mirror of
git://sourceware.org/git/glibc.git
synced 2024-12-21 04:31:04 +08:00
4a39c34c4f
Since gettimeofday will shortly be implemented in terms of clock_gettime on all platforms, internal code should use clock_gettime directly; in addition to removing a layer of indirection, this will allow us to remove the PLT-bypass gunk for gettimeofday. (We can't quite do that yet, but it'll be coming later in this patch series.) In many cases, the changed code does fewer conversions. The changed code always assumes __clock_gettime (CLOCK_REALTIME) cannot fail. Most of the call sites were assuming gettimeofday could not fail, but a few places were checking for errors. POSIX says clock_gettime can only fail if the clock constant is invalid or unsupported, and CLOCK_REALTIME is the one and only clock constant that's required to be supported. For consistency I grepped the entire source tree for any other places that checked for errors from __clock_gettime (CLOCK_REALTIME), found one, and changed it too. (For the record, POSIX also says gettimeofday can never fail.) (It would be nice if we could declare that GNU systems will always support CLOCK_MONOTONIC as well as CLOCK_REALTIME; there are several places where we are using CLOCK_REALTIME where _MONOTONIC would be more appropriate, and/or trying to use _MONOTONIC and then falling back to _REALTIME. But the Hurd doesn't support CLOCK_MONOTONIC yet, and it looks like adding it would involve substantial changes to gnumach's internals and API. Oh well.) A few Hurd-specific files were changed to use __host_get_time instead of __clock_gettime, as this seemed tidier. We also assume this cannot fail. Skimming the code in gnumach leads me to believe the only way it could fail is if __mach_host_self also failed, and our Hurd-specific code consistently assumes that can't happen, so I'm going with that. With the exception of support/support_test_main.c, test cases are not modified, mainly because I didn't want to have to figure out which test cases were testing gettimeofday specifically. The definition of GETTIME in sysdeps/generic/memusage.h had a typo and was not reading tv_sec at all. I fixed this. It appears nobody has been generating malloc traces on a machine that doesn't have a superseding definition. There are a whole bunch of places where the code could be simplified by factoring out timespec subtraction and/or comparison logic, but I want to keep this patch as mechanical as possible. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu, powerpc64-linux-gnu, powerpc-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Lukasz Majewski <lukma@denx.de>
469 lines
13 KiB
C
469 lines
13 KiB
C
/*
|
|
* Copyright (c) 2010, Oracle America, Inc.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are
|
|
* met:
|
|
*
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above
|
|
* copyright notice, this list of conditions and the following
|
|
* disclaimer in the documentation and/or other materials
|
|
* provided with the distribution.
|
|
* * Neither the name of the "Oracle America, Inc." nor the names of its
|
|
* contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
|
|
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
/*
|
|
* auth_des.c, client-side implementation of DES authentication
|
|
*/
|
|
|
|
#include <string.h>
|
|
#include <stdint.h>
|
|
#include <rpc/des_crypt.h>
|
|
#include <rpc/types.h>
|
|
#include <rpc/auth.h>
|
|
#include <rpc/auth_des.h>
|
|
#include <rpc/xdr.h>
|
|
#include <netinet/in.h> /* XXX: just to get htonl() and ntohl() */
|
|
#include <sys/socket.h>
|
|
#include <time.h>
|
|
#include <shlib-compat.h>
|
|
|
|
#define MILLION 1000000L
|
|
#define RTIME_TIMEOUT 5 /* seconds to wait for sync */
|
|
|
|
#define AUTH_PRIVATE(auth) (struct ad_private *) auth->ah_private
|
|
#define ALLOC(object_type) (object_type *) mem_alloc(sizeof(object_type))
|
|
#define FREE(ptr, size) mem_free((char *)(ptr), (int) size)
|
|
#define ATTEMPT(xdr_op) if (!(xdr_op)) return (FALSE)
|
|
|
|
#define debug(msg) /* printf("%s\n", msg) */
|
|
|
|
|
|
/*
|
|
* DES authenticator operations vector
|
|
*/
|
|
static void authdes_nextverf (AUTH *);
|
|
static bool_t authdes_marshal (AUTH *, XDR *);
|
|
static bool_t authdes_validate (AUTH *, struct opaque_auth *);
|
|
static bool_t authdes_refresh (AUTH *);
|
|
static void authdes_destroy (AUTH *);
|
|
static bool_t synchronize (struct sockaddr *, struct rpc_timeval *);
|
|
|
|
static const struct auth_ops authdes_ops = {
|
|
authdes_nextverf,
|
|
authdes_marshal,
|
|
authdes_validate,
|
|
authdes_refresh,
|
|
authdes_destroy
|
|
};
|
|
|
|
|
|
/*
|
|
* This struct is pointed to by the ah_private field of an "AUTH *"
|
|
*/
|
|
struct ad_private {
|
|
char *ad_fullname; /* client's full name */
|
|
u_int ad_fullnamelen; /* length of name, rounded up */
|
|
char *ad_servername; /* server's full name */
|
|
u_int ad_servernamelen; /* length of name, rounded up */
|
|
uint32_t ad_window; /* client specified window */
|
|
bool_t ad_dosync; /* synchronize? */
|
|
struct sockaddr ad_syncaddr; /* remote host to synch with */
|
|
struct rpc_timeval ad_timediff; /* server's time - client's time */
|
|
uint32_t ad_nickname; /* server's nickname for client */
|
|
struct authdes_cred ad_cred; /* storage for credential */
|
|
struct authdes_verf ad_verf; /* storage for verifier */
|
|
struct rpc_timeval ad_timestamp; /* timestamp sent */
|
|
des_block ad_xkey; /* encrypted conversation key */
|
|
u_char ad_pkey[1024]; /* Servers actual public key */
|
|
};
|
|
|
|
|
|
/*
|
|
* Create the client des authentication object
|
|
*/
|
|
AUTH *
|
|
authdes_create (const char *servername, u_int window,
|
|
struct sockaddr *syncaddr, des_block *ckey)
|
|
/* servername - network name of server */
|
|
/* window - time to live */
|
|
/* syncaddr - optional addr of host to sync with */
|
|
/* ckey - optional conversation key to use */
|
|
{
|
|
char pkey_data[1024];
|
|
netobj pkey;
|
|
|
|
if (!getpublickey (servername, pkey_data))
|
|
return NULL;
|
|
|
|
pkey.n_bytes = pkey_data;
|
|
pkey.n_len = strlen (pkey_data) + 1;
|
|
return authdes_pk_create (servername, &pkey, window, syncaddr, ckey);
|
|
}
|
|
#ifdef EXPORT_RPC_SYMBOLS
|
|
libc_hidden_def (authdes_create)
|
|
#else
|
|
libc_hidden_nolink_sunrpc (authdes_create, GLIBC_2_1)
|
|
#endif
|
|
|
|
AUTH *
|
|
authdes_pk_create (const char *servername, netobj *pkey, u_int window,
|
|
struct sockaddr *syncaddr, des_block *ckey)
|
|
{
|
|
AUTH *auth;
|
|
struct ad_private *ad;
|
|
char namebuf[MAXNETNAMELEN + 1];
|
|
|
|
/*
|
|
* Allocate everything now
|
|
*/
|
|
auth = ALLOC (AUTH);
|
|
ad = ALLOC (struct ad_private);
|
|
|
|
if (auth == NULL || ad == NULL)
|
|
{
|
|
debug ("authdes_create: out of memory");
|
|
goto failed;
|
|
}
|
|
|
|
memset (ad, 0, sizeof (struct ad_private));
|
|
memcpy (ad->ad_pkey, pkey->n_bytes, pkey->n_len);
|
|
if (!getnetname (namebuf))
|
|
goto failed;
|
|
ad->ad_fullnamelen = RNDUP (strlen (namebuf));
|
|
ad->ad_fullname = mem_alloc (ad->ad_fullnamelen + 1);
|
|
|
|
ad->ad_servernamelen = strlen (servername);
|
|
ad->ad_servername = mem_alloc (ad->ad_servernamelen + 1);
|
|
|
|
if (ad->ad_fullname == NULL || ad->ad_servername == NULL)
|
|
{
|
|
debug ("authdes_create: out of memory");
|
|
goto failed;
|
|
}
|
|
|
|
/*
|
|
* Set up private data
|
|
*/
|
|
memcpy (ad->ad_fullname, namebuf, ad->ad_fullnamelen + 1);
|
|
memcpy (ad->ad_servername, servername, ad->ad_servernamelen + 1);
|
|
ad->ad_timediff.tv_sec = ad->ad_timediff.tv_usec = 0;
|
|
if (syncaddr != NULL)
|
|
{
|
|
ad->ad_syncaddr = *syncaddr;
|
|
ad->ad_dosync = TRUE;
|
|
}
|
|
else
|
|
ad->ad_dosync = FALSE;
|
|
|
|
ad->ad_window = window;
|
|
if (ckey == NULL)
|
|
{
|
|
if (key_gendes (&auth->ah_key) < 0)
|
|
{
|
|
debug ("authdes_create: unable to gen conversation key");
|
|
goto failed;
|
|
}
|
|
}
|
|
else
|
|
auth->ah_key = *ckey;
|
|
|
|
/*
|
|
* Set up auth handle
|
|
*/
|
|
auth->ah_cred.oa_flavor = AUTH_DES;
|
|
auth->ah_verf.oa_flavor = AUTH_DES;
|
|
auth->ah_ops = (struct auth_ops *) &authdes_ops;
|
|
auth->ah_private = (caddr_t) ad;
|
|
|
|
if (!authdes_refresh (auth))
|
|
goto failed;
|
|
|
|
return auth;
|
|
|
|
failed:
|
|
if (auth != NULL)
|
|
FREE (auth, sizeof (AUTH));
|
|
if (ad != NULL)
|
|
{
|
|
if (ad->ad_fullname != NULL)
|
|
FREE (ad->ad_fullname, ad->ad_fullnamelen + 1);
|
|
if (ad->ad_servername != NULL)
|
|
FREE (ad->ad_servername, ad->ad_servernamelen + 1);
|
|
FREE (ad, sizeof (struct ad_private));
|
|
}
|
|
return NULL;
|
|
}
|
|
#ifdef EXPORT_RPC_SYMBOLS
|
|
libc_hidden_def (authdes_pk_create)
|
|
#else
|
|
libc_hidden_nolink_sunrpc (authdes_pk_create, GLIBC_2_1)
|
|
#endif
|
|
|
|
/*
|
|
* Implement the five authentication operations
|
|
*/
|
|
|
|
|
|
/*
|
|
* 1. Next Verifier
|
|
*/
|
|
/*ARGSUSED */
|
|
static void
|
|
authdes_nextverf (AUTH *auth)
|
|
{
|
|
/* what the heck am I supposed to do??? */
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
* 2. Marshal
|
|
*/
|
|
static bool_t
|
|
authdes_marshal (AUTH *auth, XDR *xdrs)
|
|
{
|
|
struct ad_private *ad = AUTH_PRIVATE (auth);
|
|
struct authdes_cred *cred = &ad->ad_cred;
|
|
struct authdes_verf *verf = &ad->ad_verf;
|
|
des_block cryptbuf[2];
|
|
des_block ivec;
|
|
int status;
|
|
int len;
|
|
register int32_t *ixdr;
|
|
struct timespec now;
|
|
|
|
/*
|
|
* Figure out the "time", accounting for any time difference
|
|
* with the server if necessary.
|
|
*/
|
|
__clock_gettime (CLOCK_REALTIME, &now);
|
|
ad->ad_timestamp.tv_sec = now.tv_sec + ad->ad_timediff.tv_sec;
|
|
ad->ad_timestamp.tv_usec = (now.tv_nsec / 1000) + ad->ad_timediff.tv_usec;
|
|
if (ad->ad_timestamp.tv_usec >= MILLION)
|
|
{
|
|
ad->ad_timestamp.tv_usec -= MILLION;
|
|
ad->ad_timestamp.tv_sec += 1;
|
|
}
|
|
|
|
/*
|
|
* XDR the timestamp and possibly some other things, then
|
|
* encrypt them.
|
|
* XXX We have a real Year 2038 problem here.
|
|
*/
|
|
ixdr = (int32_t *) cryptbuf;
|
|
IXDR_PUT_INT32 (ixdr, ad->ad_timestamp.tv_sec);
|
|
IXDR_PUT_INT32 (ixdr, ad->ad_timestamp.tv_usec);
|
|
if (ad->ad_cred.adc_namekind == ADN_FULLNAME)
|
|
{
|
|
IXDR_PUT_U_INT32 (ixdr, ad->ad_window);
|
|
IXDR_PUT_U_INT32 (ixdr, ad->ad_window - 1);
|
|
ivec.key.high = ivec.key.low = 0;
|
|
status = cbc_crypt ((char *) &auth->ah_key, (char *) cryptbuf,
|
|
2 * sizeof (des_block), DES_ENCRYPT | DES_HW, (char *) &ivec);
|
|
}
|
|
else
|
|
status = ecb_crypt ((char *) &auth->ah_key, (char *) cryptbuf,
|
|
sizeof (des_block), DES_ENCRYPT | DES_HW);
|
|
|
|
if (DES_FAILED (status))
|
|
{
|
|
debug ("authdes_marshal: DES encryption failure");
|
|
return FALSE;
|
|
}
|
|
ad->ad_verf.adv_xtimestamp = cryptbuf[0];
|
|
if (ad->ad_cred.adc_namekind == ADN_FULLNAME)
|
|
{
|
|
ad->ad_cred.adc_fullname.window = cryptbuf[1].key.high;
|
|
ad->ad_verf.adv_winverf = cryptbuf[1].key.low;
|
|
}
|
|
else
|
|
{
|
|
ad->ad_cred.adc_nickname = ad->ad_nickname;
|
|
ad->ad_verf.adv_winverf = 0;
|
|
}
|
|
|
|
/*
|
|
* Serialize the credential and verifier into opaque
|
|
* authentication data.
|
|
*/
|
|
if (ad->ad_cred.adc_namekind == ADN_FULLNAME)
|
|
len = ((1 + 1 + 2 + 1) * BYTES_PER_XDR_UNIT + ad->ad_fullnamelen);
|
|
else
|
|
len = (1 + 1) * BYTES_PER_XDR_UNIT;
|
|
|
|
if ((ixdr = xdr_inline (xdrs, 2 * BYTES_PER_XDR_UNIT)) != NULL)
|
|
{
|
|
IXDR_PUT_INT32 (ixdr, AUTH_DES);
|
|
IXDR_PUT_U_INT32 (ixdr, len);
|
|
}
|
|
else
|
|
{
|
|
ATTEMPT (xdr_putint32 (xdrs, &auth->ah_cred.oa_flavor));
|
|
ATTEMPT (xdr_putint32 (xdrs, &len));
|
|
}
|
|
ATTEMPT (xdr_authdes_cred (xdrs, cred));
|
|
|
|
len = (2 + 1) * BYTES_PER_XDR_UNIT;
|
|
if ((ixdr = xdr_inline (xdrs, 2 * BYTES_PER_XDR_UNIT)) != NULL)
|
|
{
|
|
IXDR_PUT_INT32 (ixdr, AUTH_DES);
|
|
IXDR_PUT_U_INT32 (ixdr, len);
|
|
}
|
|
else
|
|
{
|
|
ATTEMPT (xdr_putint32 (xdrs, &auth->ah_verf.oa_flavor));
|
|
ATTEMPT (xdr_putint32 (xdrs, &len));
|
|
}
|
|
ATTEMPT (xdr_authdes_verf (xdrs, verf));
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/*
|
|
* 3. Validate
|
|
*/
|
|
static bool_t
|
|
authdes_validate (AUTH *auth, struct opaque_auth *rverf)
|
|
{
|
|
struct ad_private *ad = AUTH_PRIVATE (auth);
|
|
struct authdes_verf verf;
|
|
int status;
|
|
register uint32_t *ixdr;
|
|
|
|
if (rverf->oa_length != (2 + 1) * BYTES_PER_XDR_UNIT)
|
|
return FALSE;
|
|
|
|
ixdr = (uint32_t *) rverf->oa_base;
|
|
verf.adv_xtimestamp.key.high = *ixdr++;
|
|
verf.adv_xtimestamp.key.low = *ixdr++;
|
|
verf.adv_int_u = *ixdr++; /* nickname not XDR'd ! */
|
|
|
|
/*
|
|
* Decrypt the timestamp
|
|
*/
|
|
status = ecb_crypt ((char *) &auth->ah_key, (char *) &verf.adv_xtimestamp,
|
|
sizeof (des_block), DES_DECRYPT | DES_HW);
|
|
|
|
if (DES_FAILED (status))
|
|
{
|
|
debug ("authdes_validate: DES decryption failure");
|
|
return FALSE;
|
|
}
|
|
|
|
/*
|
|
* xdr the decrypted timestamp
|
|
*/
|
|
ixdr = (uint32_t *) verf.adv_xtimestamp.c;
|
|
verf.adv_timestamp.tv_sec = IXDR_GET_U_INT32 (ixdr) + 1;
|
|
verf.adv_timestamp.tv_usec = IXDR_GET_U_INT32 (ixdr);
|
|
|
|
/*
|
|
* validate
|
|
*/
|
|
if (memcmp ((char *) &ad->ad_timestamp, (char *) &verf.adv_timestamp,
|
|
sizeof (struct rpc_timeval)) != 0)
|
|
{
|
|
debug ("authdes_validate: verifier mismatch\n");
|
|
return FALSE;
|
|
}
|
|
|
|
/*
|
|
* We have a nickname now, let's use it
|
|
*/
|
|
ad->ad_nickname = verf.adv_nickname;
|
|
ad->ad_cred.adc_namekind = ADN_NICKNAME;
|
|
return TRUE;
|
|
}
|
|
|
|
/*
|
|
* 4. Refresh
|
|
*/
|
|
static bool_t
|
|
authdes_refresh (AUTH *auth)
|
|
{
|
|
netobj pkey;
|
|
struct ad_private *ad = AUTH_PRIVATE (auth);
|
|
struct authdes_cred *cred = &ad->ad_cred;
|
|
|
|
if (ad->ad_dosync && !synchronize (&ad->ad_syncaddr, &ad->ad_timediff))
|
|
{
|
|
/*
|
|
* Hope the clocks are synced!
|
|
*/
|
|
ad->ad_timediff.tv_sec = ad->ad_timediff.tv_usec = 0;
|
|
debug ("authdes_refresh: unable to synchronize with server");
|
|
}
|
|
ad->ad_xkey = auth->ah_key;
|
|
pkey.n_bytes = (char *) (ad->ad_pkey);
|
|
pkey.n_len = strlen ((char *) ad->ad_pkey) + 1;
|
|
if (key_encryptsession_pk (ad->ad_servername, &pkey, &ad->ad_xkey) < 0)
|
|
{
|
|
debug ("authdes_create: unable to encrypt conversation key");
|
|
return FALSE;
|
|
}
|
|
cred->adc_fullname.key = ad->ad_xkey;
|
|
cred->adc_namekind = ADN_FULLNAME;
|
|
cred->adc_fullname.name = ad->ad_fullname;
|
|
return TRUE;
|
|
}
|
|
|
|
/*
|
|
* 5. Destroy
|
|
*/
|
|
static void
|
|
authdes_destroy (AUTH *auth)
|
|
{
|
|
struct ad_private *ad = AUTH_PRIVATE (auth);
|
|
|
|
FREE (ad->ad_fullname, ad->ad_fullnamelen + 1);
|
|
FREE (ad->ad_servername, ad->ad_servernamelen + 1);
|
|
FREE (ad, sizeof (struct ad_private));
|
|
FREE (auth, sizeof (AUTH));
|
|
}
|
|
|
|
/*
|
|
* Synchronize with the server at the given address, that is,
|
|
* adjust timep to reflect the delta between our clocks
|
|
*/
|
|
static bool_t
|
|
synchronize (struct sockaddr *syncaddr, struct rpc_timeval *timep)
|
|
{
|
|
struct timespec mytime;
|
|
struct rpc_timeval timeout;
|
|
long int myusec;
|
|
|
|
timeout.tv_sec = RTIME_TIMEOUT;
|
|
timeout.tv_usec = 0;
|
|
if (rtime ((struct sockaddr_in *) syncaddr, timep, &timeout) < 0)
|
|
return FALSE;
|
|
|
|
__clock_gettime (CLOCK_REALTIME, &mytime);
|
|
timep->tv_sec -= mytime.tv_sec;
|
|
myusec = mytime.tv_nsec / 1000;
|
|
if (myusec > timep->tv_usec)
|
|
{
|
|
timep->tv_sec -= 1;
|
|
timep->tv_usec += MILLION;
|
|
}
|
|
timep->tv_usec -= myusec;
|
|
return TRUE;
|
|
}
|