Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and

associated changes that had to happen to make this possible as well as
bugs fixed along the way.

  Bring in required TLI library routines to support this.

  Since we don't support TLI we've essentially copied what NetBSD
  has done, adding a thin layer to emulate direct the TLI calls
  into BSD socket calls.

  This is mostly from Sun's tirpc release that was made in 1994,
  however some fixes were backported from the 1999 release (supposedly
  only made available after this porting effort was underway).

  The submitter has agreed to continue on and bring us up to the
  1999 release.

  Several key features are introduced with this update:
    Client calls are thread safe. (1999 code has server side thread
    safe)
    Updated, a more modern interface.

  Many userland updates were done to bring the code up to par with
  the recent RPC API.

  There is an update to the pthreads library, a function
  pthread_main_np() was added to emulate a function of Sun's threads
  library.

  While we're at it, bring in NetBSD's lockd, it's been far too
  long of a wait.

  New rpcbind(8) replaces portmap(8) (supporting communication over
  an authenticated Unix-domain socket, and by default only allowing
  set and unset requests over that channel). It's much more secure
  than the old portmapper.

  Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
  to support TI-RPC and to support IPV6.

  Umount(8) is also fixed to unmount pathnames longer than 80 chars,
  which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul

1 files changed, 121 insertions, 97 deletions

diff --git a/lib/libc/rpc/auth_unix.c b/lib/libc/rpc/auth_unix.c
index dced8f2..37d0ce9 100644
--- a/lib/libc/rpc/auth_unix.c
+++ b/lib/libc/rpc/auth_unix.c
@@ -1,3 +1,5 @@
+/*	$NetBSD: auth_unix.c,v 1.18 2000/07/06 03:03:30 christos Exp $	*/
+
 /*
  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
  * unrestricted use provided that this legend is included on all tape
@@ -27,10 +29,11 @@
  * Mountain View, California  94043
  */
 
+#include <sys/cdefs.h>
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro";*/
-/*static char *sccsid = "from: @(#)auth_unix.c	2.2 88/08/01 4.0 RPCSRC";*/
 static char *rcsid = "$FreeBSD$";
+static char *sccsid = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro";
+static char *sccsid = "@(#)auth_unix.c	2.2 88/08/01 4.0 RPCSRC";
 #endif
 
 /*
@@ -45,33 +48,31 @@ static char *rcsid = "$FreeBSD$";
  *
  */
 
+#include "reentrant.h"
+#include "namespace.h"
+#include <sys/param.h>
+
+#include <assert.h>
+#include <err.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
 
-#include <sys/param.h>
 #include <rpc/types.h>
 #include <rpc/xdr.h>
 #include <rpc/auth.h>
 #include <rpc/auth_unix.h>
+#include "un-namespace.h"
 
-/*
- * Unix authenticator operations vector
- */
-static void	authunix_nextverf();
-static bool_t	authunix_marshal();
-static bool_t	authunix_validate();
-static bool_t	authunix_refresh();
-static void	authunix_destroy();
-
-static struct auth_ops auth_unix_ops = {
-	authunix_nextverf,
-	authunix_marshal,
-	authunix_validate,
-	authunix_refresh,
-	authunix_destroy
-};
+/* auth_unix.c */
+static void authunix_nextverf (AUTH *);
+static bool_t authunix_marshal (AUTH *, XDR *);
+static bool_t authunix_validate (AUTH *, struct opaque_auth *);
+static bool_t authunix_refresh (AUTH *, void *);
+static void authunix_destroy (AUTH *);
+static void marshal_new_auth (AUTH *);
+static struct auth_ops *authunix_ops (void);
 
 /*
  * This struct is pointed to by the ah_private field of an auth_handle.
@@ -85,21 +86,6 @@ struct audata {
 };
 #define	AUTH_PRIVATE(auth)	((struct audata *)auth->ah_private)
 
-static void marshal_new_auth();
-
-/*
- * This goop is here because some servers refuse to accept a
- * credential with more than some number (usually 8) supplementary
- * groups.  Blargh!
- */
-static int authunix_maxgrouplist = 0;
-
-void
-set_rpc_maxgrouplist(int num)
-{
-	authunix_maxgrouplist = num;
-}
-
 /*
  * Create a unix style authenticator.
  * Returns an auth handle with the given stuff in it.
@@ -109,60 +95,56 @@ authunix_create(machname, uid, gid, len, aup_gids)
 	char *machname;
 	int uid;
 	int gid;
-	register int len;
+	int len;
 	int *aup_gids;
 {
 	struct authunix_parms aup;
 	char mymem[MAX_AUTH_BYTES];
 	struct timeval now;
 	XDR xdrs;
-	register AUTH *auth;
-	register struct audata *au;
+	AUTH *auth;
+	struct audata *au;
 
 	/*
 	 * Allocate and set up auth handle
 	 */
-	auth = (AUTH *)mem_alloc(sizeof(*auth));
+	au = NULL;
+	auth = mem_alloc(sizeof(*auth));
 #ifndef _KERNEL
 	if (auth == NULL) {
-		(void)fprintf(stderr, "authunix_create: out of memory\n");
-		return (NULL);
+		warnx("authunix_create: out of memory");
+		goto cleanup_authunix_create;
 	}
 #endif
-	au = (struct audata *)mem_alloc(sizeof(*au));
+	au = mem_alloc(sizeof(*au));
 #ifndef _KERNEL
 	if (au == NULL) {
-		(void)fprintf(stderr, "authunix_create: out of memory\n");
-		return (NULL);
+		warnx("authunix_create: out of memory");
+		goto cleanup_authunix_create;
 	}
 #endif
-	auth->ah_ops = &auth_unix_ops;
+	auth->ah_ops = authunix_ops();
 	auth->ah_private = (caddr_t)au;
 	auth->ah_verf = au->au_shcred = _null_auth;
 	au->au_shfaults = 0;
+	au->au_origcred.oa_base = NULL;
 
 	/*
 	 * fill in param struct from the given params
 	 */
-	(void)gettimeofday(&now,  (struct timezone *)0);
+	(void)gettimeofday(&now, NULL);
 	aup.aup_time = now.tv_sec;
 	aup.aup_machname = machname;
 	aup.aup_uid = uid;
 	aup.aup_gid = gid;
-	/* GW: continuation of max group list hack */
-	if(authunix_maxgrouplist != 0) {
-		aup.aup_len = ((len < authunix_maxgrouplist) ? len
-			       : authunix_maxgrouplist);
-	} else {
-		aup.aup_len = (u_int)len;
-	}
+	aup.aup_len = (u_int)len;
 	aup.aup_gids = aup_gids;
 
 	/*
 	 * Serialize the parameters into origcred
 	 */
 	xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
-	if (! xdr_authunix_parms(&xdrs, &aup))
+	if (! xdr_authunix_parms(&xdrs, &aup)) 
 		abort();
 	au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
 	au->au_origcred.oa_flavor = AUTH_UNIX;
@@ -170,11 +152,11 @@ authunix_create(machname, uid, gid, len, aup_gids)
 	au->au_origcred.oa_base = mem_alloc((u_int) len);
 #else
 	if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) {
-		(void)fprintf(stderr, "authunix_create: out of memory\n");
-		return (NULL);
+		warnx("authunix_create: out of memory");
+		goto cleanup_authunix_create;
 	}
 #endif
-	memcpy(au->au_origcred.oa_base, mymem, (u_int)len);
+	memmove(au->au_origcred.oa_base, mymem, (size_t)len);
 
 	/*
 	 * set auth handle to reflect new cred.
@@ -182,6 +164,17 @@ authunix_create(machname, uid, gid, len, aup_gids)
 	auth->ah_cred = au->au_origcred;
 	marshal_new_auth(auth);
 	return (auth);
+#ifndef _KERNEL
+ cleanup_authunix_create:
+	if (auth)
+		mem_free(auth, sizeof(*auth));
+	if (au) {
+		if (au->au_origcred.oa_base)
+			mem_free(au->au_origcred.oa_base, (u_int)len);
+		mem_free(au, sizeof(*au));
+	}
+	return (NULL);
+#endif
 }
 
 /*
@@ -191,32 +184,29 @@ authunix_create(machname, uid, gid, len, aup_gids)
 AUTH *
 authunix_create_default()
 {
-	register int len;
-	char machname[MAX_MACHINE_NAME + 1];
-	register int uid;
-	register int gid;
-	int gids[NGRPS];
-	int i;
-	gid_t real_gids[NGROUPS];
-
-	if (gethostname(machname, MAX_MACHINE_NAME) == -1)
+	int len;
+	char machname[MAXHOSTNAMELEN + 1];
+	uid_t uid;
+	gid_t gid;
+	gid_t gids[NGRPS];
+
+	if (gethostname(machname, sizeof machname) == -1)
 		abort();
-	machname[MAX_MACHINE_NAME] = 0;
-	uid = (int)geteuid();
-	gid = (int)getegid();
-	if ((len = getgroups(NGROUPS, real_gids)) < 0)
+	machname[sizeof(machname) - 1] = 0;
+	uid = geteuid();
+	gid = getegid();
+	if ((len = getgroups(NGRPS, gids)) < 0)
 		abort();
-	if(len > NGRPS) len = NGRPS; /* GW: turn `gid_t's into `int's */
-	for(i = 0; i < len; i++) {
-		gids[i] = (int)real_gids[i];
-	}
-	return (authunix_create(machname, uid, gid, len, gids));
+	/* XXX: interface problem; those should all have been unsigned */
+	return (authunix_create(machname, (int)uid, (int)gid, len,
+	    (int *)gids));
 }
 
 /*
  * authunix operations
  */
 
+/* ARGSUSED */
 static void
 authunix_nextverf(auth)
 	AUTH *auth;
@@ -229,22 +219,30 @@ authunix_marshal(auth, xdrs)
 	AUTH *auth;
 	XDR *xdrs;
 {
-	register struct audata *au = AUTH_PRIVATE(auth);
+	struct audata *au;
+
+	assert(auth != NULL);
+	assert(xdrs != NULL);
 
+	au = AUTH_PRIVATE(auth);
 	return (XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos));
 }
 
 static bool_t
 authunix_validate(auth, verf)
-	register AUTH *auth;
-	struct opaque_auth verf;
+	AUTH *auth;
+	struct opaque_auth *verf;
 {
-	register struct audata *au;
+	struct audata *au;
 	XDR xdrs;
 
-	if (verf.oa_flavor == AUTH_SHORT) {
+	assert(auth != NULL);
+	assert(verf != NULL);
+
+	if (verf->oa_flavor == AUTH_SHORT) {
 		au = AUTH_PRIVATE(auth);
-		xdrmem_create(&xdrs, verf.oa_base, verf.oa_length, XDR_DECODE);
+		xdrmem_create(&xdrs, verf->oa_base, verf->oa_length,
+		    XDR_DECODE);
 
 		if (au->au_shcred.oa_base != NULL) {
 			mem_free(au->au_shcred.oa_base,
@@ -265,14 +263,15 @@ authunix_validate(auth, verf)
 }
 
 static bool_t
-authunix_refresh(auth)
-	register AUTH *auth;
+authunix_refresh(AUTH *auth, void *dummy)
 {
-	register struct audata *au = AUTH_PRIVATE(auth);
+	struct audata *au = AUTH_PRIVATE(auth);
 	struct authunix_parms aup;
 	struct timeval now;
 	XDR xdrs;
-	register int stat;
+	int stat;
+
+	assert(auth != NULL);
 
 	if (auth->ah_cred.oa_base == au->au_origcred.oa_base) {
 		/* there is no hope.  Punt */
@@ -282,7 +281,7 @@ authunix_refresh(auth)
 
 	/* first deserialize the creds back into a struct authunix_parms */
 	aup.aup_machname = NULL;
-	aup.aup_gids = (int *)NULL;
+	aup.aup_gids = NULL;
 	xdrmem_create(&xdrs, au->au_origcred.oa_base,
 	    au->au_origcred.oa_length, XDR_DECODE);
 	stat = xdr_authunix_parms(&xdrs, &aup);
@@ -290,7 +289,7 @@ authunix_refresh(auth)
 		goto done;
 
 	/* update the time and serialize in place */
-	(void)gettimeofday(&now, (struct timezone *)0);
+	(void)gettimeofday(&now, NULL);
 	aup.aup_time = now.tv_sec;
 	xdrs.x_op = XDR_ENCODE;
 	XDR_SETPOS(&xdrs, 0);
@@ -309,10 +308,13 @@ done:
 
 static void
 authunix_destroy(auth)
-	register AUTH *auth;
+	AUTH *auth;
 {
-	register struct audata *au = AUTH_PRIVATE(auth);
+	struct audata *au;
 
+	assert(auth != NULL);
+
+	au = AUTH_PRIVATE(auth);
 	mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length);
 
 	if (au->au_shcred.oa_base != NULL)
@@ -323,7 +325,7 @@ authunix_destroy(auth)
 	if (auth->ah_verf.oa_base != NULL)
 		mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length);
 
-	mem_free((caddr_t)auth, sizeof(*auth));
+	mem_free(auth, sizeof(*auth));
 }
 
 /*
@@ -332,18 +334,40 @@ authunix_destroy(auth)
  */
 static void
 marshal_new_auth(auth)
-	register AUTH *auth;
+	AUTH *auth;
 {
-	XDR		xdr_stream;
-	register XDR	*xdrs = &xdr_stream;
-	register struct audata *au = AUTH_PRIVATE(auth);
+	XDR	xdr_stream;
+	XDR	*xdrs = &xdr_stream;
+	struct audata *au;
 
+	assert(auth != NULL);
+
+	au = AUTH_PRIVATE(auth);
 	xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
 	if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
-	    (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) {
-		perror("auth_none.c - Fatal marshalling problem");
-	} else {
+	    (! xdr_opaque_auth(xdrs, &(auth->ah_verf))))
+		warnx("auth_none.c - Fatal marshalling problem");
+	else
 		au->au_mpos = XDR_GETPOS(xdrs);
-	}
 	XDR_DESTROY(xdrs);
 }
+
+static struct auth_ops *
+authunix_ops()
+{
+	static struct auth_ops ops;
+	extern mutex_t ops_lock;
+
+	/* VARIABLES PROTECTED BY ops_lock: ops */
+
+	mutex_lock(&ops_lock);
+	if (ops.ah_nextverf == NULL) {
+		ops.ah_nextverf = authunix_nextverf;
+		ops.ah_marshal = authunix_marshal;
+		ops.ah_validate = authunix_validate;
+		ops.ah_refresh = authunix_refresh;
+		ops.ah_destroy = authunix_destroy;
+	}
+	mutex_unlock(&ops_lock);
+	return (&ops);
+}