summaryrefslogtreecommitdiff
path: root/sunrpc/key_call.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1998-07-28 16:26:04 +0000
committerUlrich Drepper <drepper@redhat.com>1998-07-28 16:26:04 +0000
commite852e889444a8bf27f3e5075d064e9922b38e7e2 (patch)
tree75d2d4b1010a26d723daefef7909d1a6355929bc /sunrpc/key_call.c
parentc9243dacea19b7dcf36bb69ca83877d3ea905831 (diff)
downloadglibc-e852e889444a8bf27f3e5075d064e9922b38e7e2.tar.gz
Update.
1998-07-28 Ulrich Drepper <drepper@cygnus.com> * math/libm-test.c (tgamma_test): Remove redundant tests. 1998-07-28 16:20 Ulrich Drepper <drepper@cygnus.com> * sysdeps/generic/glob.c: Correct problems with */foo and GLOB_NOCHECK where foo does not exist in any of the subdirectories. Reported by Paul D. Smith <psmith@BayNetworks.COM>. * posix/globtest.sh: Add test for this bug. 1998-07-28 Mark Kettenis <kettenis@phys.uva.nl> * io/sys/statfs.h: Fix typos. * io/sys/statvfs.h: Fix typos. 1998-07-28 Ulrich Drepper <drepper@cygnus.com> * version.h (VERSION): Bump to 2.0.95. * math/Makefile (libm-calls): Remove w_gamma, add w_tgamma. * math/Versions [GLIBC_2.1]: Add tgamma, tgammaf, and tgammal. * math/libm-test.c: Split old gamma_test and move half of it in new function tgamma_test. * math/bits/mathcalls.h: Add declaration of tgamma. * sysdeps/libm-ieee754/k_standard.c: Change gamma errors into tgamma errors. * sysdeps/libm-ieee754/w_gamma.c: Remove lgamma compatibility code and rename to ... * sysdeps/libm-ieee754/w_tgamma.c: ... this. New file. * sysdeps/libm-ieee754/w_gammaf.c: Remove lgammaf compatibility code and rename to ... * sysdeps/libm-ieee754/w_tgammaf.c: ... this. New file. * sysdeps/libm-ieee754/w_gammal.c: Remove lgammal compatibility code and rename to ... * sysdeps/libm-ieee754/w_tgammal.c: ... this. New file. * sysdeps/libm-ieee754/w_lgamma.c: Add gamma as weak alias. * sysdeps/libm-ieee754/w_lgammaf.c: Likewise. * sysdeps/libm-ieee754/w_lgammal.c: Likewise. * stgdio-common/printf-parse.h: Implement handling of j, t, and z modifiers. * stdio-common/vfprintf.c: Likewise. * stdio-common/vfscanf.c: Likewise. * manual/stdio.texi: Document new printf/scanf modifiers. * sysdeps/unix/sysv/linux/recvmsg.c: Remove alias __recvmsg. * sysdeps/unix/sysv/linux/sendmsg.c: Remove alias __sendmsg. 1998-07-28 Thorsten Kukuk <kukuk@vt.uni-paderborn.de> * sunrpc/Makefile (routines): Add clnt_unix and svc_unix. * sunrpc/Versions: Add new *unix_create functions. * sunrpc/clnt_gen.c: Add support for RPC over AF_UNIX. * sunrpc/clnt_unix.c: New, client side of RPC over AF_UNIX. * sunrpc/key_call.c: Use RPC over AF_UNIX for communication with keyserv daemon. * sunrpc/rpc/clnt.h: Add AF_UNIX based RPC function prototypes. * sunrpc/rpc/svc.h: Likewise. * sunrpc/svc_authux.c: Copy internal auth flavor if none is given. * sunrpc/svc_tcp.c: Fix typos. * sunrpc/svc_unix.c: New, server side of AF_UNIX based RPC. * nis/Makefile: Remove currently not working cache functions. * nis/Versions: Add __nisbind_* functions for rpc.nisd. * nis/nis_call.c: Rewrite binding to a NIS+ server to reuse CLIENT handles. * nis/nis_file.c: Fix memory leaks. * nis/nis_intern.h: Move internal structs from here ... * nis/rpcsvc/nislib.h: ... to here for NIS+ server and tools. * nis/nis_lookup.c: Try at first if last client handle works. * nis/nis_table.c: Likewise. * nis/nis_checkpoint.c: Adjust __do_niscall2 parameters. * nis/nis_mkdir.c: Likewise. * nis/nis_ping.c: Likewise. * nis/nis_rmdir.c: Likewise. * nis/nis_server.c: Likewise. * nis/nis_util.c: Likewise. * nis/nis_findserv.c (__nis_findfastest): Little optimization. 1998-07-28 Andreas Jaeger <aj@arthur.rhein-neckar.de> * stdlib/strtol.c (STRTOL_LONG_MAX): Correct typo in last patch - define as LONG_MAX. 1998-07-28 09:31 Ulrich Drepper <drepper@cygnus.com> * nscd/connections.c (gr_send_answer): Deal with missing UIO_MAXIOV. Correct test whether writev send all data. * nscd/nscd_getgr_r.c (__nscd_getgr_r): Correct test whether readv received all data. 1998-07-28 Mark Kettenis <kettenis@phys.uva.nl> * nscd/nscd_getgr_r.c (__nscd_getgr_r): Deal with missing UIO_MAXIOV. 1998-07-28 Mark Kettenis <kettenis@phys.uva.nl> * sysdeps/mach/hurd/dl-sysdep.c (open_file): Change assert call to allow mode to be 0. (__xstat): New function. (__fxstat): New function. (_dl_sysdep_read_whole_file): Removed. The implementation in `elf/dl-misc.c' now also works for the Hurd.
Diffstat (limited to 'sunrpc/key_call.c')
-rw-r--r--sunrpc/key_call.c200
1 files changed, 176 insertions, 24 deletions
diff --git a/sunrpc/key_call.c b/sunrpc/key_call.c
index e59a8b7a37..0219eaf5ad 100644
--- a/sunrpc/key_call.c
+++ b/sunrpc/key_call.c
@@ -38,6 +38,7 @@
#include <stdio.h>
#include <errno.h>
+#include <fcntl.h>
#include <signal.h>
#include <unistd.h>
#include <string.h>
@@ -47,6 +48,7 @@
#include <sys/param.h>
#include <sys/socket.h>
#include <rpc/key_prot.h>
+#include <bits/libc-lock.h>
#define KEY_TIMEOUT 5 /* per-try timeout in seconds */
#define KEY_NRETRY 12 /* number of retries */
@@ -268,8 +270,8 @@ des_block *(*__key_gendes_LOCAL) (uid_t, char *) = 0;
static int
internal_function
-key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
- xdrproc_t xdr_rslt, char *rslt)
+key_call_keyenvoy (u_long proc, xdrproc_t xdr_arg, char *arg,
+ xdrproc_t xdr_rslt, char *rslt)
{
XDR xdrargs;
XDR xdrrslt;
@@ -283,28 +285,6 @@ key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
uid_t euid;
static char MESSENGER[] = "/usr/etc/keyenvoy";
- if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
- {
- cryptkeyres *res;
- res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
- *(cryptkeyres *) rslt = *res;
- return 1;
- }
- else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
- {
- cryptkeyres *res;
- res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
- *(cryptkeyres *) rslt = *res;
- return 1;
- }
- else if (proc == KEY_GEN && __key_gendes_LOCAL)
- {
- des_block *res;
- res = (*__key_gendes_LOCAL) (__geteuid (), 0);
- *(des_block *) rslt = *res;
- return 1;
- }
-
success = 1;
sigemptyset (&mask);
sigaddset (&mask, SIGCHLD);
@@ -365,3 +345,175 @@ key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
return success;
}
+
+struct key_call_private {
+ CLIENT *client; /* Client handle */
+ pid_t pid; /* process-id at moment of creation */
+ uid_t uid; /* user-id at last authorization */
+};
+static struct key_call_private *key_call_private_main = NULL;
+__libc_lock_define_initialized (static, keycall_lock)
+
+/*
+ * Keep the handle cached. This call may be made quite often.
+ */
+static CLIENT *
+getkeyserv_handle (int vers)
+{
+ struct key_call_private *kcp = key_call_private_main;
+ struct timeval wait_time;
+ int fd;
+ struct sockaddr_un name;
+ int namelen = sizeof(struct sockaddr_un);
+
+#define TOTAL_TIMEOUT 30 /* total timeout talking to keyserver */
+#define TOTAL_TRIES 5 /* Number of tries */
+
+ if (kcp == (struct key_call_private *)NULL)
+ {
+ kcp = (struct key_call_private *)malloc (sizeof (*kcp));
+ if (kcp == (struct key_call_private *)NULL)
+ return (CLIENT *) NULL;
+
+ key_call_private_main = kcp;
+ kcp->client = NULL;
+ }
+
+ /* if pid has changed, destroy client and rebuild */
+ if (kcp->client != NULL && kcp->pid != __getpid ())
+ {
+ clnt_destroy (kcp->client);
+ kcp->client = NULL;
+ }
+
+ if (kcp->client != NULL)
+ {
+ /* if other side closed socket, build handle again */
+ clnt_control (kcp->client, CLGET_FD, (char *)&fd);
+ if (getpeername (fd,(struct sockaddr *)&name,&namelen) == -1)
+ {
+ auth_destroy (kcp->client->cl_auth);
+ clnt_destroy (kcp->client);
+ kcp->client = NULL;
+ }
+ }
+
+ if (kcp->client != NULL)
+ {
+ /* if uid has changed, build client handle again */
+ if (kcp->uid != __geteuid ())
+ {
+ kcp->uid = __geteuid ();
+ auth_destroy (kcp->client->cl_auth);
+ kcp->client->cl_auth =
+ authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
+ if (kcp->client->cl_auth == NULL)
+ {
+ clnt_destroy (kcp->client);
+ kcp->client = NULL;
+ return ((CLIENT *) NULL);
+ }
+ }
+ /* Change the version number to the new one */
+ clnt_control (kcp->client, CLSET_VERS, (void *)&vers);
+ return kcp->client;
+ }
+
+ if ((kcp->client == (CLIENT *) NULL))
+ /* Use the AF_UNIX transport */
+ kcp->client = clnt_create ("/var/run/keyservsock", KEY_PROG, vers, "unix");
+
+ if (kcp->client == (CLIENT *) NULL)
+ return (CLIENT *) NULL;
+
+ kcp->uid = __geteuid ();
+ kcp->pid = __getpid ();
+ kcp->client->cl_auth = authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
+ if (kcp->client->cl_auth == NULL)
+ {
+ clnt_destroy (kcp->client);
+ kcp->client = NULL;
+ return (CLIENT *) NULL;
+ }
+
+ wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
+ wait_time.tv_usec = 0;
+ clnt_control (kcp->client, CLSET_RETRY_TIMEOUT,
+ (char *)&wait_time);
+ if (clnt_control (kcp->client, CLGET_FD, (char *)&fd))
+ fcntl (fd, F_SETFD, 1); /* make it "close on exec" */
+
+ return kcp->client;
+}
+
+/* returns 0 on failure, 1 on success */
+static int
+internal_function
+key_call_socket (u_long proc, xdrproc_t xdr_arg, char *arg,
+ xdrproc_t xdr_rslt, char *rslt)
+{
+ CLIENT *clnt;
+ struct timeval wait_time;
+ int result = 0;
+
+ __libc_lock_lock (keycall_lock);
+ if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
+ (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
+ (proc == KEY_GET_CONV))
+ clnt = getkeyserv_handle(2); /* talk to version 2 */
+ else
+ clnt = getkeyserv_handle(1); /* talk to version 1 */
+
+ if (clnt != NULL)
+ {
+ wait_time.tv_sec = TOTAL_TIMEOUT;
+ wait_time.tv_usec = 0;
+
+ if (clnt_call (clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
+ wait_time) == RPC_SUCCESS)
+ result = 1;
+ }
+
+ __libc_lock_unlock (keycall_lock);
+
+ return result;
+}
+
+/* returns 0 on failure, 1 on success */
+static int
+internal_function
+key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
+ xdrproc_t xdr_rslt, char *rslt)
+{
+ static int use_keyenvoy = 0;
+
+ if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
+ {
+ cryptkeyres *res;
+ res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
+ *(cryptkeyres *) rslt = *res;
+ return 1;
+ }
+ else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
+ {
+ cryptkeyres *res;
+ res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
+ *(cryptkeyres *) rslt = *res;
+ return 1;
+ }
+ else if (proc == KEY_GEN && __key_gendes_LOCAL)
+ {
+ des_block *res;
+ res = (*__key_gendes_LOCAL) (__geteuid (), 0);
+ *(des_block *) rslt = *res;
+ return 1;
+ }
+
+ if (!use_keyenvoy)
+ {
+ if (key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt))
+ return 1;
+ use_keyenvoy = 1;
+ }
+ return key_call_keyenvoy (proc, xdr_arg, arg, xdr_rslt, rslt);
+}