2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A
2N/A/*
2N/A * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
2N/A * Use is subject to license terms.
2N/A */
2N/A/* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
2N/A/* All Rights Reserved */
2N/A/*
2N/A * Portions of this source code were derived from Berkeley
2N/A * 4.3 BSD under license from the Regents of the University of
2N/A * California.
2N/A */
2N/A
2N/A/*
2N/A * svcauth_des.c, server-side des authentication
2N/A *
2N/A * We insure for the service the following:
2N/A * (1) The timestamp microseconds do not exceed 1 million.
2N/A * (2) The timestamp plus the window is less than the current time.
2N/A * (3) The timestamp is not less than the one previously
2N/A * seen in the current session.
2N/A *
2N/A * It is up to the server to determine if the window size is
2N/A * too small.
2N/A *
2N/A */
2N/A
2N/A#include "mt.h"
2N/A#include "rpc_mt.h"
2N/A#include <assert.h>
2N/A#include <rpc/des_crypt.h>
2N/A#include <rpc/rpc.h>
2N/A#include <sys/types.h>
2N/A#include <sys/param.h>
2N/A#include <stdlib.h>
2N/A#include <unistd.h>
2N/A#include <string.h>
2N/A#include <strings.h>
2N/A
2N/A#include <syslog.h>
2N/A
2N/Aextern int key_decryptsession_pk(const char *, netobj *, des_block *);
2N/A
2N/A#define USEC_PER_SEC ((ulong_t)1000000L)
2N/A#define BEFORE(t1, t2) timercmp(t1, t2, < /* EMPTY */)
2N/A
2N/A
2N/A/*
2N/A * LRU cache of conversation keys and some other useful items.
2N/A */
2N/A#define DEF_AUTHDES_CACHESZ 128
2N/Aint authdes_cachesz = DEF_AUTHDES_CACHESZ;
2N/Astruct cache_entry {
2N/A des_block key; /* conversation key */
2N/A char *rname; /* client's name */
2N/A uint_t window; /* credential lifetime window */
2N/A struct timeval laststamp; /* detect replays of creds */
2N/A char *localcred; /* generic local credential */
2N/A int index; /* where are we in array? */
2N/A struct cache_entry *prev; /* prev entry on LRU list */
2N/A struct cache_entry *next; /* next entry on LRU list */
2N/A};
2N/A
2N/Astatic const char __getucredstr[] = "authdes_getucred:";
2N/A
2N/Astatic struct cache_entry *_rpc_authdes_cache; /* [authdes_cachesz] */
2N/Astatic struct cache_entry *cache_head; /* cache (in LRU order) */
2N/Astatic struct cache_entry *cache_tail; /* cache (in LRU order) */
2N/A
2N/A/*
2N/A * A rwlock_t would seem to make more sense, but it turns out we always
2N/A * muck with the cache entries, so would always need a write lock (in
2N/A * which case, we might as well use a mutex).
2N/A */
2N/Aextern mutex_t authdes_lock;
2N/A
2N/A
2N/Astatic int cache_init(void); /* initialize the cache */
2N/A /* find an entry in the cache */
2N/Astatic int cache_spot(des_block *, char *, struct timeval *);
2N/Astatic void cache_ref(uint32_t); /* note that sid was ref'd */
2N/Astatic void invalidate(char *); /* invalidate entry in cache */
2N/Astatic void __msgout(int, const char *, const char *);
2N/Astatic void __msgout2(const char *, const char *);
2N/A
2N/A/*
2N/A * cache statistics
2N/A */
2N/Astruct {
2N/A ulong_t ncachehits; /* times cache hit, and is not replay */
2N/A ulong_t ncachereplays; /* times cache hit, and is replay */
2N/A ulong_t ncachemisses; /* times cache missed */
2N/A} svcauthdes_stats;
2N/A
2N/A/*
2N/A * Service side authenticator for AUTH_DES
2N/A */
2N/Aenum auth_stat
2N/A__svcauth_des(struct svc_req *rqst, struct rpc_msg *msg)
2N/A{
2N/A int32_t *ixdr;
2N/A des_block cryptbuf[2];
2N/A struct authdes_cred *cred;
2N/A struct authdes_verf verf;
2N/A int status;
2N/A struct cache_entry *entry;
2N/A uint32_t sid;
2N/A int cache_spot_id;
2N/A des_block *sessionkey, init_sessionkey;
2N/A des_block ivec;
2N/A uint_t window;
2N/A struct timeval timestamp;
2N/A uint32_t namelen;
2N/A struct area {
2N/A struct authdes_cred area_cred;
2N/A char area_netname[MAXNETNAMELEN+1];
2N/A } *area;
2N/A int fullname_rcvd = 0;
2N/A int from_cache = 0;
2N/A
2N/A (void) mutex_lock(&authdes_lock);
2N/A if (_rpc_authdes_cache == NULL) {
2N/A int ret = cache_init();
2N/A if (ret == -1) {
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_FAILED);
2N/A }
2N/A }
2N/A (void) mutex_unlock(&authdes_lock);
2N/A
2N/A /* LINTED pointer cast */
2N/A area = (struct area *)rqst->rq_clntcred;
2N/A cred = (struct authdes_cred *)&area->area_cred;
2N/A
2N/A if ((uint_t)msg->rm_call.cb_cred.oa_length == 0)
2N/A return (AUTH_BADCRED);
2N/A /*
2N/A * Get the credential
2N/A */
2N/A /* LINTED pointer cast */
2N/A ixdr = (int32_t *)msg->rm_call.cb_cred.oa_base;
2N/A cred->adc_namekind = IXDR_GET_ENUM(ixdr, enum authdes_namekind);
2N/A switch (cred->adc_namekind) {
2N/A case ADN_FULLNAME:
2N/A namelen = IXDR_GET_U_INT32(ixdr);
2N/A if (namelen > MAXNETNAMELEN)
2N/A return (AUTH_BADCRED);
2N/A cred->adc_fullname.name = area->area_netname;
2N/A (void) memcpy(cred->adc_fullname.name, ixdr, (uint_t)namelen);
2N/A cred->adc_fullname.name[namelen] = 0;
2N/A ixdr += (RNDUP(namelen) / BYTES_PER_XDR_UNIT);
2N/A cred->adc_fullname.key.key.high = (uint32_t)*ixdr++;
2N/A cred->adc_fullname.key.key.low = (uint32_t)*ixdr++;
2N/A cred->adc_fullname.window = (uint32_t)*ixdr++;
2N/A fullname_rcvd++;
2N/A break;
2N/A case ADN_NICKNAME:
2N/A cred->adc_nickname = (uint32_t)*ixdr++;
2N/A break;
2N/A default:
2N/A return (AUTH_BADCRED);
2N/A }
2N/A
2N/A if ((uint_t)msg->rm_call.cb_verf.oa_length == 0)
2N/A return (AUTH_BADVERF);
2N/A /*
2N/A * Get the verifier
2N/A */
2N/A /* LINTED pointer cast */
2N/A ixdr = (int32_t *)msg->rm_call.cb_verf.oa_base;
2N/A verf.adv_xtimestamp.key.high = (uint32_t)*ixdr++;
2N/A verf.adv_xtimestamp.key.low = (uint32_t)*ixdr++;
2N/A verf.adv_int_u = (uint32_t)*ixdr++;
2N/A
2N/A (void) mutex_lock(&authdes_lock);
2N/A
2N/A /*
2N/A * Get the conversation key
2N/A */
2N/A if (fullname_rcvd) { /* ADN_FULLNAME */
2N/A netobj pkey;
2N/A char pkey_data[1024];
2N/A
2N/Aagain:
2N/A init_sessionkey = cred->adc_fullname.key;
2N/A sessionkey = &init_sessionkey;
2N/A
2N/A if (!__getpublickey_cached(cred->adc_fullname.name,
2N/A pkey_data, &from_cache)) {
2N/A /*
2N/A * if the user has no public key, treat him as the
2N/A * unauthenticated identity - nobody. If this
2N/A * works, it means the client didn't find the
2N/A * user's keys and used nobody's secret key
2N/A * as a backup.
2N/A */
2N/A if (!__getpublickey_cached("nobody",
2N/A pkey_data, &from_cache)) {
2N/A __msgout(LOG_INFO,
2N/A "_svcauth_des: no public key for nobody or ",
2N/A cred->adc_fullname.name);
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_BADCRED); /* no key */
2N/A }
2N/A
2N/A /*
2N/A * found a public key for nobody. change
2N/A * the fullname id to nobody, so the caller
2N/A * thinks the client specified nobody
2N/A * as the user identity.
2N/A */
2N/A (void) strcpy(cred->adc_fullname.name, "nobody");
2N/A }
2N/A pkey.n_bytes = pkey_data;
2N/A pkey.n_len = strlen(pkey_data) + 1;
2N/A if (key_decryptsession_pk(cred->adc_fullname.name, &pkey,
2N/A sessionkey) < 0) {
2N/A if (from_cache) {
2N/A __getpublickey_flush(cred->adc_fullname.name);
2N/A goto again;
2N/A }
2N/A __msgout(LOG_INFO,
2N/A "_svcauth_des: key_decryptsessionkey failed for",
2N/A cred->adc_fullname.name);
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_BADCRED); /* key not found */
2N/A }
2N/A } else { /* ADN_NICKNAME */
2N/A sid = cred->adc_nickname;
2N/A if (sid >= authdes_cachesz) {
2N/A __msgout(LOG_INFO, "_svcauth_des:", "bad nickname");
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_BADCRED); /* garbled credential */
2N/A }
2N/A /* actually check that the entry is not null */
2N/A entry = &_rpc_authdes_cache[sid];
2N/A if (entry->rname == NULL) {
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_BADCRED); /* cached out */
2N/A }
2N/A sessionkey = &_rpc_authdes_cache[sid].key;
2N/A }
2N/A
2N/A /*
2N/A * Decrypt the timestamp
2N/A */
2N/A cryptbuf[0] = verf.adv_xtimestamp;
2N/A if (fullname_rcvd) { /* ADN_FULLNAME */
2N/A cryptbuf[1].key.high = cred->adc_fullname.window;
2N/A cryptbuf[1].key.low = verf.adv_winverf;
2N/A ivec.key.high = ivec.key.low = 0;
2N/A status = cbc_crypt((char *)sessionkey, (char *)cryptbuf,
2N/A 2 * (int)sizeof (des_block), DES_DECRYPT | DES_HW,
2N/A (char *)&ivec);
2N/A } else {
2N/A status = ecb_crypt((char *)sessionkey, (char *)cryptbuf,
2N/A (int)sizeof (des_block), DES_DECRYPT | DES_HW);
2N/A }
2N/A if (DES_FAILED(status)) {
2N/A if (fullname_rcvd && from_cache) {
2N/A __getpublickey_flush(cred->adc_fullname.name);
2N/A goto again;
2N/A }
2N/A __msgout(LOG_ERR, "_svcauth_des: DES decryption failure for",
2N/A fullname_rcvd ? cred->adc_fullname.name :
2N/A _rpc_authdes_cache[sid].rname);
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_FAILED); /* system error */
2N/A }
2N/A
2N/A /*
2N/A * XDR the decrypted timestamp
2N/A */
2N/A ixdr = (int32_t *)cryptbuf;
2N/A timestamp.tv_sec = IXDR_GET_INT32(ixdr);
2N/A timestamp.tv_usec = IXDR_GET_INT32(ixdr);
2N/A
2N/A /*
2N/A * Check for valid credentials and verifiers.
2N/A * They could be invalid because the key was flushed
2N/A * out of the cache, and so a new session should begin.
2N/A * Be sure and send AUTH_REJECTED{CRED, VERF} if this is the case.
2N/A */
2N/A {
2N/A struct timeval current;
2N/A int nick;
2N/A int winverf;
2N/A
2N/A if (fullname_rcvd) {
2N/A window = IXDR_GET_U_INT32(ixdr);
2N/A winverf = IXDR_GET_U_INT32(ixdr);
2N/A if (winverf != window - 1) {
2N/A if (from_cache) {
2N/A __getpublickey_flush(
2N/A cred->adc_fullname.name);
2N/A goto again;
2N/A }
2N/A __msgout(LOG_INFO,
2N/A "_svcauth_des: corrupted window from",
2N/A cred->adc_fullname.name);
2N/A (void) mutex_unlock(&authdes_lock);
2N/A /* garbled credential or invalid secret key */
2N/A return (AUTH_BADCRED);
2N/A }
2N/A cache_spot_id = cache_spot(sessionkey,
2N/A cred->adc_fullname.name,
2N/A
2N/A &timestamp);
2N/A if (cache_spot_id < 0) {
2N/A __msgout(LOG_INFO,
2N/A "_svcauth_des: replayed credential from",
2N/A cred->adc_fullname.name);
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_REJECTEDCRED); /* replay */
2N/A } else sid = cache_spot_id;
2N/A nick = 0;
2N/A } else { /* ADN_NICKNAME */
2N/A window = _rpc_authdes_cache[sid].window;
2N/A nick = 1;
2N/A }
2N/A
2N/A if ((ulong_t)timestamp.tv_usec >= USEC_PER_SEC) {
2N/A if (fullname_rcvd && from_cache) {
2N/A __getpublickey_flush(cred->adc_fullname.name);
2N/A goto again;
2N/A }
2N/A __msgout(LOG_INFO,
2N/A "_svcauth_des: invalid timestamp received from",
2N/A fullname_rcvd ? cred->adc_fullname.name :
2N/A _rpc_authdes_cache[sid].rname);
2N/A /* cached out (bad key), or garbled verifier */
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (nick ? AUTH_REJECTEDVERF : AUTH_BADVERF);
2N/A }
2N/A if (nick && BEFORE(&timestamp,
2N/A &_rpc_authdes_cache[sid].laststamp)) {
2N/A if (fullname_rcvd && from_cache) {
2N/A __getpublickey_flush(cred->adc_fullname.name);
2N/A goto again;
2N/A }
2N/A __msgout(LOG_INFO,
2N/A "_svcauth_des: timestamp is earlier than the one previously seen from",
2N/A fullname_rcvd ? cred->adc_fullname.name :
2N/A _rpc_authdes_cache[sid].rname);
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_REJECTEDVERF); /* replay */
2N/A }
2N/A (void) gettimeofday(&current, NULL);
2N/A current.tv_sec -= window; /* allow for expiration */
2N/A if (!BEFORE(&current, &timestamp)) {
2N/A if (fullname_rcvd && from_cache) {
2N/A __getpublickey_flush(cred->adc_fullname.name);
2N/A goto again;
2N/A }
2N/A __msgout(LOG_INFO,
2N/A "_svcauth_des: timestamp expired for",
2N/A fullname_rcvd ? cred->adc_fullname.name :
2N/A _rpc_authdes_cache[sid].rname);
2N/A /* replay, or garbled credential */
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (nick ? AUTH_REJECTEDVERF : AUTH_BADCRED);
2N/A }
2N/A }
2N/A
2N/A /*
2N/A * Set up the reply verifier
2N/A */
2N/A verf.adv_nickname = sid;
2N/A
2N/A /*
2N/A * xdr the timestamp before encrypting
2N/A */
2N/A ixdr = (int32_t *)cryptbuf;
2N/A IXDR_PUT_INT32(ixdr, timestamp.tv_sec - 1);
2N/A IXDR_PUT_INT32(ixdr, timestamp.tv_usec);
2N/A
2N/A /*
2N/A * encrypt the timestamp
2N/A */
2N/A status = ecb_crypt((char *)sessionkey, (char *)cryptbuf,
2N/A (int)sizeof (des_block), DES_ENCRYPT | DES_HW);
2N/A if (DES_FAILED(status)) {
2N/A __msgout(LOG_ERR, "_svcauth_des: DES encryption failure for",
2N/A fullname_rcvd ? cred->adc_fullname.name :
2N/A _rpc_authdes_cache[sid].rname);
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_FAILED); /* system error */
2N/A }
2N/A verf.adv_xtimestamp = cryptbuf[0];
2N/A
2N/A /*
2N/A * Serialize the reply verifier, and update rqst
2N/A */
2N/A /* LINTED pointer cast */
2N/A ixdr = (int32_t *)msg->rm_call.cb_verf.oa_base;
2N/A *ixdr++ = (int32_t)verf.adv_xtimestamp.key.high;
2N/A *ixdr++ = (int32_t)verf.adv_xtimestamp.key.low;
2N/A *ixdr++ = (int32_t)verf.adv_int_u;
2N/A
2N/A rqst->rq_xprt->xp_verf.oa_flavor = AUTH_DES;
2N/A rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
2N/A rqst->rq_xprt->xp_verf.oa_length =
2N/A (char *)ixdr - msg->rm_call.cb_verf.oa_base;
2N/A if (rqst->rq_xprt->xp_verf.oa_length > MAX_AUTH_BYTES) {
2N/A __msgout(LOG_ERR,
2N/A "_svcauth_des: Authenticator length error",
2N/A fullname_rcvd ? cred->adc_fullname.name :
2N/A _rpc_authdes_cache[sid].rname);
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_REJECTEDVERF);
2N/A }
2N/A
2N/A /*
2N/A * We succeeded, commit the data to the cache now and
2N/A * finish cooking the credential.
2N/A */
2N/A entry = &_rpc_authdes_cache[sid];
2N/A entry->laststamp = timestamp;
2N/A cache_ref(sid);
2N/A if (cred->adc_namekind == ADN_FULLNAME) {
2N/A cred->adc_fullname.window = window;
2N/A cred->adc_nickname = sid; /* save nickname */
2N/A if (entry->rname != NULL)
2N/A free(entry->rname);
2N/A entry->rname = malloc(strlen(cred->adc_fullname.name) + 1);
2N/A if (entry->rname != NULL) {
2N/A (void) strcpy(entry->rname, cred->adc_fullname.name);
2N/A } else {
2N/A __msgout(LOG_CRIT, "_svcauth_des:", "out of memory");
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_FAILED);
2N/A }
2N/A entry->key = *sessionkey;
2N/A entry->window = window;
2N/A /* mark any cached cred invalid */
2N/A invalidate(entry->localcred);
2N/A } else { /* ADN_NICKNAME */
2N/A /*
2N/A * nicknames are cooked into fullnames
2N/A */
2N/A cred->adc_namekind = ADN_FULLNAME;
2N/A cred->adc_fullname.name = entry->rname;
2N/A cred->adc_fullname.key = entry->key;
2N/A cred->adc_fullname.window = entry->window;
2N/A }
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (AUTH_OK); /* we made it! */
2N/A}
2N/A
2N/A
2N/A/*
2N/A * Initialize the cache
2N/A */
2N/Astatic int
2N/Acache_init(void)
2N/A{
2N/A int i;
2N/A
2N/A/* LOCK HELD ON ENTRY: authdes_lock */
2N/A
2N/A assert(MUTEX_HELD(&authdes_lock));
2N/A _rpc_authdes_cache =
2N/A malloc(sizeof (struct cache_entry) * authdes_cachesz);
2N/A if (_rpc_authdes_cache == NULL) {
2N/A __msgout(LOG_CRIT, "cache_init:", "out of memory");
2N/A return (-1);
2N/A }
2N/A (void) memset(_rpc_authdes_cache, 0,
2N/A sizeof (struct cache_entry) * authdes_cachesz);
2N/A
2N/A /*
2N/A * Initialize the lru chain (linked-list)
2N/A */
2N/A for (i = 1; i < (authdes_cachesz - 1); i++) {
2N/A _rpc_authdes_cache[i].index = i;
2N/A _rpc_authdes_cache[i].next = &_rpc_authdes_cache[i + 1];
2N/A _rpc_authdes_cache[i].prev = &_rpc_authdes_cache[i - 1];
2N/A }
2N/A cache_head = &_rpc_authdes_cache[0];
2N/A cache_tail = &_rpc_authdes_cache[authdes_cachesz - 1];
2N/A
2N/A /*
2N/A * These elements of the chain need special attention...
2N/A */
2N/A cache_head->index = 0;
2N/A cache_tail->index = authdes_cachesz - 1;
2N/A cache_head->next = &_rpc_authdes_cache[1];
2N/A cache_head->prev = cache_tail;
2N/A cache_tail->next = cache_head;
2N/A cache_tail->prev = &_rpc_authdes_cache[authdes_cachesz - 2];
2N/A return (0);
2N/A}
2N/A
2N/A
2N/A/*
2N/A * Find the lru victim
2N/A */
2N/Astatic uint32_t
2N/Acache_victim(void)
2N/A{
2N/A/* LOCK HELD ON ENTRY: authdes_lock */
2N/A
2N/A assert(MUTEX_HELD(&authdes_lock));
2N/A return (cache_head->index); /* list in lru order */
2N/A}
2N/A
2N/A/*
2N/A * Note that sid was referenced
2N/A */
2N/Astatic void
2N/Acache_ref(uint32_t sid)
2N/A{
2N/A struct cache_entry *curr = &_rpc_authdes_cache[sid];
2N/A
2N/A
2N/A/* LOCK HELD ON ENTRY: authdes_lock */
2N/A
2N/A assert(MUTEX_HELD(&authdes_lock));
2N/A
2N/A /*
2N/A * move referenced item from its place on the LRU chain
2N/A * to the tail of the chain while checking for special
2N/A * conditions (mainly for performance).
2N/A */
2N/A if (cache_tail == curr) { /* no work to do */
2N/A /*EMPTY*/;
2N/A } else if (cache_head == curr) {
2N/A cache_head = cache_head->next;
2N/A cache_tail = curr;
2N/A } else {
2N/A (curr->next)->prev = curr->prev; /* fix thy neighbor */
2N/A (curr->prev)->next = curr->next;
2N/A curr->next = cache_head; /* fix thy self... */
2N/A curr->prev = cache_tail;
2N/A cache_head->prev = curr; /* fix the head */
2N/A cache_tail->next = curr; /* fix the tail */
2N/A cache_tail = curr; /* move the tail */
2N/A }
2N/A}
2N/A
2N/A/*
2N/A * Find a spot in the cache for a credential containing
2N/A * the items given. Return -1 if a replay is detected, otherwise
2N/A * return the spot in the cache.
2N/A */
2N/Astatic int
2N/Acache_spot(des_block *key, char *name, struct timeval *timestamp)
2N/A{
2N/A struct cache_entry *cp;
2N/A int i;
2N/A uint32_t hi;
2N/A
2N/A/* LOCK HELD ON ENTRY: authdes_lock */
2N/A
2N/A assert(MUTEX_HELD(&authdes_lock));
2N/A hi = key->key.high;
2N/A for (cp = _rpc_authdes_cache, i = 0; i < authdes_cachesz; i++, cp++) {
2N/A if (cp->key.key.high == hi &&
2N/A cp->key.key.low == key->key.low &&
2N/A cp->rname != NULL &&
2N/A memcmp(cp->rname, name, strlen(name) + 1) == 0) {
2N/A if (BEFORE(timestamp, &cp->laststamp)) {
2N/A svcauthdes_stats.ncachereplays++;
2N/A return (-1); /* replay */
2N/A }
2N/A svcauthdes_stats.ncachehits++;
2N/A return (i);
2N/A /* refresh */
2N/A }
2N/A }
2N/A svcauthdes_stats.ncachemisses++;
2N/A return (cache_victim());
2N/A}
2N/A
2N/A
2N/A/*
2N/A * Local credential handling stuff.
2N/A * NOTE: bsd unix dependent.
2N/A * Other operating systems should put something else here.
2N/A */
2N/A#define UNKNOWN -2 /* grouplen, if cached cred is unknown user */
2N/A#define INVALID -1 /* grouplen, if cache entry is invalid */
2N/A
2N/Astruct bsdcred {
2N/A uid_t uid; /* cached uid */
2N/A gid_t gid; /* cached gid */
2N/A short grouplen; /* length of cached groups */
2N/A gid_t groups[1]; /* cached groups allocate _SC_NGROUPS_MAX */
2N/A};
2N/A
2N/Astatic void
2N/Ainvalidate(char *cred)
2N/A{
2N/A if (cred == NULL)
2N/A return;
2N/A /* LINTED pointer cast */
2N/A ((struct bsdcred *)cred)->grouplen = INVALID;
2N/A}
2N/A
2N/A/*
2N/A * Map a des credential into a unix cred.
2N/A * We cache the credential here so the application does
2N/A * not have to make an rpc call every time to interpret
2N/A * the credential.
2N/A */
2N/Aint
2N/Aauthdes_getucred(const struct authdes_cred *adc, uid_t *uid, gid_t *gid,
2N/A short *grouplen, gid_t *groups)
2N/A{
2N/A uint32_t sid;
2N/A int i;
2N/A uid_t i_uid;
2N/A gid_t i_gid;
2N/A int i_grouplen;
2N/A struct bsdcred *cred;
2N/A
2N/A sid = adc->adc_nickname;
2N/A if (sid >= authdes_cachesz) {
2N/A __msgout2(__getucredstr, "invalid nickname");
2N/A return (0);
2N/A }
2N/A (void) mutex_lock(&authdes_lock);
2N/A /* LINTED pointer cast */
2N/A cred = (struct bsdcred *)_rpc_authdes_cache[sid].localcred;
2N/A if (cred == NULL) {
2N/A static size_t bsdcred_sz;
2N/A
2N/A if (bsdcred_sz == 0) {
2N/A bsdcred_sz = sizeof (struct bsdcred) +
2N/A (sysconf(_SC_NGROUPS_MAX) - 1) * sizeof (gid_t);
2N/A }
2N/A cred = malloc(bsdcred_sz);
2N/A if (cred == NULL) {
2N/A __msgout2(__getucredstr, "out of memory");
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (0);
2N/A }
2N/A _rpc_authdes_cache[sid].localcred = (char *)cred;
2N/A cred->grouplen = INVALID;
2N/A }
2N/A if (cred->grouplen == INVALID) {
2N/A /*
2N/A * not in cache: lookup
2N/A */
2N/A if (!netname2user(adc->adc_fullname.name, (uid_t *)&i_uid,
2N/A (gid_t *)&i_gid, &i_grouplen, (gid_t *)groups)) {
2N/A __msgout2(__getucredstr, "unknown netname");
2N/A /* mark as lookup up, but not found */
2N/A cred->grouplen = UNKNOWN;
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (0);
2N/A }
2N/A __msgout2(__getucredstr, "missed ucred cache");
2N/A *uid = cred->uid = i_uid;
2N/A *gid = cred->gid = i_gid;
2N/A *grouplen = cred->grouplen = i_grouplen;
2N/A for (i = i_grouplen - 1; i >= 0; i--) {
2N/A cred->groups[i] = groups[i];
2N/A }
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (1);
2N/A }
2N/A if (cred->grouplen == UNKNOWN) {
2N/A /*
2N/A * Already lookup up, but no match found
2N/A */
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (0);
2N/A }
2N/A
2N/A /*
2N/A * cached credentials
2N/A */
2N/A *uid = cred->uid;
2N/A *gid = cred->gid;
2N/A *grouplen = cred->grouplen;
2N/A for (i = cred->grouplen - 1; i >= 0; i--) {
2N/A groups[i] = cred->groups[i];
2N/A }
2N/A (void) mutex_unlock(&authdes_lock);
2N/A return (1);
2N/A}
2N/A
2N/A
2N/Astatic void
2N/A__msgout(int level, const char *str, const char *strarg)
2N/A{
2N/A (void) syslog(level, "%s %s", str, strarg);
2N/A}
2N/A
2N/A
2N/Astatic void
2N/A__msgout2(const char *str, const char *str2)
2N/A{
2N/A (void) syslog(LOG_DEBUG, "%s %s", str, str2);
2N/A}