d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
eb14f050a3
freebsd-dev/lib/libc/rpc/key_call.c

462 lines
12 KiB
C
Raw Normal View History

Replace Sun RPC license in TI-RPC library with a 3-clause BSD license, with the explicit permission of Sun Microsystems in 2009.
2013-11-25 19:04:36 +00:00
/*-
General further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
2017-11-20 19:49:47 +00:00
* SPDX-License-Identifier: BSD-3-Clause
*
Replace Sun RPC license in TI-RPC library with a 3-clause BSD license, with the explicit permission of Sun Microsystems in 2009.
2013-11-25 19:04:36 +00:00
* Copyright (c) 2009, Sun Microsystems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* - Neither the name of Sun Microsystems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
*
Replace Sun RPC license in TI-RPC library with a 3-clause BSD license, with the explicit permission of Sun Microsystems in 2009.
2013-11-25 19:04:36 +00:00
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
*/
/*
* Copyright (c) 1986-1991 by Sun Microsystems Inc.
*/
#ident "@(#)key_call.c 1.25 94/04/24 SMI"
Fix the style of the SCM ID's. I believe have made all of libc .c's as consistent as possible.
2002-03-22 23:18:37 +00:00
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
Fix rcsid/$FreeBSD$. Reduce diff from what I think is the original sources.
2001-03-24 00:22:13 +00:00
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
/*
* key_call.c, Interface to keyserver
*
* setsecretkey(key) - set your secret key
* encryptsessionkey(agent, deskey) - encrypt a session key to talk to agent
* decryptsessionkey(agent, deskey) - decrypt ditto
* gendeskey(deskey) - generate a secure des key
*/
Remove _THREAD_SAFE and make libc thread-safe by default by adding (weak definitions to) stubs for some of the pthread functions. If the threads library is linked in, the real pthread functions will pulled in. Use the following convention for system calls wrapped by the threads library: __sys_foo - actual system call _foo - weak definition to __sys_foo foo - weak definition to __sys_foo Change all libc uses of system calls wrapped by the threads library from foo to _foo. In order to define the prototypes for _foo(), we introduce namespace.h and un-namespace.h (suggested by bde). All files that need to reference these system calls, should include namespace.h before any standard includes, then include un-namespace.h after the standard includes and before any local includes. <db.h> is an exception and shouldn't be included in between namespace.h and un-namespace.h namespace.h will define foo to _foo, and un-namespace.h will undefine foo. Try to eliminate some of the recursive calls to MT-safe functions in libc/stdio in preparation for adding a mutex to FILE. We have recursive mutexes, but would like to avoid using them if possible. Remove uneeded includes of <errno.h> from a few files. Add $FreeBSD$ to a few files in order to pass commitprep. Approved by: -arch
2001-01-24 13:01:12 +00:00
#include "namespace.h"
Move the #includes of reentrant.h to after the `#include "namespace.h"', so that the underscored versions of the pthread functions get declared. This removes around 300 lines of 'implicit declaration of XXX' warnings from the output of a libc build with -Wall. Reviewed by: Martin Blapp <mb@imp.ch>, alfred
2001-04-02 21:41:44 +00:00
#include "reentrant.h"
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <rpc/rpc.h>
#include <rpc/auth.h>
#include <rpc/auth_unix.h>
#include <rpc/key_prot.h>
#include <string.h>
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
#include <netconfig.h>
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
#include <sys/utsname.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/wait.h>
#include <sys/fcntl.h>
Remove _THREAD_SAFE and make libc thread-safe by default by adding (weak definitions to) stubs for some of the pthread functions. If the threads library is linked in, the real pthread functions will pulled in. Use the following convention for system calls wrapped by the threads library: __sys_foo - actual system call _foo - weak definition to __sys_foo foo - weak definition to __sys_foo Change all libc uses of system calls wrapped by the threads library from foo to _foo. In order to define the prototypes for _foo(), we introduce namespace.h and un-namespace.h (suggested by bde). All files that need to reference these system calls, should include namespace.h before any standard includes, then include un-namespace.h after the standard includes and before any local includes. <db.h> is an exception and shouldn't be included in between namespace.h and un-namespace.h namespace.h will define foo to _foo, and un-namespace.h will undefine foo. Try to eliminate some of the recursive calls to MT-safe functions in libc/stdio in preparation for adding a mutex to FILE. We have recursive mutexes, but would like to avoid using them if possible. Remove uneeded includes of <errno.h> from a few files. Add $FreeBSD$ to a few files in order to pass commitprep. Approved by: -arch
2001-01-24 13:01:12 +00:00
#include "un-namespace.h"
Staticize a couple of functions. Remove a few unused locks. Remove locks from application namespace.
2006-02-27 22:10:59 +00:00
#include "mt_misc.h"
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
#define KEY_TIMEOUT 5 /* per-try timeout in seconds */
#define KEY_NRETRY 12 /* number of retries */
#ifdef DEBUG
#define debug(msg) (void) fprintf(stderr, "%s\n", msg);
#else
#define debug(msg)
#endif /* DEBUG */
/*
* Hack to allow the keyserver to use AUTH_DES (for authenticated
* NIS+ calls, for example). The only functions that get called
* are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
*
* The approach is to have the keyserver fill in pointers to local
* implementations of these functions, and to call those in key_call().
*/
Use proper function prototypes. Eliminates -Wstrict-prototypes warning
2015-10-07 19:55:58 +00:00
cryptkeyres *(*__key_encryptsession_pk_LOCAL)(uid_t, void *arg) = 0;
cryptkeyres *(*__key_decryptsession_pk_LOCAL)(uid_t, void *arg) = 0;
des_block *(*__key_gendes_LOCAL)(uid_t, void *) = 0;
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
static int key_call( u_long, xdrproc_t, void *, xdrproc_t, void *);
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
int
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
key_setsecret(const char *secretkey)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
keystatus status;
Cast function args to silence warning. Submitted by: mbr
2002-07-14 23:20:08 +00:00
if (!key_call((u_long) KEY_SET, (xdrproc_t)xdr_keybuf,
(void *)secretkey,
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
(xdrproc_t)xdr_keystatus, &status)) {
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
return (-1);
}
if (status != KEY_SUCCESS) {
debug("set status is nonzero");
return (-1);
}
return (0);
}
/* key_secretkey_is_set() returns 1 if the keyserver has a secret key
* stored for the caller's effective uid; it returns 0 otherwise
*
* N.B.: The KEY_NET_GET key call is undocumented. Applications shouldn't
* be using it, because it allows them to get the user's secret key.
*/
int
key_secretkey_is_set(void)
{
struct key_netstres kres;
memset((void*)&kres, 0, sizeof (kres));
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
if (key_call((u_long) KEY_NET_GET, (xdrproc_t)xdr_void, NULL,
(xdrproc_t)xdr_key_netstres, &kres) &&
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
(kres.status == KEY_SUCCESS) &&
(kres.key_netstres_u.knet.st_priv_key[0] != 0)) {
/* avoid leaving secret key in memory */
memset(kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
return (1);
}
return (0);
}
int
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
key_encryptsession_pk(char *remotename, netobj *remotekey, des_block *deskey)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
cryptkeyarg2 arg;
cryptkeyres res;
arg.remotename = remotename;
arg.remotekey = *remotekey;
arg.deskey = *deskey;
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
if (!key_call((u_long)KEY_ENCRYPT_PK, (xdrproc_t)xdr_cryptkeyarg2, &arg,
(xdrproc_t)xdr_cryptkeyres, &res)) {
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
return (-1);
}
if (res.status != KEY_SUCCESS) {
debug("encrypt status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
int
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
key_decryptsession_pk(char *remotename, netobj *remotekey, des_block *deskey)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
cryptkeyarg2 arg;
cryptkeyres res;
arg.remotename = remotename;
arg.remotekey = *remotekey;
arg.deskey = *deskey;
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
if (!key_call((u_long)KEY_DECRYPT_PK, (xdrproc_t)xdr_cryptkeyarg2, &arg,
(xdrproc_t)xdr_cryptkeyres, &res)) {
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
return (-1);
}
if (res.status != KEY_SUCCESS) {
debug("decrypt status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
int
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
key_encryptsession(const char *remotename, des_block *deskey)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
cryptkeyarg arg;
cryptkeyres res;
arg.remotename = (char *) remotename;
arg.deskey = *deskey;
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
if (!key_call((u_long)KEY_ENCRYPT, (xdrproc_t)xdr_cryptkeyarg, &arg,
(xdrproc_t)xdr_cryptkeyres, &res)) {
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
return (-1);
}
if (res.status != KEY_SUCCESS) {
debug("encrypt status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
int
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
key_decryptsession(const char *remotename, des_block *deskey)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
cryptkeyarg arg;
cryptkeyres res;
arg.remotename = (char *) remotename;
arg.deskey = *deskey;
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
if (!key_call((u_long)KEY_DECRYPT, (xdrproc_t)xdr_cryptkeyarg, &arg,
(xdrproc_t)xdr_cryptkeyres, &res)) {
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
return (-1);
}
if (res.status != KEY_SUCCESS) {
debug("decrypt status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
int
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
key_gendes(des_block *key)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
if (!key_call((u_long)KEY_GEN, (xdrproc_t)xdr_void, NULL,
(xdrproc_t)xdr_des_block, key)) {
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
return (-1);
}
return (0);
}
int
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
key_setnet(struct key_netstarg *arg)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
keystatus status;
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
if (!key_call((u_long) KEY_NET_PUT, (xdrproc_t)xdr_key_netstarg, arg,
(xdrproc_t)xdr_keystatus, &status)){
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
return (-1);
}
if (status != KEY_SUCCESS) {
debug("key_setnet status is nonzero");
return (-1);
}
return (1);
}
int
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
key_get_conv(char *pkey, des_block *deskey)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
cryptkeyres res;
Spell void * as void * rather than caddr_t. This is complicated by the fact that caddr_t is often misspelled as char *. Sponsored by: DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
if (!key_call((u_long) KEY_GET_CONV, (xdrproc_t)xdr_keybuf, pkey,
(xdrproc_t)xdr_cryptkeyres, &res)) {
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
return (-1);
}
if (res.status != KEY_SUCCESS) {
debug("get_conv status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
struct key_call_private {
CLIENT *client; /* Client handle */
pid_t pid; /* process-id at moment of creation */
uid_t uid; /* user-id at last authorization */
};
static struct key_call_private *key_call_private_main = NULL;
Use thr_once() with once_t controls to initialize various thread_key_t objects used to provide per-thread storage in the RPC code. Almost all of these used double-checking with a dedicated mutex (tsd_lock) to do this before. However, that is not always safe with more relaxed memory orders. There were also other bugs, such as one in __rpc_createrr() that caused a new key to be allocated each time __rpc_createrr() was invoked. PR: threads/144558 Reported by: Sam Robb samrobb of averesystems com (key leak) MFC after: 1 week
2010-03-10 13:23:25 +00:00
static thread_key_t key_call_key;
static once_t key_call_once = ONCE_INITIALIZER;
static int key_call_key_error;
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
static void
key_call_destroy(void *vp)
{
Remove 'register' keyword.
2002-03-21 18:49:23 +00:00
struct key_call_private *kcp = (struct key_call_private *)vp;
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
if (kcp) {
if (kcp->client)
clnt_destroy(kcp->client);
free(kcp);
}
}
Use thr_once() with once_t controls to initialize various thread_key_t objects used to provide per-thread storage in the RPC code. Almost all of these used double-checking with a dedicated mutex (tsd_lock) to do this before. However, that is not always safe with more relaxed memory orders. There were also other bugs, such as one in __rpc_createrr() that caused a new key to be allocated each time __rpc_createrr() was invoked. PR: threads/144558 Reported by: Sam Robb samrobb of averesystems com (key leak) MFC after: 1 week
2010-03-10 13:23:25 +00:00
static void
key_call_init(void)
{
key_call_key_error = thr_keycreate(&key_call_key, key_call_destroy);
}
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
/*
* Keep the handle cached. This call may be made quite often.
*/
static CLIENT *
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
getkeyserv_handle(int vers)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
void *localhandle;
struct netconfig *nconf;
struct netconfig *tpconf;
Eliminate more dead stores. Found by: Clang static analyzer MFC after: 7 days
2009-11-25 04:45:45 +00:00
struct key_call_private *kcp;
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
struct timeval wait_time;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
struct utsname u;
int main_thread;
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
int fd;
#define TOTAL_TIMEOUT 30 /* total timeout talking to keyserver */
#define TOTAL_TRIES 5 /* Number of tries */
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if ((main_thread = thr_main())) {
kcp = key_call_private_main;
} else {
Use thr_once() with once_t controls to initialize various thread_key_t objects used to provide per-thread storage in the RPC code. Almost all of these used double-checking with a dedicated mutex (tsd_lock) to do this before. However, that is not always safe with more relaxed memory orders. There were also other bugs, such as one in __rpc_createrr() that caused a new key to be allocated each time __rpc_createrr() was invoked. PR: threads/144558 Reported by: Sam Robb samrobb of averesystems com (key leak) MFC after: 1 week
2010-03-10 13:23:25 +00:00
if (thr_once(&key_call_once, key_call_init) != 0 ||
key_call_key_error != 0)
return ((CLIENT *) NULL);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
kcp = (struct key_call_private *)thr_getspecific(key_call_key);
}
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
if (kcp == (struct key_call_private *)NULL) {
kcp = (struct key_call_private *)malloc(sizeof (*kcp));
if (kcp == (struct key_call_private *)NULL) {
return ((CLIENT *) NULL);
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (main_thread)
key_call_private_main = kcp;
else
thr_setspecific(key_call_key, (void *) kcp);
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
kcp->client = NULL;
}
/* if pid has changed, destroy client and rebuild */
if (kcp->client != NULL && kcp->pid != getpid()) {
clnt_destroy(kcp->client);
kcp->client = NULL;
}
if (kcp->client != NULL) {
/* if uid has changed, build client handle again */
if (kcp->uid != geteuid()) {
kcp->uid = geteuid();
auth_destroy(kcp->client->cl_auth);
kcp->client->cl_auth =
authsys_create("", kcp->uid, 0, 0, NULL);
if (kcp->client->cl_auth == NULL) {
clnt_destroy(kcp->client);
kcp->client = NULL;
return ((CLIENT *) NULL);
}
}
/* Change the version number to the new one */
clnt_control(kcp->client, CLSET_VERS, (void *)&vers);
return (kcp->client);
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (!(localhandle = setnetconfig())) {
return ((CLIENT *) NULL);
}
tpconf = NULL;
Fix rcsid/$FreeBSD$. Reduce diff from what I think is the original sources.
2001-03-24 00:22:13 +00:00
#if defined(__FreeBSD__)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (uname(&u) == -1)
Fix rcsid/$FreeBSD$. Reduce diff from what I think is the original sources.
2001-03-24 00:22:13 +00:00
#else
#if defined(i386)
if (_nuname(&u) == -1)
#elif defined(sparc)
if (_uname(&u) == -1)
#else
#error Unknown architecture!
#endif
#endif
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
{
endnetconfig(localhandle);
return ((CLIENT *) NULL);
}
Fix cc -Wall, fix rcsid warnings, add missing prototypes, change prototypes to be the same as in the original sun tirpc code. Remove ()P macro in a file where the mayority had ()P already removed. Add them if the mayority use ()P macros. Submitted by: mbr Requested by: bde
2002-02-05 23:43:43 +00:00
while ((nconf = getnetconfig(localhandle)) != NULL) {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) {
/*
* We use COTS_ORD here so that the caller can
* find out immediately if the server is dead.
*/
if (nconf->nc_semantics == NC_TPI_COTS_ORD) {
kcp->client = clnt_tp_create(u.nodename,
KEY_PROG, vers, nconf);
if (kcp->client)
break;
} else {
tpconf = nconf;
}
}
}
if ((kcp->client == (CLIENT *) NULL) && (tpconf))
/* Now, try the CLTS or COTS loopback transport */
kcp->client = clnt_tp_create(u.nodename,
KEY_PROG, vers, tpconf);
endnetconfig(localhandle);
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
if (kcp->client == (CLIENT *) NULL) {
return ((CLIENT *) NULL);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
kcp->uid = geteuid();
kcp->pid = getpid();
kcp->client->cl_auth = authsys_create("", kcp->uid, 0, 0, NULL);
if (kcp->client->cl_auth == NULL) {
clnt_destroy(kcp->client);
kcp->client = NULL;
return ((CLIENT *) NULL);
}
wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
wait_time.tv_usec = 0;
(void) clnt_control(kcp->client, CLSET_RETRY_TIMEOUT,
(char *)&wait_time);
if (clnt_control(kcp->client, CLGET_FD, (char *)&fd))
Simplify sytem call renaming. Instead of _foo() <-- _libc_foo <-- foo(), just use _foo() <-- foo(). In the case of a libpthread that doesn't do call conversion (such as linuxthreads and our upcoming libpthread), this is adequate. In the case of libc_r, we still need three names, which are now _thread_sys_foo() <-- _foo() <-- foo(). Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(), nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo(). Remove all internal libc usage of: creat(), pause(), sleep(), system(), tcdrain(), wait(), and waitpid(). Make thread cancellation fully POSIX-compliant. Suggested by: deischen
2000-01-27 23:07:25 +00:00
_fcntl(fd, F_SETFD, 1); /* make it "close on exec" */
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
return (kcp->client);
}
/* returns 0 on failure, 1 on success */
static int
Use ANSI C prototypes. Eliminates gcc 4.9 warnings.
2015-09-01 02:39:07 +00:00
key_call(u_long proc, xdrproc_t xdr_arg, void *arg, xdrproc_t xdr_rslt,
void *rslt)
Now the biggest step: import the changes to the main RPC code. Note: you'll need to rinstalkl all your includes before compiling libc the next time you update your sources in order for all this to work. Reviewed by: Mark Murray
1997-05-28 05:00:11 +00:00
{
CLIENT *clnt;
struct timeval wait_time;
if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL) {
cryptkeyres *res;
res = (*__key_encryptsession_pk_LOCAL)(geteuid(), arg);
*(cryptkeyres*)rslt = *res;
return (1);
} else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL) {
cryptkeyres *res;
res = (*__key_decryptsession_pk_LOCAL)(geteuid(), arg);
*(cryptkeyres*)rslt = *res;
return (1);
} else if (proc == KEY_GEN && __key_gendes_LOCAL) {
des_block *res;
res = (*__key_gendes_LOCAL)(geteuid(), 0);
*(des_block*)rslt = *res;
return (1);
}
if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
(proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
(proc == KEY_GET_CONV))
clnt = getkeyserv_handle(2); /* talk to version 2 */
else
clnt = getkeyserv_handle(1); /* talk to version 1 */
if (clnt == NULL) {
return (0);
}
wait_time.tv_sec = TOTAL_TIMEOUT;
wait_time.tv_usec = 0;
if (clnt_call(clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
wait_time) == RPC_SUCCESS) {
return (1);
} else {
return (0);
}
}
Reference in New Issue Copy Permalink