/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
/* Exported variables */
afs_uint32 pag_epoch;
-#if defined(UKERNEL) && defined(AFS_WEB_ENHANCEMENTS)
+#if defined(UKERNEL)
afs_uint32 pagCounter = 1;
#else
afs_uint32 pagCounter = 0;
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+#endif /* UKERNEL */
#ifdef AFS_LINUX26_ONEGROUP_ENV
#define NUMPAGGROUPS 1
* anyway, so the pag is an alternative handle which is somewhat more
* secure (although of course not absolutely secure).
*/
-#if !defined(UKERNEL) || !defined(AFS_WEB_ENHANCEMENTS)
+#if !defined(UKERNEL)
afs_uint32
genpag(void)
{
return (pagCounter);
#endif
}
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+#endif /* UKERNEL */
/* used to require 10 seconds between each setpag to guarantee that
* PAGs never wrap - which would be a security hole. If we presume
if (rv && (osi_Time() < pag_epoch)) {
if (!afs_pag_timewarn) {
afs_pag_timewarn = 1;
- printf("clock went backwards, not PAG throttling");
+ afs_warn("clock went backwards, not PAG throttling");
}
rv = 0;
}
{
if (afs_pag_sleep(acred)) {
if (!afs_pag_sleepcnt) {
- printf("%s() PAG throttling triggered, pid %d... sleeping. sleepcnt %d\n",
- "afs_pag_wait", osi_getpid(), afs_pag_sleepcnt);
+ afs_warn("%s() PAG throttling triggered, pid %d... sleeping. sleepcnt %d\n",
+ "afs_pag_wait", osi_getpid(), afs_pag_sleepcnt);
}
afs_pag_sleepcnt++;
int
#if defined(AFS_SUN5_ENV)
afs_setpag(afs_ucred_t **credpp)
+#elif defined(AFS_FBSD_ENV)
+afs_setpag(struct thread *td, void *args)
+#elif defined(AFS_NBSD_ENV)
+afs_setpag(afs_proc_t *p, const void *args, register_t *retval)
#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
afs_setpag(afs_proc_t *p, void *args, int *retval)
#else
#if defined(AFS_SUN5_ENV)
code = AddPag(genpag(), credpp);
+#elif defined(AFS_FBSD_ENV)
+ code = AddPag(td, genpag(), &td->td_ucred);
+#elif defined(AFS_NBSD40_ENV)
+ code = AddPag(p, genpag(), &p->l_proc->p_cred);
#elif defined(AFS_XBSD_ENV)
code = AddPag(p, genpag(), &p->p_rcred);
#elif defined(AFS_AIX41_ENV)
code = AddPag(p, genpag(), &credp);
crfree(credp);
}
+#elif defined(UKERNEL)
+ code = AddPag(genpag(), &(get_user_struct()->u_cred));
#else
code = AddPag(genpag(), &u.u_cred);
#endif
return (code);
}
-#if defined(UKERNEL) && defined(AFS_WEB_ENHANCEMENTS)
+#if defined(UKERNEL)
/*
* afs_setpag_val
* This function is like setpag but sets the current thread's pag id to a
int
#if defined(AFS_SUN5_ENV)
afs_setpag_val(afs_ucred_t **credpp, int pagval)
+#elif defined(AFS_FBSD_ENV)
+afs_setpag_val(struct thread *td, void *args, int pagval)
#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
afs_setpag_val(afs_proc_t *p, void *args, int *retval, int pagval)
#else
#if defined(AFS_SUN5_ENV)
code = AddPag(pagval, credpp);
+#elif defined(AFS_FBSD_ENV)
+ code = AddPag(td, pagval, &td->td_ucred);
#elif defined(AFS_XBSD_ENV)
code = AddPag(p, pagval, &p->p_rcred);
#elif defined(AFS_AIX41_ENV)
code = AddPag(p, pagval, &credp);
crfree(credp);
}
+#elif defined(UKERNEL)
+ code = AddPag(pagval, &(get_user_struct()->u_cred));
#else
code = AddPag(pagval, &u.u_cred);
#endif
afs_getpag_val(void)
{
int pagvalue;
+#ifdef UKERNEL
+ afs_ucred_t *credp = get_user_struct()->u_cred;
+#else
afs_ucred_t *credp = u.u_cred;
+#endif
gid_t gidset0, gidset1;
#ifdef AFS_SUN510_ENV
const gid_t *gids;
return pagvalue;
}
#endif
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+#endif /* UKERNEL */
/* Note - needs to be available on AIX, others can be static - rework this */
-#if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
int
+#if defined(AFS_FBSD_ENV)
+AddPag(struct thread *p, afs_int32 aval, afs_ucred_t **credpp)
+#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
AddPag(afs_proc_t *p, afs_int32 aval, afs_ucred_t **credpp)
#else
-int
AddPag(afs_int32 aval, afs_ucred_t **credpp)
#endif
{
int
-afs_InitReq(register struct vrequest *av, afs_ucred_t *acred)
+afs_InitReq(struct vrequest *av, afs_ucred_t *acred)
{
#if defined(AFS_LINUX26_ENV) && !defined(AFS_NONFSTRANS)
int code;
#elif defined(AFS_SUN510_ENV)
av->uid = crgetruid(acred);
#else
- av->uid = afs_cr_uid(acred); /* default when no pag is set */
+ av->uid = afs_cr_ruid(acred); /* default when no pag is set */
#endif
}
return 0;
}
-
-#ifdef AFS_LINUX26_ONEGROUP_ENV
-afs_uint32
-afs_get_pag_from_groups(struct group_info *group_info)
+/*!
+ * Allocate and setup a vrequest.
+ *
+ * \note The caller must free the allocated vrequest with
+ * afs_DestroyReq() if this function returns successfully (zero).
+ *
+ * \note The GLOCK must be held on platforms which require the GLOCK
+ * for osi_AllocSmallSpace() and osi_FreeSmallSpace().
+ *
+ * \param[out] avpp address of the vrequest pointer
+ * \param[in] acred user credentials to setup the vrequest
+ * afs_osi_credp should be used for anonymous connections
+ * \return 0 on success
+ */
+int
+afs_CreateReq(struct vrequest **avpp, afs_ucred_t *acred)
{
- afs_uint32 g0 = 0;
- afs_uint32 i;
+ int code;
+ struct vrequest *treq = NULL;
- AFS_STATCNT(afs_get_pag_from_groups);
- for (i = 0; (i < group_info->ngroups &&
- (g0 = GROUP_AT(group_info, i)) != (gid_t) NOGROUP); i++) {
- if (((g0 >> 24) & 0xff) == 'A')
- return g0;
+ if (afs_shuttingdown) {
+ return EIO;
}
- return NOPAG;
+ if (!avpp || !acred) {
+ return EINVAL;
+ }
+ treq = osi_AllocSmallSpace(sizeof(struct vrequest));
+ if (!treq) {
+ return ENOMEM;
+ }
+ code = afs_InitReq(treq, acred);
+ if (code != 0) {
+ osi_FreeSmallSpace(treq);
+ return code;
+ }
+ *avpp = treq;
+ return 0;
}
-#else
+
+/*!
+ * Deallocate a vrequest.
+ *
+ * \note The GLOCK must be held on platforms which require the GLOCK
+ * for osi_FreeSmallSpace().
+ *
+ * \param[in] av pointer to the vrequest to free; may be NULL
+ */
+void
+afs_DestroyReq(struct vrequest *av)
+{
+ if (av) {
+ osi_FreeSmallSpace(av);
+ }
+}
+
+#ifndef AFS_LINUX26_ONEGROUP_ENV
afs_uint32
afs_get_pag_from_groups(gid_t g0a, gid_t g1a)
{
h = (g0 >> 14);
h = (g1 >> 14) + h + h + h;
ret = ((h << 28) | l);
-#if defined(UKERNEL) && defined(AFS_WEB_ENHANCEMENTS)
+# if defined(UKERNEL)
return ret;
-#else
+# else
/* Additional testing */
if (((ret >> 24) & 0xff) == 'A')
return ret;
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+# endif /* UKERNEL */
}
return NOPAG;
}
-#endif
void
afs_get_groups_from_pag(afs_uint32 pag, gid_t * g0p, gid_t * g1p)
{
-#ifndef AFS_LINUX26_ONEGROUP_ENV
unsigned short g0, g1;
-#endif
-
AFS_STATCNT(afs_get_groups_from_pag);
-#ifdef AFS_LINUX26_ONEGROUP_ENV
*g0p = pag;
*g1p = 0;
-#else
-#if !defined(UKERNEL) || !defined(AFS_WEB_ENHANCEMENTS)
+# if !defined(UKERNEL)
pag &= 0x7fffffff;
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+# endif /* UKERNEL */
g0 = 0x3fff & (pag >> 14);
g1 = 0x3fff & pag;
g0 |= ((pag >> 28) / 3) << 14;
g1 |= ((pag >> 28) % 3) << 14;
*g0p = g0 + 0x3f00;
*g1p = g1 + 0x3f00;
-#endif
}
+#else
+void afs_get_groups_from_pag(afs_uint32 pag, gid_t *g0p, gid_t *g1p)
+{
+ AFS_STATCNT(afs_get_groups_from_pag);
+ *g0p = pag;
+ *g1p = 0;
+}
+#endif
-
-afs_int32
-PagInCred(afs_ucred_t *cred)
+#if !defined(AFS_LINUX26_ENV) && !defined(AFS_DARWIN110_ENV)
+static afs_int32
+osi_get_group_pag(afs_ucred_t *cred)
{
- afs_int32 pag;
-#if !defined(AFS_LINUX26_ONEGROUP_ENV)
+ afs_int32 pag = NOPAG;
gid_t g0, g1;
-#endif
#if defined(AFS_SUN510_ENV)
const gid_t *gids;
int ngroups;
#endif
- AFS_STATCNT(PagInCred);
- if (cred == NULL || cred == afs_osi_credp) {
- return NOPAG;
- }
#if defined(AFS_SUN510_ENV)
gids = crgetgroups(cred);
ngroups = crgetngroups(cred);
#endif
-#if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
- if (cred == NOCRED || cred == FSCRED) {
+#if defined(AFS_NBSD40_ENV)
+ if (cred == NOCRED || cred == FSCRED)
+ return NOPAG;
+ if (osi_crngroups(cred) < 3)
+ return NOPAG;
+ g0 = osi_crgroupbyid(cred, 1);
+ g1 = osi_crgroupbyid(cred, 2);
+#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
+ if (cred == NOCRED || cred == FSCRED)
return NOPAG;
- }
if (cred->cr_ngroups < 3)
return NOPAG;
/* gid is stored in cr_groups[0] */
g0 = cred->cr_groups[1];
g1 = cred->cr_groups[2];
#else
-#if defined(AFS_AIX_ENV)
- if (cred->cr_ngrps < 2) {
+# if defined(AFS_AIX_ENV)
+ if (cred->cr_ngrps < 2)
return NOPAG;
- }
-#elif defined(AFS_LINUX26_ENV)
- if (afs_cr_group_info(cred)->ngroups < NUMPAGGROUPS) {
- pag = NOPAG;
- goto out;
- }
-#elif defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_LINUX20_ENV) || defined(AFS_XBSD_ENV)
-#if defined(AFS_SUN510_ENV)
+# elif defined(AFS_LINUX26_ENV)
+ if (afs_cr_group_info(cred)->ngroups < NUMPAGGROUPS)
+ return NOPAG;
+# elif defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_LINUX20_ENV) || defined(AFS_XBSD_ENV)
+# if defined(AFS_SUN510_ENV)
if (ngroups < 2) {
-#else
+# else
if (cred->cr_ngroups < 2) {
-#endif
- pag = NOPAG;
- goto out;
+# endif
+ return NOPAG;
}
-#endif
-#if defined(AFS_AIX51_ENV)
+# endif
+# if defined(AFS_AIX51_ENV)
g0 = cred->cr_groupset.gs_union.un_groups[0];
g1 = cred->cr_groupset.gs_union.un_groups[1];
-#elif defined(AFS_LINUX26_ONEGROUP_ENV)
-#elif defined(AFS_LINUX26_ENV)
- g0 = GROUP_AT(afs_cr_group_info(cred), 0);
- g1 = GROUP_AT(afs_cr_group_info(cred), 1);
#elif defined(AFS_SUN510_ENV)
g0 = gids[0];
g1 = gids[1];
g1 = cred->cr_groups[1];
#endif
#endif
-#if defined(AFS_LINUX26_ONEGROUP_ENV)
- pag = (afs_int32) afs_get_pag_from_groups(afs_cr_group_info(cred));
-#else
pag = (afs_int32) afs_get_pag_from_groups(g0, g1);
+ return pag;
+}
#endif
-#if defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_LINUX20_ENV) || defined(AFS_XBSD_ENV)
-out:
-#endif
-#if defined(AFS_LINUX26_ENV) && defined(LINUX_KEYRING_SUPPORT)
- if (pag == NOPAG && afs_cr_rgid(cred) != NFSXLATOR_CRED) {
- struct key *key;
- afs_uint32 upag, newpag;
-
- key = request_key(&key_type_afs_pag, "_pag", NULL);
- if (!IS_ERR(key)) {
- if (key_validate(key) == 0 && key->uid == 0) { /* also verify in the session keyring? */
- upag = (afs_uint32) key->payload.value;
- if (((upag >> 24) & 0xff) == 'A') {
- __setpag(&cred, upag, &newpag, 0);
- pag = (afs_int32) upag;
- }
- }
- key_put(key);
- }
+
+
+afs_int32
+PagInCred(afs_ucred_t *cred)
+{
+ afs_int32 pag = NOPAG;
+
+ AFS_STATCNT(PagInCred);
+ if (cred == NULL || cred == afs_osi_credp) {
+ return NOPAG;
}
+#ifndef AFS_DARWIN110_ENV
+#if defined(AFS_LINUX26_ENV) && defined(LINUX_KEYRING_SUPPORT)
+ /*
+ * If linux keyrings are in use and we carry the session keyring in our credentials
+ * structure, they should be the only criteria for determining
+ * if we're in a PAG. Groups are updated for legacy reasons only for now,
+ * and should not be used to infer PAG membership
+ * With keyrings but no kernel credentials, look at groups first and fall back
+ * to looking at the keyrings.
+ */
+# if !defined(STRUCT_TASK_STRUCT_HAS_CRED)
+ pag = osi_get_group_pag(cred);
+# endif
+ if (pag == NOPAG)
+ pag = osi_get_keyring_pag(cred);
+#elif defined(AFS_AIX51_ENV)
+ if (kcred_getpag(cred, PAG_AFS, &pag) < 0 || pag == 0)
+ pag = NOPAG;
+#else
+ pag = osi_get_group_pag(cred);
+#endif
#endif
return pag;
}
git://git.openafs.org / openafs.git / blobdiff