#include "afs/vice.h"
#include "afs/afs_bypasscache.h"
#include "rx/rx_globals.h"
+#include "token.h"
struct VenusFid afs_rootFid;
afs_int32 afs_waitForever = 0;
}
static_inline int
-afs_pd_getInt(struct afs_pdata *apd, afs_int32 *val)
+afs_pd_getBytes(struct afs_pdata *apd, void *dest, size_t bytes)
{
- if (apd == NULL || apd->remaining < sizeof(afs_int32))
+ if (apd == NULL || apd->remaining < bytes)
return EINVAL;
- apd->remaining -= sizeof(afs_int32);
- *val = *(afs_int32 *)apd->ptr;
- apd->ptr += sizeof(afs_int32);
+ apd->remaining -= bytes;
+ memcpy(dest, apd->ptr, bytes);
+ apd->ptr += bytes;
return 0;
}
static_inline int
-afs_pd_getUint(struct afs_pdata *apd, afs_uint32 *val)
+afs_pd_getInt(struct afs_pdata *apd, afs_int32 *val)
{
- return afs_pd_getInt(apd, (afs_int32 *)val);
+ return afs_pd_getBytes(apd, val, sizeof(*val));
}
static_inline int
-afs_pd_getBytes(struct afs_pdata *apd, void *dest, size_t bytes)
+afs_pd_getUint(struct afs_pdata *apd, afs_uint32 *val)
{
- if (apd == NULL || apd->remaining < bytes)
- return EINVAL;
- apd->remaining -= bytes;
- memcpy(dest, apd->ptr, bytes);
- apd->ptr += bytes;
- return 0;
+ return afs_pd_getBytes(apd, val, sizeof(*val));
}
static_inline void *
return ret;
}
+static_inline void
+afs_pd_xdrStart(struct afs_pdata *apd, XDR *xdrs, enum xdr_op op) {
+ xdrmem_create(xdrs, apd->ptr, apd->remaining, op);
+}
+
+static_inline void
+afs_pd_xdrEnd(struct afs_pdata *apd, XDR *xdrs) {
+ size_t pos;
+
+ pos = xdr_getpos(xdrs);
+ apd->ptr += pos;
+ apd->remaining -= pos;
+ xdr_destroy(xdrs);
+}
+
+
+
static_inline int
afs_pd_getString(struct afs_pdata *apd, char *str, size_t maxLen)
{
}
static_inline int
-afs_pd_putInt(struct afs_pdata *apd, afs_int32 val)
-{
- if (apd == NULL || apd->remaining < sizeof(afs_int32))
- return E2BIG;
- *(afs_int32 *)apd->ptr = val;
- apd->ptr += sizeof(afs_int32);
- apd->remaining -= sizeof(afs_int32);
-
- return 0;
-}
-
-static_inline int
afs_pd_putBytes(struct afs_pdata *apd, const void *bytes, size_t len)
{
if (apd == NULL || apd->remaining < len)
}
static_inline int
+afs_pd_putInt(struct afs_pdata *apd, afs_int32 val)
+{
+ return afs_pd_putBytes(apd, &val, sizeof(val));
+}
+
+static_inline int
afs_pd_putString(struct afs_pdata *apd, char *str) {
/* Add 1 so we copy the NULL too */
DECL_PIOCTL(PGetWSCell);
DECL_PIOCTL(PGetUserCell);
DECL_PIOCTL(PSetTokens);
+DECL_PIOCTL(PSetTokens2);
DECL_PIOCTL(PGetVolumeStatus);
DECL_PIOCTL(PSetVolumeStatus);
DECL_PIOCTL(PFlush);
DECL_PIOCTL(PNewStatMount);
DECL_PIOCTL(PGetTokens);
+DECL_PIOCTL(PGetTokens2);
DECL_PIOCTL(PUnlog);
DECL_PIOCTL(PMariner);
DECL_PIOCTL(PCheckServers);
DECL_PIOCTL(PNewUuid);
DECL_PIOCTL(PPrecache);
DECL_PIOCTL(PGetPAG);
-#if defined(AFS_CACHE_BYPASS)
+#if defined(AFS_CACHE_BYPASS) && defined(AFS_LINUX24_ENV)
DECL_PIOCTL(PSetCachingThreshold);
#endif
PBogus, /* 4 */
PDiscon, /* 5 -- get/set discon mode */
PBogus, /* 6 */
- PBogus, /* 7 */
- PBogus, /* 8 */
+ PGetTokens2, /* 7 */
+ PSetTokens2, /* 8 */
PNewUuid, /* 9 */
PBogus, /* 10 */
PBogus, /* 11 */
static pioctlFunction OpioctlSw[] = {
PBogus, /* 0 */
PNFSNukeCreds, /* 1 -- nuke all creds for NFS client */
-#if defined(AFS_CACHE_BYPASS)
+#if defined(AFS_CACHE_BYPASS) && defined(AFS_LINUX24_ENV)
PSetCachingThreshold /* 2 -- get/set cache-bypass size threshold */
#else
PNoop /* 2 -- get/set cache-bypass size threshold */
if (code)
goto out;
- if (function == 8 && device == 'V') { /* PGetTokens */
+ if ((function == 8 && device == 'V') ||
+ (function == 7 && device == 'C')) { /* PGetTokens */
code = afs_pd_alloc(&output, MAXPIOCTLTOKENLEN);
} else {
code = afs_pd_alloc(&output, AFS_LRALLOCSIZ);
return 0;
}
+/* Work out which cell we're changing tokens for */
+static_inline int
+_settok_tokenCell(char *cellName, int *cellNum, int *primary) {
+ int t1;
+ struct cell *cell;
+
+ if (primary) {
+ *primary = 0;
+ }
+
+ if (cellName && strlen(cellName) > 0) {
+ cell = afs_GetCellByName(cellName, READ_LOCK);
+ } else {
+ cell = afs_GetPrimaryCell(READ_LOCK);
+ if (primary)
+ *primary = 1;
+ }
+ if (!cell) {
+ t1 = afs_initState;
+ if (t1 < 101)
+ return EIO;
+ else
+ return ESRCH;
+ }
+ *cellNum = cell->cellNum;
+ afs_PutCell(cell, READ_LOCK);
+
+ return 0;
+}
+
+
+static_inline int
+_settok_setParentPag(afs_ucred_t **cred) {
+ afs_uint32 pag;
+#if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
+ char procname[256];
+ osi_procname(procname, 256);
+ afs_warnuser("Process %d (%s) tried to change pags in PSetTokens\n",
+ MyPidxx2Pid(MyPidxx), procname);
+ return setpag(osi_curproc(), cred, -1, &pag, 1);
+#else
+ return setpag(cred, -1, &pag, 1);
+#endif
+}
+
/*!
* VIOCSETTOK (3) - Set authentication tokens
*
*/
DECL_PIOCTL(PSetTokens)
{
- afs_int32 i;
+ afs_int32 cellNum;
+ afs_int32 size;
+ afs_int32 code;
struct unixuser *tu;
struct ClearToken clear;
- struct cell *tcell;
char *stp;
char *cellName;
int stLen;
if (afs_pd_skip(ain, stLen) != 0)
return EINVAL;
- if (afs_pd_getInt(ain, &i) != 0)
+ if (afs_pd_getInt(ain, &size) != 0)
return EINVAL;
- if (i != sizeof(struct ClearToken))
+ if (size != sizeof(struct ClearToken))
return EINVAL;
if (afs_pd_getBytes(ain, &clear, sizeof(struct ClearToken)) !=0)
if (afs_pd_getStringPtr(ain, &cellName) != 0)
return EINVAL;
- /* rest is cell name, look it up */
- tcell = afs_GetCellByName(cellName, READ_LOCK);
- if (!tcell)
- goto nocell;
+ code = _settok_tokenCell(cellName, &cellNum, NULL);
+ if (code)
+ return code;
} else {
/* default to primary cell, primary id */
- flag = 1; /* primary id */
- tcell = afs_GetPrimaryCell(READ_LOCK);
- if (!tcell)
- goto nocell;
+ code = _settok_tokenCell(NULL, &cellNum, &flag);
+ if (code)
+ return code;
}
- i = tcell->cellNum;
- afs_PutCell(tcell, READ_LOCK);
+
if (set_parent_pag) {
- afs_uint32 pag;
-#if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
- char procname[256];
- osi_procname(procname, 256);
- afs_warnuser("Process %d (%s) tried to change pags in PSetTokens\n",
- MyPidxx2Pid(MyPidxx), procname);
- if (!setpag(osi_curproc(), acred, -1, &pag, 1)) {
-#else
- if (!setpag(acred, -1, &pag, 1)) {
-#endif
+ if (_settok_setParentPag(acred) == 0) {
afs_InitReq(&treq, *acred);
areq = &treq;
}
}
+
/* now we just set the tokens */
- tu = afs_GetUser(areq->uid, i, WRITE_LOCK); /* i has the cell # */
+ tu = afs_GetUser(areq->uid, cellNum, WRITE_LOCK);
/* Set tokens destroys any that are already there */
afs_FreeTokens(&tu->tokens);
afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear);
afs_PutUser(tu, WRITE_LOCK);
return 0;
-
- nocell:
- {
- int t1;
- t1 = afs_initState;
- if (t1 < 101)
- return EIO;
- else
- return ESRCH;
- }
}
/*!
char *Name;
XSTATS_DECLS;
+ osi_Assert(offLineMsg != NULL);
+ osi_Assert(motd != NULL);
AFS_STATCNT(PGetVolumeStatus);
if (!avc) {
code = EINVAL;
}
/*!
+ * A helper function to get the n'th cell which a particular user has tokens
+ * for. This is racy. If new tokens are added whilst we're iterating, then
+ * we may return some cells twice. If tokens expire mid run, then we'll
+ * miss some cells from our output. So, could be better, but that would
+ * require an interface change.
+ */
+
+static struct unixuser *
+getNthCell(afs_int32 uid, afs_int32 iterator) {
+ int i;
+ struct unixuser *tu = NULL;
+
+ i = UHash(uid);
+ ObtainReadLock(&afs_xuser);
+ for (tu = afs_users[i]; tu; tu = tu->next) {
+ if (tu->uid == uid && (tu->states & UHasTokens)) {
+ if (iterator-- == 0)
+ break; /* are we done yet? */
+ }
+ }
+ if (tu) {
+ tu->refCount++;
+ }
+ ReleaseReadLock(&afs_xuser);
+
+ return tu;
+}
+/*!
* VIOCGETTOK (8) - Get authentication tokens
*
* \ingroup pioctl
DECL_PIOCTL(PGetTokens)
{
struct cell *tcell;
- afs_int32 i;
- struct unixuser *tu;
+ struct unixuser *tu = NULL;
union tokenUnion *token;
afs_int32 iterator = 0;
int newStyle;
+ int cellNum;
int code = E2BIG;
AFS_STATCNT(PGetTokens);
if (afs_pd_getInt(ain, &iterator) != 0)
return EINVAL;
}
- i = UHash(areq->uid);
- ObtainReadLock(&afs_xuser);
- for (tu = afs_users[i]; tu; tu = tu->next) {
- if (newStyle) {
- if (tu->uid == areq->uid && (tu->states & UHasTokens)) {
- if (iterator-- == 0)
- break; /* are we done yet? */
- }
- } else {
- if (tu->uid == areq->uid && afs_IsPrimaryCellNum(tu->cell))
- break;
- }
- }
- if (tu) {
- /*
- * No need to hold a read lock on each user entry
- */
- tu->refCount++;
+ if (newStyle) {
+ tu = getNthCell(areq->uid, iterator);
+ } else {
+ cellNum = afs_GetPrimaryCellNum();
+ if (cellNum)
+ tu = afs_FindUser(areq->uid, cellNum, READ_LOCK);
}
- ReleaseReadLock(&afs_xuser);
-
if (!tu) {
return EDOM;
}
}
token = afs_FindToken(tu->tokens, RX_SECIDX_KAD);
+ /* If they don't have an RXKAD token, but do have other tokens,
+ * then sadly there's nothing this interface can do to help them. */
+ if (token == NULL)
+ return ENOTCONN;
+
/* for compat, we try to return 56 byte tix if they fit */
iterator = token->rxkad.ticketLen;
if (iterator < 56)
{
int i;
struct srvAddr *sa;
- struct afs_conn *tc;
+ struct sa_conn_vector *tcv;
struct unixuser *tu;
afs_int32 retValue;
/* all connections in cell 1 working? */
for (i = 0; i < NSERVERS; i++) {
for (sa = afs_srvAddrs[i]; sa; sa = sa->next_bkt) {
- for (tc = sa->conns; tc; tc = tc->next) {
- if (tc->user == tu && (tu->states & UTokensBad))
+ for (tcv = sa->conns; tcv; tcv = tcv->next) {
+ if (tcv->user == tu && (tu->states & UTokensBad))
retValue = EACCES;
}
}
if (vlonly) {
afs_int32 *p;
- p = (afs_int32 *) afs_osi_Alloc(sizeof(afs_int32) * (s + 1));
+ p = afs_osi_Alloc(sizeof(afs_int32) * (s + 1));
+ osi_Assert(p != NULL);
p[0] = s;
memcpy(p + 1, l, s * sizeof(afs_int32));
afs_TraverseCells(&ReSortCells_cb, p);
return afs_pd_putBytes(aout, &cm_initParams,
sizeof(struct cm_initparams));
- return 0;
}
#ifdef AFS_SGI65_ENV
return 0;
}
-#if defined(AFS_CACHE_BYPASS)
+#if defined(AFS_CACHE_BYPASS) && defined(AFS_LINUX24_ENV)
DECL_PIOCTL(PSetCachingThreshold)
{
}
addrs = afs_osi_Alloc(srvAddrCount * sizeof(*addrs));
+ osi_Assert(addrs != NULL);
j = 0;
for (i = 0; i < NSERVERS; i++) {
for (sa = afs_srvAddrs[i]; sa; sa = sa->next_bkt) {
return afs_pd_putInt(aout, mode);
}
+#define MAX_PIOCTL_TOKENS 10
+
+DECL_PIOCTL(PSetTokens2)
+{
+ int code =0;
+ int i, cellNum, primaryFlag;
+ XDR xdrs;
+ struct unixuser *tu;
+ struct vrequest treq;
+ struct ktc_setTokenData tokenSet;
+ struct ktc_tokenUnion decodedToken;
+
+ memset(&tokenSet, 0, sizeof(tokenSet));
+
+ AFS_STATCNT(PSetTokens2);
+ if (!afs_resourceinit_flag)
+ return EIO;
+
+ afs_pd_xdrStart(ain, &xdrs, XDR_DECODE);
+
+ if (!xdr_ktc_setTokenData(&xdrs, &tokenSet)) {
+ afs_pd_xdrEnd(ain, &xdrs);
+ return EINVAL;
+ }
+
+ afs_pd_xdrEnd(ain, &xdrs);
+
+ /* We limit each PAG to 10 tokens to prevent a malicous (or runaway)
+ * process from using up the whole of the kernel memory by allocating
+ * tokens.
+ */
+ if (tokenSet.tokens.tokens_len > MAX_PIOCTL_TOKENS) {
+ xdr_free((xdrproc_t) xdr_ktc_setTokenData, &tokenSet);
+ return E2BIG;
+ }
+
+ code = _settok_tokenCell(tokenSet.cell, &cellNum, &primaryFlag);
+ if (code) {
+ xdr_free((xdrproc_t) xdr_ktc_setTokenData, &tokenSet);
+ return code;
+ }
+
+ if (tokenSet.flags & AFSTOKEN_EX_SETPAG) {
+ if (_settok_setParentPag(acred) == 0) {
+ afs_InitReq(&treq, *acred);
+ areq = &treq;
+ }
+ }
+
+ tu = afs_GetUser(areq->uid, cellNum, WRITE_LOCK);
+ /* Free any tokens that we've already got */
+ afs_FreeTokens(&tu->tokens);
+
+ /* Iterate across the set of tokens we've received, and stuff them
+ * into this user's tokenJar
+ */
+ for (i=0; i < tokenSet.tokens.tokens_len; i++) {
+ xdrmem_create(&xdrs,
+ tokenSet.tokens.tokens_val[i].token_opaque_val,
+ tokenSet.tokens.tokens_val[i].token_opaque_len,
+ XDR_DECODE);
+
+ memset(&decodedToken, 0, sizeof(decodedToken));
+ if (!xdr_ktc_tokenUnion(&xdrs, &decodedToken)) {
+ xdr_destroy(&xdrs);
+ code = EINVAL;
+ goto out;
+ }
+
+ xdr_destroy(&xdrs);
+
+ afs_AddTokenFromPioctl(&tu->tokens, &decodedToken);
+ /* This is untidy - the old token interface supported passing
+ * the primaryFlag as part of the token interface. Current
+ * OpenAFS userland never sets this, but it's specified as being
+ * part of the XG interface, so we should probably still support
+ * it. Rather than add it to our AddToken interface, just handle
+ * it here.
+ */
+ if (decodedToken.at_type == AFSTOKEN_UNION_KAD) {
+ if (decodedToken.ktc_tokenUnion_u.at_kad.rk_primary_flag)
+ primaryFlag = 1;
+ }
+
+ /* XXX - We should think more about destruction here. It's likely that
+ * there is key material in what we're about to throw away, which
+ * we really should zero out before giving back to the allocator */
+ xdr_free((xdrproc_t) xdr_ktc_tokenUnion, &decodedToken);
+ }
+
+ tu->states |= UHasTokens;
+ tu->states &= ~UTokensBad;
+ afs_SetPrimary(tu, primaryFlag);
+ tu->tokenTime = osi_Time();
+
+ xdr_free((xdrproc_t) xdr_ktc_setTokenData, &tokenSet);
+
+out:
+ afs_ResetUserConns(tu);
+ afs_PutUser(tu, WRITE_LOCK);
+
+ return code;
+}
+
+DECL_PIOCTL(PGetTokens2)
+{
+ struct cell *cell;
+ struct unixuser *tu = NULL;
+ afs_int32 iterator;
+ char *cellName = NULL;
+ afs_int32 cellNum;
+ int code = 0;
+ time_t now;
+ XDR xdrs;
+ struct ktc_setTokenData tokenSet;
+
+ AFS_STATCNT(PGetTokens);
+ if (!afs_resourceinit_flag)
+ return EIO;
+
+ memset(&tokenSet, 0, sizeof(tokenSet));
+
+ /* No input data - return tokens for primary cell */
+ /* 4 octets of data is an iterator count */
+ /* Otherwise, treat as string & return tokens for that cell name */
+
+ if (afs_pd_remaining(ain) == sizeof(afs_int32)) {
+ /* Integer iterator - return tokens for the n'th cell found for user */
+ if (afs_pd_getInt(ain, &iterator) != 0)
+ return EINVAL;
+ tu = getNthCell(areq->uid, iterator);
+ } else {
+ if (afs_pd_remaining(ain) > 0) {
+ if (afs_pd_getStringPtr(ain, &cellName) != 0)
+ return EINVAL;
+ } else {
+ cellName = NULL;
+ }
+ code = _settok_tokenCell(cellName, &cellNum, NULL);
+ if (code)
+ return code;
+ tu = afs_FindUser(areq->uid, cellNum, READ_LOCK);
+ }
+ if (tu == NULL)
+ return EDOM;
+
+ now = osi_Time();
+
+ if (!(tu->states & UHasTokens)
+ || !afs_HasValidTokens(tu->tokens, now)) {
+ tu->states |= (UTokensBad | UNeedsReset);
+ afs_PutUser(tu, READ_LOCK);
+ return ENOTCONN;
+ }
+
+ code = afs_ExtractTokensForPioctl(tu->tokens, now, &tokenSet);
+ if (code)
+ goto out;
+
+ cell = afs_GetCell(tu->cell, READ_LOCK);
+ tokenSet.cell = cell->cellName;
+ afs_pd_xdrStart(aout, &xdrs, XDR_ENCODE);
+ if (!xdr_ktc_setTokenData(&xdrs, &tokenSet)) {
+ code = E2BIG;
+ goto out;
+ }
+ afs_pd_xdrEnd(aout, &xdrs);
+
+out:
+ tokenSet.cell = NULL;
+
+ if (tu)
+ afs_PutUser(tu, READ_LOCK);
+ if (cell)
+ afs_PutCell(cell, READ_LOCK);
+ xdr_free((xdrproc_t)xdr_ktc_setTokenData, &tokenSet);
+
+ return code;
+};
+
DECL_PIOCTL(PNFSNukeCreds)
{
afs_uint32 addr;
git://git.openafs.org / openafs.git / blobdiff