/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
#include <afsconfig.h>
#include "afs/param.h"
-RCSID
- ("$Header$");
#include "afs/sysincludes.h" /* Standard vendor system headers */
#include "afsincludes.h" /* Afs-based standard headers */
/* Imported variables */
-extern int afs_shuttingdown;
+extern enum afs_shutdown_state afs_shuttingdown;
/* Exported variables */
afs_uint32 pag_epoch;
-#if defined(UKERNEL) && defined(AFS_WEB_ENHANCEMENTS)
+#if defined(UKERNEL)
afs_uint32 pagCounter = 1;
#else
afs_uint32 pagCounter = 0;
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
-
-/* Local variables */
+#endif /* UKERNEL */
/*
* Pags are implemented as follows: the set of groups whose long
* anyway, so the pag is an alternative handle which is somewhat more
* secure (although of course not absolutely secure).
*/
-#if !defined(UKERNEL) || !defined(AFS_WEB_ENHANCEMENTS)
+#if !defined(UKERNEL)
afs_uint32
genpag(void)
{
return (pagCounter);
#endif
}
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+#endif /* UKERNEL */
/* used to require 10 seconds between each setpag to guarantee that
* PAGs never wrap - which would be a security hole. If we presume
*/
static int afs_pag_sleepcnt = 0;
+static int afs_pag_timewarn = 0;
-static int
-afs_pag_sleep(struct AFS_UCRED **acred)
+static int
+afs_pag_sleep(afs_ucred_t *acred)
{
- int rv = 0;
- if(!afs_suser(acred)) {
- if(osi_Time() - pag_epoch < pagCounter) {
- rv = 1;
+ int rv = 0;
+
+ if (!afs_suser(acred)) {
+ if(osi_Time() - pag_epoch < pagCounter) {
+ rv = 1;
+ }
+ if (rv && (osi_Time() < pag_epoch)) {
+ if (!afs_pag_timewarn) {
+ afs_pag_timewarn = 1;
+ afs_warn("clock went backwards, not PAG throttling");
+ }
+ rv = 0;
+ }
}
- }
- return rv;
+ return rv;
}
-static int
-afs_pag_wait(struct AFS_UCRED **acred)
+static int
+afs_pag_wait(afs_ucred_t *acred)
{
- if(afs_pag_sleep(acred)) {
- if(!afs_pag_sleepcnt) {
- printf("%s() PAG throttling triggered, pid %d... sleeping. sleepcnt %d\n",
- "afs_pag_wait", getpid(), afs_pag_sleepcnt);
+ int code = 0;
+
+ if (afs_pag_sleep(acred)) {
+ if (!afs_pag_sleepcnt) {
+ afs_warn("%s() PAG throttling triggered, pid %d... sleeping. sleepcnt %d\n",
+ "afs_pag_wait", osi_getpid(), afs_pag_sleepcnt);
+ }
+
+ afs_pag_sleepcnt++;
+
+ do {
+ code = afs_osi_Wait(1000, (struct afs_osi_WaitHandle *)0, 0);
+ } while (!code && afs_pag_sleep(acred));
+
+ afs_pag_sleepcnt--;
}
-
- afs_pag_sleepcnt++;
-
- do {
- /* XXX spins on EINTR */
- afs_osi_Wait(1000, (struct afs_osi_WaitHandle *)0, 0);
- } while(afs_pag_sleep(acred));
-
- afs_pag_sleepcnt--;
- }
-
- return 0;
+
+ return code;
}
int
#if defined(AFS_SUN5_ENV)
-afs_setpag(struct AFS_UCRED **credpp)
-#elif defined(AFS_OSF_ENV) || defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
-afs_setpag(struct proc *p, void *args, int *retval)
+afs_setpag(afs_ucred_t **credpp)
+#elif defined(AFS_FBSD_ENV)
+afs_setpag(struct thread *td, void *args)
+#elif defined(AFS_NBSD_ENV)
+afs_setpag(afs_proc_t *p, const void *args, register_t *retval)
+#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
+afs_setpag(afs_proc_t *p, void *args, int *retval)
#else
afs_setpag(void)
#endif
{
#if defined(AFS_SUN5_ENV)
- struct AFS_UCRED **acred = *credpp;
+ afs_ucred_t *acred = *credpp;
#elif defined(AFS_OBSD_ENV)
- struct AFS_UCRED **acred = &p->p_ucred;
+ afs_ucred_t *acred = p->p_ucred;
#else
- struct AFS_UCRED **acred = NULL;
+ afs_ucred_t *acred = NULL;
#endif
int code = 0;
AFS_STATCNT(afs_setpag);
- afs_pag_wait(acred);
+ code = afs_pag_wait(acred);
+ if (code) {
+ goto done;
+ }
#if defined(AFS_SUN5_ENV)
code = AddPag(genpag(), credpp);
-#elif defined(AFS_OSF_ENV) || defined(AFS_XBSD_ENV)
+#elif defined(AFS_FBSD_ENV)
+ code = AddPag(td, genpag(), &td->td_ucred);
+#elif defined(AFS_NBSD40_ENV)
+ code = AddPag(p, genpag(), &p->l_proc->p_cred);
+#elif defined(AFS_XBSD_ENV)
code = AddPag(p, genpag(), &p->p_rcred);
#elif defined(AFS_AIX41_ENV)
{
}
#elif defined(AFS_LINUX20_ENV)
{
- struct AFS_UCRED *credp = crref();
+ afs_ucred_t *credp = crref();
code = AddPag(genpag(), &credp);
crfree(credp);
}
+#elif defined(AFS_DARWIN80_ENV)
+ {
+ afs_ucred_t *credp = kauth_cred_proc_ref(p);
+ code = AddPag(p, genpag(), &credp);
+ crfree(credp);
+ }
#elif defined(AFS_DARWIN_ENV)
{
- struct ucred *credp = crdup(p->p_cred->pc_ucred);
+ afs_ucred_t *credp = crdup(p->p_cred->pc_ucred);
code = AddPag(p, genpag(), &credp);
crfree(credp);
}
+#elif defined(UKERNEL)
+ code = AddPag(genpag(), &(get_user_struct()->u_cred));
#else
code = AddPag(genpag(), &u.u_cred);
#endif
+ done:
afs_Trace1(afs_iclSetp, CM_TRACE_SETPAG, ICL_TYPE_INT32, code);
#if defined(KERNEL_HAVE_UERROR)
return (code);
}
-#if defined(UKERNEL) && defined(AFS_WEB_ENHANCEMENTS)
+#if defined(UKERNEL)
/*
* afs_setpag_val
* This function is like setpag but sets the current thread's pag id to a
*/
int
#if defined(AFS_SUN5_ENV)
-afs_setpag_val(struct AFS_UCRED **credpp, int pagval)
-#elif defined(AFS_OSF_ENV) || defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
-afs_setpag_val(struct proc *p, void *args, int *retval, int pagval)
+afs_setpag_val(afs_ucred_t **credpp, int pagval)
+#elif defined(AFS_FBSD_ENV)
+afs_setpag_val(struct thread *td, void *args, int pagval)
+#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
+afs_setpag_val(afs_proc_t *p, void *args, int *retval, int pagval)
#else
afs_setpag_val(int pagval)
#endif
{
#if defined(AFS_SUN5_ENV)
- struct AFS_UCRED **acred = *credp;
+ afs_ucred_t *acred = *credp;
#elif defined(AFS_OBSD_ENV)
- struct AFS_UCRED **acred = &p->p_ucred;
+ afs_ucred_t *acred = p->p_ucred;
#else
- struct AFS_UCRED **acred = NULL;
+ afs_ucred_t *acred = NULL;
#endif
int code = 0;
AFS_STATCNT(afs_setpag);
- afs_pag_wait(acred);
+ code = afs_pag_wait(acred);
+ if (code) {
+ goto done;
+ }
#if defined(AFS_SUN5_ENV)
code = AddPag(pagval, credpp);
-#elif defined(AFS_OSF_ENV) || defined(AFS_XBSD_ENV)
+#elif defined(AFS_FBSD_ENV)
+ code = AddPag(td, pagval, &td->td_ucred);
+#elif defined(AFS_XBSD_ENV)
code = AddPag(p, pagval, &p->p_rcred);
#elif defined(AFS_AIX41_ENV)
{
}
#elif defined(AFS_LINUX20_ENV)
{
- struct AFS_UCRED *credp = crref();
+ afs_ucred_t *credp = crref();
code = AddPag(pagval, &credp);
crfree(credp);
}
code = AddPag(p, pagval, &credp);
crfree(credp);
}
+#elif defined(UKERNEL)
+ code = AddPag(pagval, &(get_user_struct()->u_cred));
#else
code = AddPag(pagval, &u.u_cred);
#endif
+ done:
afs_Trace1(afs_iclSetp, CM_TRACE_SETPAG, ICL_TYPE_INT32, code);
#if defined(KERNEL_HAVE_UERROR)
if (!getuerror())
return (code);
}
+#ifndef AFS_PAG_ONEGROUP_ENV
int
-afs_getpag_val()
+afs_getpag_val(void)
{
int pagvalue;
- struct AFS_UCRED *credp = u.u_cred;
- int gidset0, gidset1;
+#ifdef UKERNEL
+ afs_ucred_t *credp = get_user_struct()->u_cred;
+#else
+ afs_ucred_t *credp = u.u_cred;
+#endif
+ gid_t gidset0, gidset1;
+#ifdef AFS_SUN510_ENV
+ const gid_t *gids;
+ gids = crgetgroups(*credp);
+ gidset0 = gids[0];
+ gidset1 = gids[1];
+#else
gidset0 = credp->cr_groups[0];
gidset1 = credp->cr_groups[1];
+#endif
pagvalue = afs_get_pag_from_groups(gidset0, gidset1);
return pagvalue;
}
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+#endif
+#endif /* UKERNEL */
/* Note - needs to be available on AIX, others can be static - rework this */
-#if defined(AFS_OSF_ENV) || defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
int
-AddPag(struct proc *p, afs_int32 aval, struct AFS_UCRED **credpp)
+#if defined(AFS_FBSD_ENV)
+AddPag(struct thread *p, afs_int32 aval, afs_ucred_t **credpp)
+#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
+AddPag(afs_proc_t *p, afs_int32 aval, afs_ucred_t **credpp)
#else
-int
-AddPag(afs_int32 aval, struct AFS_UCRED **credpp)
+AddPag(afs_int32 aval, afs_ucred_t **credpp)
#endif
{
- afs_int32 newpag, code;
+ afs_int32 code;
+ afs_uint32 newpag;
AFS_STATCNT(AddPag);
-#if defined(AFS_OSF_ENV) || defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
+#if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
if ((code = setpag(p, credpp, aval, &newpag, 0)))
#else
if ((code = setpag(credpp, aval, &newpag, 0)))
int
-afs_InitReq(register struct vrequest *av, struct AFS_UCRED *acred)
+afs_InitReq(struct vrequest *av, afs_ucred_t *acred)
{
+#if defined(AFS_LINUX26_ENV) && !defined(AFS_NONFSTRANS)
+ int code;
+#endif
+
AFS_STATCNT(afs_InitReq);
- if (afs_shuttingdown)
+ memset(av, 0, sizeof(*av));
+ if (afs_shuttingdown == AFS_SHUTDOWN)
return EIO;
+
+#ifdef AFS_LINUX26_ENV
+#if !defined(AFS_NONFSTRANS)
+ if (osi_linux_nfs_initreq(av, acred, &code))
+ return code;
+#endif
+#endif
+
av->uid = PagInCred(acred);
if (av->uid == NOPAG) {
/* Afs doesn't use the unix uid for anuthing except a handle
if (acred == NOCRED)
av->uid = -2; /* XXX nobody... ? */
else
- av->uid = acred->cr_uid; /* bsd creds don't have ruid */
+ av->uid = afs_cr_uid(acred); /* bsd creds don't have ruid */
+#elif defined(AFS_SUN510_ENV)
+ av->uid = crgetruid(acred);
#else
- av->uid = acred->cr_ruid; /* default when no pag is set */
+ av->uid = afs_cr_ruid(acred); /* default when no pag is set */
#endif
}
- av->initd = 0;
return 0;
}
+/*!
+ * Allocate and setup a vrequest.
+ *
+ * \note The caller must free the allocated vrequest with
+ * afs_DestroyReq() if this function returns successfully (zero).
+ *
+ * \note The GLOCK must be held on platforms which require the GLOCK
+ * for osi_AllocSmallSpace() and osi_FreeSmallSpace().
+ *
+ * \param[out] avpp address of the vrequest pointer
+ * \param[in] acred user credentials to setup the vrequest
+ * afs_osi_credp should be used for anonymous connections
+ * \return 0 on success
+ */
+int
+afs_CreateReq(struct vrequest **avpp, afs_ucred_t *acred)
+{
+ int code;
+ struct vrequest *treq = NULL;
+
+ if (afs_shuttingdown == AFS_SHUTDOWN) {
+ return EIO;
+ }
+ if (!avpp || !acred) {
+ return EINVAL;
+ }
+ treq = osi_AllocSmallSpace(sizeof(struct vrequest));
+ if (!treq) {
+ return ENOMEM;
+ }
+ code = afs_InitReq(treq, acred);
+ if (code != 0) {
+ osi_FreeSmallSpace(treq);
+ return code;
+ }
+ *avpp = treq;
+ return 0;
+}
+/*!
+ * Deallocate a vrequest.
+ *
+ * \note The GLOCK must be held on platforms which require the GLOCK
+ * for osi_FreeSmallSpace().
+ *
+ * \param[in] av pointer to the vrequest to free; may be NULL
+ */
+void
+afs_DestroyReq(struct vrequest *av)
+{
+ if (av) {
+ osi_FreeSmallSpace(av);
+ }
+}
afs_uint32
afs_get_pag_from_groups(gid_t g0a, gid_t g1a)
afs_uint32 h, l, ret;
AFS_STATCNT(afs_get_pag_from_groups);
+
g0 -= 0x3f00;
g1 -= 0x3f00;
if (g0 < 0xc000 && g1 < 0xc000) {
h = (g0 >> 14);
h = (g1 >> 14) + h + h + h;
ret = ((h << 28) | l);
-#if defined(UKERNEL) && defined(AFS_WEB_ENHANCEMENTS)
+# if defined(UKERNEL)
return ret;
-#else
+# else
/* Additional testing */
if (((ret >> 24) & 0xff) == 'A')
return ret;
- else
- return NOPAG;
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+# endif /* UKERNEL */
}
return NOPAG;
}
-
+#ifndef AFS_PAG_ONEGROUP_ENV
void
afs_get_groups_from_pag(afs_uint32 pag, gid_t * g0p, gid_t * g1p)
{
unsigned short g0, g1;
-
AFS_STATCNT(afs_get_groups_from_pag);
-#if !defined(UKERNEL) || !defined(AFS_WEB_ENHANCEMENTS)
+ *g0p = pag;
+ *g1p = 0;
+# if !defined(UKERNEL)
pag &= 0x7fffffff;
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+# endif /* UKERNEL */
g0 = 0x3fff & (pag >> 14);
g1 = 0x3fff & pag;
g0 |= ((pag >> 28) / 3) << 14;
*g0p = g0 + 0x3f00;
*g1p = g1 + 0x3f00;
}
+#else
+void
+afs_get_groups_from_pag(afs_uint32 pag, gid_t *g0p, gid_t *g1p)
+{
+ AFS_STATCNT(afs_get_groups_from_pag);
+ *g0p = pag;
+ *g1p = 0;
+}
+#endif
-
-afs_int32
-PagInCred(const struct AFS_UCRED *cred)
+#ifdef AFS_LINUX26_ENV
+/* osi_get_group_pag is defined in <ARCH>/osi_groups.c */
+#elif defined(AFS_PAG_ONEGROUP_ENV)
+/* osi_get_group_pag is defined in <ARCH>/osi_groups.c */
+#elif defined(AFS_DARWIN110_ENV)
+/* We don't have pags, so we do not define an osi_get_group_pag */
+#else
+static afs_int32
+osi_get_group_pag(afs_ucred_t *cred)
{
- afs_int32 pag;
+ afs_int32 pag = NOPAG;
gid_t g0, g1;
+#if defined(AFS_SUN510_ENV)
+ const gid_t *gids;
+ int ngroups;
+#endif
- AFS_STATCNT(PagInCred);
- if (cred == NULL) {
- return NOPAG;
- }
-#if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
- if (cred == NOCRED || cred == FSCRED) {
+#if defined(AFS_SUN510_ENV)
+ gids = crgetgroups(cred);
+ ngroups = crgetngroups(cred);
+#endif
+#if defined(AFS_NBSD40_ENV)
+ if (cred == NOCRED || cred == FSCRED)
+ return NOPAG;
+ if (osi_crngroups(cred) < 3)
+ return NOPAG;
+ g0 = osi_crgroupbyid(cred, 1);
+ g1 = osi_crgroupbyid(cred, 2);
+#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
+ if (cred == NOCRED || cred == FSCRED)
return NOPAG;
- }
if (cred->cr_ngroups < 3)
return NOPAG;
/* gid is stored in cr_groups[0] */
g0 = cred->cr_groups[1];
g1 = cred->cr_groups[2];
#else
-#if defined(AFS_AIX51_ENV)
- if (kcred_getpag(cred, PAG_AFS, &pag) < 0 || pag == 0)
- pag = NOPAG;
- return pag;
-#elif defined(AFS_AIX_ENV)
- if (cred->cr_ngrps < 2) {
+# if defined(AFS_AIX_ENV)
+ if (cred->cr_ngrps < 2)
return NOPAG;
- }
-#elif defined(AFS_LINUX26_ENV)
- if (cred->cr_group_info->ngroups < 2)
+# elif defined(AFS_LINUX26_ENV)
+ if (afs_cr_group_info(cred)->ngroups < AFS_NUMPAGGROUPS)
return NOPAG;
-#elif defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_DUX40_ENV) || defined(AFS_LINUX20_ENV) || defined(AFS_XBSD_ENV)
- if (cred->cr_ngroups < 2)
+# elif defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_LINUX20_ENV) || defined(AFS_XBSD_ENV)
+# if defined(AFS_SUN510_ENV)
+ if (ngroups < 2) {
+# else
+ if (cred->cr_ngroups < 2) {
+# endif
return NOPAG;
-#endif
-#if defined(AFS_AIX51_ENV)
+ }
+# endif
+# if defined(AFS_AIX51_ENV)
g0 = cred->cr_groupset.gs_union.un_groups[0];
g1 = cred->cr_groupset.gs_union.un_groups[1];
-#elif defined(AFS_LINUX26_ENV)
- g0 = GROUP_AT(cred->cr_group_info, 0);
- g1 = GROUP_AT(cred->cr_group_info, 1);
+#elif defined(AFS_SUN510_ENV)
+ g0 = gids[0];
+ g1 = gids[1];
#else
g0 = cred->cr_groups[0];
g1 = cred->cr_groups[1];
pag = (afs_int32) afs_get_pag_from_groups(g0, g1);
return pag;
}
+#endif
+
+
+afs_int32
+PagInCred(afs_ucred_t *cred)
+{
+ afs_int32 pag = NOPAG;
+
+ AFS_STATCNT(PagInCred);
+ if (cred == NULL || cred == afs_osi_credp) {
+ return NOPAG;
+ }
+#ifndef AFS_DARWIN110_ENV
+#if defined(AFS_LINUX26_ENV) && defined(LINUX_KEYRING_SUPPORT)
+ /*
+ * If linux keyrings are in use and we carry the session keyring in our credentials
+ * structure, they should be the only criteria for determining
+ * if we're in a PAG. Groups are updated for legacy reasons only for now,
+ * and should not be used to infer PAG membership
+ * With keyrings but no kernel credentials, look at groups first and fall back
+ * to looking at the keyrings.
+ */
+# if !defined(STRUCT_TASK_STRUCT_HAS_CRED)
+ pag = osi_get_group_pag(cred);
+# endif
+ if (pag == NOPAG)
+ pag = osi_get_keyring_pag(cred);
+#elif defined(AFS_AIX51_ENV)
+ if (kcred_getpag(cred, PAG_AFS, &pag) < 0 || pag == 0)
+ pag = NOPAG;
+#else
+ pag = osi_get_group_pag(cred);
+#endif
+#endif
+ return pag;
+}