout **); /* *************** SVCXPRT related stuff **************** */ @@ -98,7 +98,7 @@ xprt_register(xprt) mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *)); memset(xports, 0, FD_SETSIZE * sizeof(SVCXPRT *)); } - if (sock < _gssrpc_rpc_dtablesize()) { + if (sock < gssrpc__rpc_dtablesize()) { xports[sock] = xprt; FD_SET(sock, &svc_fdset); if (max_xport < sock) @@ -123,7 +123,7 @@ xprt_unregister(xprt) register int sock = xprt->xp_sock; #ifdef FD_SETSIZE - if ((sock < _gssrpc_rpc_dtablesize()) && (xports[sock] == xprt)) { + if ((sock < gssrpc__rpc_dtablesize()) && (xports[sock] == xprt)) { xports[sock] = (SVCXPRT *)0; FD_CLR(sock, &svc_fdset); if (max_xport <= sock) { @@ -150,8 +150,8 @@ xprt_unregister(xprt) bool_t svc_register(xprt, prog, vers, dispatch, protocol) SVCXPRT *xprt; - rpc_u_int32 prog; - rpc_u_int32 vers; + rpcprog_t prog; + rpcvers_t vers; void (*dispatch)(); int protocol; { @@ -185,8 +185,8 @@ pmap_it: */ void svc_unregister(prog, vers) - rpc_u_int32 prog; - rpc_u_int32 vers; + rpcprog_t prog; + rpcvers_t vers; { struct svc_callout *prev; register struct svc_callout *s; @@ -199,7 +199,7 @@ svc_unregister(prog, vers) prev->sc_next = s->sc_next; } s->sc_next = NULL_SVC; - mem_free((char *) s, (unsigned int) sizeof(struct svc_callout)); + mem_free((char *) s, (u_int) sizeof(struct svc_callout)); /* now unregister the information with the local binder service */ (void)pmap_unset(prog, vers); } @@ -210,8 +210,8 @@ svc_unregister(prog, vers) */ static struct svc_callout * svc_find(prog, vers, prev) - rpc_u_int32 prog; - rpc_u_int32 vers; + rpcprog_t prog; + rpcvers_t vers; struct svc_callout **prev; { register struct svc_callout *s, *p; @@ -347,8 +347,8 @@ svcerr_noprog(xprt) void svcerr_progvers(xprt, low_vers, high_vers) register SVCXPRT *xprt; - rpc_u_int32 low_vers; - rpc_u_int32 high_vers; + rpcvers_t low_vers; + rpcvers_t high_vers; { struct rpc_msg rply; @@ -414,8 +414,8 @@ svc_getreqset(readfds) enum xprt_stat stat; struct rpc_msg msg; int prog_found; - rpc_u_int32 low_vers; - rpc_u_int32 high_vers; + rpcvers_t low_vers; + rpcvers_t high_vers; struct svc_req r; register SVCXPRT *xprt; register int sock; @@ -451,13 +451,10 @@ svc_getreqset(readfds) r.rq_proc = msg.rm_call.cb_proc; r.rq_cred = msg.rm_call.cb_cred; - /* in case _authenticate has been replaced - with an old-style version */ - r.rq_xprt->xp_auth = &svc_auth_any; no_dispatch = FALSE; /* first authenticate the message */ - why=_authenticate(&r, &msg, &no_dispatch); + why=gssrpc__authenticate(&r, &msg, &no_dispatch); if (why != AUTH_OK) { svcerr_auth(xprt, why); goto call_done; @@ -467,7 +464,7 @@ svc_getreqset(readfds) /* now match message with a registered service*/ prog_found = FALSE; - low_vers = (rpc_u_int32) -1L; + low_vers = (rpcvers_t) -1L; high_vers = 0; for (s = svc_head; s != NULL_SVC; s = s->sc_next) { if (s->sc_prog == r.rq_prog) { diff --git a/src/lib/rpc/svc.h b/src/lib/rpc/svc.h index 161a21df6..360e5cbf6 100644 --- a/src/lib/rpc/svc.h +++ b/src/lib/rpc/svc.h @@ -34,9 +34,12 @@ * Copyright (C) 1984, Sun Microsystems, Inc. */ -#ifndef __SVC_HEADER__ -#define __SVC_HEADER__ +#ifndef GSSRPC_SVC_H +#define GSSRPC_SVC_H +#include + +GSSRPC__BEGIN_DECLS /* * This interface must manage two items concerning remote procedure calling: * @@ -68,25 +71,25 @@ enum xprt_stat { /* * Server side transport handle */ -typedef struct __rpc_svcxprt { +typedef struct SVCXPRT { int xp_sock; - unsigned short xp_port; /* associated port number */ + u_short xp_port; /* associated port number */ struct xp_ops { /* receive incomming requests */ - bool_t (*xp_recv)(struct __rpc_svcxprt *, struct rpc_msg *); + bool_t (*xp_recv)(struct SVCXPRT *, struct rpc_msg *); /* get transport status */ - enum xprt_stat (*xp_stat)(struct __rpc_svcxprt *); + enum xprt_stat (*xp_stat)(struct SVCXPRT *); /* get arguments */ - bool_t (*xp_getargs)(struct __rpc_svcxprt *, xdrproc_t, + bool_t (*xp_getargs)(struct SVCXPRT *, xdrproc_t, void *); /* send reply */ - bool_t (*xp_reply)(struct __rpc_svcxprt *, + bool_t (*xp_reply)(struct SVCXPRT *, struct rpc_msg *); /* free mem allocated for args */ - bool_t (*xp_freeargs)(struct __rpc_svcxprt *, xdrproc_t, + bool_t (*xp_freeargs)(struct SVCXPRT *, xdrproc_t, void *); /* destroy this struct */ - void (*xp_destroy)(struct __rpc_svcxprt *); + void (*xp_destroy)(struct SVCXPRT *); } *xp_ops; int xp_addrlen; /* length of remote address */ struct sockaddr_in xp_raddr; /* remote address */ @@ -156,14 +159,14 @@ typedef struct __rpc_svcxprt { * Service request */ struct svc_req { - rpc_u_int32 rq_prog; /* service program number */ - rpc_u_int32 rq_vers; /* service protocol version */ - rpc_u_int32 rq_proc; /* the desired procedure */ + rpcprog_t rq_prog; /* service program number */ + rpcvers_t rq_vers; /* service protocol version */ + rpcproc_t rq_proc; /* the desired procedure */ struct opaque_auth rq_cred; /* raw creds from the wire */ void * rq_clntcred; /* read only cooked client cred */ - void * rq_svccred; /* read only cooked svc cred */ + void * rq_svccred; /* read only svc cred/context */ + void * rq_clntname; /* read only client name */ SVCXPRT *rq_xprt; /* associated transport */ - /* The request's auth flavor *should* be here, but the svc_req */ /* isn't passed around everywhere it is necessary. The */ /* transport *is* passed around, so the auth flavor it stored */ @@ -178,20 +181,18 @@ struct svc_req { * * svc_register(xprt, prog, vers, dispatch, protocol) * SVCXPRT *xprt; - * rpc_u_int32 prog; - * rpc_u_int32 vers; + * rpcprog_t prog; + * rpcvers_t vers; * void (*dispatch)(); * int protocol; like TCP or UDP, zero means do not register * * registerrpc(prog, vers, proc, routine, inproc, outproc) * returns 0 upon success, -1 if error. */ -#define svc_register gssrpc_svc_register -extern bool_t svc_register(SVCXPRT *, rpc_u_int32, rpc_u_int32, +extern bool_t svc_register(SVCXPRT *, rpcprog_t, rpcvers_t, void (*)(struct svc_req *, SVCXPRT *), int); -#define registerrpc gssrpc_registerrpc -extern int registerrpc(rpc_u_int32, rpc_u_int32, rpc_u_int32, +extern int registerrpc(rpcprog_t, rpcvers_t, rpcproc_t, char *(*)(void *), xdrproc_t, xdrproc_t); @@ -199,11 +200,10 @@ extern int registerrpc(rpc_u_int32, rpc_u_int32, rpc_u_int32, * Service un-registration * * svc_unregister(prog, vers) - * rpc_u_int32 prog; - * rpc_u_int32 vers; + * rpcprog_t prog; + * rpcvers_t vers; */ -#define svc_unregister gssrpc_svc_unregister -extern void svc_unregister(rpc_u_int32, rpc_u_int32); +extern void svc_unregister(rpcprog_t, rpcvers_t); /* * Transport registration. @@ -211,7 +211,6 @@ extern void svc_unregister(rpc_u_int32, rpc_u_int32); * xprt_register(xprt) * SVCXPRT *xprt; */ -#define xprt_register gssrpc_xprt_register extern void xprt_register(SVCXPRT *); /* @@ -220,12 +219,9 @@ extern void xprt_register(SVCXPRT *); * xprt_unregister(xprt) * SVCXPRT *xprt; */ -#define xprt_unregister gssrpc_xprt_unregister extern void xprt_unregister(SVCXPRT *); - - /* * When the service routine is called, it must first check to see if * it knows about the procedure; if not, it should call svcerr_noproc @@ -253,24 +249,15 @@ extern void xprt_unregister(SVCXPRT *); * deadlock the caller and server processes! */ -#define svc_sendreply gssrpc_svc_sendreply -#define svcerr_decode gssrpc_svcerr_decode -#define svcerr_weakauth gssrpc_svcerr_weakauth -#define svcerr_noproc gssrpc_svcerr_noproc -#define svcerr_progvers gssrpc_svcerr_progvers -#define svcerr_auth gssrpc_svcerr_auth -#define svcerr_noprog gssrpc_svcerr_noprog -#define svcerr_systemerr gssrpc_svcerr_systemerr - extern bool_t svc_sendreply(SVCXPRT *, xdrproc_t, caddr_t); extern void svcerr_decode(SVCXPRT *); extern void svcerr_weakauth(SVCXPRT *); extern void svcerr_noproc(SVCXPRT *); -extern void svcerr_progvers(SVCXPRT *, rpc_u_int32, rpc_u_int32); +extern void svcerr_progvers(SVCXPRT *, rpcvers_t, rpcvers_t); extern void svcerr_auth(SVCXPRT *, enum auth_stat); extern void svcerr_noprog(SVCXPRT *); extern void svcerr_systemerr(SVCXPRT *); - + /* * Lowest level dispatching -OR- who owns this process anyway. * Somebody has to wait for incoming requests and then call the correct @@ -286,29 +273,25 @@ extern void svcerr_systemerr(SVCXPRT *); * Global keeper of rpc service descriptors in use * dynamic; must be inspected before each call to select */ -#define svc_fdset gssrpc_svc_fdset -#define svc_fds gssrpc_svc_fds +extern int svc_maxfd; #ifdef FD_SETSIZE -extern fd_set gssrpc_svc_fdset; +extern fd_set svc_fdset; +/* RENAMED */ #define gssrpc_svc_fds gsssrpc_svc_fdset.fds_bits[0] /* compatibility */ #else -extern int gssrpc_svc_fds; +extern int svc_fds; #endif /* def FD_SETSIZE */ /* * a small program implemented by the svc_rpc implementation itself; * also see clnt.h for protocol numbers. */ -#define rpctest_service gssrpc_rpctest_service extern void rpctest_service(); -#define svc_getreq gssrpc_svc_getreq -#define svc_getreqset gssrpc_svc_getreqset -#define svc_run gssrpc_svc_run - extern void svc_getreq(int); #ifdef FD_SETSIZE extern void svc_getreqset(fd_set *);/* takes fdset instead of int */ +extern void svc_getreqset2(fd_set *, int); #else extern void svc_getreqset(int *); #endif @@ -326,31 +309,28 @@ extern void svc_run(void); /* never returns */ /* * Memory based rpc for testing and timing. */ -#define svcraw_create gssrpc_svcraw_create extern SVCXPRT *svcraw_create(void); /* * Udp based rpc. */ -#define svcudp_create gssrpc_svcudp_create -#define svcudp_bufcreate gssrpc_svcudp_bufcreate -#define svcudp_enablecache gssrpc_svcudp_enablecache extern SVCXPRT *svcudp_create(int); -extern SVCXPRT *svcudp_bufcreate(int, unsigned int, unsigned int); -extern int svcudp_enablecache(SVCXPRT *, rpc_u_int32); +extern SVCXPRT *svcudp_bufcreate(int, u_int, u_int); +extern int svcudp_enablecache(SVCXPRT *, uint32_t); /* * Tcp based rpc. */ -#define svctcp_create gssrpc_svctcp_create -extern SVCXPRT *svctcp_create(int, unsigned int, unsigned int); +extern SVCXPRT *svctcp_create(int, u_int, u_int); /* * Like svtcp_create(), except the routine takes any *open* UNIX file * descriptor as its first input. */ -#define svcfd_create gssrpc_svcfd_create extern SVCXPRT *svcfd_create(int, u_int, u_int); -#endif /* !__SVC_HEADER__ */ +/* XXX add auth_gsapi_log_*? */ + +GSSRPC__END_DECLS +#endif /* !defined(GSSRPC_SVC_H) */ diff --git a/src/lib/rpc/svc_auth.c b/src/lib/rpc/svc_auth.c index 2e28b5c05..7630f416e 100644 --- a/src/lib/rpc/svc_auth.c +++ b/src/lib/rpc/svc_auth.c @@ -53,15 +53,18 @@ static char sccsid[] = "@(#)svc_auth.c 2.1 88/08/07 4.0 RPCSRC; from 1.19 87/08/ */ static struct svcauthsw_type { - unsigned int flavor; + u_int flavor; enum auth_stat (*authenticator)(struct svc_req *, struct rpc_msg *, bool_t *); } svcauthsw[] = { - {AUTH_GSSAPI, _svcauth_gssapi}, /* AUTH_GSSAPI */ - {AUTH_NONE, _svcauth_null}, /* AUTH_NULL */ - {AUTH_GSSAPI_COMPAT, _svcauth_gssapi}, /* AUTH_GSSAPI_COMPAT */ - {AUTH_UNIX, _svcauth_unix}, /* AUTH_UNIX */ - {AUTH_SHORT, _svcauth_short}, /* AUTH_SHORT */ + {AUTH_GSSAPI, gssrpc__svcauth_gssapi}, /* AUTH_GSSAPI */ + {AUTH_NONE, gssrpc__svcauth_none}, /* AUTH_NONE */ +#if 0 + {AUTH_GSSAPI_COMPAT, gssrpc__svcauth_gssapi}, /* AUTH_GSSAPI_COMPAT */ +#endif + {AUTH_UNIX, gssrpc__svcauth_unix}, /* AUTH_UNIX */ + {AUTH_SHORT, gssrpc__svcauth_short}, /* AUTH_SHORT */ + {RPCSEC_GSS, gssrpc__svcauth_gss} /* RPCSEC_GSS */ }; static int svcauthnum = sizeof(svcauthsw) / sizeof(struct svcauthsw_type); @@ -81,7 +84,7 @@ static int svcauthnum = sizeof(svcauthsw) / sizeof(struct svcauthsw_type); * rqst->rq_client_cred, the cooked credentials. */ enum auth_stat -_authenticate(rqst, msg, no_dispatch) +gssrpc__authenticate(rqst, msg, no_dispatch) register struct svc_req *rqst; struct rpc_msg *msg; bool_t *no_dispatch; @@ -89,7 +92,7 @@ _authenticate(rqst, msg, no_dispatch) register int cred_flavor, i; rqst->rq_cred = msg->rm_call.cb_cred; - rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor; + rqst->rq_xprt->xp_verf.oa_flavor = gssrpc__null_auth.oa_flavor; rqst->rq_xprt->xp_verf.oa_length = 0; cred_flavor = rqst->rq_cred.oa_flavor; *no_dispatch = FALSE; @@ -104,13 +107,3 @@ _authenticate(rqst, msg, no_dispatch) return (AUTH_REJECTEDCRED); } - -enum auth_stat -_svcauth_null(rqst, msg, no_dispatch) - struct svc_req *rqst; - struct rpc_msg *msg; - bool_t *no_dispatch; -{ - rqst->rq_xprt->xp_auth = &svc_auth_any; - return (AUTH_OK); -} diff --git a/src/lib/rpc/svc_auth.h b/src/lib/rpc/svc_auth.h index 5f79fdab3..2863b8fd2 100644 --- a/src/lib/rpc/svc_auth.h +++ b/src/lib/rpc/svc_auth.h @@ -39,43 +39,79 @@ * Interface to server-side authentication flavors. */ -typedef struct __rpc_svc_auth { - struct svc_auth_ops { - int (*svc_ah_wrap)(struct __rpc_svc_auth *, XDR *, xdrproc_t, - caddr_t); - int (*svc_ah_unwrap)(struct __rpc_svc_auth *, XDR *, xdrproc_t, - caddr_t); - } *svc_ah_ops; - void * svc_ah_private; +#ifndef GSSRPC_SVC_AUTH_H +#define GSSRPC_SVC_AUTH_H + +#include + +GSSRPC__BEGIN_DECLS + +struct svc_req; + +typedef struct SVCAUTH { + struct svc_auth_ops { + int (*svc_ah_wrap)(struct SVCAUTH *, XDR *, xdrproc_t, + caddr_t); + int (*svc_ah_unwrap)(struct SVCAUTH *, XDR *, xdrproc_t, + caddr_t); + int (*svc_ah_destroy)(struct SVCAUTH *); + } *svc_ah_ops; + void * svc_ah_private; } SVCAUTH; -extern SVCAUTH svc_auth_any; +extern SVCAUTH svc_auth_none; -#include +extern struct svc_auth_ops svc_auth_none_ops; +extern struct svc_auth_ops svc_auth_gssapi_ops; +extern struct svc_auth_ops svc_auth_gss_ops; /* * Server side authenticator */ -#define _authenticate _gssrpc_authenticate -extern enum auth_stat _authenticate(struct svc_req *rqst, struct rpc_msg *msg, - bool_t *no_dispatch); +/* RENAMED: should be _authenticate. */ +extern enum auth_stat gssrpc__authenticate(struct svc_req *rqst, + struct rpc_msg *msg, bool_t *no_dispatch); #define SVCAUTH_WRAP(auth, xdrs, xfunc, xwhere) \ ((*((auth)->svc_ah_ops->svc_ah_wrap))(auth, xdrs, xfunc, xwhere)) #define SVCAUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \ ((*((auth)->svc_ah_ops->svc_ah_unwrap))(auth, xdrs, xfunc, xwhere)) - +#define SVCAUTH_DESTROY(auth) \ + ((*((auth)->svc_ah_ops->svc_ah_destroy))(auth)) -#define _svcauth_null _gssrpc_svcauth_null -#define _svcauth_unix _gssrpc_svcauth_unix -#define _svcauth_short _gssrpc_svcauth_short -#define _svcauth_gssapi _gssrpc_svcauth_gssapi +/* + * Approved way of getting principal of caller + */ +char *svcauth_gss_get_principal(SVCAUTH *auth); +/* + * Approved way of setting server principal + */ +bool_t svcauth_gss_set_svc_name(gss_name_t name); + +#ifdef GSSRPC__IMPL + /* no authentication */ -enum auth_stat _svcauth_null(struct svc_req *, struct rpc_msg *, bool_t *); +/* RENAMED: should be _svcauth_none. */ +enum auth_stat gssrpc__svcauth_none(struct svc_req *, + struct rpc_msg *, bool_t *); /* unix style (uid, gids) */ -enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *, bool_t *); +/* RENAMED: shoudl be _svcauth_unix. */ +enum auth_stat gssrpc__svcauth_unix(struct svc_req *, + struct rpc_msg *, bool_t *); /* short hand unix style */ -enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *, bool_t *); +/* RENAMED: should be _svcauth_short. */ +enum auth_stat gssrpc__svcauth_short(struct svc_req *, + struct rpc_msg *, bool_t *); /* GSS-API style */ -enum auth_stat _svcauth_gssapi(struct svc_req *, struct rpc_msg *, bool_t *); +/* RENAMED: should be _svcauth_gssapi. */ +enum auth_stat gssrpc__svcauth_gssapi(struct svc_req *, + struct rpc_msg *, bool_t *); +/* RPCSEC_GSS */ +enum auth_stat gssrpc__svcauth_gss(struct svc_req *, + struct rpc_msg *, bool_t *); + +#endif /* defined(GSSRPC__IMPL) */ + +GSSRPC__END_DECLS +#endif /* !defined(GSSRPC_SVC_AUTH_H) */ diff --git a/src/lib/rpc/svc_auth_any.c b/src/lib/rpc/svc_auth_any.c deleted file mode 100644 index e634cbcdb..000000000 --- a/src/lib/rpc/svc_auth_any.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * svc_auth_any.c - * Provides default service-side functions for authentication flavors - * that do not use all the fields in struct svc_auth_ops. - * - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. - */ - -#include -#include - -static int svc_authany_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t); - -struct svc_auth_ops svc_auth_any_ops = { - svc_authany_wrap, - svc_authany_wrap, -}; - -SVCAUTH svc_auth_any = { - &svc_auth_any_ops, - NULL, -}; - -static int -svc_authany_wrap(auth, xdrs, xfunc, xwhere) - SVCAUTH *auth; - XDR *xdrs; - xdrproc_t xfunc; - caddr_t xwhere; -{ - return (*xfunc)(xdrs, xwhere); -} - - - diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c new file mode 100644 index 000000000..875125195 --- /dev/null +++ b/src/lib/rpc/svc_auth_gss.c @@ -0,0 +1,721 @@ +/* + svc_auth_gss.c + + Copyright (c) 2000 The Regents of the University of Michigan. + All rights reserved. + + Copyright (c) 2000 Dug Song . + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Id: svc_auth_gss.c,v 1.28 2002/10/15 21:29:36 kwc Exp + */ + +#include +#include +#include +#include +#include +#ifdef HAVE_HEIMDAL +#include +#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE +#else +#include +#include +#endif + +#ifdef DEBUG_GSSAPI +int svc_debug_gss = DEBUG_GSSAPI; +#endif + +#ifdef SPKM + +#ifndef OID_EQ +#define g_OID_equal(o1,o2) \ + (((o1)->length == (o2)->length) && \ + ((o1)->elements != 0) && ((o2)->elements != 0) && \ + (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)) +#define OID_EQ 1 +#endif /* OID_EQ */ + +extern const gss_OID_desc * const gss_mech_spkm3; + +#endif /* SPKM */ + +extern SVCAUTH svc_auth_none; + +/* + * from mit-krb5-1.2.1 mechglue/mglueP.h: + * Array of context IDs typed by mechanism OID + */ +typedef struct gss_union_ctx_id_t { + gss_OID mech_type; + gss_ctx_id_t internal_ctx_id; +} gss_union_ctx_id_desc, *gss_union_ctx_id_t; + + +static auth_gssapi_log_badauth_func log_badauth = NULL; +static caddr_t log_badauth_data = NULL; +static auth_gssapi_log_badverf_func log_badverf = NULL; +static caddr_t log_badverf_data = NULL; +static auth_gssapi_log_miscerr_func log_miscerr = NULL; +static caddr_t log_miscerr_data = NULL; + +#define LOG_MISCERR(arg) if (log_miscerr) \ + (*log_miscerr)(rqst, msg, arg, log_miscerr_data) + +static bool_t svcauth_gss_destroy(SVCAUTH *); +static bool_t svcauth_gss_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t); +static bool_t svcauth_gss_unwrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t); + +static bool_t svcauth_gss_nextverf(struct svc_req *, u_int); + +struct svc_auth_ops svc_auth_gss_ops = { + svcauth_gss_wrap, + svcauth_gss_unwrap, + svcauth_gss_destroy +}; + +struct svc_rpc_gss_data { + bool_t established; /* context established */ + gss_ctx_id_t ctx; /* context id */ + struct rpc_gss_sec sec; /* security triple */ + gss_buffer_desc cname; /* GSS client name */ + u_int seq; /* sequence number */ + u_int win; /* sequence window */ + u_int seqlast; /* last sequence number */ + uint32_t seqmask; /* bitmask of seqnums */ + gss_name_t client_name; /* unparsed name string */ + gss_buffer_desc checksum; /* so we can free it */ +}; + +#define SVCAUTH_PRIVATE(auth) \ + (*(struct svc_rpc_gss_data **)&(auth)->svc_ah_private) + +/* Global server credentials. */ +gss_cred_id_t svcauth_gss_creds; +static gss_name_t svcauth_gss_name = NULL; + +bool_t +svcauth_gss_set_svc_name(gss_name_t name) +{ + OM_uint32 maj_stat, min_stat; + + log_debug("in svcauth_gss_set_svc_name()"); + + if (svcauth_gss_name != NULL) { + maj_stat = gss_release_name(&min_stat, &svcauth_gss_name); + + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_release_name", maj_stat, min_stat); + return (FALSE); + } + svcauth_gss_name = NULL; + } + if (svcauth_gss_name == GSS_C_NO_NAME) + return (TRUE); + + maj_stat = gss_duplicate_name(&min_stat, name, &svcauth_gss_name); + + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_duplicate_name", maj_stat, min_stat); + return (FALSE); + } + + return (TRUE); +} + +static bool_t +svcauth_gss_import_name(char *service) +{ + gss_name_t name; + gss_buffer_desc namebuf; + OM_uint32 maj_stat, min_stat; + + log_debug("in svcauth_gss_import_name()"); + + namebuf.value = service; + namebuf.length = strlen(service); + + maj_stat = gss_import_name(&min_stat, &namebuf, + (gss_OID)gss_nt_service_name, &name); + + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_import_name", maj_stat, min_stat); + return (FALSE); + } + if (svcauth_gss_set_svc_name(name) != TRUE) { + gss_release_name(&min_stat, &name); + return (FALSE); + } + return (TRUE); +} + +static bool_t +svcauth_gss_acquire_cred(void) +{ + OM_uint32 maj_stat, min_stat; + + log_debug("in svcauth_gss_acquire_cred()"); + + maj_stat = gss_acquire_cred(&min_stat, svcauth_gss_name, 0, + GSS_C_NULL_OID_SET, GSS_C_ACCEPT, + &svcauth_gss_creds, NULL, NULL); + + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_acquire_cred", maj_stat, min_stat); + return (FALSE); + } + return (TRUE); +} + +static bool_t +svcauth_gss_release_cred(void) +{ + OM_uint32 maj_stat, min_stat; + + log_debug("in svcauth_gss_release_cred()"); + + maj_stat = gss_release_cred(&min_stat, &svcauth_gss_creds); + + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_release_cred", maj_stat, min_stat); + return (FALSE); + } + + svcauth_gss_creds = NULL; + + return (TRUE); +} + +static bool_t +svcauth_gss_accept_sec_context(struct svc_req *rqst, + struct rpc_gss_init_res *gr) +{ + struct svc_rpc_gss_data *gd; + struct rpc_gss_cred *gc; + gss_buffer_desc recv_tok, seqbuf; + gss_OID mech; + OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq; + + log_debug("in svcauth_gss_accept_context()"); + + gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); + gc = (struct rpc_gss_cred *)rqst->rq_clntcred; + memset(gr, 0, sizeof(*gr)); + + /* Deserialize arguments. */ + memset(&recv_tok, 0, sizeof(recv_tok)); + + if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args, + (caddr_t)&recv_tok)) + return (FALSE); + + gr->gr_major = gss_accept_sec_context(&gr->gr_minor, + &gd->ctx, + svcauth_gss_creds, + &recv_tok, + GSS_C_NO_CHANNEL_BINDINGS, + &gd->client_name, + &mech, + &gr->gr_token, + &ret_flags, + NULL, + NULL); + + svc_freeargs(rqst->rq_xprt, xdr_rpc_gss_init_args, (caddr_t)&recv_tok); + + log_status("accept_sec_context", gr->gr_major, gr->gr_minor); + if (gr->gr_major != GSS_S_COMPLETE && + gr->gr_major != GSS_S_CONTINUE_NEEDED) { + if (log_badauth != NULL) { + (*log_badauth)(gr->gr_major, + gr->gr_minor, + &rqst->rq_xprt->xp_raddr, + log_badauth_data); + } + gd->ctx = GSS_C_NO_CONTEXT; + goto errout; + } + /* + * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers, + * one to the mechanism oid, one to the internal_ctx_id + */ + if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) { + fprintf(stderr, "svcauth_gss_accept_context: out of memory\n"); + goto errout; + } + memcpy(gr->gr_ctx.value, gd->ctx, sizeof(gss_union_ctx_id_desc)); + gr->gr_ctx.length = sizeof(gss_union_ctx_id_desc); + + /* gr->gr_win = 0x00000005; ANDROS: for debugging linux kernel version... */ + gr->gr_win = sizeof(gd->seqmask) * 8; + + /* Save client info. */ + gd->sec.mech = mech; + gd->sec.qop = GSS_C_QOP_DEFAULT; + gd->sec.svc = gc->gc_svc; + gd->seq = gc->gc_seq; + gd->win = gr->gr_win; + + if (gr->gr_major == GSS_S_COMPLETE) { +#ifdef SPKM + /* spkm3: no src_name (anonymous) */ + if(!g_OID_equal(gss_mech_spkm3, mech)) { +#endif + maj_stat = gss_display_name(&min_stat, gd->client_name, + &gd->cname, &gd->sec.mech); +#ifdef SPKM + } +#endif + if (maj_stat != GSS_S_COMPLETE) { + log_status("display_name", maj_stat, min_stat); + goto errout; + } +#ifdef DEBUG +#ifdef HAVE_HEIMDAL + log_debug("accepted context for %.*s with " + "", + gd->cname.length, (char *)gd->cname.value, + gd->sec.qop, gd->sec.svc); +#else + { + gss_buffer_desc mechname; + + gss_oid_to_str(&min_stat, mech, &mechname); + + log_debug("accepted context for %.*s with " + "", + gd->cname.length, (char *)gd->cname.value, + mechname.length, (char *)mechname.value, + gd->sec.qop, gd->sec.svc); + + gss_release_buffer(&min_stat, &mechname); + } +#endif +#endif /* DEBUG */ + seq = htonl(gr->gr_win); + seqbuf.value = &seq; + seqbuf.length = sizeof(seq); + + gss_release_buffer(&min_stat, &gd->checksum); + maj_stat = gss_sign(&min_stat, gd->ctx, GSS_C_QOP_DEFAULT, + &seqbuf, &gd->checksum); + + if (maj_stat != GSS_S_COMPLETE) { + goto errout; + } + + + rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; + rqst->rq_xprt->xp_verf.oa_base = gd->checksum.value; + rqst->rq_xprt->xp_verf.oa_length = gd->checksum.length; + } + return (TRUE); +errout: + gss_release_buffer(&min_stat, &gr->gr_token); + return (FALSE); +} + +static bool_t +svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct rpc_msg *msg) +{ + struct opaque_auth *oa; + gss_buffer_desc rpcbuf, checksum; + OM_uint32 maj_stat, min_stat, qop_state; + u_char rpchdr[128]; + int32_t *buf; + + log_debug("in svcauth_gss_validate()"); + + memset(rpchdr, 0, sizeof(rpchdr)); + + /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */ + buf = (int32_t *)(void *)rpchdr; + IXDR_PUT_LONG(buf, msg->rm_xid); + IXDR_PUT_ENUM(buf, msg->rm_direction); + IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers); + IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); + IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); + IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); + oa = &msg->rm_call.cb_cred; + IXDR_PUT_ENUM(buf, oa->oa_flavor); + IXDR_PUT_LONG(buf, oa->oa_length); + if (oa->oa_length) { + memcpy((caddr_t)buf, oa->oa_base, oa->oa_length); + buf += RNDUP(oa->oa_length) / sizeof(int32_t); + } + rpcbuf.value = rpchdr; + rpcbuf.length = (u_char *)buf - rpchdr; + + checksum.value = msg->rm_call.cb_verf.oa_base; + checksum.length = msg->rm_call.cb_verf.oa_length; + + maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum, + &qop_state); + + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_verify_mic", maj_stat, min_stat); + if (log_badverf != NULL) + (*log_badverf)(gd->client_name, + svcauth_gss_name, + rqst, msg, log_badverf_data); + return (FALSE); + } + return (TRUE); +} + +static bool_t +svcauth_gss_nextverf(struct svc_req *rqst, u_int num) +{ + struct svc_rpc_gss_data *gd; + gss_buffer_desc signbuf; + OM_uint32 maj_stat, min_stat; + + log_debug("in svcauth_gss_nextverf()"); + + if (rqst->rq_xprt->xp_auth == NULL) + return (FALSE); + + gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); + + gss_release_buffer(&min_stat, &gd->checksum); + + signbuf.value = # + signbuf.length = sizeof(num); + + maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop, + &signbuf, &gd->checksum); + + if (maj_stat != GSS_S_COMPLETE) { + log_status("gss_get_mic", maj_stat, min_stat); + return (FALSE); + } + rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; + rqst->rq_xprt->xp_verf.oa_base = (caddr_t)gd->checksum.value; + rqst->rq_xprt->xp_verf.oa_length = (u_int)gd->checksum.length; + + return (TRUE); +} + +enum auth_stat +gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, + bool_t *no_dispatch) +{ + enum auth_stat retstat; + XDR xdrs; + SVCAUTH *auth; + struct svc_rpc_gss_data *gd; + struct rpc_gss_cred *gc; + struct rpc_gss_init_res gr; + int call_stat, offset; + OM_uint32 min_stat; + + log_debug("in svcauth_gss()"); + + /* Initialize reply. */ + rqst->rq_xprt->xp_verf = gssrpc__null_auth; + + /* Allocate and set up server auth handle. */ + if (rqst->rq_xprt->xp_auth == NULL || + rqst->rq_xprt->xp_auth == &svc_auth_none) { + if ((auth = calloc(sizeof(*auth), 1)) == NULL) { + fprintf(stderr, "svcauth_gss: out_of_memory\n"); + return (AUTH_FAILED); + } + if ((gd = calloc(sizeof(*gd), 1)) == NULL) { + fprintf(stderr, "svcauth_gss: out_of_memory\n"); + return (AUTH_FAILED); + } + auth->svc_ah_ops = &svc_auth_gss_ops; + SVCAUTH_PRIVATE(auth) = gd; + rqst->rq_xprt->xp_auth = auth; + } + else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); + + log_debug("xp_auth=%p, gd=%p", rqst->rq_xprt->xp_auth, gd); + + /* Deserialize client credentials. */ + if (rqst->rq_cred.oa_length <= 0) + return (AUTH_BADCRED); + + gc = (struct rpc_gss_cred *)rqst->rq_clntcred; + memset(gc, 0, sizeof(*gc)); + + xdrmem_create(&xdrs, rqst->rq_cred.oa_base, + rqst->rq_cred.oa_length, XDR_DECODE); + + if (!xdr_rpc_gss_cred(&xdrs, gc)) { + XDR_DESTROY(&xdrs); + return (AUTH_BADCRED); + } + XDR_DESTROY(&xdrs); + + retstat = AUTH_FAILED; + +#define ret_freegc(code) do { retstat = code; goto freegc; } while (0) + + /* Check version. */ + if (gc->gc_v != RPCSEC_GSS_VERSION) + ret_freegc (AUTH_BADCRED); + + /* Check RPCSEC_GSS service. */ + if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && + gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && + gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) + ret_freegc (AUTH_BADCRED); + + /* Check sequence number. */ + if (gd->established) { + if (gc->gc_seq > MAXSEQ) + ret_freegc (RPCSEC_GSS_CTXPROBLEM); + + if ((offset = gd->seqlast - gc->gc_seq) < 0) { + gd->seqlast = gc->gc_seq; + offset = 0 - offset; + gd->seqmask <<= offset; + offset = 0; + } + else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { + *no_dispatch = 1; + ret_freegc (RPCSEC_GSS_CTXPROBLEM); + } + gd->seq = gc->gc_seq; + gd->seqmask |= (1 << offset); + } + + if (gd->established) { + rqst->rq_clntname = (char *)gd->client_name; + rqst->rq_svccred = (char *)gd->ctx; + } + + /* Handle RPCSEC_GSS control procedure. */ + switch (gc->gc_proc) { + + case RPCSEC_GSS_INIT: + case RPCSEC_GSS_CONTINUE_INIT: + if (rqst->rq_proc != NULLPROC) + ret_freegc (AUTH_FAILED); /* XXX ? */ + + if (!svcauth_gss_acquire_cred()) + ret_freegc (AUTH_FAILED); + + if (!svcauth_gss_accept_sec_context(rqst, &gr)) + ret_freegc (AUTH_REJECTEDCRED); + + if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { + gss_release_buffer(&min_stat, &gr.gr_token); + mem_free(gr.gr_ctx.value, + sizeof(gss_union_ctx_id_desc)); + ret_freegc (AUTH_FAILED); + } + *no_dispatch = TRUE; + + call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res, + (caddr_t)&gr); + + gss_release_buffer(&min_stat, &gr.gr_token); + gss_release_buffer(&min_stat, &gd->checksum); + mem_free(gr.gr_ctx.value, sizeof(gss_union_ctx_id_desc)); + if (!call_stat) + ret_freegc (AUTH_FAILED); + + if (gr.gr_major == GSS_S_COMPLETE) + gd->established = TRUE; + + break; + + case RPCSEC_GSS_DATA: + if (!svcauth_gss_validate(rqst, gd, msg)) + ret_freegc (RPCSEC_GSS_CREDPROBLEM); + + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) + ret_freegc (AUTH_FAILED); + break; + + case RPCSEC_GSS_DESTROY: + if (rqst->rq_proc != NULLPROC) + ret_freegc (AUTH_FAILED); /* XXX ? */ + + if (!svcauth_gss_validate(rqst, gd, msg)) + ret_freegc (RPCSEC_GSS_CREDPROBLEM); + + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) + ret_freegc (AUTH_FAILED); + + *no_dispatch = TRUE; + + call_stat = svc_sendreply(rqst->rq_xprt, + xdr_void, (caddr_t)NULL); + + log_debug("sendreply in destroy: %d", call_stat); + + if (!svcauth_gss_release_cred()) + ret_freegc (AUTH_FAILED); + + SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth); + rqst->rq_xprt->xp_auth = &svc_auth_none; + + break; + + default: + ret_freegc (AUTH_REJECTEDCRED); + break; + } + retstat = AUTH_OK; +freegc: + xdr_free(xdr_rpc_gss_cred, gc); + return (retstat); +} + +static bool_t +svcauth_gss_destroy(SVCAUTH *auth) +{ + struct svc_rpc_gss_data *gd; + OM_uint32 min_stat; + + log_debug("in svcauth_gss_destroy()"); + + gd = SVCAUTH_PRIVATE(auth); + + gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER); + gss_release_buffer(&min_stat, &gd->cname); + gss_release_buffer(&min_stat, &gd->checksum); + + if (gd->client_name) + gss_release_name(&min_stat, &gd->client_name); + + mem_free(gd, sizeof(*gd)); + mem_free(auth, sizeof(*auth)); + + return (TRUE); +} + +static bool_t +svcauth_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) +{ + struct svc_rpc_gss_data *gd; + + log_debug("in svcauth_gss_wrap()"); + + gd = SVCAUTH_PRIVATE(auth); + + if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { + return ((*xdr_func)(xdrs, xdr_ptr)); + } + return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr, + gd->ctx, gd->sec.qop, + gd->sec.svc, gd->seq)); +} + +static bool_t +svcauth_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) +{ + struct svc_rpc_gss_data *gd; + + log_debug("in svcauth_gss_unwrap()"); + + gd = SVCAUTH_PRIVATE(auth); + + if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { + return ((*xdr_func)(xdrs, xdr_ptr)); + } + return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr, + gd->ctx, gd->sec.qop, + gd->sec.svc, gd->seq)); +} + +char * +svcauth_gss_get_principal(SVCAUTH *auth) +{ + struct svc_rpc_gss_data *gd; + char *pname; + + gd = SVCAUTH_PRIVATE(auth); + + if (gd->cname.length == 0) + return (NULL); + + if ((pname = malloc(gd->cname.length + 1)) == NULL) + return (NULL); + + memcpy(pname, gd->cname.value, gd->cname.length); + pname[gd->cname.length] = '\0'; + + return (pname); +} + +/* + * Function: svcauth_gss_set_log_badauth_func + * + * Purpose: sets the logging function called when an invalid RPC call + * arrives + * + * See functional specifications. + */ +void svcauth_gss_set_log_badauth_func + (func, data) + auth_gssapi_log_badauth_func func; + caddr_t data; +{ + log_badauth = func; + log_badauth_data = data; +} + +/* + * Function: svcauth_gss_set_log_badverf_func + * + * Purpose: sets the logging function called when an invalid RPC call + * arrives + * + * See functional specifications. + */ +void svcauth_gss_set_log_badverf_func + (func, data) + auth_gssapi_log_badverf_func func; + caddr_t data; +{ + log_badverf = func; + log_badverf_data = data; +} + +/* + * Function: svcauth_gss_set_log_miscerr_func + * + * Purpose: sets the logging function called when a miscellaneous + * AUTH_GSSAPI error occurs + * + * See functional specifications. + */ +void svcauth_gss_set_log_miscerr_func + (func, data) + auth_gssapi_log_miscerr_func func; + caddr_t data; +{ + log_miscerr = func; + log_miscerr_data = data; +} diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c index b19a883f9..f9bde1783 100644 --- a/src/lib/rpc/svc_auth_gssapi.c +++ b/src/lib/rpc/svc_auth_gssapi.c @@ -61,9 +61,9 @@ typedef struct _svc_auth_gssapi_data { gss_name_t client_name, server_name; gss_cred_id_t server_creds; - rpc_u_int32 expiration; - rpc_u_int32 seq_num; - rpc_u_int32 key; + uint32_t expiration; + uint32_t seq_num; + uint32_t key; SVCAUTH svcauth; @@ -76,6 +76,8 @@ typedef struct _svc_auth_gssapi_data { static bool_t svc_auth_gssapi_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t); static bool_t svc_auth_gssapi_unwrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t); +static bool_t svc_auth_gssapi_destroy(SVCAUTH *); + static svc_auth_gssapi_data *create_client(void); static svc_auth_gssapi_data *get_client (gss_buffer_t client_handle); @@ -83,12 +85,13 @@ static void destroy_client (svc_auth_gssapi_data *client_data); static void clean_client(void), cleanup(void); static void client_expire - (svc_auth_gssapi_data *client_data, rpc_u_int32 exp); + (svc_auth_gssapi_data *client_data, uint32_t exp); static void dump_db (char *msg); struct svc_auth_ops svc_auth_gssapi_ops = { svc_auth_gssapi_wrap, svc_auth_gssapi_unwrap, + svc_auth_gssapi_destroy }; /* @@ -116,7 +119,7 @@ typedef struct _client_list { static client_list *clients = NULL; -enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) +enum auth_stat gssrpc__svcauth_gssapi(rqst, msg, no_dispatch) register struct svc_req *rqst; register struct rpc_msg *msg; bool_t *no_dispatch; @@ -134,7 +137,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) int i; enum auth_stat ret; OM_uint32 ret_flags; - rpc_u_int32 seq_num; + uint32_t seq_num; PRINTF(("svcauth_gssapi: starting\n")); @@ -142,7 +145,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) clean_client(); /* use AUTH_NONE until there is a client_handle */ - rqst->rq_xprt->xp_auth = &svc_auth_any; + rqst->rq_xprt->xp_auth = &svc_auth_none; memset((char *) &call_res, 0, sizeof(call_res)); @@ -162,7 +165,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) if (! xdr_authgssapi_creds(&xdrs, &creds)) { PRINTF(("svcauth_gssapi: failed decoding creds\n")); LOG_MISCERR("protocol error in client credentials"); - gssrpc_xdr_free(xdr_authgssapi_creds, &creds); + xdr_free(xdr_authgssapi_creds, &creds); XDR_DESTROY(&xdrs); ret = AUTH_BADCRED; goto error; @@ -184,7 +187,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) if (creds.auth_msg && rqst->rq_proc == AUTH_GSSAPI_EXIT) { PRINTF(("svcauth_gssapi: GSSAPI_EXIT, cleaning up\n")); svc_sendreply(rqst->rq_xprt, xdr_void, NULL); - gssrpc_xdr_free(xdr_authgssapi_creds, &creds); + xdr_free(xdr_authgssapi_creds, &creds); cleanup(); exit(0); } @@ -222,7 +225,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) } PRINTF(("svcauth_gssapi: incoming client_handle %d, len %d\n", - *((rpc_u_int32 *) creds.client_handle.value), + *((uint32_t *) creds.client_handle.value), (int) creds.client_handle.length)); client_data = get_client(&creds.client_handle); @@ -404,7 +407,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) minor_stat = call_res.gss_minor; /* done with call args */ - gssrpc_xdr_free(xdr_authgssapi_init_arg, &call_arg); + xdr_free(xdr_authgssapi_init_arg, &call_arg); PRINTF(("svcauth_gssapi: accept_sec_context returned %#x\n", call_res.gss_major)); @@ -549,7 +552,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) &call_arg)) { PRINTF(("svcauth_gssapi: cannot decode args\n")); LOG_MISCERR("protocol error in call arguments"); - gssrpc_xdr_free(xdr_authgssapi_init_arg, &call_arg); + xdr_free(xdr_authgssapi_init_arg, &call_arg); ret = AUTH_BADCRED; goto error; } @@ -560,7 +563,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) &call_arg.token); /* done with call args */ - gssrpc_xdr_free(xdr_authgssapi_init_arg, &call_arg); + xdr_free(xdr_authgssapi_init_arg, &call_arg); if (gssstat != GSS_S_COMPLETE) { AUTH_GSSAPI_DISPLAY_STATUS(("processing token", @@ -581,6 +584,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) *no_dispatch = TRUE; destroy_client(client_data); + rqst->rq_xprt->xp_auth = NULL; break; default: @@ -602,7 +606,7 @@ enum auth_stat _gssrpc_svcauth_gssapi(rqst, msg, no_dispatch) if (creds.client_handle.length != 0) { PRINTF(("svcauth_gssapi: freeing client_handle len %d\n", (int) creds.client_handle.length)); - gssrpc_xdr_free(xdr_authgssapi_creds, &creds); + xdr_free(xdr_authgssapi_creds, &creds); } PRINTF(("\n")); @@ -612,7 +616,7 @@ error: if (creds.client_handle.length != 0) { PRINTF(("svcauth_gssapi: freeing client_handle len %d\n", (int) creds.client_handle.length)); - gssrpc_xdr_free(xdr_authgssapi_creds, &creds); + xdr_free(xdr_authgssapi_creds, &creds); } PRINTF(("\n")); @@ -718,7 +722,7 @@ static svc_auth_gssapi_data *create_client() */ static void client_expire(client_data, exp) svc_auth_gssapi_data *client_data; - rpc_u_int32 exp; + uint32_t exp; { client_data->expiration = exp; } @@ -743,7 +747,7 @@ static svc_auth_gssapi_data *get_client(client_handle) gss_buffer_t client_handle; { client_list *c; - rpc_u_int32 handle; + uint32_t handle; memcpy(&handle, client_handle->value, 4); @@ -885,14 +889,14 @@ static void clean_client() } /* - * Function: _svcauth_gssapi_set_names + * Function: svcauth_gssapi_set_names * * Purpose: Sets the list of service names for which incoming * authentication requests should be honored. * * See functional specifications. */ -bool_t _svcauth_gssapi_set_names(names, num) +bool_t svcauth_gssapi_set_names(names, num) auth_gssapi_name *names; int num; { @@ -924,7 +928,9 @@ bool_t _svcauth_gssapi_set_names(names, num) for (i = 0; i < num; i++) { in_buf.value = names[i].name; in_buf.length = strlen(in_buf.value) + 1; - + + PRINTF(("svcauth_gssapi_set_names: importing %s\n", in_buf.value)); + gssstat = gss_import_name(&minor_stat, &in_buf, names[i].type, &server_name_list[i]); @@ -947,18 +953,18 @@ bool_t _svcauth_gssapi_set_names(names, num) return TRUE; fail: - _svcauth_gssapi_unset_names(); + svcauth_gssapi_unset_names(); return FALSE; } -/* Function: _svcauth_gssapi_unset_names +/* Function: svcauth_gssapi_unset_names * * Purpose: releases the names and credentials allocated by - * _svcauth_gssapi_set_names + * svcauth_gssapi_set_names */ -void _svcauth_gssapi_unset_names() +void svcauth_gssapi_unset_names() { int i; OM_uint32 minor_stat; @@ -984,14 +990,14 @@ void _svcauth_gssapi_unset_names() /* - * Function: _svcauth_gssapi_set_log_badauth_func + * Function: svcauth_gssapi_set_log_badauth_func * * Purpose: sets the logging function called when an invalid RPC call * arrives * * See functional specifications. */ -void _svcauth_gssapi_set_log_badauth_func +void svcauth_gssapi_set_log_badauth_func (func, data) auth_gssapi_log_badauth_func func; caddr_t data; @@ -1001,14 +1007,14 @@ void _svcauth_gssapi_set_log_badauth_func } /* - * Function: _svcauth_gssapi_set_log_badverf_func + * Function: svcauth_gssapi_set_log_badverf_func * * Purpose: sets the logging function called when an invalid RPC call * arrives * * See functional specifications. */ -void _svcauth_gssapi_set_log_badverf_func +void svcauth_gssapi_set_log_badverf_func (func, data) auth_gssapi_log_badverf_func func; caddr_t data; @@ -1018,14 +1024,14 @@ void _svcauth_gssapi_set_log_badverf_func } /* - * Function: _svcauth_gssapi_set_log_miscerr_func + * Function: svcauth_gssapi_set_log_miscerr_func * * Purpose: sets the logging function called when a miscellaneous * AUTH_GSSAPI error occurs * * See functional specifications. */ -void _svcauth_gssapi_set_log_miscerr_func +void svcauth_gssapi_set_log_miscerr_func (func, data) auth_gssapi_log_miscerr_func func; caddr_t data; @@ -1084,3 +1090,12 @@ static bool_t svc_auth_gssapi_unwrap(auth, in_xdrs, xdr_func, xdr_ptr) } else return TRUE; } + +static bool_t svc_auth_gssapi_destroy(auth) + SVCAUTH *auth; +{ + svc_auth_gssapi_data *client_data = SVCAUTH_PRIVATE(auth); + + destroy_client(client_data); + return TRUE; +} diff --git a/src/lib/rpc/svc_auth_none.c b/src/lib/rpc/svc_auth_none.c new file mode 100644 index 000000000..2df9580a5 --- /dev/null +++ b/src/lib/rpc/svc_auth_none.c @@ -0,0 +1,75 @@ +/* + svc_auth_none.c + + Copyright (c) 2000 The Regents of the University of Michigan. + All rights reserved. + + Copyright (c) 2000 Dug Song . + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Id: svc_auth_none.c,v 1.1 2000/08/24 20:51:34 dugsong Exp + */ + +#include + +static bool_t svcauth_none_destroy(SVCAUTH *); +static bool_t svcauth_none_wrap(SVCAUTH *, XDR *, xdrproc_t, + caddr_t); + +struct svc_auth_ops svc_auth_none_ops = { + svcauth_none_wrap, + svcauth_none_wrap, + svcauth_none_destroy +}; + +SVCAUTH svc_auth_none = { + &svc_auth_none_ops, + NULL, +}; + +static bool_t +svcauth_none_destroy(SVCAUTH *auth) +{ + return (TRUE); +} + +static bool_t +svcauth_none_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, + caddr_t xdr_ptr) +{ + return ((*xdr_func)(xdrs, xdr_ptr)); +} + +enum auth_stat +gssrpc__svcauth_none(struct svc_req *rqst, struct rpc_msg *msg, + bool_t *no_dispatch) +{ + rqst->rq_xprt->xp_auth = &svc_auth_none; + + return (AUTH_OK); +} diff --git a/src/lib/rpc/svc_auth_unix.c b/src/lib/rpc/svc_auth_unix.c index a947de412..cb4a30c31 100644 --- a/src/lib/rpc/svc_auth_unix.c +++ b/src/lib/rpc/svc_auth_unix.c @@ -50,7 +50,7 @@ static char sccsid[] = "@(#)svc_auth_unix.c 1.28 88/02/08 Copyr 1984 Sun Micro"; * Unix longhand authenticator */ enum auth_stat -_gssrpc_svcauth_unix(rqst, msg, dispatch) +gssrpc__svcauth_unix(rqst, msg, dispatch) register struct svc_req *rqst; register struct rpc_msg *msg; bool_t *dispatch; @@ -58,25 +58,25 @@ _gssrpc_svcauth_unix(rqst, msg, dispatch) register enum auth_stat stat; XDR xdrs; register struct authunix_parms *aup; - register rpc_int32 *buf; + register rpc_inline_t *buf; struct area { struct authunix_parms area_aup; char area_machname[MAX_MACHINE_NAME+1]; int area_gids[NGRPS]; } *area; - unsigned int auth_len; + u_int auth_len; int str_len, gid_len; register int i; - rqst->rq_xprt->xp_auth = &svc_auth_any; + rqst->rq_xprt->xp_auth = &svc_auth_none; area = (struct area *) rqst->rq_clntcred; aup = &area->area_aup; aup->aup_machname = area->area_machname; aup->aup_gids = area->area_gids; - auth_len = (unsigned int)msg->rm_call.cb_cred.oa_length; + auth_len = (u_int)msg->rm_call.cb_cred.oa_length; xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); - buf = (rpc_int32 *) XDR_INLINE(&xdrs, auth_len); + buf = XDR_INLINE(&xdrs, auth_len); if (buf != NULL) { aup->aup_time = IXDR_GET_LONG(buf); str_len = IXDR_GET_U_LONG(buf); @@ -84,10 +84,10 @@ _gssrpc_svcauth_unix(rqst, msg, dispatch) stat = AUTH_BADCRED; goto done; } - memmove(aup->aup_machname, (caddr_t)buf, (unsigned int)str_len); + memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len); aup->aup_machname[str_len] = 0; str_len = RNDUP(str_len); - buf += str_len / sizeof (rpc_int32); + buf += str_len / BYTES_PER_XDR_UNIT; aup->aup_uid = IXDR_GET_LONG(buf); aup->aup_gid = IXDR_GET_LONG(buf); gid_len = IXDR_GET_U_LONG(buf); @@ -130,11 +130,11 @@ done: */ /*ARGSUSED*/ enum auth_stat -_gssrpc_svcauth_short(rqst, msg, dispatch) +gssrpc__svcauth_short(rqst, msg, dispatch) struct svc_req *rqst; struct rpc_msg *msg; bool_t *dispatch; { - rqst->rq_xprt->xp_auth = &svc_auth_any; + rqst->rq_xprt->xp_auth = &svc_auth_none; return (AUTH_REJECTEDCRED); } diff --git a/src/lib/rpc/svc_run.c b/src/lib/rpc/svc_run.c index 823b1d461..ea6dfdd5d 100644 --- a/src/lib/rpc/svc_run.c +++ b/src/lib/rpc/svc_run.c @@ -54,7 +54,7 @@ svc_run() #else readfds = svc_fds; #endif /* def FD_SETSIZE */ - switch (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set *)0, + switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)0, (fd_set *)0, (struct timeval *)0)) { case -1: if (errno == EINTR) { diff --git a/src/lib/rpc/svc_simple.c b/src/lib/rpc/svc_simple.c index 44c757315..520fa6a1b 100644 --- a/src/lib/rpc/svc_simple.c +++ b/src/lib/rpc/svc_simple.c @@ -56,10 +56,12 @@ static void universal(struct svc_req *, SVCXPRT *); static SVCXPRT *transp; int -gssrpc_registerrpc(prognum, versnum, procnum, progname, inproc, outproc) +registerrpc(prognum, versnum, procnum, progname, inproc, outproc) char *(*progname)(); xdrproc_t inproc, outproc; - rpc_u_int32 prognum, versnum, procnum; + rpcprog_t prognum; + rpcvers_t versnum; + rpcproc_t procnum; { struct proglst *pl; @@ -75,9 +77,8 @@ gssrpc_registerrpc(prognum, versnum, procnum, progname, inproc, outproc) return (-1); } } - (void) pmap_unset((rpc_u_int32)prognum, (rpc_u_int32)versnum); - if (!svc_register(transp, (rpc_u_int32)prognum, (rpc_u_int32)versnum, - universal, IPPROTO_UDP)) { + (void) pmap_unset(prognum, versnum); + if (!svc_register(transp, prognum, versnum, universal, IPPROTO_UDP)) { (void) fprintf(stderr, "couldn't register prog %d vers %d\n", prognum, versnum); return (-1); diff --git a/src/lib/rpc/svc_tcp.c b/src/lib/rpc/svc_tcp.c index 2d31f9e23..841bcc6be 100644 --- a/src/lib/rpc/svc_tcp.c +++ b/src/lib/rpc/svc_tcp.c @@ -91,16 +91,16 @@ static struct xp_ops svctcp_rendezvous_op = { }; static int readtcp(char *, caddr_t, int), writetcp(char *, caddr_t, int); -static SVCXPRT *makefd_xprt(int, unsigned int, unsigned int); +static SVCXPRT *makefd_xprt(int, u_int, u_int); struct tcp_rendezvous { /* kept in xprt->xp_p1 */ - unsigned int sendsize; - unsigned int recvsize; + u_int sendsize; + u_int recvsize; }; struct tcp_conn { /* kept in xprt->xp_p1 */ enum xprt_stat strm_stat; - rpc_u_int32 x_id; + uint32_t x_id; XDR xdrs; char verf_body[MAX_AUTH_BYTES]; }; @@ -128,8 +128,8 @@ struct tcp_conn { /* kept in xprt->xp_p1 */ SVCXPRT * svctcp_create(sock, sendsize, recvsize) register int sock; - unsigned int sendsize; - unsigned int recvsize; + u_int sendsize; + u_int recvsize; { bool_t madesock = FALSE; register SVCXPRT *xprt; @@ -146,7 +146,7 @@ svctcp_create(sock, sendsize, recvsize) } memset((char *)&addr, 0, sizeof (addr)); addr.sin_family = AF_INET; - if (gssrpc_bindresvport(sock, &addr)) { + if (bindresvport(sock, &addr)) { addr.sin_port = 0; (void)bind(sock, (struct sockaddr *)&addr, len); } @@ -176,7 +176,8 @@ svctcp_create(sock, sendsize, recvsize) } xprt->xp_p2 = NULL; xprt->xp_p1 = (caddr_t)r; - xprt->xp_verf = _null_auth; + xprt->xp_auth = NULL; + xprt->xp_verf = gssrpc__null_auth; xprt->xp_ops = &svctcp_rendezvous_op; xprt->xp_port = ntohs(addr.sin_port); xprt->xp_sock = sock; @@ -190,10 +191,10 @@ svctcp_create(sock, sendsize, recvsize) * descriptor as its first input. */ SVCXPRT * -gssrpc_svcfd_create(fd, sendsize, recvsize) +svcfd_create(fd, sendsize, recvsize) int fd; - unsigned int sendsize; - unsigned int recvsize; + u_int sendsize; + u_int recvsize; { return (makefd_xprt(fd, sendsize, recvsize)); @@ -202,8 +203,8 @@ gssrpc_svcfd_create(fd, sendsize, recvsize) static SVCXPRT * makefd_xprt(fd, sendsize, recvsize) int fd; - unsigned int sendsize; - unsigned int recvsize; + u_int sendsize; + u_int recvsize; { register SVCXPRT *xprt; register struct tcp_conn *cd; @@ -225,6 +226,7 @@ makefd_xprt(fd, sendsize, recvsize) (caddr_t)xprt, readtcp, writetcp); xprt->xp_p2 = NULL; xprt->xp_p1 = (caddr_t)cd; + xprt->xp_auth = NULL; xprt->xp_verf.oa_base = cd->verf_body; xprt->xp_addrlen = 0; xprt->xp_laddrlen = 0; @@ -292,6 +294,10 @@ svctcp_destroy(xprt) /* an actual connection socket */ XDR_DESTROY(&(cd->xdrs)); } + if (xprt->xp_auth != NULL) { + SVCAUTH_DESTROY(xprt->xp_auth); + xprt->xp_auth = NULL; + } mem_free((caddr_t)cd, sizeof(struct tcp_conn)); mem_free((caddr_t)xprt, sizeof(SVCXPRT)); } @@ -329,7 +335,7 @@ readtcp(xprtptr, buf, len) do { readfds = mask; tout = wait_per_try; - if (select(_gssrpc_rpc_dtablesize(), &readfds, (fd_set*)NULL, + if (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set*)NULL, (fd_set*)NULL, &tout) <= 0) { if (errno == EINTR) { continue; diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c index a1bcb86a9..46305001b 100644 --- a/src/lib/rpc/svc_udp.c +++ b/src/lib/rpc/svc_udp.c @@ -62,8 +62,8 @@ static bool_t svcudp_getargs(SVCXPRT *, xdrproc_t, void *); static bool_t svcudp_freeargs(SVCXPRT *, xdrproc_t, void *); static void svcudp_destroy(SVCXPRT *); -static void cache_set(SVCXPRT *, rpc_u_int32); -static int cache_get(SVCXPRT *, struct rpc_msg *, char **, rpc_u_int32 *); +static void cache_set(SVCXPRT *, uint32_t); +static int cache_get(SVCXPRT *, struct rpc_msg *, char **, uint32_t *); static struct xp_ops svcudp_op = { svcudp_recv, @@ -79,8 +79,8 @@ static struct xp_ops svcudp_op = { * kept in xprt->xp_p2 */ struct svcudp_data { - unsigned int su_iosz; /* byte size of send.recv buffer */ - rpc_u_int32 su_xid; /* transaction id */ + u_int su_iosz; /* byte size of send.recv buffer */ + uint32_t su_xid; /* transaction id */ XDR su_xdrs; /* XDR handle */ char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */ void * su_cache; /* cached data, NULL if no cache */ @@ -103,7 +103,7 @@ struct svcudp_data { SVCXPRT * svcudp_bufcreate(sock, sendsz, recvsz) register int sock; - unsigned int sendsz, recvsz; + u_int sendsz, recvsz; { bool_t madesock = FALSE; register SVCXPRT *xprt; @@ -120,7 +120,7 @@ svcudp_bufcreate(sock, sendsz, recvsz) } memset((char *)&addr, 0, sizeof (addr)); addr.sin_family = AF_INET; - if (gssrpc_bindresvport(sock, &addr)) { + if (bindresvport(sock, &addr)) { addr.sin_port = 0; (void)bind(sock, (struct sockaddr *)&addr, len); } @@ -149,6 +149,7 @@ svcudp_bufcreate(sock, sendsz, recvsz) &(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_DECODE); su->su_cache = NULL; xprt->xp_p2 = (caddr_t)su; + xprt->xp_auth = NULL; xprt->xp_verf.oa_base = su->su_verfbody; xprt->xp_ops = &svcudp_op; xprt->xp_port = ntohs(addr.sin_port); @@ -184,7 +185,7 @@ svcudp_recv(xprt, msg) register XDR *xdrs = &(su->su_xdrs); register int rlen; char *reply; - rpc_u_int32 replylen; + uint32_t replylen; again: memset((char *) &dummy, 0, sizeof(dummy)); @@ -207,7 +208,7 @@ svcudp_recv(xprt, msg) 0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen)); if (rlen == -1 && errno == EINTR) goto again; - if (rlen < (int) 4*sizeof(rpc_u_int32)) + if (rlen < (int) 4*sizeof(uint32_t)) return (FALSE); xdrs->x_op = XDR_DECODE; XDR_SETPOS(xdrs, 0); @@ -260,7 +261,7 @@ static bool_t svcudp_reply(xprt, msg) == slen) { stat = TRUE; if (su->su_cache && slen >= 0) { - cache_set(xprt, (rpc_u_int32) slen); + cache_set(xprt, (uint32_t) slen); } } } @@ -300,7 +301,13 @@ svcudp_destroy(xprt) register struct svcudp_data *su = su_data(xprt); xprt_unregister(xprt); - (void)close(xprt->xp_sock); + if (xprt->xp_sock != -1) + (void)close(xprt->xp_sock); + xprt->xp_sock = -1; + if (xprt->xp_auth != NULL) { + SVCAUTH_DESTROY(xprt->xp_auth); + xprt->xp_auth = NULL; + } XDR_DESTROY(&(su->su_xdrs)); mem_free(rpc_buffer(xprt), su->su_iosz); mem_free((caddr_t)su, sizeof(struct svcudp_data)); @@ -335,16 +342,16 @@ struct cache_node { /* * Index into cache is xid, proc, vers, prog and address */ - rpc_u_int32 cache_xid; - rpc_u_int32 cache_proc; - rpc_u_int32 cache_vers; - rpc_u_int32 cache_prog; + uint32_t cache_xid; + rpcproc_t cache_proc; + rpcvers_t cache_vers; + rpcprog_t cache_prog; struct sockaddr_in cache_addr; /* * The cached reply and length */ char * cache_reply; - rpc_u_int32 cache_replylen; + uint32_t cache_replylen; /* * Next node on the list, if there is a collision */ @@ -357,13 +364,13 @@ struct cache_node { * The entire cache */ struct udp_cache { - rpc_u_int32 uc_size; /* size of cache */ + uint32_t uc_size; /* size of cache */ cache_ptr *uc_entries; /* hash table of entries in cache */ cache_ptr *uc_fifo; /* fifo list of entries in cache */ - rpc_u_int32 uc_nextvictim; /* points to next victim in fifo list */ - rpc_u_int32 uc_prog; /* saved program number */ - rpc_u_int32 uc_vers; /* saved version number */ - rpc_u_int32 uc_proc; /* saved procedure number */ + uint32_t uc_nextvictim; /* points to next victim in fifo list */ + rpcprog_t uc_prog; /* saved program number */ + rpcvers_t uc_vers; /* saved version number */ + rpcproc_t uc_proc; /* saved procedure number */ struct sockaddr_in uc_addr; /* saved caller's address */ }; @@ -380,9 +387,9 @@ struct udp_cache { * Note: there is no disable. */ int -gssrpc_svcudp_enablecache(transp, size) +svcudp_enablecache(transp, size) SVCXPRT *transp; - rpc_u_int32 size; + uint32_t size; { struct svcudp_data *su = su_data(transp); struct udp_cache *uc; @@ -421,13 +428,13 @@ gssrpc_svcudp_enablecache(transp, size) static void cache_set(xprt, replylen) SVCXPRT *xprt; - rpc_u_int32 replylen; + uint32_t replylen; { register cache_ptr victim; register cache_ptr *vicp; register struct svcudp_data *su = su_data(xprt); struct udp_cache *uc = (struct udp_cache *) su->su_cache; - unsigned int loc; + u_int loc; char *newbuf; /* @@ -488,9 +495,9 @@ cache_get(xprt, msg, replyp, replylenp) SVCXPRT *xprt; struct rpc_msg *msg; char **replyp; - rpc_u_int32 *replylenp; + uint32_t *replylenp; { - unsigned int loc; + u_int loc; register cache_ptr ent; register struct svcudp_data *su = su_data(xprt); register struct udp_cache *uc = (struct udp_cache *) su->su_cache; diff --git a/src/lib/rpc/types.hin b/src/lib/rpc/types.hin index 1012d17df..8c677564f 100644 --- a/src/lib/rpc/types.hin +++ b/src/lib/rpc/types.hin @@ -32,21 +32,109 @@ /* * Rpc additions to */ -#ifndef __TYPES_RPC_HEADER__ -#define __TYPES_RPC_HEADER__ +#ifndef GSSRPC_TYPES_H +#define GSSRPC_TYPES_H #include + +@GSSRPC__SYS_SELECT_H@ +@GSSRPC__SYS_TIME_H@ +@GSSRPC__UNISTD_H@ + +/* + * Try to get MAXHOSTNAMELEN from somewhere. + */ +@GSSRPC__SYS_PARAM_H@ +@GSSRPC__NETDB_H@ + +/* Get htonl(), ntohl(), etc. */ +#include + +#include + +/* + * Pull in typedefs for fixed-width integers somehow, if they weren't + * in sys/types.h. + */ +@GSSRPC__STDINT_H@ +@GSSRPC__INTTYPES_H@ +/* Define if there is no int32_t in system headers. */ +@GSSRPC__FAKE_INT32@ + +#include + +#ifndef GSSRPC__BEGIN_DECLS +#ifdef __cplusplus +#define GSSRPC__BEGIN_DECLS extern "C" { +#define GSSRPC__END_DECLS } +#else +#define GSSRPC__BEGIN_DECLS +#define GSSRPC__END_DECLS +#endif +#endif + +GSSRPC__BEGIN_DECLS + +#if defined(CHAR_BIT) && CHAR_BIT != 8 +#error "Bytes must be exactly 8 bits." +#endif + +/* + * If no int32_t in system headers, fake it by looking for a 32-bit + * two's-complement type. Yes, this stomps on POSIX namespace, but if + * we get here, we're on a system that's far from being + * POSIX-compliant anyway. + */ +#if GSSRPC__FAKE_INT32 +#if (UINT_MAX == 0xffffffffUL) && (INT_MAX == 0x7fffffffL) \ + && (INT_MIN == -INT_MAX-1) +typedef int int32_t; +typedef unsigned int uint32_t; +#else +#if (ULONG_MAX == 0xffffffffUL) && (LONG_MAX == 0x7fffffffL) \ + && (LONG_MIN == -LONG_MAX-1) +typedef long int32_t; +typedef unsigned long uint32_t; +#else +#if (USHRT_MAX == 0xffffffffUL) && (SHRT_MAX == 0x7fffffffL) \ + && (SHRT_MIN == -SHRT_MAX-1) +typedef short int32_t; +typedef unsigned short uint32_t; +#else +#error "Can't fake up int32_t." +#endif +#endif +#endif +#endif /* GSSRPC__FAKE_INT32 */ + +#if (LONG_MIN != -LONG_MAX-1) || (INT_MIN != -INT_MAX-1) \ + || (SHRT_MIN != -SHRT_MAX-1) +#error "Integer types must be two's-complement." +#endif + +/* Define if we need to fake up some BSD type aliases. */ +#ifndef GSSRPC__BSD_TYPEALIASES /* Allow application to override. */ +@GSSRPC__BSD_TYPEALIASES@ +#endif +#if GSSRPC__BSD_TYPEALIASES +typedef unsigned char u_char; +typedef unsigned short u_short; +typedef unsigned int u_int; +typedef unsigned long u_long; +#endif + +typedef uint32_t rpcprog_t; +typedef uint32_t rpcvers_t; +typedef uint32_t rpcprot_t; +typedef uint32_t rpcproc_t; +typedef uint32_t rpcport_t; +typedef int32_t rpc_inline_t; + +typedef int32_t rpc_int32; +typedef uint32_t rpc_u_int32; + /* This is for rpc/netdb.h */ @rpcent_define@ -/* this is a 32-bit int type */ - -#if @SIZEOF_INT@ == 4 -typedef int rpc_int32; -typedef unsigned int rpc_u_int32; -#elif @SIZEOF_LONG@ == 4 -typedef long rpc_int32; -typedef unsigned long rpc_u_int32; -#endif #define bool_t int #define enum_t int @@ -56,24 +144,19 @@ typedef unsigned long rpc_u_int32; #ifndef TRUE # define TRUE (1) #endif +/* XXX namespace */ #define __dontcare__ -1 #ifndef NULL # define NULL 0 #endif -@STDLIB_INCLUDE@ +/* + * The below should probably be internal-only, but seem to be + * traditionally exported in RPC implementations. + */ #define mem_alloc(bsize) malloc(bsize) #define mem_free(ptr, bsize) free(ptr) -#ifndef makedev /* ie, we haven't already included it */ -#include -#endif -#ifdef _AIX -#include -#endif -#include -#include -#include #if 0 #include /* XXX This should not have to be here. * I got sick of seeing the warnings for MAXHOSTNAMELEN @@ -82,11 +165,14 @@ typedef unsigned long rpc_u_int32; #endif #ifndef INADDR_LOOPBACK -#define INADDR_LOOPBACK (rpc_u_int32)0x7F000001 +#define INADDR_LOOPBACK (uint32_t)0x7F000001 #endif #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 64 #endif -#endif /* ndef __TYPES_RPC_HEADER__ */ +GSSRPC__END_DECLS + +#include +#endif /* !defined(GSSRPC_TYPES_H) */ diff --git a/src/lib/rpc/unit-test/ChangeLog b/src/lib/rpc/unit-test/ChangeLog index c36b4dcfd..b4ebf5bd9 100644 --- a/src/lib/rpc/unit-test/ChangeLog +++ b/src/lib/rpc/unit-test/ChangeLog @@ -1,3 +1,9 @@ +2004-05-27 Tom Yu + + * client.c: rpcint_32 -> int32_t. + + * server.c: Update names of AUTH_GSSAPI functions. + 2004-04-02 Ken Raeburn * lib/helpers.exp (expect_kadm_ok): Check for "ERROR" messages and diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c index 502001a54..ffe6739cb 100644 --- a/src/lib/rpc/unit-test/client.c +++ b/src/lib/rpc/unit-test/client.c @@ -32,7 +32,7 @@ struct auth_gssapi_data { /* pre-serialized ah_cred */ u_char cred_buf[MAX_AUTH_BYTES]; - rpc_int32 cred_len; + int32_t cred_len; }; #define AUTH_PRIVATE(auth) ((struct auth_gssapi_data *)auth->ah_private) diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c index d4d06287c..df8f4c993 100644 --- a/src/lib/rpc/unit-test/server.c +++ b/src/lib/rpc/unit-test/server.c @@ -122,14 +122,14 @@ main(int argc, char **argv) exit(1); } - if (_svcauth_gssapi_set_names(names, 0) == FALSE) { + if (svcauth_gssapi_set_names(names, 0) == FALSE) { fprintf(stderr, "unable to set gssapi names\n"); exit(1); } - _svcauth_gssapi_set_log_badauth_func(rpc_test_badauth, NULL); - _svcauth_gssapi_set_log_badverf_func(rpc_test_badverf, NULL); - _svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL); + svcauth_gssapi_set_log_badauth_func(rpc_test_badauth, NULL); + svcauth_gssapi_set_log_badverf_func(rpc_test_badverf, NULL); + svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL); #ifdef POSIX_SIGNALS (void) sigemptyset(&sa.sa_mask); diff --git a/src/lib/rpc/xdr.c b/src/lib/rpc/xdr.c index 07c7f67f8..2a9eae8fb 100644 --- a/src/lib/rpc/xdr.c +++ b/src/lib/rpc/xdr.c @@ -50,9 +50,9 @@ static char sccsid[] = "@(#)xdr.c 1.35 87/08/12"; /* * constants specific to the xdr "protocol" */ -#define XDR_FALSE ((rpc_int32) 0) -#define XDR_TRUE ((rpc_int32) 1) -#define LASTUNSIGNED ((unsigned int) 0-1) +#define XDR_FALSE ((long) 0) +#define XDR_TRUE ((long) 1) +#define LASTUNSIGNED ((u_int) 0-1) /* * for unit alignment @@ -64,7 +64,7 @@ static char xdr_zero[BYTES_PER_XDR_UNIT] = { 0, 0, 0, 0 }; * Not a filter, but a convenient utility nonetheless */ void -gssrpc_xdr_free(proc, objp) +xdr_free(proc, objp) xdrproc_t proc; void *objp; { @@ -94,34 +94,31 @@ xdr_int(xdrs, ip) XDR *xdrs; int *ip; { + long l; -#ifdef lint - (void) (xdr_short(xdrs, (short *)ip)); - return (xdr_long(xdrs, (rpc_int32 *)ip)); -#else - if (sizeof (int) >= 4) { - long l; - switch (xdrs->x_op) { - case XDR_ENCODE: - l = *ip; - return (xdr_long(xdrs, &l)); - - case XDR_DECODE: - if (!xdr_long(xdrs, &l)) { - return (FALSE); - } - *ip = l; - return (TRUE); - - case XDR_FREE: - return (TRUE); - } - } else { - return (xdr_short(xdrs, (short *)ip)); + switch (xdrs->x_op) { + + case XDR_ENCODE: + if (*ip > 0x7fffffffL) + return (FALSE); + + l = (long) *ip; + return (XDR_PUTLONG(xdrs, &l)); + + case XDR_DECODE: + if (!XDR_GETLONG(xdrs, &l)) + return (FALSE); + + if ((u_long)l > UINT_MAX || l < INT_MIN) + return (FALSE); + + *ip = (int) l; + + case XDR_FREE: + return (TRUE); } /*NOTREACHED*/ return(FALSE); -#endif } /* @@ -130,98 +127,84 @@ xdr_int(xdrs, ip) bool_t xdr_u_int(xdrs, up) XDR *xdrs; - unsigned int *up; + u_int *up; { -#ifdef lint - (void) (xdr_short(xdrs, (short *)up)); - return (xdr_u_long(xdrs, (rpc_u_int32 *)up)); -#else - if (sizeof (unsigned int) >= 4) { - unsigned long l; - switch (xdrs->x_op) { - case XDR_ENCODE: - l = *up; - return (xdr_u_long(xdrs, &l)); - - case XDR_DECODE: - if (!xdr_u_long(xdrs, &l)) { - return (FALSE); - } - *up = l; - return (TRUE); - - case XDR_FREE: - return (TRUE); - } - } else { - return (xdr_short(xdrs, (short *)up)); + u_long l; + + switch (xdrs->x_op) { + + case XDR_ENCODE: + if (*up > 0xffffffffUL) + return (FALSE); + + l = (u_long)*up; + return (XDR_PUTLONG(xdrs, (long *) &l)); + + case XDR_DECODE: + if (!XDR_GETLONG(xdrs, (long *) &l)) + return (FALSE); + + if (l > UINT_MAX) + return (FALSE); + + *up = (u_int) l; + return (TRUE); + + case XDR_FREE: + return (TRUE); } /*NOTREACHED*/ return(FALSE); -#endif } /* * XDR long integers - * same as xdr_u_long - open coded to save a proc call! */ bool_t xdr_long(xdrs, lp) register XDR *xdrs; long *lp; { - if (xdrs->x_op == XDR_ENCODE) { - if (sizeof (long) > 4) { - /* See if the dereferenced value fits in 4 bytes. If not, return FALSE. - * Check by loading value into a rpc_int32, then loading back and comparing - * results. - */ - rpc_int32 i = (int) *lp; - long l = i; - if (l != *lp) { - return (FALSE); - } - } - return (XDR_PUTLONG(xdrs, lp)); - } - if (xdrs->x_op == XDR_DECODE) - return (XDR_GETLONG(xdrs, lp)); - if (xdrs->x_op == XDR_FREE) - return (TRUE); + switch (xdrs->x_op) { + case XDR_ENCODE: + if (*lp > 0x7fffffffL) + return (FALSE); + + return (XDR_PUTLONG(xdrs, lp)); - return (FALSE); + case XDR_DECODE: + return (XDR_GETLONG(xdrs, lp)); + + case XDR_FREE: + return (TRUE); + } + return (FALSE); } /* * XDR unsigned long integers - * same as xdr_long - open coded to save a proc call! */ bool_t xdr_u_long(xdrs, ulp) register XDR *xdrs; - unsigned long *ulp; + u_long *ulp; { - if (xdrs->x_op == XDR_ENCODE) { - if (sizeof (unsigned long) > 4) { - /* See if the dereferenced value fits in 4 bytes. If not, return FALSE. - * Check by loading value into a rpc_int32, then loading back and comparing - * results. - */ - unsigned int ui = *ulp; - unsigned long ul = ui; - if (ul != *ulp) { + + switch (xdrs->x_op) { + case XDR_ENCODE: + if (*ulp > 0xffffffffUL) + return (FALSE); + + return (XDR_PUTLONG(xdrs, (long *) ulp)); + + case XDR_DECODE: + return (XDR_GETLONG(xdrs, (long *) ulp)); + + case XDR_FREE: + return (TRUE); + } return (FALSE); - } - } - return (XDR_PUTLONG(xdrs, (long *)ulp)); - } - if (xdrs->x_op == XDR_DECODE) { - return (XDR_GETLONG(xdrs, (long *)ulp)); - } - if (xdrs->x_op == XDR_FREE) - return (TRUE); - return (FALSE); } /* @@ -259,21 +242,21 @@ xdr_short(xdrs, sp) bool_t xdr_u_short(xdrs, usp) register XDR *xdrs; - unsigned short *usp; + u_short *usp; { - unsigned long l; + u_long l; switch (xdrs->x_op) { case XDR_ENCODE: - l = (unsigned long) *usp; + l = (u_long) *usp; return (XDR_PUTLONG(xdrs, (long *) &l)); case XDR_DECODE: if (!XDR_GETLONG(xdrs, (long *) &l)) { return (FALSE); } - *usp = (unsigned short) l; + *usp = (u_short) l; return (TRUE); case XDR_FREE: @@ -307,9 +290,9 @@ xdr_char(xdrs, cp) bool_t xdr_u_char(xdrs, cp) XDR *xdrs; - unsigned char *cp; + u_char *cp; { - unsigned int u; + u_int u; u = (*cp); if (!xdr_u_int(xdrs, &u)) { @@ -362,8 +345,8 @@ xdr_enum(xdrs, ep) /* * enums are treated as ints */ - if (sizeof (enum sizecheck) == sizeof (rpc_int32)) { - return (xdr_int32(xdrs, (rpc_int32 *)ep)); + if (sizeof (enum sizecheck) == sizeof (long)) { + return (xdr_long(xdrs, (long *)ep)); } else if (sizeof (enum sizecheck) == sizeof (short)) { return (xdr_short(xdrs, (short *)ep)); } else { @@ -384,9 +367,9 @@ bool_t xdr_opaque(xdrs, cp, cnt) register XDR *xdrs; caddr_t cp; - register unsigned int cnt; + register u_int cnt; { - register unsigned int rndup; + register u_int rndup; static int crud[BYTES_PER_XDR_UNIT]; /* @@ -436,11 +419,11 @@ bool_t xdr_bytes(xdrs, cpp, sizep, maxsize) register XDR *xdrs; char **cpp; - register unsigned int *sizep; - unsigned int maxsize; + register u_int *sizep; + u_int maxsize; { register char *sp = *cpp; /* sp is the actual string pointer */ - register unsigned int nodesize; + register u_int nodesize; /* * first deal with the length since xdr bytes are counted @@ -499,49 +482,53 @@ xdr_netobj(xdrs, np) bool_t xdr_int32(xdrs, ip) XDR *xdrs; - rpc_int32 *ip; + int32_t *ip; { - long l; - switch (xdrs->x_op) { - case XDR_ENCODE: - l = *ip; - return (xdr_long(xdrs, &l)); - - case XDR_DECODE: - if (!xdr_long(xdrs, &l)) { - return (FALSE); - } - *ip = l; - return (TRUE); - - case XDR_FREE: - return (TRUE); - } - return(FALSE); + long l; + + switch (xdrs->x_op) { + + case XDR_ENCODE: + l = *ip; + return (xdr_long(xdrs, &l)); + + case XDR_DECODE: + if (!xdr_long(xdrs, &l)) { + return (FALSE); + } + *ip = l; + return (TRUE); + + case XDR_FREE: + return (TRUE); + } + return (FALSE); } bool_t xdr_u_int32(xdrs, up) XDR *xdrs; - rpc_u_int32 *up; + uint32_t *up; { - unsigned long ul; - switch (xdrs->x_op) { - case XDR_ENCODE: - ul = *up; - return (xdr_u_long(xdrs, &ul)); - - case XDR_DECODE: - if (!xdr_u_long(xdrs, &ul)) { - return (FALSE); - } - *up = ul; - return (TRUE); - - case XDR_FREE: - return (TRUE); - } - return(FALSE); + u_long ul; + + switch (xdrs->x_op) { + + case XDR_ENCODE: + ul = *up; + return (xdr_u_long(xdrs, &ul)); + + case XDR_DECODE: + if (!xdr_u_long(xdrs, &ul)) { + return (FALSE); + } + *up = ul; + return (TRUE); + + case XDR_FREE: + return (TRUE); + } + return (FALSE); } /* @@ -608,11 +595,11 @@ bool_t xdr_string(xdrs, cpp, maxsize) register XDR *xdrs; char **cpp; - unsigned int maxsize; + u_int maxsize; { register char *sp = *cpp; /* sp is the actual string pointer */ - unsigned int size; - unsigned int nodesize; + u_int size; + u_int nodesize; /* * first deal with the length since xdr strings are counted-strings diff --git a/src/lib/rpc/xdr.h b/src/lib/rpc/xdr.h index 9181fc7a1..6b982dc8e 100644 --- a/src/lib/rpc/xdr.h +++ b/src/lib/rpc/xdr.h @@ -35,12 +35,12 @@ * Copyright (C) 1984, Sun Microsystems, Inc. */ -#ifndef __XDR_HEADER__ -#define __XDR_HEADER__ +#ifndef GSSRPC_XDR_H +#define GSSRPC_XDR_H -/* We need FILE. */ -#include +#include /* for FILE */ +GSSRPC__BEGIN_DECLS /* * XDR provides a conventional way for converting between C data * types and an external bit-string representation. Library supplied @@ -108,32 +108,32 @@ typedef bool_t (*xdrproc_t)(); * an operations vector for the paticular implementation (e.g. see xdr_mem.c), * and two private fields for the use of the particular impelementation. */ -typedef struct __xdr_s { +typedef struct XDR { enum xdr_op x_op; /* operation; fast additional param */ struct xdr_ops { - /* get a long from underlying stream */ - bool_t (*x_getlong)(struct __xdr_s *, long *); + /* get a long from underlying stream */ + bool_t (*x_getlong)(struct XDR *, long *); - /* put a long to underlying stream */ - bool_t (*x_putlong)(struct __xdr_s *, long *); + /* put a long to underlying stream */ + bool_t (*x_putlong)(struct XDR *, long *); - /* get some bytes from underlying stream */ - bool_t (*x_getbytes)(struct __xdr_s *, caddr_t, unsigned int); + /* get some bytes from underlying stream */ + bool_t (*x_getbytes)(struct XDR *, caddr_t, u_int); - /* put some bytes to underlying stream */ - bool_t (*x_putbytes)(struct __xdr_s *, caddr_t, unsigned int); + /* put some bytes to underlying stream */ + bool_t (*x_putbytes)(struct XDR *, caddr_t, u_int); - /* returns bytes off from beginning */ - unsigned int (*x_getpostn)(struct __xdr_s *); + /* returns bytes off from beginning */ + u_int (*x_getpostn)(struct XDR *); - /* lets you reposition the stream */ - bool_t (*x_setpostn)(struct __xdr_s *, unsigned int); + /* lets you reposition the stream */ + bool_t (*x_setpostn)(struct XDR *, u_int); - /* buf quick ptr to buffered data */ - rpc_int32 * (*x_inline)(struct __xdr_s *, int); + /* buf quick ptr to buffered data */ + rpc_inline_t *(*x_inline)(struct XDR *, int); - /* free privates of this xdr_stream */ - void (*x_destroy)(struct __xdr_s *); + /* free privates of this xdr_stream */ + void (*x_destroy)(struct XDR *); } *x_ops; caddr_t x_public; /* users' data */ void * x_private; /* pointer to private data */ @@ -145,10 +145,10 @@ typedef struct __xdr_s { * Operations defined on a XDR handle * * XDR *xdrs; - * rpc_int32 *longp; + * int32_t *longp; * caddr_t addr; - * unsigned int len; - * unsigned int pos; + * u_int len; + * u_int pos; */ #define XDR_GETLONG(xdrs, longp) \ (*(xdrs)->x_ops->x_getlong)(xdrs, longp) @@ -223,159 +223,106 @@ struct xdr_discrim { * N.B. and frozen for all time: each data type here uses 4 bytes * of external representation. */ -#define IXDR_GET_LONG(buf) ((long)ntohl((rpc_u_int32)*(buf)++)) -#define IXDR_PUT_LONG(buf, v) (*(buf)++ = (rpc_int32)htonl((rpc_u_int32)v)) +#define IXDR_GET_INT32(buf) ((int32_t)ntohl((uint32_t)*(buf)++)) +#define IXDR_PUT_INT32(buf, v) (*(buf)++ = (int32_t)htonl((uint32_t)(v))) +#define IXDR_GET_U_INT32(buf) ((uint32_t)IXDR_GET_INT32(buf)) +#define IXDR_PUT_U_INT32(buf, v) IXDR_PUT_INT32(buf, (int32_t)(v)) + +#define IXDR_GET_LONG(buf) ((long)ntohl((uint32_t)*(buf)++)) +#define IXDR_PUT_LONG(buf, v) (*(buf)++ = (int32_t)htonl((uint32_t)(v))) #define IXDR_GET_BOOL(buf) ((bool_t)IXDR_GET_LONG(buf)) #define IXDR_GET_ENUM(buf, t) ((t)IXDR_GET_LONG(buf)) -#define IXDR_GET_U_LONG(buf) ((rpc_u_int32)IXDR_GET_LONG(buf)) +#define IXDR_GET_U_LONG(buf) ((u_long)IXDR_GET_LONG(buf)) #define IXDR_GET_SHORT(buf) ((short)IXDR_GET_LONG(buf)) -#define IXDR_GET_U_SHORT(buf) ((unsigned short)IXDR_GET_LONG(buf)) +#define IXDR_GET_U_SHORT(buf) ((u_short)IXDR_GET_LONG(buf)) -#define IXDR_PUT_BOOL(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v))) -#define IXDR_PUT_ENUM(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v))) -#define IXDR_PUT_U_LONG(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v))) -#define IXDR_PUT_SHORT(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v))) -#define IXDR_PUT_U_SHORT(buf, v) IXDR_PUT_LONG((buf), ((rpc_int32)(v))) +#define IXDR_PUT_BOOL(buf, v) IXDR_PUT_LONG((buf), ((long)(v))) +#define IXDR_PUT_ENUM(buf, v) IXDR_PUT_LONG((buf), ((long)(v))) +#define IXDR_PUT_U_LONG(buf, v) IXDR_PUT_LONG((buf), ((long)(v))) +#define IXDR_PUT_SHORT(buf, v) IXDR_PUT_LONG((buf), ((long)(v))) +#define IXDR_PUT_U_SHORT(buf, v) IXDR_PUT_LONG((buf), ((long)(v))) /* * These are the "generic" xdr routines. */ -#define xdr_void gssrpc_xdr_void -#define xdr_int gssrpc_xdr_int -#define xdr_u_int gssrpc_xdr_u_int -#define xdr_long gssrpc_xdr_long -#define xdr_u_long gssrpc_xdr_u_long -#define xdr_short gssrpc_xdr_short -#define xdr_u_short gssrpc_xdr_u_short -#define xdr_bool gssrpc_xdr_bool -#define xdr_enum gssrpc_xdr_enum -#define xdr_array gssrpc_xdr_array -#define xdr_bytes gssrpc_xdr_bytes -#define xdr_opaque gssrpc_xdr_opaque -#define xdr_string gssrpc_xdr_string -#define xdr_union gssrpc_xdr_union -#define xdr_char gssrpc_xdr_char -#define xdr_u_char gssrpc_xdr_u_char -#define xdr_vector gssrpc_xdr_vector -#define xdr_float gssrpc_xdr_float -#define xdr_double gssrpc_xdr_double -#define xdr_reference gssrpc_xdr_reference -#define xdr_pointer gssrpc_xdr_pointer -#define xdr_wrapstring gssrpc_xdr_wrapstring - extern bool_t xdr_void(XDR *, void *); -extern bool_t xdr_int -(XDR *, int *); -extern bool_t xdr_u_int -(XDR *, unsigned int *); -extern bool_t xdr_long -(XDR *, long *); -extern bool_t xdr_u_long -(XDR *, unsigned long *); -extern bool_t xdr_short -(XDR *, short *); -extern bool_t xdr_u_short -(XDR *, unsigned short *); -extern bool_t xdr_bool -(XDR *, bool_t *); -extern bool_t xdr_enum -(XDR *, enum_t *); -extern bool_t xdr_array -(XDR *, caddr_t *, unsigned int*, unsigned int, unsigned int, xdrproc_t); -extern bool_t xdr_bytes -(XDR *, char **, unsigned int *, unsigned int); -extern bool_t xdr_opaque -(XDR *, caddr_t, unsigned int); -extern bool_t xdr_string -(XDR *, char **, unsigned int); -extern bool_t xdr_union -(XDR *, enum_t *, char *, struct xdr_discrim *, xdrproc_t); -extern bool_t xdr_char -(XDR *, char *); -extern bool_t xdr_u_char -(XDR *, unsigned char *); -extern bool_t xdr_vector -(XDR *, char *, unsigned int, unsigned int, xdrproc_t); -extern bool_t xdr_float -(XDR *, float *); -extern bool_t xdr_double -(XDR *, double *); -extern bool_t xdr_reference -(XDR *, caddr_t *, unsigned int, xdrproc_t); -extern bool_t xdr_pointer -(XDR *, char **, unsigned int, xdrproc_t); -extern bool_t xdr_wrapstring -(XDR *, char **); +extern bool_t xdr_int(XDR *, int *); +extern bool_t xdr_u_int(XDR *, u_int *); +extern bool_t xdr_long(XDR *, long *); +extern bool_t xdr_u_long(XDR *, u_long *); +extern bool_t xdr_short(XDR *, short *); +extern bool_t xdr_u_short(XDR *, u_short *); +extern bool_t xdr_bool(XDR *, bool_t *); +extern bool_t xdr_enum(XDR *, enum_t *); +extern bool_t xdr_array(XDR *, caddr_t *, u_int *, + u_int, u_int, xdrproc_t); +extern bool_t xdr_bytes(XDR *, char **, u_int *, u_int); +extern bool_t xdr_opaque(XDR *, caddr_t, u_int); +extern bool_t xdr_string(XDR *, char **, u_int); +extern bool_t xdr_union(XDR *, enum_t *, char *, struct xdr_discrim *, + xdrproc_t); +extern bool_t xdr_char(XDR *, char *); +extern bool_t xdr_u_char(XDR *, u_char *); +extern bool_t xdr_vector(XDR *, char *, u_int, u_int, xdrproc_t); +extern bool_t xdr_float(XDR *, float *); +extern bool_t xdr_double(XDR *, double *); +extern bool_t xdr_reference(XDR *, caddr_t *, u_int, xdrproc_t); +extern bool_t xdr_pointer(XDR *, char **, u_int, xdrproc_t); +extern bool_t xdr_wrapstring(XDR *, char **); /* * Common opaque bytes objects used by many rpc protocols; * declared here due to commonality. */ -#define xdr_netobj gssrpc_xdr_netobj -#define xdr_int32 gssrpc_xdr_int32 -#define xdr_u_int32 gssrpc_xdr_u_int32 - -#define MAX_NETOBJ_SZ 1024 +#define MAX_NETOBJ_SZ 2048 struct netobj { - unsigned int n_len; + u_int n_len; char *n_bytes; }; typedef struct netobj netobj; -extern bool_t xdr_netobj -(XDR *, struct netobj *); -extern bool_t xdr_int32 -(XDR *, rpc_int32 *); -extern bool_t xdr_u_int32 -(XDR *, rpc_u_int32 *); +extern bool_t xdr_netobj(XDR *, struct netobj *); + +extern bool_t xdr_int32(XDR *, int32_t *); +extern bool_t xdr_u_int32(XDR *, uint32_t *); /* * These are the public routines for the various implementations of * xdr streams. */ -#define xdrmem_create gssrpc_xdrmem_create -#define xdrstdio_create gssrpc_xdrstdio_create -#define xdrrec_create gssrpc_xdrrec_create -#define xdralloc_create gssrpc_xdralloc_create -#define xdralloc_release gssrpc_xdralloc_release -#define xdrrec_endofrecord gssrpc_xdrrec_endofrecord -#define xdrrec_skiprecord gssrpc_xdrrec_skiprecord -#define xdrrec_eof gssrpc_xdrrec_eof -#define xdralloc_getdata gssrpc_xdralloc_getdata /* XDR allocating memory buffer */ -extern void xdralloc_create (XDR *xdrs, enum xdr_op op); +extern void xdralloc_create(XDR *, enum xdr_op); /* destroy xdralloc, save buf */ -extern void xdralloc_release (XDR *xdrs); +extern void xdralloc_release(XDR *); /* get buffer from xdralloc */ -extern caddr_t xdralloc_getdata (XDR *xdrs); +extern caddr_t xdralloc_getdata(XDR *); /* XDR using memory buffers */ -extern void xdrmem_create (XDR *xdrs, caddr_t addr, - unsigned int size, enum xdr_op xop); +extern void xdrmem_create(XDR *, caddr_t, u_int, enum xdr_op); /* XDR using stdio library */ -extern void xdrstdio_create (XDR *xdrs, FILE *file, - enum xdr_op op); +extern void xdrstdio_create(XDR *, FILE *, enum xdr_op); /* XDR pseudo records for tcp */ -extern void xdrrec_create (XDR *xdrs, unsigned int sendsize, - unsigned int recvsize, caddr_t tcp_handle, - int (*readit) (caddr_t, caddr_t, int), - int (*writeit) (caddr_t, caddr_t, int)); +extern void xdrrec_create(XDR *xdrs, u_int, u_int, caddr_t, + int (*) (caddr_t, caddr_t, int), + int (*) (caddr_t, caddr_t, int)); /* make end of xdr record */ -extern bool_t xdrrec_endofrecord (XDR *xdrs, bool_t sendnow); +extern bool_t xdrrec_endofrecord(XDR *, bool_t); /* move to beginning of next record */ -extern bool_t xdrrec_skiprecord (XDR *xdrs); +extern bool_t xdrrec_skiprecord (XDR *xdrs); /* true if no more input */ -extern bool_t xdrrec_eof (XDR *xdrs); +extern bool_t xdrrec_eof (XDR *xdrs); /* free memory buffers for xdr */ -extern void gssrpc_xdr_free (xdrproc_t proc, void *__objp); -#endif /* !__XDR_HEADER__ */ +extern void xdr_free (xdrproc_t, void *); +GSSRPC__END_DECLS + +#endif /* !defined(GSSRPC_XDR_H) */ diff --git a/src/lib/rpc/xdr_alloc.c b/src/lib/rpc/xdr_alloc.c index ee83cdec0..4cd17056f 100644 --- a/src/lib/rpc/xdr_alloc.c +++ b/src/lib/rpc/xdr_alloc.c @@ -43,7 +43,7 @@ static char sccsid[] = "@(#)xdr_mem.c 1.19 87/08/11 Copyr 1984 Sun Micro"; static bool_t xdralloc_putlong(XDR *, long *); static bool_t xdralloc_putbytes(XDR *, caddr_t, unsigned int); static unsigned int xdralloc_getpos(XDR *); -static rpc_int32 * xdralloc_inline(XDR *, int); +static rpc_inline_t * xdralloc_inline(XDR *, int); static void xdralloc_destroy(XDR *); static bool_t xdralloc_notsup_getlong(XDR *, long *); static bool_t xdralloc_notsup_getbytes(XDR *, caddr_t, unsigned int); @@ -102,7 +102,7 @@ static bool_t xdralloc_putlong(xdrs, lp) register XDR *xdrs; long *lp; { - int l = htonl((rpc_u_int32) *lp); /* XXX need bounds checking */ + int l = htonl((uint32_t) *lp); /* XXX need bounds checking */ /* XXX assumes sizeof(int)==4 */ if (DynInsert((DynObject) xdrs->x_private, @@ -149,9 +149,9 @@ static bool_t xdralloc_notsup_setpos(xdrs, lp) -static rpc_int32 *xdralloc_inline(xdrs, len) +static rpc_inline_t *xdralloc_inline(xdrs, len) register XDR *xdrs; int len; { - return (rpc_int32 *) 0; + return (rpc_inline_t *) 0; } diff --git a/src/lib/rpc/xdr_array.c b/src/lib/rpc/xdr_array.c index 278536873..8ae0ec7ce 100644 --- a/src/lib/rpc/xdr_array.c +++ b/src/lib/rpc/xdr_array.c @@ -45,7 +45,7 @@ static char sccsid[] = "@(#)xdr_array.c 1.10 87/08/11 Copyr 1984 Sun Micro"; #include #include -#define LASTUNSIGNED ((unsigned int)0-1) +#define LASTUNSIGNED ((u_int)0-1) /* @@ -59,16 +59,16 @@ bool_t xdr_array(xdrs, addrp, sizep, maxsize, elsize, elproc) register XDR *xdrs; caddr_t *addrp; /* array pointer */ - unsigned int *sizep; /* number of elements */ - unsigned int maxsize; /* max numberof elements */ - unsigned int elsize; /* size in bytes of each element */ + u_int *sizep; /* number of elements */ + u_int maxsize; /* max numberof elements */ + u_int elsize; /* size in bytes of each element */ xdrproc_t elproc; /* xdr routine to handle each element */ { - register unsigned int i; + register u_int i; register caddr_t target = *addrp; - register unsigned int c; /* the actual element count */ + register u_int c; /* the actual element count */ register bool_t stat = TRUE; - register unsigned int nodesize; + register u_int nodesize; /* like strings, arrays are really counted arrays */ if (! xdr_u_int(xdrs, sizep)) { @@ -138,11 +138,11 @@ bool_t xdr_vector(xdrs, basep, nelem, elemsize, xdr_elem) register XDR *xdrs; register char *basep; - register unsigned int nelem; - register unsigned int elemsize; + register u_int nelem; + register u_int elemsize; register xdrproc_t xdr_elem; { - register unsigned int i; + register u_int i; register char *elptr; elptr = basep; diff --git a/src/lib/rpc/xdr_float.c b/src/lib/rpc/xdr_float.c index 894b9e820..6fd2b1756 100644 --- a/src/lib/rpc/xdr_float.c +++ b/src/lib/rpc/xdr_float.c @@ -118,7 +118,7 @@ xdr_float(xdrs, fp) is.mantissa = (vs.mantissa1 << 16) | vs.mantissa2; shipit: is.sign = vs.sign; - return (XDR_PUTLONG(xdrs, (rpc_int32 *)&is)); + return (XDR_PUTLONG(xdrs, (int32_t *)&is)); #endif case XDR_DECODE: @@ -130,7 +130,7 @@ xdr_float(xdrs, fp) return (TRUE); #else vsp = (struct vax_single *)fp; - if (!XDR_GETLONG(xdrs, (rpc_int32 *)&is)) + if (!XDR_GETLONG(xdrs, (int32_t *)&is)) return (FALSE); for (i = 0, lim = sgl_limits; i < sizeof(sgl_limits)/sizeof(struct sgl_limits); @@ -200,7 +200,7 @@ xdr_double(xdrs, dp) register XDR *xdrs; double *dp; { - register rpc_int32 *lp; + register int32_t *lp; #if defined(vax) struct ieee_double id; struct vax_double vd; @@ -212,8 +212,8 @@ xdr_double(xdrs, dp) case XDR_ENCODE: #if !defined(vax) - lp = (rpc_int32 *)dp; - if (sizeof(rpc_int32) == sizeof(long)) { + lp = (int32_t *)dp; + if (sizeof(int32_t) == sizeof(long)) { return (XDR_PUTLONG(xdrs, lp++) && XDR_PUTLONG(xdrs, lp)); } else { long lg1 = *lp++;; @@ -241,14 +241,14 @@ xdr_double(xdrs, dp) ((vd.mantissa4 >> 3) & MASK(13)); shipit: id.sign = vd.sign; - lp = (rpc_int32 *)&id; + lp = (int32_t *)&id; return (XDR_PUTLONG(xdrs, lp++) && XDR_PUTLONG(xdrs, lp)); #endif case XDR_DECODE: #if !defined(vax) - lp = (rpc_int32 *)dp; - if (sizeof(rpc_int32) == sizeof(long)) { + lp = (int32_t *)dp; + if (sizeof(int32_t) == sizeof(long)) { return (XDR_GETLONG(xdrs, lp++) && XDR_GETLONG(xdrs, lp)); } else { long lg1, lg2; @@ -259,7 +259,7 @@ xdr_double(xdrs, dp) return flag; } #else - lp = (rpc_int32 *)&id; + lp = (int32_t *)&id; if (!XDR_GETLONG(xdrs, lp++) || !XDR_GETLONG(xdrs, lp)) return (FALSE); for (i = 0, lim = dbl_limits; diff --git a/src/lib/rpc/xdr_mem.c b/src/lib/rpc/xdr_mem.c index 58e2d82a3..2e4769977 100644 --- a/src/lib/rpc/xdr_mem.c +++ b/src/lib/rpc/xdr_mem.c @@ -52,11 +52,11 @@ static char sccsid[] = "@(#)xdr_mem.c 1.19 87/08/11 Copyr 1984 Sun Micro"; static bool_t xdrmem_getlong(XDR *, long *); static bool_t xdrmem_putlong(XDR *, long *); -static bool_t xdrmem_getbytes(XDR *, caddr_t, unsigned int); -static bool_t xdrmem_putbytes(XDR *, caddr_t, unsigned int); -static unsigned int xdrmem_getpos(XDR *); -static bool_t xdrmem_setpos(XDR *, unsigned int); -static rpc_int32 * xdrmem_inline(XDR *, int); +static bool_t xdrmem_getbytes(XDR *, caddr_t, u_int); +static bool_t xdrmem_putbytes(XDR *, caddr_t, u_int); +static u_int xdrmem_getpos(XDR *); +static bool_t xdrmem_setpos(XDR *, u_int); +static rpc_inline_t * xdrmem_inline(XDR *, int); static void xdrmem_destroy(XDR *); static struct xdr_ops xdrmem_ops = { @@ -78,7 +78,7 @@ void xdrmem_create(xdrs, addr, size, op) register XDR *xdrs; caddr_t addr; - unsigned int size; + u_int size; enum xdr_op op; { @@ -100,12 +100,12 @@ xdrmem_getlong(xdrs, lp) long *lp; { - if (xdrs->x_handy < sizeof(rpc_int32)) + if (xdrs->x_handy < BYTES_PER_XDR_UNIT) return (FALSE); else - xdrs->x_handy -= sizeof(rpc_int32); - *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private))); - xdrs->x_private = (char *)xdrs->x_private + sizeof(rpc_int32); + xdrs->x_handy -= BYTES_PER_XDR_UNIT; + *lp = (long)ntohl(*((uint32_t *)(xdrs->x_private))); + xdrs->x_private = (char *)xdrs->x_private + BYTES_PER_XDR_UNIT; return (TRUE); } @@ -115,12 +115,12 @@ xdrmem_putlong(xdrs, lp) long *lp; { - if (xdrs->x_handy < sizeof(rpc_int32)) + if (xdrs->x_handy < BYTES_PER_XDR_UNIT) return (FALSE); else - xdrs->x_handy -= sizeof(rpc_int32); - *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp)); - xdrs->x_private = (char *)xdrs->x_private + sizeof(rpc_int32); + xdrs->x_handy -= BYTES_PER_XDR_UNIT; + *(int32_t *)xdrs->x_private = (int32_t)htonl((uint32_t)(*lp)); + xdrs->x_private = (char *)xdrs->x_private + BYTES_PER_XDR_UNIT; return (TRUE); } @@ -128,7 +128,7 @@ static bool_t xdrmem_getbytes(xdrs, addr, len) register XDR *xdrs; caddr_t addr; - register unsigned int len; + register u_int len; { if (xdrs->x_handy < len) @@ -144,7 +144,7 @@ static bool_t xdrmem_putbytes(xdrs, addr, len) register XDR *xdrs; caddr_t addr; - register unsigned int len; + register u_int len; { if (xdrs->x_handy < len) @@ -156,7 +156,7 @@ xdrmem_putbytes(xdrs, addr, len) return (TRUE); } -static unsigned int +static u_int xdrmem_getpos(xdrs) register XDR *xdrs; { @@ -164,13 +164,13 @@ xdrmem_getpos(xdrs) * 11/3/95 - JRG - Rather than recast everything for 64 bit, just convert * pointers to longs, then cast to int. */ - return (unsigned int)((unsigned long)xdrs->x_private - (unsigned long)xdrs->x_base); + return (u_int)((u_long)xdrs->x_private - (u_long)xdrs->x_base); } static bool_t xdrmem_setpos(xdrs, pos) register XDR *xdrs; - unsigned int pos; + u_int pos; { register caddr_t newaddr = xdrs->x_base + pos; register caddr_t lastaddr = (char *) xdrs->x_private + xdrs->x_handy; @@ -182,16 +182,16 @@ xdrmem_setpos(xdrs, pos) return (TRUE); } -static rpc_int32 * +static rpc_inline_t * xdrmem_inline(xdrs, len) register XDR *xdrs; int len; { - rpc_int32 *buf = 0; + rpc_inline_t *buf = 0; if (len >= 0 && xdrs->x_handy >= len) { xdrs->x_handy -= len; - buf = (rpc_int32 *) xdrs->x_private; + buf = (rpc_inline_t *) xdrs->x_private; xdrs->x_private = (char *)xdrs->x_private + len; } return (buf); diff --git a/src/lib/rpc/xdr_rec.c b/src/lib/rpc/xdr_rec.c index 28faaf24c..ae79627e2 100644 --- a/src/lib/rpc/xdr_rec.c +++ b/src/lib/rpc/xdr_rec.c @@ -42,7 +42,7 @@ static char sccsid[] = "@(#)xdr_rec.c 1.21 87/08/11 Copyr 1984 Sun Micro"; * and the tcp transport level. A record is composed on one or more * record fragments. A record fragment is a thirty-two bit header followed * by n bytes of data, where n is contained in the header. The header - * is represented as a htonl(rpc_u_int32). Thegh order bit encodes + * is represented as a htonl(uint32_t). Thegh order bit encodes * whether or not the fragment is the last fragment of the record * (1 => fragment is last, 0 => more fragments to follow. * The other 31 bits encode the byte length of the fragment. @@ -58,11 +58,11 @@ static char sccsid[] = "@(#)xdr_rec.c 1.21 87/08/11 Copyr 1984 Sun Micro"; static bool_t xdrrec_getlong(XDR *, long *); static bool_t xdrrec_putlong(XDR *, long *); -static bool_t xdrrec_getbytes(XDR *, caddr_t, unsigned int); -static bool_t xdrrec_putbytes(XDR *, caddr_t, unsigned int); -static unsigned int xdrrec_getpos(XDR *); -static bool_t xdrrec_setpos(XDR *, unsigned int); -static rpc_int32 * xdrrec_inline(XDR *, int); +static bool_t xdrrec_getbytes(XDR *, caddr_t, u_int); +static bool_t xdrrec_putbytes(XDR *, caddr_t, u_int); +static u_int xdrrec_getpos(XDR *); +static bool_t xdrrec_setpos(XDR *, u_int); +static rpc_inline_t * xdrrec_inline(XDR *, int); static void xdrrec_destroy(XDR *); static struct xdr_ops xdrrec_ops = { @@ -78,8 +78,8 @@ static struct xdr_ops xdrrec_ops = { /* * A record is composed of one or more record fragments. - * A record fragment is a two-byte header followed by zero to - * 2**32-1 bytes. The header is treated as an unsigned 32 bit integer and is + * A record fragment is a four-byte header followed by zero to + * 2**31-1 bytes. The header is treated as an unsigned 32 bit integer and is * encode/decoded to the network via htonl/ntohl. The low order 31 bits * are a byte count of the fragment. The highest order bit is a boolean: * 1 => this fragment is the last fragment of the record, @@ -89,7 +89,7 @@ static struct xdr_ops xdrrec_ops = { * meet the needs of xdr and rpc based on tcp. */ -#define LAST_FRAG ((rpc_u_int32)(1 << 31)) +#define LAST_FRAG ((uint32_t)(1 << 31)) typedef struct rec_strm { caddr_t tcp_handle; @@ -101,27 +101,27 @@ typedef struct rec_strm { caddr_t out_base; /* output buffer (points to frag header) */ caddr_t out_finger; /* next output position */ caddr_t out_boundry; /* data cannot up to this address */ - rpc_u_int32 *frag_header; /* beginning of curren fragment */ + uint32_t *frag_header; /* beginning of curren fragment */ bool_t frag_sent; /* true if buffer sent in middle of record */ /* * in-coming bits */ int (*readit)(); - rpc_u_int32 in_size; /* fixed size of the input buffer */ + uint32_t in_size; /* fixed size of the input buffer */ caddr_t in_base; caddr_t in_finger; /* location of next byte to be had */ caddr_t in_boundry; /* can read up to this location */ - rpc_int32 fbtbc; /* fragment bytes to be consumed */ + int32_t fbtbc; /* fragment bytes to be consumed */ bool_t last_frag; - unsigned int sendsize; - unsigned int recvsize; + u_int sendsize; + u_int recvsize; } RECSTREAM; -static unsigned int fix_buf_size(unsigned int); +static u_int fix_buf_size(u_int); static bool_t flush_out(RECSTREAM *, bool_t); static bool_t get_input_bytes(RECSTREAM *, caddr_t, int); static bool_t set_input_fragment(RECSTREAM *); -static bool_t skip_input_bytes(RECSTREAM *, rpc_int32); +static bool_t skip_input_bytes(RECSTREAM *, int32_t); /* * Create an xdr handle for xdrrec @@ -135,8 +135,8 @@ static bool_t skip_input_bytes(RECSTREAM *, rpc_int32); void xdrrec_create(xdrs, sendsize, recvsize, tcp_handle, readit, writeit) register XDR *xdrs; - register unsigned int sendsize; - register unsigned int recvsize; + register u_int sendsize; + register u_int recvsize; caddr_t tcp_handle; int (*readit)(); /* like read, but pass it a tcp_handle, not sock */ int (*writeit)(); /* like write, but pass it a tcp_handle, not sock */ @@ -164,7 +164,7 @@ xdrrec_create(xdrs, sendsize, recvsize, tcp_handle, readit, writeit) } for (rstrm->out_base = rstrm->the_buffer; /* Pointer arithmetic - long cast allowed... */ - (unsigned long)rstrm->out_base % BYTES_PER_XDR_UNIT != 0; + (u_long)rstrm->out_base % BYTES_PER_XDR_UNIT != 0; rstrm->out_base++); rstrm->in_base = rstrm->out_base + sendsize; /* @@ -176,8 +176,8 @@ xdrrec_create(xdrs, sendsize, recvsize, tcp_handle, readit, writeit) rstrm->readit = readit; rstrm->writeit = writeit; rstrm->out_finger = rstrm->out_boundry = rstrm->out_base; - rstrm->frag_header = (rpc_u_int32 *)(void *)rstrm->out_base; - rstrm->out_finger += sizeof(rpc_u_int32); + rstrm->frag_header = (uint32_t *)(void *)rstrm->out_base; + rstrm->out_finger += BYTES_PER_XDR_UNIT; rstrm->out_boundry += sendsize; rstrm->frag_sent = FALSE; rstrm->in_size = recvsize; @@ -199,19 +199,21 @@ xdrrec_getlong(xdrs, lp) long *lp; { register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private); - register rpc_int32 *buflp = (rpc_int32 *)(void *)(rstrm->in_finger); - int mylong; + register int32_t *buflp = (int32_t *)(void *)(rstrm->in_finger); + uint32_t mylong; /* first try the inline, fast case */ - if ((rstrm->fbtbc >= sizeof(rpc_int32)) && - (((long)rstrm->in_boundry - (long)buflp) >= sizeof(rpc_int32))) { - *lp = (long)ntohl((rpc_u_int32)(*buflp)); - rstrm->fbtbc -= sizeof(rpc_int32); - rstrm->in_finger += sizeof(rpc_int32); + if ((rstrm->fbtbc >= BYTES_PER_XDR_UNIT) && + (((long)rstrm->in_boundry - (long)buflp) >= + BYTES_PER_XDR_UNIT)) { + *lp = (long)ntohl((uint32_t)(*buflp)); + rstrm->fbtbc -= BYTES_PER_XDR_UNIT; + rstrm->in_finger += BYTES_PER_XDR_UNIT; } else { - if (! xdrrec_getbytes(xdrs, (caddr_t)&mylong, sizeof(rpc_int32))) + if (! xdrrec_getbytes(xdrs, (caddr_t)&mylong, + BYTES_PER_XDR_UNIT)) return (FALSE); - *lp = (long)ntohl((unsigned int)mylong); + *lp = (long)ntohl(mylong); } return (TRUE); } @@ -222,21 +224,21 @@ xdrrec_putlong(xdrs, lp) long *lp; { register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private); - register rpc_int32 *dest_lp = ((rpc_int32 *)(void *)(rstrm->out_finger)); + register int32_t *dest_lp = ((int32_t *)(void *)(rstrm->out_finger)); - if ((rstrm->out_finger += sizeof(rpc_int32)) > rstrm->out_boundry) { + if ((rstrm->out_finger += BYTES_PER_XDR_UNIT) > rstrm->out_boundry) { /* * this case should almost never happen so the code is * inefficient */ - rstrm->out_finger -= sizeof(rpc_int32); + rstrm->out_finger -= BYTES_PER_XDR_UNIT; rstrm->frag_sent = TRUE; if (! flush_out(rstrm, FALSE)) return (FALSE); - dest_lp = ((rpc_int32 *)(void *)(rstrm->out_finger)); - rstrm->out_finger += sizeof(rpc_int32); + dest_lp = ((int32_t *)(void *)(rstrm->out_finger)); + rstrm->out_finger += BYTES_PER_XDR_UNIT; } - *dest_lp = (rpc_int32)htonl((rpc_u_int32)(*lp)); + *dest_lp = (int32_t)htonl((uint32_t)(*lp)); return (TRUE); } @@ -244,7 +246,7 @@ static bool_t /* must manage buffers, fragments, and records */ xdrrec_getbytes(xdrs, addr, len) XDR *xdrs; register caddr_t addr; - register unsigned int len; + register u_int len; { register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private); register int current; @@ -272,7 +274,7 @@ static bool_t xdrrec_putbytes(xdrs, addr, len) XDR *xdrs; register caddr_t addr; - register unsigned int len; + register u_int len; { register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private); register size_t current; @@ -294,47 +296,39 @@ xdrrec_putbytes(xdrs, addr, len) return (TRUE); } -static unsigned int +static u_int xdrrec_getpos(xdrs) register XDR *xdrs; { register RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private; register int pos; -/* 11/5/95 JRG HELP! lseek() can't take a pointer as the first arg - * This code must have always failed, and the failure let the arithmetic - * calculations proceed - */ -#ifdef __osf__ - pos = -1; -#else - pos = lseek((int)rstrm->tcp_handle, (off_t) 0, 1); -#endif - if (pos != -1) - switch (xdrs->x_op) { + switch (xdrs->x_op) { - case XDR_ENCODE: - pos += rstrm->out_finger - rstrm->out_base; - break; + case XDR_ENCODE: + pos = rstrm->out_finger - rstrm->out_base + - BYTES_PER_XDR_UNIT; + break; - case XDR_DECODE: - pos -= rstrm->in_boundry - rstrm->in_finger; - break; + case XDR_DECODE: + pos = rstrm->in_boundry - rstrm->in_finger + - BYTES_PER_XDR_UNIT; + break; - default: - pos = (unsigned int) -1; - break; - } - return ((unsigned int) pos); + default: + pos = -1; + break; + } + return ((u_int) pos); } static bool_t xdrrec_setpos(xdrs, pos) register XDR *xdrs; - unsigned int pos; + u_int pos; { register RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private; - unsigned int currpos = xdrrec_getpos(xdrs); + u_int currpos = xdrrec_getpos(xdrs); int delta = currpos - pos; caddr_t newpos; @@ -367,19 +361,19 @@ xdrrec_setpos(xdrs, pos) return (FALSE); } -static rpc_int32 * +static rpc_inline_t * xdrrec_inline(xdrs, len) register XDR *xdrs; int len; { register RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private; - rpc_int32 * buf = NULL; + rpc_inline_t * buf = NULL; switch (xdrs->x_op) { case XDR_ENCODE: if ((rstrm->out_finger + len) <= rstrm->out_boundry) { - buf = (rpc_int32 *)(void *) rstrm->out_finger; + buf = (rpc_inline_t *)(void *) rstrm->out_finger; rstrm->out_finger += len; } break; @@ -387,7 +381,7 @@ xdrrec_inline(xdrs, len) case XDR_DECODE: if ((len <= rstrm->fbtbc) && ((rstrm->in_finger + len) <= rstrm->in_boundry)) { - buf = (rpc_int32 *)(void *) rstrm->in_finger; + buf = (rpc_inline_t *)(void *) rstrm->in_finger; rstrm->fbtbc -= len; rstrm->in_finger += len; } @@ -471,19 +465,19 @@ xdrrec_endofrecord(xdrs, sendnow) bool_t sendnow; { register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private); - register rpc_u_int32 len; /* fragment length */ + register uint32_t len; /* fragment length */ if (sendnow || rstrm->frag_sent || - ((long)rstrm->out_finger + sizeof(unsigned int) >= + ((long)rstrm->out_finger + BYTES_PER_XDR_UNIT >= (long)rstrm->out_boundry)) { rstrm->frag_sent = FALSE; return (flush_out(rstrm, TRUE)); } len = (long)(rstrm->out_finger) - (long)(rstrm->frag_header) - - sizeof(unsigned int); - *(rstrm->frag_header) = htonl((unsigned int)len | LAST_FRAG); - rstrm->frag_header = (rpc_u_int32 *)(void *)rstrm->out_finger; - rstrm->out_finger += sizeof(unsigned int); + BYTES_PER_XDR_UNIT; + *(rstrm->frag_header) = htonl((uint32_t)len | LAST_FRAG); + rstrm->frag_header = (uint32_t *)(void *)rstrm->out_finger; + rstrm->out_finger += BYTES_PER_XDR_UNIT; return (TRUE); } @@ -496,17 +490,17 @@ flush_out(rstrm, eor) register RECSTREAM *rstrm; bool_t eor; { - register rpc_u_int32 eormask = (eor == TRUE) ? LAST_FRAG : 0; - register rpc_u_int32 len = (unsigned long)(rstrm->out_finger) - - (unsigned long)(rstrm->frag_header) - sizeof(rpc_u_int32); + register uint32_t eormask = (eor == TRUE) ? LAST_FRAG : 0; + register uint32_t len = (u_long)(rstrm->out_finger) - + (u_long)(rstrm->frag_header) - BYTES_PER_XDR_UNIT; *(rstrm->frag_header) = htonl(len | eormask); - len = (unsigned long)(rstrm->out_finger) - (unsigned long)(rstrm->out_base); + len = (u_long)(rstrm->out_finger) - (u_long)(rstrm->out_base); if ((*(rstrm->writeit))(rstrm->tcp_handle, rstrm->out_base, (int)len) != (int)len) return (FALSE); - rstrm->frag_header = (rpc_u_int32 *)(void *)rstrm->out_base; - rstrm->out_finger = (caddr_t)rstrm->out_base + sizeof(rpc_u_int32); + rstrm->frag_header = (uint32_t *)(void *)rstrm->out_base; + rstrm->out_finger = (caddr_t)rstrm->out_base + BYTES_PER_XDR_UNIT; return (TRUE); } @@ -515,11 +509,11 @@ fill_input_buf(rstrm) register RECSTREAM *rstrm; { register caddr_t where; - unsigned int i; + u_int i; register int len; where = rstrm->in_base; - i = (unsigned int)((unsigned long)rstrm->in_boundry % BYTES_PER_XDR_UNIT); + i = (u_int)((u_long)rstrm->in_boundry % BYTES_PER_XDR_UNIT); where += i; len = rstrm->in_size - i; if ((len = (*(rstrm->readit))(rstrm->tcp_handle, where, len)) == -1) @@ -555,11 +549,11 @@ get_input_bytes(rstrm, addr, len) return (TRUE); } -static bool_t /* next two bytes of the input stream are treated as a header */ +static bool_t /* next four bytes of input stream are treated as a header */ set_input_fragment(rstrm) register RECSTREAM *rstrm; { - rpc_u_int32 header; + uint32_t header; if (! get_input_bytes(rstrm, (caddr_t)&header, sizeof(header))) return (FALSE); @@ -572,7 +566,7 @@ set_input_fragment(rstrm) static bool_t /* consumes input bytes; knows nothing about records! */ skip_input_bytes(rstrm, cnt) register RECSTREAM *rstrm; - rpc_int32 cnt; + int32_t cnt; { register int current; @@ -591,9 +585,9 @@ skip_input_bytes(rstrm, cnt) return (TRUE); } -static unsigned int +static u_int fix_buf_size(s) - register unsigned int s; + register u_int s; { if (s < 100) diff --git a/src/lib/rpc/xdr_reference.c b/src/lib/rpc/xdr_reference.c index 56cc4425d..f8d7b20ee 100644 --- a/src/lib/rpc/xdr_reference.c +++ b/src/lib/rpc/xdr_reference.c @@ -45,7 +45,7 @@ static char sccsid[] = "@(#)xdr_reference.c 1.11 87/08/11 SMI"; #include #include -#define LASTUNSIGNED ((unsigned int)0-1) +#define LASTUNSIGNED ((u_int)0-1) /* * XDR an indirect pointer @@ -60,7 +60,7 @@ bool_t xdr_reference(xdrs, pp, size, proc) register XDR *xdrs; caddr_t *pp; /* the pointer to work on */ - unsigned int size; /* size of the object pointed to */ + u_int size; /* size of the object pointed to */ xdrproc_t proc; /* xdr routine to handle the object */ { register caddr_t loc = *pp; @@ -118,7 +118,7 @@ bool_t xdr_pointer(xdrs,objpp,obj_size,xdr_obj) register XDR *xdrs; char **objpp; - unsigned int obj_size; + u_int obj_size; xdrproc_t xdr_obj; { diff --git a/src/lib/rpc/xdr_stdio.c b/src/lib/rpc/xdr_stdio.c index 1e524ffc5..d0657d5c7 100644 --- a/src/lib/rpc/xdr_stdio.c +++ b/src/lib/rpc/xdr_stdio.c @@ -47,11 +47,11 @@ static char sccsid[] = "@(#)xdr_stdio.c 1.16 87/08/11 Copyr 1984 Sun Micro"; static bool_t xdrstdio_getlong(XDR *, long *); static bool_t xdrstdio_putlong(XDR *, long *); -static bool_t xdrstdio_getbytes(XDR *, caddr_t, unsigned int); -static bool_t xdrstdio_putbytes(XDR *, caddr_t, unsigned int); -static unsigned int xdrstdio_getpos(XDR *); -static bool_t xdrstdio_setpos(XDR *, unsigned int); -static rpc_int32 * xdrstdio_inline(XDR *, int); +static bool_t xdrstdio_getbytes(XDR *, caddr_t, u_int); +static bool_t xdrstdio_putbytes(XDR *, caddr_t, u_int); +static u_int xdrstdio_getpos(XDR *); +static bool_t xdrstdio_setpos(XDR *, u_int); +static rpc_inline_t * xdrstdio_inline(XDR *, int); static void xdrstdio_destroy(XDR *); /* @@ -104,12 +104,12 @@ xdrstdio_getlong(xdrs, lp) XDR *xdrs; register long *lp; { - rpc_int32 tmp; + uint32_t tmp; if (fread((caddr_t)&tmp, - sizeof(rpc_int32), 1, (FILE *)xdrs->x_private) != 1) + sizeof(uint32_t), 1, (FILE *)xdrs->x_private) != 1) return (FALSE); - *lp = ntohl(tmp); + *lp = (long)ntohl(tmp); return (TRUE); } @@ -119,9 +119,9 @@ xdrstdio_putlong(xdrs, lp) XDR *xdrs; long *lp; { - rpc_int32 mycopy = htonl((rpc_int32)*lp); + uint32_t mycopy = htonl((uint32_t)*lp); - if (fwrite((caddr_t)&mycopy, sizeof(rpc_int32), 1, (FILE *)xdrs->x_private) != 1) + if (fwrite((caddr_t)&mycopy, sizeof(uint32_t), 1, (FILE *)xdrs->x_private) != 1) return (FALSE); return (TRUE); } @@ -130,7 +130,7 @@ static bool_t xdrstdio_getbytes(xdrs, addr, len) XDR *xdrs; caddr_t addr; - unsigned int len; + u_int len; { if ((len != 0) && (fread(addr, (size_t)len, 1, @@ -143,7 +143,7 @@ static bool_t xdrstdio_putbytes(xdrs, addr, len) XDR *xdrs; caddr_t addr; - unsigned int len; + u_int len; { if ((len != 0) && (fwrite(addr, (size_t)len, 1, @@ -152,25 +152,25 @@ xdrstdio_putbytes(xdrs, addr, len) return (TRUE); } -static unsigned int +static u_int xdrstdio_getpos(xdrs) XDR *xdrs; { - return ((unsigned int) ftell((FILE *)xdrs->x_private)); + return ((u_int) ftell((FILE *)xdrs->x_private)); } static bool_t xdrstdio_setpos(xdrs, pos) XDR *xdrs; - unsigned int pos; + u_int pos; { return ((fseek((FILE *)xdrs->x_private, (long)pos, 0) < 0) ? FALSE : TRUE); } -static rpc_int32 * +static rpc_inline_t * xdrstdio_inline(xdrs, len) XDR *xdrs; int len;