#include <afsconfig.h>
#include "afs/param.h"
-RCSID("$Header$");
+RCSID
+ ("$Header$");
#include "afs/sysincludes.h" /* Standard vendor system headers */
#include "afsincludes.h" /* Afs-based standard headers */
-#include "afs/afs_stats.h" /* statistics */
+#include "afs/afs_stats.h" /* statistics */
#include "afs/afs_cbqueue.h"
#include "afs/nfsclient.h"
#include "afs/afs_osidnlc.h"
afs_uint32 pagCounter = 0;
#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
+#ifdef AFS_LINUX26_ONEGROUP_ENV
+#define NUMPAGGROUPS 1
+#else
+#define NUMPAGGROUPS 2
+#endif
/* Local variables */
/*
* secure (although of course not absolutely secure).
*/
#if !defined(UKERNEL) || !defined(AFS_WEB_ENHANCEMENTS)
-afs_uint32 genpag(void)
+afs_uint32
+genpag(void)
{
AFS_STATCNT(genpag);
#ifdef AFS_LINUX20_ENV
#endif /* AFS_LINUX20_ENV */
}
-afs_uint32 getpag(void)
+afs_uint32
+getpag(void)
{
AFS_STATCNT(getpag);
#ifdef AFS_LINUX20_ENV
/* Web enhancement: we don't need to restrict pags to 41XXXXXX since
* we are not sharing the space with anyone. So we use the full 32 bits. */
-afs_uint32 genpag(void)
+afs_uint32
+genpag(void)
{
AFS_STATCNT(genpag);
#ifdef AFS_LINUX20_ENV
#endif /* AFS_LINUX20_ENV */
}
-afs_uint32 getpag(void)
+afs_uint32
+getpag(void)
{
AFS_STATCNT(getpag);
#ifdef AFS_LINUX20_ENV
* activates tokens repeatedly) for that entire period.
*/
+static int afs_pag_sleepcnt = 0;
+
+static int
+afs_pag_sleep(struct AFS_UCRED **acred)
+{
+ int rv = 0;
+
+ if (!afs_suser(acred)) {
+ if(osi_Time() - pag_epoch < pagCounter) {
+ rv = 1;
+ }
+ }
+
+ return rv;
+}
+
+static int
+afs_pag_wait(struct AFS_UCRED **acred)
+{
+ if (afs_pag_sleep(acred)) {
+ if (!afs_pag_sleepcnt) {
+ printf("%s() PAG throttling triggered, pid %d... sleeping. sleepcnt %d\n",
+ "afs_pag_wait", osi_getpid(), afs_pag_sleepcnt);
+ }
+
+ afs_pag_sleepcnt++;
+
+ do {
+ /* XXX spins on EINTR */
+ afs_osi_Wait(1000, (struct afs_osi_WaitHandle *)0, 0);
+ } while (afs_pag_sleep(acred));
+
+ afs_pag_sleepcnt--;
+ }
+
+ return 0;
+}
+
int
#if defined(AFS_SUN5_ENV)
-afs_setpag (struct AFS_UCRED **credpp)
+afs_setpag(struct AFS_UCRED **credpp)
#elif defined(AFS_OSF_ENV) || defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
-afs_setpag (struct proc *p, void *args, int *retval)
+afs_setpag(struct proc *p, void *args, int *retval)
#else
-afs_setpag (void)
+afs_setpag(void)
#endif
{
+
+#if defined(AFS_SUN5_ENV)
+ struct AFS_UCRED **acred = *credpp;
+#elif defined(AFS_OBSD_ENV)
+ struct AFS_UCRED **acred = &p->p_ucred;
+#else
+ struct AFS_UCRED **acred = NULL;
+#endif
+
int code = 0;
#if defined(AFS_SGI53_ENV) && defined(MP)
/* This is our first chance to get the global lock. */
AFS_GLOCK();
-#endif /* defined(AFS_SGI53_ENV) && defined(MP) */
+#endif /* defined(AFS_SGI53_ENV) && defined(MP) */
AFS_STATCNT(afs_setpag);
-#if defined(AFS_SUN5_ENV)
- if (!afs_suser(*credpp))
-#elif defined(AFS_OBSD_ENV)
- if (!afs_osi_suser(p->p_cred->pc_ucred))
-#else
- if (!afs_suser())
-#endif
- {
- while (osi_Time() - pag_epoch < pagCounter ) {
- afs_osi_Wait(1000, (struct afs_osi_WaitHandle *) 0, 0);
- }
- }
+
+ afs_pag_wait(acred);
+
#if defined(AFS_SUN5_ENV)
code = AddPag(genpag(), credpp);
{
struct ucred *credp;
struct ucred *credp0;
-
+
credp = crref();
credp0 = credp;
code = AddPag(genpag(), &credp);
code = AddPag(genpag(), &credp);
crfree(credp);
}
-#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
+#elif defined(AFS_DARWIN80_ENV)
+ {
+ struct ucred *credp = kauth_cred_proc_ref(p);
+ code = AddPag(p, genpag(), &credp);
+ kauth_cred_rele(credp);
+ }
+#elif defined(AFS_DARWIN_ENV)
{
- struct ucred *credp=crdup(p->p_cred->pc_ucred);
- code=AddPag(p, genpag(), &credp);
- crfree(credp);
+ struct ucred *credp = crdup(p->p_cred->pc_ucred);
+ code = AddPag(p, genpag(), &credp);
+ crfree(credp);
}
#else
code = AddPag(genpag(), &u.u_cred);
#endif
afs_Trace1(afs_iclSetp, CM_TRACE_SETPAG, ICL_TYPE_INT32, code);
+
#if defined(KERNEL_HAVE_UERROR)
if (!getuerror())
setuerror(code);
#endif
+
#if defined(AFS_SGI53_ENV) && defined(MP)
AFS_GUNLOCK();
#endif /* defined(AFS_SGI53_ENV) && defined(MP) */
+
return (code);
}
*/
int
#if defined(AFS_SUN5_ENV)
-afs_setpag_val (struct AFS_UCRED **credpp, int pagval)
+afs_setpag_val(struct AFS_UCRED **credpp, int pagval)
#elif defined(AFS_OSF_ENV) || defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
-afs_setpag_val (struct proc *p, void *args, int *retval, int pagval)
+afs_setpag_val(struct proc *p, void *args, int *retval, int pagval)
#else
-afs_setpag_val (int pagval)
+afs_setpag_val(int pagval)
#endif
{
+
+#if defined(AFS_SUN5_ENV)
+ struct AFS_UCRED **acred = *credp;
+#elif defined(AFS_OBSD_ENV)
+ struct AFS_UCRED **acred = &p->p_ucred;
+#else
+ struct AFS_UCRED **acred = NULL;
+#endif
+
int code = 0;
#if defined(AFS_SGI53_ENV) && defined(MP)
/* This is our first chance to get the global lock. */
AFS_GLOCK();
-#endif /* defined(AFS_SGI53_ENV) && defined(MP) */
+#endif /* defined(AFS_SGI53_ENV) && defined(MP) */
AFS_STATCNT(afs_setpag);
-#ifdef AFS_SUN5_ENV
- if (!afs_suser(*credpp))
-#else
- if (!afs_suser())
-#endif
- {
- while (osi_Time() - pag_epoch < pagCounter ) {
- afs_osi_Wait(1000, (struct afs_osi_WaitHandle *) 0, 0);
- }
- }
+
+ afs_pag_wait(acred);
#if defined(AFS_SUN5_ENV)
code = AddPag(pagval, credpp);
{
struct ucred *credp;
struct ucred *credp0;
-
+
credp = crref();
credp0 = credp;
code = AddPag(pagval, &credp);
code = AddPag(pagval, &credp);
crfree(credp);
}
-#elif defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
+#elif defined(AFS_DARWIN_ENV)
{
- struct ucred *credp=crdup(p->p_cred->pc_ucred);
- code=AddPag(p, pagval, &credp);
- crfree(credp);
+ struct ucred *credp = crdup(p->p_cred->pc_ucred);
+ code = AddPag(p, pagval, &credp);
+ crfree(credp);
}
#else
code = AddPag(pagval, &u.u_cred);
#endif
#if defined(AFS_SGI53_ENV) && defined(MP)
AFS_GUNLOCK();
-#endif /* defined(AFS_SGI53_ENV) && defined(MP) */
+#endif /* defined(AFS_SGI53_ENV) && defined(MP) */
return (code);
}
-#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
-#if defined(UKERNEL) && defined(AFS_WEB_ENHANCEMENTS)
-int afs_getpag_val()
+#ifndef AFS_LINUX26_ONEGROUP_ENV
+int
+afs_getpag_val()
{
- int pagvalue;
- struct AFS_UCRED *credp = u.u_cred;
- int gidset0, gidset1;
-
- gidset0 = credp->cr_groups[0];
- gidset1 = credp->cr_groups[1];
- pagvalue=afs_get_pag_from_groups(gidset0, gidset1);
- return pagvalue;
+ int pagvalue;
+ struct AFS_UCRED *credp = u.u_cred;
+ gid_t gidset0, gidset1;
+#ifdef AFS_SUN510_ENV
+ const gid_t *gids;
+
+ gids = crgetgroups(*credp);
+ gidset0 = gids[0];
+ gidset1 = gids[1];
+#else
+ gidset0 = credp->cr_groups[0];
+ gidset1 = credp->cr_groups[1];
+#endif
+ pagvalue = afs_get_pag_from_groups(gidset0, gidset1);
+ return pagvalue;
}
+#endif
#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
/* Note - needs to be available on AIX, others can be static - rework this */
#if defined(AFS_OSF_ENV) || defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
-int AddPag(struct proc *p, afs_int32 aval, struct AFS_UCRED **credpp)
+int
+AddPag(struct proc *p, afs_int32 aval, struct AFS_UCRED **credpp)
#else
-int AddPag(afs_int32 aval, struct AFS_UCRED **credpp)
+int
+AddPag(afs_int32 aval, struct AFS_UCRED **credpp)
#endif
{
afs_int32 newpag, code;
+
AFS_STATCNT(AddPag);
#if defined(AFS_OSF_ENV) || defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
if ((code = setpag(p, credpp, aval, &newpag, 0)))
-#else /* AFS_OSF_ENV */
+#else
if ((code = setpag(credpp, aval, &newpag, 0)))
#endif
#if defined(KERNEL_HAVE_UERROR)
}
-int afs_InitReq(register struct vrequest *av, struct AFS_UCRED *acred)
+int
+afs_InitReq(register struct vrequest *av, struct AFS_UCRED *acred)
{
+ int code;
+
AFS_STATCNT(afs_InitReq);
- if (afs_shuttingdown) return EIO;
+ memset(av, 0, sizeof(*av));
+ if (afs_shuttingdown)
+ return EIO;
+
+#ifdef AFS_LINUX26_ENV
+#if !defined(AFS_NONFSTRANS)
+ if (osi_linux_nfs_initreq(av, acred, &code))
+ return code;
+#endif
+#endif
+
av->uid = PagInCred(acred);
if (av->uid == NOPAG) {
/* Afs doesn't use the unix uid for anuthing except a handle
* with which to find the actual authentication tokens so I
* think it's ok to use the real uid to make setuid
- * programs (without setpag) to work properly.
- */
+ * programs (without setpag) to work properly.
+ */
#if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
- av->uid = acred->cr_uid; /* default when no pag is set */
- /* bsd creds don't have ruid */
+ if (acred == NOCRED)
+ av->uid = -2; /* XXX nobody... ? */
+ else
+ av->uid = acred->cr_uid; /* bsd creds don't have ruid */
+#elif defined(AFS_SUN510_ENV)
+ av->uid = crgetruid(acred);
#else
- av->uid = acred->cr_ruid; /* default when no pag is set */
+ av->uid = acred->cr_ruid; /* default when no pag is set */
#endif
}
av->initd = 0;
}
+#ifdef AFS_LINUX26_ONEGROUP_ENV
+afs_uint32
+afs_get_pag_from_groups(struct group_info *group_info)
+{
+ afs_uint32 g0 = 0;
+ afs_uint32 i;
-afs_uint32 afs_get_pag_from_groups(gid_t g0a, gid_t g1a)
+ AFS_STATCNT(afs_get_pag_from_groups);
+ for (i = 0; (i < group_info->ngroups &&
+ (g0 = GROUP_AT(group_info, i)) != (gid_t) NOGROUP); i++) {
+ if (((g0 >> 24) & 0xff) == 'A')
+ return g0;
+ }
+ return NOPAG;
+}
+#else
+afs_uint32
+afs_get_pag_from_groups(gid_t g0a, gid_t g1a)
{
afs_uint32 g0 = g0a;
afs_uint32 g1 = g1a;
afs_uint32 h, l, ret;
AFS_STATCNT(afs_get_pag_from_groups);
+
g0 -= 0x3f00;
g1 -= 0x3f00;
if (g0 < 0xc000 && g1 < 0xc000) {
/* Additional testing */
if (((ret >> 24) & 0xff) == 'A')
return ret;
- else
- return NOPAG;
#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
}
return NOPAG;
}
+#endif
-
-void afs_get_groups_from_pag(afs_uint32 pag, gid_t *g0p, gid_t *g1p)
+void
+afs_get_groups_from_pag(afs_uint32 pag, gid_t * g0p, gid_t * g1p)
{
unsigned short g0, g1;
AFS_STATCNT(afs_get_groups_from_pag);
+#ifdef AFS_LINUX26_ONEGROUP_ENV
+ *g0p = pag;
+ *g1p = 0;
+#else
#if !defined(UKERNEL) || !defined(AFS_WEB_ENHANCEMENTS)
pag &= 0x7fffffff;
#endif /* UKERNEL && AFS_WEB_ENHANCEMENTS */
g1 |= ((pag >> 28) % 3) << 14;
*g0p = g0 + 0x3f00;
*g1p = g1 + 0x3f00;
+#endif
}
-afs_int32 PagInCred(const struct AFS_UCRED *cred)
+afs_int32
+PagInCred(const struct AFS_UCRED *cred)
{
afs_int32 pag;
gid_t g0, g1;
+#if defined(AFS_SUN510_ENV)
+ const gid_t *gids;
+ int ngroups;
+#endif
AFS_STATCNT(PagInCred);
- if (cred == NULL) {
+ if (cred == NULL || cred == afs_osi_credp) {
return NOPAG;
}
+#if defined(AFS_SUN510_ENV)
+ gids = crgetgroups(cred);
+ ngroups = crgetngroups(cred);
+#endif
#if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
if (cred == NOCRED || cred == FSCRED) {
- return NOPAG;
+ return NOPAG;
}
- if (cred->cr_ngroups < 3) return NOPAG;
+ if (cred->cr_ngroups < 3)
+ return NOPAG;
/* gid is stored in cr_groups[0] */
g0 = cred->cr_groups[1];
g1 = cred->cr_groups[2];
#else
-#ifdef AFS_AIX_ENV
-#ifdef AFS_AIX51_ENV
+#if defined(AFS_AIX51_ENV)
if (kcred_getpag(cred, PAG_AFS, &pag) < 0 || pag == 0)
pag = NOPAG;
return pag;
-#else
+#elif defined(AFS_AIX_ENV)
if (cred->cr_ngrps < 2) {
return NOPAG;
}
-#endif
+#elif defined(AFS_LINUX26_ENV)
+ if (cred->cr_group_info->ngroups < NUMPAGGROUPS) {
+ pag = NOPAG;
+ goto out;
+ }
+#elif defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_DUX40_ENV) || defined(AFS_LINUX20_ENV) || defined(AFS_XBSD_ENV)
+#if defined(AFS_SUN510_ENV)
+ if (ngroups < 2) {
#else
-#if defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_DUX40_ENV) || defined(AFS_LINUX_ENV) || defined(AFS_XBSD_ENV)
- if (cred->cr_ngroups < 2) return NOPAG;
+ if (cred->cr_ngroups < 2) {
#endif
+ pag = NOPAG;
+ goto out;
+ }
#endif
-#ifdef AFS_AIX51_ENV
+#if defined(AFS_AIX51_ENV)
g0 = cred->cr_groupset.gs_union.un_groups[0];
g1 = cred->cr_groupset.gs_union.un_groups[1];
+#elif defined(AFS_LINUX26_ONEGROUP_ENV)
+#elif defined(AFS_LINUX26_ENV)
+ g0 = GROUP_AT(cred->cr_group_info, 0);
+ g1 = GROUP_AT(cred->cr_group_info, 1);
+#elif defined(AFS_SUN510_ENV)
+ g0 = gids[0];
+ g1 = gids[1];
#else
g0 = cred->cr_groups[0];
g1 = cred->cr_groups[1];
#endif
#endif
- pag = (afs_int32)afs_get_pag_from_groups(g0, g1);
+#if defined(AFS_LINUX26_ONEGROUP_ENV)
+ pag = (afs_int32) afs_get_pag_from_groups(cred->cr_group_info);
+#else
+ pag = (afs_int32) afs_get_pag_from_groups(g0, g1);
+#endif
+out:
+#if defined(AFS_LINUX26_ENV) && defined(LINUX_KEYRING_SUPPORT)
+ if (pag == NOPAG) {
+ struct key *key;
+ afs_uint32 upag, newpag;
+
+ key = request_key(&key_type_afs_pag, "_pag", NULL);
+ if (!IS_ERR(key)) {
+ if (key_validate(key) == 0 && key->uid == 0) { /* also verify in the session keyring? */
+ upag = (afs_uint32) key->payload.value;
+ if (((upag >> 24) & 0xff) == 'A') {
+ __setpag(&cred, upag, &newpag, 0);
+ pag = (afs_int32) upag;
+ }
+ }
+ key_put(key);
+ }
+ }
+#endif
return pag;
}