git: 2834fd2ad58b - main - kgssapi: remove the debug module
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 09 Jan 2025 04:04:55 UTC
The branch main has been updated by glebius:
URL: https://cgit.FreeBSD.org/src/commit/?id=2834fd2ad58b42c45aa02d0cd21fc1c04b3c278a
commit 2834fd2ad58b42c45aa02d0cd21fc1c04b3c278a
Author: Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2025-01-09 04:00:12 +0000
Commit: Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-01-09 04:00:12 +0000
kgssapi: remove the debug module
Its build was disabled since original bulk check-in in 2008. Today it
fails to compile due to multiple errors. I also tried to build it on
stable/10, and that failed, too. I guess it wasn't buildable since
initial check-in.
---
sys/conf/files | 1 -
sys/conf/options | 1 -
sys/kgssapi/gsstest.c | 1145 -------------------------------------------------
3 files changed, 1147 deletions(-)
diff --git a/sys/conf/files b/sys/conf/files
index 428a2805768c..d358737c5613 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -4038,7 +4038,6 @@ kgssapi/krb5/krb5_mech.c optional kgssapi
kgssapi/krb5/kcrypto.c optional kgssapi
kgssapi/krb5/kcrypto_aes.c optional kgssapi
kgssapi/kgss_if.m optional kgssapi
-kgssapi/gsstest.c optional kgssapi_debug
# These files in libkern/ are those needed by all architectures. Some
# of the files in libkern/ are only needed on some architectures, e.g.,
# libkern/divdi3.c is needed by i386 but not alpha. Also, some of these
diff --git a/sys/conf/options b/sys/conf/options
index 438d0e81889c..c467dc9995c2 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -290,7 +290,6 @@ TARFS_DEBUG opt_tarfs.h
# In-kernel GSS-API
KGSSAPI opt_kgssapi.h
-KGSSAPI_DEBUG opt_kgssapi.h
# These static filesystems have one slightly bogus static dependency in
# sys/i386/i386/autoconf.c. If any of these filesystems are
diff --git a/sys/kgssapi/gsstest.c b/sys/kgssapi/gsstest.c
deleted file mode 100644
index e47b25042d1c..000000000000
--- a/sys/kgssapi/gsstest.c
+++ /dev/null
@@ -1,1145 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause
- *
- * Copyright (c) 2008 Isilon Inc http://www.isilon.com/
- * Authors: Doug Rabson <dfr@rabson.org>
- * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-#include <sys/ctype.h>
-#include <sys/param.h>
-#include <sys/kernel.h>
-#include <sys/kobj.h>
-#include <sys/malloc.h>
-#include <sys/module.h>
-#include <sys/proc.h>
-#include <sys/socketvar.h>
-#include <sys/sysent.h>
-#include <sys/sysproto.h>
-
-#include <kgssapi/gssapi.h>
-#include <kgssapi/gssapi_impl.h>
-#include <rpc/rpc.h>
-#include <rpc/rpc_com.h>
-#include <rpc/rpcb_prot.h>
-#include <rpc/rpcsec_gss.h>
-
-static void
-report_error(gss_OID mech, OM_uint32 maj, OM_uint32 min)
-{
- OM_uint32 maj_stat, min_stat;
- OM_uint32 message_context;
- gss_buffer_desc buf;
-
- uprintf("major_stat=%d, minor_stat=%d\n", maj, min);
- message_context = 0;
- do {
- maj_stat = gss_display_status(&min_stat, maj,
- GSS_C_GSS_CODE, GSS_C_NO_OID, &message_context, &buf);
- if (GSS_ERROR(maj_stat))
- break;
- uprintf("%.*s\n", (int)buf.length, (char *) buf.value);
- gss_release_buffer(&min_stat, &buf);
- } while (message_context);
- if (mech && min) {
- message_context = 0;
- do {
- maj_stat = gss_display_status(&min_stat, min,
- GSS_C_MECH_CODE, mech, &message_context, &buf);
- if (GSS_ERROR(maj_stat))
- break;
- uprintf("%.*s\n", (int)buf.length, (char *) buf.value);
- gss_release_buffer(&min_stat, &buf);
- } while (message_context);
- }
-}
-
-#if 0
-static void
-send_token_to_peer(const gss_buffer_t token)
-{
- const uint8_t *p;
- size_t i;
-
- printf("send token:\n");
- printf("%d ", (int) token->length);
- p = (const uint8_t *) token->value;
- for (i = 0; i < token->length; i++)
- printf("%02x", *p++);
- printf("\n");
-}
-
-static void
-receive_token_from_peer(gss_buffer_t token)
-{
- char line[8192];
- char *p;
- uint8_t *q;
- int len, val;
-
- printf("receive token:\n");
- fgets(line, sizeof(line), stdin);
- if (line[strlen(line) - 1] != '\n') {
- printf("token truncated\n");
- exit(1);
- }
- p = line;
- if (sscanf(line, "%d ", &len) != 1) {
- printf("bad token\n");
- exit(1);
- }
- p = strchr(p, ' ') + 1;
- token->length = len;
- token->value = malloc(len);
- q = (uint8_t *) token->value;
- while (len) {
- if (sscanf(p, "%02x", &val) != 1) {
- printf("bad token\n");
- exit(1);
- }
- *q++ = val;
- p += 2;
- len--;
- }
-}
-#endif
-
-#if 0
-void
-server(int argc, char** argv)
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc input_token, output_token;
- gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
- gss_name_t client_name;
- gss_OID mech_type;
-
- if (argc != 1)
- usage();
-
- do {
- receive_token_from_peer(&input_token);
- maj_stat = gss_accept_sec_context(&min_stat,
- &context_hdl,
- GSS_C_NO_CREDENTIAL,
- &input_token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &client_name,
- &mech_type,
- &output_token,
- NULL,
- NULL,
- NULL);
- if (GSS_ERROR(maj_stat)) {
- report_error(mech_type, maj_stat, min_stat);
- }
- if (output_token.length != 0) {
- send_token_to_peer(&output_token);
- gss_release_buffer(&min_stat, &output_token);
- }
- if (GSS_ERROR(maj_stat)) {
- if (context_hdl != GSS_C_NO_CONTEXT)
- gss_delete_sec_context(&min_stat,
- &context_hdl,
- GSS_C_NO_BUFFER);
- break;
- }
- } while (maj_stat & GSS_S_CONTINUE_NEEDED);
-
- if (client_name) {
- gss_buffer_desc name_desc;
- char buf[512];
-
- gss_display_name(&min_stat, client_name, &name_desc, NULL);
- memcpy(buf, name_desc.value, name_desc.length);
- buf[name_desc.length] = 0;
- gss_release_buffer(&min_stat, &name_desc);
- printf("client name is %s\n", buf);
- }
-
- receive_token_from_peer(&input_token);
- gss_unwrap(&min_stat, context_hdl, &input_token, &output_token,
- NULL, NULL);
- printf("%.*s\n", (int)output_token.length, (char *) output_token.value);
- gss_release_buffer(&min_stat, &output_token);
-}
-#endif
-
-/* 1.2.752.43.13.14 */
-static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
-{6, (void *) "\x2a\x85\x70\x2b\x0d\x0e"};
-
-gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc;
-#define ETYPE_DES_CBC_CRC 1
-
-/*
- * Create an initiator context and acceptor context in the kernel and
- * use them to exchange signed and sealed messages.
- */
-static int
-gsstest_1(struct thread *td)
-{
- OM_uint32 maj_stat, min_stat;
- OM_uint32 smaj_stat, smin_stat;
- int context_established = 0;
- gss_ctx_id_t client_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t server_context = GSS_C_NO_CONTEXT;
- gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL;
- gss_cred_id_t server_cred = GSS_C_NO_CREDENTIAL;
- gss_name_t name = GSS_C_NO_NAME;
- gss_name_t received_name = GSS_C_NO_NAME;
- gss_buffer_desc name_desc;
- gss_buffer_desc client_token, server_token, message_buf;
- gss_OID mech, actual_mech, mech_type;
- static gss_OID_desc krb5_desc =
- {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
-#if 0
- static gss_OID_desc spnego_desc =
- {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
- static gss_OID_desc ntlm_desc =
- {10, (void *)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"};
-#endif
- char enctype[sizeof(uint32_t)];
-
- mech = GSS_C_NO_OID;
-
- {
- static char sbuf[512];
- memcpy(sbuf, "nfs@", 4);
- getcredhostname(td->td_ucred, sbuf + 4, sizeof(sbuf) - 4);
- name_desc.value = sbuf;
- }
-
- name_desc.length = strlen((const char *) name_desc.value);
- maj_stat = gss_import_name(&min_stat, &name_desc,
- GSS_C_NT_HOSTBASED_SERVICE, &name);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_import_name failed\n");
- report_error(mech, maj_stat, min_stat);
- goto out;
- }
-
- maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME,
- 0, GSS_C_NO_OID_SET, GSS_C_INITIATE, &client_cred,
- NULL, NULL);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_acquire_cred (client) failed\n");
- report_error(mech, maj_stat, min_stat);
- goto out;
- }
-
- enctype[0] = (ETYPE_DES_CBC_CRC >> 24) & 0xff;
- enctype[1] = (ETYPE_DES_CBC_CRC >> 16) & 0xff;
- enctype[2] = (ETYPE_DES_CBC_CRC >> 8) & 0xff;
- enctype[3] = ETYPE_DES_CBC_CRC & 0xff;
- message_buf.length = sizeof(enctype);
- message_buf.value = enctype;
- maj_stat = gss_set_cred_option(&min_stat, &client_cred,
- GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X, &message_buf);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_set_cred_option failed\n");
- report_error(mech, maj_stat, min_stat);
- goto out;
- }
-
- server_token.length = 0;
- server_token.value = NULL;
- while (!context_established) {
- client_token.length = 0;
- client_token.value = NULL;
- maj_stat = gss_init_sec_context(&min_stat,
- client_cred,
- &client_context,
- name,
- mech,
- GSS_C_MUTUAL_FLAG|GSS_C_CONF_FLAG|GSS_C_INTEG_FLAG,
- 0,
- GSS_C_NO_CHANNEL_BINDINGS,
- &server_token,
- &actual_mech,
- &client_token,
- NULL,
- NULL);
- if (server_token.length)
- gss_release_buffer(&smin_stat, &server_token);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_init_sec_context failed\n");
- report_error(mech, maj_stat, min_stat);
- goto out;
- }
-
- if (client_token.length != 0) {
- if (!server_cred) {
- gss_OID_set_desc oid_set;
- oid_set.count = 1;
- oid_set.elements = &krb5_desc;
- smaj_stat = gss_acquire_cred(&smin_stat,
- name, 0, &oid_set, GSS_C_ACCEPT, &server_cred,
- NULL, NULL);
- if (GSS_ERROR(smaj_stat)) {
- printf("gss_acquire_cred (server) failed\n");
- report_error(mech_type, smaj_stat, smin_stat);
- goto out;
- }
- }
- smaj_stat = gss_accept_sec_context(&smin_stat,
- &server_context,
- server_cred,
- &client_token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &received_name,
- &mech_type,
- &server_token,
- NULL,
- NULL,
- NULL);
- if (GSS_ERROR(smaj_stat)) {
- printf("gss_accept_sec_context failed\n");
- report_error(mech_type, smaj_stat, smin_stat);
- goto out;
- }
- gss_release_buffer(&min_stat, &client_token);
- }
- if (GSS_ERROR(maj_stat)) {
- if (client_context != GSS_C_NO_CONTEXT)
- gss_delete_sec_context(&min_stat,
- &client_context,
- GSS_C_NO_BUFFER);
- break;
- }
-
- if (maj_stat == GSS_S_COMPLETE) {
- context_established = 1;
- }
- }
-
- message_buf.length = strlen("Hello world");
- message_buf.value = (void *) "Hello world";
-
- maj_stat = gss_get_mic(&min_stat, client_context,
- GSS_C_QOP_DEFAULT, &message_buf, &client_token);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_get_mic failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
- maj_stat = gss_verify_mic(&min_stat, server_context,
- &message_buf, &client_token, NULL);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_verify_mic failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
- gss_release_buffer(&min_stat, &client_token);
-
- maj_stat = gss_wrap(&min_stat, client_context,
- TRUE, GSS_C_QOP_DEFAULT, &message_buf, NULL, &client_token);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_wrap failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
- maj_stat = gss_unwrap(&min_stat, server_context,
- &client_token, &server_token, NULL, NULL);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_unwrap failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
-
- if (message_buf.length != server_token.length
- || memcmp(message_buf.value, server_token.value,
- message_buf.length))
- printf("unwrap result corrupt\n");
-
- gss_release_buffer(&min_stat, &client_token);
- gss_release_buffer(&min_stat, &server_token);
-
-out:
- if (client_context)
- gss_delete_sec_context(&min_stat, &client_context,
- GSS_C_NO_BUFFER);
- if (server_context)
- gss_delete_sec_context(&min_stat, &server_context,
- GSS_C_NO_BUFFER);
- if (client_cred)
- gss_release_cred(&min_stat, &client_cred);
- if (server_cred)
- gss_release_cred(&min_stat, &server_cred);
- if (name)
- gss_release_name(&min_stat, &name);
- if (received_name)
- gss_release_name(&min_stat, &received_name);
-
- return (0);
-}
-
-/*
- * Interoperability with userland. This takes several steps:
- *
- * 1. Accept an initiator token from userland, return acceptor
- * token. Repeat this step until both userland and kernel return
- * GSS_S_COMPLETE.
- *
- * 2. Receive a signed message from userland and verify the
- * signature. Return a signed reply to userland for it to verify.
- *
- * 3. Receive a wrapped message from userland and unwrap it. Return a
- * wrapped reply to userland.
- */
-static int
-gsstest_2(struct thread *td, int step, const gss_buffer_t input_token,
- OM_uint32 *maj_stat_res, OM_uint32 *min_stat_res, gss_buffer_t output_token)
-{
- OM_uint32 maj_stat, min_stat;
- static int context_established = 0;
- static gss_ctx_id_t server_context = GSS_C_NO_CONTEXT;
- static gss_cred_id_t server_cred = GSS_C_NO_CREDENTIAL;
- static gss_name_t name = GSS_C_NO_NAME;
- gss_buffer_desc name_desc;
- gss_buffer_desc message_buf;
- gss_OID mech_type = GSS_C_NO_OID;
- char enctype[sizeof(uint32_t)];
- int error = EINVAL;
-
- maj_stat = GSS_S_FAILURE;
- min_stat = 0;
- switch (step) {
- case 1:
- if (server_context == GSS_C_NO_CONTEXT) {
- static char sbuf[512];
- memcpy(sbuf, "nfs@", 4);
- getcredhostname(td->td_ucred, sbuf + 4,
- sizeof(sbuf) - 4);
- name_desc.value = sbuf;
- name_desc.length = strlen((const char *)
- name_desc.value);
- maj_stat = gss_import_name(&min_stat, &name_desc,
- GSS_C_NT_HOSTBASED_SERVICE, &name);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_import_name failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
-
- maj_stat = gss_acquire_cred(&min_stat,
- name, 0, GSS_C_NO_OID_SET, GSS_C_ACCEPT,
- &server_cred, NULL, NULL);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_acquire_cred (server) failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
-
- enctype[0] = (ETYPE_DES_CBC_CRC >> 24) & 0xff;
- enctype[1] = (ETYPE_DES_CBC_CRC >> 16) & 0xff;
- enctype[2] = (ETYPE_DES_CBC_CRC >> 8) & 0xff;
- enctype[3] = ETYPE_DES_CBC_CRC & 0xff;
- message_buf.length = sizeof(enctype);
- message_buf.value = enctype;
- maj_stat = gss_set_cred_option(&min_stat, &server_cred,
- GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X, &message_buf);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_set_cred_option failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
- }
-
- maj_stat = gss_accept_sec_context(&min_stat,
- &server_context,
- server_cred,
- input_token,
- GSS_C_NO_CHANNEL_BINDINGS,
- NULL,
- &mech_type,
- output_token,
- NULL,
- NULL,
- NULL);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_accept_sec_context failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
-
- if (maj_stat == GSS_S_COMPLETE) {
- context_established = 1;
- }
- *maj_stat_res = maj_stat;
- *min_stat_res = min_stat;
- break;
-
- case 2:
- message_buf.length = strlen("Hello world");
- message_buf.value = (void *) "Hello world";
-
- maj_stat = gss_verify_mic(&min_stat, server_context,
- &message_buf, input_token, NULL);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_verify_mic failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
-
- maj_stat = gss_get_mic(&min_stat, server_context,
- GSS_C_QOP_DEFAULT, &message_buf, output_token);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_get_mic failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
- break;
-
- case 3:
- maj_stat = gss_unwrap(&min_stat, server_context,
- input_token, &message_buf, NULL, NULL);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_unwrap failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
- gss_release_buffer(&min_stat, &message_buf);
-
- message_buf.length = strlen("Hello world");
- message_buf.value = (void *) "Hello world";
- maj_stat = gss_wrap(&min_stat, server_context,
- TRUE, GSS_C_QOP_DEFAULT, &message_buf, NULL, output_token);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_wrap failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
- break;
-
- case 4:
- maj_stat = gss_unwrap(&min_stat, server_context,
- input_token, &message_buf, NULL, NULL);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_unwrap failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
- gss_release_buffer(&min_stat, &message_buf);
-
- message_buf.length = strlen("Hello world");
- message_buf.value = (void *) "Hello world";
- maj_stat = gss_wrap(&min_stat, server_context,
- FALSE, GSS_C_QOP_DEFAULT, &message_buf, NULL, output_token);
- if (GSS_ERROR(maj_stat)) {
- printf("gss_wrap failed\n");
- report_error(mech_type, maj_stat, min_stat);
- goto out;
- }
- break;
-
- case 5:
- error = 0;
- goto out;
- }
- *maj_stat_res = maj_stat;
- *min_stat_res = min_stat;
- return (0);
-
-out:
- *maj_stat_res = maj_stat;
- *min_stat_res = min_stat;
- if (server_context)
- gss_delete_sec_context(&min_stat, &server_context,
- GSS_C_NO_BUFFER);
- if (server_cred)
- gss_release_cred(&min_stat, &server_cred);
- if (name)
- gss_release_name(&min_stat, &name);
-
- return (error);
-}
-
-/*
- * Create an RPC client handle for the given (address,prog,vers)
- * triple using UDP.
- */
-static CLIENT *
-gsstest_get_rpc(struct sockaddr *sa, rpcprog_t prog, rpcvers_t vers)
-{
- struct thread *td = curthread;
- const char* protofmly;
- struct sockaddr_storage ss;
- struct socket *so;
- CLIENT *rpcb;
- struct timeval timo;
- RPCB parms;
- char *uaddr;
- enum clnt_stat stat = RPC_SUCCESS;
- int rpcvers = RPCBVERS4;
- bool_t do_tcp = FALSE;
- struct portmap mapping;
- u_short port = 0;
-
- /*
- * First we need to contact the remote RPCBIND service to find
- * the right port.
- */
- memcpy(&ss, sa, sa->sa_len);
- switch (ss.ss_family) {
- case AF_INET:
- ((struct sockaddr_in *)&ss)->sin_port = htons(111);
- protofmly = "inet";
- socreate(AF_INET, &so, SOCK_DGRAM, 0, td->td_ucred, td);
- break;
-
-#ifdef INET6
- case AF_INET6:
- ((struct sockaddr_in6 *)&ss)->sin6_port = htons(111);
- protofmly = "inet6";
- socreate(AF_INET6, &so, SOCK_DGRAM, 0, td->td_ucred, td);
- break;
-#endif
-
- default:
- /*
- * Unsupported address family - fail.
- */
- return (NULL);
- }
-
- rpcb = clnt_dg_create(so, (struct sockaddr *)&ss,
- RPCBPROG, rpcvers, 0, 0);
- if (!rpcb)
- return (NULL);
-
-try_tcp:
- parms.r_prog = prog;
- parms.r_vers = vers;
- if (do_tcp)
- parms.r_netid = "tcp";
- else
- parms.r_netid = "udp";
- parms.r_addr = "";
- parms.r_owner = "";
-
- /*
- * Use the default timeout.
- */
- timo.tv_sec = 25;
- timo.tv_usec = 0;
-again:
- switch (rpcvers) {
- case RPCBVERS4:
- case RPCBVERS:
- /*
- * Try RPCBIND 4 then 3.
- */
- uaddr = NULL;
- stat = CLNT_CALL(rpcb, (rpcprog_t) RPCBPROC_GETADDR,
- (xdrproc_t) xdr_rpcb, &parms,
- (xdrproc_t) xdr_wrapstring, &uaddr, timo);
- if (stat == RPC_PROGVERSMISMATCH) {
- if (rpcvers == RPCBVERS4)
- rpcvers = RPCBVERS;
- else if (rpcvers == RPCBVERS)
- rpcvers = PMAPVERS;
- CLNT_CONTROL(rpcb, CLSET_VERS, &rpcvers);
- goto again;
- } else if (stat == RPC_SUCCESS) {
- /*
- * We have a reply from the remote RPCBIND - turn it
- * into an appropriate address and make a new client
- * that can talk to the remote service.
- *
- * XXX fixup IPv6 scope ID.
- */
- struct netbuf *a;
- a = __rpc_uaddr2taddr_af(ss.ss_family, uaddr);
- xdr_free((xdrproc_t) xdr_wrapstring, &uaddr);
- if (!a) {
- CLNT_DESTROY(rpcb);
- return (NULL);
- }
- memcpy(&ss, a->buf, a->len);
- free(a->buf, M_RPC);
- free(a, M_RPC);
- }
- break;
- case PMAPVERS:
- /*
- * Try portmap.
- */
- mapping.pm_prog = parms.r_prog;
- mapping.pm_vers = parms.r_vers;
- mapping.pm_prot = do_tcp ? IPPROTO_TCP : IPPROTO_UDP;
- mapping.pm_port = 0;
-
- stat = CLNT_CALL(rpcb, (rpcprog_t) PMAPPROC_GETPORT,
- (xdrproc_t) xdr_portmap, &mapping,
- (xdrproc_t) xdr_u_short, &port, timo);
-
- if (stat == RPC_SUCCESS) {
- switch (ss.ss_family) {
- case AF_INET:
- ((struct sockaddr_in *)&ss)->sin_port =
- htons(port);
- break;
-
-#ifdef INET6
- case AF_INET6:
- ((struct sockaddr_in6 *)&ss)->sin6_port =
- htons(port);
- break;
-#endif
- }
- }
- break;
- default:
- panic("invalid rpcvers %d", rpcvers);
- }
- /*
- * We may have a positive response from the portmapper, but
- * the requested service was not found. Make sure we received
- * a valid port.
- */
- switch (ss.ss_family) {
- case AF_INET:
- port = ((struct sockaddr_in *)&ss)->sin_port;
- break;
-#ifdef INET6
- case AF_INET6:
- port = ((struct sockaddr_in6 *)&ss)->sin6_port;
- break;
-#endif
- }
- if (stat != RPC_SUCCESS || !port) {
- /*
- * If we were able to talk to rpcbind or portmap, but the udp
- * variant wasn't available, ask about tcp.
- *
- * XXX - We could also check for a TCP portmapper, but
- * if the host is running a portmapper at all, we should be able
- * to hail it over UDP.
- */
- if (stat == RPC_SUCCESS && !do_tcp) {
- do_tcp = TRUE;
- goto try_tcp;
- }
-
- /* Otherwise, bad news. */
- printf("gsstest_get_rpc: failed to contact remote rpcbind, "
- "stat = %d, port = %d\n",
- (int) stat, port);
- CLNT_DESTROY(rpcb);
- return (NULL);
- }
-
- if (do_tcp) {
- /*
- * Destroy the UDP client we used to speak to rpcbind and
- * recreate as a TCP client.
- */
- struct netconfig *nconf = NULL;
-
- CLNT_DESTROY(rpcb);
-
- switch (ss.ss_family) {
- case AF_INET:
- nconf = getnetconfigent("tcp");
- break;
-#ifdef INET6
- case AF_INET6:
- nconf = getnetconfigent("tcp6");
- break;
-#endif
- }
-
- rpcb = clnt_reconnect_create(nconf, (struct sockaddr *)&ss,
- prog, vers, 0, 0);
- } else {
- /*
- * Re-use the client we used to speak to rpcbind.
- */
- CLNT_CONTROL(rpcb, CLSET_SVC_ADDR, &ss);
- CLNT_CONTROL(rpcb, CLSET_PROG, &prog);
- CLNT_CONTROL(rpcb, CLSET_VERS, &vers);
- }
-
- return (rpcb);
-}
-
-/*
- * RPCSEC_GSS client
- */
-static int
-gsstest_3(struct thread *td)
-{
- struct sockaddr_in sin;
- char service[128];
- CLIENT *client;
- AUTH *auth;
- rpc_gss_options_ret_t options_ret;
- enum clnt_stat stat;
- struct timeval tv;
- rpc_gss_service_t svc;
- int i;
-
- sin.sin_len = sizeof(sin);
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- sin.sin_port = 0;
-
- client = gsstest_get_rpc((struct sockaddr *) &sin, 123456, 1);
- if (!client) {
- uprintf("Can't connect to service\n");
- return(1);
- }
-
- memcpy(service, "host@", 5);
- getcredhostname(td->td_ucred, service + 5, sizeof(service) - 5);
-
- auth = rpc_gss_seccreate(client, curthread->td_ucred,
- service, "kerberosv5", rpc_gss_svc_privacy,
- NULL, NULL, &options_ret);
- if (!auth) {
- gss_OID oid;
- uprintf("Can't authorize to service (mech=%s)\n",
- options_ret.actual_mechanism);
- oid = GSS_C_NO_OID;
- rpc_gss_mech_to_oid(options_ret.actual_mechanism, &oid);
- report_error(oid, options_ret.major_status,
- options_ret.minor_status);
- CLNT_DESTROY(client);
- return (1);
- }
-
- for (svc = rpc_gss_svc_none; svc <= rpc_gss_svc_privacy; svc++) {
- const char *svc_names[] = {
- "rpc_gss_svc_default",
- "rpc_gss_svc_none",
- "rpc_gss_svc_integrity",
- "rpc_gss_svc_privacy"
- };
- int num;
-
- rpc_gss_set_defaults(auth, svc, NULL);
-
- client->cl_auth = auth;
- tv.tv_sec = 5;
- tv.tv_usec = 0;
- for (i = 42; i < 142; i++) {
- num = i;
- stat = CLNT_CALL(client, 1,
- (xdrproc_t) xdr_int, (char *) &num,
- (xdrproc_t) xdr_int, (char *) &num, tv);
- if (stat == RPC_SUCCESS) {
- if (num != i + 100)
- uprintf("unexpected reply %d\n", num);
- } else {
- uprintf("call failed, stat=%d\n", (int) stat);
- break;
- }
- }
- if (i == 142)
- uprintf("call succeeded with %s\n", svc_names[svc]);
- }
-
- AUTH_DESTROY(auth);
- CLNT_RELEASE(client);
-
- return (0);
-}
-
-/*
- * RPCSEC_GSS server
- */
-static rpc_gss_principal_t server_acl = NULL;
-static bool_t server_new_context(struct svc_req *req, gss_cred_id_t deleg,
- gss_ctx_id_t gss_context, rpc_gss_lock_t *lock, void **cookie);
-static void server_program_1(struct svc_req *rqstp, register SVCXPRT *transp);
-
-static int
-gsstest_4(struct thread *td)
-{
- SVCPOOL *pool;
- char principal[128 + 5];
- const char **mechs;
- static rpc_gss_callback_t cb;
-
- memcpy(principal, "host@", 5);
- getcredhostname(td->td_ucred, principal + 5, sizeof(principal) - 5);
-
- mechs = rpc_gss_get_mechanisms();
- while (*mechs) {
- if (!rpc_gss_set_svc_name(principal, *mechs, GSS_C_INDEFINITE,
- 123456, 1)) {
- rpc_gss_error_t e;
-
- rpc_gss_get_error(&e);
- printf("setting name for %s for %s failed: %d, %d\n",
- principal, *mechs,
- e.rpc_gss_error, e.system_error);
- }
- mechs++;
- }
-
- cb.program = 123456;
- cb.version = 1;
- cb.callback = server_new_context;
- rpc_gss_set_callback(&cb);
-
- pool = svcpool_create("gsstest", NULL);
-
- svc_create(pool, server_program_1, 123456, 1, NULL);
- svc_run(pool);
-
- rpc_gss_clear_svc_name(123456, 1);
- rpc_gss_clear_callback(&cb);
-
- svcpool_destroy(pool);
-
- return (0);
-}
-
-static void
-server_program_1(struct svc_req *rqstp, register SVCXPRT *transp)
-{
- rpc_gss_rawcred_t *rcred;
- rpc_gss_ucred_t *ucred;
- int i, num;
-
- if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS) {
- svcerr_weakauth(rqstp);
- return;
- }
-
- if (!rpc_gss_getcred(rqstp, &rcred, &ucred, NULL)) {
- svcerr_systemerr(rqstp);
*** 210 LINES SKIPPED ***