Changeset View
Changeset View
Standalone View
Standalone View
sys/rpc/svc_auth.c
Show First 20 Lines • Show All 42 Lines • ▼ Show 20 Lines | |||||
/* | /* | ||||
* svc_auth.c, Server-side rpc authenticator interface. | * svc_auth.c, Server-side rpc authenticator interface. | ||||
* | * | ||||
*/ | */ | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/lock.h> | #include <sys/lock.h> | ||||
#include <sys/mutex.h> | #include <sys/mutex.h> | ||||
#include <sys/proc.h> | |||||
#include <sys/systm.h> | #include <sys/systm.h> | ||||
#include <sys/jail.h> | #include <sys/jail.h> | ||||
#include <sys/ucred.h> | #include <sys/ucred.h> | ||||
#include <rpc/rpc.h> | #include <rpc/rpc.h> | ||||
#include <rpc/rpcsec_tls.h> | #include <rpc/rpcsec_tls.h> | ||||
static enum auth_stat (*_svcauth_rpcsec_gss)(struct svc_req *, | static enum auth_stat (*_svcauth_rpcsec_gss)(struct svc_req *, | ||||
▲ Show 20 Lines • Show All 133 Lines • ▼ Show 20 Lines | svc_getcred(struct svc_req *rqst, struct ucred **crp, int *flavorp) | ||||
*/ | */ | ||||
if ((xprt->xp_tls & (RPCTLS_FLAGS_CERTUSER | | if ((xprt->xp_tls & (RPCTLS_FLAGS_CERTUSER | | ||||
RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER && | RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER && | ||||
flavor == AUTH_UNIX) { | flavor == AUTH_UNIX) { | ||||
cr = crget(); | cr = crget(); | ||||
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xprt->xp_uid; | cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xprt->xp_uid; | ||||
crsetgroups(cr, xprt->xp_ngrps, xprt->xp_gidp); | crsetgroups(cr, xprt->xp_ngrps, xprt->xp_gidp); | ||||
cr->cr_rgid = cr->cr_svgid = xprt->xp_gidp[0]; | cr->cr_rgid = cr->cr_svgid = xprt->xp_gidp[0]; | ||||
if (jailed(curthread->td_ucred)) | |||||
cr->cr_prison = curthread->td_ucred->cr_prison; | |||||
else | |||||
cr->cr_prison = &prison0; | cr->cr_prison = &prison0; | ||||
prison_hold(cr->cr_prison); | prison_hold(cr->cr_prison); | ||||
*crp = cr; | *crp = cr; | ||||
return (TRUE); | return (TRUE); | ||||
} | } | ||||
switch (flavor) { | switch (flavor) { | ||||
case AUTH_UNIX: | case AUTH_UNIX: | ||||
xcr = (struct xucred *) rqst->rq_clntcred; | xcr = (struct xucred *) rqst->rq_clntcred; | ||||
cr = crget(); | cr = crget(); | ||||
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid; | cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid; | ||||
crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups); | crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups); | ||||
cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0]; | cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0]; | ||||
if (jailed(curthread->td_ucred)) | |||||
cr->cr_prison = curthread->td_ucred->cr_prison; | |||||
else | |||||
cr->cr_prison = &prison0; | cr->cr_prison = &prison0; | ||||
prison_hold(cr->cr_prison); | prison_hold(cr->cr_prison); | ||||
*crp = cr; | *crp = cr; | ||||
return (TRUE); | return (TRUE); | ||||
case RPCSEC_GSS: | case RPCSEC_GSS: | ||||
if (!_svcauth_rpcsec_gss_getcred) | if (!_svcauth_rpcsec_gss_getcred) | ||||
return (FALSE); | return (FALSE); | ||||
return (_svcauth_rpcsec_gss_getcred(rqst, crp, flavorp)); | return (_svcauth_rpcsec_gss_getcred(rqst, crp, flavorp)); | ||||
default: | default: | ||||
return (FALSE); | return (FALSE); | ||||
} | } | ||||
} | } | ||||