![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to svc_auth_unix.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDTahoe / new / sunrpc|
Return to svc_auth_unix.c CVS log | Up to [CSRG BSD Unix] / 43BSDTahoe / new / sunrpc |
1.1 root 1: /*
2: * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3: * unrestricted use provided that this legend is included on all tape
4: * media and as a part of the software program in whole or part. Users
5: * may copy or modify Sun RPC without charge, but are not authorized
6: * to license or distribute it to anyone else except as part of a product or
7: * program developed by the user.
8: *
9: * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
10: * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
11: * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
12: *
13: * Sun RPC is provided with no support and without any obligation on the
14: * part of Sun Microsystems, Inc. to assist in its use, correction,
15: * modification or enhancement.
16: *
17: * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
18: * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
19: * OR ANY PART THEREOF.
20: *
21: * In no event will Sun Microsystems, Inc. be liable for any lost revenue
22: * or profits or other special, indirect and consequential damages, even if
23: * Sun has been advised of the possibility of such damages.
24: *
25: * Sun Microsystems, Inc.
26: * 2550 Garcia Avenue
27: * Mountain View, California 94043
28: */
29: #ifndef lint
30: static char sccsid[] = "@(#)svc_auth_unix.c 1.4 85/03/14 Copyr 1984 Sun Micro";
31: #endif
32:
33: /*
34: * svc_auth_unix.c
35: * Handles UNIX flavor authentication parameters on the service side of rpc.
36: * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT.
37: * _svcauth_unix does full blown unix style uid,gid+gids auth,
38: * _svcauth_short uses a shorthand auth to index into a cache of longhand auths.
39: *
40: * Copyright (C) 1984, Sun Microsystems, Inc.
41: */
42:
43: #include <stdio.h>
44: #include "types.h"
45: #include <sys/time.h>
46: #include <netinet/in.h>
47: #include "xdr.h"
48: #include "auth.h"
49: #include "clnt.h"
50: #include "rpc_msg.h"
51: #include "svc.h"
52: #include "auth_unix.h"
53: #include "svc_auth.h"
54: char *mem_alloc();
55:
56: #define SHORT_VERF_SIZE (3 * BYTES_PER_XDR_UNIT)
57: #define CACHE_SIZE 16
58:
59: static struct cache_entry {
60: u_long sh; /* short hand value */
61: #define SHORT_CRED_SIZE (sizeof (u_long))
62: short cred_len; /* byte length of opaque credential */
63: caddr_t cred_base; /* the opaque credential body */
64: struct authunix_parms aup; /* cooked, deserialized credentials */
65: } cache[CACHE_SIZE];
66:
67: static short cacheindex[CACHE_SIZE];
68:
69: /*
70: * Cache handling macros
71: */
72: #define valid_aup(aup) (TRUE)
73: #define nexti(i) ((i == CACHE_SIZE-1) ? 0 : i+1)
74: #define previ(i) ((i == 0) ? CACHE_SIZE-1 : i-1)
75: #define cache_hit(c, d) \
76: ( hits++, d=cnt-c, depth += d, maxdepth = (d > maxdepth) ? d: maxdepth )
77:
78: /*
79: * Cache handling routines
80: */
81: static short find_short_hand();
82: static short find_long_hand();
83:
84: /*
85: * Cache variables
86: */
87: static short head, maxdepth; /* values from 0 to CACHE_SIZE-1, inclusive */
88: static short cnt; /* values from 0 to CACHE_SIZE, inclusive */
89: static u_long additions, deletions, queries, hits, depth;
90: static struct timeval last_time;
91: static inited = 0; /* stupid kludge to be sure init gets called */
92:
93:
94: /*
95: * Unix longhand authenticator
96: */
97: enum auth_stat
98: _svcauth_unix(rqst, msg)
99: register struct svc_req *rqst;
100: register struct rpc_msg *msg;
101: {
102: register short i = -1;
103: register int len = msg->rm_call.cb_cred.oa_length;
104: register caddr_t base = msg->rm_call.cb_cred.oa_base;
105: register enum auth_stat stat = AUTH_OK;
106: XDR xdrs;
107: struct authunix_parms aup;
108: struct opaque_auth short_cred;
109:
110: if (!inited) {
111: svcauth_unix_init();
112: }
113: while ((i = find_long_hand(base, len)) < 0) {
114: /* deserialize credentials */
115: aup.aup_machname = NULL;
116: aup.aup_gids = (int *)NULL;
117: xdrmem_create(&xdrs, base, (u_int)len, XDR_DECODE);
118: if (! (xdr_authunix_parms(&xdrs, &aup) && valid_aup(&aup))) {
119: xdrs.x_op = XDR_FREE;
120: (void)xdr_authunix_parms(&xdrs, &aup);
121: stat = AUTH_BADCRED;
122: goto done;
123: }
124: /* now make a new cache entry for this credential */
125: cache_new_user(base, len, &aup);
126: }
127: rqst->rq_clntcred = (caddr_t)&(cache[i].aup);
128: /* now build a verifier that suggests using the short hand credential */
129: short_cred.oa_flavor = AUTH_SHORT;
130: short_cred.oa_length = SHORT_CRED_SIZE;
131: short_cred.oa_base = (caddr_t)&(cache[i].sh);
132: /* the short hand cred get serialized into a verifier */
133: xdrmem_create(&xdrs, rqst->rq_xprt->xp_verf.oa_base,
134: SHORT_VERF_SIZE, XDR_ENCODE);
135: if (! xdr_opaque_auth(&xdrs, &short_cred)) {
136: stat = AUTH_BADCRED;
137: goto done;
138: }
139: rqst->rq_xprt->xp_verf.oa_length = XDR_GETPOS(&xdrs);
140: rqst->rq_xprt->xp_verf.oa_flavor = AUTH_SHORT;
141: done:
142: XDR_DESTROY(&xdrs);
143: return (stat);
144: }
145:
146:
147: /*
148: * Shorthand unix authenticator
149: * Looks up longhand in a cache.
150: */
151: enum auth_stat
152: _svcauth_short(rqst, msg)
153: struct svc_req *rqst;
154: struct rpc_msg *msg;
155: {
156: short i;
157:
158: if (!inited) {
159: svcauth_unix_init();
160: }
161: if (msg->rm_call.cb_cred.oa_length != SHORT_CRED_SIZE)
162: return (AUTH_BADCRED);
163: if ((i = find_short_hand(*(u_long *)msg->rm_call.cb_cred.oa_base)) < 0)
164: return (AUTH_REJECTEDCRED);
165: rqst->rq_clntcred = (caddr_t)&(cache[i].aup);
166: return (AUTH_OK);
167: }
168:
169:
170: /*
171: * returns cache index or -1 if sh not in the cache
172: */
173: static short
174: find_short_hand(sh)
175: register u_long sh; /* short hand value */
176: {
177: /* declared in order of importance */
178: register short entry, i, c, p;
179:
180: queries++;
181: for (c = cnt, i = head; c > 0; --c, i = nexti(i)) {
182:
183: entry = cacheindex[i];
184: if (sh == cache[entry].sh) {
185: /* cache hit! Now buble swap i up one notch */
186: cache_hit(c, p); /* used for accounting only */
187: if (i != head) {
188: /* c acts as the temporary variable */
189: p = previ(i);
190: c = cacheindex[p];
191: cacheindex[p] = entry; /* gets cacheindex[i] */
192: cacheindex[i] = c;
193: }
194: return (entry);
195: } /* end of successful cache hit */
196: }
197: return (-1);
198: }
199:
200: /*
201: * returns cache index or -1 if cred not in the cache
202: */
203: static short
204: find_long_hand(cred_base, len)
205: register caddr_t cred_base;
206: register int len;
207: {
208: /* declared in order of importance */
209: register short entry, i, c, p;
210:
211: queries++;
212: for (c = cnt, i = head; c > 0; --c, i = nexti(i)) {
213:
214: entry = cacheindex[i];
215: if ((cache[entry].cred_len == len) &&
216: (bcmp(cache[entry].cred_base, cred_base, len) == 0)) {
217: /* cache hit! Now buble swap i up one notch */
218: cache_hit(c, p); /* used for accounting only */
219: if (i != head) {
220: /* c acts as the temporary variable */
221: p = previ(i);
222: c = cacheindex[p];
223: cacheindex[p] = entry; /* gets cacheindex[i] */
224: cacheindex[i] = c;
225: }
226: return (entry);
227: } /* end of successful cache hit */
228: }
229: return (-1);
230: }
231:
232: /*
233: * Place a new entry at the HEAD of the cache. This means moving the
234: * heap index back one and possibly flushing the oldest entry from the cache.
235: */
236: static
237: cache_new_user(base, len, aup)
238: caddr_t base;
239: int len;
240: struct authunix_parms *aup;
241: {
242: register short entry;
243: struct timeval now;
244:
245: head = previ(head);
246: entry = cacheindex[head];
247: if (cnt == CACHE_SIZE) { /* full cache, delete lru entry */
248: XDR xdrs;
249:
250: xdrs.x_op = XDR_FREE;
251: deletions++;
252: if (cache[entry].cred_base != NULL) {
253: mem_free(cache[entry].cred_base,
254: cache[entry].cred_len);
255: cache[entry].cred_base = NULL;
256: }
257: (void)xdr_authunix_parms(&xdrs, &cache[entry].aup);
258: } else {
259: cnt++;
260: }
261: /* now add current entry, raw cred must be copied */
262: additions++;
263: cache[entry].aup = *aup;
264: cache[entry].cred_len = len;
265: if ((cache[entry].cred_base = (char *)mem_alloc(len)) == NULL) {
266: fprintf(stderr, "cache_new_user: out of memory\n");
267: additions--;
268: return;
269: }
270: bcopy(base, cache[entry].cred_base, (u_int)len);
271: /* finally compute a new, unique short hand value */
272: cache[entry].sh = ++ last_time.tv_sec;
273: /* don't let real time get ahead of last_time */
274: while (TRUE) {
275: (void)gettimeofday(&now, (struct timezone *)0);
276: if (((long int)now.tv_sec - (long int)last_time.tv_sec) > 0)
277: break;
278: sleep(1);
279: }
280: }
281:
282: /*
283: * Initialize the shorthand cache.
284: * Must be called before unix auth can be used!
285: */
286: static svcauth_unix_init()
287: {
288: register short i;
289:
290: inited++;
291: (void)gettimeofday(&last_time, (struct timezone *)0);
292: for (i = 0; i < CACHE_SIZE; ++i) {
293: cacheindex[i] = i;
294: }
295: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.